Hosted VoIP???

scottalanmiller

@Dashrender said in Hosted VoIP???:

@scottalanmiller said in Hosted VoIP???:

@siringo said in Hosted VoIP???:

Was just thinking, the client uses the same company for their multi-site MPLS network and Internet

That would violate the absolutely number one rule of telephone: Never ever consider getting your telephone service from the physical infrastructure vendor (ISP).

Never. Ever. Ever.

There it is - I was wondering where this post was hiding?!?!

LOL.

scottalanmiller

@siringo said in Hosted VoIP???:

the client uses the same company for their multi-site MPLS network

Also something to rethink. MPLS is a weird carryover from the T1 days of the 1990s. While it has a place, it's extremely rare that it makes sense. It's normally slower, less secure (way less - it has zero security), and much more expensive than doing VPNs. And way less flexible.

Dashrender

@scottalanmiller said in Hosted VoIP???:

@siringo said in Hosted VoIP???:

the client uses the same company for their multi-site MPLS network

Also something to rethink. MPLS is a weird carryover from the T1 days of the 1990s. While it has a place, it's extremely rare that it makes sense. It's normally slower, less secure (way less - it has zero security), and much more expensive than doing VPNs. And way less flexible.

No doubt.. you are probably paying a fortune for them to manage that MPLS versus you getting simple ISP connections at each location, then paying someone to manage a VPN setup between locations (assuming you need to pay someone else to manage it).

scottalanmiller

@Dashrender said in Hosted VoIP???:

@scottalanmiller said in Hosted VoIP???:

@siringo said in Hosted VoIP???:

the client uses the same company for their multi-site MPLS network

Also something to rethink. MPLS is a weird carryover from the T1 days of the 1990s. While it has a place, it's extremely rare that it makes sense. It's normally slower, less secure (way less - it has zero security), and much more expensive than doing VPNs. And way less flexible.

No doubt.. you are probably paying a fortune for them to manage that MPLS versus you getting simple ISP connections at each location, then paying someone to manage a VPN setup between locations (assuming you need to pay someone else to manage it).

Plus you end up tied to a single carrier and no ability to shop around. Same as with the phones. Getting phones from your ISP is a very similar mistake to getting MPLS. Both involve missing the standard "good" ways to approach things by going with the "this is a big vendor I'm stuck with, I'll just trust them to not take advantage of me not researching if I have choices to protect myself."

MPLS, for all intents and purposes, exists solely for ISPs to screw customers who don't know about VPNs and don't ask IT how to set up their networks. It's a product meant entirely to managers that don't engage IT oversight in WAN purchases. And it makes ISPs a fortune.

hobbit666

@scottalanmiller said in Hosted VoIP???:

It's normally slower, less secure (way less - it has zero security)

Care to expand on the less/zero secure part?
As I thought it was a closed private network, with only one breakout to the Internet if you wanted one.

scottalanmiller

@hobbit666 said in Hosted VoIP???:

Care to expand on the less/zero secure part?

MPLS simply has no security, there's not anything to expand on. It's not a security mechanism in any sense, it's a switching mechanism.

So like, if you had a switch that you were going to install and I said "there's no security", you'd say "well right, it's only a switch, any security has to be done on top of that outside of the switch." Same goes for MPLS. There's no encryption, nothing to stop someone from snooping on the traffic. It's still plain text traffic.

The problem is, everyone (and I do mean everyone) uses it instead of a VPN which does encrypted the traffic. So snooping on a VPN requires a man in the middle attack or some other super sophisticated "state actor" level attack in order to get at your data.

So the issue is, MPLS is always "versus VPN" which is always the obvious alternative. In MPLS vs VPN, one offers a lot of security to protect you from people grabbing your data, the other offers none.

scottalanmiller

@hobbit666 said in Hosted VoIP???:

As I thought it was a closed private network,

Where "private" means "handled by a third party". The Internet is private, too, in that sense. Internet traffic doesn't go through any public space other than the ISP(s), no different with MPLS. MPLS exposes your data to all the same people that Internet traffic does. You'd never consider Internet traffic to be "private", so why is MPLS private?

VPNs are private, no one sees the data except your firm or who you choose to. MPLS and Internet traffic are public, meaning you and the ISP(s) see the traffic.

hobbit666

And that explains it thanks Scott. I've always thought in those terms hopefully that will help me sell a semi vpn/managed solution

scottalanmiller

@hobbit666 said in Hosted VoIP???:

sell a semi vpn/managed solution

IF you need a VPN, and dollars to donuts you do not, it should ALWAY be 100% unmanaged, no exceptions. If your VPN is managed, you've handed the security right back to the MPLS people - who are definitely on the "never, ever a viable option for security" list. Not because ISPs are inherently evil, but because they are in a high risk position that you are forced to trust due to being infrastructure and voluntarily handing them the ability to steal your data and/or extort you should never be considered. They are in a unique position to do insane levels of damage to your company (keep in mind, I have no idea who your ISP is, this is purely a general thing that applies to every business and every ISP) and should therefore never be voluntarily given the power to do so as there is zero technical and zero business reason to ever even consider the idea.

VPNs are super easy, and super cheap. If you need a VPN, then you need to run it in a secure way and that means only your IT (in house or out sourced) can be the ones that run it.

scottalanmiller

@hobbit666 said in Hosted VoIP???:

that will help me sell

I have an upcoming SAMIT video that's being edited, so should be out in a couple weeks tops, that is meant to be shown to your management about why they have to make sure that IT never has to "sell" them on doing their jobs and that they should not hold "sabotaging the company" as the default position that they decide to do unless IT can "sell" them on making good decisions.

JasGot

@scottalanmiller said in Hosted VoIP???:

While it has a place, it's extremely rare that it makes sense.

Yes.
Like when you need a managed Point-to-Point with a one hour SLA to keep your $20m/year business operational from two geographically disparate locations, and both are within the carrier's physical footprint. It allows the CEOs to sleep well at night.

travisdh1

@JasGot said in Hosted VoIP???:

@scottalanmiller said in Hosted VoIP???:

While it has a place, it's extremely rare that it makes sense.

Yes.
Like when you need a managed Point-to-Point with a one hour SLA to keep your $20m/year business operational from two geographically disparate locations, and both are within the carrier's physical footprint. It allows the CEOs to sleep well at night.

A signed SLA makes me nervous, that 60 minute SLA is probably only "We'll respond within x amount of time" and not actually fix anything until we feel like it. SLAs are generally meant to protect the seller, not the consumer.

scottalanmiller

@travisdh1 said in Hosted VoIP???:

@JasGot said in Hosted VoIP???:

@scottalanmiller said in Hosted VoIP???:

While it has a place, it's extremely rare that it makes sense.

Yes.
Like when you need a managed Point-to-Point with a one hour SLA to keep your $20m/year business operational from two geographically disparate locations, and both are within the carrier's physical footprint. It allows the CEOs to sleep well at night.

A signed SLA makes me nervous, that 60 minute SLA is probably only "We'll respond within x amount of time" and not actually fix anything until we feel like it. SLAs are generally meant to protect the seller, not the consumer.

Exactly. An SLA means the vendor need not worry about best effort. SLAs protect vendors, not customers.

scottalanmiller

@JasGot said in Hosted VoIP???:

@scottalanmiller said in Hosted VoIP???:

While it has a place, it's extremely rare that it makes sense.

Yes.
Like when you need a managed Point-to-Point with a one hour SLA to keep your $20m/year business operational from two geographically disparate locations, and both are within the carrier's physical footprint. It allows the CEOs to sleep well at night.

Not a smart CEO. SLA does nothing to keep the network up. It simply stated how much rebate you can get. I'd want to fire any CEO who didn't get heartburn thinking about how he used a contract to get uptime instead of a properly designed system.

That's why cars, airplanes, nuclear power station, doctors and other things that truly matter are always best effort. Because an SLA has no ability to protect you.

scottalanmiller

Youtube Video

JasGot

@travisdh1 said in Hosted VoIP???:

that 60 minute SLA is probably only "We'll respond within x amount of time"

In this case, it really is 60 back up and running. I've see it in action. I would never do this because of the costs and handcuffs to one vender, but if the CEO is happy, that's all that really matters.

Dashrender

@JasGot said in Hosted VoIP???:

@travisdh1 said in Hosted VoIP???:

that 60 minute SLA is probably only "We'll respond within x amount of time"

In this case, it really is 60 back up and running. I've see it in action. I would never do this because of the costs and handcuffs to one vender, but if the CEO is happy, that's all that really matters.

The past is never a showing of future endeavors. And a happy CEO? that seems like the wrong approach.

siringo

Thanks everyone for contributing to the the thread. Yes, they are paying a significant amount for the MPLS connection. I'm not against suggesting an alternative to them.

I'm no comms guru, I understand how a VPN for a single user works, but how do we connect office A to office B via VPN/ I'm sure this is an elementary question to those who know, but I'd be grateful if someone can throw some plain english explanations at me so I can get started.

travisdh1

@siringo said in Hosted VoIP???:

Thanks everyone for contributing to the the thread. Yes, they are paying a significant amount for the MPLS connection. I'm not against suggesting an alternative to them.

I'm no comms guru, I understand how a VPN for a single user works, but how do we connect office A to office B via VPN/ I'm sure this is an elementary question to those who know, but I'd be grateful if someone can throw some plain english explanations at me so I can get started.

It's the same sort of thing, but going site-to-site. We use Sonicwall at work, and they refer to what your using as SSL-VPN and site-to-site as VPN (it makes no sense like so much else they do, stay away if you have a choice.)

I'm stealing @Pete-S picture from another thread for a visual for you here.

Edit: It came out a bit s***, but you should get the idea.

JasGot

@Dashrender said in Hosted VoIP???:

The past is never a showing of future endeavors. And a happy CEO? that seems like the wrong approach.

Often, it is a requirement to stay employed.