Home > Articles > VoIP Top 10 Tips for IT Directors

VoIP Top 10 Tips for IT Directors

March 31st, 2006

It is essential to involve all your company departments in the decision to go VoIP. Understand what the technical benefits are and articulate them across your business in terms of benefits to each department. Buy-in like this will ease deployment and help to generate the business case.

Set your goals and stick to them – VoIP can bring many benefits but it is important to understand what features are available, what can realistically be achieved in your delivery timescale, what features will benefit your company and fix these goals in stone before beginning deployment. VoIP is such a feature-rich technology, if you do not set strict delivery goals, ´scope creep´ will delay delivery.

Don´t forget the infrastructure – When constructing your business case for migrating to VoIP, don´t forget the about the infrastructure needed to support the VoIP system. Traditional PSTN phone lines are able to survive power outages and can function in emergency situations. Even when PABXs are deployed, they are usually protected by UPSs to maintain function throughout the power outage. It is important to evaluate the cost of protecting the VoIP infrastructure from power fluctuations at all points (PoE switches, VoIP Gateway) and include this as part of the business case.

Speak to experts – With the explosion of end-user VoIP services such as Skype, MSN and Yahoo Messenger, and Google Talk, home use has overtaken corporate deployment significantly. The drawback to this is that most companies have more ´domestically trained´ self-proclaimed VoIP experts than members of the IT team. The corporate VoIP market is vastly more complicated so make sure you chose you source of advice wisely.

Understand the risks – Ensure that the risks associated with deploying VoIP have been assessed by your security forum. Whilst most departments may be happy with the security of a VoIP deployment, departments which involve personal information (HR) or credit card information (finance) may have more strict security requirements. It is vital that your company understands the risks and is able to manage and mitigate them appropriately.

When ordering goods over the phone, most people are happy to read their credit card details to the person on the other end. The numbers are transmitted without encryption to the seller but the security of the PSTN network is deemed to be satisfactory. Only the highest security clearance organizations would make the effort to encrypt voice traffic over traditional telephone lines. In contrast, the risk of sending unencrypted VoIP traffic over the internet, which may include several intermediary networks outside of your control demands such measures.

Hedge your bets – In 2005, deploying corporate VoIP is still seen to be at the cutting edge of technology. Deloitte LP predict that two-thirds of Global 2000 companies are set to start to move away from traditional voice services and begin the implementation of some form of VoIP services by 2006. Should this prediction be correct, it is a massive jump towards a technology whose standards have not yet been fully agreed. Current VoIP systems use either a proprietary call signalling protocol, or one of two standards, H.323 and the session initiation protocol (SIP). Although SIP appears to be becoming the most popular, neither has won the race to be the de-facto VoIP standard. Consequently, organizations moving to VoIP should seek out gateways and other network elements that can support both H.323 and SIP. Such a strategy helps to ensure compatibility of your VoIP network in the years that come, no matter which protocol dominates.

Segregate your networks – Whilst VoIP heralds the convergence of voice and data networks, it doesn´t mean it is a good idea to merge the two completely. Retrofitting your existing network to support voice will no doubt cause problems with performance and security. It is good practice to keep voice and data on different logical networks (e.g. using 802.1Q VLANs), with different RFC1918 addressing. This way it is easier to decide which traffic flows are valid, to apply quality of service and to prevent the spread of virus and limit the effect of denial of service attacks. If you are going to deploy VLANS, make sure your chosen VoIP phone supports 802.1Q on its onboard switch, otherwise you may end up with costly cabling work to increase the number of desk ports.

Stick with what you know – The transition to VoIP can be hard enough for non-technical users as it is; don´t complicate matters by cutting corners and deploying soft phones. Soft phones may enable cost savings in the short term but sticking with traditional looking handsets makes the change less stressful. In addition, because PCs are necessarily on the data network, using a softphone conflicts with the need to separate voice and data networks.

Secure your network – VoIP session protocols operate in similar way to the FTP traffic where the session protocol negotiates which port to exchange payload data on. The VoIP payload, RTP traffic, is dynamically assigned an even port number in the range of non-privileged UDP ports (1024-65534) and specified in the packet body of the session protocol. In this case, unless your firewall is application aware and knows where to look to see which port is going to be used, it will be unable to predict which port the payload data (i.e. for VoIP, the voice) will be communicated on. There are only two options in this case: allow all traffic on these ports or deny all traffic on these ports.

VoIP application-aware firewalls that also support network address translation (NAT), QoS and hardware encryption (such as Fortinet´s FortiGuard Series http://www.fortinet.com/) should be deployed to restrict the number of ports which need to be opened and protect your networks from attack. The implementations of QoS and ToS flags and hardware encryption will help to minimize the effect of latency and jitter that can be added by encrypting traffic.

Monitor your network – Depending on which codec is used to encode the voice traffic, 150 ms of latency or packet loss of 3 per cent of packet loss is enough to for the voice quality to drop below the levels of the PSTN. It is important to continuously monitor the quality of your network otherwise you will quickly find out about it from the hoards of angry users. A few seconds extra latency on the data network will likely go unnoticed but on the voice network it can cause anarchy!

Articles

Comments are closed.