Author: DrVoIP

Can I text your Enterprise Contact Center?

Posted on by DrVoIP

Phone only ‘call centers’ have been rapidly replaced with ‘contact centers’ that can also handle email and chat communications.  Customers want more options for interacting with companies they buy products and services from.  Chat requires the customer to be at a computer and though email may be sent from a mobile phone, generally the sender is at a desktop.    In a wireless world in which every man, woman and child seems to wonder around with a ‘text’  or sms enabled device on their person, does it not make sense that they would want to text your call center?

Most call centers seem to be comfortable adding more and more incoming telephone lines, but never seem to add more agents?  We now queue up more clients to the same number of agents and expect that our customer satisfaction scores will increase with each new telephone line we add.   Chat and email increase the options that an agent can use to communicate with a customer, but only text offers location independent immediacy and the highest level of accuracy in CRM integrations.

A text will be read, on the average, within 10 seconds of its arrival.  It has a significantly higher read rate than email.  It is considered spam free, as you must opt in from you own mobile phone to receive future text messages.  As most folks under 30 do not even have a land line, using the CID of a SMS text will yield a much higher accuracy rate when doing screen pops from CRM integrations.    Self Service options for SMS are enormous and scheduling an agent call back could not be any easier!

What would you rather do: call into a contact center, listen to the obligatory menu of options, self navigate to the customer service group and then hear the first queue message: “the next available agent will be with you momentarily”; or send a SMS text message directly to the contact center group, by passing the automated attendant  and if you do not receive an immediate call back, receiving a confirmation text that an agent will call you at your mobile number in four minutes?

We have created a website to enable you to immediately setup a text based marketing campaign! You can create an account at our TEXT PORTAL  and select a phone number for your campaign and be in the digital marketing world in minutes.  We give you free SMS credits when you activate your account!  Interested in extending this capability to your Contact Center?  We can implement text functionality to your ShoreTel Contact Center or CISCO UCCX in a matter of hours!

Contact DrVoIP@DrVoIP.com or send the word CALLME to 603-426-3253 for sample application!  If you would like to test T2E (Text to Email) text your email address to the same number and we will set you up. – DrVoIP

ShoreTel iPBX phone system Training!

Posted on by DrVoIP

Phone Training is a double edged sword.   Everyone wants it  but nobody really wants to make the time commitment required to get comfortable with the new phone features that a system like ShoreTel brings to your  business.   Most folks figure it is a phone, how complex can it be?   That is true, ShoreTel phone are easy to manipulate and most features are intuitive.   There are however, a range of features that improve customer care, increase availability and enable you to achieve priority call management that are new concepts in business communications.   These features deserve some attention and the hour or so invested in learning about call handling modes, primary phones, simultaneous ring, follow me and custom call routing enjoy more than favorable return on time invested.

In addition to basic user training (we have to find another word to replace user, sounds like drug addict) ShoreTel has applications that also require training.  For example if you have an Enterprise Contact Center or a Work group environment, you will need to provide instruction for your Agents and Supervisors.    Are you using CRM connectors like Salesforce and Microsoft?  Do you have a custom application integrated with your ShoreTel?  Maybe the Recording or 911 application?   How about the Mobility server?   Are you using the iPhone and android aps?  Finally, all of these system need an educated System Administrator to handle adds moves and changes, who is going to provide that training?

When it comes to the basic ShoreTel phone system,  typically we break user training into basic phone handling and save the Communicator as a separate session.   Not everyone needs to learn Communicator, but everyone in the enterprise needs to know the basics phone function if they are going to be effective come “go live”.   How to setup your voice mail, assign your extension, manage multiple calls, transfer, conference and park are essential tricks that all employes should learn.   Generally, this is a 30-45 minute session and groups of 10 people around five handsets with an instructor using a projector for the call manager is a minimum training environment.  Like wise, to get through the Communicator, it will take another 45 minutes.   If you have to train several hundred people, over multiple sites, training is going to be a significant time investment and several days of Per Diem for an instructor on site!

We have found that web based training can be very effective for all of the various types of users that need to better understand these systems.    You can do large groups and a much lower cost without sacrificing the informational content.  Though we find mufti-media self paced training resources to be a very valuable as refrenece material or to help future new team members get up to speed, it is generally agreed that having an insturctor led webinar is a better solution.   The instructor can be aware of the specific configurations that uniquely define every deployment and can answer questions, propose feature solutions and generally help folks better understand the rich library of features they are about to make use of.  System Administration is without question easily done by web, as you are just going to log into a Shareware Director portal anyway!   No need for everyone to hurdle in the server room!

We can help you with distance learning solutions (or come on site) custom tailored to you deployment.  We can cover the full range of ShoreTel products and generally enjoy helping folks!   Give us call or  Text “ShowMe” to 15165197813 and we will setup a meet!

 

 

 

 

 

 

ShoreTel fail over options using Vmware – Part 1 Building a VMware Test Lab!

Posted on by DrVoIP

The most often asked question we hear among ShoreTel system administrators is how best to achieve “fail over”, assure high availability and assure business continuity? There is no simple answer to this question nor is there any one “best practice”. It is going to depend on any number of interrelated issues including budget, facilities, availability and down time goals. With unlimited funding there are many more options then there are if we have a very limited budget. Is our deployment located in a single facility or scattered across multiple sites? Do we have an onsite data center or a “cloud” or collocation facility. Can we tolerate any down time at all or are we looking for hot fail over with no service interruption?

Redundancy by itself is not sufficient to guarantee high availability or continued uninterrupted business operations. Two power supplies are always better than one (especially if they are plugged into separate electrical sources) and RAID disk arrays are more reliable than a single spinning hard disk and iSCSI may even be a better. Many system administrators have explored commercial options like Double Take with its active/active fail over strategy.

At the end of the day, our view is that multiple hosts across multiple locations in a virtual or cloud based deployment are you best options. We think VMware and Amazon are unstoppable solutions providing high availability and business continuity assurance that maximizes budget, simplifies administration and with the lowest risk. Though we will have much more to say about Amazon Web Services, especially how it can best interface with VMware, we are going to demonstrate several configuration built on the vSphere ecosystem.

In our opinion  your ShoreTel partner should have installed your deployment on VMware from the onset.  A single VMware ESXi hypervisor host running your ShoreTel HQ Server and a ShoreTel Distributed Voice Mail server with the DVM installed at the same site and at the same level as the HQ server, will provide a very effective fail over solution at the lowest possible cost.   VMware Essentials gets you ESXi and vCenter for $540, what is to think about? A single hardware host with two virtual Windows servers, a shared iSCSI data store and a copy of FreeSCO  will best any effort to run redundant HQ servers!   ShoreTel servers can fail up, so just put all of your HQ switches and Users on the DVM and if it fails, HQ will take over.  If HQ fails, no  real harm done.

Sounds like a lot of hardware complexity but we are going to demonstrate this on a lab system consisting of a single Windows Laptop! Through the miracle of VMware,  Openfiler and FreeSCO we are going to create this entire solution and use it to prove out several different “fail over” strategies that can be used to develop “high availability” options for your ShoreTel deployment.   Additionally if your are just learning VMware, this will be an excellent  “play pen” and “sand box”and learning environment,  well within the budget of any serious student of virtualization. If you can access a lap top the rest of the requirements can be obtained as open source “free ware” or evaluation software. So lets lose the excuses and get to work!

Building your “Sandbox”!

Our test environment will consist of 3 ESXi Hosts, an iSCSI data store, a CISCO compatible routers; two Windows servers; and  two XP or better Windows PC’s.  As this entire lab will be built out on a single device here is the “parts list”:

(a) Windows laptop – If you have several spare PC’s or servers that you can make use, of great but we can build out this entire test lab on a single laptop. The only requirement is that we need 16GB of RAM! as long as you can expand the memory to at least 16GB.

(b) Your first lesson in virtualization is to understand the difference between a type 1 and a type 2 hypervisor. VMware ESXi is a type 1 hypervisor and that means that it is installed on a bare metal host computer, typically an appropriately configured server.  VMware Workstation is a type 2 hypervisor meaning it is installed on top of an operating system, like Windows,  already installed on a bared metal hardware platform.  In this case, we have a laptop running Windows 8 and we are going to install VMware Workstation on top of Windows. You can download an evaluation copy of VMware Workstation from http://www.vmware.com/products/workstation/workstation and when the 90 day  evaluation is up, if you can find $249, it is our recommendation that no VoIP Engineer or Field technician should be without this a lap top running product.

(c) ESXi is a type 1 hypervisor and the really good news is it that it is still available absolutely free of charge. This will be the core of our test lab and we will build out three hosts, all running in VMware Workstation on our laptop, to support our ShoreTel deployment.

(d) Building out a ShoreTel HQ server under ESXi as a single server is what most folks do.  If you are going for high availability, however, you need to consider the size of your data store.   Even if you are only restoring a “snap shot”, the size of your data store may be the limitation that determines down time.  Rather than store the application data on the Windows server used for your ShoreTel HQ erver, we recommend that you install an iSCSI data store on your LAN.  In this way , if you have to restore the server, you will already have the data store available (this is where AWS S3 comes into play, so see our previous blog regarding backup strategies).  You can download community edition of Openfiler  the iSCSI data store we are going to deploy in this lab from http://www.openfiler.com/community/download as we will be configuring our deployment based on the availability of network area storage.

(e) One of the “must have” software tools in our Engineering laptop tool kit is a three interface router named FreeSCO!  It is pronounced “Free CISCO”as a take off on our favorite company to hate.  For those of you who ever wanted to deploy a fully functioning CISCO router from a USB drive,  down load this now from www.freesco.org or download the ova we created which is available in the member portal of the DrVoIP web site.

(f) Lastly, you will need Windows Server software, either Windows 2008 or 2012.   You can  download an evaluation copy from Microsoft at http://msdn.microsoft.com/en-us/evalcenter/dn205302.aspx if you do not have a copy kicking around your lab.

(g) Lastly, ShoreTel has never asked for our opinion but they do not make evaluation software easily available to lab environments or to students who hope to be future ShoreTel VoIP engineers.  ShoreTel software can only be legally obtained by purchasing a system or through a support agreement from either a ShoreTel partner or directly from ShoreTel TAC.  If you are a partner or covered under a support agreement, you can down load all sofware from the ShoreTel site.  The iPBX software will run license free for 45 days.   Our lab is going to make use of the ShoreTel HQ server, the ShoreTel DVM Server and several virtual Shoregear voice gateways.

The DrVoIP video demonstrates how this lab is constructed and how the various components are installed and is part of the over all VMware training material available (or soon to be posted) on the DrVoIP website.   This lab will enable you to not only become very comfortable with VMware in general, but help you explore the various options for providing high availability and business continuity to your ShoreTel deployment.

AWS S3 – a ShoreTel backup strategy!

Posted on by DrVoIP

Amazon Web Services (AWS) has a range of storage options that make them our first choice in cloud based storage solutions and an ideal location for our ShoreTel data backup. In fact, now that ShoreTel has moved to virtualized hardware for voice gateways, we have moved our entire ShoreTel deployment into the AWS EC2 environment, but that is the subject of a separate blog! AWS is an ideal solution for backing up your ShoreTel configuration. You can choose to back up to the Glacier storage service if you can stand a few hours of down time retrieving the backup files, but S3 (simple, scalable, storage) is the best solution for setting up a shared network drive to faciliate your ShoreTel Server backups.

Backups should be a regular part of your IT hygene and should automate the process of securing data offsite. Enabling AWS S3 is a very simple, cost effective and can be fully automated. You can also take advantage of other AWS services like SNS push notification services to send verificaiton and administration alerts. Given the global foot print of AWS, the growing base of AWS data and availability centers, even your backup solution can have a backup solution! AWS is an infrastructure as a service so you will still need to manage the process.  The provide facilities, but you share responsbility. For example, you wil need to find a client side solution to enable your backup. You can use an AWS provided sample API if you want to write an interface into an exsiting backup solution but most deployments can more than benefit with a simple software solution installed directly on your ShoreTel server. We recommend either the TntDrive or the Cloudberry solution, both are excellent and even have freeware and trial versions!

Opening an AWS account is very easy to accomplish and if you already have an Amazon book buying account you are already good to go! Just log into AWS, bring up the menu page and select S3 from the storage and content delivery options. It will take about two minutes to create a an S3 “bucket” and apply then apply a security profile! You will need to note your identity and security keys as they are used to “log into” your new bucket. Once the bucket is created, you can then go to your ShoreTel server and establish a shared drive using one of the client side solutions like TntDrive or Cloudberry.  (You might also want to check out the comparison of other backup solutions for Mac based computers).

The ShoreTel Data file still contains all the information you need to rebuild your system from a bare metal server and you can also make use of the ShoreTel provided backup scripts to further assist your efforts. Our standard best practice is to include AWS cloud backup as part of our ShoreTel support agreements for all DrVoIP clients so there is no reason for any company, regardless of size, not to have a current backup of their ShoreTel deployment safely stored off line!

DrVoIP will provide free ShoreTel backup for any ShoreTel system owner that asks us to do so! The DrVoIP Video walks you through the process of setting up backup using AWS S3, from bucket creation to client side install!

ShoreTel ECC MySQL rants, raves and solutions for email, chat and text (SMS) messaging!

Posted on by DrVoIP

If you have worked with ECC custom integrations for any length of time, you have build a library of solutions to work with.  Most recently you have discovered that a 32 bit application like ECC, running on a 64 bit Windows 2008 or 2012 server needs a 32 bit OBDC driver!   When you click on Data Sources in Windows, you are shocked to notice that none of the ECC database connectors are showing under the DSN tab in the OBDC data source administrator.   You then go to add a driver for that new MySQL application your client wants and install and test it connects OK.  Then you log into Contact Center Director and notice that the OBDC connector does not show up in the list of external database connections.  WTF?   Well this turns out to be a Microsoft issue, but you have to find a solution anyway!   So you learn to ignore the normal Data Source Administrator installation procedure.  Find the correct OBDC driver and download it to C:\Windows\SysWOW64 for example C:\Windows\SysWOW64\odbcad32.  (Much thanks to Tyler and Mark at ShoreTel TAC for this insight).  Clicking on this will bring up the 32 bit version of the OBDC Source Administrator and you will find that DSN now displays both your new connector and the existing ECC connectors!

Version 9 of ECC has some changes that you need to be aware of, most notable of which is the lack of support for POP email mail connectors.  IMAP is now your only option.  If you are going to create ShoreTel ECC Email connectors you will need to get the co-operation of the client IT department, most of which go nuts when you tell them that you want to turn this protocol on in their Exchange sever.  If you are using Microsoft Office 365 you have other challenges.    If you want to add CHAT then you will also need to get IT to provide you a Tomcat server!   In a deployment with an ShoreTel iPBX,  ECC and IRCC server and just cant bring myself to tell the client they need yet another instance of MySQL on yet another server!   To overcome some of these challenges and to make my life as a deployment engineer a bit more predictable, I have developed my own solution!

If I work with a client that is going to deploy ShoreTel ECC using CHAT, Email and also expects to do some SQL data dips, I prefer to provide my swiss army knife solution.  We created a Linux appliance that supports a number of required integration components that we can fully control without relying on the client IT organization.  The small 19”rack mounted appliance houses the following:

(a) Our favorite distribution of Linux;
(b) MySQL Server and Postgresql Server;
(c) Apache Server;
(d) TomCat Server;
(e) Mercury Mail:
(f) VPN, SSH and FTP servers;
(g) Webmin and phpmyadmin admin tools;
(h) php, perl and some other development tools
(I) A library of network assessment and monitoring tools;

MySQL and PostgreSQL are absolutely necessary for doing any type of external “look up” and route functions.    ShoreTel does not provide ‘root’ access to the MySQL instances running on the other three servers, so you have to do something!   Unless you want to jerk around with the clients IT organization or database team, we recommend you roll your own.   Likewise with email.  Just setup Mercury Mail to handle your ECC email accounts and be done with it.   It will cost you another C and MX record, but so what.   Most of our ECC applications need a web sever and rather than deal with TAC on what is and what is unsupported on a ShoreTel server running Microsoft IIS, just use Apache and be done with it!   To do CHAT on ShoreTel ECC you will need a Tomcat server as well.  For less money than will be wasted on professional service hours chasing other folks around so you can do you work, this is a great solution for ShoreTel ECC integrations, email and Chat!  (Since we do have root access to the vmware image ShoreTel provides for the conference server, that might also be an option.   We will take a look and update you later – DrVoIP).

 

Editing ShoreTel System Prompts or WTF is a PHR file?

Posted on by DrVoIP

“Welcome to the ShoreTel Conferencing” sounds like a commercial announcement and many system owners want it changed! After all they just paid a big whack of money to own a brand new brilliantly simple phone system! Now when they have a client conference, they sound like they transferred the call to an outside third party service!  Though it is a smart move for ShoreTel marketing efforts, it is hardly the image a system owner wants to convey to their clients!  For this reason, we are often asked to change the prompt to something that sounds more like “Welcome to mycompany conferencing”. This seems like a reasonable enough request and something that should be easy to implement, right? Yet ShoreTel professional services gets about $600-$1000 for a custom prompt!  Is there a way around this?

The fact is, that it is not very easy to modify these prompts at all! Most ShoreTel vendors can’t even find the application to play the file let alone edit it as it is not a normal wav file! The file is actually a “phrase” file and is usually found with a .phr file extension.  On the ShoreTel SA-100, for example, you will find this in ftproot directory of the HQ server in the path \Inetpub\ftproot\tsu\phr\UCB. The UCB folder contains all the .phr  files for all the languages supported by the system. When the conference appliance boots up, these files are loaded onto the sever. (For you Unix heads, the appliance is a Linux platform, and you can find the files in the ShoreTel/Lib folder by entering ls -lt *.phr after changing the directory to the ShoreTel/Lib folder).  Remember, if you edit the prompts,  you will have to recreate this change  every time you upgrade the phone system and on all servers that use the conference appliance!

In the United States the correct file is the “en-us.phr” file.  If you play this file, you will understand very quickly that this is not going to be easy! The file is actually a “library” and actually contains all the “phrases” used by the system to prompt callers with audio help. The application software has to be able to set  pointers to the correct location in the .PHR phrase file.   This is similar to a format used by Dialogic back in the 80’s that set the standard for “indexed play mode” for all telephone applications.  This indicates that a phrase file must contain a unique id for each phrase in the library, so the .PHR file is more than an audio file!  Here is a list of the phrases in the .PHR file:

thank you for calling ShoreTel conferencing goodbye
a duplicate conference has been detected you will now be transferred
a duplicate conference has been detected please try again later or contact the conference host.
you will now be disconnected
sorry the key sequence entered is invalid
The conference has ended goodbye.
sorry all resources are busy please try again later or contact the conference administrator
ringsound welcome to ShoreTel conferencing, please enter an access code then press pound.
sorry that access code is invalid please try again
the conference is currently locked, please try again later or contact the conference host
you are the only person on this conference please stay on the line
the conference host has not joined the conference please stay on the line
to turn off the music please press one
please wait while your call is connected
sorry that access code is invalid good bye
at the tone please say your name and then press pound
please wait while your call is placed into the conference
has joined the conference
has left the conference
ringsound please enter the conference hosts voice mail password then press pound
if you are the conference host then you may enter the host access code followed by pound at any time
invalid password please try again or press star to join as a participant
this scheduled conference can not be started at this time as it is to early. please start it at its scheduled start time.
this scheduled conference can not be started as it is past the scheduled start time.
to start or stop recording
press pound for
this call is being recorded
the recording has been stopped
the recording can not be stopped because desktop sharing has been enabled
the recording can not start because of insufficient disk space
the recording can not start at this time
to unmute your line press pound one
to mute or unmute all lines press pound two
your line has been muted
your line has been unmuted
all lines have been muted
all lines have been unmuted
the conference has been locked
the conference has been unlocked
to lock or unlock the conference press pound five
to raise or lower your hand press pound six
your hand has been raised
your hand has been lowered
the participant names are not available
to list the participant press pound three
to return to the conference please press star
to join the conference as a participant please press star
you have been requested to join a conference please press one to be placed into the conference
to end the conference press pound 99
this scheduled conference will end in the next five minutes
this scheduled conference is starting
the conference has not yet started
please wait

It is possible to play the file using an editor like Audacity,  which will NOT recognize the file format if you double click it.   To overcome this you must  import the file as “raw data” by setting the file attributes on the import menu.  Set encoding to to ulaw and sampling to 8000 hz.   This will enable you to play the file.   That is the simple part, the trick here is to edit the audio prompts without destroying the index which is used by the application software to know how to pull the correct prompt from the phr file!   That is why professional services gets big bucks to change the prompt and why your average ShoreTel partner will not be able to help you!  Remember ShoreTel is also going to make the voice artist used is the same as the rest of the ShoreTel prompts (though some of the files in the existing en_us.phr file are clearly male voices left over from the development team).   All in all, this is a lot of work for somebody and worth every penny you pay for it!

 

ShoreTel VPN or MPLS? What works and saves money?

Posted on by DrVoIP

An IPsec Virtual Private Network or VPN, is sometimes used as a backup route for a Wide Area Network failure.  VPN’s are typically deployed as a “tunnel” through the Internet and as such are “point to point” solutions by definition.  Unfortunately that will not get the job done for a VoIP deployment!  If you have ever deployed ShoreTel over a VPN in a multi site network that has more than two sites,  you will note that it has problems.  The first problem you will note  is that the Switch Connectivity display within the ShoreTel ShorewareDirector management portal looks like a Christmas tree.  Normally in a finally tuned network you should see all green in the connectivity display.  In an IPsec VPN network, using a “hub and spoke” implementation or “point to point” links you will see lots of Red and Yellow boxes and switch connectivity will be inconclusive at best.

Next, you will undoubtedly experience instances of “one way audio”. Again, this is because an IPsec VPN is a “point to point” solution, when you really require a fully messed solution that can handle more than unicast packet transfers. Additionally, as IPsec applies encryption based on a “shared key” so the two end points must possess the key! IPsec does not support Multicast or Broadcast and this make it less then desirable for a VoIP deployment. Unicast is when you address the source and destination IP address to a specific target device.  Broadcast is used when you must sent to all network devices because you do not know the destination address. Multicast is used when you send to a group of devices that monitor a target IP address for network management and service subscriptions. Using an IPsec point to point VPN might get your phones to register and enable you to make phone calls, but you will be plagued by network connectivity issues that will make your VoIP deployment problematic. Your technical support center or help desk phones will be constantly ringing with unhappy users and incomplete phone calls.

You don’t have to be a Network guru to understand a “hub and spoke” topology. All communications between devices at different sites (i.e. spoke end points) must traverse the hub site if they are to communicate between each other. This might work for unicast communication, but it is inefficient and invites disaster. For two sites (i.e. spokes) to communicate the have to go through the hub, unpacking and repacking, encrypting and decrypting, sharing keys before resending packets to the ultimate destination. Assuming you are using this configuration only as a backup during a real WAN disaster, this might be acceptable temporarily. Using IPsec VPN “hub and spoke” topology in a ShoreTel VoIP deployment, it is not very useful. We have two issues: first, IPsec does not support anything other than Unicast communication; and secondly “hub and spoke” is unworkable because “spoke to spoke” communication is required.

How do we solve this? Fortunately there are two strategies that fit the bill perfectly. First, GRE or ‘generic routing encapsulation’ should be used to support broadcast and multicast communications, a core component of any network deployment, especially those of a VoIP variety. Secondly, DMVPN or “dynamic multipoint virtual private network’ technology should be implemented to assure “spoke to spoke” communications. DMVPN, which employs mGRE (muti-point GRE) and Dynamic Next Hop Router Resolution protocol (DNHRP) technologies make it possible to deploy a ShoreTel VoIP solution over the public internet and achieve MPLS like connectivity at a fraction of the cost.  Given sufficient bandwidth, this should be more than adequate.

What about encryption you might ask?   ShoreTel, CISCO and most VoIP solutions provide encryption at the network and transport level anyway, so this component may not be needed.  If you are also moving data over this mesh, then you can use DMVPN in conjunction with IPsec to assure confidentiality, integrity and authentication (i.e. CIA).  The issue is that a fully meshed communications network is absolutely obtainable with VPN technology, but you have to implement the correct protocol to achieve the desired results!

WAN configuration is an exact science as is ShoreTel and CISCO VoIP technology. If you are fortunate to have that level of expertise in one individual or one vendor, then you are moving in the right direction with your VoIP deployment. If you need help in the WAN aspect of VoIP, then you need to call on DrVoIP. We can make the network.

Is there a RAT Virus in your phone system?

Posted on by DrVoIP

If you have a device on your network that you do not have root privileges for, then your entire enterprise is at risk for a Cybercrime! Do you want to know what a Trojan horse might look like? It might very well look like a Linux appliance provided by an outside manufacturer, delivered and installed on your network. This might be a network camera, firewall, phone system or monitoring device. As network security professionals we would never allow any device to be connected to our network, in which we did not have root administrative authority. IT Directors who budget for network security, intrusion prevention and detection and apply best practice to the care and feeding of their enterprise networks seem to overlook this very large potential security vulnerability. Every day, new networking equipment, appliances and hosts are connected to your network and nobody every questions the fact that you do not have root authority?

Most of the younger folks carrying an Android device have “rooted” their phone, why? Yet you will allow your company to install equipment for which you do not have root authority? Makes no sense to us? The fact is that most modern VoIP phone systems like those from ShoreTel and CISCO are delivered with key components built on Linux like platforms. These devices are placed on the network inside the firewall and perimeter security devices yet the root privilege is not available to the system owner. A very curious practice, would you not agree? Even if you have no clue about network security and hacking, would you allow someone to come into your place of business and install a “box” for which you have not access rights?

Anyone with root access could easily put programs on that appliance that could act unnoticed by network security devices. No virus protection would take note and the device would have complete access to the entire network. A common and popular hack is the RAT, a Trojan horse that can easily be placed on an unsuspecting users phone, computer, or other network device. These RAT’s or “remote access terminals” can be remotely controlled to turn on you microphone, camera and would have full access to all files and network resources. They become remotely controlled “bots” or computer zombies. The good news is that most modern virus protection will find these RAT’s if they are installed on a host computer. What about that appliance you just added to your network, the one you do not have root access privileges? You would never even know that RAT was there and you do not even have access permission to check!

Business owners, regardless of their personal level of technical savvy, need to question every device installed on their enterprise network. Who owns the box and who administers the box? Do you have root administrative authority on every device in your network? If not, why not?

Don’t Look now you’ve been hacked – part 2 (useful tools for awareness)!

Posted on by DrVoIP

Big Brother is Watching!

The thought of people being concerned that NSA is listing and monitoring their activities is a hysterically funny concept to me. Whatever you think of Edward Snowden, know that he is a day late and a dollar short. Most of these very same people that worry about the NSA, have a “Tracebook”, Twitter, Instagram or a half a dozen other social media accounts that should be significantly reducing the NSA operating budget. In fact, let’s just disband the NSA and hire Google! It seems that most of us have no issue publicly posting our most intimate details on Facebook including everything short of our Social Security numbers. Posting our current location and “checking in” so that the entire planet knows not only where we are, but what we are doing seems to be an absolutely essential public service and should also include pictures of the meal I am about to eat. How many of these same individuals are aware that every picture posted contains Meta Data that also memorializes the GPS co-ordinates and the camera type used to take the picture? I know you want to share picture of the family, but do you really want ISIS to know exactly where they live?

Useful Tools for Privacy!

As everyone is so willing to publicly disclose these personal details, it explains why so many remain ignorant of the data mining that goes on that you do not knowingly consent to. I assume we all know that Google is in the business of selling digital user profiles to advertisers? Every type an email to a friend about planning a trip to the Italy only to find your inbox now populated with travel agency “hot deals”? If your email does not fill up with travel deals to the Italy, you can bet your internet browser will now display a travel agency advertisements, “learn to speak Italian” and top Italian Restaurants on every page you view fin! Now ask me what we think about using Google Docs! We suggest that you consider DoNotTrackme extensions to your Chrome and Firefox browsers. We also recommend that you install “self-destructing cookies” and watch how many cookies are exchanged with your browser each use. Remember, we really don’t need your username and password, we need your cookies all of which are transmitted in clear text over that Starbucks wireless you have been using! All available using FireSheep!

Now if this is a vulnerability that effects individuals, what vulnerability effects enterprise level environments? Forget the notoriously leaking Windows Operating system and your hopelessly porous laptop, in the wake of the 55 Million credit card numbers stolen from Home Depot and the 45 million stolen from Target, we now have to worry about the credit card machines at the checkout counter. Actually the TJ Maxx heist was in many ways much larger! You might be considering how did the hackers get through the Firewall? As we have pointed out before, most computer network security exploitations are not executed through the firewall, they are executed by “social engineering” with the assistance of an ignorant employee or paid hit man. It is suspect that at least one of the above break ins was assisted by a third party trusted partner like the heating and air conditioning service company. Nothing like a starving janitorial night service crew to earn a few extra bucks plugging a USB device into any desktop computer releasing a new and improved malware version of BlackPOS ! Most of these stolen credit card numbers can be purchase here or on the Darknet using a Tor browser to reach silk road type websites.

It seems you can’t turn on an electronic device today without it alerting you that a software update is available for download. From the TV set, to the mobile phone, tablet and now even your car, all are subject to software updates. Do you even question what is being downloaded to your device when you do a software update? You just assume you are connecting with Apple, Amazon or Samsung? What if some evil doer was really just spoofing a software update and you just willingly downloaded a super basket of spy goodies that turn on your phone camera, activate your microphone and email snapshots to back to the mother ship. NSA, are you kidding? You would never know if it was your spouse, or employer would you? Yet millions of people do this without care, day after day and think nothing more about it. If you want to be tracked everywhere you go, risk having your most intimate communications published (just ask Jenifer Lawrence and the other celebrity Nude hack victims) just carry your Smartphone with you at all times!

Cyber-crime, next to the Ebola virus and violent terrorism is the single most economically destructive phenomenon to threaten the American way of life since the Cuban missile crisis. Yet the average business owner winces at the cost of engaging a computer network security audit and thinks that penetration testing is lovemaking foreplay. When the IT team asks for a Firewall upgrade or an increase in budget to cover a subscription to virus, spam and bot net filtering they somehow can’t justify the added expense. Educating your employees on the safe use of the Internet over WiFi should be part of the healthcare preventive medicine program, but most business will ignore “social engineering” vulnerabilities until a major data thief publicly embarrasses them.

(DrVoIP provides VoIP network readiness assessments and is a certified Network Security consultancy providing penetration testing, firewall and related security services. If you contact DrVoIP@DrVoIP.com we recommend that you use Ipredator and remember that there is a difference between being anonymous online and untraceable on online! We can help you with both.)

Looking for a UCCX Wall Board? – VSR2 has the vision!

Posted on by DrVoIP

If you have ever considered adding a Wallboard to your CISCO UCCX based Contact Center deployment, you know that the selections are slim.  There is a wealth of unsupported “freeware”  solutions on the net, generally the failed  result of someone trying to “roll there own” wallboard.   Clearly,  you always have that option if you have the time, talent and ongoing commitment to support Cisco’s follow on versions and upgrades.  To assure ongoing compatibility with CISCO, you need a dedicated development team!  Finding a vendor supported wallboard that does not cost as much as the UCCX itself, however, has been very difficult until now.   We recently had the opportunity to work with VSR2, a UK based  CISCO partner who has been building software based solutions since 2007.   The VSR2 UCCX Wallboard product offering is both an astonishing accomplishment and a must have product for any serious call center deployment.   Not only is the product exceptional, but the entire team behind the product is a real joy to work with!

The VSR2 installation is very simple, but it is generally done by a factory engineer over a remote desktop or TeamvViewer type remote connection.  The VSR2 solution runs on a Windows Server under IIS and interconnects with the UCCX over an Informix database connector.   Simply provide the usual UCCX database credentials and if there is network connectivity between your Windows Server and your UCCX server the install will be completed in less than 30 minutes, most of which is spent waiting for Microsoft!   We worked with an excellent engineer, Victor Spirin, who was very helpful in answering questions and also provided an initial over view of the systems capabilities.

We successfully tested the VSR2 on both UCCX Version 8.5 and Version 9 with no problems, or show stoppers to report.  The Wallboard is easy to customize and there is a great deal of flexibility in every aspect of the configuration.  Your can select your columns, content, color and triggers.  You can create multiple CSQ  wallboards, or Agent based wallboards.  In fact you can create a library of  wallboards and you can send supervisors links to previously created wallboards.   VSR2 has also developed other tools that are effective for Call Centers including a call recording capability, but it is the VSR2 wallboard that brings this company to the forefront!   They offer a 30 free trial and if installed, it would be hard for us to predict that it would ever be removed!   Take a look!