Time Services; Network Security; Security Considerations; Internal Firewall - ShoreTel Service Appliance 100 Installation Manual

Chapter 3: Network Requirements and Preparation
3.4

Time Services

The SA-100 requires a connection to time services (a Network Time Protocol server)
in order to support ShoreTel Conferencing services. The address of the NTP server
can be provided to the SA-100 through DHCP option 004 (if DHCP is used) or
configured statically. For information on configuring an NTP server, see Section 6.2.1.
3.5

Network Security

This section discusses network security concerns that can come up when you deploy
the SA-100.
3.5.1

Security Considerations

3.5.1.1
The SA-100 Appliance can be deployed in the DMZ, allowing external participants to
access Web conferences. Positioning in the DMZ places the Service Appliance 100 in
a privileged security position within the customer's network infrastructure.
Therefore, the SA-100 features an embedded, customer administered, firewall to
control access between unsecure external environments and internal networks.
Proactive security policies and strict management of evolving internet security risks
are essential to maintain network security.
3.5.1.2
As security threats evolve new vulnerabilities may be discovered that require
immediate resolution. ShoreTel provides upgrades to the appliance software and
updates for critical security patches. If required, these upgrades are distributed
independently from the standard release cycle for software upgrades.
Should critical security patches be required to the appliance operating or file
systems, a new mini-installer is used to implement immediate fixes to the platform
images. This allows the customer's IT support to quickly protect their networks
without having to complete an entire release upgrade.
Hotfixes or patches to the appliance application images will continue to be
addressed via the traditional process of incorporating these into the next build or
release.
Procedures to apply security patches to the appliance operating system and
applications are described in the ShoreTel 12: Maintenance Guide and are also
distributed via e-mail or other customer notification pathways such as the ShoreTel
support website.
3.6

Deployment Scenarios

The ShoreTel Service Appliance 100 may be deployed both internal to the LAN or
externally in a company's DMZ.
Deployment scenarios may include multiple installations of appliances in a
ShoreTel system.
However, in any multi-appliance deployment scenario, if one appliance is accessible
for external access then all appliances must also be accessible for external access.
ShoreTel 12.3

Internal Firewall

Security Considerations
SA-100 Planning, Installation, and Administration Guide
21