Canadian governments and other public sector agencies have identified VoIP as one of the most useful technologies to help them meet the high expectation for citizen service. Improved access to services, real-time metrics-related capabilities and simple network management are among the benefits cited by IDC Canada Ltd.
The Gartner Group predicts that by next year Voice over Internet Protocol (VoIP-enabled) systems will account for 97 per cent of all telephony systems sold. VoIP is hot. But all that heat can raise some issues. We resolve to answer some of the more pressing questions you might be facing.
1. Can I trust Microsoft with VoIP?
There is plenty of uncertainty in the corporate VoIP arena, as reflected in a recent rash of consolidations and private-equity buyouts in the market. One thing users can be sure of is Microsoft’s intent to become a large player in corporate IP telephony and messaging.
However, some users and industry observers question whether Microsoft server technology has the mettle for handling the real-time load and reliability requirements of corporate telephony traffic and applications. Others say the move will help accelerate the use of converged messaging and productivity applications such as presence, Web conferencing and chat.
Well known by now, the centerpiece to Microsoft’s VoIP bid is Office Communications Server 2007, a real-time collaboration server which has elicited much buzz and controversy in the industry, for a product not even available for purchase yet. (The server, which is the successor to Live Communication Server 2005, is in a public beta, and is expected for general release later this year.)
“We believe, over time, [enterprise voice networks] can be totally based on Office Communications Server,” said Gurdeep Singh Pall, corporate vice-president of Microsoft’s Unified Communications Group, in an interview earlier this year at the VoiceCon show, where Microsoft launched the OCS 2007 public beta. “For now, we also want to help customers…who are saying, ‘can I trust my voice [network] entirely to Microsoft?'”
As with any commercial VoIP systems, such as Avaya, Cisco, Nortel or Siemens, customers will be buying into proprietary Microsoft protocols and technologies if plans are made to rely heavily on OCS 2007. Microsoft is deviating from the industry standard practice of using ITU codecs for voice traffic compression and transmission (mainly G.711, G.722 and G.729).
“We’ve made several investments in our own audio and video codecs,” says Paul Duffy, a group product manager. Microsoft says part of the value in its own codecs is the ability to compensate for congested or low-bandwidth connections, such as teleworkers’ dial-up lines, or broadband links without Quality of Service (QoS). Duffy says the OCS VoIP codecs include technology that can repair poor-quality VoIP transmissions. Microsoft also uses extensions to standard SIP (Session Initiation Protocol), which allows for more flexibility in the types of connections.
OCS will require a separate layer of server infrastructure, called Mediation Servers, to communicate with VoIP endpoints. These servers act as translators between an OCS 2007 server and the endpoints, as well as a gateway between an OCS server and other VoIP or PSTN (public-switched telephone network) hardware.
Users considering a centralized deployment of OCS to support remote sites would have to install a Mediation Server in each location to support standard endpoints and for making PSTN calls.
Reliability: Microsoft and the fifth 9
Then there’s the reliability issue. For years, VoIP vendors have moved away from Microsoft’s Windows Server as a platform for hosting IP PBX applications.
Avaya, Siemens and Mitel run their call servers on Linux. Nortel’s Communication Server 1000 runs on the real-time VXWorks operating system (used in military and NASA applications). 3Com’s VCX platform runs on Sun Solaris.
Industry observers and vendors say the move away from Windows to other platforms to host VoIP was based on customer concerns about the stability of Windows systems, and the frequent software patching and updating required on the servers.
Cisco’s CallManager IP PBX, long based on a Microsoft server, was ported last year to Linux as an “appliance-like” system, requiring minimal patching and operating system tinkering, the company says. (Cisco still sells and supports CallManager, now called Unified Communications Manager, on Windows.)
With all this as background, some views on Microsoft’s ambitions in enterprise VoIP are skeptical.
“I can see it now,” wrote one Network World reader in an online forum about Microsoft OCS 2007. “‘Everyone, please get off the phone, we have to apply a bug fix’.”
A major move Microsoft made a year ago to convince enterprises that Microsoft can handle corporate VoIP is the company’s partnership with Nortel. The two vendors’ Innovative Communications Alliance involves shared R&D, marketing, sales and support resources over a four-year span.
“We’re dedicated to earning the confidence of all customers” when it comes to OCS reliability, said Jeff Raikes, president of the Microsoft Business Division, during a presentation earlier this year.
He equates Microsoft’s entry into enterprise VoIP with the company’s emergence in mission-critical data centre serving. “We’re not new to this position in the area of critical communications.”
He pointed out that the Nasdaq stock market runs on Windows and SQL Server, and in upwards of 10 million Cisco IP phones are tied into Windows servers running Cisco’s CallManager platform.
“We want to work closely with partners such as Nortel to help power telephony in our software.”
Users of both Microsoft and Nortel technologies say this is a good development. “From what I’ve seen, it should be positive,” says Joanne Kossuth, CIO at Olin College of Engineering in Needham, Mass., which runs a Nortel-based VoIP network, and Microsoft Exchange messaging servers.
The college is beta testing OCS 2007 and could roll out services to the school next year. Kossuth says integration of presence, federated instant messaging and conferencing into Microsoft Outlook, with Nortel call control systems on the backend, will be easier to roll out and manage.
“Now you’re going to be able to add capabilities without having to add new staff and skill sets to handle that capability,” she says. This has been a concern to Kossuth as she has explored such applications in the past.
As for system reliability, OCS 2007 could only gain from closer integration with Nortel technology. “In my work with Nortel, I’ve seen them as a company that engineers products at 150 per cent,” says Kossuth. “They don’t go to market with something unless it’s more than ready.
“Microsoft doesn’t necessarily have the same reputation. So I’m thinking there will be some complementary things there…Maybe together, they’ll deliver products that are 100 per cent.”
2. VoIP: What really happens when I dial 911?
All corporate IP PBX systems can dial 911 services, but how much critical location data is transmitted during a life-or-death call depends on how the VoIP network and LAN are configured. Questions about IP softphones and mobile voice over Wi-Fi also complicate the issue.
Enhanced 911 service support was a major stumbling block for VoIP when it emerged in the consumer market several years ago. Technical issues, and some well-publicized incidents of failed emergency response from service providers, forced the FCC to step in with special 911 requirements for Internet phone service providers.
Many companies are still dealing with 911 issues and IP telephony deployments, as many IT departments must still manually track the location of phones in corporate offices. The easy portability of IP phones and the emergence of wireless IP handsets are challenges for maintaining an accurate device location database of phone extensions.
Enhanced 911, or E911, requires specific location information to be transmitted from a phone dialling 911 in an emergency, including building number, if a single campus address contains multiple buildings, as well as floor numbers and directional location (for example north, south, east, west).
“We do support 911 on all of our telephones on our campus,” says Scott Mah, assistant vice-president for IT infrastructure at the University of Washington in Seattle. “We have policies in place to limit end-users from moving their phones around, which helps. But anytime we put a phone into service, we basically register that telephone number and its corresponding address with the database.”
The database maintained by the school’s IT staff is passed to local emergency 911 call centres, or public safety answering points, which link location information to each phone number in the school’s system. This automatic location identification data is what’s relayed to rescuers: if a 911 call is disconnected, emergency responders have information on where to go.
“[E911] is something we care a lot about and it’s something we’ve maintained even without IP-enabled endpoints,” Mah says.
There are some ways to automatically update location information when IP phones are moved. Some of this involves some planning of the campus network layout. New protocols and software are also available to help. Clever network administrators can set up pools of IP addresses into subnets which correspond to physical locations inside a building or campus. IP phones plugged into ports in these locations would automatically be linked to a building number and floor.
Cisco, Enterasys, Extreme, Nortel and Foundry all have their own proprietary discovery protocols for finding switches, routers and other devices on a network. But getting a Cisco switch to detect, let alone collect location data, on a Nortel IP phone is tricky, if not impossible.
The Link Layer Discover Protocol-Media Endpoint Discover (LLDP-MED) is a Telecommunications Industry Association standard supported by Avaya, Extreme and ProCurve by HP. LAN switches use this protocol to collect device information and location data from IP phones (as well as Wi-Fi access points) when network connections are plugged in. But because wide adoption of a standard discovery or registration protocol for phones is limited, users must work with what they have.
Technology has even emerged recently for tracking location data for IP softphone users. The software lets users input location data during the logon process for the softphone application, which is then sent if 911 is dialled from the application.
Drew Depler, IS director for Boulder County, Colo., says the proliferation of softphones and VoWi-Fi handsets is starting to emerge as another challenge for E911 services. “That really starts to become a cost-saving opportunity,” Depler says of softphones, which allow county employees to work from home and cut down telecom costs.
And in the future, if they’re used widely, softphones could also eliminate the need for more costly IP desktop handsets.
But, Depler says, this also raises an issue for mobile workers with softphones. “How do you track where they are? It does have some impacts on 911. There are real tenuous issues as we look at mobility and we look at IP phones moving anywhere.”
3. Is VoIP safe?
VoIP security is a broad question that touches on many aspects of how IP telephony systems operate, and the various parts of the network that VoIP touches. But according to one survey, one thing is clear: VoIP technology isn’t safe enough for many businesses.
Only half of the IT executives polled recently in a CompTIA study said they think security technology built into corporate VoIP products and services is solid. The survey (of 350 companies with 500 employees or fewer) showed that even wireless technology – often maligned for its security weakness – was held in higher regard than VoIP in terms of security.
With VoIP, security concerns among the respondents in the CompTIA survey were not relating to potential attacks on only VoIP gear and software, but the affect a general worm or virus outbreakk could have on the quality of IP voice calls.
Worms and viruses that flood corporate networks with traffic may cause e-mail delivery to be delayed, with other slow application response times. But the latency introduced can simply kill an IP telephony conversation.
As for VoIP products, vulnerabilities are popping up more in IP telephony gear and software. Cisco, for instance, over the last 18 months issued nine major vulnerability advisories on products ranging from IP phones and IP PBXs to routers that perform VoIP processes and functions. These nine warnings – serious enough for the vendor to issue software patches – compare to only two VoIP-related vulnerabilities Cisco had issued in the previous 18 months.
Many vendors’ IP call processing and messaging products run on top of Linux, Windows, Sun or other server operating systems. Softphones generally run on Windows desktops, while applications such as VoIP-based call centre platforms can touch a wide array of other applications.
Taking all this into account, Avaya had 25 product security advisories relating either directly to its VoIP products, or affecting underlying software products on which Avaya’s technology runs, according to research by Secunia.
The Internet Security Systems X-Force vulnerability database has more than 100 entries over the past five years relating to vulnerability reports in VoIP products, applications and underlying protocols.
Some security researchers say the basic technology of some VoIP protocols is by nature hackable or susceptible to denial-of-service or call-interception attacks.
Sheran Gunasekera, a researcher with Scanit, wrote in a report that VoIP call interception can be simple, if targeted against equipment and traffic using non-encrypted, standards-based protocols. Against SIP-based VoIP conversations, “signalling attacks can be used to eavesdrop on conversations and re-route or hijack calls,” says Gunasekera.
Other new VoIP threats on the horizon include the emergence of maliciously designed VoIP audio codecs. Theoretically, these so-called “evil codecs” are a VoIP audio stream designed specifically to crash a VoIP endpoint or server.
Lawrence Orans, a researcher with Gartner, says eavesdropping is one example of an overhyped threat. “Sure, it’s technically possible to execute a man-in-the-middle attack and capture packets. The reason that we hear so much about eavesdropping is that it really does illicit this visceral reaction. The main thing is to focus on the greater threats, for example attacking an IP PBX server itself.”
But it is possible to have a secure VoIP deployment if you follow best practices, says
