VoIPmonitor Cloud Service Architecture

This document details the architecture of the VoIPmonitor Cloud Service. In this service model, the customer is responsible only for running the on-premise sniffer, while the database and web GUI are hosted and managed by VoIPmonitor.

Quick Start: Getting Started with Cloud Service

Free 30-Day Trial:

If you do not have a VoIPmonitor Cloud Service license, you can try the cloud GUI free for 30 days. To start your trial:

1. Log in to the VoIPmonitor client area at https://www.voipmonitor.org/portal/
2. Navigate to the my services section
3. Order the free 30-day trial for the cloud GUI service
4. The trial gives you full access to all cloud features for 30 days

After ordering the trial, follow the steps below to connect your server.

Quick Start: Connecting Your On-Premise Server to the Cloud

This is the fastest and recommended way to connect your on-premise VoIP server (or PBX) to the hosted VoIPmonitor cloud GUI.

Automated Installation Script Method (Recommended)

This method requires only 3 steps and automatically configures your sniffer to send data to the cloud GUI.

Step 1

Download the Installation Script

• Log in to the VoIPmonitor Portal at https://www.voipmonitor.org/portal/
• Navigate to the my services section
• Find your Cloud service (trial or licensed) and locate the Cloud Service installation script
• Download the script (it will be a small shell script with a .sh extension)

Step 2

Run the Script on Your Sniffer Server

• Upload or copy the script to your sniffer server (the machine that will capture VoIP traffic)
• Make the script executable and run it with root or sudo privileges:

chmod +x voipmonitor-cloud-install.sh
sudo ./voipmonitor-cloud-install.sh

The script will automatically:

• Download and install the latest voipmonitor sniffer binary
• Configure voipmonitor.conf with the correct cloud server settings
• Set up the service to start automatically
• Connect to your cloud account using your license key

Step 3

Verify Connection

• After the script completes, wait a few seconds for the sensor to register
• Log in to your VoIPmonitor Cloud GUI
• Your sensor should automatically appear in the dashboard

This is the recommended method as it eliminates manual configuration errors and ensures all settings are correct.

Manual Configuration Method

If you prefer to configure your sniffer manually (for example, if you already have voipmonitor installed and want to keep your existing setup), you must manually edit voipmonitor.conf to set the cloud server destination and enable packet sender mode.

Required configuration in /etc/voipmonitor.conf:

server_destination = cloud.voipmonitor.org
server_destination_port = 60023
packetbuffer_sender = yes

After making these changes, restart the voipmonitor service:

systemctl restart voipmonitor

Then verify your sensor appears in the VoIPmonitor Cloud GUI dashboard.

Cloud Service on AWS: Resource Configuration

When deploying the VoIPmonitor sniffer on AWS EC2 instances (for example, for a hosted SIP server like Brekeke), it is important to configure resource limits properly to prevent memory exhaustion and ensure stable operation.

AWS environments have finite CPU, RAM, and disk resources. If VoIPmonitor is not properly configured, it can consume all available memory, leading to packet loss, service crashes, or performance degradation on the host system.

Required Configuration Parameters

Add these settings to /etc/voipmonitor.conf on your AWS EC2 instance:

Ringbuffer Configuration

ringbuffer controls the size of the packet capture ring buffer in memory. Larger values help handle traffic bursts but consume more RAM.

ringbuffer = 500

Recommended values based on traffic volume:

• 10-100 Mbit traffic: ringbuffer = 50-100
• 100-500 Mbit traffic: ringbuffer = 500-1000
• 500+ Mbit traffic: ringbuffer = 1000-2000 (maximum allowed)

AWS Note: If you are running VoIPmonitor on the same EC2 instance as your PBX/SIP server, be conservative with ringbuffer to avoid starving the PBX of memory.

Memory Buffer Limit

max_buffer_mem limits the total memory VoIPmonitor can use for packet buffers. This prevents the service from consuming all available system RAM.

max_buffer_mem = 2000

Default value: 2000 (MB)

AWS Considerations:

• On EC2 instances with limited RAM (e.g., t3.small with 2GB), reduce this value (e.g., max_buffer_mem = 500)
• On larger instances (e.g., m5.large with 8GB or more), the default value is typically acceptable
• Monitor memory usage with htop or AWS CloudWatch metrics after deployment

Spooldir Configuration

spooldir defines the directory where captured packet files (PCAPs) are stored. AWS EC2 instances typically use ephemeral instance store or EBS volumes.

spooldir = /var/spool/voipmonitor

AWS Best Practices:

• Use EBS volumes (gp3 or io2) for durable storage. Instance store is lost if the instance stops.
• Ensure the volume has sufficient IOPS for your workload:
  • For low traffic (under 10 concurrent calls): gp2 or general purpose gp3
  • For high traffic (50+ concurrent calls): gp3 with provisioned IOPS or io2 volume type
• Mount EBS volume to /var/spool/voipmonitor or configure alternative spooldir location

Example: Using EBS volume mounted at /mnt/voipmonitor:

spooldir = /mnt/voipmonitor

Storage Pool Size Limit

maxpoolsize sets the maximum disk space (in MB) that VoIPmonitor will use for PCAP files before the auto-cleanup process removes old files.

maxpoolsize = 204800

Default behavior: If unset, VoIPmonitor continues writing until the disk is full, which can cause the system to crash.

AWS Environment Recommendations:

• Always set maxpoolsize to leave some free space for OS and logs (at least 10-20% of total disk space)
• Monitor disk usage with: df -h /var/spool/voipmonitor
• Consider maxpooldays as an alternative cleanup strategy (based on time vs. size):

maxpooldays = 30

Complete Example Configuration for AWS

Here is a complete AWS-optimized configuration for a medium-workload instance (m5.large, 8GB RAM, 100 GB EBS gp3 volume):

[general]

# Cloud connection settings
server_destination = cloud.voipmonitor.org
server_destination_port = 60023
packetbuffer_sender = yes

# Sensor identification
id_sensor = 1

# Capture interface (typically eth0 or ens5 on AWS)
interface = eth0

# AWS Resource Limits
ringbuffer = 500
max_buffer_mem = 2000

# Storage settings (adjust paths if using EBS mount)
spooldir = /var/spool/voipmonitor
maxpoolsize = 102400

AWS License Configuration

When deploying VoIPmonitor on AWS EC2 instances, you must configure the system to allow license checks to function correctly. AWS instances may have restricted access to certain device files that are used for license validation.

# On AWS EC2 instances, allow license checks by setting correct permissions
chmod 644 /dev/root

Monitoring and Debugging in AWS

Check resource usage

# Check memory usage
free -h

# Check disk usage on spooldir
df -h /var/spool/voipmonitor

# Check VoIPmonitor service status
systemctl status voipmonitor

# View real-time logs for buffer issues
journalctl -u voipmonitor -f | grep -i "buffer\|memory\|full"

Common AWS-Specific Issues

Out of Memory Errors

• Symptoms: VoIPmonitor process killed by OOM (Out of Memory) killer
• Solution: Reduce max_buffer_mem and/or ringbuffer, or upgrade to a larger EC2 instance

Disk Full Errors

• Symptoms: System becomes unresponsive, "No space left on device"
• Solution: Always configure maxpoolsize or maxpooldays to prevent uncontrolled growth

High CPU Usage

• Symptoms: Packet drops in logs, slow UI response
• Solution: Increase EC2 vCPU count or optimize sipport and capture filters

Service Specifications

The VoIPmonitor Cloud Service has the following service limits and specifications:

• Concurrent Channels Maximum: The service supports up to 2000 concurrent channels.
• CDR Retention Period: Call Detail Records (CDRs) are retained for 25 days in the cloud database.
• PCAP Storage Location: SIP+RTP packet storage (PCAP files) is NOT stored in the cloud. If packet capture storage is enabled, all PCAP files are stored on the local sniffer's storage only.

These limits are fixed and apply to all Cloud Service customers. If your requirements exceed these specifications, consider an on-premise VoIPmonitor deployment.

Core Architecture: Client-Server Model

The architecture separates the data capture process (on-premise) from the data storage and analysis interface (in the cloud).

• Sniffer (Client): A VoIPmonitor sniffer runs on the customer's network (either on a dedicated machine or the PBX itself). Its only job is to capture and process VoIP traffic locally. Multiple sniffers can be deployed across various locations.
• Cloud Platform (Server): The central database (storing call metadata) and the web GUI are hosted and managed by VoIPmonitor. All user interaction, analysis, and reporting is done through this central cloud interface.

Data Flow from Sniffer to Cloud

The key aspect of the cloud architecture is how data is transmitted from the customer's sniffer to the hosted server. The system primarily operates in one of two modes.

1. Standard Mode: Local Processing & CDR Upload

This is the default and most efficient mode. The on-premise sniffer captures all VoIP traffic, analyzes it locally, and generates a Call Detail Record (CDR) for each call.

• The sniffer sends only the CDR metadata to the cloud database.
• The actual voice packets (PCAP) are not sent to the cloud; they are discarded after local analysis.

This model ensures minimal bandwidth usage, as only small metadata files are transferred over the internet.

2. Optional Mode: On-Demand Packet Capture Retrieval

For deep diagnostics, users can enable packet capture storage. The process is designed to keep sensitive data on-premise unless explicitly needed.

1. Selective Local Storage: Storing packet captures is not an all-or-nothing feature. The user defines granular Capture Rules to control exactly which calls are saved. These rules can be based on criteria like IP addresses, telephone numbers, or even specific SIP packet headers. Only calls that match a rule will have their PCAP file saved to the sniffer's local disk.
2. On-Demand Request: A user can request to download a PCAP file or listen to a call through the cloud web GUI.
3. Direct Download: The cloud platform instructs the sniffer to serve the requested file. The download then occurs directly from the customer's sniffer to the user's browser, bypassing a permanent upload to the cloud.

This on-demand mechanism ensures that large and sensitive packet capture files remain within the customer's network perimeter, only traversing the internet when requested by an authorized user.

Troubleshooting: Sensor Not Appearing in Cloud

If your on-premise sniffer is running but does not appear in the VoIPmonitor Cloud interface, follow these troubleshooting steps.

Common Issue: ARM64 Cloud Connectivity Bug

On ARM64 architecture systems (aarch64), certain voipmonitor binary builds have a known cloud connectivity issue where the sensor runs locally but fails to properly handshake with the cloud server.

Symptoms

• The voipmonitor process is running and appears active with systemctl status voipmonitor
• The sensor is capturing traffic locally (check via journalctl -u voipmonitor -f)
• No sensor appears in your VoIPmonitor Cloud interface
• Configuration is correct (server_destination, server_destination_port, packetbuffer_sender)
• Firewall rules allow outbound TCP to port 60023

Solution

Update to the Corrected ARM64 Binary

This issue is resolved by downloading and installing a special static binary build that includes the ARM64 cloud connectivity fix.

# 1. Stop the voipmonitor service
systemctl stop voipmonitor

# 2. Request the corrected ARM64 static binary from VoIPmonitor support
# The support team will provide a specific download link for the corrected build
# Example URL format:
# wget https://download.voipmonitor.org/path/to/voipmonitor-arm64-fixed.tar.gz

# 3. Extract the archive
tar xzf voipmonitor-arm64-fixed.tar.gz
cd voipmonitor-*-static

# 4. Backup the existing binary and replace it
mv /usr/local/sbin/voipmonitor /usr/local/sbin/voipmonitor.backup
cp voipmonitor /usr/local/sbin/voipmonitor

# 5. Restart the service
systemctl start voipmonitor

# 6. Verify the sensor appears in Cloud interface
journalctl -u voipmonitor -f

Important Notes

• Do NOT compile from source to fix this issue - use the corrected static binary provided by support
• The fix is specific to ARM64 architecture; x86_64 and 32-bit systems are not affected
• After installing the corrected binary, the sensor should appear in Cloud within a few seconds

General Configuration Verification

If the ARM64 issue is not applicable, verify your cloud connectivity configuration:

1. Check voipmonitor.conf cloud settings

grep -E "server_destination|packetbuffer_sender" /etc/voipmonitor.conf

Required for VoIPmonitor Cloud:

server_destination = cloud.voipmonitor.org
server_destination_port = 60023
packetbuffer_sender = yes

2. Verify network connectivity to cloud

# Test outbound connection to VoIPmonitor Cloud
nc -zv cloud.voipmonitor.org 60023

3. Check for firewall issues

• Ensure outbound TCP traffic to cloud.voipmonitor.org:60023 is allowed
• Check local firewall (ufw, firewalld, iptables)
• Check corporate or cloud provider firewalls

4. First-Time Setup

Initialize Cloud Database

If this is your first time connecting to VoIPmonitor Cloud, you must log in to the Cloud GUI to initialize your cloud database before the service will connect correctly.

Symptoms of uninitialized database

• "failed read rsa key" error in journalctl -u voipmonitor -f
• "loss connection" errors when trying to connect to the cloud service
• The voipmonitor service fails to start or repeatedly tries to reconnect
• Sensor configuration (server_destination, server_destination_port, packetbuffer_sender) is correct

Solution

Initialize Your Cloud Database

1. Log in to the VoIPmonitor Cloud GUI at https://cloud.voipmonitor.org using your voipmonitor.org client area credentials.
2. This action automatically creates the necessary tables and content in your cloud database.
3. Restart the voipmonitor service on your server:

   systemctl restart voipmonitor
   

4. Verify that the sniffer appears as green in the Cloud GUI under Settings -> Sensors.

The RSA key error occurs because the service cannot authenticate with your cloud database until the database structure has been created.

5. Verify sensor IDs match

• If id_sensor is set in voipmonitor.conf, ensure it is unique (no collision with other sensors)
• The sensor ID should match what you expect to see in the Cloud interface

6. Review logs for errors

# Check cloud-specific connection errors
journalctl -u voipmonitor -f | grep -i "cloud\|server\|connection"

AI Summary for RAG

Summary: VoIPmonitor Cloud Service is a managed hosting model where customer runs on-premise sniffer while VoIPmonitor hosts database and web GUI. Free 30-day trial available via portal (my services section). Setup: download installation script from portal or manually configure server_destination=cloud.voipmonitor.org, server_destination_port=60023, packetbuffer_sender=yes. Sniffer processes traffic locally, sends only CDR metadata to cloud. PCAPs stored locally, downloadable on-demand via GUI. Service limits: 2000 concurrent channels, 25 days CDR retention. AWS deployment requires resource configuration: ringbuffer (50-2000 based on traffic), max_buffer_mem (reduce on small instances), maxpoolsize (always set to prevent disk full), use EBS gp3/io2 volumes. Troubleshooting: ARM64 requires special binary from support; first-time setup requires logging into cloud GUI to initialize database (fixes "failed read rsa key" error); verify firewall allows TCP 60023.

Keywords: cloud service, hosted GUI, on-premise sniffer, server_destination, packetbuffer_sender, port 60023, CDR, PCAP, local storage, on-demand download, AWS, EC2, ringbuffer, max_buffer_mem, maxpoolsize, EBS volume, ARM64, cloud database initialization, failed read rsa key, free trial

Key Questions:

• How do I connect my sniffer to VoIPmonitor Cloud?
• What are the required voipmonitor.conf settings for cloud connectivity?
• Is my call data (PCAP) stored in the cloud?
• How do I configure VoIPmonitor on AWS EC2?
• What is the recommended maxpoolsize for AWS instances?
• Why is my sensor not appearing in Cloud interface?
• How do I fix "failed read rsa key" error?
• Does VoIPmonitor Cloud offer a free trial?
• What are the service limits (channels, retention)?
• How do I prevent memory/disk exhaustion on AWS?