cisco it avvid operations best practices...presentation_id cisco public voice quality • trust ip...

1© 2005 Cisco Systems, Inc. All rights reserved.Session NumberPresentation_ID Cisco Public

Cisco IT AVVID Operations Best Practices

Kevin O’HealyCisco IPT Operations


Agenda

Cisco CallManager

Voice Quality

Support

Monitoring

Security

IP Telephony Best Practices:

Dial Plan

IPT in Small Offices, Home Offices, and Labs

Additional Considerations


Cisco CallManager Best Practices

Strategically Place Cisco CallManager Servers to Maximize Redundancy and Load Balancing Within the Cluster; Consider…• Cisco CallManager Cluster Redundancy

Place Cisco CallManager Servers in Multiple LocationsProvide Spatial RedundancyCluster Over the LAN/WAN

• Placing Cisco CallManager Clusters in Class A Data Centers

Multi-Circuit UPS and Generator Power SystemsPhysical Access SecurityHVAC, Fire Suppression, Diverse Circuit Entrances



Replicate Key Services to Provide the Highest Level of Resiliency• TFTP• DNS• DHCP• IP Phone Services• All media resources

(conference bridges and music on hold)Implement Diverse Routing for Voice Gateways (Carrier and Device)• Multiple Vendors

(use LEC and IXC interchangeably)• Physically Separate Gateways• Provide Multiple Paths out of Each Cluster



• OS and Cisco CallManager InstallationServer is Named According to a Consistent Naming StandardStandardized Passwords

• Anti-Virus SoftwareConfigured to Automatically Update Virus Definition Files

• Network ConfigurationHard Set Speed/Duplex on CM Server and Switch

• Time ConfigurationImplement NTP or Windows Time Service

A Checklist for Installing Cisco CallManager Should Include:



• Configure Cisco CallManager Trace FilesStore at least 5 Days Worth of Traces

Configure Trace File Names

Set the Appropriate Trace Level

Configure Traces to be Written to Dedicated Drive Array

• Configure Performance Monitor AlertsMonitor Drive Space, Registered Devices, and CCM Heartbeat

Minor Alerts: (Email every 15 minutes)

Major Alerts: (Page every 5 minutes)

A Checklist for Installing Cisco CallManager Should Include:



Don’t Install or Activate Unnecessary CallManager Services:• Not all services are required

on every node

• Preserves system resources

• Avoid unnecessary complexity

• Increase security



Simplify the Administration of CallManager:• Utilize CallManager Bulk Administration Tool (BAT)

Import users and devicesModify existing phones and linesMigrate data from one cluster to another

• Standardize the deployment of CallManagerUtilize a consistent naming convention for dial plan components (Calling Search Spaces, Partitions, etc.)Consistent phone descriptions make it easy to locate devices with a common function (conference phones, public area phones, etc.)

Use the Cisco CallManager Solutions Reference Network Design guide (SRND) as a reference when planning a CallManager deployment


Voice Quality

IP Telephony Requires a Well Designed, Highly Available Network With Proper QOS to Provide Desired Voice Quality• Perform a VoIP Audit to Identify:

Network Readiness for Voice

Quality of Service

Call Admission Control

WAN Capacity and Planning

• Use a CODEC that meets your voice quality and BW requirements

Test in the lab and with pilot group/steering committee


Voice Quality

• Trust IP Phone Traffic, Re-Write all Other Traffic to 0

Consistently Apply QOSClassify and Mark Voice, Signaling, and Video trafficDon’t forget about Voice Applications (IP/IVR, CCC, etc.)

• Priority queuing at the WAN edge for voice and signaling traffic

LLQ to Dedicate Bandwidth to Voice TrafficDevelop Consistent QOS Policies for Links of Varying Bandwidth

• Ensure consistent CAC configuration across the entire IP telephony environment

Match Cisco CallManager Locations bandwidth to WAN Queuing (LLQ) ConfigurationRemember to Account for the Variations in Codec Bandwidth (i.e. G711 vs. G729)


Voice Quality

• Core, Distribution, Access Switches with HARedundant Power Supplies, Different Power CircuitsRedundant Line Cards and Redundant Supervisor Modules

• Redundant Core and Distribution Routers Throughout the Network

Test and Minimize Route Convergence

• Redundant WAN RoutesUse HSRP to Create Primary and Secondary Data and Voice Paths

• UPS 2-hour run time in all wiring closetsUPS Audit against a UPS PolicyNetworks Grow—Verify UPS is Keeping Up

• Disaster Recovery PlanIdentify the Telephony DR PolicyTest Disaster Recovery Procedures


Security

• Anti-virus software running on all Cisco CallManager servers

Automatically Updated with Latest DAT FileRegular, Automated Reporting on Compliance

• CSA (IDS client) running on Cisco CallManager servers

Host-based Intrusion ProtectionEffective against existing and previously unseen attacks

• Tight control on network access from the outside

Standard Internet Access Controls i.e. Firewall, DMZ, IDSStrong Authentication for RAS/VPN Users

• Implement AUX VLANS for Voice TrafficSeparate voice and dataUtilize RFC 1918 Address Space


Security

• Establish Physical SecurityLimit and monitor physical access to all servers, switches, and routers

• Protect the Network ElementsFollow sound password and authentication practicesSecurely configure any network management functionsUse logging services to track access and configuration changes

• Design a Secure IP NetworkPlace all Call Processing Servers, IP telephony servers, and IP phones on logically separate IP networksUse IP filters to limit access from the data network to the IP telephony networkPlace firewalls in front of all Call Processing clusters


Monitoring

• Measure Device AvailabilityDevice Uptime (ICMP)

• SNMP monitoring for device componentsMemory and CPU UtilizationInterface Utilization and ErrorsPower Supplies and Disk Drives

• Establish thresholds and Automatic NotificationProvide email and pager NotificationBaseline the EnvironmentStandardized Monitoring Policies for All Hosts


Monitoring

• Voice Gateways and TrunksGateway Availability (Registration)

Gateway Utilization

VM Port Utilization

• Dial tone and TFTP availabilityDevelop automated testing tools

Configure Testing to Replicate the User Experience

• Configuration backupsCallManager, Voice Gateways, and LAN/WAN devices

Automated Daily Reporting for Configuration Compliance


Support

• Patches and UpgradesEstablish an Upgrade Policy

Utilize Remote Administration Tools (VNC or ILO)

Pull Redundant Hard Drive on Major Upgrades

Utilize Change Management Process for all Updates

• Minimize Impact During the UpgradeStagger Cisco CallManager Reboots

Monitor TFTP

Disable Alerting during the upgrade

Perform Post-Upgrade Dial Plan and Voicemail testing


Support

• Case ManagementProvide an Escalation Path for Support TeamsIdentify Subject Matter Experts in Voice, LAN and WANEnforce Escalations through Proper Channels

• DocumentationDevelop Implementation and Support Documentation and Store in a Central LocationDevelop FAQ’s for Frequent Problems and Solutions and Provide to the Tier 1 Support Team

• Assign the Correct User PrivilegesAccess Rights Based on Job RequirementsUse MLA to Provide Granular Access to CallManagerUser vs. Privilege Access on IOS-Based Devices


Dial Plan Considerations

Fully Understand the Existing Dial Plan Requirements (and Caveats) When Migrating to IP Telephony• Examine existing telephony usage including:

Current call volumeProfile of calls (frequency, duration, and call flow)Call activity to the PSTN and Voicemail systemGrade of service being offered

Engineer the Solution to Aggregate Traffic and Trunking Together to Take Advantage More Efficient and Cost Effective Call Routing


Dial Plan Considerations

• Implement a uniform dial-planAbbreviated dialing for calling within and between sitesMethod for dealing with overlapping extensionsSource of record for all extensions

• Utilize CallManager Auto-RegistrationDisable the feature to prevent rogue phone registrationAuto-Registration with restricted (PLAR) CSS that automatically calls the help desk

• Be Aware of Toll-FraudAddress “Call Forward All” and Voicemail ExploitsExamine Call Detail Records for abuse of the systemIdentify and restrict “toll” area codes



• Implement SRST for Remote SitesVerify SRST Fallback

Test Dial Plan while in Fallback Mode

Verify 911 Dialing

• Deploy Redundant Voice GatewaysDistribute Across Multiple Devices

Provide “Shared” Resources for Redundancy

• Careful consideration when developing dial plan

Be Aware of Site-Specific Dialing Requirements (e.g. 7 Digit vs. 10 Digit Local Dialing)

Implement AAR to Protect Against Out of Bandwidth Conditions



• QoS on the Home RouterProtect voice traffic

• Broadband internet access for home users

Minimum 256k Uplink/768k Download

• Hardware VPN device with encryption • Distributed VPN infrastructure

< 200ms round trip time to the corporate backbone

• Standardize Codec Selection for Remote Users



• Utilize RFC1918 space for all labsPrevent External Access to Labs

• Labs must use a proxy server to get to the internet• ACL’s limiting traffic that can be sourced from a lab

Only Registered Address Space is Permitted

• All static routing to labsProtect the Production Environment

• Anti-Virus Software on all lab PC’s



QoS:• Create and document a QOS policy; Test, then implement the policy

consistently, end-to-end within the network

Standardized Configurations:• Develop a standard for all configurations and deploy it consistently

Management Metrics:• Identify and prioritize what will be measured to define success;

Develop automated systems to collect and report the metrics

Documentation:• Create an IT Operations Intranet web site to store and serve

documents; Identify an owner of the site and of each document


More IP Communications Resources

http://www.cisco.com/en/US/about/ciscoitatwork/case_studies/ipcommunications.html

Case Studies

Operational Practices and Design GuidesIP Telephony -http://www.cisco.com/en/US/about/ciscoitatwork/case_studies/ipcommunications_dl0.htmlVideo - http://www.cisco.com/en/US/about/ciscoitatwork/video_op.htmlDesign Guides -http://www.cisco.com/en/US/netsol/ns340/ns394/ns165/ns391/networking_solutions_design_guidances_list.html

Call to get Product, Solution and Financing Information1-800-745-8308 ext 4699

Order Resourceshttp://cisco.com/en/US/ordering/index.shtml

http://www.cisco.com/en/US/about/ciscoitatwork/case_studies/ipcommunications_dl0.html

http://www.cisco.com/en/US/about/ciscoitatwork/video_op.html

http://www.cisco.com/en/US/netsol/ns340/ns394/ns165/ns391/networking_solutions_design_guidances_list.html


http://www.cisco.com/web/about/ciscoitatwork/case_studies/iptelephony.html

http://www.cisco.com/en/US/about/ciscoitatwork/case_studies/ipcommunications_dl0.html

http://www.cisco.com/en/US/about/ciscoitatwork/video_op.html


http://www.cisco.com/en/US/ordering/index.shtml

cisco it avvid operations best practices...presentation_id cisco public voice quality • trust ip...

Documents