I just had a 3cx deployment done on one of client sites, they only pre=req was to turn off windows firewall- just to emphasize this is a mere 45 user voip system- no issues as of yet, and I will not install ANY Wupdates without verification. everyone seems happy thus far. When I crash and burn after jinxing myself I will post :)
Jean-Paul Natola > Date: Fri, 19 Jul 2013 19:22:50 -0700 > Subject: Re: [NTSysADM] A little afield of the normal topic - ShoreTel > installation > From: [email protected] > To: [email protected] > > On Fri, Jul 19, 2013 at 5:50 PM, Richard Stovall <[email protected]> wrote: > > What's the big deal? > > > > I run Shoreware Director in a VM and it works great. > > Not worried about virtualization, because I don't think our > infrastructure is ready to go yet - soon, though. > > > The bit about MS patches is just a cover. I've never, ever had a problem > > keeping my Director server up to date. (If I did have a problem, I would > > revert to the backup (that I always make) just before installing updates.) > > Always a good strategy. > > > The rest of it? Meh. Your LAN is isolated from the world and is generally > > secure, right? > > Uh, no, that's not my thought process. Layers of defense, and this > company is stripping me of several of those layers. That's seriously > the wrong approach for a vendor to take. > > > No non-admin can login to your Director server, right? > > As in via RDP or the console? Correct. That's small consolation (as it were.) > > If you mean via the management web interface, no, but I'm pretty sure > that's not what you're getting at. > > > All > > orgs are different, but we're of a size similar to yours (I think, but > > without the complication of overseas offices). It's one server with > > particular requirements. Do whatever you want, but be prepared to modify > > things if you have to engage ShoreTel support to fix a problem. For my > > money, it's easier to deal with it up front and comply, and I don't see any > > egregious security risks inherent in doing so. > > Yes, I did what I want, for my initial approach. I sent a polite but > stiff email to support@ and sales@, saying that the product until now > has been fine, and so has our reseller, but they (ShoreTel) really > need to clean up their act. I'm still debating with myself about my > best course of action. > > Overseas offices aren't a complication in this case, since they each > have their own key systems, which don't interoperate with our phone > system. > > > PS FWIW, Shoretel 13.x rocks if you have SIP trunks. > > I do look forward to it. I've got an SG-50 doing some SIP trunks - for > RightFax, as it happens, but I'll probably get more if it exposes some > cools stuff. > > Kurt > > > > > > On Fri, Jul 19, 2013 at 7:00 PM, Kurt Buff <[email protected]> wrote: > >> > >> All, > >> > >> We are using ShoreTel for our phone solution. Works well. > >> > >> I have just recently upgraded from 10.2 to 11.2 to 12.3, after I moved > >> it to a new VLAN - that was a bit of a late night... > >> > >> However, it's running on an ancient SuperMicro server, on Server 2003 R2. > >> > >> It's time to move it to a new Dell machine, running 2008 R2, and to > >> get to the current version of 13.2. > >> > >> I've looked at the prerequisites for installing 12.3, and am appalled > >> at what they suggest, and was hoping for a bit of feedback from anyone > >> here regarding this. > >> > >> Here's what they want me to do: > >> > >> o- Turn off the firewall - disable all of the profiles (Domain, Public > >> and Private), then turn off and disable the service. > >> o- Turn off the Base Filtering Engine (disable the service) > >> o- Set DEP for essential Windows programs and services only > >> o- Turn off UAC > >> o- Do not apply patches released past a certain date, stating > >> "When releasing a new build, ShoreTel publishes build notes > >> listing the Microsoft > >> patches that are certified against the build. ShoreTel also > >> highlights software > >> changes required by the Microsoft patches. Note that no > >> additional Microsoft > >> updates should be applied to your ShoreWare server between > >> ShoreTel builds. If > >> you install Microsoft updates between ShoreTel builds, they > >> may have an adverse > >> effect on your telephone system. > >> Disable Microsoft updates until you review the detailed > >> certification provided with > >> each release." > >> > >> > >> If you are running ShoreTel, have you run into this, and how do you > >> protect your ShoreTel environment, other than firewalling the subnet > >> that it's on? > >> > >> To me, this seems like egregiously broken software, requiring me to > >> reduce the security of the server to near zero. > >> > >> Thoughts appreciated. > >> > >> Kurt > >> > >> > > > >
