<br><br><div class="gmail_quote">On Fri, Feb 13, 2009 at 1:46 PM, Gregory Boehnlein <span dir="ltr"><<a href="mailto:damin@nacs.net" target="_blank">damin@nacs.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>> > I think most experienced *nix administrators can handle their own<br>
> > IPTables, OpenVPN, and whatever else.<br>
> ><br>
> I think maybe you misread my post. I don't think it's propaganda at<br>
> all. Switchvox, apparently, instructs you to put their device behind a<br>
> firewall. If you don't, then just like doing a poor plumbing job,<br>
> you're a prime candidate for "leaks" and things that come with "leaks"<br>
> down the line.<br>
><br>
> With regard to your post, "I think most experienced *nix<br>
> administrators can handle their own IPTables, OpenVPN, and whatever<br>
> else.". Yes. I totally agree, but as someone already raised the point,<br>
> how many of the authorized SwitchVox resellers actually have<br>
> "experienced *nix administrators" on staff?</div></blockquote><div><br>There are plenty of consultants. Once setup correctly, what else needs to be done?<br> </div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div> I sincerely doubt that's<br>
> one of their requirements to become a reseller, and while I do<br>
> understand it, I think to not have at least one of those types of<br>
> people on staff with those types of skills *should* be a requirement<br>
> for a good reseller.<br>
</div></blockquote><div><br>Agreed, although I will never be a reseller with such draconian reseller contracts. It is not good for my customers nor me.<br> </div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div><br>
</div>I would have to agree with this assessment. Many of the installers that are<br>
out there trying to migrate from the Telephony world to the IP Converged<br>
world have absolutely no concept of Network security. Conversely, a lot of<br>
the Data focused service providers have little understanding of the world of<br>
Telephony.<br>
</blockquote><div><br>I guess I am one of the lucky ones. I am a CCNA and great at diagnosing network issues and can also punch down a two hundred pair in my sleep. <br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
It is one of the most common problems that I run into in the field..<br>
Resellers and installers that have not done their homework, do not<br>
understand the complex engineering requirements of a Converged IP network<br>
and are just trying to stay afloat in a quickly shifting environment. In<br>
fact, I recently remarked to a co-worker that it seems that the majority of<br>
the consulting work that I'm doing is "Network Janitorial Services" where I<br>
am mopping up the complete messes created by clueless resellers.<br>
</blockquote><div><br>I would say one third of my business is just that. Not usually "the complex engineering requirements of a Converged IP network." Generally, they are computer consultants that find Asterisk, decide it could be easy money, charge too little, and wind up losing money by having to go back over and over to fix issues, eventually dropping Asterisk/VoIP consulting because it is a money pit without proper knowledge. Let's face it, there are tons of "Best Practices White Papers" on the net. <br>
</div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>
That being said, Switchvox is an appliance. Think of it like a toaster that<br>
does one thing really well; make toast. In Switchvox's case, it is designed<br>
to make it easier to deploy IP and PSTN communications. They don't claim the<br>
system to be anything other than a PBX.</blockquote><div><br>SwitchVox is merely a piece of software that has Asterisk "Under the Hood". It can be installed on any platform. I do not consider an HP DL380 an "appliance". <br>
<br>The WRT54G and the like are "appliances" yet the devices running Linux are truly awesome in what they can do beyond being an "appliance".<br>
</div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>
<br>
Go ask Vodavi or Panasonic if they can provide firewalling services in their<br>
IP PBX products, and tell me what response you get.. More than likely they<br>
will give you a blank stare and ask "what is a firewall?".</blockquote><div><br>Also ask them how much for a conference bridge. Old paradigms are apples to oranges.<br> </div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
<br>
Here is the way that I view it. If I install a system for a customer, it is<br>
my obligation to inform the customer of their options and the liabilities<br>
inherent in any choices that they might make. That requires understanding of<br>
the system you are selling, and the architectures under which that system<br>
works best. If I don't know what I'm selling, how to secure it, install it,<br>
adhere to best-practices, then I'm ripping off my customer and shouldn't<br>
really be in the business of installing an IP system in the first place.<br>
<div><div></div><div><br>
</div></div></blockquote><div><br>It is LAMP and Asterisk. What is the other "magic" the box runs? Non that I am aware of.<br><br>OpenVPN bridges and IPTables that block all other ports is the way to go.<br> </div>
</div><br>-- <br>Thanks,<br>Steve Totaro <br>+18887771888 (Toll Free)<br>+12409381212 (Cell)<br>+12024369784 (Skype)<br>