I would like to have some feedback on a project I'm currently working on.
What I'm trying to find out if it is possible to host different customers with just one Callmanager Cluster. Please look for an example in the attachment section, where I've uploaded a basic topology scheme. The Callmanager Cluster will be running Callmanager 4.2(3) with the latest OS. There are no plans for Unity yet.
The customers are connected to the Callmanager Cluster via a 10Mbps Dark Fiber Connection. Of course all the customers need to be isolated from each other and no traffic of their LANs should ever cross the fiber connection, nor should it be possible for the customer to be able to access data on the Callmanager Cluster that does belong to another customer (like directory listings, customer specific IP Phone services, etc).
As far as I know, the following problems/questions arise:
- How to separate directory listings, Phone services, etc?
- Is it possible for the customers to access the TFTP server directly via a TFTP client, and thus download and view configuration files from other customers? Or is there a way to secure this?
- What is the best way to solve the routing problem at the datacenter? Only with ACL's or are there other options? Like I said before, it should only be possible to route from customer to datacenter and vica versa. Except for a customer with more than one site. Here it should be possible to route between sites to make internal calls possible.
- Should I use public addresses at the datacenter? There is a possibility that two or more customers use the same private IP range at their site.
- Are there any other problems that I may have overlooked? If so, please tell me :-)