FreePBX on Linux Virtualization

Assuming that you have a way to deal with CALEA regulations and e911, what is the industry standard for providers who are seeking to be ITSP’s?

I have spoken with several vendors and most of them are offering a multi-tenancy platform that ultimately consists of a bunch of virtual ‘slices’ of FreePBX. I’m not sure I need their software or expertise if the industry strategy for segregating traffic and users is to create unique virtual servers for each client.

Is anyone doing this today? If so, what are you using to build out your Hypervisor? VMWare? KVM? Hyper-V? We have plenty of datacenter resources available and are capable of maintaining infrastructure, just looking for some real world experience with these segregated virtual instances.

Additional details would help including, how much cpu/ram/disk you allocate to each VM instance of freepbx, etc.

Thanks in advance -

You will need to strive to be 99.999 (five nines) uptime, Thats about being down for less than five minutes each year.

You will need inbound failover routing, BGP for IP level routing, a distributed SIP proxy, (Asterisk doesn’t cut it) for internet SIP traffic, both directions.

Must folks will do all the above in hardware. If you need the added conveniences and features of a PBX above what the proxy will handle, then for sure FreePBX/Asterisk. Even these “slices” should probably be redundant, perhaps corosync and DRDB or iSCSI, these you can do on VM’s obviously hardware supported VM’s are preferable over software, but one can get surprising performance if you scale well.

Unless you have deep pockets, “ownership” of the DID’s will be with someone else so that choice is critical . . .


Two things, Dicko is right it takes a tremendous amount of capital, planning and hard work to do what you are describing. We did it 10 years ago, started life as an ISP started converting dial up POP’s to media gateways, first offering was Sylantro using MGCP signalling. Today we are doing what you sescribe, a combination of HP BL Class blade servers and we use the Schmooze PBXextended virtual platform (a hardened version of FreePBX with a nice web portal for account management).

BGP is expensive, IPV4 addresses are scarce as hens teeth, you have to jump through major hoops for an AS number. That’s just the start. Level 3 wants a 10k a month “take or pay” commitment and $200 per rate center for their carrier SIP offering. If you don’t peer with a national then someone else is taking 1/2 your margins.

If you have the cash, the expertise (or the ability to buy the expertise) it’s a good way to earn a living, I haven’t gotten rich yet, maybe you are smarter than we are so good luck.

I used to get really aggravated and flame the crap out of undercapitalized bozo’s begging for support on the forum. Today it’s more fun to watch them crash and burn. I still hate the bruised reputation the industry takes due to the “trunk slammers”.

Good luck…

Great information Guys - thanks for the guidance.

We have a good deal of the failover hardware available today by virtue of our other hosted applications and should be able to satisfy the SLA attached to the highly available nature of the service. We have been supporting various flavors of Asterisk for approx 5 years as well as using it in-house for our current 35+ user system, so I think we can survive the operations side of the business without any issues.

Still interested in how folks are dealing with the segmentation of freepbx instances specifically though. Anyone have any experience with IP-Centrex from star-2-billing? I’ve spoken with them briefly about their ‘boxed’ solution, but it doesn’t sound like they have a great way to deal with HA/failover for the freepbx side of the equation.

Again, any references to real world solutions would be highly appreciated. Thanks in advance for the know-how.

I guess one more follow up question if it helps -

If you are slicing these instances up for segregation, what kind of resources are you allocating to them in terms of virtual processor cores/RAM/disk for say a 15-25 extension low call volume (3-5 simultaneous calls) office?

But I thought the official position of FreePBX is that it should never be connected to the internet? Has this position changed?

I will find the quote directly from the man Phillipe himself if you want.

I believe the consensus you are referring to is that it should not be DIRECTLY connected to the internet. This setup is probably a bit of a reach for you to understand if you don’t already.

Philippe and also my exact quote was to not expose the web interface. It still is great advice, there may be some holes hiding.

I still make my users log in to an SSL VPN to access the FreePBX interface on a hosted system. The newest SSL VPN actually has a java based thin client it runs a browser in. Financial institutions use this method for high security transactions, the great thing is it is transparent to the user as they still just clicked a link.

For scaling Asterisk, try

The slices are just like tee-shirts, have templates available in Small, medium and large, when the client grows out of her shirt, move her to the next size up. Many smaller deployments won’t even need Asterisk and will work just fine directly behind your proxy (voicemail, IVR’s and ring groups are generally there already).