How Not To Support Your Customers…

How Not To Support Your Customers

9th February 2016

You learn a lot about companies when things don’t go according to plan. By and large, Cisco’s responsiveness to issues is pretty good – and probably the best in the industry as a whole. However, when they get it wrong, it does leave you wondering…

In the office we use Cisco 8851 handsets. Not cheap, but they have a neat feature whereby you can pair your Bluetooth enabled Smartphone with them and reroute the audio through them like you do with a car kit. Not rocket science, but a nice feature that saves us all from overheating our brains, and having cricks on our necks when we’ve been using them all day.

We recently upgraded the Cisco firmware on our handsets to a slightly later version – to get support for a new feature that had been released. The new feature worked, as did most of the other functions on the handset – but unfortunately the new firmware demolished the Bluetooth audio function. We could hear the caller ok, but all they could hear was the something akin to the sound of a helicopter taking off. We reverted to the old firmware, and the Bluetooth started working again.

Obviously this isn’t a configuration issue, and is something in the new firmware that had been released. So a Cisco TAC case quickly followed – we don’t really need to use the new firmware, however we thought Cisco might want to know they had broken something other people might be using. The response from the TAC engineer was less than helpful (names removed)


“I will check for any known issue , however keep on mind it might be related to some compatibility issue between phone and Bluetooth .

Cisco tries to test as much as possible , to be compatibility with 3 rd party vendors, however at some points there might be issues”.


And then in a second update:


“On all new firmware version , there is changes , to fix known issue , to improve things/process on the phone .

That’s why the behavior might change from one to another”.


And then finally:


“Cisco tries to be compatible with 3 rd party accessories, at some point there might be issues on certain scenarios .
You can contact your account manager about your concern .
I will close the ticket , however I would like to thank you for contacting Cisco Tac”


And that was the limit of the support we got. Not exactly helpful, and in this instance “improve things/process on the phone” basically meant totally breaking a feature that used to work and is clearly down to something in the new firmware. And they are obviously not interested in fixing it and improving their products for their customers.

Cisco support isn’t cheap – however in general for things like their UC products we always keep it up to date. We therefore expect decent support when we need to use it. Masssively disappointing.


Barry Hesk
Intrinsic Network Solutions

Cisco ESW/UCSS end of sale

Cisco are at it again.

After creating ridiculous amounts of confusion with their general UC licensing model, they are now tinkering with their software maintenance and subscription services.
Their stated objective is to simplify it. As a reseller who has borne the brunt of their order management processes, I will stand up and applaud this laudable aim. It may even free up some of our time to do productive work.

So, what’s happening? Well, after 21/11/2014, ESW/UCSS will be no more. We certainly won’t shed any tears as to their demise. They were both badly conceived and implemented. The replacement is SWSS which promises to be a single contract which covers both support and subscription. Sounds good so far.

However, the devil, as it always is with Cisco, is in the detail. As the same time as fanfaring this new process, they’ve also taken the opportunity to increase the list prices of the combined maintenance by approximately 10%, and remove multi year discounts. So an Enhanced CUCM user which used to cost RRP USD 75.00 for three years of cover, now goes up to RRP USD 82.80. It’s actually worse than this as various offers like 3 for 2 were available previously and they have now gone. Cisco are looking at this apparently. Sorry, but you would have thought they might have “looked” at this prior to launching the new service?

So. We’re about to write to our customers and tell them that a group of select, lucky and special people, they will be subjected to a maintenance hike of 10%ish next year. For nothing new. For nothing additional. Other than lining Cisco’s coffers obviously.

As always, Cisco won’t listen. They don’t get it. They don’t seem to understand that fleecing your existing customers for yet more money is not a way to breed loyalty. They seem to think that customers have invested too much money and are too scared to consider moving to alternate platforms such as Lync. They are wrong on all counts.

Barry Hesk
Intrinsic Network Solutions

Shellshock BASH vulnerability – our take

2nd October 2014

The hot news of the last few days has been the discovery of a major vulnerability in the BASH command shell. The BASH shell is hugely prevalent and is used on a massive number and quantity of operating systems and devices. Pretty much all flavours of Linux, Android, Mac OSX and numerous other systems all use BASH.

So, how serious is this discovered vulnerability? In one word, massively. In two words, worrying massively. The issue that has been uncovered basically allows an attacker to run remote commands on the affected device and potentially get it to do anything they like. For example – restart, format a hard disk, copy some files to an external server. All very, very, very bad news.
In this manner, it is actually worse than the well documented Heartbleed issues of a few months ago. Whilst Heartbleed was also extremely serious the issues it caused allowed data on the impacted device to be accessed, not for commands to be run. Shellshock in this regard, is pretty much as bad as it gets.

The Shellshock issue reaches new levels of seriousness because of the wide variety of platforms that utilise BASH. Web Servers. Infrastructure devices like routers, switches and firewalls. Other platforms that make use of Linux operating systems including telephony servers. Everybody will have at lease one device that is potentially vulnerable. Many large customers will have hundreds or thousands.

So what do we do about it? The simple answer is patch the impacted systems with fixed software. However, this is only half the story. In many instances equipment vendors provide customized versions of operating systems and customers will have to wait for them to provide patches. It is however 100 percent certain that a lot of equipment out there is end of support and vendors will not provide updated software.

It is however worth at this stage pointing out a few additional things. The vast majority of infrastructure devices require authentication before scripts or commands can be run through either their embedded web servers or direct SSH access. This means that to successfully exploit this vulnerability the attacker must have valid credentials on the devices. In many situations devices will only have a single userid / password for administration – so the attacker must have these account details. If they have these, then they have full control of the device regardless of this issue so Shellshock is not massively relevant.

Further, most devices are (or should be) behind a firewall. This means that direct access from the Internet to them is not possible. Again, this to some level mitigates the seriousness of the situation for some people.

Where Shellshock is a massive issue is for public facing web sites. Any web site running on a Linux platform with a vulnerable version of BASH needs to be patched immediately. Exploits of the Shellshock issue are already being observed on the public Internet. Whilst in many cases these are just scans to see if systems are vulnerable, and not being active malicious, it is only a matter of time before this changes. Any other systems (e.g. web cameras, mail servers) that are directly accessible from the Internet should be analysed to see if they are vulnerable, and if so patched.

Shellshock is extremely serious, and it will impact all of us. We all need to look at the systems we are running to see if they are vulnerable and mitigate this issue if they are. The only real solution is by fixing the faulty software however as we have discussed, there are some other mitigation considerations that should be looked at. However, ignoring it is not an option.

Barry Hesk

Cisco Communications Manager 8.6 Licenses End of Sale

A few weeks ago, buried in a slew of other end of sale announcements from Cisco was the end of Communications Manager (CUCM) 8.6 licenses. No big deal right? After all, CUCM 9 and CUCM 10 are now out in the field and are being used for new deployments.

Actually, yes, it is a big deal and is going to result in a load more disappointed, and disillusioned Cisco customers. Some of which will abandon the good ship Cisco for good.

There are numerous older deployment of CUCM (version 7.1 through 8.6) out there, and they are working perfectly well. Once the CUCM 8.6 licenses are no longer available (January 2015), customers will not be able to add new users to these systems – unless they upgrade to a newer version first. If customers haven’t kept on top of their horrifically complicated and expensive UCSS and ESW entitlements, this means they will need to pay for these upgrades. Through the nose. This could result in bills of tens of thousands of pounds / dollars just to add a few users.

I suspect a lot of customers won’t bother and this will provide yet more acceleration in the number of enterprises abandoning Cisco for telephony and moving in the direction of Lync. After all, if Cisco are going to force you to do an upgrade you don’t want to do, wouldn’t you consider alternatives?

Cisco just don’t get it. They just don’t listen. They just don’t learn from their mistakes. The issues with licensing on their UC products are entirely of their own making, and as usual, it’s their customers and partners that bear the brunt of it. When the highlights of a new major release are a new licensing model you know that something has gone badly wrong somewhere down the line. Is it technically impossible for Cisco to come up with a licensing mechanism that is backwards compatible with older versions?

We fully understand why CUCM 8.6 licensing would be end of sale for new deployments. We totally get that, and we haven’t been deploying 8.6 for well over a year. But to end of sale older license versions just because you want to force your customers to upgrade their systems is commercial suicide.

Sadly, none of this is surprising. It’s happened before. We had a client with MeetingPlace Express 2.1 and they were totally happy with it. They wanted to add more licenses which would have cost about 2.5K USD. Cisco’s response “oh no, you can’t do that – those licenses are end of sale. You need to upgrade to full blown MeetingPlace”. The cost – over 30k USD. Customer deployed Lync conferencing instead. They’ve now removed CUCM.

It’s licenses we’re talking about here. Nothing physical. No hardware. It’s just having the ability to generate a license key for an older version of software. Why do they feel the urge to end of sale them? Of course, they make significant amounts of money forcing customers to upgrade.

To repeat. Cisco just don’t get it. They just don’t listen. They just don’t learn from their mistakes.

Barry Hesk

Is the BYOD revolution over?

Is the BYOD Revolution Over?

26th June 2014

Two to three years ago, Bring Your Own Device (BYOD) was THE hot topic. IT Managers were giving it to their users clamors to use their own devices at work. In many occasions this was the result of Execs wanting to use their iPads and iPhones at work.

All of a sudden a BYOD policy was required to allow all users to use their own devices. FDs thought it would decrease costs – as the company would no longer have to fork out on mobile devices for the employees.

Overlay technology rapidly sprung up to attempt to provide the degrees of control that legacy products such as, cough, Blackberry had delivered. None of these came cheap. Not all of them worked very well. Problems of data security, and data loss prevention started to rear their ugly heads – users were storing sensitive company data on their personal devices.

Slowly, but surely, conversations with our clients have uncovered that the tide seems to be turning. No longer is an assumption that a business NEEDS a BYOD policy automatic. The cost saving myth has been torpedoed. By the time overlay management products and solutions are implemented, the numbers just don’t really look attractive. The security issues are a head ache. Users started losing devices with company data on them – and remotely wiping a user’s iPhone is not something that a business can automatically mandate.

As with all things in IT, sooner or later, the wheel turns full circle. Blackberry won’t be back any time soon (if ever), ┬ábut users having to use company issued devices looks like it is coming back round again.

 

The latest scary stuff about the NSA

This link from DarkReading makes scary and sobering reading.

The fact that vendors are concerned that the NSA have developed malware that targets common products should be an eye opener to us all. The fact that the NSA seem to be able to intercept products on the way from the factor to the customer is almost unbelievable.

If anybody else was doing this, it would be illegal. Where’e the oversight that our US cousins are so keen on?

Barry Hesk
Intrinsic Network Solutions