Tuesday, December 9, 2008

SonicWALL NSA & CDP Year End Deals ...

Hey everyone. Again I have been noticeably absent from posting to my blog. I am so busy I  have to plan out every minute of the day. I am so excited about SonicWALL's year end deals I just had to make a quick post and share the details with everyone.

Near the end of the quarter I always call up my reps at SonicWALL and look for some great deals. Here is what is happening right now.

  • A package including a SonicWALL NSA 3500 with one year of C0mprehensive Gateway Security Services and a free SonicWALL SSL-VPN 200 with 24 x 7 support for one year is going for about $3100.00.  Retail price on this package is about $6500.
  • A package including a SonicWALL NSA 5400 with one year of Comprehensive Gateway Security Services and a free SonicWALL SSL-VPN 2000 with 24 x 7 support for one year is going for about $6100.00. Retail price on this package is about $11,400.
  • A package including the new CDP 5040 backup appliance with a total of 3 Terabytes of back-up storage and one year of 24 x 7 support for about $8500.00. Retail price is about $11,900.
  • A package including the new CDP 6080 backup appliance with a total of 3 Terabytes (expandable to 6 Terabytes) of back-up storage and one year of 24 x 7 support for about $9400.00. Retail price on this package is about $13,600.

All these deals go away at the end of the year. If you have some budget left and want to save a ton of money, drop me a line. I will be glad to get you one of these deals. Thanks again for reading my blog.

Friday, November 7, 2008

A New Look for My Blog ...

For those of you that have read my blog, you may notice that I have moved to Blogger from Microsoft Live Spaces. The move was precipitated by Microsoft taking my site offline for an alleged acceptable use violation. Needless to say, there was no violation. Someone was just not careful nor did they tell me before the site was taken down.

This is totally unacceptable! I am still back-posting so all my historical content is available. It is not an easy thing to do. Over all I like Blogger so far. I still have a lot of work to do to get it the way I want it. The old MS Live Spaces site is back and working. I am not going to post anything more than an I have moved message. All of my new posts will be here from now on. I just can't afford to have someone take my blog down again without notice and have done it with no valid reason.

Thanks for reading and stay tuned for more soon.

Friday, October 24, 2008

A Needed Microsoft Security Patch Delivered Out of Band

I received an alert from Microsoft last night that a new security patch has been made available. It is not often that patches are delivered out of band of the normal process. The patch revolves around a vulnerability in many Microsoft Operating Systems. The full list and deeper details can be found here. What happens is that with a carefully crafted RPC instruction, executables can be run on the affected server or workstation.

I have already applied the patch in house and all looked good. I just finished customer wide deployment and feel much better now that the word is out on the vulnerability. If you support a network you should get this patch out right away. It is already available for all needed system on Windows and Microsoft Update.

Monday, October 20, 2008

Have a Response Point? Time to go SIP!

In one of my last posts I talked about how since service pack one, users could now add SIP trunks, or in simple English, external phone numbers for the VoIP unit that are provided over your existing WAN connection. This is a major development for Response Point and an evolution of the system into a real market player.

Microsoft has had a team on the road for what seems like all year. After each show we seem to learn a little more about new relationships Microsoft had been making with VoIP SIP providers. I have been looking at these providers in great detail and to date have seen that there are two real players with networks that are ready and up to speed. The first is NGT and the second is Bandwidth.com.

The first provider I have worked with is NGT. They have a great business model for SMB Managed Service Providers such as myself. They have a setup that allows me to resell the service and handle the entire transaction from contracts to provisioning all over the reseller portal. We are paid on an ongoing basis as long as the customer maintains service. This is very powerful. When vendors help make us profitable we can add to the services we provide. They take the front line trouble calls and if a problem involves the local network will escalate the issue and get us involved right away. They also provide an Internet based desktop fax service. If you do a lot of faxing, this is an incredible tool. Their partner program has some real polish and a lot of support and training to make sure what we sell we can deliver. NGT has a pretty well established network through a partnership with Level 3 Networks. The only issue we have had to date is my first client was in a very remote location. Due to that, NGT could not provide E911. That prevented the order from  processing because NGT follows FCC guidelines very closely. If they can't provide E911, they will not activate the order. I still plan to continue to offer NGT as a choice for my customers and plan to make them a long term partner.

The second provider I have worked with is Bandwidth.com. Bandwidth.com provides SIP service just as NGT does and they also have a business model that allows me to resell the Bandwidth.com brand. Something a little different about though, is Bandwidth.com also allows us to resell data circuits of every possible shape and type and includes virtually all available speeds. I can see a strong advantage in being able to bring these services together for both billing and support. While at SMB nation I had the chance to meet with the Channel Manager, Jeff Uphughs. Jeff was excited to sit down and chat due to the problems we had being Bandwidth.com's first Response Point deployment. He and his team wanted to be certain all was well. He was totally aware of the problems we had and wanted to be absolutely sure the issues were fixed and that both me and my customer were happy. We are and must say I was impressed. Later during the SMB Nation event we spoke again and the topic of the Church IT Round Table came up. I was planning to speak about Response Point for one the topic bazaar. Without asking, Jeff not only lined up a Bandwidth.com rep to come out to the event, he sent out a Syspine Response Point demo unit as my previously planned equipment loaner fell through. Way to step up to the plate and help a new partner!

So what does this mean to you? Do you have an aging analog phone system? Are you paying more than 15 to 20 dollars per phone line per month? If you answer yes, you have an opportunity to upgrade a 10 phone PBX system for less than 3,500 bucks. It will add rich desktop features and integration with local address books. It will provide you with a phone system that has rich voice activation for nearly all its features. Finally, some of you may be paying as much as 60 dollars for a single phone line per month. Bottom line...there may be a state of the art solution out there for you and with SIP phone line service there is the potential to save as much as 45 dollars per month per phone line. That is some serious money over time.

I hope this post is informative for those who took the time to read it. If you want more information, please feel free to contact me via my blog. Thanks for visiting.

 

Friday, October 17, 2008

It is time to get back in the saddle

Hey there my loyal readers. It has been a long time since I last posted. Last spring I wrote about the Microsoft Response Point VoIP PBX. Generally, I have been pretty pleased with the unit. Like any other VoIP, the unit does require a well managed network. I have seen some issues where the network is lacking a professional polish. If the network is very jittery or has a poor design, then voice quality does suffer. Besides these obvious pre-requisites to smooth operations, it has been simple to deploy and has a great feature set.

Back in April at the SMB Summit, the Response Point team from Microsoft indicated that with Service Pack 1 there would be SIP trunking available rather than just a PTSN (copper) gateway for external true VoIP access.

One of my installations with copper lines had decided to relocate. Their phone provider could no longer service their voice needs. I looked at the choices and since they had the Response System already installed and working, it seemed like going SIP was worth looking into. The services offered from the approved list vary quite a bit. NGT seemed to be the most plugged of the Microsoft SIP partners. I went ahead and set up myself as a dealer and had everything signed, sealed, and ready to go. To my dismay, NGT had to back out of the order because they could not provide E911 service to the area my customer was moving to. This happened with only a week left before the move.

Needless to say, I really had to scramble if I was going to make this happen and save face with my customer.  Just as if God's was listening, I received an email from the Response Point Team. It mentioned that Bandwidth.com was now certified to work with the Response Point PBX. I gave them a call and they confirmed that they were ready for Response Point and had FCC compliant E911 coverage at the location my client was moving to.

There is a caveat to the hooking up the Response Point or any other VoIP PBX to established SIP providers. They want to see a gateway on your Internet circuit that they know and recommend. There are two reasons they have this requirement. The first is that the SIP providers want to have a demarcation point ahead of your network so they are able to troubleshoot voice quality issues. The second is it is an absolute requirement that a gateway device is doing bandwidth-shaping to give enough dedicated space on the WAN circuit to voice calls. NGT and Bandwidth.com both use and recommend the Edgewater Edgemarc. The device is going to add about $395.00 to the total cost of the project but it allows the SIP providers to look at the device and see MOS scores which are a sure measure on the voice quality of the connection.

The problem most will see right away is that you already have a firewall and do not want another one in line forcing dual NAT. The good news is that there is a simple configuration that works and will keep all your data moving out an existing firewall that does a better job at robust security. The trick is Proxy ARP. It allows you to take a single IP and assign it to your SIP trunk. You can then take the rest of your IP's and proxy them in their public format directly to whatever your primary firewall solution is. The Edgemarc is still the first device in line and it has the ability to shape your data as needed to provide crystal clear voice over the Internet.

Now, let's get back to my recent conversion scenario. The project went pretty smooth and Bandwidth.com did a great job getting the provisioning complete in time. However, I was to be the first live activation of a Response Point PBX for Bandwidth.com and some problems did follow. Many IP PBX's, such as Response Point, use registration as the methodology to notify the SIP provider that the unit is there and ready to receive calls. Bandwidth.com does not depend on registration and the only way to get Bandwidth.com set up as the SIP provider for a Response Point system is to set-up registration. Watch for a future posting that goes into more details on exactly how this works and how it must be setup on both the Response Point and at Bandwidth.com. After activating the SIP trunk, I was not getting consistent voice service. My client called me as I was walking down the jet ramp on my Chicago flight to Seattle for SMB Nation. I was able get the calls forwarded right away before takeoff. Once in Seattle I call my dedicated reseller team and they hooked me up with Shawn Starler. He stayed on the phone with me way past his normal end of shift. He figured out that they had a problem on their end and once the new process for a Response Point was put in place the circuit came right up and worked great. It is so fast you do not even get a ring when you call in the system. It is picked up by the auto-attendant instantly.

I am really happy to see the Response Point system growing as rapidly as it is. It looks like it will soon grow beyond the initial limits of 50 to 75 users. I will be posting more about Response Point soon. We have decided to become Response Point Specialist and go all in on the product for our customers. Stay tuned for more. If you are looking for SIP trunks or more bandwidth, I am highly recommending Bandwidth.com. I encourage any of my readers to contact me for more information on getting setup with Bandwidth.com. I will be glad to help. Again stay tuned for more interesting stuff now that I am back on the wagon and committed to at least a couple of articles a week.

Thanks for visiting!

 

Saturday, August 2, 2008

Setting up RPC over HTTP (S) - Quick & Simple

I have seen several good articles out there on how to set up RPC over HTTP(S). Some of them are pretty verbose and are written for guys who work with MS Exchange on a daily basis. RPC over HTTP(S) is very powerful and has a multitude of setup possibilities depending on the complexity of your MS Exchange Organization. I think many of you out there have a pretty strait forward setup with  just a single MS Exchange Server. You just want a concise step by step on what to do to get RPC over HTTP(S) working quickly. Here is the quick and simple process.

Let's preface the scenario before I give you these steps. Here are the prerequisites:

  • You have a single 2003 MS Exchange Server (no front end server).
  • Your 2003 MS Exchange Server is not serving as a Domain Controller.
  • You have one or more separate Domain Controllers acting with the AD FSMO Role of Global Catalog.

Here is the step by step...

  1. Purchase a Publicly Trusted Certificate for your MS Exchange Server. I can't stress this enough. If you try to use self-signed certificates to secure your 2003 MS Exchange web services it will just produce headaches and extra work for your end users. Technically savvy users will be ok but every day users will not. I recommend DigiCert for your certificate purchases. Their prices are a bargain and I have never had any trouble with their certificates being trusted. If you just need one or two than I recommend the DigiCertSSL. It is only $144.00 per year per certificate. They also offer all kinds of other options including wild-card certificates and specially priced bundles. Take a look at the DigiCert Web Site for more details.

On your 2003 MS Exchange Server:

  1. Install and test that your certificate is installed and comes up as trusted. The easiest way to do this is bring up OWA or some other 2003  MS Exchange web service from outside your network. Make sure the browser has the padlock indicating it is secure and that the certificate listed is the certificate from your selected provider.
  2. There is a component that must be installed called RPC over HTTP Proxy. It is installed from the Add/Remove Programs Panel. After opening the panel, select Add/Remove Windows Components. image                   Open Networking Services and select RPC over HTTP Proxy.image                   Click OK, Next, & Finish.
  3. Configure the MS Exchange RPC Web Services for Basic Authentication and SSL. Open the Internet Information Services Manager and expand the Default Web Site. Right-Click the RPC Virtual Directory.image               Select the Directory Security Tab and uncheck Enable anonymous access. Next, check only Basic Authentication under the Authenticated Access section.image              Click OK . From the Directory Security tab click edit under the Secure Communications section. Check Require secure channel (SSL) and Require 128-bit encryption. Click OK, OK and then close IIS.image 
  4. Configure RPC to use required ports for RPC over HTTP(S). This step requires editing the registry on your 2003 MS Exchange Server. I highly recommend that you make a back-up of the registry before making any changes. Open up the registry editor (regedit from the run command box) and browse down to the registry key: HKLM\SOFTWARE\MICROSOFT\RPC\RPCPROXYimage                The registry key we are going to modify is ValidPorts. The key should already be present. We need to modify the key to set up RPC over HTTP(S) to use the port range 6001-6002 and port 6004 for NETBIOS and DNS FQDN connections to your MS Exchange server. Right Click the ValidPorts key and choose modify. In the field data add your server's NETBIOS and DNS FQDN entries for the prescribed ports as I have them set in the sample. Just replace the sample NETBIOS and DNS FQDN names with the names from your MS Exchange server.   server:6001-6002;server.domain.local:6001-6002;server:6004;server.domain.local:6004                                           Once your modifications are complete close the registry editor.
  5. Set the MS Exchange Server as an RPC-HTTP Back End Server. The final setting to make to the MS Exchange server is to configure it as the RPC-HTTP Back End Server for your Exchange Organization. Open the MS Exchange System Manager. Drill down through Administrative Groups, Your Exchange Organization Name, Servers, Your MS Exchange Server Name. Right click on your MS Exchanger server and select properties. Click on the tab labeled RPC-HTTP.          image          Select RPC-HTTP back-end server. Click OK and close the MS Exchange System Manager.

On all Domain Controllers acting as Global Catalogs

  1. Specify a static port for the Name Service Provider Interface (NSPI) for all Global Catalogs in the Domain. Depending on the size of your network you may have just one Domain Controller with the FSMO Role Global Catalog (GC). However if you have more than a single Domain Controller there may be more than a single GC. The following registry entries will have to be made on any Domain Controller with GC FSMO Role enabled. On your     GC('s) open the registry editor (regedit from the run command box). Browse down to the registry key: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ NTDS\PARAMETERSimage The registry key needed will not yet be present so it will have to be created. With the Parameters folder selected, choose  New from the Edit menu. Select Multi-String Value and name it NSPI interface protocol sequences. Right click the newly created key and select Modify. In the box labeled Value Data enter ncacn_http:6004 and click OK.image               Close the registry editor and restart the Domain Controller.

With all of the above steps complete you now have a working RPC over HTTP(S) server and can use Outlook 2003 or Outlook 2007 from anywhere on the Internet just as if you were in the office. No VPN's required.

Microsoft has published extensive information on RPC over HTTP(S) for not only the scenario mentioned in this post but for any other type you organization may have deployed. Check it out if you would like more information.

Check out my blog posts on Using Outlook 2003 and 2007 with RPC over HTTP(S) for additional information on setting up the client side. Please leave comments if this article was helpful!

 

Wednesday, April 30, 2008

An Interesting Turn for My Blog ...

I am really impressed how much activity I get on my blog. I had an interesting turn of events on Friday. A small business owner was having some pain with his SBS 2003 install because he did not have a good firewall in front of it. This is at least how I understood his message to me. Here is what he had to say:

Hi Mark,

I stumbled across your blog (and a forum post or 2) while I was searching for info on how to best configure a SBS 2003 server behind a TZ 180. I am the owner of a small steel fabrication business and by default a the one man IT department for our 12 person operation. I have been running a 2 NIC SBS 2003 setup with Exchange for 5 years without a problem, but for a lot of different reasons including lost sleep I just ordered a TZ 180 25 person total secure package to stick in front of it.

Any tips for a dumb welder turned designated IT guy on this? I was assuming that I should keep the 2 NIC setup and figure out how to set up the SonicWALL to accommodate, but I have seen a few recommendations to switch the SBS over to 1 NIC (and your comment that you have deployed "a ton" of SBS 2003 boxes behind the TZ180s prompted this message). We do have a couple of employees using RWW and I would like to continue this.

Our email is hosted by Earthlink and the SBS box goes and fetches it POP3 and then distributes. Recently, I set up a Gmail account that I first forward the Earthlink email to, let Gmail filter, and then pass back to a "clean" Earthlink mailbox before our server downloads. My staff loves me for this as I spare them from a ton of spam. Will the sonic wall box take care of this or do I need to keep the Gmail filter going? Are your typical SBS setups running Exchange, or do you advise hosted Exchange? I am all about doing less IT and more running the business so please steer me toward the more hands off solution...

thanks for your time.

I happen to be in Dallas, TX at the SMB Summit event. I was speaking with Becky Ochs who is the Product Manager for Small Business Server at  Microsoft. They have officially dropped the server from the edge of the network and removed ISA from the Small Business Server. It is now a one NIC box. With what products are available for the SMB space for a firewall, I really think this is a smart move. Anyway's, this could not have been more timely. I put together what I think is a good roadmap on how to add a SonicWALL firewall in front of an SBS Server 2003. Here is my reply:

Overall this should not be a tough move. First off it sounds like you are doing a pretty good job not working in IT and managing your SBS server. I am in Dallas with the Microsoft Product Manager for SBS, Becky Ochs, and her presentation specifically mentioned how SBS will no longer be a two NIC server on the edge of the network. With that in mind the answer to your question is a one NIC setup is where you want to go.

A caveat to making this change is whether or not you are using ISA server. As long as the answer is no then the following steps should make this process simple. Here is what to do.

1. Set-up the TZ180W and connect it to the Internet. The WAN IP setup depends on your service with the ISP. Hopefully you have a fixed IP address. If not I would look into it as everything works better. Register your device and make sure it can get out to the Internet. Set the LAN IP to an address that is unique to the network. My suggestion is if the server has an address near one end of the network like x.x.x.1, set the firewall LAN interface address to x.x.x.254. It is a good practice to keep these addressed to the end of the subnet.

2. With the SonicWALL firewall connected go to the SBS Server Manager and run the Internet Connection Wizard (ICW). During the wizard setup change the NIC settings to a single NIC config. Do not change anything else. This especially includes the server certificate settings. Go ahead and disable the WAN NIC to prevent any confusion.

3. The last step is to give the new Internet path to the workstations. Most likely they get IP addresses from the DHCP server on the SBS Box. An afterthought here is to make certain that DHCP on the TZ180 LAN range is disabled. This is very, very important. The ICW should have fixed the DHCP server but you still may need to open the DHCP MMC and add the new gateway address which is IP address of the LAN interface on the SonicWALL. Reboot the workstations and confirm the can get to the Internet.

If all has gone well and according to plan your internal configuration is complete. The last step is to open up the ports needed for public services on the SBS server. They are as follows:

1. Port 25 for inbound mail on Exchange. I will address this more in a few moments as your mail is setup a bit uniquely. Set this rule up for now but do not turn it on until you are ready to receive Exchange E-mail.

2. Port 80/443 for web based remote services such as xxx.domain.xxx/exchange (OWA) and xxx.domain.xxx/remote (RWW).

3. Port 4125 to allow remote access to servers and workstations via Remote Desktop from the Remote Web Workplace

4. Port 444 if you allow access to the companyweb from the Internet

5. Port 1723 if you allow Microsoft VPN access to you network.

That should get everything working and in a single NIC configuration using the TZ180W as the new firewall/gateway.

As far as Exchange goes, I would dump all that complicated email travel and use the server you are paying for. If SPAM is a concern there are a couple of great solutions. One is to use Postini which is owned by Google. The cost per user is really pretty low. You could also use a software product like Sophos Pure Message for SBS. This works pretty well too and will eliminate most all SPAM. A third choice and my preference is a SonicWALL E-Mail Security device which installs very easily and like software or an outside service will filter all your email. In my opinion E-Mail Security gives you the most control, flexibility, growth, and value. It is totally hands off and will proxy your email if the server goes down for any reason as long as your connection the Internet is still in place.  You can have one email address per user  that is web accessible, will sync to a windows phone in real time, and will work with Microsoft Outlook 2003 or later at home or anywhere else you have a connection on the Internet. It is ROCK SOLID and all my SBS users engage Exchange as their email server.

After getting a reply back from the sender I figured this was good data for the community and I should get it out here the the general public. Hope it helps all!

 

Friday, April 18, 2008

SonicWALL NSA E-Class looks to be a big win for Willow Creek Community Church

Anyone one who knows me or reads my blog can be certain of one thing. I like SonicWALL products. The company's product line is growing and maturing so fast it is incredible. This growth charge is being lead now by the Enterprise Class firewalls or E-Class as they are known. These products are changing the landscape and have raised the bar in performance and throughput. There is not another enterprise class product on the market that can do what the E-Class firewalls do. When you consider the price, the E-Class is by far the best value for the dollar.

I have to say that working with churches is always an honor. I just completed a job for Willow Creek Community Church, a church known not just here in the United States but worldwide for it's service to Jesus Christ. Having been given the trust of a church of this size and stature in the ministry is nothing less than a true God thing. Kudos to Kurt Donnan and his team at Willow Creek for the opportunity.

The project was to replace their SonicWALL Pro 4060 which has been in service for about three years. It currently has a 45 Meg connection via a DS3 and was pretty much at its limit handling what the Willow network was throwing at it. The replacement for the Pro 4060 was to be a pair of brand new E-Class NSA 6500 Firewalls. They were to be installed in a High-Availability pair to not only upgrade the capability at the head end of the network but to also add a layer of redundancy as the previous install was a single point of failure for the network.

Now, as anyone who has cut over the gear connecting a big network to the Internet knows, this can be a nightmare for the users if the project is not well thought out and carefully executed. Down time is never really acceptable and can ultimately create a black eye for the IT department of any network. This was no different at Willow Creek. Fortunately, SonicWALL made this process much easier by allowing the content rules and programming of the Pro 4060  to be importable into the new E-Class. I was not about to take for granted that this would work smoothly so Kurt, myself, and his team all diligently reviewed every rule, process, and custom bit of configuration that was imported to the E-Class device. When done the only thing we found is that some orphaned firewall rules that really should have not been in place on the Pro 4060 were successfully cleaned up and purged from our new configuration. That was the first sign things were really headed in the right direction. We went ahead and shut down the Pro 4060 and lit up the E-Class box to the production network. The outbound connections all came up with no issues at all. As we audited inbound traffic we noticed that connections were not being made. My suspicion was that some NIC's were not happy about the hardware change in real time and mid-stream. I simply rebooted the E-Class gear and the servers that were not communicating. Every single connection came online and worked flawlessly. Total time from Pro 4060 shutdown to E-Class NSA 6500 assuming all network functionality was less than 10 minutes. For the end uses at Willow Creek the change was totally transparent. The quote was "It can't be that easy. This was the easiest cut-over we have ever done." I really can't take the credit here. Kudos to SonicWALL and the engineers that developed the NSA E-Class products. They are simply awesome!

Post conversion I thought we should test the new install performance. The inbound connection is 45 MB over a DS3 so we should have been able to get the E-Class to show us some real use with the network in production. Here is a snapshot of the E-Class on a Monday just after conversion with podcasts, credit cards, browsing, email, downloads, and everything else going on.

Willow on E6500

Can you say yawn? Only 2 CPUs were in process! To be fair it was later in the day but we  still thought there would be more load then that. This was with all the UTM (Unified Threat Management) turned on. To just push the issues we decided to max out the DS3 with 7 simultaneous downloads of Vista SP1, several video streams, -t pings to outside servers, etc. The graph of the DS3 showed it right at the top of its inbound limit. Below is the graph of the E-Class CPU graph.

Willow with DS3 Tapped

We managed to get 5 CPUs engaged. CPU 2 actually got to 41% for a brief second but I could not snap the photo quickly enough. When we ran this test we had already installed the second E-Class for a High Availability fail-over. We pulled the plug on unit one and the only thing we lost on all the stuff that was running was one ping at about 30 ms.

The E-Class boxes are a great product. If you have a Cisco, Juniper, Fortinet, Watchguard, or any other firewall solution or are looking to make a change, contact Willow Creek and see what they think. I think they will tell you to give the E-Class some serious consideration. In the ministry space as well as any other market there is no other product that can come close to providing top value for the ever shrinking IT dollar.

 

Friday, April 11, 2008

Microsoft does VoIP for the small to medium business!

Did you know that Microsoft has a VoIP system? Well they do and so far I really like it. They are OEMing the software to several hardware companies to build and integrate into a  system. The company I have chosen to start with is D-Link. I have never thought of D-Link as a higher end hardware company but this system is a pretty big departure from the home grade equipment I have used from them in the past.

003008 007    004     

Getting back to the topic at hand... The Response point system is an SMB  to Medium Business VoIP solution with a host of features, bells, and whistles. The features have really been crafted carefully to meet the needs of this space. Most mid-sized PBX phone systems as well as bigger VoIP systems, like those from Cisco, have a pretty big up-front cost. I have sold several mid-sized phone systems and it is nothing to get up to seven to ten thousand dollars. The Response Point system bundled as a 10 user set with a four line PTSN gateway(regular old business lines on copper) can install and be ready to go for less than four thousand dollars complete. Some pre-requisites to that number are a good quality switch but not necessarily something in the layer 3 arena, a good basic network with a really good firewall/router (a SonicWALL TZ180 or similar) but preferably a server like a Small Business Server, and good documentation as to what is already in place. Unfortunately, my first deployment did not have these qualifications in place so it was a little more difficult then it had to be.

The feature that really make the system a winner in my opinion is that everything is voice activated. The phones have a little blue button with the Response Point logo and that is the key to the whole system. For example, if a call comes in and you have a receptionist she can transfer that call by hitting the magic blue button and saying "Transfer to Mike." The system confirms by automated voice that the call will be transferred to Mike and confirms that the attendant can now hang up the phone. Intercom calls are simple pressing the blue button and saying "Call name or Extension number. Calls can also be made to predefined lists that are customized to each user. Out side calls are very similar to intercom  calls. The user just states the name on the list. These names can come from any number of sources but the really big plus is that it is integrated to Microsoft Outlook for its contacts and it is seamless. There is a client that installs on the workstations and adds complete management of the user's phone right from the computer screen without having to navigate any cryptic menus. Calls to the users phone show a pop-up with the inbound caller's name, caller-id, or both.

Retrieving voice mail can really be a pain. Leave it to the Response Point system to make it a breeze. The users can choose to forward all call to an outside line like a cell phone. Better yet, if you don't want to ring up all the extra minutes you can have all your voice mails bound to an email and sent to you in an audio file. It is not a 40,000 unified messaging system but this really does fit the bill for those with five to seventy-five users. No guessing on when a message came in or who it was from. All that is included right in the email. Listen to the messages from a computer, smartphone, blackberry, or anything else that can receive an email.

I saw this system back in September of '07 at the SMB Nation Event in Seattle at the Microsoft campus. It was impressive then and now that I have a demo and one installed it is truly an incredible value for the power. I wish it had  T1 & PRI gateways as well as a VoIP gateway to interface with VoIP providers worldwide. I hear that is coming though. That would nearly eliminate the need for copper dial-tone altogether. No dates yet on these features but stay tuned. Right now D-Link is selling the systems faster than they can make them. On average the wait time has been thirty days or even longer. Several shipments have made it to the states from over-seas assembly facilities and all those shipments have been bundled into 5 and 10 user skews. Individual phones and gateways are just now becoming available for larger deployments and I am already taking orders for installs with more than ten phones.

Microsoft has a great online demonstration of the system. Follow the link and take a look for yourself. It looks to be a blockbuster solution.

Friday, February 29, 2008

Back again from a long break ...SonicWALL Peak Performance a real win!

Business has been crazy since I last blogged at the Mind Sharp SharePoint tanning. I keep trying set aside time each week to blog but it has been very difficult. I happen to be flying again right now and flights are a great time to catch up.

SonicWALL has just completed their Peak Performance 2008 partner event and it was a real win in my opinion. It was hosted in Las Vegas and they decided to have the event at the Venetian property. Our rooms were in the Palazzo Towers and let me tell you...the rooms were very nice! Take a look at some of the room photos. The accommodations really made time in the room an unexpected treat.

img026        img027    img025      img033    img023    img024    img032 img030

I have felt since the early days of working with SonicWALL products that SonicWALL was very committed to their craft. The acquisitions they have made the past couple of years have added a rich and diverse product line and have made it easier for me to offer a complete set of solutions to my clients. The line card now includes the following:

    • SMB Firewalls with diverse and unique Unified Threat Management (UTM). The units filter at the packet payload level and remove spyware, viruses,  & limited spam. They also offer website content filtering and offer a unique ability to filter known and unknown complex intrusion techniques to your internal network.
    • Enterprise Class firewalls (E-Class Firewalls) with up to 16 Core CPUs for a tested WAN throughput that exceeds 1.5 Gigabits. The E-Class systems maintain that throughput with the Unified Threat Management scanning all inbound and outbound traffic. They have all the functions of the SMB firewalls but are enterprise fast and scalable to high availability pairs. There is nothing out there from any other vendor with this level of speed and function. That includes Cisco, Barracuda, & Juniper.
    • E-Mail Security Software and Appliances that function as local pre-email server analyzers and proxies that are scalable to multi-devices scenarios and able to handle more then 1,000,000 messages per day. The only real limits will be in the amount of bandwidth available to the site. (E-Mail Security)
    • Continuous Data Protection (CDP). Currently 4 available appliances that range from 400 GB to 1.2 TB of disk to disk real time back-up. The solutions scale from backing up servers and workstations on the LAN to capturing data from remote systems the attach via the VPN. There is integrated support to natively backup Microsoft Active Directory, Microsoft SQL Server Databases, & Microsoft Exchange information stores. The solution scales even further to allow offsite back-up to the SonicWALL World Wide Network or to another CDP within your own multi-site network. The new hardware to be released yet this year will have the ability to grow with replaceable disks at starting sizes that range from one to six terabytes of total back-up storage. The package also comes with ability to snapshot hardware at the Bare Metal for quick and simple restores that later this year will be hardware independent.
    • SMB & Enterprise SSL-VPN is a very slick technology that simply said provides a higher level of security to networks that must have a higher level of control on who and what connects to their LAN. Rather then direct VPN connections of external hardware or remote systems to your LAN, the users are offered a web connection via a browser and will proxy what ever services you choose to make available. For the most trusted hardware there is a client based VPN that can still be used and access is given on a policy by policy basis. It is compatible with MAC and Windows and on the higher end even with Linux and Windows Mobile devices. The devices range from 10 users models to models that support over 500 uses all in the SMB space. For larger networks that need an enterprise class solution with High Availability and End Point Control, the E-Class SSL-VPN appliances scale as far as the imagination will take them. Taking the solution a step further, there is now a new tech support option called Virtual Assist. This is a technician tool that allows remote control of remote systems with no client needed. It is very similar to a Live Meeting or Web-Ex tech support solution. It scales from one to as many users as you like depending on the number of concurrent connections your technicians may need.
    • Managed Wireless that is 100% centrally managed from a single GUI. The SonicWALL Sonic Point is the unique SonicWALL 802.11 radio that is controlled from the Firewall UTM appliance GUI. To set up your wireless network all you do is build the profiles via the Firewall GUI and plug them in. That's it. The solution provides guest level access and will provide multiple SSID's with different levels of security and all done over one physical set of radios. The current radios are available in A/B/G and B/G. Later this year there will also be a radio that will support B/G/N.

This is some really cool stuff. Even more exciting is that all of these lines are getting big, big feature updates that will make every single item above work better, faster, and more reliably. Some of the release dates are still to be determined so as these dates approach I will elaborate in much more detail as to what is coming. Stay Tuned !!!!

SonicWALL is a key vendor in my business and after this event it is clear that they will continue to be a key partner. Quite frankly they are going to be even more important in the evolution of what I do in the commercial, enterprise, and ministry space. Kudos again to SonicWALL and thanks for a great four days in Las Vegas!