Kurt wrote: > We are using ShoreTel for our phone solution. Works well. >
One thing you can say about ShoreTel is that they have a solid platform. We've been running it for years. > I've looked at the prerequisites for installing 12.3, and am appalled > at what they suggest, and was hoping for a bit of feedback from anyone > here regarding this. > > Here's what they want me to do: > > o- Turn off the firewall - disable all of the profiles (Domain, Public > and Private), then turn off and disable the service. You do NOT Have to turn off the firewall. I call BS. > o- Turn off the Base Filtering Engine (disable the service) My BSE is still on, and I just upgraded to 13.3. > o- Set DEP for essential Windows programs and services only Looks like I still have DEP enabled... > o- Turn off UAC I installed ShoreTel Director (or server now, whatever) using our Domain Administrator account, which by default had UAC disabled. Other than that, the server has UAC on, and all of the clients have it on too. No problems. > o- Do not apply patches released past a certain date, stating > "When releasing a new build, ShoreTel publishes build notes > listing the Microsoft patches that are certified against the build. ShoreTel > also > highlights software changes required by the Microsoft patches. Note that no > additional Microsoft updates should be applied to your ShoreWare server > between > ShoreTel builds. If you install Microsoft updates between ShoreTel builds, > they > may have an adverse effect on your telephone system. Disable Microsoft > updates until you > review the detailed certification provided with each release." I do have automatic updates turned off. We schedule updates when we can afford downtime, as it seems like there is never a good time to reboot a server. That being said, I have never checked the "ShoreTel Published List of Microsoft Patches". This is them covering their ass. > > If you are running ShoreTel, have you run into this, and how do you > protect your ShoreTel environment, other than firewalling the subnet > that it's on? We have AV running, but excluded the directories they suggest in their documentation. (C:\Shoreware Data, etc...) > To me, this seems like egregiously broken software, requiring me to > reduce the security of the server to near zero. Think of it more of a "We need an excuse if it's not working" strategy by their lawyers. > Thoughts appreciated. I had a small business ask me for a phone system, and I suggested both the ShoreTel solution and a FortiVoice solution. They chose the FortiVoice, as it was much less expensive. I must say, the FortiVoice works fairly well for them. If we were not so heavily invested in ShoreTel's hardware and Licensing, we would be heavily evaluating other solutions in comparison to ShoreTel. But because A) we are so invested and B) it has worked near-flawlessly, we have no reason to move. > Kurt --Matt Ross Ephrata School District ----- Original Message ----- From: Kurt Buff [mailto:[email protected]] To: [email protected] Sent: Fri, 19 Jul 2013 16:00:40 -0800 Subject: [NTSysADM] A little afield of the normal topic - ShoreTel installation > All, > > We are using ShoreTel for our phone solution. Works well. > > I have just recently upgraded from 10.2 to 11.2 to 12.3, after I moved > it to a new VLAN - that was a bit of a late night... > > However, it's running on an ancient SuperMicro server, on Server 2003 R2. > > It's time to move it to a new Dell machine, running 2008 R2, and to > get to the current version of 13.2. > > I've looked at the prerequisites for installing 12.3, and am appalled > at what they suggest, and was hoping for a bit of feedback from anyone > here regarding this. > > Here's what they want me to do: > > o- Turn off the firewall - disable all of the profiles (Domain, Public > and Private), then turn off and disable the service. > o- Turn off the Base Filtering Engine (disable the service) > o- Set DEP for essential Windows programs and services only > o- Turn off UAC > o- Do not apply patches released past a certain date, stating > "When releasing a new build, ShoreTel publishes build notes > listing the Microsoft > patches that are certified against the build. ShoreTel also > highlights software > changes required by the Microsoft patches. Note that no > additional Microsoft > updates should be applied to your ShoreWare server between > ShoreTel builds. If > you install Microsoft updates between ShoreTel builds, they > may have an adverse > effect on your telephone system. > Disable Microsoft updates until you review the detailed > certification provided with > each release." > > > If you are running ShoreTel, have you run into this, and how do you > protect your ShoreTel environment, other than firewalling the subnet > that it's on? > > To me, this seems like egregiously broken software, requiring me to > reduce the security of the server to near zero. > > Thoughts appreciated. > > Kurt > > >
