Testing was conducted on the 3Com VCX Unified Communications Solution configured for a main office, a secondary regional office, a remote branch office and a home office. We included full redundancy for server components at the main office and secondary regional office.

The main office network infrastructure utilized a 100Mbps Ethernet Power over Ethernet-enabled network using 4200G PWR and 5500-EL PWR Ethernet switches. The home and remote office were connected by different routed virtual LAN networks.

Deployment, failover testing, security assessment and SIP interoperability testing were conducted using the 3Com components illustrated in our test bed diagram. The VCX Connect 100 appliance and VCX Connect 200 server (pre-installed on a Linux based IBM x3250) IP PBXs were configured to support a multi-regional environment comprising two regional offices, a remote/branch office, a home office and telecommuter components. We ran VCX Connect 100 with factory default settings and employed its Web interface to import profiles for dialing plans and voice mail setups. We set up a new region with a 3Com VCX Connect 100 IP PBX in less than 30 minutes.

Click to see: Diagram of the test bed

SIP interoperability was verified using WinSIP 4.0 from Touchtone Technologies and ClearSight Analyzer 6.0.1.134 from ClearSight Networks. Third-party phones from Polycom (650, 550, 430 and 330), Grandstream and Snom were also used to verify SIP interoperability. Hitachi and Nokia (E61) dual mode phones were included in the testing.

IP soft phones were run on a Dell Latitude D810 laptop, and we used a Plantronics DSP-400 USB headset. Various monitoring systems, including ClearSight Analyzer and TouchStone WinIQ, were used during the testing to verify network traffic and other VoIP operational characteristics.

Security scans including open port scans, protocol interaction with mutated traffic, common vulnerability exploit tests, denial of service and SIP server torture tests were conducted using Miercom's own testing suite combined with a Mu-4000 Security Analyzer from Mu Dynamics. The vulnerability scans were run first to provide information that could be used in a subsequent compound or complex attack.

We tested system component reliability including endpoints and the servers themselves exercising their inherent failover capabilities by disconnecting network links and interrupting power in some cases. We also verified that a failure of the Main Office caused the secondary regional office to take over.