A very attractive option to consider is moving to a hosted or cloud-based voice platform. This solution offloads a large amount of operating expenditure (OPEX) away from the school. A major cost with a standard PBX deployment is day-to-day maintenance, keeping up-to-date with the latest software levels and respective processing hardware to deliver the voice service or feature set.
In a cloud solution, the provider keeps the central communication servers up to date and removes this cost from the school district’s expected expenditure. Cloud-based offers also incorporate key elements and services into the “rental” of equipment per month (per user/per site). The running costs, the telephones, media gateway, feature sets, dial plans, trunking and integration of emergency notification or e911, are all included. This significantly lowers the per month spending and substantially lowers the communications overhead.
A key element of moving to an OPEX model like this is the ability to adapt to change faster. Circumstances can change very quickly. Additional school buildings, unforeseen situations, peak events (registration, end of year), and adopting new educational technology can all lead to a significant shift in your requirements. An OPEX model enables you to adapt to these changes without the need for extensive re-budgeting or bidding. You can be aware of what everything will cost before you commit, and there are no hidden extras. Similarly, if there are budget restrictions within your organization, the district will automatically benefit from the cost reduction for fewer deployed devices. K-12 schools should look for a cloud voice solution that allows flexible integration and customization.
A hybrid solution with elements both on-premises and in the cloud will give larger school districts the flexibility for more advanced communications services without having to use disparate systems. This includes integrations to LMS (Learning Management Systems) or SIS (Student Information Systems) and special education programs (distance learning). A hybrid solution gives schools full autonomy under the same cost effective OPEX deployment model.
New unified communications features added to smart phones will enable professional and personal usage. It is as simple as removing the cost of the teacher’s desktop phone from the overal cost and still enabling them to listen to their voice mail and other system features.
Telspan Cloud Solutions has unveiled its new cloud-based business phone system. Customers can take advantage of the most up-to-date services and stay ahead of the technology curve without worrying about on-site hardware. The system is hosted and managed by Telspan Cloud Solutions and includes a full suite of business telephone features and VoIP phones with HD Voice and Encryption.
The advantages of moving your communications to the cloud include:
Little or no capital investment
Reduce monthly expenses
Consolidate all communications expenses to a single, manageable monthly bill
Easy to Mange
Intuitive browser-based programming interface
You no longer have to spend time managing your phone system
Single vendor supports all communications, lines, phones and applications
100% of ongoing management and maintenance included as part of standard service
Guaranteed reliability and built-in disaster recovery
No wired connection can deliver 100% uptime so the question isn’t whether your business will lose connectivity to the Internet, the question is how to protect your organization from loss and disruption when it does happen. With Cradlepoint WWAN failover solutions using 4G/LTE, your organization can protect from these losses and mitigate risk to your brand.
With mobile operators’ marketing departments already throwing around claims about their 5G services, the United Nations is weighing in with its definition of what qualifies a network as next-generation.
Verizon Wireless will begin delivering “5G” service to select users in 11 U.S. cities in mid-2017, even though some places don’t yet have access to 4G. And at the Mobile World Congress 2017 trade show in Barcelona, companies including Intel, Qualcomm and Ericsson will be promoting their moves towards 5G.
But what marks the difference between one generation of mobile technology and the next?
Business Continuity Solutions for Variety of Mission-Critical Needs
By David Rush and Landon Reese
Regardless of industry or location, every business needs to strategically and proactively plan for network failover. When connectivity goes down, Point-of-Sale (POS) services, business operations, profits, and even customer satisfaction suffer.
In the interest of business continuity for your network, here are seven key factors to consider regarding failover:
1. Overlay Failover
Organizations that may not have the resources to overhaul their new network architecture can instead implement overlay failover with their existing infrastructure as a simple, cost-effective solution. Cradlepoint’s ARC CBA850 bridge converts LTE broadband to Ethernet by providing the existing wire-line router with a second “wired” WAN connection.
Overlay failover increases reliability without relying on last-mile connectivity via the same trench. It’s easy to set up as well; IT staff can simply plug in the router and configure remotely with Enterprise Cloud Manager (ECM), the network management service within Cradlepoint NetCloud.
Multiple parts of a network can fail, so it’s important to deploy different types of redundancy. If your wired WAN connection goes down, you can failover to LTE. In the event that your router goes offline, you can take advantage of a second, parallel router using Virtual Router Redundancy Protocol (VRRP).
VRRP, a layer 3 protocol, empowers businesses to take failover to a higher level by allowing Internet failover and router failover simultaneously. If the primary router fails, a backup hardware solution — many organizations use the Cradlepoint AER1600 Series — can take over as the primary router. The entire network automatically fails over to the Cradlepoint router — with the LAN and WAN uninterrupted.
3. Out-of-Band Management (OOBM)
OOBM is another important element of network failover. Traditionally, a truck roll — requiring expensive equipment and labor — is needed if something goes wrong with a primary router’s configuration. Through OOBM with ECM, IT staff can use LTE connectivity to remotely access the router and all LAN-connected devices sitting behind Cradlepoint’s ARC CBA850. It’s like having an engineer sitting at a laptop plugged into the console port of the primary router, from anywhere in the world..
These robust OOBM services are available through ECM without the primary Internet connection, inbound SSH, or a static IP address.
Many businesses are simultaneously exchanging multiple types of data, such as sales information, voice and video data, and inventory, often at peak times. LTE failover is ideal in the event that your primary WAN connection goes down, but why not utilize the extra bandwidth all the time?
LTE is incredibly powerful because it supports high bandwidth, which your business can benefit from by utilizing LTE failover for load balancing. Critical traffic can be sent across LTE while public traffic can be routed through a land-based connection. In the case of an outage, public WiFi can simply be shut off to preserve critical services, thereby ensuring failover when you need it while expanding bandwidth when you don’t.
5. Multi-WAN Management
At first glance, 99.5% uptime sounds impressive — until you realize that the missing 0.5% equates to four hours of downtime each month. If your business has multiple locations, that downtime can become very expensive very quickly.
A multi-WAN solution can boost that uptime to “four-nines” uptime, or 99.99% solution. With multi-WAN failover and several failure detection and decision agorithms, Cradlepoint provides flexible and robust failover and failback. Cradlepoint offers best-in-class mechanisms that allow you to pick which WAN source to use and can handle advanced multi-WAN management.
6. Wireless-to-Wireless Failover
In vehicles, where wired lines aren’t an option, LTE is the primary connection, but that doesn’t mean failover isn’t available. The Cradlepoint COR IBR900 and COR IBR1100 both support multiple LTE connections as well as WiFi as WAN. WiFi offloading of video DVRs via station WiFi for busses or police is common so as not use the LTE connection while in the field. IT managers can select WiFi to automatically attach and trigger video offloadingwhenever available and LTE to activate while on the road.
IT teams that deploy the COR IBR1100 together with the Dual-Modem Dock can achieve true wireless-to-wireless failover, going back and forth as needed between two LTE connections and WiFi.
Future-proofing your network is a smart investment now and later. Ensuring that what you buy today is adaptable to what is released tomorrow can be an extremely important — and financially responsible — element of your network failover solution.
Cradlepoint’s, for example, connects into the CBA850 and other Cradlepoint routers, which offers a turnkey networking solution for best-in-class 3G/4G/LTE. When the next generation of LTE modems is released, businesses can take advantage by only upgrading the MC400 modem portion of the product instead of the entire router.
How to Keep Up With Best Practices for Protecting Critical Information
As always, 2017 promises to be a year of security challenges among network administrators and security specialists. The ever-expanding presence of workforce mobility, the Internet of Things, and more makes keeping up with the latest security best practices as important as ever.
Here are 10 important network security needs in 2017:
Change your default passwords. Network manufacturers usually ship devices with default passwords. If you still haven’t changed the default password, your network is vulnerable to hackers.
Begin using multi-factor authentication. With multi-factor authentication, even attackers armed with stolen usernames and passwords wouldn’t have enough information to log in. Layered network security practices such as multi-factor authentication mitigate the risk of data breaches.
Implement business continuity plans that include a solid backup strategy. More than $300M in ransomware payments were made last year, and properly tested backups can be your best defense.
Deploy Parallel Networks to protect sensitive data. Instead of complex configurations, organizations can easily ensure excellent security of high-risk information through air-gapped “Parallel Networks.” This physical separation prevents would-be attackers from pivoting from one compromised device to servers and networks that hold sensitive data.
Schedule penetration testing on a regular basis. Use pen testing to determine whether and how a malicious user can gain unauthorized access to assets that affect the fundamental security of your system, files, logs, and/or cardholder data. Pen testing also can confirm that the applicable controls required in PCI DSS — such as scope, vulnerability management, methodology, and segmentation — are in place.
Adopt zero-trust networking principles. Through SDN and network virtualization, Cradlepoint NetCloud Enginemakes zero-trust WAN possible by microsegmenting the network at the site, departmental, or even user and device levels. This practice quarantines attack attempts once they’re inside the network’s perimeter.
Implement intrusion prevention and detection systems (IPS/IDS). Threat management is important for any IT team, and especially for those handling sensitive information and Point-of-Sale (POS) systems. IPS/IDS defends against evasion attacks, protects key data, and improves network availability.
Simplify your Mobile Device Management. Traditional Mobile Device Management (MDM) software relies on complex, clunky VPN architectures. Deploying a virtual overlay network that seamlessly works within your legacy infrastructure streamlines and simplifies MDM. With no need for head-end hardware, IT teams can give employees access to essential files and applications while also quarantining their mobile devices from the rest of the network.
Extend Active Directory servers to the cloud. Active Directory (AD) is the foundation of enterprise security, ensuring fast and reliable authentication, password compliance, DNS, and more. Today you can use the cloud to extend AD domain services to remote users everywhere, fostering a persistent, LAN-like experience that stays on without user interaction.
Utilize port scanning to understand what you are exposing to potential attackers and lock down unused ports. Open ports essentially are open on-ramps to your network.
How and Why Enterprises Should Use SDN & SD-WAN to Connect the Growing Internet of Things
With the seemingly never-ending influx of M2M and Internet of Things devices in the network environment, determining how to best connect and secure those “things” as they rapidly scale up is one of the most pressing challenges for any network admin. Businesses and organizations across the globe need to collect information as varied as daily sales numbers, customer analytics, water levels, temperatures, vehicle locations, security video and audio feeds, power and fuel consumption, voltages, air quality, and more.
Connecting these kinds of devices with traditional IPSec VPNs — dependent on hardware and complex, laborious configurations — is insufficient for an enterprise’s agility and deployment requirements. Moreover, VPN protocols used over IPSec/IKEv2 are not entirely consistent when handling connection failures, roaming, or reconnect. Devices used in mobile environments where connections can be interrupted suffer because of having to re-establish the tunnel.
By enabling a software-defined overlay network, all of these issues are resolved — the connection is persistent and failures are reconnected by the cloud automatically, no advanced configuration is necessary, and encryption and PKI are deployed as a service. Let’s take a closer look at one solution: secure, global M2M-IoT connectivity through software-defined Virtual Cloud Networks.
Traditional M2M-IoT Network Architecture
To fully understand the benefits of virtual cloud networks, we need to discuss what legacy architecture often looks like. Consider a typical M2M-IoT network: A company with thousands of distributed kiosks, IP cameras, and Point-of-Sale (POS) stations uses a cloud datacenter to process the big data generated by all of these devices. At the same time, these IoT devices use and send information to applications (such as a management and configuration applications) stored at an in-house data center.
The network may utilize multiple WAN interfaces — perhaps the enterprise headquarters is on an MPLS network, while the IoT devices utilize a combination of LTE connectivity and third-party networks. The company’s IT team largely works from headquarters. The enterprise’s M2M/IoT — or “things” — network likely is managed separately from everything else, with the IoT devices residing behind APN gateways.
This type of legacy architecture presents several challenges, including:
Cumbersome APN Management
APNs are expensive and difficult to manage in multi-carrier environments. As an enterprise network continues to expand, so does this management challenge.
Security Concerns on Third-Party Networks
Each IoT device is a potential network on-ramp for hackers. Security policies must be carefully and meticulously applied via expensive APN gateways at the Network’s Edge. Traffic headed to the cloud datacenter must first be backhauled to headquarters over the VPN for security and management.
In-band management for remote network monitoring and maintenance is complex and laborious. It’s especially challenging with IoT devices, which usually are limited in their memory, OS, and processor. Alternatively, remote devices may have a very slow in-band link because they’re so remote.
Solution: Virtual Cloud Networks for Software-Defined M2M-IoT Architecture
Software-defined networking can simplify your M2M-IoT network infrastructure, allowing a more efficient traffic flow between the IoT devices, in-house data center, and cloud data center, while still maintaining security. In this use case, the enterprise could easily set up a cloud-based IoT network with Cradlepoint routers and NetCloud Engine, Cradlepoint’s cloud-based Network-as-a-Service that provides a private virtual overlay fabric across the public Internet.
In the diagram above, an enterprise is utilizing the Cradlepoint NetCloud platform in a number of ways. First, a virtual cloud network (VCN) replaces a traditional VPN. The VCN functions over the public Internet but operates in a private address space that can be fully integrated with your existing DNS infrastructure. This setup, combined with end-to-end AES 256-bit encryption and full PKI, makes the VCN extremely secure; essentially, hackers can’t hack what they can’t see.
NetCloud Engine securely connects, monitors, and manages devices deployed anywhere in the world. You can create a virtual overlay network to connect devices using any form of public or private Internet access and segment them by customer, site, or function.
NetCloud Engine is designed to support the unique security requirements of M2M and connected device applications, including:
Strong end-to-end encryption
Auto-PKI and machine authentication
Fully cloaked private address space
Virtual network isolation and micro-segmentation
Benefits of Virtual Cloud Networks for M2M-IoT
This software-defined IoT network architecture addresses an enterprise’s pain points by providing:
The security benefits of APNs without the cost and complexity
Reduced need for network hardware
A routable network that enables in-band management and reduced truck rolls, due to the separation between the control plane and data plane
Support for real-time applications such as remote monitoring, analysis, and CEP
Simplification of third-party deployments, because of the ability to produce an overlay network across several WAN sources in agnostic fashion
Self-healing cloud service ensures maximum uptime
Private IP address space and outbound connections, eliminating the need for expensive public IP addresses and on-premises firewall changes
SDN lets enterprises simplify the work of connecting thousands of “things” in dozens or even hundreds of different places. LTE provides the fast provisioning of connectivity, flexibility, and mobility needed for M2M-IoT applications. SDN pairs with LTE to bring the same benefits to the network infrastructure, by allowing companies to use the cloud to offload and automate the processes of building, securing, and deploying networks.
Essentially, the WAN can been abstracted into the cloud to function as a LAN — greatly reducing an enterprise’s network hardware, expenses, complexity, and man-hours.
How a Virtual Cloud Network Can Reduce Costs and Complexities for IT Departments
Workforce mobility provides some of the biggest opportunities and challenges for enterprise networks. The bottom-line benefits of employees being able to work anywhere are clear: greater productivity during business travel, more consistent communication, workday flexibility, reduced infrastructure costs, and much more.
However, the challenges are just as clear. Employees need access to a variety of applications and documents that live either in the cloud or at the corporate data center. Meanwhile, the IT department often must use inflexible legacy architecture and hardware to provide network and application access that is highly secure no matter where employees are working from or which devices they are using.
Finding a flexible alternative to traditional VPNs is important for IT departments as workforce mobility becomes more and more prevalent.
Challenges of Remote Access and Workforce Mobility
Many companies enable remote access and workforce mobility via a head-end box at the corporate data center. This supports security compliance for employees’ devices that may or may not be owned by the organization. However, this design is often inflexible when changes need to be made. Moreover, Bring-Your-Own-Device (BYOD) arrangements can present significant concerns with security and the backhauling of casual Internet traffic.
Giving employees remote access to legacy applications that live in the data center presents an array of challenges. For instance, remote users who are off-domain for long periods of time can present compliance issues once they reconnect. Also, traditionally there are high costs associated with supporting mobile and home workers. Their technological needs vary based on location, device, and WAN source — all of which may be resolved one week, only to change when they shift locations the following week.
IT departments often are left scrambling to ensure that these employees are reliably and securely able to connect to the resources they need while keeping expenses, such as IT man-hours and network hardware, to a minimum.
Virtual Cloud Network Solutions for Mobile and Workforce Mobility Challenges
Just as remote access and workforce mobility present unique challenges, they require unique solutions. By setting up a Virtual Cloud Network through Cradlepoint’s NetCloud Engine, any IT professional can ensure users have access to important applications that live in the data center and/or cloud via one tightly controlled network.
NetCloud Engine extends SD-WAN functionality to an organization’s mobile workforce, giving employees a secure, LAN-like connection to private and public cloud apps and files from anywhere and any device. As shown in the diagram above, with NetCloud Engine running on a router at the data center and on each employee device, there is a persistent encrypted connection to a VCN overlay set up specifically for mobile access. It also seamlessly integrates with Active Directory, requiring no changes to existing infrastructure; each remote member remains “on domain” no matter its location.
NCE moves to the cloud the key functionalities that reside in traditional network architecture — such as policy control, app filtering, and NAC — without sacrificing security compliance and without needing a head-end device. Any traffic destined for any application will still flow into the data center using the NetCloud Engine client, and anything coming from the client that goes to the Internet will go directly to the Internet.
A remote worker on the road may stop in a coffee shop and browse his email on his mobile phone while waiting for the train; once he’s on the train, he may connect and work from his laptop. With NetCloud Client loaded on his mobile phone and laptop, and with access to the Active Directory server back at the data center, the Internet essentially becomes his private network. At the same time, IT administrators have policy control for micro-segmentation so they can make sure the remote employee only has access to the applications and data he needs.
Benefits of Virtual Cloud Networks
With VCNs through NetCloud Engine, enterprises can solve the pain points typically associated with legacy VPNs. Benefits of SD-WAN for remote access and mobile workforce mobility include:
Less hardware required
Overlay fabric provides seamless integration with legacy architecture
More flexibility and scalability as an organization expands
Secure atmosphere for BYOD
Faster configurations and deployments
Fewer IT man-hours devoted to deployments and network management
The biggest trend in office communications right now is the use of cloud-based phone systems. Cloud systems, also called IP Phones are typically used in a hosted environment. Outside lines are connected over a secure, encrypted VPN connection.
Features of cloud-based phones include voice messaging, auto attendant, mobility, conferencing, and call reporting. With a traditional phone system, the equipment for all these features resides at your office, where you are responsible for its maintenance and service. Cloud-based systems are located off-site and maintained by the provider.
Cloud-based phone systems can grow and evolve with your business.
Add users and phones
Improve call flow
Stay up to date on upgrades and office communications technology
Integrate mobile phones into your office system
Fixed monthly cost
Cloud-based systems provide ease of use and better integration with mobile and desktop devices.