A post on the Voxilla blog by Marcelo Rodriguez, caught my eye, via Andy Abramson, on the Fonality IP PBX solution. After reading the post and disagreeing with most of what Marcelo had to say, from working with the solution from the sales, support, and day-to-day use of the solution I decided to give Chris Lyman, Fonality’s Founder, CEO & Janitor a “SmithBox” from which to set the record straight.
Disclosure: I am employed by a Fonality partner and have personally sold almost a dozen Fonality solutions to businesses with 15 to a little over 100 users. In addition to my experience selling the Fonality solution, we used the Fonality solution in house for almost a year and experienced zero security issues during that time. The thoughts and comments below are that of Chris Lyman. Marcelo’s blog excerpt’s are indented and in “quotes.”
OPEN LETTER TO MARCELO RODRIGUEZ
Marcelo,
Since we have only ever spoken once, and it was nearly two years ago, it was
odd to see this inaccurate blog appear — as if it was actually representing
Fonality’s products.
While you are a blogger, your day job is acting as president of your IP
hardware store on Voxilla.com. And, to be fair to your readers, I should note that in
your store you sell a number of PBXs, none of which are from Fonality. So,
you don’t exactly have a current financial incentive to portray us in a fair
light.
That being said, I will give you the courtesy of responding to each of your
points in the order you wrote them. Next time, maybe do what other
journalists do…just call me up. 
“Each of the offerings packs a well-designed front end that
makes the notoriously prickly Asterisk easier to use.
But, unlike a stock Asterisk installation, Fonality’s
offerings require a constant — and potentially worrisome
– connection to the company’s own servers.”
This is actually not true. Fonality’s VPN is only required when an admin
wants to do a move, add or change. And, it is trivial to disconnect this VPN
and reconnect it when you wish. In fact, a number of our customers do this
today.
Marcelo, what you probably don’t know is that all the leading IP-PBX vendors
(Alcatel, Cisco, Nortel, etc.) have similar VPN interfaces that let
resellers, and even customers manage their PBXs from outside the firewall.
Perhaps, ours is a bit more pervasive as it sets up automatically, but this
is only because we sell into the low-end of the market and most of our
customers don’t have IT staff to actually build and manage VPNs. But, the
security of our product is comparable to any leading IP-PBX vendor.
Look, at the end of the day IP-PBXs are complex and really must have the
ability to be remotely managed…or you have to roll a truck every time.
Remember, not all our customers are as geeky as you or me.
“First, because the link is over VPN, it is possible for
someone at Fonality to enter the local PBX in a virtually
undetectable manner.”
You are treading in dangerous waters once you start making the argument that
“if someone broke the law they would be doing something bad”. For instance,
what about salesforce.com employees - don’t they have access to all your
critical sales data? What about your cell phone provider? What about your
ISP? A rogue employee anywhere can make life difficult for anybody.
Fonality’s employees pride themselves on their ethics and it is an important
part of our corporate culture.
“An unscrupulous employee can then run a network sniffer on the
PBX and, if the local PBX computer is part of the office network
(as is likely to be the case in most offices), the employee
potentially has access to all the computers on the network.”
It is trivial to separate your phone network from your data network. You can
use a LAN segmentation (physical) or a separate subnet (logical). We have
long had documentation on our public knowledge base about how to do this. In
fact, go to http://www.fonality.com/help and type in “security” and click on
the first article: “Tips for Security and Performance”.
“Second, the level of information logged by and maintained on the
Fonality server is staggering. The PBX comes with a built-in IM
chat client and all chats are logged by the central server.
Any sensitive IM information within and outside the office
through the local box is available to Fonality.”
Not true at all. Fonality does not log its customer’s chats. The chats all
occur on the customer’s premise server and those chats *never* flow back to
Fonality. They never have, and never will. I wonder where you get your
information, given that we only launched this chat feature out of its
ten-month beta a few days ago?
“The central server also maintains a log of all call detail
records (CDR). Fonality uses the CDRs when its customers
want to see a calling history (i.e.: all outgoing sales calls made by an
employee, all incoming customer support calls, etc.).”
Finally, you have made a correct statement. Yes, Fonality’s central system
does poll the customer’s servers, once per hour, and maintains a copy of
call records (but not content of course.)
Not that every phone company in the world doesn’t do this…but what is
*our* logic for doing so? Simple. We, at Fonality, have invested a ton of
money and time into our central reporting engine which provides customer’s
high-end reporting functionality (super fast reports with a high degree of
customization) for a super low price. There is simply no way these reports
could be run on most of our customer’s $1,000 servers. The database
crunching alone would spike those CPUs into a coma, effecting audio quality.
Remember, these premise boxes are designed to pass great audio, not crunch
thousands of call records in under a second.
“Fonality may very well be a good solution for some businesses.
But those concerned about keeping company secrets are probably
better served by Digium’s offering.”
What do you mean by Digium’s offering? Am I missing something…or does
Digium make hardware cards and soon a SoHo appliance (ala LinkSysOne)?
Perhaps you are talking about Digium’s rarely-sold “Asterisk Business
Edition”? Have you ever seen a normal business owner (not an Asterisk/Linux
geek) try to install Asterisk? Asterisk is an Operating System for the PBX
and Fonality’s PBXtra is a commercial product.
Marcelo, it is common knowledge in the software industry that when one makes
software easier to use one has to assert a bit of control to accomplish
this. The age old see-saw in this industry has been between flexibility and
ease-of-use. Fonality, which serves the SMB, chose to make our product
incredibly easy to use. Take a look at Tivo vs. MythTV for a comparable.
“It may be a bit harder to configure (though Digium is working
feverishly to make Asterisk more user-friendly), but Digium
doesn’t require an outside computer to be listening in and
keeping track.”
Again, Fonality is not “listening in”. Our central servers have never stored
any audio or audio files. All calls are point-to-point. And, all stored
audio files, such as voice prompts, greetings, voicemails, and recordings
are stored on the customer’s local server *only*. To recap: there is no
“listening in” and our central server simply pushes text-based configuration
changes to the customer’s box and stores a duplicate of their CDRs so they
can run great reports quickly.
Whew, you are a tough customer Marcelo. I would hate to read your blog
about the whole hosted PBX (IP Centrex) movement from the likes of: Comcast,
Covad, SpeakEasy, and basically every other telco in the world who is
insisting you no longer need any switch on premise again. Eat your heart
out, Vonage!
–
Chris Lyman
Fonality CEO & Janitor
http://www.fonality.com
Like This Post? Subscribe Via RSS Feed and Never Miss Another Post!
7 responses so far ↓
Digital Common Sense » How to Lose Credibility in a Heartbeat - or Let’s You and Him Fight // Nov 4, 2006 at 3:32 am
[…] There’s an interesting discussion shaping up here and there. Triggered in part by an innocent post from Andy. It turns out Andy pointed to this post by Marcello talking about Fonality and security. Not to be outdone, Garrett provide both a platform and a place for Chris Lyman to post a letter back to Marcello. […]
Fonality is Fine, but Worrisome - Voxilla Forum // Nov 4, 2006 at 3:37 am
[…] Marcelo, your information on Fonality is not accurate Marcelo, I took the courtesy of replying to your inaccurate characterization of Fonality here: Chris Lyman - An Open Letter to Marcelo Rodriguez | Smith On VoIP - Insights on VoIP Products and Services Sincerely, Chris Lyman Fonality CEO […]
Fonality Bitten By A Red Herring -- Alec Saunders .LOG // Nov 4, 2006 at 8:27 am
[…] This evening a minor controversy exploded in the Asterisk community as first Marcelo Rodriguez took Fonality to task over the security of its hosted model, and then Fonality CEO Chris Lyman responded via a guest posting on Garrett Smith’s blog. Ken Camp weighed in with a “Tut tut, children” post, while ringmaster Andy Abramson waved his baton from the sidelines. […]
VoIP & Gadgets Blog // Nov 6, 2006 at 5:19 pm
Fonality launches new PBXtra Professional Edition…
Fonality, provider of Asterisk-based IP telephony solutions (including trixbox 2.0), today announced the release of its new PBXtra Professional Edition IP-PBX and HUD (Heads-Up Display) Team application. I spoke with Chris Lyman, CEO of Fonality to get…
A Mini Fonality Furor - Voxilla Forum // Nov 6, 2006 at 10:05 pm
[…] A Mini Fonality Furor A column I wrote here caused a bit of a stir over the past few days. Here’s a brief recap: Andy Abramson opined that Fonality, a Southern California-based developer of PBXes built on top of the open-source Asterisk PBX, is "better poised" to move Asterisk into the large enterprise world than Digium, the Alabama-based company that developed and maintains Asterisk. I wrote that it’s hard to disagree with that assessment because Fonality does "an exceptional job of marketing" and I don’t predict well. But I expressed concerns about security issues inherently related to Fonality’s approach, which puts much of the product’s front-end functionality on Fonality’s servers, requiring a Virtual Private Network (VPN) connection between the customer’s premises and Fonality in order to access much of that functionality. There’s no question that Fonality’s approach makes Asterisk easier to install and use, but the trade-offs related to security — namely, that, in most office networks (specifically, those that do not put the PBX on a separate subnet) the solution requires a potentially risky VPN connection back to Fonality, and that Fonality has access to call detail records and chat logs that a business may want to keep secret. In fairness, there are two things I should correct from my initial post: First, I wrote that "all chats are logged by the central server. Any sensitive IM information within and outside the office through the local box is available to Fonality." This is not technically correct. Chats are logged on the local premises computer. However, such logs are accessible, therefore available, to Fonality through the VPN. Second, I regret writing that ". . . Digium doesn’t require an outside computer to be listening in . . . " Though not written with that intent, I can see how this can be construed as implying that Fonality has access to actual phone conversations, which it does not. These two slight corrections notwithstanding, I stand by the conclusion that "Fonality may very well be a good solution for some businesses. But those concerned about keeping company secrets are probably better served by Digium’s offering." The issues raised in the mini-uproar that followed my column, can be summarized as follows: 1. The Voxilla Store carries "a number of PBXs, none of which are from Fonality." (Fonality CEO Chris Lyman on VoIPSupply’s Garrett Smith’s blog, also reprinted in entirety in the comments section of my original post.). 2. A Fonality customer can disconnect and reconnect the VPN at will (Lyman on Smith’s blog). 3. "[E]very phone company in the world" keeps call detail records (CDRs) (Lyman on Smith’s blog). 4. Fonality needs the call detail records because the company’s "high-end reporting functionality," if run on underpowered customer premises computers, "would spike those CPUs into a coma, effecting audio quality. Remember, these premise boxes are designed to pass great audio, not crunch thousands of call records in under a second." (Lyman on Smith’s blog); 5. The differences between Fonality’s products and a stock Asterisk installation is that Fonality is a partially hosted solution. "All hosted services have to deal with the issues raised by Marcelo . . . " but "[m]ost premises based services don’t have all the benefits hosted models offer, and may be less cost effective, but deliver greater control of customer data." (Alec Saunders). Along similar lines, Dameon Welch-Abernathy wrote that "as an IT person, it is your job to do your ‘due diligence’ to find out exactly how any software you deploy might ‘phone home’ or do anything you don’t like." There were a few others, but ultimately void of original material: I sell Fonality and disagree with "with most of what Marcelo had to say" because I agree with Lyman. (VoIPSupply’s Garret Smith). And Marcelo’s portrayal is "inaccurate . . . [but] I’m going to stay out of that battle" and point you to Chris Lyman’s point-by-point rebuttal to Marcelo’s assertions." (Tom Keating, in a fawning review of Fonality’s most recent offering, PBXtra Professional Edition). As they don’t add much to the discourse, I’ll pass on Smith and Keating. I will take a stab at the others. 1. The Voxilla Store carries an internet communications server (email, IM, contacts, calendar and PBX) developed by Communigate Systems. The Voxilla Store also carries the Linksys SPA9000, a PBX-key system hybrid limited to a maximum of 16 extensions that does not include voice mail capability. Neither of these products is based on Asterisk, and the Voxilla Store does not carry a single item from Digium. The point of my column was that Digium may present a more secure option to business than Fonality. Pointing out that we carry other PBXes on the Voxilla Store is a thinly veiled accusation of self-interested bias, even though Voxilla has nothing to gain when I compare two products we do not carry . 2. Of course, as Lyman writes, a Fonality customer can shut down the VPN, enabling it only when a PBX configuration change is needed. Such steps add a layer of complexity and essentially cripple much of Fonality’s usefulness. And they do not eliminate the security issues raised. A VPN connection is still required to make configuration changes, which then opens up the on-premises computer (call logs, chat logs, etc.) and the network within which it resides. And whenever the VPN connects the local network to Fonality’s, the local network is only as secure as Fonality’s. For some businesses, this may not be an issue, but I suspect that, for many, it’s an important consideration. 3. Yes, phone companies keep call detail records, but Fonality is a PBX company, not a phone company. When I make a cell phone call over the Cingular network, I am aware that Cingular is keeping a record of that call. But phone companies like Cingular (and AT&T, Verizon, etc.) are regulated, both at the federal and state levels. A PBX company is not regulated. The only protection a Fonality customer has is the company’s rather weak Privacy Policy. It states: "records may be viewed if required so by law, or if there is a suspected Terms of Use violation." Only Fonality, not its customers, determine if there is a "suspected Terms of Use violation." 4. The argument that Fonality needs to keep CDRs on its servers because on-premise computers are potentially too underpowered to parse them is just false. A record for a single call on an Asterisk PBX is about 200 bytes in length. In its press releases, Fonality claims the company currently services 1,300 customers with a total of 18,000 users. That’s an average of about 14 users per installation. Let’s exaggerate and say that, on average, each of those users makes and takes 1,000 calls (or about 40 a day). For any given month, then, the total size of the call detail logs for an average Fonality customer is about 7 megabytes, which any computer manufactured in the past 5 years can search and output results from in milliseconds. 5. In essence, Saunders and Welch-Abernathy are suggesting the same thing I originally wrote, though Saunders considers himself "an unabashed fan of hosted models." As I wrote, and Saunders reiterated, the hosted approach has some advantages, including "ease of use." But it does come with trade-offs. I pointed out those trade-offs, Fonality CEO Chris Lyman chose to respond by asserting that what I wrote is "inaccurate" (and, on one count — in relation to where chat logs are stored — he is technically correct, though the security concern I raised still exists). In the end, Lyman’s argument can be boiled down to this: What we do is no different than what the phone company does and "Fonality’s employees pride themselves on their ethics and it is an important part of our corporate culture." I have no reason to question Fonality’s ethics and nothing I wrote was meant to besmirch either Lyman or his employees. But Fonality’s offering is, in its very essence, a hosted PBX. In as much, it comes with certain risks that a business deciding between Fonality’s version of Asterisk and Digium’s version of Asterisk should be aware of. __________________ Marcelo Rodriguez VOXILLA […]
My VoIP Blogs » Blogged by Tom Keating - Fonality launches new PBXtra Professional Edition // Nov 20, 2006 at 4:19 pm
[…] If you think that statement is controversial, you should see the firestorm started by Voxilla’s Marcelo Rodriguez in his inaccurate portrayal of Fonality as “unsecure” and open to an unscrupulous Fonality employee “spying” on their customer’s networks. Marcelo even goes as far as to say customers are better of using Digium over Fonality when he says, “But those concerned about keeping company secrets are probably better served by Digium’s offering. ” I’m going to stay out of that battle, but it’s worth checking out to see Chris Lyman’s point-by-point rebuttal to Marcelo’s assertions. […]
Top VoIP Posts of 2006 | Smith On VoIP - Garrett Smith’s Insights on VoIP Products and Services // Jan 1, 2007 at 11:22 pm
[…] Chris Lyman - An Open letter to Marcelo Rodriguez […]
Leave a Comment