Dismiss Notice
We would like to remind you that we’re updating our login process for all 3CX forums whereby you will be able to login with the same credentials you use for the Partner or Customer Portal. Click here to read more.

IIS or Abyss for Windows Server ?

Discussion in '3CX Phone System - General' started by Eurylink, Jun 5, 2010.

Thread Status:
Not open for further replies.
  1. Eurylink

    Eurylink New Member

    Joined:
    May 25, 2008
    Messages:
    174
    Likes Received:
    3
    What are consideration about Web Server to use with 3CX v.9 ? I installed v.9 with abyss on Windows 2008 R2 machine. Abyss seems to be slower loading than cassini. This is caused by OS (in this case windows server) ?
    I'll test for some days then I'll restore 3CX on IIS platform (previous v.8 was with IIS).
    I imagine IIS is the first choice for Microsoft Server OS .... or not ?

    Thanks
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. matictec

    matictec New Member

    Joined:
    Mar 31, 2008
    Messages:
    188
    Likes Received:
    0
    I think IIS is the better choice because here you can activate SSL or activate different authentication methods. Perhaps it is also possible with the integragted webserver.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. LeonidasG

    LeonidasG Support Team
    Staff Member 3CX Support

    Joined:
    Nov 19, 2008
    Messages:
    1,559
    Likes Received:
    118
    Hi,

    Slowness of loading the interface in the Web Management sometimes depends on the browser as well.
    Using Firefox causes the interface to load slightly slower than when using Internet explorer, i'm pretty sure it was the same with Cassini.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. demonofsteel

    demonofsteel New Member

    Joined:
    Mar 28, 2008
    Messages:
    105
    Likes Received:
    0
    I really like the move from Cassini to Abyss. I've used Abyss in the past and I would say it's the best 3rd party Web Server available for Windows. It's also very easy to use.

    But if you're using Windows Server, then why not use IIS? I would suggest IIS if you have the possibility to use it.
     
  5. LeonidasG

    LeonidasG Support Team
    Staff Member 3CX Support

    Joined:
    Nov 19, 2008
    Messages:
    1,559
    Likes Received:
    118
    I'll just say this for the record.
    So far, with Abyss, we haven't had any "Error in IVR session" messages.
    Just for that i would personally ditch IIS and go for Abyss :p
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. KerryG

    KerryG Active Member

    Joined:
    Jun 19, 2009
    Messages:
    960
    Likes Received:
    0
    That's not my experience. After running for a few days I had to restart Abyss to fix my error in ivr message.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. nb

    nb Support Team
    Staff Member 3CX Support

    Joined:
    Jun 7, 2007
    Messages:
    2,153
    Likes Received:
    175
    We have a fix which is included in the release BETA 2 - Today. This is not coming from the Webserver however. Coming from our configuration. Bug in beta. Or wait for the next version - by today if everything goes well.

    As for Abyss - I will post more stuff and blogs later - it has a management console you can enable - we disable it by default.
    It has logging you can enable.
    It has passed bulk testing with flying colors - personally I am very happy with it.

    Abyss is slow on the first time loading - just like any webserver that generates cache the first time - until it preloads the worker process and cache it needs time. Once this cache is loaded, serving is immediate.

    Open it's management console - (locked to 127.0.0.1)
    go to program files 3CX PhoneSystem\Bin\Webserver\abyss.conf
    Scroll to the bottom - and find the tag - <port></port>
    Change this from 0 to 9999 for example. - 0 to disable.
    Save and restart the abyss webservice. Open browser on local machine and type http://127.0.0.1:9999
    User admin - password - admin - have a look here - see what you can enable. Maybe suggestions on what we can enable by default??????

    Abyss has an ASP.NET connector which uses the original ASP.NET framework by Microsoft. So do not underestimate Abyss. It also has SSL that can be enabed too. i will post details later through the blog. You cannot really compare with the previous option we had. Cassini was designed to be used for debugging purposes. Hence why we used to recommend it for small 3CX PBX's less than 30 extensions.

    Windows Server 2008 R2 - I would go for IIS. IIS is also powerful. We are also going to make changes to the IIS websites - we hope to move to integrated mode as opposed to the current classic. We still have to think what we are going to do with IIS on server 2003 because IIS 6 does not support integrated mode.
    In version 9 we have improved the IIS configuration, optimized the worker process and recycling intervals.
    If you have other websites on IIS, i would give it a shot just the same - however other websites and windows updates should be an area to take into consideration. If you use IIS only for 3CX, go for IIS 7.

    For the error in the ivr fix, check the release we uploaded today - Beta 2.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. carolinainnovative

    Joined:
    May 4, 2009
    Messages:
    369
    Likes Received:
    6
    Speaking of Web Servers and IIS

    Nicky,

    something else I would REALLY like to see is the ability for the setup to create a NEW website within IIS under which it can place the 3cx stuff - AND/OR the ability to SELECT a website. I __REALLY__ hate it when stuff installs under the "Default" website, because then I have to go pick through settings, etc to move it to another site. I have a few windows-y specific things on the default site and would rather have 3cx on its own. Just a thought...

    Chavous Camp
     
  9. nb

    nb Support Team
    Staff Member 3CX Support

    Joined:
    Jun 7, 2007
    Messages:
    2,153
    Likes Received:
    175
    I understand perfectly your point. I can imagine having exchange and owa or sharepoint together with 3CX on default ws.

    But we wished the users to log in directly to myphone without putting a port number. This was the main reason why.

    But rest assured. We do not screw up the default website on install. We removed all custom scripts we had in Version 7 and there is no chance that we modify the default website in any way.

    Also you can create your own website in IIS if you want. Copy everything literally and then go to the parameter table in 3CX and add the new port in the WEBSERVER parameter.

    In your case why don't you install Abyss? Because you will isolate 3CX Web divisions onto a separate trusted webserver and leave critical exchange and other mic app on IIS
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. carolinainnovative

    Joined:
    May 4, 2009
    Messages:
    369
    Likes Received:
    6
    Yeah but nicky - you don't have to necessarily have multiple port numbers - it can still all be on port 80 - I just have a SEPARATE IP ADDRESS that I'm using for 3cx - and that is bound to another website.

    A REALLY good example of where this is important is in SSL - if I have TWO ssl websites on a box - say, one for exchange/OWA or something else and ONE for 3cx, I don't necessarily want to use the same cert - because certs, as you know, are bound to whatever common name is used to generate them...

    so, I might want 3cx on https://sip.whatever.com and my other stuff in the default website on https://blah.whatever.com. Or, because 3cx refuses to use hostnames in the provisioning emails or assistant configuration, i might NEED 3cx to have a cert on which the common name is listed as the IP ADDRESS where as the default website needs a cert on which the common name is an actual HOST NAME.

    Make sense?
     
  11. nb

    nb Support Team
    Staff Member 3CX Support

    Joined:
    Jun 7, 2007
    Messages:
    2,153
    Likes Received:
    175
    Yes makes sense - to a certain extent..
    So what can we improve in our current IIS configuration? List them and we will consider them. You can send me an email nb@3cx.com. I personally take care of IIS decisions and my main concern is to make IIS installations seamless and commonly used for all installations. SSL can be enabled per installation in my opinion. Its easy in IIS. And IVR which is vxml is problematic by design in ssl.

    My thought: (I might be wrong) If you are an admin that wants ssl, you are also 100% capable to create new websites right?

    Question: How many extensions do you have in your 3CXPhone System? How many simultaneous calls do you have at the moment hitting your pbx?

    What are the reasons that you want to make 3CX management console public to the outside world?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. KerryG

    KerryG Active Member

    Joined:
    Jun 19, 2009
    Messages:
    960
    Likes Received:
    0
    Do you think using SSL somehow makes your site more secure? If there is a vulnerability its going to be in the web server software or the 3CX code and simply having the data encrypted will do nothing to prevent malicious behavior. With so many other ways to protect a system, I cant imagine wanting to take any performance hit on 3CX just to use SSL.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. carolinainnovative

    Joined:
    May 4, 2009
    Messages:
    369
    Likes Received:
    6
    It makes the site more secure because the usernames and passwords used to login are not exposed over the internet. Period. If someone finds a vulnerability - fine - but it is ONE area of security I can address.

    In addition - 3cx takes no performance hit. This is an IIS website we're talking about securing.
     
  14. comresource

    comresource Member

    Joined:
    May 22, 2009
    Messages:
    303
    Likes Received:
    0
    It is really a matter for external use. Would you want your users sending their login in clear text over the internet? Or even worse, have remote phones register in clear text allowing a malicious users to register the extension from anywhere to dial out your PBX. We had a client runing Asterisk who had this very thing happen to them. The individual who installed the system had no concern for security, and ended up having a user use a script for spamming ppl across the nation with a pre-recorded message asking for banking info. Yes there is some administrative overhead to properly secure VOIP but at times it is a neccessary evil.

    dtp
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. KerryG

    KerryG Active Member

    Joined:
    Jun 19, 2009
    Messages:
    960
    Likes Received:
    0
    Fact: SSL gives people a false sense of security when the backend is what needs to be secured
    Fact: There has never been a recorded case of a credit card number being stolen during transit on an insecure site
    -- I mention this because if anyone was going to try to steal any data during transit, it would be credit cards.
    -- Its FAR easier to get credit card numbers by hacking the server vs decrypting SSL
    -- SSL does nothing to prevent hacking attempts

    What does SSL have anything to do with the phones registering? They ALWAYS register in clear text unless you are using a VPN. Yes, 3CX DOES take a performance hit because the server has to do encryption/decryption. It will slow down the web interface.

    The client you refer to "had no concern for security" therefor he let things happen that shouldn't. Having the web interface protected by SSL wouldn't have stopped that event from happening.

    Where do VIRTUALLY ALL security breaches happen, at the user end. Keyloggers, spyware etc. Using SSL does not stop this in any way shape or form. Only someone sniffing packets either at the server location or at the user location is going to grab logins/passwords and at that point the security has already been breached.

    I can appreciate you wanting to make your systems secure but simply adding SSL does pretty much nothing to secure them. If you want to secure your systems, use VPNs, IP Filtering, etc. Those are vastly more effective.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. carolinainnovative

    Joined:
    May 4, 2009
    Messages:
    369
    Likes Received:
    6
    Thanks for your input Kerry - and I am using VPNs and other means to secure the SIP traffic itself. However - SSL is one additional layer that can be applied, especially if the web interface is publicly accessible. You may disagree with me - and you are entitled to your opinions - but I'm still asking for it - I would like for 3cx to be able to:

    • let me pick which virtual host in IIS it uses - OR create one by itself. I'll configure the SSL, certs etc - just create the site and get the settings correct for the underlying virtual directories, applications, etc
    • point the user (via 3cx Assistant) to a secure website IF I SO DESIRE. Many people won't use it - but hey - there are several features in 3cx that many people won't use - they're there because SOME people need/want them - even if you think they are silly
    • allow the use of hostnames in more places in provisioning files, etc so that it is never tied to an IP but instead tied to DNS resolution of a name

    Again - not an issue for most people. For some it may be, and for myself and those others, I'm requesting it.
     
  17. comresource

    comresource Member

    Joined:
    May 22, 2009
    Messages:
    303
    Likes Received:
    0
    We will have to agree to disagree. I have done a lot of IT security work and you are just flat wrong.

    And just about any SIP phone you can buy today supports secure provisiong and SIPS/RTPS
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. KerryG

    KerryG Active Member

    Joined:
    Jun 19, 2009
    Messages:
    960
    Likes Received:
    0
    What part do you disagree with? That breeches virtually always occur at the two endpoints? That sensitive data has basically zero record of being captured during transit? That SSL causes a performance hit? That SSL does nothing to prevent hacking? That encrypting your website doesn't encrypt your phones? Please point out one statement I have said that is not factual.

    That doesn't mean you can't disagree with me on whether or not SSL has any real value or not, that is strictly an opinion and there are consumers who will not put their info an insecure form, that's great, e-commerce sites have to cater to those people. I am glad some people actually think about their security even though many of those same people will gladly hand over their credit card to a waitress making minimum wage who walks alone into a back room completely out of your site with it. But I digress...

    I have been doing IT and Web Security for 25 years and simply saying that SSL helps secure your data is absolutely a false statement. The path of least resistance would simply dictate that capturing packets and decoding personal information is not worth the hassle therefor the low hanging fruit is the endpoints and again, once you are there your security is breached anyway.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  19. matictec

    matictec New Member

    Joined:
    Mar 31, 2008
    Messages:
    188
    Likes Received:
    0
    SSL secures communication between endpoints. For a small internal network infrastructure it is not needed, but if you want to open management console or myphone portal for external users, it is absolutely needed, also for hosted 3cx pbx. you can use vpn, but this need additional software or hardware solutions and also need more "admin-power".

    But I agree that ssl do not secure against hacker attacks. So secure passwords and auth ids have to been used. if you use a hosted pbx for examlpe it is very important to secure provisioning folder from unauthorized access, for e.g. by ip. and for external sip clients it is also imortant to use secure sip and srtp.

    But to enable SSL and secure folders is the job of the admin. And with an iis 6 or 7 it is not a big job to activate ssl. teh management console and the my phone portal have no problems when ssl is enabled.

    But one thing is miss is an option in the 3cx assistant to open myphone portal using https instead of http.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  20. carolinainnovative

    Joined:
    May 4, 2009
    Messages:
    369
    Likes Received:
    6
    And someone brings the conversation back to features for 3cx... Thank you :)

    Mostly agreed. I didn't say that 3cx should configure ssl for me...

    What I'd like is this:
    • On install, select to create or use an existing site other than default
    • Support to "enable" ssl for urls generated by the system (ie PROVISIONING urls generated in the emails)
    • Support to specify what parts of that URL should be (for example - HOSTNAME instead of IP)
    • Support in 3cx Assistant for the same - ie using SSL and hostname for the lauch of myphone
     
Thread Status:
Not open for further replies.