Installing 3CX on a Rackspace Cloud Server

Discussion in '3CX Phone System - General' started by adminbod, Jan 5, 2015.

Thread Status:
Not open for further replies.
  1. adminbod

    Joined:
    Jan 18, 2010
    Messages:
    36
    Likes Received:
    2
    Hi -
    I've been considering deployment options for 3CX for our multisite office (40 extns at one site plus 10 extns at a remote warehouse)

    I was initially going to run it locally on a MS 2008 server VM in our VMware environment, but then though it might benefit from greater resilience and connectivity if it ran on a MS 2008 cloud server at Rackspace (we have a managed account there)

    I spun up a server at rackspace and installed the free 3CX to test - First thing I had to consider was the internal FQDN & external FQDN settings in the wizard setup... the rackspace server has 2 virtual NICS, 1 for its public IP and the other for its internal IP.
    The internal IP allows it to communicate with other private rackspace servers you may have - which for this scenario is redundant.

    So I created a DNS A record on a test domain (3cx.testdomain.com) and pointed it to the Rackspace servers external IP - I then used that same FQDN for both the Internal FQDN and the External FQDN in the 3CX setup wizard.
    I figured that in this deployment scenario all our users would be external - so having the same FQDN in both wouldn't matter ?

    On the face of it it works - had a few issues with handsets connecting to the 3CX server through our main office firewall - but that turned out to be various Intrusion Detection signatures, and another with oneway audio - but that I'm pretty sure is due to SIP ALG on our cisco router which I'm still working out how to disable.

    I'm concerned that security on the Rackspace server is completely dependent on the native windows firewall - any suggestions for other software based firewalls to beef this up?

    I'd be interested if anyone else has deployed 3CX remotely like this and what issues they came across...

    cheers.
     
  2. craigreilly

    craigreilly Well-Known Member

    Joined:
    Feb 1, 2012
    Messages:
    3,128
    Likes Received:
    207
    Strong Extension and Admin passwords is key!

    I use this for my extension passwords: http://passwordsgenerator.net/

    The instrusion detection of 3cx will help - Settings -> Security -> Anti-Hacking

    Fail2Ban is a nice product for blocking this but I do not think there is a Windows version. RDPGuard might work (never used it). I am not sure if it can check custom ports like 5000/5060 or whatever you use for 3cx.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. tsukraw

    tsukraw New Member

    Joined:
    Mar 9, 2012
    Messages:
    190
    Likes Received:
    7
    We have used rackspace before with no issues.
    In our case we used the vRouter service setup by rack space that puts a firewall in front of your server and then you only have (1) NIC on the server which is connected to the vRouter with the public on the vRouter as you would expect. This gives you the security you would expect from a router/firewall.
    The vRouter has a web API that allows you to configure your policies and such fairly simple.

    In our case we did from the vRouter a Site-To-Site VPN to onsite Watchguard firewalls which makes the phones a lot easier to program when you can access their web interfaces fright form the 3CX server.

    All in my opinion :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. StevenM

    Joined:
    Dec 17, 2014
    Messages:
    5
    Likes Received:
    0
    i use watchguard XTMv in hyperv then i have my own little firewall :D
     
  5. adminbod

    Joined:
    Jan 18, 2010
    Messages:
    36
    Likes Received:
    2
    Thanks for the info guys :D

    not related, but I was wondering if on a fresh Server 2012 R2 install, should I manually install the IIS role before running the 3cx installer, or should I let 3cx install the IIS role itself?
     
Thread Status:
Not open for further replies.