TeleCity Advises IT Directors on VoIP

Dr. Carl Windsor, Chief Technology Consultant at TeleCity, a leading European data centre and managed services company has provided his top 10 tips for IT directors considering a switchover to VoIP.

TeleCity has a network of carrier-neutral data centres providing colocation, IT infrastructure management and IT services to communication service providers, corporate enterprises and the public sector. The company is headquartered in London with nine locations across Europe, in Amsterdam, Dublin, London, Manchester, Frankfurt, Paris and Stockholm.

1. Get buy in for your move to VoIP

It is essential to involve all your company departments in the decision to go VoIP. Understand what the technical benefits are and articulate them across your business in terms of benefits to each department. Buy in like this will ease deployment and help to generate the business case.

2. Set your goals and stick to them

VoIP can bring many benefits but it is important to understand what features are available, what can realistically be achieved in your delivery timescale, what features will benefit your company and fix these goals in stone before beginning deployment. VoIP is such a feature-rich technology, if you do not set strict delivery goals, ‘scope creep’ will delay delivery.

3. Don’t forget the infrastructure

When constructing your business case for migrating to VoIP, don’t forget the about the infrastructure needed to support the VoIP system. Traditional PSTN phone lines are able to survive power outages and can function in emergency situations. Even when PABXs are deployed, they are usually protected by UPS to maintain function throughout the power outage. It is important to evaluate the cost of protecting the VoIP infrastructure from power fluctuations at all points (PoE switches, VoIP Gateway) and include this as part of the business case.

4. Speak to experts

With the explosion of end-user VoIP services such as Skype, MSN and Yahoo Messenger, and Google Talk, home use has overtaken corporate deployment significantly. The drawback to this is that most companies have more ‘domestically trained’ self-proclaimed VoIP experts than members of the IT team. The corporate VoIP market is vastly more complicated so make sure you chose you source of advice wisely.

5. Understand the risks

Ensure that the risks associated with deploying VoIP have been assessed by your Security Forum. Whilst most departments may be happy with the security of a VoIP deployment, departments which involve personal information (HR) or credit card information (finance) may have more strict security requirements. It is vital that your company understands the risks and is able to manage and mitigate them appropriately.

When ordering goods over the phone, most people are happy to read their credit card details to the person on the other end. The numbers are transmitted without encryption to the seller but the security of the PSTN network is deemed to be satisfactory. Only the highest security clearance organisations would make the effort to encrypt voice traffic over traditional telephone lines. In contrast, the risk of sending unencrypted VoIP traffic over the internet, which may include several intermediary networks outside of your control demands such measures.

6. Hedge your bets

In 2005, deploying corporate VoIP is still seen to be at the cutting edge of technology. Deloitte LP predict that two-thirds of Global 2000 companies are set to start to move away from traditional voice services and begin the implementation of some form of VoIP services by 2006. Should this prediction be correct, it is a massive jump towards a technology whose standards have not yet been fully agreed. Current VOIP systems use either a proprietary call signalling protocol, or one of two standards, H.323 and the Session Initiation Protocol (SIP). Although SIP appears to be becoming the most popular, neither has won the race to be the de-facto VoIP standard. Consequently, organisations moving to VOIP should seek out gateways and other network elements that can support both H.323 and SIP. Such a strategy helps to ensure compatibility of your VOIP network in the years that come, no matter which protocol dominates.

7. Segregate your networks

Whilst the VoIP heralds the convergence of Voice and Data networks, it doesn’t mean it is a good idea to merge the two completely. Retrofitting your existing network to support voice will no doubt cause problems with performance and security. It is good practice to keep Voice and Data on different logical networks (e.g. using 802.1Q VLANs), with different RFC1918 addressing. This way it is easier to decide which traffic flows are valid, to apply Quality of Service and to prevent the spread of virus and limit the effect of DoS attacks. If you are going to deploy VLANS, make sure your chosen VoIP Phone supports 802.1Q on its onboard switch otherwise you may end up with costly cabling work to increase the number of desk ports.

8. Stick with what you know

The transition to VoIP can be hard enough for non-technical users as it is; don’t complicate matters by cutting corners and deploying soft phones. Soft phones may enable cost savings in the short term but sticking with traditional looking handsets makes the change less stressful. In addition, because PCs are necessarily on the data network, using a softphone conflicts with the need to separate voice and data networks (see 7).

9. Secure your network

VoIP session protocols operate in similar way to the FTP traffic where the session protocol negotiates which port to exchange payload data on. The VoIP payload, RTP traffic, is dynamically assigned an even port number in the range of non-privileged UDP ports (1024-65534) and specified in the packet body of the session protocol. In this case, unless your firewall is application aware and knows where to look to see which port is going to be used, it will be unable to predict which port the payload data (i.e. for VoIP, the voice) will be communicated on. There are only two options in this case:

a. Allow all traffic on these ports or
b. Deny all traffic on these ports

VoIP application-aware firewalls that also support Network Address Translation (NAT), QoS and hardware encryption, such as Fortinet’s FortiGuard Series, should be deployed to restrict the number of ports which need to be opened and protect your networks from attack. The implementations of QoS and ToS flags and hardware encryption will help to minimise the effect of latency and jitter that can be added by encrypting traffic.

10. Monitor your network

Depending on which codec is used to encode the voice traffic, 150 ms of latency or packet loss of 3% of packet loss is enough to for the voice quality to drop below the levels of the PSTN. It is important to continuously monitor the quality of your network otherwise you will quickly find out about it from the hoards of angry users. A few seconds extra latency on the data network will likely go unnoticed but on the voice network it can cause anarchy!

The following two tabs change content below.


Latest posts by admin (see all)