Versions Compared

Old Version 2

changes.mady.by.user Luca Guerrieri

Saved on

compared with

New Version Current

changes.mady.by.user Luca Guerrieri

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

It can be quite useful to consider

Brand
brandserver
as a Session Border Controller, when it comes down to deciding how to configure its network placement.

 

2 2.9.2 Rules of thumb

The services separation occurs by considering the following rules:

  1. Use two networks interfaces at least and set them up as: 
    1. Internal Interface: private IP, not directly accessible from the extern of the company
    2. External Interface: public IP, directly accessible from anyone
  2. Services should always be split in two categories:
    1. management
    2. service provider
  3.  Each category should be mapped on a different interface:
    1. management on the Internal Interface
    2. service provider on the External Interface
  4. One amend to rule number 3 is if your company wants to offer the secure voice system to the internal network as well (or to some part of it)
  5. Both SIP/TLS and HTTPS-Smartphone Web Services are necessary to run the service on mobile devices
  6. public access is needed for  with Data packages are involved
  7. No point in having Nagios service on the public interface
  8. Disable SSH access as soon as you can or keep it as the last resort: you might want to place it on an hidden network or protect it by a firewall rule

...

2.9.3 Possible implementations

...

Warning

Please keep in mind that's perfectly possible to enable Secure VoIP Service in your company's network as well, using internal wireless network which could pair the service offered on external address/port. In this scenario there can be issues related to name resolution and certificates. Please contact

Brand
brandcompany
assistance in case for full service network design support.


Navbar