So, the other on-prem

iptuser55 · ‎03-13-2015

We are looking at two options IPT solution with different approaches with regards to Soft clients on mobile devices

One option is to use Cisco Expressway C & E and another offering with direct connection on to a non-Cisco VOIP solution with a simple log on , Password

I understand how Expressway works - a tunnel between C&E but what does it provide over a straight public Internet access with a simple authentication via the "End User" with a simple log on and pin either native on the IPT solution or via AD

Both system authenticate the user via their version of End User - Logon/User ID and PIN, Password within the system or extended to an AD type service

Does the Expressway provide encryption within the tunnel without any extra SW on the mobile

Why choose Expressway over a simple direct connection

thanks

Chris Deren · ‎03-13-2015

Yes, MRA provides encryption via TLS.

Not sure about your comparison question as you did not explain what you are comparing it to. If you have on-prem solution and require VPN-less communication from remote clients (PC, MAC, IOS, Android) it is the best approach.

You can now also enable SSO with latest Jabber/MRA if entering username/password is something you want to bypass.

iptuser55 · ‎03-13-2015

I cant really say but the other supplier - not MS/Lync, can provide a non-vpn connection directly from their application

The real question is that cost wise the Express C&E option involves additional servers as well as certificates etc while the other provider is just their app on a mobile without any additional HW . So with Cisco and the extra cost of servers what do you get- Is it that Express provides encryption end to end using their servers

Can you have the above Jabber without the need for expressway so like the other provider- is the question that you do not have encryption?

Encryption - Is it end to end through to the soft client?

I should also say both actual IPT solution would have have FW's

Trust Jabber client - how do you trust jabber - do you download a cert to the mobile device - same as a handset - probably ? so how do you trust it , it is purely the handset registration , configuration in CCM?

thanks

Chris Deren · ‎03-13-2015

So, the other on-prem solution does not require a server in DMZ or certs? If not, how is it connected to the network and provides secured connection?

Expressway software is FREE, and with only virtualized deployment support it does not take too many resources on the servers, so usually this is not as big of a concern, but I see your point.

You can certainly provide connection without MRA with VPN or if you open firewall ports or put your CUCM with public IP (never recommended), since I don't know how the other vendor does it it's difficult to compare.

Jabber over MRA is completely secured hence the need for the certs, all you need on Jabber device is the trusted certificate that trusts the CA root cert for the internal apps (CUCM, IMP, Expressway C, etc), which typical customer already has on their PCs and can push to mobile devices via MDM, etc. and publicly trusted cert on the Expressway E issued by public trusted CA.

With support of SAN certs on applications such as CUCM, UCXN, IMP you can limit need for number of certs drastically, but for most organizations this has never been an issue since most organizations have internal PKI to issue and sign internal certs.

Besides comparing remote access between the 2 solutions which is just a small portion of the overall solution, how do the other telephony, collaboration, unified messaging features stack up?

Expressway and Jabber- Mobile Client - why use it?