digium switchvox: a review

 voip  18 Responses »
Oct 062010
 

last week i installed a digium switchvox 4.5 SMB (my first full fledged VoIP deployment). i thought with this post i could kill two birds with one stone.

  1. i wanted to write a review for anyone that might be interested in digiums switchvox product. i always find it hard to find practical, non-biased, real world reviews of products, so i thought i would contribute this one.
  2. i also wanted to put in some feature requests with digium and thought this would be a good forum to do it in.

in a nutshell: i like switchvox. the features, functionality, and performance are great. compared to other VoIP systems i researched (avaya, nortel, shoretel, cisco, some other asterisk based stuff), i found the switchvox solution to give us the most bang for the buck.

would you recommend it? yes, in most cases i would. i think for the SMB market, they are in a great spot. if they want to move more into the enterprise realm, i think they will need to do some work. it isn’t a perfect solution, but i couldn’t find a better one for us. for reference, we used bandwidth.com as our SIP trunk provider and polycom IP 450 phones. both of which i would recommend.

the good

  • overall costs – honestly, phones were the biggest cost for our deployment. and compared to some of the big boys, this deployment was up to 75% cheaper (although on average it was about 50% the total cost of most systems)
  • free, full featured trial – you can see how it performs before you buy. huge.
  • ease of setup – after setting the system up in a test environment, it took me around an hour to recreate our setup for the production system.
  • feature rich – in the SMB version, it has everything you need to get a phone system off the ground and then some. queue’s, IVR’s, conferencing, call routing, etc. all stupid easy to set up as well.
  • the switchboard (their web interface) – lots of features, very intuitive, almost don’t even have to use the phone. some eye candy like google map’s integration, but mostly very functional.
  • support – overall, support has been readily available and knowledgeable. every once in a while i felt like they might be learning something along with me, but i guess it would be unfair to expect them to know everything. right? ;)

the bad

  • the phones status does not tie in with the switchboard. to me, this is the biggest gaffe of the whole thing. putting your phone on “away” means absolutely nothing to the switchboard application. crazy.
  • please, please, please, make this available as a virtual machine! i don’t need or want digium to handle my redundancy. i am paying you to handle phone calls. my virtual environment will take care of the redundancy and availability.
  • no AD/LDAP integration. not having the phones tied to a central authentication system is a *pain*.
  • calls not wrapped in ssl. i know, more overhead, but still. if i am a CIO/CISO at a company that has a lot of regulations, this might have been a bigger deal. here is my writeup on the problem.
  • several things are per phone settings and can’t be applied across the board/per phone from the web UI. things like prioritizing codecs, setting how many key lines per phone, or changing the time zone for a particular phone is not possible. you have to go to the phone itself, which can become rather tedious.
  • the seemingly random limits on length and content of user defined fields. why can the email address only be 48 characters, especially if it can accept multiple addresses (ie, scheduled reports)? why can one field have and underscore in the name and next one can’t? this problem abounds throughout the system, very inconsistent from what i have seen.
  • no voicemail-to-text/email option built in. it would be very nice to have voicemails transcribed to the users email by default (a la google voice)

don’t let the bad comments fool you. i would buy the digium solution again, and like i said, i still believe its the best bang for the buck. if your SMB company is looking for a VoIP solution, i would suggest taking a hard look at digium, i think you will find it is worth your time.

but here’s to hoping the dev’s read this and make some of these problems go away. ;)

feel free to comment or email me if you have any questions!

voip & wireshark

 security, voip, wireshark  No Responses »
Feb 222010
 

so i really like wireshark. every time i open it up i find something else very cool and practical to make my job easier.

for example: we are testing a phone system out that is based on asterisk called digium switchvox.

overall, i have been pretty impressed with the setup, options, and tools digium gives us and from a functionality point of view, its great.

looking at it from a security point of view, though, yields a different impression.

the first thing i noticed right off the bat was user passwords. they stink. they have to be numeric, and can only be a maximum of 10 digits, which makes bruteforcing user accounts pretty trivial.

the other thing that got my attention was how open the sip/sdp/rtp protocols are. i fired up wireshark and sniffed a few calls (off a spanned port on a switch) and found very quickly that you can easily record, playback, and dissect any voip calls. here is what i did:

  1. opened the pcap in wireshark 1.2.6, went to Telephony -> VoIP Calls

  2. selected the call i wanted to look at, clicked Player then Decode

  3. now click Play, and you are listening to both sides of a phone conversation, just like you were on the call

one other feature in wireshark i just found was the graph of the conversation. for troubleshooting and just understanding the traffic for future endevors, i found the Graph option to be very useful. instead of clicking on the Player option, just select the Graph option from the VoIP Calls list, and you have the details of what happened on a call (from the packets point of view). since a picture is worth a thousand words:

i did end up calling digium and  tried to see if they could run sip over ssl, but no such luck.

here is a link for wireshark: http://www.wireshark.org. their documentation is pretty good, and they have some videos that can be of some help as well.