I run into this all the time for various Windows-based telephony and UM systems. Cisco used to be this way also. Don't know if they still are. Two of the other vendors I work with are.
Lync has Enterprise Voice and it can be a complete replacement for a PBX, given an appropriate gateway to the PSTN. Asterisk also has patching issues, don't let anyone fool you there... as far as I have seen, Microsoft does this better than anyone else. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Kurt Buff Sent: Friday, July 19, 2013 7:01 PM To: [email protected] Subject: [NTSysADM] A little afield of the normal topic - ShoreTel installation All, We are using ShoreTel for our phone solution. Works well. I have just recently upgraded from 10.2 to 11.2 to 12.3, after I moved it to a new VLAN - that was a bit of a late night... However, it's running on an ancient SuperMicro server, on Server 2003 R2. It's time to move it to a new Dell machine, running 2008 R2, and to get to the current version of 13.2. I've looked at the prerequisites for installing 12.3, and am appalled at what they suggest, and was hoping for a bit of feedback from anyone here regarding this. Here's what they want me to do: o- Turn off the firewall - disable all of the profiles (Domain, Public and Private), then turn off and disable the service. o- Turn off the Base Filtering Engine (disable the service) o- Set DEP for essential Windows programs and services only o- Turn off UAC o- Do not apply patches released past a certain date, stating "When releasing a new build, ShoreTel publishes build notes listing the Microsoft patches that are certified against the build. ShoreTel also highlights software changes required by the Microsoft patches. Note that no additional Microsoft updates should be applied to your ShoreWare server between ShoreTel builds. If you install Microsoft updates between ShoreTel builds, they may have an adverse effect on your telephone system. Disable Microsoft updates until you review the detailed certification provided with each release." If you are running ShoreTel, have you run into this, and how do you protect your ShoreTel environment, other than firewalling the subnet that it's on? To me, this seems like egregiously broken software, requiring me to reduce the security of the server to near zero. Thoughts appreciated. Kurt
