Saturday, November 11, 2006

Voxilla creates a Fonality uproar, a mini, a roar!

It all started with a post on Voxilla by Marcello Rodriguez named "Finality is fine but worrisome", and the VOIP IP Telephony blogsphere took off from there.
Here is some part of the original post and when you visit and read the article, Please do not forget to click on the COMMENTS, the real juice starts there.
"Still, I wonder whether Fonality is indeed the right solution for businesses -- particularly those businesses concerned about security.

The company's products include a $1,000 "Standard" Asterisk PBX and a $3,000 "Call Center" edition that features unlimited call queues, recording and other bells and whistles.

Each of the offerings packs a well-designed front end that makes the notoriously prickly Asterisk easier to use. But, unlike a stock Asterisk installation, Fonality's offerings require a constant -- and potentially worrisome -- connection to the company's own servers.

Though one can use Fonality's products with any SIP- or IAX-based termination services provider, the company builds a Virtual Private Network (VPN) back to Fonality from all its installed PBXes.

Ostensibly, there are good reasons for this, particularly that all upgrades to the product occur seamlessly and with no need for operator interaction. Also, because all configuration changes to an installed PBX are made by logging into an account with Fonality's servers, and those changes are then pushed back to the local PBX, the risks of operator error are somewhat mitigated.

But there is reason for concern. Ease-of-use comes with trade-offs.

First, because the link is over VPN, it is possible for someone at Fonality to enter the local PBX in a virtually undetectable manner. An unscrupulous employee can then run a network sniffer on the PBX and, if the local PBX computer is part of the office network (as is likely to be the case in most offices), the employee potentially has access to all the computers on the network."

This and the rest of the ideas comments in the article lead to a well worth reading list, so Marcello had to write his second article to summarize the facts and give his own opinions.
Well the links that I followed and the comments on those links made me learn a bunch of things and reminded me of my middle school years. "mine is better (anything from my father to my pencil) than yours! and the countless "yes way, and No way!!). But it is certainly educating. Certainly how business savvy some people are how I am not. I have only one comment to fonality, the CDR pitch is really good sales pitch but does not compute. A few years ago, I was handling gatekeeping on a pentium II machine with 256MB ram running Redhat 6.2. It id all the CDR processing and such needed by a gatekeeper and never caughed a bit. It was processing about 15000 minutes a day. I also know PBX functions are different from a gatekeeper and my volume was tiny (it was big for me at that time).
Back to the article;
Dameon Welch-Abernathy wrote that "as an IT person, it is your job to do your 'due diligence' to find out exactly how any software you deploy might 'phone home' or do anything you don't like." Yes I agree but I expect my vendor to tell me what they plan to do. This also moots the argument that fonality is for shops without big IT departments. Bummer I have to trust my vendor.
Then came Tom Keating doing a sales pitch for Fonality and bashing Marcello. It is still fine, everyone has their right to express their ideas.
I am a digium customer and and asterisk user. Oh yes, trixbox too, But one thing is sure, I will not be a fonality costomer. Big boys should act better, not like kids in kidergarten.


Links; (don't forget comment links on these posts.)
Marcello's first article, "Finality is fine but worrisome"
Marcello's second article "Mini Fonality Furor"
Andy Abramson opinions "Time For Enterprise Asterisk"
Chris Lyman (fonality) - An Open Letter to Marcelo Rodriguez

0 comments:

Blog Widget by LinkWithin