Voice
over IP (VoIP) technology is the principal technology for supporting converged or unified
communications. In addition to the infrastructure vulnerabilities that plague traditional
telephony-based systems, VoIP-based systems suffer from a number of other issues. Before you invest
in VoIP, or if you're already using VoIP, the following tips will help you protect your investment
if a disaster occurs.
- Cyber attack -- This occurs mainly in the form of distributed denial of service (DDoS)
attacks and can disable VoIP systems. Use the same kind of security provisions for VoIP (e.g.,
firewalls, intrusion detection systems) that you would for your data network perimeter.
- Quality of service (QoS) -- The nature of voice traffic is different from data traffic,
in that it's largely random. Data traffic is often more predictable and can be managed effectively.
QoS is necessary to ensure that voice traffic is processed in the network the same as it would be
in a non-IP environment. QoS issues can be exacerbated during disaster conditions, since VoIP
requires a constant bit rate and low latency.
From an external perspective, a complete loss of access to the Internet means the VoIP system
will be disabled until Internet access has been restored. Upon restoration of access to the
bandwidth from a customer premise to the Internet, be sure to monitor VoIP and data traffic
carefully to ensure QoS has been restored.
From an internal perspective, a disruption of an internal data network means that VoIP will have
to wait until the network is restored. While the VoIP system is disabled, cell phones can be an
effective option. In addition to running VoIP traffic on a different subnet than data traffic, you
should work closely with your VoIP and network service vendors to address this issue.
- Firewalls and network address translation (NAT) -- As your VoIP environment is a true
data network, these elements may impede call setup and degrade voice quality to unacceptable
levels. VoIP firewalls are generally like other firewalls, but they can protect against threats to
voice traffic as well as data traffic. Just make sure the VoIP firewall supports the two most
common VoIP protocols, H.323 and Session Initialization Protocol (SIP). Firewalls should also
support NAT.
- Network congestion -- If external networks, such as the Public Switched Telephone
Network (PSTN) or Internet, are experiencing excessive traffic volumes, congestion can occur. This
can occur in a disaster where major switching centers are damaged and data networks are inundated
by extremely high traffic volumes. Check with your network providers to determine how they handle
congestion and ask your VoIP vendor for suggestions.
- Restricted, poisoned or unavailable DNS or DHCP -- Again, recognizing that your VoIP
system utilizes Internet protocols, loss of access to DNS (which resolves IP addresses) and DHCP
(which issues IP addresses on the LAN) can impact call setup and user access to VoIP systems. One
way to protect these services is to install "identity appliances" such as those from Infoblox Inc.,
which increase the speed and reliability of DNS and DHCP via dedicated hardware. Be sure to ask
your system vendor for its solutions.
- Internet connectivity -- Loss of Internet access means your VoIP system will be
disabled. One way to address this is to have alternate access arrangements to the Internet, either
through a diversely routed physical path to the local carrier or satellite-based access. Contact
your local carrier and ISP(s) for their suggestions.
- PSTN connectivity -- Similar to the previous situation, you should consider installing
physically separate network access to your local telco. Options for this include diverse access to
a SONET network with multiple central offices on the ring and network re-routing, satellite-based
access and line-of-sight microwave transmission from your location to a carrier's office. It may be
useful to install a cell site on wheels (COW) so that you can obtain wireless network access.
- Bandwidth provisioning -- Assuming a backup site is in place, ensure that sufficient
PSTN bandwidth (e.g., T-1 or ISDN circuits) is available to handle the increase in traffic at the
alternate site.
- User provisioning -- Make sure that the backup VoIP site is pre-configured with the
current user database, which includes their service configurations, to minimize transition
time.
- Database protection -- The database supporting your VoIP system is very important for
recovery. While the system database will be available on the system, be sure that your equipment
vendor has a current copy and stores backup copies in a secure location.
- Location and path diversity -- Review external network configuration options to ensure
that sufficient alternate routes are available to provide path and location diversity. The time
needed to install new paths could be weeks and possibly months following a disaster.
- Carrier network disaster plans -- Ask your network providers to show you how they plan
to recover and restore their networks. Integrate this information in your data network recovery
plans.
- Vendor disaster recovery capabilities -- Most VoIP equipment vendors have well-defined
disaster recovery service options to help minimize system downtime. Cisco Systems
Inc.'s IP Telephony Disaster Recovery System, for example, provides detailed instructions on
how to recover Call Manager servers.
To facilitate recovery, Cisco advocates maintaining backup copies of the system and database in
secure areas. ShoreTel Inc., another leading VoIP vendor, provides automatic recovery by failing
over to another server on site. Service level agreements (SLAs) are also advisable to ensure your
system can be recovered as soon as possible.
- Loss of network synchronization -- Data networks require synchronization to a reputable
network clocking source. Loss of synchronization, albeit an infrequent occurrence, can totally
disable your system. Check with your equipment vendor and network provider to see how they will
handle it.
- Install the equipment in secure areas -- Most VoIP systems are a series of specialized
servers with modules that handle stations and network connectivity. As they are typically installed
in standard 19-inch racks, make sure backup power (UPS) and secure (locked) cabinets are provided.
If you have multiple server closets, install VoIP equipment there.
- Build VoIP disaster plans -- Despite all the disaster recovery options available from
vendors and carriers, make sure you have a disaster recovery plan in place to handle an unplanned
outage. If you have multiple locations, all using VoIP, you can redirect your service to another
location. If you have only one location, check with your equipment and network suppliers for their
solutions.
Third-party service providers, such as GTC Networks, TeleContinuity Inc. and VoiceGard, are also
available to back up your VoIP system. If your VoIP system fails, your system should continue to
operate, since each node has a copy of the VoIP system and assuming there is no damage to the
network infrastructure. If all nodes fail, the recovery typically begins with re-establishing an
initial server and then restoring the other servers.
If you are using a managed service arrangement, you will need to have service from your office
redirected to the alternate facility, typically by contacting your local carrier and having traffic
diverted to the alternate site. These arrangements should be made well in advance to avoid
unnecessary downtime. Since your VoIP infrastructure will operate within your data networks,
consider integrating VoIP recovery into your network and/or IT disaster plans. And don't forget to
periodically test your VoIP recovery capabilities.
Protect your investment in VoIP technology against threats from outside and inside your
organization just as you would any other server holding mission-critical information. This includes
physical security, intrusion detection, network segmentation and firewalls. The rapid growth and
acceptance of VoIP means that the industry will continue to be very dynamic, so be sure to keep an
eye on developments in this important area.
Paul F. Kirvan, FBCI, CBCP, CISSP, has more than 20 years experience in business continuity
management as a consultant, author and educator. He is also secretary of the Business Continuity
Institute USA Chapter.
Do you have comments on this tip? Let us
know. Please let others know how useful this tip was via the rating scale below.
Do you know a helpful storage tip, timesaver or workaround? Email the editors to talk about
writing for SearchDisasterRecovery.com.