Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Cisco- Merrill Lynch breakup
- Thread starter koch1999
- Start date
Purportedly, high-level management decided that having their entire operation running on VOIP was putting all their eggs in one basket (much like PBXes are, when you think of it!)
My suspicion is that a clueless non-tech manager found out the IP in VOIP stands for Internet Protocol, assumed all their calls were susceptible to viruses and hackers, and made a knee-jerk reaction.
Here's a link:
(not responsible for text wrap errors caused by tek-tips funky forum software!)
My suspicion is that a clueless non-tech manager found out the IP in VOIP stands for Internet Protocol, assumed all their calls were susceptible to viruses and hackers, and made a knee-jerk reaction.
Here's a link:
(not responsible for text wrap errors caused by tek-tips funky forum software!)
Actually, Cisco VOIP *ARE* vulnerable to viruses and worms. Two weeks ago we had a bad outbreak of Nachi. One thing that Nachi does is to send out hundreds of ICMP echo requests a second to more-or-less random IP addresses in an effort to find more machines to infect. Several of our routers were so busy processing the ICMP requests (and resulting ICMP unreachables) that they were unable to process inbound and outbound calls on the voice T1s that they handle as well. So basically, Nachi cut off any outside calls, INCLUDING E911 service!!!! Thank god no one had a heart attack before we got things back under control.
Well here's one thing, why are you running your Voice T1/PRI on your routers??
I personally never do this just for that face, FXO or FXS okay, but something thats dealing with a big amount of traffic like PRI/T1 I don't do this.. I don't need the router getting hung up processing other things. I want that box just doing the Voice portion.. This is where the VG200 comes into play very nicely..
BuckWeet
I personally never do this just for that face, FXO or FXS okay, but something thats dealing with a big amount of traffic like PRI/T1 I don't do this.. I don't need the router getting hung up processing other things. I want that box just doing the Voice portion.. This is where the VG200 comes into play very nicely..
BuckWeet
I agree that putting the voice T1s on a separate box might be better in some instances, but:
1) Tell that to the bean counters where I work. Part of the sales pitch for Cisco VoIP is the convergence of voice and data as a means to save money. I know that the VG200 chassis is pretty cheap, but so are the bean counters here.
2) Even if I do move all of my voice T1s to VG200s, the VG200s are still vulnerable to attack across my data network, since they are still part of the data network. Ok, so it might not be the same attack that got me last time, but I'm 100% sure that I'll have problems again that are caused by a virus or a worm.
3) Call Manager, Unity and other voice applications run on Windows. Even if I keep the patches and virus software 100% up to date, there's still a window of vulnerability that can be exploited.
4) This is a personal nit to pick, but there doesn't seem to be an image for the VG200 thet supports SSH.
1) Tell that to the bean counters where I work. Part of the sales pitch for Cisco VoIP is the convergence of voice and data as a means to save money. I know that the VG200 chassis is pretty cheap, but so are the bean counters here.
2) Even if I do move all of my voice T1s to VG200s, the VG200s are still vulnerable to attack across my data network, since they are still part of the data network. Ok, so it might not be the same attack that got me last time, but I'm 100% sure that I'll have problems again that are caused by a virus or a worm.
3) Call Manager, Unity and other voice applications run on Windows. Even if I keep the patches and virus software 100% up to date, there's still a window of vulnerability that can be exploited.
4) This is a personal nit to pick, but there doesn't seem to be an image for the VG200 thet supports SSH.
You might want to be running the Cisco Security Agent for CallManager and Unity, and also, you may want to have the CallManager servers and Unity servers in broadcast domains separate from the data network. Where this has been the case, I have not seen CallManager or Unity get compromised...*yet*. And that is across several installs. Installs where boxes on the data VLANS got smoked by slammer, welchia/nachi etc. Proper segregation of the network and protecting the host with CSA will stop almost all of the worms du jour. Viruses are more easily stopped from hitting CM and Unity by employing standard virus protection software on the boxes. Now, would I want to a worm that specifically targeted boxes running port 2000 traffic...hmmm...CallManager could still be protected, but DoS attacks on the phones and gateways would be interesting... ;-)
Pat
Pat
Slammer infects Windows machines running MSSQL.
Call Manager and Unity run MSSQL.
Avaya systems, which I understand Merrill was using alongside Call Manager, do not run on Windows and therefore are immune to Slammer (and all Windows viruses for that matter).
Merrill did not announce that they would discontinue using Avaya systems; the opposite is true.
Avaya systems are quite capable of doing VoIP by the way. It doesn't sound like JPM121 is aware of that.
Merrill did not say that they would stop using VoIP, only Cisco's VoIP platform, Call Manager.
Could there be a connection in all of this? Could that non-tech manager who JPM121 refers to be more concerned about Merril's business than a blind allegiance to Cisco?
So who is clueless here? A non-tech manager as JPM121 implies, or JPM121?
Here is a clue for all of you MIS and IT guys who love Cisco. You don't work for Cisco. Don't sacrifice your company's bottom line because you are wearing blinders.
Another clue. Take off the blinders and become real business people. Look objectively at alternatives other than Cisco's VoIP products.
Often you will pay less, get much more, and go home earlier in the day since you won't be having to stay after hours to install Windows patches, fighting virus outbreaks on your voice systems, rebooting servers, trouble shooting multiple boxes trying to figure out why voice isn't working, and the list goes on.
My final clue. Nortel, Avaya, Seimens, Alcatel PBXs, all of which support VoIP by the way, routinely run 24/7 for years at a time, in hot dusty telephone closets, with little attention required. Kind of like a refrigerator in that respect. They are taken for granted, as I am sure Merrill must of done.
So JPM121, the next time you are looking at a VoIP requirement I suggest that YOU don't make a knee jerk reaction and choose Cisco just because that is all you apparently know.
Call Manager and Unity run MSSQL.
Avaya systems, which I understand Merrill was using alongside Call Manager, do not run on Windows and therefore are immune to Slammer (and all Windows viruses for that matter).
Merrill did not announce that they would discontinue using Avaya systems; the opposite is true.
Avaya systems are quite capable of doing VoIP by the way. It doesn't sound like JPM121 is aware of that.
Merrill did not say that they would stop using VoIP, only Cisco's VoIP platform, Call Manager.
Could there be a connection in all of this? Could that non-tech manager who JPM121 refers to be more concerned about Merril's business than a blind allegiance to Cisco?
So who is clueless here? A non-tech manager as JPM121 implies, or JPM121?
Here is a clue for all of you MIS and IT guys who love Cisco. You don't work for Cisco. Don't sacrifice your company's bottom line because you are wearing blinders.
Another clue. Take off the blinders and become real business people. Look objectively at alternatives other than Cisco's VoIP products.
Often you will pay less, get much more, and go home earlier in the day since you won't be having to stay after hours to install Windows patches, fighting virus outbreaks on your voice systems, rebooting servers, trouble shooting multiple boxes trying to figure out why voice isn't working, and the list goes on.
My final clue. Nortel, Avaya, Seimens, Alcatel PBXs, all of which support VoIP by the way, routinely run 24/7 for years at a time, in hot dusty telephone closets, with little attention required. Kind of like a refrigerator in that respect. They are taken for granted, as I am sure Merrill must of done.
So JPM121, the next time you are looking at a VoIP requirement I suggest that YOU don't make a knee jerk reaction and choose Cisco just because that is all you apparently know.
Jeez, aren't we being a player hater today... All the other VOIP manufacturers do have something to learn from cisco. from an underlying standpoint, they all can't touch Cisco's VoIP implementation. I have problems from AVAYA from an IP standpoint all the time. They don't have the data features needed to make rolling out IP phones easy. Infrastruture wise, CISCO kills them all. Telephony feature wise, its the other way around. Stability is improving big time. I have several callmanager installs out there that are running great, and the only time we hear issues is when someone screws with something. As for the security issues, what kind of idiot doesn't firewall the servers?? Shut off all unneeded traffic to the voice server vlan. Even restrict certain IP's to only be able to talk to it.. On the newer AVAYA solutions, their CLAN and MEDPRO boards aren't able to be attacked (yet) their servers sure are though. Since their servers run linux, exploits are coming out more and more everyday for these. The servers have httpd, ftpd, telnetd, sshd, and a few others open to the world. But once again, FIREWALL it.
As for voip implementations, Cisco and AVAYA are 1st and all the others are far behind in my opinion. Now depending on what you want/need to do decides who's actually #1. Its cheaper overall to have a Cisco Callmanager system. You have that data gear for your data network, so that'll be covered under SmartNet, then any other voice gear you throw into those boxes will be covered under that same contract. Now AVAYA on the other standpoint, they charge maintenance per port on your system. Its very expensive and this is the #1 reason why people don't chose AVAYA over cisco for example, or let alone look for other solutions in the 1st place even if its not VoIP..
Also comes into play is traditional PBX vendors closed sourced thinking. Cisco can have apps written for it, although most of them are worthless, but its still open. AVAYA, you have to pay just to get information from them. They don't like to give information out. I called up for support on T.38 Fax relay on their system and they wanted to charge me 750 bucks to get that info. Cisco, its and look.
There are plus and minuses to each system. You need to look at the actual things that you need from the PBX. Call center, go with traditional no question. Campus style setup with tons of remote sites with 20 stations, CallManager all the way, price point can't be beaten on setups like this.
As for voip implementations, Cisco and AVAYA are 1st and all the others are far behind in my opinion. Now depending on what you want/need to do decides who's actually #1. Its cheaper overall to have a Cisco Callmanager system. You have that data gear for your data network, so that'll be covered under SmartNet, then any other voice gear you throw into those boxes will be covered under that same contract. Now AVAYA on the other standpoint, they charge maintenance per port on your system. Its very expensive and this is the #1 reason why people don't chose AVAYA over cisco for example, or let alone look for other solutions in the 1st place even if its not VoIP..
Also comes into play is traditional PBX vendors closed sourced thinking. Cisco can have apps written for it, although most of them are worthless, but its still open. AVAYA, you have to pay just to get information from them. They don't like to give information out. I called up for support on T.38 Fax relay on their system and they wanted to charge me 750 bucks to get that info. Cisco, its and look.
There are plus and minuses to each system. You need to look at the actual things that you need from the PBX. Call center, go with traditional no question. Campus style setup with tons of remote sites with 20 stations, CallManager all the way, price point can't be beaten on setups like this.
computerhighguy
IS-IT--Management
I have to agree with Buckwest on this one. We have a player hater among us. Although Cisco preaches the convergence of data, voice and video, it doesn't necessarily mean that it is all on one platform, but rather the interoperability of the entire Cisco line. I am familiar with the Nachi virus and what it does (pretty nasty if you block port 80). However, a properly built voice and data system should ensure that the voice network stays alive. Best practices suggest that a dedicated AVVID router should be used in main office locations and a converged router in branch office locations. Yes, Call Manager runs on a Windows platform. Yes it is susceptible to attacks like the Slammer, Nachi and Blaster. However, any good IT/MIS manager has a patching plan and service pack deployment strategy. I do and I have not had a problem in 2 years. My Voice network is on a separate VLAN with an access list controlling who and what has access to it. Avaya is a great company and their products are good, but the value of one vendor/one phone number to call for support is very appealing. And lets face it, Cisco's tech support is tops (accept for the whole move to India thing, but that is for another time). With Lucent's financial trouble in recent years and the subsequent split of Avaya worries me as an IT manager for their long-term stability in the market place. Either way, Cisco is easier for a Cisco tech/shop. Books and training are far more available than Avaya systems. No phone system is 100%, but my phone system is pretty close.
Yea, don't get me wrong, I love working on AVAYA Multivantage (communication manager, definity are other names for it) Thats one freaking awesome PBX. I've worked with several other PBX's out there and I'm not that impressed with them. AVAYA has really stepped up like no other on convergence and also their migration path from their older TDM gear is unmatched. Administration wise I prefer definity, and several other things I still prefer definity, but when it comes to the IP data infrastruture, I prefer cisco. I love working on both systems. I get more of a thrill working on definity though because its just a fully featured PBX that is used in the largest of installations, having that knowledge is very powerful. Especially when you know how to integrate them.
Ah, the shotgun approach in the old CCM forum, eh holmes? You had a busy day posting in the 4 active threads here.
I evaluate technologies for my clients based on their needs, available solutions, and the best way of bridging the gap between the two. I'm completely 100% independent in terms of affiliation or association with ANY hardware or software vendor. I'm not an authorized ANYTHING reseller, partner, preferred "vendor" or anything else.
Guess what? My clients tell me that my independence is one of the things they value most about our relationship. They know I'm offering them unbiased advice. I don't do the down-n-dirty integration work; my role is a contract project manager and support position. Sure, I can bang around in a Cisco router console, but I keep myself plenty busy selecting the right vendor and managing THEIR CCxx guys during the implementation.
The success of my projects is measured in ROI and meeting the needs of my clients within budget, using the best possible technology.
Holmes, you have a lot of bitterness...
I evaluate technologies for my clients based on their needs, available solutions, and the best way of bridging the gap between the two. I'm completely 100% independent in terms of affiliation or association with ANY hardware or software vendor. I'm not an authorized ANYTHING reseller, partner, preferred "vendor" or anything else.
Guess what? My clients tell me that my independence is one of the things they value most about our relationship. They know I'm offering them unbiased advice. I don't do the down-n-dirty integration work; my role is a contract project manager and support position. Sure, I can bang around in a Cisco router console, but I keep myself plenty busy selecting the right vendor and managing THEIR CCxx guys during the implementation.
The success of my projects is measured in ROI and meeting the needs of my clients within budget, using the best possible technology.
Holmes, you have a lot of bitterness...
computerhighguy
IS-IT--Management
Does anyone know where I can pickup the equipment that Merril is getting rid of? I would love to get some used Call manager systems and phones at a great price.
- Status
Similar threads
- Locked
- Question
- Locked
- Question