vicidial.org

[John110]

Hi All,

I hope you all are doing well.

I am reaching out to seek your expert advice regarding the setup of a VICI Dial web phone-based server for outbound calls for a team of 50 agents. Below are the key considerations I have before proceeding with the setup:

Server Setup Approach: Would it be better to purchase a separate server for 25 agents per server and then add more servers as needed for each additional group of 25 agents, or is there a more efficient method for managing this setup?

Server Hosting Providers: Could you recommend the best hosting providers for this setup? I am considering options such as Hetzner, GoDaddy, AWS, GCP, or others.

Server Specifications: What are the ideal server specifications for both approaches—whether using a single server for all agents or separate servers for each group of 25 agents?

For context, we are currently using a third-party provider who hosts our servers on Hetzner. However, we have been facing recurring attacks every 2-3 days, and in order to improve security, I am considering setting up our own server infrastructure. Therefore, I would greatly appreciate advice on the best server configuration with robust security settings to mitigate these risks.

Thank you in advance for your guidance and recommendations.

Best,
John

[williamconley]

Would it be better to purchase a separate server for 25 agents per server and then add more servers as needed for each additional group of 25 agents, or is there a more efficient method for managing this setup?

Yes, but note that 25 agents per server is a rule of thumb, not a rule. You may get more or less depending on usage and server power.

Could you recommend the best hosting providers for this setup? I am considering options such as Hetzner, GoDaddy, AWS, GCP, or others.

ViciHost is by far the most reliable. While others (such as us at PoundTeam) also provide hosting, ViciHost is run by The Vicidial Group and maintain their servers to always work and always have the latest stable software with all the newest features. Of course I have my preferences (LOL: PoundTeam) but if anyone tries to tell you that they are "better than ViciHost", they are not to be trusted. (Seriously: and I am NOT related to ViciHost in any way. I've just been here working with this software for 15 years, check my history)

That being said: Beware "Cloud" hosters. Vicidial and Virtual servers do not mix well. And physical servers at AWS (24 hours, dedicated hardware, plus bandwidth and storage fees ...) gets expensive quickly. Stick to simple Colocation where you are leasing physical servers with no limit in bandwidth usage and no "surprise/junk" fees. Note that installation of Vicidial is simple for a professional but only IF you can install from the Vicibox .iso image. Any other installation method runs the risk of "oops, that's not compatible today, but we can find a quick workaround". While that's cool during normal pre-run installation, it's not AS cool if you need a new machine because you're overloaded or if your existing machine got hacked so you wiped it clean for a reinstall. Also "server to server" lag can be a problem if your colocation facility doesn't just put your machines in the same room. Best case is to have them ... stacked. Physically connected to the same local (private) network for inter-server communications. Remember that calls can bounce between servers quite a lot and adding jitter/lag with each bounce may not seem noticeable, but it matters during the conversation with clients even if you never consciously identify it as a problem.

What are the ideal server specifications for both approaches—whether using a single server for all agents or separate servers for each group of 25 agents?

This is based on "bang for the buck" presently available to you. There's no right/wrong answer to this that fits everyone. Your access to servers is based on your hunt. I do recommend at least two of everything (hard drives die, so do motherboards and power supplies). You may not be able to continue at full speed with a down server, but at least you might be able to limp along fairly well. Two Web servers keeps you running, same with Two Dialers. Depending on your agent count, the Dialer/Web servers could actually both be both (so two servers to cover both roles). You can even run the Database in one of them if you have less than 50 agents in most cases. And break that DB role out later if that server seems to be stressing.

There can be only one Live database server, but if you have a replication server you have a full copy of your DB on a live MySQL server that can (in a crunch) be converted to the Live DB server. Doesn't hurt that the replication server is also the reporting server so you can run reports with zero impact on production, even if you get a little aggressive with your reporting.

The Vicidial Manager's Manual has (at the front) some basic suggestions for server quantities based on agent counts. But remember that agent counts is absolutely NOT the only major metric. Number of calls dialed per agent is very important. Also whether you are recording all calls and even whether you are running reports or adding third parties to the calls (for a verification service or adding spouses to calls ...).

For context, we are currently using a third-party provider who hosts our servers on Hetzner. However, we have been facing recurring attacks every 2-3 days, and in order to improve security, I am considering setting up our own server infrastructure. Therefore, I would greatly appreciate advice on the best server configuration with robust security settings to mitigate these risks.

Logic mode:

If you are being attacked by someone (brute force, DDOS, etc), they must know you exist. For them to know you exist, they will have had some sort of response to a packet request on your IP (it's not just Rare that attacks occur on unused or apparently unused IPs, it simply never happens as it would be a waste of resources). So how do they know you exist: Usually the reason is that you are using blacklisting rather than whitelisting. Blacklisting is bascially daring the attackers to find new IPs from which to attack you. They rotate their hosting at whatever cloud system they are on and attack you again as soon as their new IP goes live. Or if they are truly blackhat, they await a few more IPs in their botnet and then "have at it again". So: Never use blacklisting to secure your server if you have attack issues.

Next up: If you have ANY ports open, they know you're there. This means RTP, ping, "source/quench" anything. If a portscan shows your IP live, they know you exist and may eventually attack. RTP gets a few attacks, ping and source/quench not nearly as many but sometimes.

Final: If someone is attacking the host's IPs (all of them at once or rotating ...) you may need to just change to hosts as this is not a viable work environment.

But first things first: Pure whitelist your system before you make any costly changes. Have someone else run a port scan of your system and then run a port scan of an IP that has never been assigned to someone. If they can tell the difference between you and "unassigned" you still risk attack. Although ICMP (source quench) and Ping have much less likelihood of attack, if you can turn them off for Unapproved IPs, that reduces the danger to ... zero. We published Dynamic Good Guys firewall over a decade ago to resolve these attacks. But the newest ViciBox installer has a nearly-identical footprint and works as a full replacement. To date not a single DGG server has been hacked (from the outside ...) nor have we seen any of the newer built-in whitelist firewalled servers hacked.

Happy hunting.

[moving to Support board]