3CX is the future of low cost IP telephony and it is here….
Tuesday, 27 July 2010

It might be time to chuck out your old PBX-based telephone system. We have and we are extremely happy with the results. The thing is, we wanted a solution that would be either low-cost or free and would allow us to make best use of our existing Internet connectivity. We knew that we were bleeding cash on our ISDN-lines; each phone bill was another stark reminder that we were just throwing away many hundreds of pounds every quarter. Enough was enough and the old box on the wall had to go.

We chose 3CX (www.3CX.com) because it was free, Windows-based and therefore very easy for all the team to administer. It natively supports SIP trunks and we arranged these from our VoIP provider Sipgate (see my previous blog “Getting into those SIP trunks…”). I should point out that the free version has a cut-down feature set but this is still a very tractable and system.

The free version has some really cool features, and this includes support for remote extensions. This means that you can configure a VOIP handset (or a softphone on a PC) to connect into the 3CX phone system from any internet connection, allowing you to work from anywhere and appear to be sat at your desk in the office. All calls from the remote extension are routed through the office and are charged at the same rate as normal office calls, regardless of location. This feature can be notoriously difficult to configure on traditional phone systems but 3CX have made it extremely easy all that is required is a few port forwarding rules on the firewall. The free version gives you access to community based forums containing all the information you will need to setup configure and maintain your system.

But 3CX obviously make their money if you upgrade to the paid-for version for a one-time £500 licence fee – there is no need to buy upgrade insurance or any of the other myriad costs that are a feature of many software systems these days. That said, since most companies want the peace of mind of a support agreement for their business critical phone system, this can be purchased for around £150 a year direct from 3CX; this is incredibly cheap when compared with the support charges made by other mainstream VoIP providers. In any case, you get to unlock some very great features such as call queuing and an integrated fax server.  Another really compelling feature is “branch bridging”; this allows you to easily interconnect two or more sites, regardless of location, and the phone systems then interact as if they are on the same LAN. This means that if you have an international office in Spain, for instance, you can seamlessly make calls between sites completely free of charge. Also, least cost routing rules can be established, so for example, if you are in your London office and need to make a call to Spain, this call can be routed via the Spanish office at the cost of a local/national Spanish call instead of at international dialling rates from London.

We run our 3CX system on a virtual server that contains a number of our other server-based systems, but it could just as easily be run on any old Windows PC that you might have handy. The system is totally web-based and uses IIS, once again making it very familiar to those with Windows-centric skills.

Actually, at the time of writing I have just seen sight of the spec for the just released version 9 of 3CX and we will be upgrading to this very shortly since it has a SIP client for Android mobile phones and it supports a host of other features including video support.

low-cost computing, VoIP
Recycle your old server into an iSCSI storage device……
Wednesday, 11 August 2010

If you want to get the most out of your IT spend we think you will like Openfiler (http://www.openfiler.com). It is an open source (essentially free) software product that can help turn your old or redundant server(s) into an iSCSI storage device. You may have a spare but serviceable server kicking around after having upgraded to a new server, or you may have virtualized some of your existing servers, leaving the redundant units going begging. So, as long as the servers are reasonably well specified and with plenty of disk space, you can simply rebuild the OS using Openfiler (it is a special Linux distribution) discarding or re-deploying your old Windows server licence.

Openfiler allows you to configure your disk subsystem much as you would with any other server OS – including setting up and managing multiple disks into a RAID array. And it has some very advanced features that include Ethernet bonding (to increase network performance and throughput) and block level replication using rsync.

Once it’s set up, your new iSCSI device is ready for use and it can be attached to single or clustered devices across an IP network almost as if they had been attached via a SCSI cable in the way that direct attached storage (DAS) devices are connected using a standard SCSI cable. And, iSCSI works across local area networks (LAN) or wide area network (WAN). This means that you could have a file or application server that is connected to two iSCSI servers – one may be on the local LAN and the other at a remote site. But to the main server it would just look like two local hard drives.

You might be concerned about entrusting your critical data to one of these boxes – but so long as you avoid single points of failure and develop an appropriate hierarchy of data backup devices (i.e. make sure your data is in several places simultaneously) then you will be perfectly safe.
The thing is, this really is a very powerful system capable of being deployed in anything from budget to really quite large-scale enterprise environments. Indeed, it will easily act as the SAN for a clustered Microsoft environment, or as a VMWare ESX SAN server. It supports popular file systems such as NFS, CIFS, SMB, FTP and HTTP/DAV; integration with your local security protocol is also very easy since it supports both LDAP and Active Directory. Management is provided by an intuitive web-based interface.

We will be writing more about this in the future and we will share our experiences with you.

Zeus in the news.....
Thursday, 05 August 2010

Zeus, a trojan horse has been back in the news recently (it is also know as Zbot, PRG, Wsnpoem, Gorhax and more recently Kneber. It steals private information using keyboard logging and It is propagated mainly as a result of phishing attacks and "drive-by" downloads where users indirectly download and unknowingly authorise the installation of ActiveX components or Java applets. Malware may also be downloaded as a result of a browser, email client or operating system vulnerability.

The Zeus botnet only targets Microsoft Windows  devices running Windows XP Professional SP2 running mainly in the business and home communities. There have so far been no reported incidents of Windows 7 machines being affected. It targets the login credentials for online social networks, email accounts and on-line financial services providers.

According to wikipedia it is possible to buy Zeus in underground forums for between $3000 to $4000 for the latest version. The package contains a builder that can generate a bot executable and Web server files (PHP, images, SQL templates) for use as the command and control server. While Zbot is a generic back door that allows full control by an unauthorised remote user, the primary function of Zbot is financial gain stealing online credentials such as FTP, email, online banking, and other online passwords. The latest public version that is available is 1.2.7.29

Zeus is very difficult to detect even with up-to-date antivirus software and its malware family is considered the largest botnet on the internet (some 3.6 million PCs are said to be infected in the U.S. alone). Security experts are advising that businesses continue to offer training to users to prevent them from clicking hostile or suspicious links in emails or on the web while also keeping up with antivirus updates. Many security programs can detect and remove the bot but it remains unclear if modern antivirus software is effective at preventing all of its variants from taking root.

Security
Don’t go jailbreaking your iPhone or iPad just yet….
Thursday, 05 August 2010

“Jailbreaking” is the term used to describe the process of hacking an iPhone to allow it to install apps and themes not approved by Apple.  In principle it sounds like a great idea, except that Charlie Miller, a well-known security analyst has pointed out that this exploitation of the Safari browser “....totally defeats Apple's security architecture". Users can navigate to www.jailbreakme.com and easily initiate the jailbreaking process. This site is not malicious in itself but there is serious concern that hackers will work how it works and use it to gain control of any devices that inadvertently download malware from dubious websites. Be warned…

Security
iPhone 3G update keeps me awake….
Tuesday, 20 July 2010

I often go to bed around midnight these days, but last night I decided to apply the latest 4.0.1 update to my aging iPhone 3G since it would only take me a minute or two. Obviously, that was my first mistake as it all went wrong from there. The system kept returning an unspecific 2006 error; my device was now in limbo – it was in restore mode and my Mac Pro could not/would not restore  the phone.

Now, I really needed that phone to work in the morning so I toyed with the idea of picking the problem up with a clear mind in the morning. But I knew that was a risky proposition (what if someone needed to call me urgently?) so I tossed that idea aside and decided to grit my teeth and get on with it.

Well, eventually 4.00 am arrived and I was being to consider that defeat was a real possibility and that hitting the sack was now the only course of action. The thing was, I had experienced a similar problem before and I had eventually realized that it was a USB issue and the cable should NOT be plugged into a USB hub. I checked and that was definitely not the problem this time: my Belkin cable was firmly attached to the back of my Mac Pro. So, as a final gesture before retiring I decided to try to run the iPhone restore from my old Mac Pro (it is more than 5 years old but runs almost as sweetly as my new 8-core machine after I installed an Intel SSD disk – but more about that another time). Strangely, every time I plugged the iPhone and Belkin cable into old faithful the wired mouse stopped working. At that moment a light lit up my dulled brain as my eye caught my iPad sitting on the floor – it was connected to it’s charging device using a nice new white Apple USB cable; I yanked it out of the iPad and used it to connect the iPhone to the new Mac Pro. Suddenly everything was working just like it should have four hours previously.

Okay, maybe I should have worked this one out a lot sooner – but it was NOT obvious since the last update had worked fine with the Belkin cable. It was lucky that I had an alternate cable but I felt duty bound to blog about this incident if it saves somebody else a sleepless night!

iPhone
Getting into those SIP trunks…
Wednesday, 14 July 2010

No, they are not a go-faster bathing costume to help speed up your performance in the swimming pool. They are, in fact, key to the deployment of successful VoIP installations – and to making significant savings on your telephony costs.

SIP trunks are a critical component for delivering IP-based (VoIP) telephone over data networks. So, if you are involved in planning your organization’s telephony requirements then this is something you should understand.

Session Initiation Protocol (SIP) trunks have been around for a few years and are available from IP telephony service providers. These SIP trunks are analogous to traditional telephony services that are supplied over physical wires or “trunks”; and these connect corporate PBX’s (Private Branch Exchange) to the public switched telephone network (PSTN) – the trunks carry the voice calls from the PBX to the PSTN.

SIP trunks essentially allow the physical wires or trunks to be replaced by a service that operates over data networks – and in the main this will mean over an Internet connection. They are far more flexible than their analogue counterparts, which were limited by the number of available channels. Also, a SIP trunk can deliver far more value since there is no real limit to the number of voice session that can be carried over a SIP trunk – other than that imposed by bandwidth limitations.SIP trunks can also be used to extend VoIP systems beyond the physical LAN and remove the need for costly gateways and bridges to connect corporate telephony systems to the PSTN; this is now achieved using the SIP provider’s network.

To deploy a SIP trunk an IP PBX is required together with a service provider that offers a SIP trunking service. Some time ago we replaced our aging PBX system that used multiple ISDN lines, which were relatively costly in terms of line rental and call costs. We installed a Windows-based SIP switch from 3CX (www.3cx.com) and signed up for our SIP trunks from Sipgate (www.sipgate.co.uk). Incidentally, setting up the SIP trunks was simplicity itself since they can be applied to any Internet connection that you may have. Anyway, now all our calls are going over our existing Internet service and we have made significant savings as well as making best use of our existing Internet connectivity. Also, we pay low call rates via our Sipgate service and so we have seen this reflected in significantly lower bills.

If you have an existing VoIP system without a SIP trunk it is likely that you will be getting free internal calls and those that are routed over IP to branch offices; but if you are making external calls they will be routed via analogue or ISDN lines to connect to the PSTN system. However, you can retrofit SIP trunks so that you can remove your expensive legacy phone lines while at the same time taking advantage of the preferential call costs from your SIP provider.

Obviously, there is the issue of putting all your eggs in one basket – if Internet connectivity goes down then browsing capabilities stop, as does mail, instant messaging, voice and any other services that rely on your Internet connection. However, we think the benefits far outweigh the risks – and there are strategies to mitigate these. As a for instance, you can still have some standby analogue lines to be used in an emergency if Internet connectivity fails – a system such as 3CX can be programmed to route calls via these lines if the need arises. In any case this is something we will explore in future blogs.

low-cost computing, VoIP
Recycle your old server into an iSCSI storage device...
Friday, 02 July 2010

If you want to get the most out of your IT spend we think you will like Openfiler (www.openfiler.com). It is an open source (essentially free) software product that can help turn your old or redundant server(s) into an iSCSI storage device. You may have a spare but serviceable server kicking around after having upgraded to a new server, or you may have virtualized some of your existing servers, leaving the redundant units going begging. So, as long as the servers are reasonably well specified and with plenty of disk space, you can simply rebuild the OS using Openfiler (it is a special Linux distribution) discarding or re-deploying your old Windows server licence.

Openfiler allows you to configure your disk subsystem much as you would with any other server OS – including setting up and managing multiple disks into a RAID array. And it has some very advanced features that include Ethernet bonding (to increase network performance and throughput) and block level replication using rsync.

Once it’s set up, your new iSCSI device is ready for use and it can be attached to single or clustered devices across an IP network almost as if they had been attached via a SCSI cable in the way that direct attached storage (DAS) devices are connected using a standard SCSI cable. And, iSCSI works across local area networks (LAN) or wide area network (WAN). This means that you could have a file or application server that is connected to two iSCSI servers – one may be on the local LAN and the other at a remote site. But to the main server it would just look like two local hard drives.

You might be concerned about entrusting your critical data to one of these boxes – but so long as you avoid single points of failure and develop an appropriate hierarchy of data backup devices (i.e. make sure your data is in several places simultaneously) then you will be perfectly safe.
The thing is, this really is a very powerful system capable of being deployed in anything from budget to really quite large-scale enterprise environments. Indeed, it will easily act as the SAN for a clustered Microsoft environment, or as a VMWare ESX SAN server. It supports popular file systems such as NFS, CIFS, SMB, FTP and HTTP/DAV; integration with your local security protocol is also very easy since it supports both LDAP and Active Directory. Management is provided by an intuitive web-based interface.
We will be writing more about this in the future and we will share our experiences with you.

low-cost computing, Open source
iPad dreams do come true…
Thursday, 24 June 2010

I resisted and resisted, but after 10 days I finally gave in: I really had to buy an iPad. It is strictly for research and development, obviously. Quite.

Anyway, I first tried phoning the Apple Store; I wanted the top of the range model please. Sorry no stock available. Hmmm, no problem, I’ll wait, it’s not a big deal all. I phone again a few days later. Same answer. Blast, I should have got one that first launch weekend.

A week later I go to the Apple Store in London’s Regent Street. Same answer. A couple of days later I try again; okay I go up to a guy in a blue t-shirt and ask, “so, what do I need to do to get an iPad.?” He tells me I need to register to get myself on the list. He led me over to one of the many demo laptops, kicks an anorak off (he was only checking his email anyway) and gets me to input my order. I wander off buying some other essential shiny gear before heading home.

And lo a miracle! The very next day an email turns up to say that the object of my desire is ready to be collected. The next day, off I trot and I find the queue for the chosen ones. A nice chap in the regulation blue Apple t-shirt greets me as I solemnly show him the email on my iPhone and he claps his hands in delight and beams at me: “Oh lucky!” A stupid grin starts taking hold of my visage, but I get a grip just before I turn into a simpering buffoon. I simply reply “Yep”, offer my plastic and pass the next few minutes exchanging pleasantries. But the waiting is finally over and the little package is reverently placed in my hands. Time to go home.

A thought occurs to me as I get stuck in the Friday rush-hour drive home, as I am unwrapping my purchase. Did the Apple marketing machine just see me coming? I think the answer is a probable YES!

So, what I do I think? Well, it is a thing of beauty, no question, and it is a very slick device. I set up the 3G sim and got it working; I set up my email accounts, all good. I downloaded some interesting apps, yes all nice. I even tried RealRacingHD even though within seconds I started feeling nauseous: I suddenly started suffering motion sickness while playing Duke Nukem more than a dozen years ago. I surfed the net and checked out YouTube (I thought it wouldn’t run because of the Flash problem). But no, that all ran fine too.

Then I downloaded the Times app: Wow! Is it life transforming? Well almost; I can roll over in bed every morning and download that day’s copy. I gave up reading the papers in the week years ago. Partly, it was the cost, the waste (all that paper) and the lack of time. But this is something else; it’s convenient, accessible and feels very natural as I flick from one page to the next. I noticed the odd glitch with the app, but who cares? They will eventually get it right.

Then I downloaded the EyeTV app and paid my £2.99; it’s a amazing! In seconds my iPad wirelessly connected to the EyeTV device on my Mac Pro; moments later I was watching live TV streamed to my iPad. Not impressed? Well I am! Two simple apps had changed both my newspaper reading habits and how I will be watching live or recorded TV programs in the future. Tonight I snuck off to eat my Indian takeaway at the dining table while the wife and kids were upstairs getting ready for bed. I grabbed the iPad and pondered if I should flick through The Times to see if there were some missed stories that I should read; or should I watch the news? Live TV wins and seconds later I am watching an excellent quality live stream of the Channel 5 news.

It is cool? No question. But it’s more than that. I can do these things on my Mac Pro or my Mac Airbook, but not in the same way. There is something different about this. Maybe it is magical…

iPad