Voice over IP (VoIP) technology is the principal technology for supporting converged or unified communications. In addition to the infrastructure vulnerabilities that plague traditional telephony-based systems, VoIP-based systems suffer from a number of other issues. Before you invest in VoIP, or if you're already using VoIP, the following tips will help you protect your investment if a disaster occurs.
- Cyber attack -- This occurs mainly in the form of distributed denial of service (DDoS) attacks and can disable VoIP systems. Use the same kind of security provisions for VoIP (e.g., firewalls, intrusion detection systems) that you would for your data network perimeter.
- Quality of service (QoS) -- The nature of voice traffic is different from data traffic,
in that it's largely random. Data traffic is often more predictable and can be managed effectively.
QoS is necessary to ensure that voice traffic is processed in the network the same as it would be
in a non-IP environment. QoS issues can be exacerbated during disaster conditions, since VoIP
requires a constant bit rate and low latency.
From an external perspective, a complete loss of access to the Internet means the VoIP system will be disabled until Internet access has been restored. Upon restoration of access to the bandwidth from a customer premise to the Internet, be sure to monitor VoIP and data traffic carefully to ensure QoS has been restored.
From an internal perspective, a disruption of an internal data network means that VoIP will have to wait until the network is restored. While the VoIP system is disabled, cell phones can be an effective option. In addition to running VoIP traffic on a different subnet than data traffic, you should work closely with your VoIP and network service vendors to address this issue.
- Firewalls and network address translation (NAT) -- As your VoIP environment is a true data network, these elements may impede call setup and degrade voice quality to unacceptable levels. VoIP firewalls are generally like other firewalls, but they can protect against threats to voice traffic as well as data traffic. Just make sure the VoIP firewall supports the two most common VoIP protocols, H.323 and Session Initialization Protocol (SIP). Firewalls should also support NAT.
- Network congestion -- If external networks, such as the Public Switched Telephone Network (PSTN) or Internet, are experiencing excessive traffic volumes, congestion can occur. This can occur in a disaster where major switching centers are damaged and data networks are inundated by extremely high traffic volumes. Check with your network providers to determine how they handle congestion and ask your VoIP vendor for suggestions.
- Restricted, poisoned or unavailable DNS or DHCP -- Again, recognizing that your VoIP system utilizes Internet protocols, loss of access to DNS (which resolves IP addresses) and DHCP (which issues IP addresses on the LAN) can impact call setup and user access to VoIP systems. One way to protect these services is to install "identity appliances" such as those from Infoblox Inc., which increase the speed and reliability of DNS and DHCP via dedicated hardware. Be sure to ask your system vendor for its solutions.
- Internet connectivity -- Loss of Internet access means your VoIP system will be disabled. One way to address this is to have alternate access arrangements to the Internet, either through a diversely routed physical path to the local carrier or satellite-based access. Contact your local carrier and ISP(s) for their suggestions.
- PSTN connectivity -- Similar to the previous situation, you should consider installing physically separate network access to your local telco. Options for this include diverse access to a SONET network with multiple central offices on the ring and network re-routing, satellite-based access and line-of-sight microwave transmission from your location to a carrier's office. It may be useful to install a cell site on wheels (COW) so that you can obtain wireless network access.
- Bandwidth provisioning -- Assuming a backup site is in place, ensure that sufficient PSTN bandwidth (e.g., T-1 or ISDN circuits) is available to handle the increase in traffic at the alternate site.
- User provisioning -- Make sure that the backup VoIP site is pre-configured with the current user database, which includes their service configurations, to minimize transition time.
- Database protection -- The database supporting your VoIP system is very important for recovery. While the system database will be available on the system, be sure that your equipment vendor has a current copy and stores backup copies in a secure location.
- Location and path diversity -- Review external network configuration options to ensure that sufficient alternate routes are available to provide path and location diversity. The time needed to install new paths could be weeks and possibly months following a disaster.
- Carrier network disaster plans -- Ask your network providers to show you how they plan to recover and restore their networks. Integrate this information in your data network recovery plans.
- Vendor disaster recovery capabilities -- Most VoIP equipment vendors have well-defined
disaster recovery service options to help minimize system downtime. Cisco Systems
Inc.'s IP Telephony Disaster Recovery System, for example, provides detailed instructions on
how to recover Call Manager servers.
To facilitate recovery, Cisco advocates maintaining backup copies of the system and database in secure areas. ShoreTel Inc., another leading VoIP vendor, provides automatic recovery by failing over to another server on site. Service level agreements (SLAs) are also advisable to ensure your system can be recovered as soon as possible.
- Loss of network synchronization -- Data networks require synchronization to a reputable network clocking source. Loss of synchronization, albeit an infrequent occurrence, can totally disable your system. Check with your equipment vendor and network provider to see how they will handle it.
- Install the equipment in secure areas -- Most VoIP systems are a series of specialized servers with modules that handle stations and network connectivity. As they are typically installed in standard 19-inch racks, make sure backup power (UPS) and secure (locked) cabinets are provided. If you have multiple server closets, install VoIP equipment there.
- Build VoIP disaster plans -- Despite all the disaster recovery options available from
vendors and carriers, make sure you have a disaster recovery plan in place to handle an unplanned
outage. If you have multiple locations, all using VoIP, you can redirect your service to another
location. If you have only one location, check with your equipment and network suppliers for their
Third-party service providers, such as GTC Networks, TeleContinuity Inc. and VoiceGard, are also available to back up your VoIP system. If your VoIP system fails, your system should continue to operate, since each node has a copy of the VoIP system and assuming there is no damage to the network infrastructure. If all nodes fail, the recovery typically begins with re-establishing an initial server and then restoring the other servers.
If you are using a managed service arrangement, you will need to have service from your office redirected to the alternate facility, typically by contacting your local carrier and having traffic diverted to the alternate site. These arrangements should be made well in advance to avoid unnecessary downtime. Since your VoIP infrastructure will operate within your data networks, consider integrating VoIP recovery into your network and/or IT disaster plans. And don't forget to periodically test your VoIP recovery capabilities.
Protect your investment in VoIP technology against threats from outside and inside your organization just as you would any other server holding mission-critical information. This includes physical security, intrusion detection, network segmentation and firewalls. The rapid growth and acceptance of VoIP means that the industry will continue to be very dynamic, so be sure to keep an eye on developments in this important area.
Paul F. Kirvan, FBCI, CBCP, CISSP, has more than 20 years experience in business continuity management as a consultant, author and educator. He is also secretary of the Business Continuity Institute USA Chapter.
Do you have comments on this tip? Let us know. Please let others know how useful this tip was via the rating scale below.
Do you know a helpful storage tip, timesaver or workaround? Email the editors to talk about writing for SearchDisasterRecovery.com.
This was first published in February 2009