[CoIT-Security] Phone Sysstem

CoIT Security coit-security at lists.onenet.net
Mon Oct 30 13:47:39 CDT 2017


Please see responses below.

[https://www.redlandscc.edu/RCC.png]

Curtis R. Brabham, Jr.
Chief Technology Officer
Campus & Information Security
Redlands Community College
https://www.redlandscc.edu/
Curtis.Brabham at redlandscc.edu<mailto:Curtis.Brabham at redlandscc.edu>
Office: 405.422.1449
Fax: 405.422.1449
1300 South Country Club Road
El Reno, OK 73036-5304



From: CoIT-Security [mailto:coit-security-bounces at lists.onenet.net] On Behalf Of CoIT Security
Sent: Friday, October 27, 2017 10:07 AM
To: COIT Security (coit-security at lists.onenet.net) <coit-security at lists.onenet.net>
Subject: [CoIT-Security] Phone Sysstem

Fellow IT Colleagues,

Cameron University (Lawton, OK) is seeking options to replace an aging PBX system with an IP-PBX / VOIP phone system, many things have change in the phone system world since we last considered this.   If you could help us by completing the survey questions below, that will be very helpful to us in making our decision and also letting us know what other educational facilities are using.  If you have any questions, or would like to speak to me directly, my contact information is below the survey.  Thank you very much for your time!

What make/model of phone system are you currently using?
Redlands implemented a ShoreTel system in Fall 2009.  We have a variety of phone models:  IP115, IP230, IP565, IP655.

Note:  ShoreTel was recently purchased by Mitel.  I am undecided on whether or not this is good or bad.  We did look at Mitel years ago when we were evaluating systems.  Their product was really good from a user standpoint, but not very friendly from an administrative standpoint.  The management server would only run on Linux (not a big deal for most, but wasn't something we wanted to entertain at the time), and most changes/programming required command-line input.  I'm sure a lot has changed in the 8-9 years since we last looked at their first-hand product.

Is the phone system on-site or hosted?
Our system is on-premises.  ShoreTel does offer a hosted solution, or a hybrid.  Our on-premises setup does include the use of hardware-based VOIP switches.  However, ShoreTel now offers a both a VMware and Hyper-V virtual appliance option for the voice switches.  The management server (also used for voicemail) can also be virtualized.  For voice switches we have:

2 x ShoreTel ShoreGear 220-T1's
1 x ShoreTel ShoreGear 120 (at a remote location)
2 x ShoreTel ShoreGear 90's
1 x ShoreTel ShoreGear 90 (at a remote location)
3 x ShoreTel ShoreGear 24A's

The number in the model is how many IP phones that switch will support.  If you configure an analog extension off consume five IP phone ports (excluding on the 24A's).  One of the 220T1's is configured for the PRI.  The PRI is also configured on the other 220T1 so we can quickly move the incoming link over in the case of hardware failure on the primary.  Each 220T1 can still support 100 IP phones with the PRI configured.  The 24A's will each support 24 analog ports and do not support any IP phones.  The system automatically assigns IP phones to a switch based on site, IP address mapping, and available switch capacity.

Is the phone system IP / VOIP based?
Yes.

How many phones are in use or what is the capacity of the phone system?
We have approximately 275-300 phones in use.  The capacity depends on the voice switches implemented and licenses purchased.

How many fax lines are in use?
We have three 24-port analog voice switches (converts VOIP to analog).  Three were required when we originally purchased the system due to the number of fax machines, credit card machines, and other analog devices we had at the time.  Only one of the analog switches is currently used for analog lines now.  One is kept in operation for testing and as a backup, and the third is configured for conference ports.  We only use eight lines for faxing as we have implemented a MultiTech fax server for all inbound/outbound faxing.  We have approximately 25 or so dedicated fax extensions, all routed through the fax server.  Any extension can be configured as a fax line.  For example, my office number is configured on the fax server to route incoming faxes to my email as PDF attachments.  By default, any incoming call determined to be a fax is routed to the fax server regardless of the extension.  The system determines this by "listening" for the initial negotiation beeps and transferring the call to the fax designated fax line(s).  The fax server is configured to route incoming faxes to a default email if a route is not defined for the extension.  This ensures no faxes are missed.  An extension can be configured so the re-route does not occur.

Outbound faxes are sent via email to the fax server using a specifically crafted email address format.  The content of the fax is attached as a PDF to the email, and the body of the email is used in the notes section on the cover sheet.  The fax server will automatically retry on busy signals, and will deliver a successful or failed report to the sender.

If using IP / VOIP, how are fax lines being handled?
Through a MultiTech analog fax server.  MultiTech (and other companies) do offer SIP-based fax servers.

What vendor / provider helped with the implementation / maintenance of the phone system?
Peak Uptime.  They assisted on the determination of what was required to replace our Nortel PBX, configuration of the management server, installation of the voice switches, and deployment of the phones.  Our purchase was done through the PEPPM contract<https://www.peppm.org/state/Oklahoma.htm>, which I believe offers better pricing than the state contract.  The state contract was not in place when our purchase was completed.

How were phones deployed when the phone system was installed (third party, internal, etc.)?
We deployed all 275-300 phones in a single day.  This was a joint effort between Redlands IT and Peak Uptime staff.

Are you satisfied with the system you currently have?
Yes.

How easy is it to manage and how is it managed?
Day-to-day management is very easy.  We can have a new technician trained on creating a new extension within a matter of minutes.  The management interface is all web driven.

What department manages day-to-day operations of the phone system?
IT

Are SIP trunks being used for external phone system connectivity?
Not currently.  Currently we have an incoming T1 that is converted to a PRI.  Future plans will change this to incoming SIP trunks, but those will still be converted over to a PRI for connectivity into our ShoreTel system.  This is due to the voice switch the incoming lines connect to (a ShoreTel 220T1).  We are not looking to replace system hardware with the provider change over.

How much support is needed for the phone system and are support contracts used?
Support contracts are maintained and used.  The system has been very stable for us, and we have not had to rely on the support vendor for very many issues.  However, for the issues that we have had to contact them for, the issues were resolved very quickly.  ShoreTel annual maintenance costs are 10% of the original purchase cost.  We do not carry maintenance on the phones.

What security concerns did you have with your phone system?
None at this time.  They offer a VPN concentrator for phones outside of the system.  Some phone models include a VPN client that can connect to the system through their concentrator.  We didn't find the VPN concentrator to be necessary as we don't have any phones that aren't directly connected to our network either on campus, or through an MPLS/VPLS link.  We also have an SSL VPN with support for all major smartphones.  This method can be used with the ShoreTel mobile app.  Voicemail is configured by default to forward to the individual's mailbox as an attachment.  You can also dial into the system to check voicemail.


Any other comments -
We also have the system configured to alert key personnel by text message in the event 911 is dialed from any extension on campus.  The text message provides the extension 911 was dialed from, so we have a reasonable expectation of where the call was placed from and can respond very quickly.  The one caveat is that a user can log their extension into any phone on campus if they are temporarily operating out of a different office.  This doesn't happen very often, and hasn't caused any problems yet.



Richard Colavito
Network Administrator
Cameron University
2800 West Gore Blvd.
CETES 102C
Lawton, OK 73505
580-581-5974
rcolavit at cameron.edu<mailto:rcolavit at cameron.edu>
www.cameron.edu<http://www.cameron.edu/>
[Cameron University Logo]

Confidentiality Notice:

This e-mail, including all attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information as defined under FERPA. Any unauthorized review, use, disclosure or distribution is prohibited unless specifically provided under the Oklahoma Public Records Act. If you are not the intended recipient, please contact the sender and destroy all copies of this message.





Redlands Community College provides a learner-centered environment committed to academic excellence strengthened through service and civic engagement.

**CONFIDENTIALITY** - This e-mail (including any attachments) may contain confidential, proprietary, and/or privileged information and is intended only for the individual(s) addressed in the message. If you are not the named addressee, you should not disseminate, distribute, or copy this e-mail. If you are not the intended recipient, please notify the sender immediately by return e-mail, and delete this message and any attachments from your system. Any unauthorized disclosure or use of this information is prohibited. Information contained herein may be subject to the Privacy Act of 1974, Family Educational Rights and Privacy Act of 1974 (FERPA), and/or the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.onenet.net/pipermail/coit-security/attachments/20171030/b76042fd/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 1632 bytes
Desc: image001.png
URL: <http://lists.onenet.net/pipermail/coit-security/attachments/20171030/b76042fd/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 6735 bytes
Desc: image002.png
URL: <http://lists.onenet.net/pipermail/coit-security/attachments/20171030/b76042fd/attachment-0003.png>


More information about the CoIT-Security mailing list