Customers tempted by the productivity benefits offered by unified communications may ask you as a reseller, their trusted advisor, to assist with the complex task of integrating Voice over IP (VoIP), voicemail, email, video and instant messaging (IM). But before you can help the customer select, configure and install components, you must work with the customer to ensure that the necessary elements are in place to enable a successful unified communications deployment. This means evaluating the customer's network and supporting environment and recommending required upgrades for network capacity, security, and power and cooling.
VoIP is a principal component of any unified communications deployment. Evaluating the added network load created by VoIP requires measuring current call volume from each area of the company and projecting added load due to growth of the organization. These measurements must then be translated into network bandwidth requirements, added to measurements of current network load and compared against available bandwidth for both LANs and wide-area links.
If video will be part of the implementation, its bandwidth requirements must be factored in. This may be more difficult to project than voice if video is a new application within the organization and you have no historical data to work with. To be safe, overestimate video usage. It's likely to become heavily used once employees gain experience with it.
Simply adding bandwidth to accommodate voice and video is not sufficient since both require consistent latency. There may be sufficient aggregate bandwidth on a network link, but a burst of activity from another application can disrupt a call or interfere with the smooth flow of a video. On the LAN, configure IEEE 802.1Q to create individual prioritized virtual networks for voice, video and other traffic. Most currently available switches support 802.1Q, but if the customer's switches do not, they must be replaced.
Similarly, wide-area bandwidth must be allocated to voice and video with the method depending on the customer's choice of wide-area service. Multi Protocol Label Switching (MPLS) provides guaranteed levels of quality of service to match application requirements. A unified communications deployment may supply the necessary impetus to move to MPLS if it's not already in use.
Unified communications and security
Unified communications introduces new vulnerabilities to the network, including denial-of-service attacks against voice traffic, IM access to the network and remote access to the internal phone system.
Denial-of-service attacks become more detrimental when they interfere with voice calls as well as Internet service. If possible, configure routers to throttle incoming traffic and consider adding an intrusion prevention device with features specifically designed to protect VoIP traffic.
Hackers have reported that a surprising number of system administrators fail to follow standard security procedures such as replacing default passwords on IP PBXes and upgrading software as soon as a security fault becomes public. A hacker with access to an IP PBX could potentially monitor phone calls or make calls to pay-per-call numbers. So make sure that the PBX is creating detailed logs and put in place a process to review logs regularly.
Employees may be using a public IM client like AIM or Yahoo Messenger, which can bypass protections put in place to protect email and other Internet traffic. Integrating IM as part of a unified communications deployment requires replacing public IM with an internally managed facility. Firewalls can be configured to prevent access to public IM from inside the corporate facility, but cannot prevent access from employees working remotely. Put in place policies that make clear to employees that internal information must not be discussed using public IM.
Access to the corporate network from employees working remotely has always been a concern. Employee access to email and internal documents provides enough opportunities for security lapses when access is primarily from employee homes and hotel rooms. But now much remote access occurs from public wireless hot spots. Add to this the danger due to softphones on an employee laptop accessing the internal phone system. To address these vulnerabilities, remote access must be strictly limited to use of a virtual private network (VPN). If they don't have one already, work with the customer to choose and deploy a VPN solution.
Employees must be trained on how to use the new technologies you deploy as part of the unified communications solution. Not only must they be trained on how to take advantage of the new features, but they must be taught how to do so securely. All of the added security hardware and software will offer no protection if employees do not carefully protect internal documents and information.
Power and cooling
VoIP phones are powered via Power over Ethernet (PoE). If your customer's current switches don't support PoE, they can be replaced by switches that do. Midspans are an alternative to upgrading switches. Regardless, more power must be supplied to wiring closets.
If switches and midspans supported PoE with 100% efficiency, the added power would all flow through the network to the phones. Unfortunately, switches and midspans are not 100% efficient, so power is dissipated in the closet resulting in more heat. Therefore, when you verify that enough power is available, also check for sufficient cooling.
About the author
David B. Jacobs of The Jacobs Group has more than 20 years of networking industry experience. He has managed leading-edge software development projects and consulted for Fortune 500 companies as well as software start-ups.