Dismiss Notice
We would like to remind you that we’re updating our login process for all 3CX forums whereby you will be able to login with the same credentials you use for the Partner or Customer Portal. Click here to read more.

3CX On-Premise Installation Best Practices

Discussion in '3CX Phone System - General' started by Frank86, Jan 28, 2018.

Thread Status:
Not open for further replies.
  1. Frank86

    Frank86 New Member

    Joined:
    Jan 18, 2018
    Messages:
    118
    Likes Received:
    4
    New to 3CX and on-premise VoIP. A few questions:
    • What are on-premise VoIP best practices for a business with 50 users running on an AT&T 100 Mbps symmetrical fiber circuit? Use a separate QoS PoE switch for the phones and PBX (on their dedicated VLAN)? Or use the same data switches used for the PCs and just use a phone VLAN and QoS to separate phone traffic?
    • Is the 3CX 15.5 Windows SBC reliable? I've read in a couple of community posts that it's not. If unreliable, is the Debian one reliable?
    • If I place a passive 3CX server in a branch office with 20-30 users, does this branch office still need an SBC?
    • For remote locations with 1-2 phones, what is the best way to connect to the main office with the on-premise 3CX server? An SBC (linux, windows, raspberry PI)? STUN? I've read STUN can be unreliable.
    • We are mostly a Windows shop, so ideally we would set up the 3CX active and passive servers in a Windows server 2016 VM and a Windows SBC PC at branch offices and remote locations, unless Linux/Raspberry is far more reliable).
    • What is the LAN/WAN bandwidth needed for 50 concurrent VoIP calls and 5-10 web meetings?
    • How can we ensure highest phone call quality within sites and with third parties?
    Thank you much for your help.
     
  2. eddv123

    eddv123 Well-Known Member

    Joined:
    Aug 15, 2017
    Messages:
    1,430
    Likes Received:
    188
    Hi Frank86,

    Firstly in regards to VLAN's you need to use these if bandwidth is a concern and you need to separate and prioritise the voice traffic.

    If you do, be aware that if you want to use 3CX phone on the desktops in CTI mode with a supported phone then routing is required between the Voice and Data VLAN's.

    The 3CX SBC I think personally is very solid. The Windows and Linux versions both support 50 extensions where Raspberry Pi supports 20. I think the only time issues would occur would be due to poor network administration or trying to overstretch the limitations.

    STUN is a method I would only recommend is you have a single home user. I know of people who use more than this on a single site, but it' not my preference due to technical reasons.

    Branch offices connected via 3CX bridges between sites do not need an SBC also, bridges and SBC both use the 3CX tunnel which uses port 5090 for connection.

    For calculating bandwidth you can use this helpful guide: https://www.3cx.com/blog/docs/bandwidth-utilised-for-voip/

    However for local QOS you need to look at configuring your network correctly which is something you need to look at your routers and switches for.

    FYI you only mentioned on-premise 3CX break aware you can host in the cloud also on platforms such as AWS and Google.
     
  3. Frank86

    Frank86 New Member

    Joined:
    Jan 18, 2018
    Messages:
    118
    Likes Received:
    4
    Thank you. I think I prefer to have it on premises when I have a location with 50 users or so. If I can set up a redundant system through a 3CX passive server in a branch location, all the better.

    I would definitely look at 3CX on AWS or Google for 3-20 users.

    I already have QoS and voice VLAN set up and am playing with the free 3CX PBX edition, and it's working well. The Voice and data VLANs are properly routed as well, so CTI setup should not be a problem.

    Thank you for your input.
     
  4. Frank86

    Frank86 New Member

    Joined:
    Jan 18, 2018
    Messages:
    118
    Likes Received:
    4
    If I configure a slave bridge at the branch office, can that slave bridge also be the passive failover host?

    If I have site-to-site VPN between main office and branch office, is the bridge option still recommended?
     
  5. eddv123

    eddv123 Well-Known Member

    Joined:
    Aug 15, 2017
    Messages:
    1,430
    Likes Received:
    188
    It depends what you mean by redundant. As you have mentioned both redundancy and bridging.

    3CX supports both bridging between 2 live PBXs (normally used for 2 sites within the same company but difficult physical locations for example) and the Enterprise licence- for active/passive failover of the same PBX: https://www.3cx.com/docs/failover/

    As far as your VPN is concerned 3CX bridging supports both with 3CX tunnel or direct connection without:
    https://www.3cx.com/docs/manual/connecting-pbx-bridges/
     
    #5 eddv123, Jan 29, 2018
    Last edited: Jan 29, 2018
  6. Frank86

    Frank86 New Member

    Joined:
    Jan 18, 2018
    Messages:
    118
    Likes Received:
    4
    I'm not sure I quite follow. What I'd like to achieve is the best-practices setup between our main office (50 users) and our branch office (15 users), connected to each other by a site-to-site VPN over a 100 Mbps fiber circuit. I was thinking of setting up a 3CX bridge between them.

    But I would also like to set up a failover 3CX server in the branch office through the 3CX enterprise license. I'm not sure whether the 3CX failover server at the branch can at the same time be the 3CX bridge server.
     
  7. eddv123

    eddv123 Well-Known Member

    Joined:
    Aug 15, 2017
    Messages:
    1,430
    Likes Received:
    188
    To setup a bridge you require 2 x live 3CX PBX's. in your scenario you could do this however it is a bit over-kill for 15 extensions.

    You can use the VPN option and register the remote phones down the tunnel using DHCP option 66.
    Supported phones can use PnP provisioning if within the same LAN subnet however due to the VPN/different subnets this is not an option: https://www.3cx.com/sip-phones/dhcp-option-66/

    Again another option if you are using a "supported" phone brand is take advantage of the 3CX SBC for Windows, Linux or Raspberry Pi (both Windows and Linux support 50 extensions where the Raspberry would be 20: https://www.3cx.com/sip-phones/
     
  8. Brian Cross

    Brian Cross New Member

    Joined:
    Jul 26, 2017
    Messages:
    109
    Likes Received:
    29
    If you have a site to site VPN I would just configure these branch phones as local phones. Depending on your tunnel setup, I can drop a phone at the remote site and it multicast and pop in the 3cx management without having to use option 66. (Worst case scenerio you use option 66)

    The phones will behave correctly and CTI mode will work and dial the number and not do a "make call". (If your phones support CTI that is.)
     
  9. Frank86

    Frank86 New Member

    Joined:
    Jan 18, 2018
    Messages:
    118
    Likes Received:
    4
    Got it. So for on-premises setup, I would do the following:
    - Site A (50 users): active 3CX server, Yealink T4x and T5x phones
    - Site B (15 users): passive 3CX server, a separate Windows SBC, Yealink T4x phones
    - Remote users: STUN or, preferably, a mini PC with SBC, Yealink T4x phones.

    For site B, since the SBC is in the same LAN as the passive 3CX server, do I enter the passive server's private IP as the SBC's failover server IP address?
     
  10. NickD_3CX

    NickD_3CX Support Team
    Staff Member 3CX Support

    Joined:
    Jun 2, 2014
    Messages:
    1,379
    Likes Received:
    84
    What @Brian Cross mentioned is that all users at sites A and B would be provisioned as "Local" extensions to the Active PBX at site A (the ones at B would register over the VPN). Now in case of the active PBX failing, this would be reversed, the users at site A would register over the VPN to the Passive PBX and the user at site B the same, but this time not over the VPN.

    Regarding the remote extensions, either with SBC or STUN, if a failover occurs, assuming you are using a 3CX FQDN, the Passive server would update the DNS records of the FQDN automatically, so given a little time, all remote phones would "switch" to the Public IP of site B. Truth be told, this last part might be slightly better handled by the SBC (not that it won't work with STUN phones).

    The rule of thumb when thinking of how to setup a fail over scenario is that:
    The orientation of the phone towards the Active/Primary PBX must be the same to the Passive/Fail-over PBX.
    Example, if you have a "Local LAN" extension, if a failover occurs, it must be able to connect the Passive server again as a Local LAN extension. Similarly, if you have a STUN extension and a fail-over happens, it must be STUN towards the Passive PBX as well.
     
  11. Frank86

    Frank86 New Member

    Joined:
    Jan 18, 2018
    Messages:
    118
    Likes Received:
    4
    Thank you. Has anyone tested or experienced the failover scenario? Does it work well?
     
Thread Status:
Not open for further replies.