How to Install VICIdial on Cloud
Introduction
Installing VICIdial on cloud lets contact centers run a scalable, resilient dialer without managing physical hardware. This guide covers how to install VICIdial on cloud step-by-step, from choosing a provider to post-install tuning and scaling. It targets VoIP engineers, call-centre IT managers, and system administrators deploying or migrating VICIdial infrastructure to cloud environments. This article uses practical examples and operational checklists to make deployment repeatable.
Prerequisites
- Administrative Linux skills (user and package management, services).
- Knowledge of Asterisk, MySQL/MariaDB, RTP ports, and SIP basics.
- Cloud account (AWS/GCP/Azure/DigitalOcean) with VM/Network permissions.
- SSH keypair for instance access and a secure VPC/subnet.
- Static/Elastic IP for public SIP gateway and DNS pointing for admin UI.
- Access to SIP trunk credentials or SBC endpoint.
- Plan for call recording storage and retention policies.
Cloud Provider and Architecture Choices
Which cloud provider?
- AWS (EC2) — best for enterprise-scale clusters: Elastic IPs, multi-AZ, EBS IO tuning, Marketplace AMIs.
- Google Cloud (Compute Engine) — strong networking, predictable pricing, sustained discounts.
- DigitalOcean — straightforward droplets; good for SMB deployments and quick proofs of concept.
- Azure — enterprise features, integrates with Active Directory and Microsoft stacks.
Choose the provider that minimizes latency to your SIP carrier and fits your budget and compliance needs.
Single-server vs cluster
- Single-server:
- Pros: simple, fast deployment, lower cost.
- Cons: single point of failure, limited scaling.
- Cluster:
- Recommended for production.
- Separate services onto dedicated nodes:
- Web/API servers (multiple behind LB)
- Asterisk/media servers (multiple)
- Database (Galera/MariaDB cluster with replication)
- Storage servers for recordings (object storage or NFS)
- Use a load balancer (HAProxy/Nginx) and autoscaling where possible.
Sizing and System Requirements
Sizing depends on codecs and concurrent channels. Below are conservative starting points:
- Small (10–50 agents): 4 vCPU, 8 GB RAM, 100 GB SSD.
- Medium (50–200 agents): 8 vCPU, 16–32 GB RAM, 300–500 GB SSD + recordings volume.
- Large (200+ agents): multiple Asterisk nodes (8+ vCPU each), DB cluster nodes (16–64 GB RAM each), dedicated storage arrays.
Consider IOPS for recordings and DB latency; use provisioned IOPS where available. Plan network egress costs for heavy outbound calling.
Networking & Security (Detailed)
- Ports to allow (internal only where possible):
- TCP 22 (SSH) — restrict to admin IPs.
- TCP 80 / 443 — for VICIdial web UI (HTTPS recommended).
- TCP 3306 — MySQL (allow only from internal app servers).
- UDP 5060 (SIP) and custom SIP ports — consider TLS on 5061.
- UDP RTP range (10000–20000) — confirm asterisk rtp.conf.
- TCP 22 (SSH) — restrict to admin IPs.
- SBCs and NAT:
- Use an SBC to terminate SIP and manage NAT traversal and security.
- If exposing SIP directly, enable TLS and SRTP if supported by carrier.
- Use an SBC to terminate SIP and manage NAT traversal and security.
- Access controls:
- Use security groups and network ACLs to isolate DB and internal services.
- Implement IAM roles (AWS) or service accounts (GCP) for automation.
- Use security groups and network ACLs to isolate DB and internal services.
- Authentication:
- Rotate admin and database passwords; use SSH keys and disable password auth.
- Apply 2FA for admin web UI via a reverse proxy or SSO if available.
- Rotate admin and database passwords; use SSH keys and disable password auth.
- Encryption:
- Use Let’s Encrypt or commercial cert for the web UI.
- Encrypt backups in transit and at rest (S3 encryption or provider equivalent).
- Use Let’s Encrypt or commercial cert for the web UI.
Storage and Backups (Procedures)
- Volumes:
- Keep OS and application on primary SSD.
- Mount separate block volumes for recordings (/var/spool/asterisk/monitor) and move older files to object storage.
- Keep OS and application on primary SSD.
- Database backups:
- Use mysqldump or Percona XtraBackup for consistent backups.
- Schedule daily full backups and incremental binary log backups for PITR.
- Use mysqldump or Percona XtraBackup for consistent backups.
- Recordings lifecycle:
- Move to object storage (S3/GS) with lifecycle policies: move to cold storage after 30/90 days.
- Move to object storage (S3/GS) with lifecycle policies: move to cold storage after 30/90 days.
- Test restores monthly and document RTO/RPO targets.
Installation Approaches (Expanded)
- ViciBox ISO / OVA — fastest and lowest risk: preconfigured stack including Asterisk, MySQL, and web UI.
- Manual install — for hardened environments requiring strict package control.
- Container or orchestration (Kubernetes/VM templates) — experimental, requires expertise and persistent storage handling.
How to install vicidial on cloud — ViciBox fast path
Deploying with ViciBox ISO (Fastest)
Step 1 — Provision VM
- Select image type (OVA upload or marketplace AMI).
- Recommended: 8 vCPU / 16 GB RAM for production single VM trials.
- Attach a secondary SSD for recordings (e.g., 1 TB).
Step 2 — Boot and initial configuration
- Boot VM from ISO or OVA. Follow first-boot prompts to set:
- Hostname (FQDN recommended).
- Network (static IP or DHCP within VPC).
- Change default admin passwords.
- Hostname (FQDN recommended).
- Harden SSH: disable root login, change port if required.
Step 3 — Network and Asterisk tuning
- Update /etc/asterisk/sip.conf or pjsip configs for NAT and RTP.
- Select image type (OVA upload or marketplace AMI).
[general]
rtpstart=10000
rtpend=20000
Ensure firewall allows that range.
Manual Install: Detailed Example Flow (CentOS/AlmaLinux-style)
This is a high-level roadmap — check official VICIdial and OS docs for exact commands.
1. Prepare the server
- Update OS:
sudo yum update -y
- Set hostname and timezone:
sudo hostnamectl set-hostname vicidial.example.com
sudo timedatectl set-timezone UTC
2. Disable SELinux or set to permissive
sudo setenforce 0
sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config
3. Install MariaDB
- Install and secure MariaDB, then create vicidial DB and user
sudo yum install mariadb-server -y
sudo systemctl enable --now mariadb
sudo mysql_secure_installation
mysql -u root -p
CREATE DATABASE `asteriskcdrdb` /*!40100 DEFAULT CHARACTER SET utf8mb4 */;
CREATE USER 'viciuser'@'localhost' IDENTIFIED BY 'secure_password';
GRANT ALL PRIVILEGES ON *.* TO 'viciuser'@'localhost';
FLUSH PRIVILEGES;
4. Install Asterisk
- Download Asterisk source (compatible version), compile with core codecs and modules.
- Configure /etc/asterisk files and rtp.conf.
5. Install VICIdial components
- Download VICIdial scripts and web sources, run installer, and point to MySQL credentials.
- Configure cron for dialer cleanup tasks and scheduled reports.
6. SSL and Webserver
- Install Apache and PHP, configure virtual hosts and enable HTTPS via certbot:
sudo yum install httpd php php-mysqlnd -y
sudo systemctl enable --now httpd
sudo certbot --apache -d vicidial.example.com
SIP / Carrier Integration Best Practices (Expanded)
- Use least-privilege SIP credentials and limit registrations to source IP ranges.
- For PSTN: consider SIP trunks with redundancy (multiple carriers) and failover routing.
- Use RTP quality monitoring (RTCP) and set up alerting for packet loss >2–3%.
Firewall and NAT Considerations
- Configure NAT helpers or sip-aware load balancers if NAT is present between Asterisk and carriers.
- Ensure SIP ALG is disabled on customer routers and cloud firewalls that may mangle SIP packets.
- Use STUN/TURN only if necessary — preferred design is direct public IP routing or SBCs.
Monitoring, Logging & Scaling (Practical)
- Key metrics:
- CPU load, memory, disk I/O, network latency.
- Concurrent channels, failed calls per minute, RTP packet loss.
- MySQL slow queries and replication lag.
- CPU load, memory, disk I/O, network latency.
- Alerts & dashboards:
- Configure Grafana dashboards; set alerts for high CPU, high DB connections, and trunk failures.
- Configure Grafana dashboards; set alerts for high CPU, high DB connections, and trunk failures.
- Autoscaling:
- Scale web and media nodes horizontally; use external sticky session or signaling to bind agents to nodes.
- Scale web and media nodes horizontally; use external sticky session or signaling to bind agents to nodes.
- Log retention:
- Centralize logs with ELK or a log management service for forensic and compliance needs.
Common Issues & Troubleshooting (Expanded)
- No audio:
- Check RTP ports and any SIP ALG on intermediate routers; use tcpdump to check RTP flows.
- Check RTP ports and any SIP ALG on intermediate routers; use tcpdump to check RTP flows.
- Dropped calls under load:
- CPU saturation, insufficient network bandwidth, or DB contention. Use top, iostat, and mysqlslowlog.
- CPU saturation, insufficient network bandwidth, or DB contention. Use top, iostat, and mysqlslowlog.
- License/codec problems (G.729):
- Verify codec licensing and module installation; fall back to ulaw if needed.
- Verify codec licensing and module installation; fall back to ulaw if needed.
- Web UI slow:
- Database tuning, add query caching, and optimize PHP-FPM/Apache settings.
Example configuration snippets (illustrative)
Sample Asterisk rtp.conf
[general]
rtpstart=10000
rtpend=20000
icesupport=no
Example sip.conf (chan_sip) minimal
[general]
context=default
allowguest=no
udpbindaddr=0.0.0.0
tcpenable=no
Example fail2ban rules (basic)
- Create jail for ssh and asterisk failures. This reduces brute force attempts on exposed services.
Cost & Licensing Considerations
- Cloud costs: consider instance CPU, memory, storage IOPS, and egress bandwidth. Recordings and heavy outbound calling will increase storage and egress costs.
- Codec licensing: G.729 and some commercial codecs require licenses—budget for codec licensing if you plan to use them.
- Support contracts: VICIdial community versions are free, but vendor support or paid modules may cost extra.
Useful Commands & Diagnostics
- Check for open ports:
sudo ss -tunlp | grep -E '5060|10000'
- Monitor CPU and I/O:
top
iostat -x 5
- Trace SIP/RTP flows:
sudo tcpdump -n -i eth0 udp and port 5060 or portrange 10000-20000 -w sip_rtp.pcap
- Check Asterisk console:
sudo asterisk -rvv
core show channels
sip show peers
rtp show channels
Additional FAQs
- Can I run VICIdial in Kubernetes?
You can, but persistent storage, real-time media handling, and timing constraints make container orchestration complex. Use VMs or specialized container platforms for media workloads. - Do I need DAHDI in cloud?
Generally not. Use SIP trunks and SBCs in cloud deployments; DAHDI is for hardware PSTN interfaces. - How to test call quality?
Use SIPp for load testing and tools like rtpengine or rtptest to measure jitter and packet loss. - How do I handle DNC and compliance lists?
Integrate suppression lists at the dialer level and ensure they are synchronized with your CRM or lead source. Use scheduled imports and validation routines. - Can I encrypt recordings?
Yes — encrypt recordings at rest using provider encryption or manage encryption at the application level, but ensure search/indexing needs are handled. - What’s the typical time to deploy?
Using a ViciBox image: hours. Manual hardened cluster: days to weeks depending on complexity.
Migration Checklist (On-Prem → Cloud, Expanded)
- Inventory all dialplan rules, carriers, and DID mappings.
- Provision cloud SBCs or vendor SIP trunk endpoints.
- Dry-run: test registration and SIP flows from cloud test VM.
- Update DNS and failover routing; perform cutover during maintenance window.
High-Availability Patterns
- Active-Passive DB: Primary and standby DB with automatic failover (MHA or orchestrated scripts).
- Active-Active media nodes: Use a load balancer and stateless web layers; keep media bridging on separate nodes with sticky sessions.
- Multi-region failover: Replicate critical data to a secondary region and automate DNS failover for disaster recovery.
Security & Compliance Notes
- Apply role-based access and keep audit logs for administrative actions.
- If recording calls, check local laws on consent and retention — implement configurable prompts and opt-out flows.
Disclaimer: This guide is for technical deployment only and is not legal or financial advice. Consult legal counsel for compliance and regulatoy questions.
Backup and Disaster Recovery
- Regularly backup MySQL (daily full + binary logs for PITR).
- Snapshot block storage daily and test restores monthly.
- Replicate recordings to object storage with lifecycle rules and periodic restore tests.
Final Checklist Before Production
- Backups, monitoring, and alerting validated.
- Trunk and codec tests passed.
- Load tests completed and tuning applied.
- Security hardening and access controls in place.
- Rollback plan documented.
Next Steps
- Pilot a small instance in the cloud and run SIPp to simulate your expected concurrent call load.
- Document your runbook for incidents, rollbacks, and scaling events.
- Begin with a test deployment and refine configurations based on real traffic.
Conclusion
Migrating or installing VICIdial on cloud demands careful attention to networking, instance sizing, and storage. For a fast path, use ViciBox ISO; for production hardened environments, do a manual install with DB clustering and separate media nodes. Secure SIP with an SBC, monitor performance, and automate backup
- Can I run VICIdial in Kubernetes?