I run into this all the time for various Windows-based telephony and UM 
systems. Cisco used to be this way also. Don't know if they still are. Two of 
the other vendors I work with are.

Lync has Enterprise Voice and it can be a complete replacement for a PBX, given 
an appropriate gateway to the PSTN.

Asterisk also has patching issues, don't let anyone fool you there... as far as 
I have seen, Microsoft does this better than anyone else.

-----Original Message-----
From: [email protected] [mailto:[email protected]] On 
Behalf Of Kurt Buff
Sent: Friday, July 19, 2013 7:01 PM
To: [email protected]
Subject: [NTSysADM] A little afield of the normal topic - ShoreTel installation

All,

We are using ShoreTel for our phone solution. Works well.

I have just recently upgraded from 10.2 to 11.2 to 12.3, after I moved it to a 
new VLAN - that was a bit of a late night...

However, it's running on an ancient SuperMicro server, on Server 2003 R2.

It's time to move it to a new Dell machine, running 2008 R2, and to get to the 
current version of 13.2.

I've looked at the prerequisites for installing 12.3, and am appalled at what 
they suggest, and was hoping for a bit of feedback from anyone here regarding 
this.

Here's what they want me to do:

o- Turn off the firewall - disable all of the profiles (Domain, Public and 
Private), then turn off and disable the service.
o- Turn off the Base Filtering Engine (disable the service)
o- Set DEP for essential Windows programs and services only
o- Turn off UAC
o- Do not apply patches released past a certain date, stating
          "When releasing a new build, ShoreTel publishes build notes listing 
the Microsoft
          patches that are certified against the build.  ShoreTel also 
highlights software
          changes required by the Microsoft patches. Note that no additional 
Microsoft
          updates should be applied to your ShoreWare server between ShoreTel 
builds. If
          you install Microsoft updates between ShoreTel builds, they may have 
an adverse
          effect on your telephone system.
          Disable Microsoft updates until you review the detailed certification 
provided with
          each release."


If you are running ShoreTel, have you run into this, and how do you protect 
your ShoreTel environment, other than firewalling the subnet that it's on?

To me, this seems like egregiously broken software, requiring me to reduce the 
security of the server to near zero.

Thoughts appreciated.

Kurt


Reply via email to