Canadian governments and other public sector agencies have identified VoIP as one of the most useful technologies to help them meet the high expectation for citizen service. Improved access to services, real-time metrics-related capabilities and simple network management are among the benefits cited by IDC Canada Ltd.
The Gartner Group predicts that by next year Voice over Internet Protocol (VoIP-enabled) systems will account for 97 per cent of all telephony systems sold. VoIP is hot. But all that heat can raise some issues. We resolve to answer some of the more pressing questions you might be facing.
1. Can I trust Microsoft with VoIP?
There is plenty of uncertainty in the corporate VoIP arena, as reflected in a recent rash of consolidations and private-equity buyouts in the market. One thing users can be sure of is Microsoft's intent to become a large player in corporate IP telephony and messaging.
However, some users and industry observers question whether Microsoft server technology has the mettle for handling the real-time load and reliability requirements of corporate telephony traffic and applications. Others say the move will help accelerate the use of converged messaging and productivity applications such as presence, Web conferencing and chat.
Well known by now, the centerpiece to Microsoft's VoIP bid is Office Communications Server 2007, a real-time collaboration server which has elicited much buzz and controversy in the industry, for a product not even available for purchase yet. (The server, which is the successor to Live Communication Server 2005, is in a public beta, and is expected for general release later this year.)
"We believe, over time, [enterprise voice networks] can be totally based on Office Communications Server," said Gurdeep Singh Pall, corporate vice-president of Microsoft's Unified Communications Group, in an interview earlier this year at the VoiceCon show, where Microsoft launched the OCS 2007 public beta. "For now, we also want to help customers...who are saying, 'can I trust my voice [network] entirely to Microsoft?'"
As with any commercial VoIP systems, such as Avaya, Cisco, Nortel or Siemens, customers will be buying into proprietary Microsoft protocols and technologies if plans are made to rely heavily on OCS 2007. Microsoft is deviating from the industry standard practice of using ITU codecs for voice traffic compression and transmission (mainly G.711, G.722 and G.729).
"We've made several investments in our own audio and video codecs," says Paul Duffy, a group product manager. Microsoft says part of the value in its own codecs is the ability to compensate for congested or low-bandwidth connections, such as teleworkers' dial-up lines, or broadband links without Quality of Service (QoS). Duffy says the OCS VoIP codecs include technology that can repair poor-quality VoIP transmissions. Microsoft also uses extensions to standard SIP (Session Initiation Protocol), which allows for more flexibility in the types of connections.
OCS will require a separate layer of server infrastructure, called Mediation Servers, to communicate with VoIP endpoints. These servers act as translators between an OCS 2007 server and the endpoints, as well as a gateway between an OCS server and other VoIP or PSTN (public-switched telephone network) hardware.
Users considering a centralized deployment of OCS to support remote sites would have to install a Mediation Server in each location to support standard endpoints and for making PSTN calls.
Reliability: Microsoft and the fifth 9
Then there's the reliability issue. For years, VoIP vendors have moved away from Microsoft's Windows Server as a platform for hosting IP PBX applications.
Avaya, Siemens and Mitel run their call servers on Linux. Nortel's Communication Server 1000 runs on the real-time VXWorks operating system (used in military and NASA applications). 3Com's VCX platform runs on Sun Solaris.
Industry observers and vendors say the move away from Windows to other platforms to host VoIP was based on customer concerns about the stability of Windows systems, and the frequent software patching and updating required on the servers.
Cisco's CallManager IP PBX, long based on a Microsoft server, was ported last year to Linux as an "appliance-like" system, requiring minimal patching and operating system tinkering, the company says. (Cisco still sells and supports CallManager, now called Unified Communications Manager, on Windows.)
With all this as background, some views on Microsoft's ambitions in enterprise VoIP are skeptical.
"I can see it now," wrote one Network World reader in an online forum about Microsoft OCS 2007. "'Everyone, please get off the phone, we have to apply a bug fix'."
A major move Microsoft made a year ago to convince enterprises that Microsoft can handle corporate VoIP is the company's partnership with Nortel. The two vendors' Innovative Communications Alliance involves shared R&D, marketing, sales and support resources over a four-year span.
"We're dedicated to earning the confidence of all customers" when it comes to OCS reliability, said Jeff Raikes, president of the Microsoft Business Division, during a presentation earlier this year.
He equates Microsoft's entry into enterprise VoIP with the company's emergence in mission-critical data centre serving. "We're not new to this position in the area of critical communications."
He pointed out that the Nasdaq stock market runs on Windows and SQL Server, and in upwards of 10 million Cisco IP phones are tied into Windows servers running Cisco's CallManager platform.
"We want to work closely with partners such as Nortel to help power telephony in our software."
Users of both Microsoft and Nortel technologies say this is a good development. "From what I've seen, it should be positive," says Joanne Kossuth, CIO at Olin College of Engineering in Needham, Mass., which runs a Nortel-based VoIP network, and Microsoft Exchange messaging servers.
The college is beta testing OCS 2007 and could roll out services to the school next year. Kossuth says integration of presence, federated instant messaging and conferencing into Microsoft Outlook, with Nortel call control systems on the backend, will be easier to roll out and manage.
"Now you're going to be able to add capabilities without having to add new staff and skill sets to handle that capability," she says. This has been a concern to Kossuth as she has explored such applications in the past.
As for system reliability, OCS 2007 could only gain from closer integration with Nortel technology. "In my work with Nortel, I've seen them as a company that engineers products at 150 per cent," says Kossuth. "They don't go to market with something unless it's more than ready.
"Microsoft doesn't necessarily have the same reputation. So I'm thinking there will be some complementary things there...Maybe together, they'll deliver products that are 100 per cent."
2. VoIP: What really happens when I dial 911?
All corporate IP PBX systems can dial 911 services, but how much critical location data is transmitted during a life-or-death call depends on how the VoIP network and LAN are configured. Questions about IP softphones and mobile voice over Wi-Fi also complicate the issue.
Enhanced 911 service support was a major stumbling block for VoIP when it emerged in the consumer market several years ago. Technical issues, and some well-publicized incidents of failed emergency response from service providers, forced the FCC to step in with special 911 requirements for Internet phone service providers.
Many companies are still dealing with 911 issues and IP telephony deployments, as many IT departments must still manually track the location of phones in corporate offices. The easy portability of IP phones and the emergence of wireless IP handsets are challenges for maintaining an accurate device location database of phone extensions.
Enhanced 911, or E911, requires specific location information to be transmitted from a phone dialling 911 in an emergency, including building number, if a single campus address contains multiple buildings, as well as floor numbers and directional location (for example north, south, east, west).
"We do support 911 on all of our telephones on our campus," says Scott Mah, assistant vice-president for IT infrastructure at the University of Washington in Seattle. "We have policies in place to limit end-users from moving their phones around, which helps. But anytime we put a phone into service, we basically register that telephone number and its corresponding address with the database."
The database maintained by the school's IT staff is passed to local emergency 911 call centres, or public safety answering points, which link location information to each phone number in the school's system. This automatic location identification data is what's relayed to rescuers: if a 911 call is disconnected, emergency responders have information on where to go.
"[E911] is something we care a lot about and it's something we've maintained even without IP-enabled endpoints," Mah says.
There are some ways to automatically update location information when IP phones are moved. Some of this involves some planning of the campus network layout. New protocols and software are also available to help. Clever network administrators can set up pools of IP addresses into subnets which correspond to physical locations inside a building or campus. IP phones plugged into ports in these locations would automatically be linked to a building number and floor.
Cisco, Enterasys, Extreme, Nortel and Foundry all have their own proprietary discovery protocols for finding switches, routers and other devices on a network. But getting a Cisco switch to detect, let alone collect location data, on a Nortel IP phone is tricky, if not impossible.
The Link Layer Discover Protocol-Media Endpoint Discover (LLDP-MED) is a Telecommunications Industry Association standard supported by Avaya, Extreme and ProCurve by HP. LAN switches use this protocol to collect device information and location data from IP phones (as well as Wi-Fi access points) when network connections are plugged in. But because wide adoption of a standard discovery or registration protocol for phones is limited, users must work with what they have.
Technology has even emerged recently for tracking location data for IP softphone users. The software lets users input location data during the logon process for the softphone application, which is then sent if 911 is dialled from the application.
Drew Depler, IS director for Boulder County, Colo., says the proliferation of softphones and VoWi-Fi handsets is starting to emerge as another challenge for E911 services. "That really starts to become a cost-saving opportunity," Depler says of softphones, which allow county employees to work from home and cut down telecom costs.
And in the future, if they're used widely, softphones could also eliminate the need for more costly IP desktop handsets.
But, Depler says, this also raises an issue for mobile workers with softphones. "How do you track where they are? It does have some impacts on 911. There are real tenuous issues as we look at mobility and we look at IP phones moving anywhere."
3. Is VoIP safe?
VoIP security is a broad question that touches on many aspects of how IP telephony systems operate, and the various parts of the network that VoIP touches. But according to one survey, one thing is clear: VoIP technology isn't safe enough for many businesses.
Only half of the IT executives polled recently in a CompTIA study said they think security technology built into corporate VoIP products and services is solid. The survey (of 350 companies with 500 employees or fewer) showed that even wireless technology - often maligned for its security weakness - was held in higher regard than VoIP in terms of security.
With VoIP, security concerns among the respondents in the CompTIA survey were not relating to potential attacks on only VoIP gear and software, but the affect a general worm or virus outbreakk could have on the quality of IP voice calls.
Worms and viruses that flood corporate networks with traffic may cause e-mail delivery to be delayed, with other slow application response times. But the latency introduced can simply kill an IP telephony conversation.
As for VoIP products, vulnerabilities are popping up more in IP telephony gear and software. Cisco, for instance, over the last 18 months issued nine major vulnerability advisories on products ranging from IP phones and IP PBXs to routers that perform VoIP processes and functions. These nine warnings - serious enough for the vendor to issue software patches - compare to only two VoIP-related vulnerabilities Cisco had issued in the previous 18 months.
Many vendors' IP call processing and messaging products run on top of Linux, Windows, Sun or other server operating systems. Softphones generally run on Windows desktops, while applications such as VoIP-based call centre platforms can touch a wide array of other applications.
Taking all this into account, Avaya had 25 product security advisories relating either directly to its VoIP products, or affecting underlying software products on which Avaya's technology runs, according to research by Secunia.
The Internet Security Systems X-Force vulnerability database has more than 100 entries over the past five years relating to vulnerability reports in VoIP products, applications and underlying protocols.
Some security researchers say the basic technology of some VoIP protocols is by nature hackable or susceptible to denial-of-service or call-interception attacks.
Sheran Gunasekera, a researcher with Scanit, wrote in a report that VoIP call interception can be simple, if targeted against equipment and traffic using non-encrypted, standards-based protocols. Against SIP-based VoIP conversations, "signalling attacks can be used to eavesdrop on conversations and re-route or hijack calls," says Gunasekera.
Other new VoIP threats on the horizon include the emergence of maliciously designed VoIP audio codecs. Theoretically, these so-called "evil codecs" are a VoIP audio stream designed specifically to crash a VoIP endpoint or server.
Lawrence Orans, a researcher with Gartner, says eavesdropping is one example of an overhyped threat. "Sure, it's technically possible to execute a man-in-the-middle attack and capture packets. The reason that we hear so much about eavesdropping is that it really does illicit this visceral reaction. The main thing is to focus on the greater threats, for example attacking an IP PBX server itself."
But it is possible to have a secure VoIP deployment if you follow best practices, says David Endler, chairman and founder of the VoIP Security Alliance. "All of these systems are securable, but they do take some knowledge to get them to that point."
Using encryption on VoIP signaling (SIP and H.323) and payload streams (RTP and UDP, typically) are some approaches. Ensuring IP PBX servers are patched and configured properly, and restricting the types of traffic that can contact IP endpoints are other measures.
4. Do I need a $1,000 IP phone?
Flat-screen, colour display, Gigabit Ethernet, Linux OS: These aren't specs for high-end gaming PCs or enterprise network appliances; the features describe Siemens' OpenStage SIP-based IP telephone.
While clearly aimed at the high-end user, this type of desktop IP phone reflects the growing horsepower, features and capabilities being packed into desktop IP handsets.
Whether these mini-computer telephones make users more productive or add business value to an IT deployment is debatable. "Many enterprises are dramatically overspending on desktop IP telephones," says Jeff Snyder, an analyst with Gartner. "Spending $700 to $800 on a beautiful IP phone for the desktop is serious overkill."
The reason is that many users are not yet rolling out applications that take advantage of advanced capabilities these phones provide. While some phones support Web browsers, XML and Java applications, the effort and cost of tying backend applications and systems into an IP phone are hard to justify.
"The most common application people use on phone displays is calling up past-call lists," Snyder says. "They don't really have any enterprise applications that merit having a large colour screen on the phone."
This is not to say there is no value in tying applications to IP phones with displays. Credit Valley Hospital in Mississauga, Ont., conducted a pilot project to push corporate directory information down to more than 1,000 Nortel IP phones deployed throughout the hospital.
An appliance from Citrix called Net6 was used to convert directory data into a format that is readable and navigable by IP phone screens and interfaces. The project's aim was to allow doctors, nurses and other staff to quickly look up information when not at a PC.
The problem is that the hospital has 2,500 phones, with more than half of them being non-IP phones, or IP phones that cannot support the directory tie-in feature.
"We could not justify the extra licensing to roll out this feature to all those new IP phones," says Tim Oliwiak, the hospital's voice systems analyst. "If we deploy a feature like this, people will become familiar with it, and it has to be everywhere." As a result, the hospital pulled back on the IP phone and directory roll-out.
Gartner's Snyder says the integration of IP telephony with corporate applications and databases has real value and is an emerging trend inside databases. By the time these types of converged applications become pervasive, most users will be accessing them through softphones on their screen, he says; or through enterprise applications, which are tied to VoIP-based features.
Salesforce.com is an example: recent tie-ins with Siemens and Cisco allow users to make calls from client record screens via a Web interface.
Part of the high costs of deploying IP phones also comes with licensing, and many enterprises and organizations are avoiding these issues by choosing low-cost, generic IP phones running SIP. While TDM phone systems are also licensed on a per-seat basis, other users are finding ways around these costs as they move to VoIP.
Sam Houston State University in Huntsville, Texas, uses Cisco IP phones running a generic SIP software stack, which allows the handsets to access an Asterisk IP PBX. The school had partially deployed an older-generation Cisco CallManager system, which used Cisco's proprietary "Skinny" call-control protocol. This required each phone on the system to be licensed in order to register with the call server.
The high licensing fees required to keep the Cisco CallManager network up and running was one of the main reasons the school went to the SIP open source approach, says Aaron Daniel, senior voice analyst at the school. Because Asterisk is open source, this eliminates the need to license thousands of IP phones.
5. Will SIP ever be ready for the desktop?
The VoIP industry has touted SIP for most of this decade as the future of IP telephony. Proponents say the open-standard nature of SIP, its flexibility and elegance are among its virtues.
The problem is, most companies must still rely on proprietary VoIP protocols, or vendor-tweaked (and thus, vendor-exclusive) versions of SIP.
"SIP really describes a limited number of features in terms of it being an industry open standard," says Anne Coulombe, senior product manager at Avaya. "So invariably, a proprietary protocol will have more features."
Most major vendors such as 3Com, Avaya, Cisco, Nortel, Mitel and Siemens who ship phones that run proprietary VoIP protocols also offer standard SIP software stacks that can be loaded onto the devices. This allows the phones to work with so-called "pure" SIP backend IP PBXs or media servers.
Even the open source Asterisk IP PBX system, touted by users for its openness and flexibility, has its own non-SIP protocol for communicating between servers and end-point devices. (Although Asterisk fully supports SIP-based endpoints and peering servers.)
With desktop phone features, the most important ones vary widely, depending on users. People who live on conference calls want a button that can hold all parties without dropping anyone. Those who pop in and out of the office need a message-waiting light. This is why protocols such as Cisco's SCCP, Siemens' CoreNet, and others still come as standard on IP phones and PBXs.
But the demand for SIP is increasing, as users look to integrate presence and multimedia features into a VoIP network. To accommodate, vendors are also creating proprietary extensions to SIP to give the protocols a few extra features: enough to make or break an enterprise VoIP system sale, in some cases.
"It's commercially unreasonable to say to customers that they must be purists about a certain protocol," Microsoft's Duffy says. "If we need to make changes to a protocol, or other scenarios, we'll do that" in order to meet customer's needs, he says.
Avaya calls its SIP extension Avaya SIP Telephony, which extends the number of features a SIP phone supports to around 62, twice as many as are available on basic IETF-based SIP phones.
Vendors such as Avaya and others are also extending basic SIP phone functionality with feature access codes to allow users of SIP-based phones to access features normally available only to proprietary systems.
As SIP becomes more mainstream, we can expect increased interoperability and an expansion of features.
Microsoft's Duffy says users won't be having conversations about SIP interoperability in five years'. Over time, he says, VoIP systems and SIP will operate similarly to Web applications over TCP-IP.
6. How do I run my business on Skype?
Skype, which claims around 100 million registered names, estimates that 30 per cent of its installed base is made up of business users. The free VoIP tool is used widely by road-warrior employees with laptops, as well as small businesses and teleworkers.
Some companies are even patching together systems that integrate Skype into larger VoIP systems. Big cost savings can be gained this way by using Skype to connect branch offices, while still maintaining the feeling of working on a business telephone, as opposed to a PC-based softphone, which some employees may find unfamiliar.
One such company is Eastern Accents, a Chicago home furnishing manufacturer, which has a growing presence in China. It started using Skype to connect to China years ago, and recently took its telephony integration to the next level.
Elvin Rakhmankulov, the company's director of IT, wanted a way to inexpensively and reliably connect its growing China operation with the company's 200 employees in Chicago, and other domestic satellite offices. Eastern Accents has a 3Com IP PBX system, which easily ties together its U.S. branch offices over the Internet. Sites in Los Angeles and North Carolina get 3Com IP phones, which link back to Chicago.
When Rakhmankulov tried this setup to connect to China, he hit the wall. "The calls were not being blocked, but the latency, the speed of the network, was really slow," he says. "Nobody knows for sure why there is so much latency for Internet traffic going into and out of China. But any Internet communication to China is a huge issue. When the signal goes from the United States to China, it really takes a while."
Rakhmankulov discovered the free VoIP client worked fine, passing through whatever firewalls or other gateways without any perceived latency to the calls. "Skype does not need a lot of bandwidth. At the same time, it works with China very well," he says. "The quality of the calls is very good."
Employees used PC-to-PC Skype, but Rakhmankulov wanted to integrate communication line as part of the businesses phone system. "It would be much easier for most people because they don't have to have headsets on their computers, microphones and all that stuff," he says.
Rakhmankulov rigged his system by attaching the 3Com system to an appliance from VoSky, which lets employees make Skype calls from 3Com IP phones on desktops. When Chicago users dial eight and then the extension from a 3Com phone, it connects to the employee in China using Skype on a PC with a headset.
"Users don't know anything about it in the background," he says. "If they want to make an international call, they dial eight, and it goes through Skype. His next plan is to replicate the Chicago setup in the China offices so all employees can talk on actual phones, instead of a mix of PC headsets and handsets.
Overall, Rakhmankulov estimates he's cut his telephone bills by a third, by using Skype to call China. Using Skype of the public Internet is also a big cost saver versus setting up a private point-to-point IP line to China for VoIP.
Experts say that tightly controlled Skype usage, such as the system at Eastern Accents, is what companies should strive for in using Skype. While it can be a useful tool, IT administrators should get out in front of Skype usage before discovering the software downloaded on laptops and PCs without authorization.
"Because the Skype client is a free download," Gartner's Orans says, "it is widely used and most businesses have no idea how many Skype clients are installed on their systems or how much Skype traffic passes over their networks."
Skype currently has seven security bulletins on its site relating to known security flaws or exploits of the software. Exploits of vulnerabilities and bugs range from potential system crashes to execution of arbitrary code on a Skype PC. Skype's P2P file-sharing capabilities compound the risks associated with the software.
The growing number of security holes in the program highlights the risk of not establishing and implementing an enterprise policy for Skype, Orans says. "If, after weighing the risks, a business decides to allow Skype use, it should actively manage version control of the Skype client, and its distribution to authorized users, with configuration management tools."
Related content: