Mitel Forums - The Unofficial Source

Mitel Forums => Mitel Software Applications => Topic started by: MrRedHat on September 11, 2016, 10:09:17 PM

Title: MiCollab external access
Post by: MrRedHat on September 11, 2016, 10:09:17 PM
I have a Mitel phone system and we want to use the MiCollab client software with our phone system external when we aren’t in the office. Our Mitel vendor keeps insisting to be able to use the MiCollab client outside of the office we need to move the phone system server over to the Internet and face an interface on the server facing the Internet without any firewall. From a security stand point this seems insane and I’m wondering if there is a better way to allow external access using the MiCollab client. Are there any UDP TCP ports that can forwarded or anything?
Title: Re: MiCollab external access
Post by: martyn on September 11, 2016, 10:24:54 PM
In order to publish MiCollab you need to do it via MBG. There are a couple of options for this based on the design of your network, but the internet facing interface is locked down to only the ports and applications required.
Title: Re: MiCollab external access
Post by: VinceWhirlwind on September 11, 2016, 10:46:06 PM
The way to do it is to build an MBG server in your DMZ, then it somehow clusters with the MBG that's running on the MiCollab server and acts as a proxy for those services so that outside clients are talking to the server in the DMZ rather than directly to the internal MiCollab server.
Title: Re: MiCollab external access
Post by: MrRedHat on September 11, 2016, 11:07:41 PM
What we call the “ucaserver” has two interface cards in it. One interface card is connected to the local LAN and it has worked well for several years. We wanted to use the MiCollab client, so the phone system vendor said that we needed to use second interface for the MiCollab client. I pulled an IP off from the firewall and we gave it that IP on the second interface card on the “ucaserver”.

This is what the network design is before and after:
Title: Re: MiCollab external access
Post by: dilkie on September 11, 2016, 11:36:22 PM
Your phone system vendor should go back to MitelU and study a bit harder.

Martyn and Vince are both correct, deploy MBG to get access to internal phones services (all services, including UCA) from the internet.
Title: Re: MiCollab external access
Post by: martyn on September 11, 2016, 11:51:22 PM
Is it a standalone UCA/Micollab client server, or is it running on an all in one MiCollab server with Nupoint, MBG, AWV/MCA, etc?
Title: Re: MiCollab external access
Post by: VinceWhirlwind on September 12, 2016, 12:20:51 AM
Well....it might seem like a bad idea, but in fact the MiCollab engineering guidelines have a deployment model they call "Network Edge" for the MiCollab server:
MiCollab has 2 NICs, one connected to the LAN, the other connected to the outside world. No seperate MBG required.
One version of this deployment model has the MiCollab server acting as the actual firewall for the site.

 
The diagram above might be right, or might be wrong - if you connect the MiCollab to the firewall instead of the LAN, then you will need to configure all sorts of firewall rules for the internal MiCollab stuff to work.
Title: Re: MiCollab external access
Post by: johnp on September 15, 2016, 06:33:10 PM
I hate that they changed the terminology from server-gateway to network edge. In sever-gateway, the MSL acts as a firewall for traffic between interfaces and it is a robust firewall IMHO.