7. I've heard VoIP-based phone systems need a special skill set to support. Once I have migrated my phone system to VoIP, how much internal expertise is needed to maintain it?
If you think that supporting a VoIP-based enterprise phone system is going to be easier than supporting that trusty old AT&T Merlin, think again. The only characteristic of converged networks that makes then easier to support is the fact that they're entirely IP-based. There are no legacy protocols and interfaces to support like there are on a legacy phone system. Besides, that AT&T Merlin will never have the integration potential or future-proof personality of a VoIP system.
The challenge, then, is finding and retaining the expertise needed to support VoIP. Ultimately, VoIP skills will be standard issue with every IP network engineer. But today, the concept of convergence may be as foreign to a Cisco guy as it is to an old-school telephone support guy. As a consultant, I rarely encounter clients who have the in-house skillset to build a VoIP phone system from the ground up. They may have the legacy equipment knowledge, and they may have IP networking folks, but we're at an inconvenient nexus right now where good, fundamental IP telephony knowledge is just hard to find.
Without question, the availability of VoIP skills in the marketplace at this point is low. This may be at least partly to blame for the slow pace of enterprise VoIP adoption up until the last few years. Standards have been refined, and the first generation of VoIP expertise, which surrounded the outmoded H.323 protocol, has diminished. H.323 is being replaced by SIP, the signaling standard that has come to dominate the VoIP service provider business. Indeed, the Cisco IP telephony certifications of a few years ago are about as valuable today as that old, yellowing NetWare 3 certificate. Things have been changing quickly.
There is still much refinement yet to come from VoIP system manufacturers, too. SIP, the primary VoIP signaling standard supported by Avaya, Cisco, and the rest, continues to evolve, so the system you implement today will no doubt be patched, upgraded, or completely replaced by the time the standard is as mature as SMTP or the World Wide Web. The support expertise requirements will continue to change, too. The moral of this story is: keep your skills up to date or hire somebody who will.
8. I'm concerned that my VoIP telephone calls may be less secure than traditional phone calls, and that ill-intentioned hackers may be able to listen in while I talk. How to I prevent snooping?
It's probably easier to secretly listen in on somebody's PSTN-borne calls than on their VoIP calls. To snoop a PSTN call, all you need is a modified handset and access to a cross-connect point on the line where the call is happening. But to snoop the internet, where access control is tight and tends to be monitored a lot more closely than the neighborhood phone company's above-ground wiring block, the conditions must be very conducive to snooping.
First, you need software that can intercept and decipher VoIP codecs. Second, you need that software running on a host that's in the midstream of the call--on the receiver's end, on the caller's end, or on a PBX server in the middle. You need physical access to the IP "loop" carrying the call, to say nothing of the encryption measures that are available to fight snooping today.
The point is, snooping VoIP isn't really all that easy without privileged access to the VoIP network. Indeed, the VoIP blogs are abuzz right now with talk of how difficult it's going to be to comply with the FCC's mandate to allow wiretaps so that the FBI can snoop calls. This type of thing becomes infinitely more complex in the world of VoIP, where encoding schemes, encryption, and tunneling can make clandestine call monitoring nearly impossible.
Return to the O'Reilly Network