Unified Communications Apps & Cloud Communications Forum 12-6-2013
- Issue #221
Unified Communications Apps & Cloud Communications Forum is an
Independent Forum on
Apps, Lync CEBP Apps, Cloud Communications,
OTT-Over The Top Apps
from Microsoft, Facebook, Google, Apple and other Communications,
companies and technologies.
Lync is a trademark of the Microsoft Corporation.
We can help in developing webinars, customer
studies, social media and sales, marketing
unified communications, cloud and other tech.
University's School of Computer & Information Sciences (SCIS)
delivers Bachelor's and Master's degrees, and certificates in various
computing and information fields. Degrees provide a comprehensive
background on computing theory, as well as, hands-on experience using
computers to solve problems
Technologies is a premier Microsoft Lync Voice Partner as Microsoft
Unified Communications Partner of the Year for 2009, 2010 and 2012 with
over 800 UC Deployments.
SIP Trunking for Microsoft Lync Unified
help prevent your organization from such attacks at the network
perimeter, the security filter for the Microsoft Lync Server 2010, Edge
Server monitors sign-in attempts and enforces account lockout at the
is NOT a Microsoft Tag or QR Code, it is a
very cool Lync Protocols Poster.
suggestions, ideas and wish list for Microsoft Lync Server and
Client. This message is not supported or paid for by
advertising and other marcom options,
- Help Wanted - Situations Wanted
them and we will post them.
Technologies is hiring - click
here for jobs
Solutions - Prevent DoS and other hacker attacks
and password brute-force attacks can be particularly disruptive to
your business. You can protect your internal network against these
attacks with the Lync
Security Edge Filter installed on the Lync Edge Server.
The Security Edge Filter protects the SIP traffic
traversing your Edge Server.
Maximize your security protection with the Lync Security
Edge Filter and the Lync Security Web Filter!
Mention Code #914 for Special
Welcome to the UC Apps & Cloud Communications
As you know I am a total fan of anything security, so when I
dig deeper into Lync-Solutions security solutions, it begs
the question why doesn't every Lync deployment with or without
voice use both of their products. As they say,
"Compared to the costs and impact that occurs in less than one
hour of downtime, our Lync-Solutions security products for remote and
mobile workers literally pays for the investment very quickly. We
provide critical enterprise security solutions to protect Lync Server
from DDoS attacks, XSS attacks, malicious SOAP requests, and unauthorized
mobile device access. Our Security Edge Filter and Security Web
Filter products offer network perimeter security solutions for
enterprises. These solutions protect Lync traffic from external
attacks at a cost-effective price with business-class support
services. We look forward to working with you on protecting your
business, staff, customers, and reputation." I like their
products so much, that I will be helping promote as well.
Our goal is to find UCaasS, Ucoms, CEBP applications,
solutions, tech, users and other content on Google, Apple, Twitter,
Facebook, Amazon, Oracle, Microsoft Skype/Lync, Kinect, SharePoint
and others. We want hear from you about great ideas on the www-wild
wild web of internet communications and online cloud, SaaS, smartphone
apps and other hot tech solutions. Send your ideas and products
As you know I
teach security and have written on HIPAA, so when I see an
app that "gets real" about user security I am all
in. CafeX has a WebRTC app that allows multi-media
interactions to be recorded to address compliance requirements
for the financial services and healthcare industries, such as the Dodd-Frank Act and Health
Insurance Portability and Accountability Act. Each
communication session is encrypted, and strict policy control ensures
that customers have access only to a pre-defined pool of enterprise
Here is more on their
app. Tablets and WebRTC communications both a natural for
users but increasingly required. CafeX Thrupoint software
developer kits web programmers can build WebRTC applications that
turn the tablet into a secure, powerful unified communications (UC)
These UC tablet applications can provide single-screen access
to a host of enterprise communications and collaboration tools
including voice, video, IM and text messaging, corporate directory
access, presence awareness and CRM applications.
They add, "if your customers could communicate
in real-time with your business using any device that supports a
WebRTC-enabled browser, with no plugin or client download required.
An external user could click on your website to initiate a video chat
with a customer-facing representative inside your enterprise who is
using a high-end Cisco Telepresence unit or perhaps a Cisco Jabber
video client. CaféX enables enterprises to leverage WebRTC in
innovative ways that link into their existing contact center and
customer facing applications. CaféX's APIs for WebRTC to SIP interworking
enable IT developers to rapidly build, deploy and manage applications
that enhance customer intimacy and work in unison with existing
enterprise infrastructures. Such applications can be extended to
existing contact center, CRM and sales force automation
Bottom-line - Both web apps
and mobile apps are required in nearly every business
situation. Web apps like legacy pcs dominate for a long time to
come as not all customer demographics want or use a tablet or
smartphone. WebRTC provides "common ground" for these
devices and underlying SIP protocols. Apps like
CafeX help give users multiple means of communications and most
importantly address security key to making apps work on all
platforms and users alike.
Lync in One Box
As from other needed
apps, Sangoma is doing what it can to put Lync "all-in-one
box." Click on image for their website.
#1 - User Accounts Locked Out
Exposing Lync Server to the Internet to allow users to
connect remotely could result in a DDoS attack, impacting employee
productivity, resource availability if my Lync Servers get hammered,
and possible brute-force attacks on passwords-not to mention higher
volume of support calls as users call in to get their accounts
unlocked so they can do their work.
account lockout at the network perimeter by using Security Edge
Filter and Security Web Filter. They shelter your internal Lync
Servers and Active Directory user accounts from DDoS attacks.
Server when published to the Internet are
susceptible to many types of attacks. Without a solution such as the
Security Edge Filter and Security Web Filter, user accounts can easily
be locked out in Active Directory Domain Services, passwords can be
brute-forced, internal Lync Server resources can be consumed
unnecessarily by DDoS attacks, Lync meeting attendees can be hacked
by cross-site scripting (XSS) attacks, and many more attacks (SOAP,
XML, etc) as shown in the following figure.
the Security Edge Filter and Security Web Filters, attacks can be
blocked at the network perimeter as illustrated in the following
Solutions to Distributed
Denial of Services (DDoS) and other Hacker Attacks
Why are DDoS attacks disruptive to
Here are the most common reasons:
- Each failed authentication attempt counts in Active
Directory Domain Services as a failed login and locking out the
account in Active Directory Domain Services.
- It becomes trivial for a remote attacker to lock out
any of your Active Directory user accounts if the attacker knows (or
can guess) the account name.
- No credentials or privilege is required to mount a
- Locked-out Active Directory user accounts often
generate the largest number of support calls to IT.
- DDoS attacks can represent a substantial disruption to
users when employees are unable to reach the resources they need to
do their work while internal Lync Server resources are under attack.
- Organizations that allow employees to remotely sign in
to Lync Server from the Internet can be susceptible to password
Security Edge Filter is an application
layer firewall for Lync Server. It augments the Edge Server by enforcing a soft
lockout at the network perimeter to prevent account lockouts at the
Active Directory Domain Services. Security Edge Filter tracks failed sign-in
requests and block further sign-in attempts before the Active
Directory lockout limit is reached. The Security Edge Filter protects
the SIP traffic.
- Security Edge Filter provides an additional tier of account
- Security Edge Filter prevents password-guessing by
blocking authentication attempts after the number of failed
authentication attempts reaches a threshold.
- Even when the account is locked out by the Security
Edge Filter at the network perimeter, the user can still sign in to
Lync Server from within the corporate network or through a VPN. As a
result, the DDoS risk is substantially mitigated, with minimum
- Security Edge Filter can enforce that
remote users to sign in from a corporate-issued computer. By
blocking NTLM authentication, external users are forced to sign in by
using TLS-DSK authentication. It requires that a client certificate
be installed on the user's computer when it's connected to the
Security Web Filter is a Web application
firewall for Lync Server Web Services. It protects the Lync HTTPS traffic traversing the reverse
proxy. Similar to the Security Edge Filter, it protects against DDoS
attacks by enforcing a soft lockout in the network perimeter. The
Security Web Filter monitors Web traffic originating from the
Internet for potential attacks. In addition to Lync Web traffic, the
Security Web Filter can monitor authentication traffic from external
Exchange and SharePoint users.
The benefits are:
- Security Web Filter provides an additional tier of
account security, safely locking out the account at the network
perimeter without locking out the account inside the corporate
- Security Web Filter prevents password-guessing on the
extranet by blocking authentication attempts for that account after
the number of failed authentication attempts reaches a threshold.
- Security Web Filter monitors external traffic for XSS
attacks, SOAP attacks and XML attacks, and blocks those requests at
the network perimeter.
- The enterprise edition of the Security Web Filter
allows the administrator to block unauthorized Lync mobile devices
from signing in to Lync Server.
- When combined with the enterprise edition of the
Security Edge Filter, the lockout policy and logging can be centralized
with both products in a SQL database.
Top-10 Tips for
Click on image for
- WebRTC App
There has been much to do about Lync and WebRTC and real
customer applications. Here is just a simple example of a customer
situation and solution that we would all like to see from all our
browsers. This is from Bruce
Marler's blog post (click on image for Bruce's
blog). He points out that "WebRTC now has over 1.2 billion endpoints
enabled and is rapidly being deployed as a mechanism to bring both
voice and video collaboration (with no downloads) and also new
unique applications to the web (and example is SoundTrap which was
demo'ed by Google at the conference)."
Bruce also added, "WebRTC enables what customers
and enterprises have wanted from the web for years, real time
customer engagement combined with the ability to pass real time
contextual data to allow for a higher percentage of first call
resolution by the contact center which in turn means a higher
customer satisfaction rate."
I like this simple way of presenting a problem and
showing the solution especially a mobile solution.
Bottom-line - whether you are a
browser fan or app fan, either gives users a choice on whatever
device they have. If you have other Lync, WebRTC, UC,
smartphone or specialty device like Kindle, etc., please send them
along as partners and users alike are seeking to do more.
One Last Look XO MPLS Premium
CoS - Part 1
Thanks to John Haughton at XO Communications
spending time to explain their expanded MPLS-multi-protocol
label switching service with Premium Class of Service (Cos) that
provides 6 priority queues plus congestion avoidance for a small
premium. For most networks, experts generally agree
that 6 CoS levels aligned to jitter, delay and packet loss
sensitivity is ideal. For example, voice is very sensitive to delay and
jitter. Video is sensitive to delay but not so much to jitter.
Certain data traffic is not sensitive to either delay or jitter.
Adopting 6 CoS levels based on these criteria provide the
best balance between needs and provisioning and managing cost.
They do offer more than six priority queues, in fact, as many as you
like, for a little more money, of course. However, some
companies want their CEO to have their own CoS. Not for
everyone but if the LAN/VLAN can differentiate the traffic then why
not as it is time for IT managers to finally get serious about IP
traffic other than just "best efforts. Here are some
visuals which summarize their CoS offering. Click on any image
for more XO's solution.
of the more exciting features of the XO offering is they extend MPLS
to the CPE-customer premise equipment not just the edge of the
network. In addition, they also can add their SIP trunking
service to the same CPE which means one box can do it all and one
provider can provide both.
Bottom-line - CoS and QoS are
complex issues which most IT managers would not want to be bothered
with because frankly it takes too much time and staff they generally don't
have. Extending CoS to the customer location (CPE) helps the IT
manager/consultant provide a means to address quality especially as
video, web collaboration and "Big Data" comes to the
Next week, we will find out more
about how SIP trunking and MPLS fits together into a "unified
One Last Look WebRTC
Solutions Scenarios via Sonus
After doing the story last week on finding "common
ground" between SIP and WebRTC as a techexplorer I wanted to
know more. Sonus a leader in SBC-session border controllers just
issued a new book "WebRTC for Dummies" and this is the book
review version for your consideration. Sonus wrote, "Since the
developers have been able to provide extremely rich user interfaces.
There is little left that a web developer cannot build, with the gap
between web based application and "desktop" (or native OS)
applications ever narrowing in capability and usability. One of the last remaining activities, that is difficult
to accomplish in a web browser, is the exchange of real time data,
such as that necessary for making Voice or Video calls. Click on the image for the
just-released free book. It is possible today
with plugins, but until recently has not be achievable with the
native browser itself. Two standard bodies, the IETF and W3C, have
been working on standardizing the functionality that browsers should
implement to support the exchange of real time communication, this
functionality is called WebRTC for Web Real Time Communications.
WebRTC promises the ability to turn any compliant browser into a VoIP
(voice, video or even data) end point, extending the reach of web
based communications enormously." There is so much more to say
but you know I would rather "visualize" the "map"
of the technology."
Many thanks to Nancy Maluso from
Sonus along with Terry, Christie and other colleagues for
working with me on organizing their presentation into a Flash
here for details on
WebRTC-SIP certification courses.
Here are the six solutions
#1 - Enterprise Architecture
#2 - Enterprise Architecture
#3 - Multiple Backend Systems
#4 - Cloud Provider
#5 - Lync Integration
#6 - PSTN Off Net
Of course your situation may be different; however, what
I was most excited about what how WebRTC can seamlessly work with SIP
in IP-PBX environments such as Avaya, Cisco, ShoreTel and Lync. This
gives WebRTC an "overlay" approach rather
rip and replace. This is just the first part of many more
discussion on this rapidly evolving technology.
Click on any image for Flash
Here is Lync link up.
Sonus and others are working on providing the software linkages to
support WebRTC and Lync.
Bottom-line - WebRTC is a new game
not necessarily a game-changer. There are still many issues like
acceptance of a video CODEC standard and other
issues but these will get resolved and often be dynamic
depending on the user. WebRTC is built on a strong security foundation
which should have great appeal to both website owners and users.
Working with Sonus on this tutorial has been a great experience
allowing closer exploration on how WebRTC can fit into the evolving
corporate communications landscape from IP-PBX's to SDN-software
defined networking such as Lync and others. Development schedules and
developer shortages will be the driving or rather limiting WebRTC
diffusion as well demonstrating the "compelling feature"
exciting usage. Technically, WebRTC is also compatible
with SIP and could also be the real "mix" in offering cool
business communications solutions. On the business side,
CEBP-communications enhanced business processes a concept long-used
by Avaya, Microsoft and others reminds us to focus attention on not
just the technology but solving everyday business problems.
2014 should see many new communications apps and see the market
Here are some of the terms used in
the images above:
Provide HTML and Java Script to the Browser include WebRTC code
Host applications and services
Communicate to separately hosted applications via RestAPI
SDK-software development kit
requests for communications
Convert HTTP requests to SIP-session initiation protocol
Send SIP request to appropriate entity
May be part of SBC-session border controller
-Or attached to PBX or other comm components
Secure the network
Transcode media - audio CODEC matchups
Add CALEA - lawful intercept
Normalize SIP - all SIP is not equal
Implement and enforce network policy (routing rules)
May also host applications and services (e.g. Recording)
STUN & TURN
May be part of SBC
ICE-Interactive Connectivity Establishment is the "process"
that enables NAT (firewall) traversal and uses such protocols as
STUN-Simple Traversal of UDP Through NAT, TURN-Traversal Using Relay NAT
and Real Specific IP (RSIP).
- STUN- Simple Traversal of UDP-User Datagram Protocol - uses
discovery to provide public IP address and is a lightweight protocol
that allows applications to discover the presence and types of NATs
and firewalls between them and the public Internet. It also
provides the ability for applications to determine the public
IP-Internet Protocol addresses allocated to them by the NAT.
- TURN-Traversal Using Relay Network address translation provides the
solution for UDP traversal of symmetric NAT.
on the image for more details on STUN-TURN which is at the END of the
- Affordable, Available, Actionable & Tax Deductible
Certification, Social Media Contact Centers, Sales Professionals and
Complete SIP Professional Certification Program
Lyncosphere - "Lync Visualized" is released.
on image for Lyncosphere (uses Flash)
After a lot of beta testing and feedback this new
microsite that is designed for indepth explanations and explorations
of Lync by providers of Lync solutions and applications.
Here are some view comments:
is an innovative way to help sales, channel and end users
"see" how Lync works. This really helps me
engage with customers faster and get solutions understood by all the
Matt Jolly - Senior Support Engineer Vology.com
"Lyncosphere visualizes how
Lync works and helps you understand which 3rd party Lync solutions
are available to provide additional functionality to your Lync
Rui Maximo - CEO Lync-Solutions.com
"This is a very good - well
done indeed, it would be of great use to both channel partners and
end users evaluating Lync."
GreenPublisher, TelecomReseller/Usernews Publications - The
World's Leading News Source for Unified Communications,
Collaboration and Cloud www.telecomreseller.com
One Last Look WebRTC versus
SIP: Conflict or Common Ground
Most of you Lync fans are not engaged with WebRTC for
the very good reason that Microsoft and Google are not BFF to say the
least. WebRTC is a plot by Google which is not supported by
Microsoft, Apple or Opera to provide something I am still not sure
that customers really want - real-time voice communications via their
browser. Assume for a minute there are customers who think this is
important and hopefully don't have their own solution like the new
one from Amazon such as what they announced this week - Amazon
launches AppStream cloud service to deliver heavy-duty
mobile apps. In addition, Amazon's "Mayday" is a
genius bar " built into
every single Fire HDX. You click on the Mayday button and within 15
seconds you are connected to "live" agent who can answer
any question you have about the Fire. Live video support, 24 hours a
day, 365 days a year. Amazon has taken the concept of live chat to a
whole new level. AudioCodes announced adding native WebRTC support to its
IP Phones. This means AudioCodes can enable contact center solution
partners to effortlessly integrate remote, home and mobile contact
center agents, facilitating high definition voice quality calls with
consumers and customers calling via their browsers.
Alan Percy @AlanDPercy one of the few Lync leaders and thinker is giving
a talk next week at the WebRTC confab where he provides some
"common ground" where SIP and WebRTC can meet. This is
worth exploring because from my perspective while corporate customers
may want these features for their contact centers; developers still
have to build these apps which by all accounts there is a global
shortage. Click on the image below for Alan's preso.
- WebRTC like any "gold rush" has possible rewards, however
until IE and Safari to say the least at also "rushing" to
this solution, it may yet be another technology "in search
of" a user.
One Last Look
Avaya or Cisco PBX integration to Lync
Enabling Tech (ETC) conducted two webinars on Cisco and
Avaya PBX migration to Lync.
Here is one of the cool slides
which give you some practical and useful information for your own
Click on image for links to either webinar archive. As
ETC says, "Lync 2013 can lower communication costs and improve
productivity, and is Gartner Group's leader for Unified
Communications. But scrapping your existing PBX isn't always a prudent
decision just because Lync can handle enterprise voice functions.
Many companies integrate their PBX with Lync and leverage each for
their strong suits. If such a project is on your radar, come to this
spin-free discussion on how you can leverage your existing investments
and give your users an improved Unified Communications
Virtual Receptionist - Security
Door - Tradeshow Kiosk
Access and Greeter Registration
Systems using Microsoft Lync
Compatible with most PBX systems
User and dealer inquiries invited -
click here for more.
Certified SIP Professional and
Senior Certified SIP Technical Professional Testing Now Available
Certification Corporation (www.certificationcorporation.com) is proud to announce the availability of two SIP
certification testing and online, online and webinar training
programs. The CSP-Certified SIP Professional certification is
designed to review and test general and some technical knowledge with
50 questions. The Senior Certified SIP Technical Professional
(SCSTP) examination is designed to test advanced technical skills in
SIP. The exam consists of 70 multiple choice and true-false
questions. Both tests are designed to help in planning, design,
implementation, network assessment as well as security, diagnostics
Some though certainly not all of the topics on the
Senior Certified SIP Technical Professional examination include:
CODEC, DSP, Clipping, dipping, Queuing Delay, Network Propagation,
Serialization, Buffer Delay, Fragmentation, Interleaving, Voice
Payload, HSRP, Adaptive Jitter Buffer, Oversubscription, Voice
Activity Detector, White Noise, Comfort Noise, Noise Detectors, MOS,
E-model, Nyquist-Shannon, Framing, PCM, ADPCM, DSP, CODEC sampling,
Transcoding, Tandem encoding, Echo, Echo Loss, Short Tail, Hybrid,
SNR, CNR, RFI, Crosstalk, Shared Neutrals, RTCP-XR, SRTP, MD5, CMP,
POE, 802.1P, ALG, MSRP, IMS, WebRTC-Apps, SALT, SAML, Voice XML, RPC,
BICC, ISUP, IP Multimedia Subsystems and other topics.
you need iPhone, iPad, Android or Windows phone apps custom built for
your business applications or new ideas, we have proven experience
and U.S. based product/project management. Click on image for
for TECHtionary -- World's First and
Largest Animated Library on Technology with more than 3,015 animated
Lync is a Trademark of Microsoft. Unified
Communications Apps & Cloud Communications Forum is an independent
Training and other Marcom Programs, call 303-594-1694 or click
The User Forum provides classroom and webseminar training as well as a
non-production environment for those IT departments without additional
equipment, budget or time. This allows planners
and users to test ideas, dial in and dial back out, IM file
transfers, remote desktop sharing, video conferencing, run scenarios,
review logs, break linkages and learning about new telephony features and
network access. The User Forum is also designed for both the system
integrator/consultant who wants to learn about tech without having to
build their own system as well as the enterprise customer who doesn't
have the time, resources or knowledge to develop one. Coming soon,
User Forum Labs are designed to be "hands-on" or
"over-the-shoulder" with experts available for Q&A and
classes for feature-specific review.
About User Forum
The User Forum is a vendor-independent laboratory environment designed
for learning, technical guides, knowledge resources and online
"live" services. The User Forum provides planning,
project management, consulting, training, case studies, white papers,
speaking engagements, market/customer research, network planning and
Click here to contact.
(c) User Forum - all rights reserved.