[cisco-voip] Metreos SCCP Proxy

Louis Marascio (lmarasci) lmarasci at cisco.com
Fri Mar 9 12:34:39 EST 2007 

A couple of points.

1. Metreos SCCP Proxy was the initial incarnation of this product. It
was built 
on top of the Metreos Communications Environment and deployed in limited
fashion.

2. About 6 months before the Cisco acquisition we started building
PhoneProxy which 
is a dedicated Linux appliance that is not built using our UC
development and 
runtime platform. The primary reasons for this were performance and
security.

3. PhoneProxy was released as a Cisco product in November.

Today, the following are attributes of PhoneProxy:

a) SCCP support only, no SIP support

b) Secure SCCP and Secure RTP are supported without the need to enable
cluster 
security on your CallManagers. Non-Secure and Mixed mode are supported.

c) Today there is no LDAP import into the PhoneProxy's user management.
This is 
definately an area that needs to be improved. Ways that are being
considered for 
improvement range from import/export all the way to deeper integration
with 
ccmadmin. Nothing is commited here but it is understood it needs
improvement.

d) There are two modes of operation for PhoneProxy. Open and
Authenticated. 
Authenticated has the most restrictive firewall rule set and is
recommended for use 
when deploying for remote IP phones. Open has a less restrictive
firewall rule set 
and by default allows traffic from all IP addresses on SCCP, HTTP, and
TFTP ports. 
Open mode is recommended for internal use when PhoneProxy is used to
aggregate soft 
phone traffic from the data VLAN prior to jumping over to the voice
VLAN. As Lelio 
points out, Authenticated operation requires an end user to log into a
web page prior 
to his IP phone registering via the PhoneProxy. This allows a specific
firewall allow 
rule to be created to allow TFTP, SCCP, and HTTP traffic from their home
NAT's IP 
address. In the future, there may be other modes of operation, but this
is what is 
available today.

e) We do recommend only one IP phone per public IP address when
operating the 
PhoneProxy for remote phones. There are ways to make it work with
multiple phones 
coming from the same IP address, but there are caveats that need to be
designed 
around for a given deployment.

Thanks!

Louis

________________________________

From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Matt Slaga (US)
Sent: Friday, March 09, 2007 9:31 AM
To: Lelio Fulgenzi; Nick Kassel; Carter, Bill;
cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] Metreos SCCP Proxy



I can agree with you there for usernames, however not for password
matching.  If this box ever got compromised, you don't want to give them
all the keys.

 

From: Lelio Fulgenzi [mailto:lelio at uoguelph.ca] 
Sent: Friday, March 09, 2007 10:20 AM
To: Matt Slaga (US); Nick Kassel; Carter, Bill;
cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] Metreos SCCP Proxy

 

Fair enough. But even an LDIF import would have been OK.

 

------------------------------------------------------------------------
--------
Lelio Fulgenzi, B.A.
Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1
(519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
....there's no such thing as a bad timbit...

	----- Original Message ----- 

	From: Matt Slaga (US) <mailto:Matt.Slaga at us.didata.com>  

	To: Lelio Fulgenzi <mailto:lelio at uoguelph.ca>  ; Nick Kassel
<mailto:Nick.Kassel at charles-stanley.co.uk>  ; Carter, Bill
<mailto:bcarter at sentinel.com>  ; cisco-voip at puck.nether.net 

	Sent: Friday, March 09, 2007 10:15 AM

	Subject: RE: [cisco-voip] Metreos SCCP Proxy

	 

	The reason for the lack of integrated directory is to keep your
internal systems as protected as possible.  Remember that this device
goes into your DMZ so no authentication traffic should ever traverse
your DMZ into your corporate network.  

	 

	From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Lelio Fulgenzi
	Sent: Friday, March 09, 2007 9:57 AM
	To: Nick Kassel; Carter, Bill; cisco-voip at puck.nether.net
	Subject: Re: [cisco-voip] Metreos SCCP Proxy

	 

	By no integrated directory, I mean, you have to add userIDs and
passwords seperately and maintain them seperately. Not sure if there is
a user accessible password change utility.

	 

	And by logging in and out, I mean you have to open a web page,
connect to the proxy, and follow the prompts which allow your phone to
connect.

	 

	All in all, not a bad thing, let's face it, it gives us
something we don't have. But it could be a little slicker. ;)

	 

	No offence to the ProxyProduct guys on the list....they were a
great help.

	 

	
------------------------------------------------------------------------
--------
	Lelio Fulgenzi, B.A.
	Senior Analyst (CCS) * University of Guelph * Guelph, Ontario
N1G 2W1
	(519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)
	
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
	.....there's no such thing as a bad timbit...

		----- Original Message ----- 

		From: Nick Kassel
<mailto:Nick.Kassel at Charles-Stanley.co.uk>  

		To: Lelio Fulgenzi <mailto:lelio at uoguelph.ca>  ; Carter,
Bill <mailto:bcarter at sentinel.com>  ; cisco-voip at puck.nether.net 

		Sent: Friday, March 09, 2007 9:52 AM

		Subject: RE: [cisco-voip] Metreos SCCP Proxy

		 

		When you say no integrated directory, do you mean
Corporate Directory and do you mean you have to log in to the phone to
get access to the Call Manager.

		 

________________________________

		From: Lelio Fulgenzi [mailto:lelio at uoguelph.ca] 
		Sent: 09 March 2007 14:45
		To: Nick Kassel; Carter, Bill;
cisco-voip at puck.nether.net
		Subject: Re: [cisco-voip] Metreos SCCP Proxy

		 

		We haven't looked at it closely, however, there are some
things we didn't like about it. First, no integrated directory, and
second, as far as I can tell, there were too options, one which required
logging in and the other was completely open. Nothing in the middle.

		 

		It might fit in your deployment though.

		 

	
------------------------------------------------------------------------
--------
		Lelio Fulgenzi, B.A.
		Senior Analyst (CCS) * University of Guelph * Guelph,
Ontario N1G 2W1
		(519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)
	
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
		.....there's no such thing as a bad timbit...

			----- Original Message ----- 

			From: Nick Kassel
<mailto:Nick.Kassel at Charles-Stanley.co.uk>  

			To: Lelio Fulgenzi <mailto:lelio at uoguelph.ca>  ;
Carter, Bill <mailto:bcarter at sentinel.com>  ; cisco-voip at puck.nether.net


			Sent: Friday, March 09, 2007 9:41 AM

			Subject: RE: [cisco-voip] Metreos SCCP Proxy

			 

			Did either of you guys ever try this, I see
Cisco now supply it as the Cisco Unified Phone Proxy, I'm very
interested to get some feedback about this product.

			 

________________________________

			From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Lelio Fulgenzi
			Sent: 09 June 2006 19:32
			To: Carter, Bill; cisco-voip at puck.nether.net
			Subject: Re: [cisco-voip] Metreos SCCP Proxy

			 

			We are seriously considering the SCCP proxy for
home offices as well where there is only one PC and one phone. Anything
else and a small router might be better. We wanted to use it for
softphone from off-site as well as wireless phones. They were not eager
to provide any demo/loaner, but now that Cisco is going to buy them, we
might get better response. Let's just hope Cisco doesn't can the
product. I doubt they will, supposedly they have a client with a large
install base already using it. It was a custom app that they decided to
market. 

			 

	
http://newsroom.cisco.com/dlls/2006/corp_060806c.html?CMP=ILC-001

			 

			 

	
------------------------------------------------------------------------
--------
			Lelio Fulgenzi, B.A.
			Senior Analyst (CCS) * University of Guelph *
Guelph, Ontario N1G 2W1
			(519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)
	
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
			"I can eat fifty eggs." "Nobody can eat fifty
eggs."

				----- Original Message ----- 

				From: Carter, Bill
<mailto:bcarter at sentinel.com>  

				To: cisco-voip at puck.nether.net 

				Sent: Friday, June 09, 2006 2:24 PM

				Subject: [cisco-voip] Metreos SCCP Proxy

				 

				
				An thought or experiences with the
Metreos SCCP Proxy server.  We are
				thinking of placing IP Phones in our
home offices and using the SCCP
				proxy instead of DMVPN.
				
				
				This email may contain proprietary and
confidential information for the sole use of the intended recipient. 
				Any review, retransmission,
dissemination, or other use of this information by persons or entities
other than 
				the intended recipient is prohibited. If
you are not the intended recipient, please contact the sender and 
				delete all copies. To the extent that
opinions are expressed in this message, they are not necessarily the 
				opinions of Sentinel Technologies or any
of its affiliates, employees, directors, officers or shareholders.
				
	
_______________________________________________
				cisco-voip mailing list
				cisco-voip at puck.nether.net
	
https://puck...nether.net/mailman/listinfo/cisco-voip
<https://puck.nether.net/mailman/listinfo/cisco-voip>

More information about the cisco-voip mailing list