For many MSPs, it doesn’t make sense to try to be all things to all people. Instead, MSPs often choose a certain vertical (or multiple verticals) to specialize in. For instance, an MSP might choose to focus on the automotive, healthcare or real estate industries, to name just a few example verticals.
Focusing in on certain verticals helps you get to know your prospective new clients even before you have met them. When you can introduce yourself as having specific knowledge of that industry’s challenges with the solutions you have developed, you elevate your relevance and perceived value for potential clients.
So, how do you choose which verticals to focus on? Keep reading for some tips.
Selecting a target vertical for MSPs
1. Focus on industries you know best
Examine your own interests and your past business life. For example, if your background is in retail, banking or healthcare, you may already have the business acumen needed to cater to the IT needs of companies in those industries. You will also be in a better position to demonstrate deep knowledge of and passion for your client’s business.
Plus, having experience in the industry menas you can find your first clients just by searching through the contacts list from your previous business-connections.
2. Leverage partnerships and alliances
Do you have partners — or can you gain partners — who will help you gain entry to a new vertical? If so, take advantage of these relationships to help select a vertical. For example, if you are currently working with a healthcare or legal client who places a priority on the privacy-related IT services you deliver, use those services to help gain other clients in the same vertical.
3. Don’t be afraid of nonprofits or charities
Nonprofits often have no interest in building and expanding an in-house IT shop. They generally believe their best course is to focus on their core mission and outsource operations to a trusted managed service provider. Thus, this can be a good vertical for MSPs to focus on. Consider building a collection of these cost-conscious clients that are not likely to jump to another MSP as long as you meet their needs reliably.
4. Consider your region
The businesses that thrive in your geographic region will often be more open to giving a local MSP their business, rather than giant cloud providers in other cities. You have a local advantage and can give personalized service via your proximity to decision-makers. For example, a historic automotive assembly region may have several potential clients close to you in the parts-supply chain. Agricultural centers, university towns and established military communities are also likely to have secondary surrounding businesses that need IT services from MSPs.
5. Look for greenfield opportunities
Many regions today are working to convert their workforces from legacy industries to new technology centers of excellence, like R&D and technical support call centers. Thus, MSPs can watch for changes in culture and laws that foster new industries close to them, like medical marijuana, green energy or biotechnology, and then focus on those verticals.
6. Become a student of your vertical
No matter which verticals you select, the most important tip is always to be learning about your specialized vertical. Dedicate time and energy to getting to know the workflow, regulations, common IT requirements and CEO priorities of the industry. You can do this via several methods, including reading industry newsletters, government statistics, blogs, conferences and whitepapers, and joining support groups.
Know your customer before you meet them.
Discuss with confidence expected requirements such as their:
tolerance for service interruptions
which transactions and databases are critical
Disaster Recovery ambitions
common network and security requirements
regulatory opportunities and constraints
depth of skills of current IT internal support
HR policies and practices
backup and data retention regulations
migration status onto cloud services
discipline for software updates and maintenance
their comfort level out-tasking visibility and control to an MSP
product line roadmaps and IT growth expectations
expected critical B2B relationships
customer experience and SLA expectations
strategic priority on IT stability and flexibility
Picture your MSP being a cog in the wheel serving your client’s suppliers, workforce, manufacturing, customers and digital interface to the economy. Talk not only to top executives, but to the middle managers that have a mandate to deliver daily operations. They will share the pain points that you must learn and resolve. In this way your sales process and marketing messages will be more focused and efficient.
Delighting the first clients in your specialized vertical should pave the way for subsequent similar and larger MSP wins with less effort.
Progressive managed service providers are always looking to capture new revenue and retain loyal clients by delivering more value. Often this means looking at expanding the services catalog far beyond being a break/fix hosting provider. Mid-sized MSPs today are listening to the market and being open minded about new possibilities. On top of basic operational duties, many have extended their portfolio of surrounding services like network resiliency, printing, identity management, SIP Trunking and cloud security for examples.
Now building on the new economic advantages of cloud computing, small and mid-sized MSPs can offer Disaster Recovery as a Service (DRaaS) to a wider base of potential clients. Disaster Recovery investments and planning are no longer just for the Fortune 1000. Here we discuss the challenges and benefits of building a DRaaS service, and list the key deliverables from a quality MSP.
Disaster Recovery Products Scope
Gartner defines DRaaS as “a productized service offering in which the provider manages server image and production data replication to the cloud, disaster recovery runbook creation, automated server recovery within the cloud, automated server failback from the cloud, and network element and functionality configuration, as needed.”
Essentially the difference of DRaaS from a managed backup service is that the MSP is not only responsible for collecting the data and applications, they also orchestrate the recovery from agreed upon playbooks. The data may reside or be directed to the customer premises, the MSP’s IaaS or a third-party cloud provider. DRaaS services from MSPs have simplified the otherwise impossible task of setting up alternate computing sites to resume production quickly after an interruption. Restoration is completed within a predictable timeframes to meet business objectives.
You may think of weather, forest fires and earthquakes as common natural disasters that potentially interrupt operations. Today’s business leaders must anticipate potential risks of civil unrest, evacuations, extended power grid interruptions, and security threats such as ransomware that hold critical data hostage.
Why Clients Consider Purchasing DRaaS
Many clients that have outsourced or outtasked IT functions to an MSP will see the value in purchasing DRaaS. This type of managed IT service is a combination of operational responsibilities, software automation and Professional Services. In today’s economy built on electronic commerce most enterprises can easily calculate the mounting costs of unplanned downtime. The lost revenue from restoring web services after 24 minutes or 24 hours is enormous.
A real-life example of an IT disaster with a successful recovery is discussed here:
Further to lost sales is the possible long-term damage to the brand with loss of consumer confidence if disasters are mishandled. The enterprise must evaluate common and rare risks so they are somewhat anticipated and planned for. Today most everyone has backups either done in-house or with an MSP partner.
Human nature also shows that confusion and panic may set in to paralyze operations when faced with the pressure of unknown variables. Extended failures are often due to operational assumptions that haven’t been fully validated by testing.
Although the client may see the value of planning, they may not have the specific resources or want to invest in always-on standby servers, licenses and redundant communications. Given the maturity of automated cloud backup software and quick provisioning times of cloud resources, a savvy MSP can now put together a DRaaS offer with attractive rates.
Why Offer DRaaS as a Part of Your IT MSP Catalog
If the MSP already has operational responsibility for creating and storing valid backup data, they are in a great position to offer a DRaaS to add value, and gain wallet share. In fact the technology difference from a solid managed backup service to DRaaS is not a big leap. It is a matter of planning, documentation and discipline processes all outlined by new Professional Services engagements.
Ultimately a growing MSP will want to move beyond a ‘Service Provider’ posture and also become a ‘Trusted Advisor’ to select accounts.
A ‘Trusted Advisor’ is a status which an MSP can gain by demonstrating integrity and technical expertise to a client, listening well and collaborating with professionalism, thus developing a trustful business relationship. It often leads to multiple solution sales where the client believes the vendor or consultant always has their best interest at heart.
Offering DRaaS will allow the MSP to get to know the client’s business priorities and operations to another level. When trust is established and operations are intertwined, there is more likelihood of long term loyalty.
After building DRaaS, today’s progressive MSPs can leverage these services as a differentiator over regional completion. This add-on service option can also be leveraged later in time to retain strategic accounts coming up for contract renewal.
As of 2019 here are the main business reasons MSPs develop a DRaaS offer:
The industry now has a mature definition for a DRaaS offering
A client’s business case for this investment can be easily justified
Gain a new recurring revenues & high margin Professional Services
Increase your total value delivered and loyalty with IT clients
Cloud backup platforms now automate monitoring, processes and compliance at new lower costs over previous manual labor playbooks
Advanced backup services are becoming table stakes for full service MSPs
Seven Key Features for DRaaS
Below are high-level service components of a quality service. Your final service description will encompass several standard features and customizations. Here are some main considerations to take stock in towards justifying and starting development.
Cross-Platform Infrastructure Support
Best practices in storage and recovery of critical data include the 3-2-1 Rule. This approach says you should build 3 copies of your data, have 2 different mediums (disk, tape or cloud) and 1 copy should be off-site from the production location.
A hybrid of cloud and local storage is common and the MSP should have internal capacity plus alliances with regional or hyperscale cloud providers.
Architecture That Supports RPO and RTO Targets
Your standard offer or custom build must accommodate the client’s business requirements. Once a disaster is declared, the Recovery Point Objective (RPO) and Recovery Time Objective (RTO) are two cornerstone business parameters of disaster recovery services.
Essentially the target age (how far back in time) of the data do we need, and how quickly in elapsed time do we need to resume application(s) back into production. From there the solution’s architecture can be finalized and a plan can be costed. Some Professional Services and architecture alterations may be required in order to get a viable DR plan into production.
Professional Services to Create the Plan
Aside from recurring revenue a mature DRaaS service will pull in billable hours to explore the client’s objectives, shape the client’s solution, and document the final plan for sign -off. These Professional Services could be billed outright, or blended into the monthly IT services invoice.
Reliable IT Operations
An MSP needs a proven track record of being proactive to events and effective in restoring IT services per contracted SLAs. A common operational web dashboard should be shared with the client to prove daily readiness should a disaster strike.
DR Testing to Verify Plans
100% of the best-laid plans need to be tested and signed off by all parties. Testing can be piecemeal or a total run- through of a mock disaster. All testing must be periodic to account for subtle environmental changes that will impede DR success. Classic MSP DR testing methodologies are further discussed here:
Every well-written DR plan needs adjustment over time as conditions and priorities change. Each plan should be reviewed if there are changes in personnel, policy, infrastructure or expansion. Your DRaaS should follow a discipline Governance Model that not only periodically reviews the plan, but tests components on a regular basis. Each party has a responsibility to inform and adjust to changes in technology or the common business environment.
MSP Pricing Model
Your DRaaS can be costed and billed in a variety of valid models. Likely the client will want to continue only per device, or per user pricing. Known costs can be divided by units billed, but that assumes only modest design changes in low overall growth.
Remember DRaaS is a premium service that delivers a guaranteed overall outcome. Consider a fixed premium monthly invoice based on the overall architecture and actual resources consumed.
MSP billing design options are further discussed in the following article:
So should the ambitious MSP develop and promote only a managed backup service or a full Disaster Recovery as a Service offer? The marketing material may sound similar at a high level, but the roles and responsibilities are very different.
Ultimately it depends on the profiles of your target clients along with your talent pool and business plans. Fortunately the leap from BaaS to DRaaS does not involve new large investments to gain automation towards enabling DR success.
Consider also that the IT client can always upgrade at a later date to a Disaster Recovery Service when you have delivered operational excellence in Managed Backup. Clients will upgrade with you if a Trusted Advisor relationship is reached. Further discussion of BaaS vs. DRaaS development decisions are found here:
Choosing the Right Software for Your DRaaS Offering
MSPs will not need to invent or code new software applications to perform backups and display the real-time results. Look for a DR software partner that enables efficient support of small and mid-sized clients with modest requirements. They should also be able to scale to handle complex designs without product customization.
Look for these attributes when selecting a BaaS or DRaaS partner:
Cross-platform support – Windows, MacOS, Linux and endpoints
Storage-agnostic – mix and match local, cloud and hybrid designs
Capable of application-aware backups
Efficient use of deduplication, compression and bandwidth throttling
Intuitive scripting and common templated tools for push button activation
Encryption for added security on data at rest, or in transit
Full visibility and control from a shared customer web portal
Integration APIs into MSP ticketing, security and business systems
Enable regulatory compliance for PCI, HIPAA and others
Ability to white-label client dashboards and reports as your own
Proven compatibility with hyperscale computing providers
AUTHOR Mike Berry Mike is a long time Service Manager with a career twist into Product Portfolio Management. He has been builder and owner of services for Managed Service Providers in Telecom, IT and Security. Today he coaches young men’s baseball and writes about technology directions and business choices.
We
all agree that the industry has changes and it is very apparent that a Cloud PBX solution with
surrounding services is replacing legacy onsite PBX or stock Business Phones. Aside from this shift in investment, more and
more features are being enabled and included at the desktop phone and softphone
applications.
Likely
before VoIP was a serious conversation at your organization, mobile phones were
used in business communications first for key executives, managers, sales
persons, and remote workers. In the
beginning there were very little guidelines and tools to split costs so many
companies paid the entire monthly bill and asked the employee to keep personal
use to a reasonable minimum.
As IP Business
Phones improved, Mobility became the norm
As
Canada adopted the first generation of VoIP solutions and Unified
Communications, the desktop and conference telephones were changed out. Softphones were offered on laptops for those
road warriors as the connection into business communications. Concurrently and independently mobile phone
use also grew exponentially as it became a standard tool for business. The Phone System and the individual mobile phone
assets were used but not integrated together on an organizational level.
Today
the two worlds have evolved and the Cloud PBX has become the platform of choice and will replace
single ended Business
Phones. Mobile phones developed
to place free local and long distance calls over WiFi, hence the game changed
again. Now mobile application software
allows users to participate in the call management, collaboration and
integration to businesses systems that drive efficiency. Depending on your type of business and
employee profiles you may ask yourself if all you need are mobile phones, and
forgo the IP desktop telephone.
Can you
just go using mobile phones?
Certainly a super small or start-up ventures can
initially begin with only mobile phones attached to individuals. But as the
business grows and employees are added your customers will expect a central
phone number on a Phone
System to call and need to get help via re-directed calls. A central
switchboard operator or Cloud
PBX directing your calls will be a sign of establishment to potential
clients. Remember that mobile phones are still prone to dying batteries, getting
out of coverage, and occasional voice quality issues.
Most of Canada’s mid-range and leading full service Cloud PBX Service
Providers (RingCentral, Telehop, MightyCall for examples) will have a branded
mobile application to place on a device to complete the Business Phone System picture.
Typically this facilitates presence, call transfers, contact lists, voicemail
to email and management statistics. Generally, they all have yet to recommend a
total mobile deployment for Business
Phones, but they also don’t sell mobile services.
Where are we now?
Cloud PBX providers
so far have brought productivity and cost savings primarily via the desk-phone
and softphones. Initial integrations
into Salesforce or Oracle for example were first developed without the mobile
phone in mind. That methodology is also evolving as the market now expect the Cloud PBX release
improvements for iOS and Android in parallel to the desktop experience.
Still between organization to organization there is a
checkerboard of support models for mobile business users today. Some companies allow employees to connect and
use company resources on private cell phones. Canadian enterprises may also
issue a cell phone for traveling employees to control applications, security
and cost certainty of data and voice plans. Most workers are not in favor of
carrying 2 devices throughout the day.
Some office workers speaking hours on the phone
throughout the day will always prefer a large screen and a headset to
accomplish tasks over the smaller form factor of a cell phone. They don’t want
to hold a small box up to their ear all day.
The evolution continues …
As Mobile Device Management (MDM) has evolved into
Enterprise Device Management (EMM) the BYOD control and split usage/billing
issues are going to be addressed over time. Device and Application Management for all business
assets are becoming less of an afterthought. Likely Cloud PBX open source
software will integrate with EMM in future years.
For large service providers like Rogers will promote
Unison for mid-sized businesses and Bell has a dual SIM offer on some new
devices. Either way, the Cloud
PBX and EMM systems will need to evolve and converge together before
we’re ready for ‘Mobile Only’ deployments that scale.
Cloud PBX Service
Providers are offering mobile phone apps as one of their differentiating
selling point. They extend the UC features
and business system integrations mobile users.
For 2019 and beyond, convenience is king, and a ubiquitous end user experience
includes enabled mobile devices.
Perhaps you were expecting it, or maybe it was a surprise. Your long time and large Business Phone Service Provider (like Bell, Rogers or TELUS etc.) notifies you that a substantial rate hike on the upcoming contract renewal of your legacy business lines. The reality is that many of the analogue voice clients have left their expensive infrastructure. Now the costs are spread across those traditional lines that remain.
Given your loyalty and history with your large providers
on Data, Voice and Managed Services this may feel like unnecessary gouge.
Canadians have implemented proven VoIP solutions given the evolution of this
technology and the true value delivered to mid-sized enterprises. Know that the
recent evolution in Cloud
PBX technology and delivered service quality, you could look at this
event as an opportunity to drive savings
and optimum productivity into your organization.
Now
what are your alternatives?
This event is an opportunity for you to examine alternate
solutions from mid-range Cloud
PBX service providers. They are tuned for mid-sized Canadian businesses
and are growing for all the right reasons. Use the business phone contract renewal period as
an opportunity evaluate your options. Likely you can go on a month-to-month
contract arrangement on current Business Phones or lines as you
investigate. New innovations and solid
offers from Versature, RingCentral, VoIP Much, and many others are posted and
reviewed by your peers on GoneVoIP.ca
What do
you need to consider? How do you get there?
To get to a decision on the migration to a Cloud PBX and the
ultimate selection of a new partner, we’ve outlined some decision criteria and
a high level methodology to go about it. Consider the following data points in
your own situation and create a thumbnail business case of expenses and
efficiencies.
1. Is my Internet
connection ready for the VoIP traffic overlay? Is your current
WAN stable and is there approximately 80kps up and down for each concurrent Business Phone user? Extra care needs to be
considered in a Call Center deployment or where streaming video is in constant
contention with new voice traffic on the data WAN.
2. What is the human
profile of my employees using a Business Phones daily and intermittently? Count and assign a
budget for individual profiles be it anchored office workers, mobile road
warriors and power users that need to be always found and connected.
3. What are my
desired ‘Base Features? A catalogue of familiar and new features will be
presented by every potential new partner. First do a self-assessment of
must-haves in the initial deployment of Cloud PBX. Likely it includes call forwarding,
conferencing, ID logging, an Intuitive console and Long Distance to start in
your new phone system.
4. What are my
desired Future Features? After the initial Business Phone roll out, turn on vmail to email,
management analytics, fax integration, business SMS and integration to office
systems like Outlook, Salesforce, Slack and other CRM or ERP platforms.
5. Evaluate on
Price. From the list of base needs look at the price packaging from each vendor
to see where you should start. Likely you can later easily move up the chain
from Bronze, Silver and Gold packages as you experience growth and your
readiness to turn on Cloud
PBX productivity features. Chances are there is little appetite for a Business Phone customized
solution in mid-market engagements, but more and more features are being
included in base services for the same prices. Probe vendors to get maximum
included features after understanding your own base needs.
6.Evaluate on Service Quality – Deployment.
Each Cloud PBX
service provider will sing a great song and the features offered may be
similar, or exactly the same. Ask about your particular roll out and what
amount of Project Management or professional resources are included in the
sale. Ask for typical Project Plans or Statement of Work examples for a similar
sized existing client. Judge if the new potential Cloud PBX partner is listening and anticipating
potential challenges for your particular roll.
7. Evaluate on
Service Quality – Support. Examine and perhaps tour the support centre each
Service Provider uses to take your trouble calls and requests for changes. Note
the hours of operation and if an escalation processes is in place. Use GoneVoIP.ca to look at
customer reviews. A long history of dissatisfaction may be a red flag but
service call handling in the past 1.5 years is perhaps your best indicator of
your expected support experience.
8. Evaluate on
Manageability. Obviously you want to retain visibility and control of
your new Cloud PBX
solution. Look to the administrator tools provided to be sure the Phone System console is
powerful yet intuitive. Base statistics are interesting but you may have
specific analytics requirements for management reports that prove the
productivity gains justified in your initial plans.
9. Evaluate on
Image. Your selection of a new service provider for a Cloud PBX should include
the intangibles of image and increased client perception of your brand. Which
new solution will be most effective in showing your clients a fast and
effective touch points from your sales and service departments.
10. Evaluate on the
Business Relationship. As these new service providers compete for new Phone
System clients some are offering a ‘no contract’ relationship for Cloud PBX. No long term
commitments are to your advantage as it minimizes your risks. Often they will
also offer a free trial for some selected Business Phone users so you can visualize the ease
of use to operate. Inquire about SLA reporting and refunds.
11. Would you need
all new phones? Migrating to a Cloud PBX does not necessarily mean a fork lift of
all current desk phones. Often IP phones form a current IP PBX are compatible
with a new platform. Your new service provider can determine and commit support
of your phone make and model at time of quotation. If you need to use existing
analogue telephones and fax machines an inexpensive ATA (analogue telephone
adaptor) can be purchased to get the device on your LAN and Cloud PBX. Caution that
your legacy phones may not have the buttons, screens, bells and whistles that
bring out the full future productivity features desired on the new Cloud PBX solution.
Can you
just go using mobile phones?
Mobile phones are ubiquitous throughout the enterprise
and a personal choice by those on the go.
The topic of going Cloud
PBX with smartphone only clients is explored in Part 2 of this series.
Leverage
the evolution! Get to a decision.
Assemble your business case with known hard expenses,
base and future needs, a use scoring system for vendor selection against the
‘do-nothing’ case of renewing with the incumbent large supplier after a rate
hike. Evaluate the options of making the inevitable migration to Cloud PBX now, or later.
As Canadian businesses have rolled out VoIP Solutions the end user experience has become more stable as quality goals have been adopted by this industry to assist in the design and operation of great VoIP deployments. Recently better VoIP engineering and capacity investments have driven quality gains. Still the VoIP administrator with his/her service partner still need to work together on some key measurements that enable optimum user satisfaction.
The following reasons can negate satisfaction at even the best quality VoIP Service.
• WAN Bandwidth allocated per expected voice session
• Lack of capacity at the ISP where voice may compete with data traffic
• VoIP Codec selected at the IP PBX
• Outdated firmware at the LAN, WAN, PBX and phone sets
• Latency being the delay across the end to end IP path
• Jitter being the regularity of packet arrival times at the destination
• Packet Loss – the dropping and subsequent retransmission of sent data
Quality of Service VoIP vs. Data Traffic
The TCP/IP protocol was first built with only data traffic in mind. It was perfectly acceptable that packets for an email file and attachment arrive at the destination out-of-order due to routing. The finished file does not get released until 100% of the file arrives. For voice traffic packets arriving late or out of order is a catastrophe as conversations will cut out and video will be choppy. For this reason the educated consumer should be aware of these parameters while selecting VoIP partners.
Main Components for the Quality of Service VoIP
• Availability is expressed as a percentage of time the network is available to the users for full service without degradation. The Availability score is often provided by the service provider per site or per network solution and could be a component of an SLA. Penalties do not apply during scheduled downtime or while trouble-shooting time is deferred by the end user.
• Latency is expressed in milliseconds (ms). It is the time it takes to send data and VoIP packets from source IP to the final destination. Generally round-trip way latency is less than 90 ms across the nation and less than 50 ms within a region of Canada. It is usually determined by the distance traveled, number of internet hops, engineering goals and capacity management by the ISP.
• Packet Loss is expressed as a percentage of the total packets that arrive at the destination IP address compared to the total packets sent from the source. Packet Loss is usually less than 1% for best quality VoIP service although up to 3% may be tolerated in some environments without the user detecting an issue. Loss of packets due to congestion or mismatched components cause re-transmission and the appearance of unacceptable latency.
• Jitter is the variations of streaming packets arrival times. Voice and Video require low and steady jitter tolerance for the user to avoid VoIP dead air during speaking or choppy video reception. It is expressed in milliseconds. Generally a constant score of 30ms or much less will allow jitter buffers at both ends of the VoIP call to normalize traffic for human consumption.
VoIP Quality of Service Tests
Obviously the Network and VoIP Administrator in every organization needs to be armed with VoIP Quality of Service measurements during normal operations and during times of quality issues. Free tests described below are provided by the Internet Service Provider, the VoIP Provider, a third party provider or come from your internal investments in Network Monitoring Tools. Internet Speed Testing may help isolate if new quality issues are due to a slow network, IP-PBX Issues, LAN issues or database/data issues that appear to congest or traffic that impacts VoIP traffic.
• Internet Service Provider Tests. Major Telecom players (Rogers, Bell, Telus, Cogeco) will supply a simple ‘Internet Speed Test’ that usually consisting of Latency (ms), separate Upload and Download speeds in mbps with Jitter results. The tests will identify your current internet provider based on the endpoint IP address and test point chosen in your region.
• 3rd Party Testing. The next tier of Regional ISPs and VoIP Providers reviewed in GoneVoIP.ca may also provide VoIP Quality of Service Testing or an ‘Internet Speed Test’ from its public pages or proprietary service portals. Examples would be Speedtest.net or bandwidthplace.com
• Internal Network Monitoring. If the Quality of Service VoIP is of critical importance, the best way to gain the most knowledge about current QoS is to instrument your data and voice infrastructure yourself. Additionally you can constantly test the network with traffic generators inserting simulated VoIP calls with test web surfing and data downloading. These large investments in time and capital and fit only medium and large organizations with critical network mandates. Free Monitoring software can be found although be aware that you may need full control of the onsite internet routers or also install probes in the network.
• Managed Network & UC Services. An organizational preference may be to fully outsource the WAN solution and also the VoIP services down to the desktop business phones. In this case the Quality of Service VoIP metrics maybe supplied you constantly at a service portal, in monthly SLA Reporting or upon request during joint trouble-shooting.
Quality of Experience – The Mean Opinion Score (MOS)
Perhaps the best way to pinpoint the overall Quality of Service VoIP is to follow the industry’s Quality of Experience (QoE) measurement called the Mean Opinion Score (MOS). It is a complex arithmetic computation encompassing Jitter, Latency, bandwidth assigned to each session and other delays within hardware packet assembly/disassembly. It will attempt to score the quality of the voice reception as subjectively perceived by the human user. It scores from 1 to 5 where 5.0 is the highest quality. A MOS score of 5 is comparable to speaking directly to the other person who is close to you in the same room. It is unobtainable by current VoIP solutions who are restrained by the individual CODEC limitations used at the IP-PBX and bandwidth assigned. For comparison, a MOS score of 4 is considered the top end for today’s cell phones. Less than a 3.6 score is not considered business grade VoIP quality.
Not long ago panels of humans subjectively assigned the VoIP MOS based on actual joint hearing tests. Today the industry will inject a synthetic test from routers or switches into the data stream and make a calculated value based on estimated quality.
VoIP Codecs that use compression techniques will always consume less bandwidth. Conversely, codecs that use compression will lower the voice clarity and introduce some delay. Today G711 codec will top out given near ideal network conditions at 4.5 MOS. It gives the best quality VoIP Service for more latent connections as the compressed codec’s MOS scores could degrade quickly if latency increases.
Key Takeaways and Action Items
• Know your baseline performance – Use Free Internet Speed Test to know your latency(s) & jitter. Use that information of a ‘good day’s performance’ to compare a ‘bad day’ of issues.
• Invest in Network Monitoring – If budgets and time allow set up a Network Management System to constantly test and monitor the Quality of Service your users experience. Set threshold alarms and historical reports to managed & prove quality results.
• Work with your VoIP Provider – Determine if your current network is ready for VoIP traffic or what infrastructure improvements are required to do deliver quality on a large scale
• Don’t throw bandwidth at every new problem – There may be a misconfiguration or an ISP issue that prevents optimum performance. Keep the firmware updated in the IP-PBX and edge routers if they are in your control. Re-visit your baseline design assumptions before ordering the ‘quick answer’ of more bandwidth. You maybe masking some hidden faults.
• Set Clear Demarcations with your Partners – Know where responsibilities start and end with ownership of the overall VoIP Service, and LAN/WAN health. Avoid finger pointing in times of crisis when trouble-shooting mysterious VoIP quality issues.
• Consider a fully managed VoIP Solution – In this case almost all measurements and quality commitments can come from the partner if they contractually agree. Obtain an SLA that includes QoS metrics if your voice system is mission critical your business goals.
Today the expectation of clear and complete calls are a reality in today’s VoIP industry. The informed administrator still needs to conduct or consume VoIP Quality of Service Testing to prove results, work with partners and roll out major VoIP solutions with confidence.
Today the mature alarm system industry that are used to protect only big businesses are now repurposed the same technology (like sensors, controllers and monitoring) for the consumer side with acceptable services and economics to the average homeowner. This new affordability and the convergence of Home Safety plus Home Automation is driving the expectation that VoIP can also be integrated here for greater convenience and savings
Today’s tech savvy homeowner with VoIP investments and alarm needs may have suffered some finger pointing in the past when 2 service providers were brought together. Trial and error attempts to have them work together within the home, sometimes with mixed results. However, there are conflicts (or assumed risk) with VoIP technology being on a critical path and while being dependent on local electricity to keep your calls and monitoring flowing to the internet.
These two industries are recognizing that the consumer base is growing for both home alarm systems and VoIP services. While initially alarm companies were not recommending any VoIP pairing, recent advancements have begun to pave the road to innovative designs with stable results. An educated consumer can now design his/her own or select solutions that are reliable and technically sound.
What Is This All About?
Although placing high quality voice calls and IoT’s reliability commonplace on the internet, it did not grow up with home security monitoring in mind. These worlds are coming to grips with the unique challenges and potential advantages of working together. As nearly every homeowner now comfortably runs a wireless LAN and IP router, they are also looking to reduce budgets and targeting that legacy local line for cancellation. Many new couples getting their first house or apartment are electing to not order a phone line at all. They choose instead only individual mobile phones. The issue being that the most mature and reliable alarm systems for home grew up on the local line as a default connection to the remote monitoring service.
To drill down a bit more on the current technology dilemmas and choices:
• The local phone line draws power from the local telephone station, therefore it can continue alarming and sending monitoring data during neighborhood power failures.
• Most household LANs and IP routers are not power protected and will be a single point of failure for VoIP alarm monitoring during a power outage
• Some alarm consoles will deploy a battery as backup to keep local monitoring to sensors working during a power interruption
• The local phone line (or internet cable) can be physically cut by the ambitious thief to interrupt communications to the monitoring center and authorities
• An Analog Telephone Adaptor device (ATA) can interface legacy phones, faxes and an analogue alarm systems output to a VOIP router. These are inexpensive devices that have limited support. Every technology combination has not been tested together. Support risks are with the consumer’s side.
• Alarm systems (traditional or VoIP) can use cellular data as the primary or backup method of reaching the monitoring centre. A SIM card and data plan is required
As you can see there are now multiple moving parts as the tech savvy homeowner wants to leverage the VoIP investments and still have the best of breed home monitoring and automation. To the pioneer (and leaders) of home security solutions the VoIP application is an afterthought that requires an integration or a forced retrofit. To the mid range VoIP service providers, continuous quality improvements was the priority of the last 10 years and the risk of a local power failure was always known and accepted.
Occasionally the consumer can be caught in the middle with contractual caveats and disclaimers. Each combination of VoIP provider and alarm solution providers can present unique scenarios that cannot be predicted and with support guarantees.
Obviously these worlds are converging via the demands of the public that demand convenience, simple economic solutions. Eventually this will be an everyday cloud solution with plug and play IoT Sensors in your home. Until that vision becomes fully true, there are some probing questions below to ask of service providers during your research and selection process
Aside from Do-it-Myself kits and mid-range Home Alarm providers are the larger Canadian Telecom players like Bell, TELUS and Rogers offer packages for the Smart Home with Security Monitoring. They are best to offer combinations of backup transports in with local line, cable, cellular, fiber or internet monitoring options as they can offer 2 or more to your location. Overall they may not be leaders in the mature onsite technology offers. It may be a challenge for them to offer flexible contract commitments for the smaller spender asking for high touch support.
How VoIP Security Works
Most home alarm systems will consist of the following major components of a central panel, sensors for windows and doors, indoor & outdoor cameras, 2-way radio to a professional monitoring center. From there optional devices are added to expand further Home Safety like smoke alarms, carbon monoxide and flood censors. Table stakes now is an expectation of an accompanying mobile application for android or iOS that will let you see and remotely control each device like the central panel does.
The controlling brain is the Central Panel which is often now an LCD touch screen with some intuition on how the user wants to program the sensors, cameras and all other inputs. Be familiar with the Central Panel before you make a purchase. Determine if all family members can operate it all if required.
Each offer will have a remote monitoring center that will look for predetermined major events and carry out some scripted action plans for remediation. Actions may include contacting the owners to discuss the alarm and confirm the best course of action.
‘Home Automation’ is also melding into the Home Alarm landscape with smart locks, remote lighting control, remote thermostats, video doorbells and even remote garage door openers. Today the tech savvy homeowner can fully automate the home comfort experience with some peace of mind that they are monitored, safer and saving money. Today’s technology that creates issues will also find solutions when enough consumers have identified common issues.
Home Alarm Systems can now take advantage of:
• Reduced heating costs while controlling the thermostat during known periods of absence
• Reduced theft as the garage door opens specifically for the courier delivering Amazon packages
• Remotely changing the door combinations for family members locked out, or just dropping in
• Reduced home insurance costs when instrumented for flood and fire detection
• Wireless (WiFi) sensors and cameras can be moved easily with little reconfiguration
• Geo-control the front door lock via a smartphone as you approach with heavy packages
• Reduced home break-in losses as the smart phone can instantly alert you to intruders
• Voice recognition devices such as Alexa (and others) can integrate in Home Automation
Fire Alarm Systems using VoIP technology
Unlike other sensors it is imperative to periodically test smoke and fire alarm systems. Moreover, the carbon monoxide ‘best-before’ dates need to be followed and expired units need prompt replacement.
Remember that you cannot assume that the electricity is still powering the Alarm Systems in fact the fire may have caused the power to go out. Remember that the Monitoring Centre will first make 2 attempts of contacting the owners of the alarm system and will not directly contact the local fire department by default.
Without VoIP, on large estates and businesses buildings, Keltron (for example) offers coded fire alarm equipment that enables a remote operator to locate the exact location of the alarm from a Fire Alarm Control Panel (FACP). It will output a coded signal on the bell loop. Often the first responders use this information to pin point the fire quickly within large spaces.
Security and Alarms Systems Pros and Cons
While investigating and selecting Home Alarms Systems with VoIP interconnection the educated consumer should visit these parameters internally and with any potential Service Provider:
• Are there long term contracts with cancellation penalties?
• Are there set up fees and equipment financing options?
• Is there a Bronze, Silver and Gold level of service choices including DIY?
• Is the solution scalable plus have a ‘pay-as-you-grow’ model?
• Are there redundancy options during a power fail?
• Are there WAN redundancy options that are proven with this VoIP solution?
• What is the cost of the cellular WAN as the main network or backup path?
• Do you have testimonials with my combination of VoIP and Security solutions?
• Do you have a Professional Services option to integrate the alarm system and VoIP?
• Is there an intuitive and comprehensive console that controls all aspects of the service?
• Is there a smartphone application that gives me remote visibility and control?
Ultimately the consumer will need to reflect on the investment needed for WAN path redundancy and any associated expense it brings along. This is fast changing topic with new capabilities offered every year. Any internet research of articles more than 18 months old may needlessly scare off or mislead your decision. There are numerous success stories. Remember that there is some ‘safety in numbers’ so ask for proven integration results, and follow the reviews from your peers to gain insights on the top VoIP providers.
By 2018 Canadians were making 12 million calls to 911.
Increasing more of those calls for emergency help are made over IP
networks. The same mobility and
portability conveniences we expect and enjoy now present unique challenges for
the IP PBX service providers and users.
While selecting and implementing on premises equipment or a cloud
partner for VoIP services the business leaders and homeowners need to be aware
of the mandatory requirements and some common pitfalls.
In the beginning (about1968) the FCC and American Telephone
and Telegraph Company (A&T) established a shortcut method to contact and
request emergency services with the dialed digits of 9-1-1. This now mandatory telephone feature has
spread across Canada and is expanding nearly world-wide.
It has no doubt saved countless lives, lessened the impact
of injuries and helped to report and solve crimes in an expeditious
manner. Previously each household and
business need to identify and post local emergency numbers of fire, ambulance,
poison control and police services separately near physical telephones. Failing that step of posting the user was
fumbling through a local phone book and/or placed a panic call to an operator,
often with mixed results.
As adoption of 911 on VoIP was an afterthought by the PBX
manufacturers and service providers with some fatal and near fatal
consequences. Government standard
setting and regulations have paved a path away from most risks. The educated
VoIP administrator very much needs to be informed of these issues and
limitations. They have a role in assuming responsibility for loved ones and
colleagues.
Today Enhanced 911 (E911) is now deployed in most
metropolitan areas in the United States, Canada and Mexico. Initially Phase 1 was mandated by the FCC for
the location services of mobile cellular telephones and address accuracy
challenges. Since 2005 VoIP Services was
added to E911 Phase II thus clarifying roles and responsibilities as well as
enforcing provider compliance for the transfer of auto-populated of location
data on fixed and nomadic VoIP endpoints.
What happens when you call 911?
From your IP Phone a 911 call can be placed via your LAN,
PBX and internet. A trained emergency
response operator will verify your information and determine via scripts if a
dispatch of emergency services is warranted. They may give situational coaching
in real time until first responders arrive on site to take over. Detailed call data and voice recordings are
retained for some time for review in further legal investigations, capacity
planning and quality training purposes.
What care the common VoIP 911 Limitations?
On a traditional analog local line your 911 call are sent
directly to the nearest emergency response center. Conversely, on at VoIP service the 911 call
is forwarded to a 3rd party service provider (a Public Safety Answering Point
(PSAP)) that will automatically or manually route your call to a local
emergency response center based on some minimum required location criteria.
This critical step is prone to routing mistakes to the wrong
center if there is an information flaw, misconfigured IP_PBX or missing contact
information. You may be asked to manually provide key information (name and
location etc) during the distress call to send the proper resources. If the ergency caller is unable to speak,
this situation is exacerbated.
The root causes of such incidents may pertain to the VoIP
administrator’s attention to a documentation responsibility or some
compatibility between the VoIP equipment and the PSAP to make pertinent info
readily visible. The general responsibilities of the service provider and
subscriber are outlined below.
Another common limitation of calling 911 from a VoIP home or
a business phone is power failures. This
common occurrence will prevent your desk telephone and/or LAN from completing
the 911 call through to the internet.
Traditional land line phones typically do not have this issue as
protected power is sent via the local loop from the Telephone Company’s
station. Note that wireless phone extensions within your house will have the
same dependency on household electricity. For this reason some remote locations
keep 1 local line although VoIP and cell phones maybe within the household.
Other less common system failures are the loss of hosting
services at the cloud provider, IP network congestion, IP PBX misconfiguration
and the overwhelming call spikes at the emergency centers when hundreds of
individual may call in for the same major event.
North American Guidance and Standards
The U.S. Federal Communications Commission (FCC) in the
United States and the Canadian Radio-television and Telecommunications
Commission (CRTC) in Canada have been leading their respective initiatives but
also collaborate on standards setting for VoIP PBX manufacturers and service
providers. As our voice and data
communications has always been interconnected, there is co-operation and the
‘lessons learned’ are often shared. 911
and VoIP regulations are documented in USA by the FCC Consumer Guide for VoIP
911. From the CRTC the VoIP 911 call interaction between providers and
consumers is documented here Obligations of Local VoIP Providers. For your convenience GoneVoIP has distilled
these government links below.
What are the VoIP Provider’s Responsibilities?
–> Always provide a Basic or Enhanced 911 service attached with a VoIP service
–> Provide subscribers written notice of any 911 service limitation(s) at the time of:
>Sharing marketing materials
>Terms of Service documentation
>Initial sign up
>Installation –> on boarding
–> Provide a public website stating current limitations
–> Provide the subscriber with an online tool to verify & update location information
–> Register with CRTC as a reseller if applicable
–> Register with CRTC as a Competitive Local Exchange Reseller (CLEC) if applicable
–> Obtain and keep current a Basic International Telecommunications Services (BITS) license from CRTC if carrying international traffic
–> Provide the CRTC a detailed plan and timetable for 911 service creation, if required
–> Stay informed of Telecom Decisions that affect 911 services and next generation 9-1-1 directions
What are your responsibilities?
• Acknowledge
the provider’s limitations during the sign up process
• Keep your
civic address, contact names and email contacts current in the VoIP Provider’s
911 database. This should be done at
initiation and could be verified via a ‘911 test call’ *
• Should
you move your home or business, the database must be updated by the subscriber
• Still be
prepared to give your name and exact location during a 911 call
• Be
prepared for service interruptions on LANs, WANs and local utilities
• Keep your
billing account in good standing to avoid services suspension
• Make
family, babysitters & workplace emergency leader(s) aware of your known
VoIP and 911 limitations with suggested workarounds like designated person(s)
to access 911 over cellular voice.
Action Items – Get Ready, Stay Ready and Stay Safe !
Some key takeaways are listed based on the history of
limitations and learnings
• Review
the documentation of perspective VoIP providers before signature. Ensure they have invested in user tools to
handle your organization’s profile.
• After
initial setup of your VoIP system you need to update the provider’s database
with your civic address, key email addresses and phone numbers
• Remember
the remote offices, home offices and road warriors that go through your IP PBX
will require the same documentation for emergency purposes
• Identify
individuals in your organization to ‘own’ the 911 process and database hygiene.
• Visit
your VoIP and 911 risk & readiness after a major system move, add or change
• Consider
redundant paths and multiple internet providers for VoIP traffic as well as UPS
for LANS if your tolerance for VoIP 911 service interruptions is low
• Consider
performing a periodic 911 test call* to verify the function and accuracy
911 test calls *
To arrange a test of 911 on VoIP and verify full
functionality, contact your local police for a scheduled appointment. For
example in the Metro Toronto area, first review the material at Toronto Police
and make an appointment with at least 5 days advanced notice. To schedule a Toronto Test Call dial
416-808-8899
Where is this all going?
As the 911 over VoIP limitations are overcome, the
harnessing of innovative technology will make our future more safe and at times
of personal injury, crime or public disasters.
Next Generation 9-1-1 (NG9-1-1) is a series of initiatives to update and
drive improvements of the 911 infrastructure in the United States and
Canada. Eventually it will enable the
public to transmit text, images, video and data from an IP device to the PSAP. Next generation systems will include sensors
like personal medical devices and even monitor hazardous waste being
transported on rail systems. NG9-1-1 has
also brought outbound emergency alerts to your wireless devices and highway
signage systems.
GoneVoIP will stay on top of these issues, limitations and
directions as it may shape your investment decisions in Business IP Telephone
services and in your home communications.
The initial promise of VoIP deployments was savings on toll bypass while completing your calls over data networks. As time went on the IP PBX was integrated with converged messaging, identity systems, call centers and interactive media over complex LANs and WAN infrastructures operated by multiple ISPs. Improvements and maturing of IP Telephony brought reliability, convenience and true cost-effectiveness. However concerns over VoIP security arose and had slowed full adoption. Enterprises can achieve a great security posture by being aware of the unique and common vulnerabilities of voice over data infrastructures. Best Practices for VoIP security are essential in planning architecture, education, and operation of your investments.
Whether a ‘Do-It-Myself’ IP PBX system is internally put up, or a partnership with a Communication Service Provider (CSP), all the potential VoIP Security issues need to be identified, understood and addressed. The delivery of VoIP security is a shared responsibility between the user base, IT staff, a service provider and even the Original Equipment Manufacturer (OEM).
First off, assess your risk
Your initial thoughts on VoIP security as a small or medium business owner may be that you’re likely not a target based on company size and the assets you operate. True, a chain of 5 Pizza stores may not loose many secrets in a breach, but still carries card payment information and the privacy expectations of loyal customers. Large target organizations like financial institutions, political parties and retailers must take a holistic approach and are obligated to make serious investments.
The 3 broad assumptions helpful to understand today’s landscape.
1. Vulnerabilities present for data in motion (or at rest) is also applicable for VoIP traffic, servers and services
2. Security is like insurance. Your investment should be consummate with the potential losses of critical assets and possible damage to your brand.
3. VoIP Security can be safer than legacy TDM voice with IT knowledge and vigilance.
VoIP vs landline security
Traditional analogue voice networks are mature and often delivered end to end by trusted major carriers within Canada. Audio signals are switched over analog lines at the in-house PBX or the service provider’s often aging infrastructure. TDM Voice Trunks and Toll Fraud has dwindled. Today the biggest vulnerability are listening devices like Butt Sets that can be used at the wiring closet. They are now commercially available to anyone and not just Telecom technicians. Many traditional ‘telephone rooms’ operated with questionable physical security from internal employees.
Conversely, the VoIP traffic is encrypted and likely not worth the effort to decode with a sniffing device even if it can captured. Today cell phones make free calls from a LAN with special precautions. Voice servers are now peers with and present similar risk as any business server. Some vulnerabilities exist but an ‘informed administrator’ can achieve acceptable VoIP security with solid internal and externals partnerships.
Minimize the Risk : #1 Partner with your User Base
Action items to gain buy in from employees throughout a VoIP migration:
• Provide training on the new phone systems operation and benefits
• Set policies on IPT passwords, PINs and multifactor authentication
• Provide security awareness training to safely empower the end users
• Have employees report anomalies. (eg. missing vmail or redirected calls)
• Physically lock down access to voice components and LANS
• Turn down unused Ethernet ports and document voice operations
• Strategically roll out new communications features with new security asks
• Measure and report operational availability and user adoption of VoIP
• In mobile BYOD, employees should avoid unsecured public WiFi such as coffee shops & airports.
• IOS and Android firmware require security patches as they become available.
Minimize the Risks : #2 On In-House IP PBX Deployments
The beating heart of your voice deployment is now the IPT Call Server. Its main job is for the signalling required for call setup. Once connected it then watches VoIP/internet performance and provides administration functions. It needs tight control by qualified staff so new skills need to be in place. The voice gateway, LAN and endpoints also need to be secured with the following:
• Architect IP voice traffic over isolated LAN segments
• Lock Down unused Ethernet ports on the LAN.
• Lock down physical and administrative access to VoIP appliances
• Encrypt traffic with TLS and SRTP for media streams
• Document new policy and enforce operational best practices
• Scan for relevant security vulnerabilities (CVSS cases) at NIST.Gov
or expect Security Advisories from your IP PBX equipment partner
• Firewall your Call Server for unused protocols and broad admin web access
• Turn on security features provided by the equipment manufacturer
• Treat the Deskset as a vulnerable endpoint that needs patch management
• Consider your risk as a DDoS target at IT systems and Voice gateways
• Put in place DDoS appliances or outside services to mitigate IP attacks
• Analyze call logs and/or view the critical events at an in-house SIEM
• Prepare for worst case scenarios and plan quick remediation from in-house experts or external support assistance
Your voice servers are running one of Linux, Unix, VxWorks or Windows so you need to treat them all as IT infrastructure. They are often integrated with authentication services, CRM, email and call center software. Remember that the ultimate prize for most bad actors is creating ciaos or stealing corporate data on other business systems. Bring the same IT discipline to your VoIP security practice so as not to be the weakest link that intruders choose to gain access into enterprise.
Minimize the Risk : #3 Partner with a Communications Service Provider (CSP)
A popular choice and growing trend is to buy finished VoIP services from a CSP rather than taking on 100% of the operational headaches and capital outlay. A ‘per seat’ pricing model applies on a pay-as-you-grow basis. Collaboration features can be easily layered on top of basic voice functions to augment user productivity.
Although most CSP will sell on features and price, the educated buyer may have to bring up the security conversation during the selection process. Security considerations may sway your decision on which partnership is right for your organization. You may not be able to review their internal cloud architecture but ask potential CSPs about, and request proof of :
• Current experience and current investment in VoIP Security protection
• In-house Security skills and certifications by support staff
• Professional Service offers for your IT and VoIP security integration
• Investment in 3rd party security tools to assist trouble-shooting
• Complimentary services like Identity Management or DDoS Protection
• Accreditation with HIPPA, PIPEDA or Payment Card (PCI) compliance
• Sharing industry security alerts & perform regular firmware updates
• Incident Response & a policy of publicly sharing security breaches
• They assist and test basic VoIP security during the onboarding phase
• A console that includes monitored security event logs and alerts
To Summarize …
Today’s VoIP platforms and providers will provide a safe environment for business grade quality voice conversations when adhering to best practices already in place for cyber and network security. Go forward with a confidence on a new VoIP PBX deployment or choose a service partner that shares your vision on the security of a voice platform.
Mike Berry 