Hosted VoIP???

scottalanmiller

@hobbit666 said in Hosted VoIP???:

Care to expand on the less/zero secure part?

MPLS simply has no security, there's not anything to expand on. It's not a security mechanism in any sense, it's a switching mechanism.

So like, if you had a switch that you were going to install and I said "there's no security", you'd say "well right, it's only a switch, any security has to be done on top of that outside of the switch." Same goes for MPLS. There's no encryption, nothing to stop someone from snooping on the traffic. It's still plain text traffic.

The problem is, everyone (and I do mean everyone) uses it instead of a VPN which does encrypted the traffic. So snooping on a VPN requires a man in the middle attack or some other super sophisticated "state actor" level attack in order to get at your data.

So the issue is, MPLS is always "versus VPN" which is always the obvious alternative. In MPLS vs VPN, one offers a lot of security to protect you from people grabbing your data, the other offers none.

scottalanmiller

@hobbit666 said in Hosted VoIP???:

As I thought it was a closed private network,

Where "private" means "handled by a third party". The Internet is private, too, in that sense. Internet traffic doesn't go through any public space other than the ISP(s), no different with MPLS. MPLS exposes your data to all the same people that Internet traffic does. You'd never consider Internet traffic to be "private", so why is MPLS private?

VPNs are private, no one sees the data except your firm or who you choose to. MPLS and Internet traffic are public, meaning you and the ISP(s) see the traffic.

hobbit666

And that explains it thanks Scott. I've always thought in those terms hopefully that will help me sell a semi vpn/managed solution

scottalanmiller

@hobbit666 said in Hosted VoIP???:

sell a semi vpn/managed solution

IF you need a VPN, and dollars to donuts you do not, it should ALWAY be 100% unmanaged, no exceptions. If your VPN is managed, you've handed the security right back to the MPLS people - who are definitely on the "never, ever a viable option for security" list. Not because ISPs are inherently evil, but because they are in a high risk position that you are forced to trust due to being infrastructure and voluntarily handing them the ability to steal your data and/or extort you should never be considered. They are in a unique position to do insane levels of damage to your company (keep in mind, I have no idea who your ISP is, this is purely a general thing that applies to every business and every ISP) and should therefore never be voluntarily given the power to do so as there is zero technical and zero business reason to ever even consider the idea.

VPNs are super easy, and super cheap. If you need a VPN, then you need to run it in a secure way and that means only your IT (in house or out sourced) can be the ones that run it.

scottalanmiller

@hobbit666 said in Hosted VoIP???:

that will help me sell

I have an upcoming SAMIT video that's being edited, so should be out in a couple weeks tops, that is meant to be shown to your management about why they have to make sure that IT never has to "sell" them on doing their jobs and that they should not hold "sabotaging the company" as the default position that they decide to do unless IT can "sell" them on making good decisions.

JasGot

@scottalanmiller said in Hosted VoIP???:

While it has a place, it's extremely rare that it makes sense.

Yes.
Like when you need a managed Point-to-Point with a one hour SLA to keep your $20m/year business operational from two geographically disparate locations, and both are within the carrier's physical footprint. It allows the CEOs to sleep well at night.

travisdh1

@JasGot said in Hosted VoIP???:

@scottalanmiller said in Hosted VoIP???:

While it has a place, it's extremely rare that it makes sense.

Yes.
Like when you need a managed Point-to-Point with a one hour SLA to keep your $20m/year business operational from two geographically disparate locations, and both are within the carrier's physical footprint. It allows the CEOs to sleep well at night.

A signed SLA makes me nervous, that 60 minute SLA is probably only "We'll respond within x amount of time" and not actually fix anything until we feel like it. SLAs are generally meant to protect the seller, not the consumer.

scottalanmiller

@travisdh1 said in Hosted VoIP???:

@JasGot said in Hosted VoIP???:

@scottalanmiller said in Hosted VoIP???:

While it has a place, it's extremely rare that it makes sense.

Yes.
Like when you need a managed Point-to-Point with a one hour SLA to keep your $20m/year business operational from two geographically disparate locations, and both are within the carrier's physical footprint. It allows the CEOs to sleep well at night.

A signed SLA makes me nervous, that 60 minute SLA is probably only "We'll respond within x amount of time" and not actually fix anything until we feel like it. SLAs are generally meant to protect the seller, not the consumer.

Exactly. An SLA means the vendor need not worry about best effort. SLAs protect vendors, not customers.

scottalanmiller

@JasGot said in Hosted VoIP???:

@scottalanmiller said in Hosted VoIP???:

While it has a place, it's extremely rare that it makes sense.

Yes.
Like when you need a managed Point-to-Point with a one hour SLA to keep your $20m/year business operational from two geographically disparate locations, and both are within the carrier's physical footprint. It allows the CEOs to sleep well at night.

Not a smart CEO. SLA does nothing to keep the network up. It simply stated how much rebate you can get. I'd want to fire any CEO who didn't get heartburn thinking about how he used a contract to get uptime instead of a properly designed system.

That's why cars, airplanes, nuclear power station, doctors and other things that truly matter are always best effort. Because an SLA has no ability to protect you.

scottalanmiller

Youtube Video

JasGot

@travisdh1 said in Hosted VoIP???:

that 60 minute SLA is probably only "We'll respond within x amount of time"

In this case, it really is 60 back up and running. I've see it in action. I would never do this because of the costs and handcuffs to one vender, but if the CEO is happy, that's all that really matters.

Dashrender

@JasGot said in Hosted VoIP???:

@travisdh1 said in Hosted VoIP???:

that 60 minute SLA is probably only "We'll respond within x amount of time"

In this case, it really is 60 back up and running. I've see it in action. I would never do this because of the costs and handcuffs to one vender, but if the CEO is happy, that's all that really matters.

The past is never a showing of future endeavors. And a happy CEO? that seems like the wrong approach.

siringo

Thanks everyone for contributing to the the thread. Yes, they are paying a significant amount for the MPLS connection. I'm not against suggesting an alternative to them.

I'm no comms guru, I understand how a VPN for a single user works, but how do we connect office A to office B via VPN/ I'm sure this is an elementary question to those who know, but I'd be grateful if someone can throw some plain english explanations at me so I can get started.

travisdh1

@siringo said in Hosted VoIP???:

Thanks everyone for contributing to the the thread. Yes, they are paying a significant amount for the MPLS connection. I'm not against suggesting an alternative to them.

I'm no comms guru, I understand how a VPN for a single user works, but how do we connect office A to office B via VPN/ I'm sure this is an elementary question to those who know, but I'd be grateful if someone can throw some plain english explanations at me so I can get started.

It's the same sort of thing, but going site-to-site. We use Sonicwall at work, and they refer to what your using as SSL-VPN and site-to-site as VPN (it makes no sense like so much else they do, stay away if you have a choice.)

I'm stealing @Pete-S picture from another thread for a visual for you here.

Edit: It came out a bit s***, but you should get the idea.

JasGot

@Dashrender said in Hosted VoIP???:

The past is never a showing of future endeavors. And a happy CEO? that seems like the wrong approach.

Often, it is a requirement to stay employed.

siringo

@travisdh1 Thanks travisdh1. I sat down and remembered I'd actually set them up with a site to site VPN many years ago before they got larger. It's Monday morning here, that should explain it.

I've been reading up on SD-WAN this morning. Some sites say "replace your MPLS network with SD-WAN and save money" other sites say that "you must keep your current MPLS network to use SD-WAN".

I wonder which one it is? Could be dependant upon the amount of traffic between sites???

JaredBusch

@siringo said in Hosted VoIP???:

Could be dependant upon the amount of traffic between sites???

No. SDWAN is the new MPLS, with lower costs.

You get a device for each site and plug it in to your various internet connections. Can be more than one at each site.

It aggregates everything over a set of virtual IP addresses.

So you never "go down" assuming you chose the multiple ISP connections well.

Also your IP never changes. No matter what ISP the traffic is routing on. So things like VoIP don't drop calls when services switch.

But you pay for your bandwith through the aggregator.

It will always be more expensive than setting up your own site to site VPN, but gains you minor benefits. Minor for most businesses. There are absolutely some businesses that are a great fit for SDWAN.

JaredBusch

But the thing to remember is that SD-WAN is just running on your existing network connections. so if you only have shit available, the SD-WAN will still be shit.

Also, if you only have expensive lines available, your SD-WAN will be stupid expensive.

siringo

Thanks @JaredBusch for the info.

With the MPLS setup, all sites appear as one large site. They can 'net use', browse shares via Windows Explorer and so on. Can you do that with an SD WAN implementation?

And what do you guys think of using a provider that is not located in the same country? Our daytime is pretty much the night time for the rest of the world, could be tricky regarding support?

scottalanmiller

@JasGot said in Hosted VoIP???:

@travisdh1 said in Hosted VoIP???:

that 60 minute SLA is probably only "We'll respond within x amount of time"

In this case, it really is 60 back up and running. I've see it in action. I would never do this because of the costs and handcuffs to one vender, but if the CEO is happy, that's all that really matters.

Right, but 60 backup instead of 10. You are seeing longer than necessary outages, higher than necessary cost and a CEO that clearly doesn't know what he's doing.

A happy CEO doesn't matter at all, happy owners are. If I was an owner and knew my CEO had done this, we'd be having a conversation that would leave the CEO quite unhappy. That the CEO made a mistake this basic (it's a business, not tech failure) AND is happy that my money was being thrown away like it is some kind of joke to him?