Alan, Usually the problem with trunking is with voice prioritization. Consider a separate internet connection just for voice services (easy fix for larger installs). You won't have that luxury or need if your gear is in the data center.
The PIX will work fine for your needs however it cannot prioritize SIP traffic. This is where pfSense might help. The Data Center is probably a good location if you are using SIP trunking as well... not such a good solution if your only connectivity is only through local PSTN. I don't think the mail server will cause too many issues for the limited number of users you are talking about. Do keep in mind that sendmail is on that the sipX box. Mike -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Alan McKay Sent: Friday, August 21, 2009 10:16 AM To: sipx-users Subject: [sipx-users] architecture decisions for new install Hey folks, I want to set up a SipX server for my new employer, and I have a few decisions to make on where to put it. Most of our employees are here at the main office in Ottawa - about 15 or 16 of us. We also have a half dozen remote workers in the US and Asia. Coming into our office we have a DSL and a Cable modem connection - not the best. About a year ago (before my time here) they tried a VOIP provider and dumped it. Though nobody has details on exactly what solution they were using, I gather that a large part of the problem was with trunking, which suggests that setting up the SipX server here in the office may not be a good idea. If I were to put it here, it would be behind a Clark Connect firewall, on a private IP. I did some searching on the list and see that Clark Connect seems to be able to handle this properly, is that right? In my case I could assign a public IP to my SipX server, with 1:1 NAT back to the actual private IP. My other option is to put the SipX server into our data center. I prefer the option because it is a Class A data center with full security, UPS backup and so on. Back in the big North American blackout of 2003, our data center just kept right on humming with their diesel backups. It also has several major backbones coming into it, so bandwidth should not be an issue. If I put it there, I have a couple of options. I could put it behind our Cisco PIX firewall (have not yet searched the list archive enough to know if this will work). It would have a private IP, with 1:1 NAT out to a realy public IP dedicated to it. What I would sooner do, though, is stick it right out "in the wild", and use the local Linux firewall. I know that this used to be a no-no, and again, have not yet searched. So, I'd like to put it outside our firewall, with a real IP address, and local firewall running. Good? Bad? Crazy as the birds? One further thing is this - if I put it into the data center, I'd like to double-up with a Postfix mail server. The hardware is a reasonably capable multi-core IBM 3550. The mail server is basically twiddling its thumbs most of the time with next to no load. As part of our business, we send out a nightly batch of about 100,000 emails (legitimate ones, to subscribers to our service), and even during that peak, my server monitoring tells me the CPUs are only about 25% loaded, and load average is only about 50% loaded - memory is another issue but I can add 8 more Gigs no problem. So, what should I do? What would you do? If Cisco PIX does not play nicely, and putting it "out into the wild" is not advisable, I could potentially add another firewall like Clark or pfSense. Probably the latter since we've been looking for an excuse to try it out anyway. BTW, we are a few software releases behind on the PIX but will be upgrading to the latest version later this month. cheers, -Alan -- "Don't eat anything you've ever seen advertised on TV" - Michael Pollan, author of "In Defense of Food" _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/ _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
