sundance-communications.com/forum Forums TDM Business Telephone Systems Toshiba Telephones & Systems Approved software on CIX server

hi all,
we own a CIX200 that is accompanied by an XP based server that handles voicemails and ACD (and eManager, etc.). when i arrived at this job, the thing was horribly out of date in terms of security fixes from microsoft. i eventually decided to correct this and did.
now, i am being told that things as simple as having an antivirus or backup software to take snapshots of the machine will void the warranty. is there a list of software that is *allowed* to run on these without causing grief from toshiba technicians?
i would like to continue using a combination of microsoft security essentials for antivirus, and norton ghost to take backups.
thanks for any input.
-matt

It would seem you have either a MAS or a MicroMAS. One of the problems with adding software to the system, is that it will take resources, and those generally have enough processing power to do it's job and not a lot extra.

I know how you feel about adding security and backup. It is just that when you add anything to the system, you increase the chance that it could interfere with it's main function. I am sure the vendor doesn't want to deal with future issues when the ACD or voicemail isn't working correctly and they have to fix it.

As far as AV software, Toshiba does say that it can run in the MAS, but recommends that it only does a scheduled scan of the system, and not live monitoring. Also scripts blocking on the AV can cause issues.

I don't know how much resources Norton take, but there are ways to backup the Voicemail and ACD. The vendor can get an install disk from Toshiba. With that and the backup, I think you would be back in business pretty quick.

Also you have to be careful of Wndows updates, s they have sometimes caused things (EManager) to stop working.

Basically the MAS has to perform real-time fuctions without a lot of extra resouces, so you just have to look at it that way. I know you see a WIndows machine full of security holes with a hard drive that could stop working at any time, which are valid concerns.

hey,
thanks for the response. that is in line with i'm hearing from our local dealer.
without getting into too many details about the backup software, it only runs once a day after hours. it shouldn't add additional load/latencies when idle. and it would save at least several hours (days) in the event of a hard drive failure, considering how punctual our dealer has been previously.
i disabled the real-time scan in MSE (although, both of these have been running for 6 months or so without a single issue).
if someone from toshiba were to remote in to the machine for service, and saw that in the system tray, would they really refuse service? or is our dealer exaggerating? that is my real concern.
they also don't want us to change passwords from the defaults.
how is such a system managed in a place where HIPAA or PCI compliance are required? antivirus, firewall, patch management, and a strong password policy are requirements. surely toshiba considered the types of environments these systems (MAS) would be deployed in, when designing the systems.
thanks again,
-matt

After the MAS I installed got hacked, I had to sit at a very large table with about 10 people from IT and a handful of executives to explain what happened and how to prevent it.

I used CDs provided by Toshiba to default the entire system.

A default password is basically about the same as no passord. I did change the passcode to all devices on the network after that. I don't think I installed AV software as of yet. They do IT audits and they did require a few patches. I spoke with Toshiba before applying them to be sure nothing would be distrupted.

If the MAS was installed reciently, it also includes Apache, which older versions have a security issue appearantly.

Long story, if it is critical to your network security, then you can either issolate the Toshiba from the rest of the network, either physically or through VLans and firewalls, or see if your vendor can work with Toshiba to find a good security solution.

looks like my best option, for security, would be to isolate the system from the rest of the network as much as possible. i will likely put it, and the CIX, behind an IDS on a separate VLAN. i can add some routes to let the MAS talk to the call manager application in the call center.
backups are still an issue. if it comes down to it, i will remove ghost as a troubleshooting step.
-matt