...
Each company has its IT rules and more than often a proper IT staff to apply them. Thus what we are going to suggest to you is not a specific configuration which should lead because you have to adapt it to your own business needs, understanding the basic rules it has been build on. It's more a sort of Rule of Thumb about how we suggest to organise data transport separation.
Basically we'll suggest you to split the services, binding them on multiple interfaces. We found that is far more easy to manage 2 interfaces instead of 3 or 4 of them, still (as said before) this is a matter of your company's network design.
...
- Use two networks interfaces at least and set them up as:
- Internal Interface: private IP, not directly accessible from the extern of the company
- External Interface: public IP, directly accessible from anyone
- Services should always be split in two categories:
- management
- service provider
- Each category should be mapped on a different interface:
- management on the Internal Interface
- service provider on the External Interface
- One amend to rule number 3 is if your company wants to offer the secure voice system to the internal network as well (or to some part of it)
- Both SIP/TLS and HTTPS-Smartphone Web Services are necessary to run the service on mobile devices
- public access is needed for with Data packages are involved
- No point in having Nagios service on the public interface
- Disable SSH access as soon as you can or keep it as the last resort: you might want to place it on an hidden network or protect it by a firewall rule
2.9.3
...
scenario 1: for internal use only
scenario 2: internal and external use
scenario 3: internal and external with connection to the company's PBX
Usually an issue related to the network displace of one PrivateServer depends on its feature to join a public access data channel with an internal/private communication/data channel. E.G: each mobile device connected to the PrivateServer via PrivateGSM has to be allowed to use an Internet Data Connection in order to work, but on the other end the PrivateServer could be connected to the internal Corporate PBX via SIP Trunk. The issue arises when the network in which the corporate PBX is placed has no external access. In this scenario the PrivateServer needs a bridge or can act like one, joining two network that should not communicate.
perform private and secure calls sdgsdghsg.
2.9.4 Actual implementations
without considering the huge differences between each and every network. Nevertheless we have a standard network configuration for the PrivateServer that we think can suite most of the Secure Voice Service Administrator who are dealing with PrivateServer and PrivateGSM.
Possible implementations
Our standard proposal is to split the VoIP service and the Administration service having the former to respond on the first interface, directly connected to the Internet via public IP address or just NATted from a public one. The latter would respond on the second NIC, an internal interface with a private IP address assigned on it.
So that's a simple schema exemplifying the core of this subject:
...
| Subtitle | ||||||
|---|---|---|---|---|---|---|
| ||||||
|
| Warning |
|---|
Please keep in mind that's perfectly possible to enable Secure VoIP Service in your company's network as well, using internal wireless network which could pair the service offered on external address/port. In this scenario there can be issues related to name resolution and certificates. Please contact PrivateWave assistance in case for full service network design support. |