SIP, Unified Communications Apps & Cloud Communications Forum
- Issue #254
Unified Communications Apps & Cloud Communications Forum provides
thought leadership on SIP, Unified Communications Apps, Lync CEBP
Apps, Cloud Communications,
OTT-Over The Top
Apps from SIP Trunk Providers, Network Providers, Microsoft, Facebook,
Google, Apple and other Communications, Mobile, Contextual-Intelligence
and other communications companies.
Lync is a trademark of the Microsoft Corporation.
Twitter Scoreboard for Tech
60 Companies in Lync alone
How do you score against your competitors?
More than 700+ companies are listed and more added all the time.
The Twitter Team was formed to help
customers gain and retain Twitter followers but more importantly help
customers achieve their sales and marketing goals via Twitter.
We have provide
proven "actionable" performance gains in terms of revenue,
reduced sales cycle, improved customer satisfaction and "thought
leadership" to name a few of the benefits.
Click on image to get help and more
details on The Twitter Team.
We can help
in developing webinars, customer studies, social media and sales,
for Lync, unified communications, cloud and
click here for
Technologies is a premier Microsoft Lync Voice Partner as Microsoft
Unified Communications Partner of the Year for 2009, 2010 and 2012 with
over 1,000 UC Deployments.
prevent your organization from such attacks at the network perimeter,
the security filter for the Microsoft Lync Server 2010, Edge Server
monitors sign-in attempts and enforces account lockout at the network
This is NOT a
Microsoft Tag or QR Code, it is a very cool
Lync Protocols Poster.
suggestions, ideas and wish list for Microsoft Lync Server and
Client. This message is not supported or paid for by
3,000 Free animated tutorials in tech at
advertising and other marcom options,
Jobs - Help
Wanted - Situations Wanted
Send them and
we will post them.
Technologies is hiring - click here for jobs
the SIP, UC Apps & Cloud Communications Forum
<<<<<<<Check out our new
Twitter Scoreboard for Tech - with Twitter as one of the new
metrics for customer interaction and support, many new surveys
indicate that people go to your Twitter account before they go to
your website. Because gaining followers is a voluntary one, it is a good
measure of "good will" you have in the
marketplace you serve. If you are missing or miss-categorized,
let me know and we will fix.
you on Twitter? Follow us @techtionary
and we will follow you back and if you need help Twittering click on
the image for the Twitter Team.
Lync SharePoint SmartCard
Smartcard issues are on the rise as
companies like Target seek to prevent "never happen again" hack
attacks and users seek to protect themselves again loss, disruption
in their banking and identity theft. The key point is that smartcard
technology is being mandated which will shift the blame to the
retailer or others not the banks. If you remember the Target attack
came via the credit card swipe POS-point of sale device not through
the backdoor to their IT systems. Smart cards are really designed to
reduce credit card counterfeiting not fraud. According to CNBC,
"Smart cards are far more secure than traditional credit cards,
which store account information-unencrypted-on a magnetic stripe.
These next-generation cards encrypt and store that data on an
embedded microchip that generates a new code for each transaction. So
even if your credit card number is stolen, it's nearly impossible for
a criminal to create a counterfeit card." This does not
make them fraud-proof just more fraud resistance like differences in
fire-resistant and fire-proof can be significant.
According to many security experts,
a 2-4 Level security system based on where you are, something you
have, something you know and something you do is still an important
step. From AGAT and their LyncShield addresses many of
these security concerns and more. Many organizations with high security
requirement use smart card or token for network login. In these
networks, users do not have a username and password for Active
Directory. SharePoint Access Control allows the usage of SharePoint
without the need to manage Active Directory credentials. With the
dedicated login solution, the user logs into the Access Portal,
authenticates with his smart card from his network computer and
creates dedicated SharePoint credentials for use on the mobile
device/ external laptop / desktops.
they point out, many organization that use a smart card or smartcard
for login do not have a username and password for Active Directory.
The AGAT LyncShield allows usage of Lync without the need to manage
AD credentials. With the dedicated login solution, the user logs into
the Access Portal authenticating with their smartcard from their
network endpoint and creates dedicated SharePoint credentials for use
on their mobile device. Click on image for website.
Active Directory Account Lockout Guard
lockout can be a result of two scenarios:
User has changed the Active Directory password but did not change the
device settings, so the device keeps trying to authenticate with the
old password. An attacker that has the username (without the
password) tries to login several times SharePoint Shield solves this
issue by blocking false attempts at the gateway level. Publishing
SharePoint to the internet exposes your network to Dos
(denial-of-service) and brute force attacks. These can cause your
network to become unavailable and cause significant business damage.
The SharePoint Shield blocks these attacks on the gateway level by
configuring a block failed login policy thus blocking the attack
attempts from reaching the Active Directory.
Device Registration Options
SharePoint Access Control for Two Factor Authentication
SharePoint Access Control supports various enrollment options:
Two-factor authentication using the smartphone as something you have
and the password as something you know.
Self-service access portal to support two-step registration of users.
Admin auditing and control tools for approving devices.
Multiple enrollment options
Two Factor Authentication is available for specific third-party
Automatic Registration - A device is registered the first time a user
connects to SharePoint. Once registered
SharePoint Access Control then verifies during subsequent
synchronizations that the operation is in fact performed from the
registered device. Any attempt to connect with the user's credentials
from a different device will be blocked.
Control - Two Factor Authentication - This option
employs a tighter security approach that requires the user to first
register on a dedicated Access Portal and then connect within a short
period of time (defined in portal configuration) in order to complete
- LyncSharePoint Shield includes an admin website "Access
Portal" for tracking the user registration process, approving
blocked users, deleting users, changing registration site settings
and more. For enterprise installations with multiple domains, the
admin site can be managed separately for each domain, allowing each
helpdesk to manage the users in its domain.
and personal computers can connect to Microsoft Lync server using the
Lync client. While connected sensitive information is exposed
requiring the organization to take precautions. Companies realize
that securing Lync connectivity is as important as securing remote
access, since smartphones can be used as a tunnel into the corporate
network. Lync Shield is specifically designed to address the complex
security needs of today's mobile enterprise.
Bottom-line - Forget timid hackers when these
storm troopers take aim at Lync it won't be for access to toll it
will be to access corporate data for gain or pain. Either way
expect the worst with BYOD as they are really just like POS devices
giving hackers a way into your bank account
Lync Seamless PBX
Integration via CSTA
ShoreTel announced Lync PBX integration via CSTA-Computer Supported
Telephony Applications server. Click on logo for article.
As they say, "This enables end users in organizations that have
already deployed Microsoft Lync to continue using Microsoft Lync,
while taking advantage of the rich functionality in the ShoreTel UC
- Remote Call Control: Once integrated with the ShoreTel UC system
through the ShoreTel CSTA Server, the Microsoft UC client can control
any telephone (analog or IP) connected to the ShoreTel system and
trigger telephone calls by clicking on the contact name in the
Microsoft UC client. Also supports Lync screen popup for
incoming Shoretel calls.
- Telephony Presence: A Microsoft UC user can now display telephony
presence in addition to instant messaging (IM) status to all their
contacts, including those in outside organizations federated with
them. RCC-enabled Lync users can now "pin" their contacts
and call them as soon as they receive notification that they have
RCC-Remote Call Control also known as third-party call control is
provided by CSTA-Computer Supported Telephony Applications.
CSTA was developed by the European Computer Manufacturers Association
(ECMA) and subsequently was formally standardized by the ITU-T,
incorporating the Switch-to-Computer Applications Interface (SCAI).
CSTA is an OSI protocol stack that provides an open system interface
to a PBX-Private Branch eXchange, ACD-Automatic Call Distributor or CO-Centrex
central office switching. CSTA uses, among other technologies,
SALT-Speech Application Language Tags specification and its
SMEX-Simple Messaging Exchange element, telephony call control
capabilities in MSS-Microsoft Speech Server to allow a developer to
create sophisticated telephony-based speech applications that can
exploit both basic call control services such as ANI-Automatic Number
Identification (caller ID) and DNIS-Dialed Number Identification
Service (800), using the included basic call controls, or extended
call control services, to create custom call controls.
Click on the image for an animated tutorial from Lyncopshere
This is just one example of
CSTA. For example, the Lync-OIP program is designed to provide
PBX implementation/integration in the following configurations:
1 - Standalone via gateway
2 - Standalone via direct SIP
3 - Co-existence via dual forking
- Direct SIP + PBX is qualified against
Microsoft Dual-forking specification
4 - Co-existence via dual forking with RCC-Remote Call
- PBX supports Dual forking plus RCC-Remote
Call Control and
- CSTA-Computer Supported Telephony Application
- Why throw out what you like but add the features you want.
This gives you both so no need to "rip
One Last Look Office 365
Gets a Voice and Certainty Real CYA
aka Office365 and almost anything else in the cloud is certainly
rage. Many are still hanging on the fence waiting for Microsoft
to add voice to O365 because it makes sense.
My analysis is that Microsoft would answer that question with this
If you want 0365 with voice,
According to Microsoft,
"Office 365 is the fastest growing business in Microsoft's
history. One out of four enterprise clients owns Office 365 and in
the past 12 months we've seen a 150 percent increase in SMBs adopting
Office 365." At the same time, despite the incredible growth of
cloud technologies, according to IDC (Successful Cloud Partners,
2013), hybrid solutions are expected to dominate the market for the
next few years: "Buyers
intend to selectively source more IT capability in the public cloud
but will also focus on keeping a significant portion of their assets
One Box 365 gives your O365 a voice and much more. Certainly
put as much as you like in the cloud with a great price-competitive
PBX for the SMB, branch and many other business configurations.
Get Serious About Office Staff Safety
with standing cable cuts and other cloud outages, there are too many
disasters, fires, storms, violence and other situations where you
must-have a backup plan for the safety of staff and key
equipment. AudioCodes has a real solution with HA-high availability
aka DR-disaster recovery with their One Box 365 hybrid solution,
providing a one-stop shop for all the critical hardware, software and
services required for a successful Lync voice implementation.
multiple Lync Server roles, gateway and SBC functionality in one
single elegant appliance, it comes complete with Lync certified IP
phones, an Active Directory Domain Controller and a dedicated user
interface for easy migration provisioning and configuring for Lync
users. Through this pre-integration of components, AudioCodes One Box
365 simplifies and accelerates the installation, enabling quick
bring-up for enterprise voice services utilizing Office 365
AudioCodes One Box 365 delivers end-user productivity and voice
services, including SIP trunking and service quality level monitoring
- Part of
the AudioCodes One Voice for Lync offering
by AudioCodes Session Border Controllers (SBC), which are certified
by a wide variety of leading SIP Trunk service providers worldwide
Leveraging AudioCodes Session Experience Manager, business customers
can monitor the quality of SIP trunk services and voice quality
across their enterprise deployments
shop, including Lync qualified IP Phones, greatly simplifies
deployment and support of cloud-based services.
- Putting nearly everything except yourself
in the cloud seem inevitable. Contact center staff, apps and
many other functions will all go to the cloud. However, when
real storm clouds hit and you are faced with no IT cloud you will
need to have a way to CYA for real.
#NotOneMore - IM Voice - Broadcast
Alerts - Personal Alarms - Group Chat
If you are in Boulder or can come,
the need to protect staff, students, customers, visitors and others
increases, there is a corresponding need for mobile apps to add some
level of notification and emergency communication. iPeerSafe is a personal and peer safety and social
networking alert and chatting app allowing users to add text, images
and audio recordings for iPhone, iPad or iTouch.
Personal Panic Alarm with posting text, images, color-coding
priorities and audio recordings to Facebook, Twitter, email and
Broadcast Alert with text, images, audio recordings and color-coded
highlights to all users in same school
Class Assignment feature for class work projects and collaboration as
well as teacher-student chatting
School/college peer, group, parent and global chatting
Journal-Diary - private and shareable notepads on Twitter, Facebook,
Linkedin, Instagram and Email as well as doodlepad graphics tool
Weather from local area
Calendar with more than 70 icons to indicate type of meeting and
for tips, applications and ideas.
Bottom-line - I have completed a brief exploration of findings in research
in more than 30 citations regarding both real and online safety
dealing with other persons of potentially harmful and deadly threats
including bullying and cyberbullying.
Click here for Top-10 Tips for Personal & Peer
Safety in School, Business, Campus and Public Settings.
with a Microsoft - Unified Communications channel sales and marketing
click on image.
Click on Linkedin logo to
Today, Lyncosphere -
"Lync Visualized" is released.
image for Lyncosphere (uses Flash)
a lot of beta testing and feedback this new microsite that is
designed for indepth explanations and explorations of Lync by
providers of Lync solutions and applications.
are some view comments:
"Lyncosphere is an innovative
way to help sales, channel and end users "see" how Lync
works. This really helps me engage with customers
faster and get solutions understood by all the decision-makers."
Matt Jolly - Senior Support Engineer Vology.com
"Lyncosphere visualizes how Lync works and
helps you understand which 3rd party Lync solutions are available to
provide additional functionality to your Lync environment."
Rui Maximo - CEO Lync-Solutions.com
"This is a very good - well done indeed,
it would be of great use to both channel partners and end users
GreenPublisher, TelecomReseller/Usernews Publications - The
World's Leading News Source for Unified Communications, Collaboration and
Security Issue - Restricting Remote Access
to Only Corporate-Issued Computers
security policies require employees to use only corporate-issued
computers to connect to the corporate network. Personal devices
aren't permitted to connect to internal resources. How can I enforce
security policies for users connecting to Lync Server from a
configuring the Security Edge Filter and Security Web Filter to block
NTLM authentication requests as well as restricting authentication
requests from only authorized Active Directory domains, the Security
Filters prevent users from connecting to Lync Server from a
non-corporate issued computer at the network perimeter.
Server when published to the Internet are
susceptible to many types of attacks. Without a solution such as the
Security Edge Filter and Security Web Filter, user accounts can
easily be locked out in Active Directory Domain Services, passwords
can be brute-forced, internal Lync Server resources can be consumed
unnecessarily by DDoS attacks, Lync meeting attendees can be hacked
by cross-site scripting (XSS) attacks, and many more attacks (SOAP,
XML, etc) as shown in the following figure.
Security Edge Filter and Security Web Filters, attacks can be blocked
at the network perimeter as illustrated in the following diagram.
Solutions to Distributed Denial of
Services (DDoS) and other Hacker Attacks
Why are DDoS attacks disruptive to your
are the most common reasons:
Each failed authentication attempt counts in Active Directory Domain
Services as a failed login and locking out the account in Active
Directory Domain Services.
It becomes trivial for a remote attacker to lock out any of your
Active Directory user accounts if the attacker knows (or can guess)
the account name.
No credentials or privilege is required to mount a DDoS
Locked-out Active Directory user accounts often generate the largest
number of support calls to IT.
DDoS attacks can represent a substantial disruption to users when
employees are unable to reach the resources they need to do their
work while internal Lync Server resources are under
Organizations that allow employees to remotely sign in to Lync Server
from the Internet can be susceptible to password brute-force attacks.
Security Edge Filter is an application layer firewall
for Lync Server. It augments the Edge Server by enforcing a soft
lockout at the network perimeter to prevent account lockouts at the Active
Directory Domain Services. Security Edge Filter tracks failed sign-in
requests and block further sign-in attempts before the Active
Directory lockout limit is reached. The Security Edge Filter protects
the SIP traffic.
- Security Edge Filter provides an additional tier of account
Security Edge Filter prevents password-guessing by blocking
authentication attempts after the number of failed authentication
attempts reaches a threshold.
Even when the account is locked out by the Security Edge Filter at
the network perimeter, the user can still sign in to Lync Server from
within the corporate network or through a VPN. As a result, the DDoS
risk is substantially mitigated, with minimum inconvenience.
Security Edge Filter can enforce that remote users
to sign in from a corporate-issued computer. By blocking NTLM
authentication, external users are forced to sign in by using TLS-DSK
authentication. It requires that a client certificate be installed on
the user's computer when it's connected to the corporate network.
Security Web Filter is a Web application firewall for
Lync Server Web Services. It protects the Lync HTTPS
traffic traversing the reverse proxy. Similar to the Security Edge
Filter, it protects against DDoS attacks by enforcing a soft lockout
in the network perimeter. The Security Web Filter monitors Web
traffic originating from the Internet for potential attacks. In
addition to Lync Web traffic, the Security Web Filter can monitor
authentication traffic from external Exchange and SharePoint
Security Web Filter provides an additional tier of account security,
safely locking out the account at the network perimeter without
locking out the account inside the corporate network.
Security Web Filter prevents password-guessing on the extranet by
blocking authentication attempts for that account after the number of
failed authentication attempts reaches a threshold.
Security Web Filter monitors external traffic for XSS attacks, SOAP
attacks and XML attacks, and blocks those requests at the network
The enterprise edition of the Security Web Filter allows the
administrator to block unauthorized Lync mobile devices from signing
in to Lync Server.
When combined with the enterprise edition of the Security Edge
Filter, the lockout policy and logging can be centralized with both products
in a SQL database.
Tips for #Hast Tags
Click on image for complete article
Certified Training -
Affordable, Available, Actionable & Tax Deductible
Social Media Contact Centers, Sales Professionals and Business
Custom and Complete SIP
Professional Certification Program
Certified SIP Professional and Senior Certified
SIP Technical Professional Testing Now Available
on image for details. TECHtionary is proud to announce the
availability of two SIP certification testing and online, online and
webinar training programs. The CSP-Certified SIP Professional
certification is designed to review and test general and some
technical knowledge with 50 questions. The Senior Certified SIP
Technical Professional (SCSTP) examination
is designed to test advanced technical skills in SIP. The exam
consists of 70 multiple choice and true-false questions. Both
tests are designed to help in planning, design, implementation,
network assessment as well as security, diagnostics and
though certainly not all of the topics on the Senior Certified SIP
Technical Professional examination include: CODEC, DSP, Clipping,
dipping, Queuing Delay, Network Propagation, Serialization, Buffer
Delay, Fragmentation, Interleaving, Voice Payload, HSRP, Adaptive
Jitter Buffer, Oversubscription, Voice Activity Detector, White
Noise, Comfort Noise, Noise Detectors, MOS, E-model, Nyquist-Shannon,
Framing, PCM, ADPCM, DSP, CODEC sampling, Transcoding, Tandem
encoding, Echo, Echo Loss, Short Tail, Hybrid, SNR, CNR, RFI,
Crosstalk, Shared Neutrals, RTCP-XR, SRTP, MD5, CMP, POE, 802.1P,
ALG, MSRP, IMS, WebRTC-Apps, SALT, SAML, Voice XML, RPC, BICC, ISUP,
IP Multimedia Subsystems and other topics.
If you need
iPhone, iPad, Android or Windows phone apps custom built for your
business applications or new ideas, we have proven experience and
U.S. based product/project management. Click on image for
Click here for
TECHtionary -- World's First and Largest
Animated Library on Technology with more than 3,015 animated
is a Trademark of Microsoft. Unified Communications Apps &
Cloud Communications Forum is an independent forum.
Advertising, Exhibiting, Training and
other Marcom Programs, call 303-594-1694 or click here.
The User Forum provides classroom and webseminar training as well as a
non-production environment for those IT departments without additional
equipment, budget or time. This allows planners
and users to test ideas, dial in and dial back out, IM file
transfers, remote desktop sharing, video conferencing, run scenarios,
review logs, break linkages and learning about new telephony features and
network access. The User Forum is also designed for both the system
integrator/consultant who wants to learn about tech without having to
build their own system as well as the enterprise customer who doesn't
have the time, resources or knowledge to develop one. Coming soon,
User Forum Labs are designed to be "hands-on" or
"over-the-shoulder" with experts available for Q&A and
classes for feature-specific review.
About User Forum
The User Forum is a vendor-independent laboratory environment designed
for learning, technical guides, knowledge resources and online
"live" services. The User Forum provides planning,
project management, consulting, training, case studies, white papers,
speaking engagements, market/customer research, network planning and
here to contact.
(c) User Forum - all rights reserved.