Wednesday, February 28, 2007

Teleworker Guide - IP Telephony

IP Telephony is a technology where voice communications are transported through an IP network (such as the Internet) instead of the regular telephone network. In other words, it means that you get all the benefits of an IP network for your telephone.
Now that your teleworker solution is secure (with a VPN and NAC), you can think about the applications and tools. What will a user be doing at a regular office? ... I’m not saying what “specific” applications he uses, but rather what “basic” things he or she does. For example, email…. Ok, we got that one cover wit the VPN connecting the user back to the corporate office…. How about Telephone?
Well, he definitely needs telephone, but will you pay for his phone bill, or would you rather provide him with an extension of his own desk number. Here is where IP Telephony comes to play.
With IP Telephony you can give the user his same extension at any point of the network. He can take an IP phone home, plug it there (to the IP network, not the phone jack), and get the same number via the VPN. Furthermore, you can let the user use a Soft-phone. That is a phone application that you install on the user’s laptop so that he or she can access his phone from wherever they are.
The benefits of IP telephony are pretty clear:

  • Lower Total Cost of Ownership – in the long run, the price that your company needs to pay is lower than with traditional telephony. It even gets lower when you talk about converged networks.
  • Improved productivity – you can build applications that integrate telephony and be more efficient at your business processes. IP is an open-to-modifications medium, contrary to the legacy telephone network where all you can do is plug a phone, or a PBX.
  • Business Resiliency – IP telephony solutions, per the nature of the IP network, allow for highly resilient and redundant architectures, achieving 5 nines of availability.

IP Telephony is only the beginning. Today we talk about Unified Communications instead. In a nutshell, this is the convergence of different communication technologies through one single medium: the IP network. In the next posting, I will be talking about the future of IPT and Unified Communications.

Sunday, February 18, 2007

Teleworker Guide - NAC

Network Admission Control, a.k.a. NAC, is a technology that is predicted to gain popularity this year. For IT professionals, it means that we are extending the security to the end-point, and controlling who can have access to what, and under certain conditions. For example , if you have remote workers, and you provide them with a VPN appliance for their home, what stops them from connecting their home computer to the appliance?? And the IT department doesn't have control over that machine. There is where NAC comes to play.
With NAC, the IT department can check the machine that is trying to connect to the network, and if certain tests fails (e.g. There is no anti-virus installed, or it is not up-to-date, or a certain critical Microsoft Windows patch is missing), then the computer is denied access to the network by placing it in a restricted network. Then, the IT department can instruct and direct the user to update the computer to get it up to the standards in order to gain the proper access to the network.
This is a must for Teleworker environments where VPN appliances are deployed at the customer premises.
The business benefit of having NAC is greater than just controlling Teleworkers. It ensures that endpoints conform to security policy, proactively protects against worms and viruses by focusing operations on prevention, not reaction. It also extends existing investment by integrating with multivendor security and management applications.
NAC works also for controlling guests that come to the office and connect to the wireless network, or plug themselves to a port in a conference room. It provides a form of control, to avoid back-doors for Virus and Worms to come into the network. The savings are reflected on the security side, in the form of avoiding remediation costs in the case of an attack or infection. But just like with any security solution, you will not see a benefit unless you are prone to an attack. It is very difficult for some people to understand that the benefit of a security solution like NAC is direct, but the proof is completely indirect (i.e you can't really see it unless you are a victim).
For more information about NAC, check this out.

Thursday, February 15, 2007

Teleworker Guide - VPN

A VPN is a secure communication channel between someone in the unregulated unsafe Internet and your private corporate network. It is often refered to as a VPN Tunnel, and it's what is used for letting employees securely connect to your resources and applications.
This usually is an application that is installed on your employee’s laptops that establishes a connection to the office’s firewall or VPN concentrator. From that point, is like your employee is virtually connected to the corporate network and can safely check email, download documents, and access applications.
Another format is having a small appliance (the size of a Linksys router) that will create the secure channel to the main office. That offloads the laptop from doing all the computer intensive algorithms for securing the communication. So companies provide the employer with a small box, that he or she plugs into his Linksys router at home, and the appliance automatically protects all communications between that house and the corporate network. It can't get any easier than that!
Now, here comes the technology part, there are mainly two types of VPN: IPSEC and SSL. SSL VPN is what you get when you do online banking and shopping, and you see the HTTPS prefix on your browser. IPSEC is a much more secure way, less processor intensive for the server and client, and more reliable way.
What are the benefits of a VPN?... well, you are extending the whole office to wherever your employee is. He or she can check emails from a Hot Spot Internet access at a Barnes and Noble, or even work on that presentation that is stored at the corporate collaboration server, without having to download it. Your sales force can connect from a customer site, and your developers in a different country can have the latest realease ready and available in the corporate server. The bottom line is that with having VPN access to your network, you are building the foundation for a solid Teleworker solution; the applications that your employees will use (e.g. Telephone, Email, CRM Software) will run on top of it.
How can I get VPN access?... Several alternatives: for IPSEC VPNs, if you are into open source, there are free VPN applications such as FreeSWAN, but beware that they tend to be complex and with no support. You can use a third type of VPN called L2TP and that every Windows machine have, though it is fairly basic with limited functionality. If you are trully concerned about keeping the communication secure, gaining scalability for the future growth of your company, and tech support that you can rely on, you have to go for a commercial solution. In this arena, Cisco is the leader provider of VPN appliances and clients. Click here for information about it Cisco's VPN products.

HOW-TO guide for “Work From Home”

What elements need to be in place for a teleworker model for your company? Not as many as you think, I’ll list the main ones and then elaborate on each, one by one in future postings:

  1. VPN: you need a secure way for your employees to have access to internal applications from home, in a safe manner. Virtual Private Networks, or VPNs, are a standard today just for that. It is a form of establishing a secure communication channel from anywhere in the [Internet] world, to your highly-private data and applications. The key point is that it must be a secure way.
  2. NAC: Network Access Control is gaining importance these days. If your data and IT infrastructure is important to you, you would like to know where are your users, from where are they connecting to your network, and with what they are connecting to the network. NAC gives you a framework for ensuring control on who can have access and from where can they gain access. The least thing that you want is an employee to log-in from an infested computer at a cyber-café.
  3. IP Telephony: if you want your employees to have full telephony with low expenses (e.g. zero long distance cost to the central office) you must have some IP Telephony scheme in place. For example, you can extend an IP phone to the employee’s laptop or home, and make it an extension of the corporate PBX or Key System. After all, think about it, if you want to have the virtualization of the employee as if he or she was in the office, you need to give him an extension, and free intra-office calls.
  4. Network Management: as you grow, your teleworker infrastructure will only get more complex. Therefore, it is imperative that you think about how to manage that beast. This must be easy to manage, easy to install, and intuitive. Also, make sure you get those reports of what your employees are doing, because after all, they are in your corporate network, but they might think that they are at home.

In the next couple of posting, I will dive a little deeper into these components.

Monday, February 12, 2007

Working from home – Why all companies should have teleworkers

I noticed that I am starting to work from home more and more often. I also read an article in this week’s businessweek, and a couple of weeks ago about the best companies to work for, and the best companies that do teleworking on Forbes. So I sat down and wrote the pros and cons of it. You might consider this if you are looking to get that startup going or some strategic and operational changes for your company.


  • Save on infrastructure expenses – no need to maintain big and pretty offices for your employees. You may reduce the physical size in such a way that you only have conference rooms and briefing centers for customers.
  • Exploit human potential anywhere – you may hire the best people from anywhere in the world. After all, it is a flat world, right?
  • Get closer to your customers – in economic theory, the provider that is closest to the customer gets the most out of it.
  • Greater exposure to diversity and cross-functional interaction – it’s no secret that diversity fosters productivity and innovation
  • Maximize efficiency – have the marketing team in NYC, manufacturers in China, and engineering in Bangalore.


  • Requires the appropriate infrastructure to stay connected – will the scale of your company be able to support it?
  • Communication avenues need to be fully transparent for customers, providers and employees – it is easy to be aware of the distance and make it an obstacle instead of a benefit; therefore it’s imperative for it to be transparent for every stakeholder
  • Implies trust in your employees – how do you know they are really working?

In my humble opinion, the benefits are far better than the draw-backs. It can be very beneficial for any size of company: I work for a 30 thousand employee company, famous for its teleworker work-force and I can do so much more by working from home like getting to my customers faster, quicker responses and always on call. Also imagine a small startup having inexpensive labor in Latin America or Asia, while selling products in high income markets like the US and Europe. The bottom line is that it’s doable for any size.

Monday, February 5, 2007

Net neutrality to the masses

Why is it that in the last month I've seen more and more Net Neutrality awareness TV commercials? I did some quick search on Google, and realized that the fight is not over yet.
Senators keep introducing bills in favor and against Net Neutrality. The interesting thing about this commercials on TV is that there are in favor and against too!. I would think that the users would prefer an Internet where broadband providers will not enforce service levels with faster access for certain applications or destinations. However, apparently, some see this as a plus... I wonder why? (If you have a reason, please comment on this, because I am seriously cracking my head here).
Net Neutrality only benefits the consumer!. No limitations where to go, what to do with your Internet connection, not only allows cliched "Freedom of Speech", but more importantly fosters innovation (i.e. Developers at home can create anything at very low cost).
The only reason that I could think of (it's close, but not enough) is because consumers may see that having different levels will introduce different price structures, and will be able to get broadband Internet for less - mainly because broadband providers will not have to subsidise low profit users. However, this is not entirely true. What benefit can a user gain from paying $10 for broadband, while getting only access to Email and certain sites? The evil behind it is greater - having long LSAs (that we never read, by the way) with limitations to your service....
Please, I encourage comments this time... I don't really understand why there are two sides of the coin for end users here.