Sales Director
For IT administrators and business owners, the first major decision after licensing is deployment. The platform's flexibility is one of its greatest strengths, but it also presents a complex choice: where should your PBX live? Do you keep it on-premise, or do you move it to the cloud? If you choose the cloud, do you use 3CX's own hosted solution or self-host on a provider like AWS, Azure, or DigitalOcean? As discussed in The Ultimate 3CX Guide for Business: Setup, Pricing, Features, and Best Practices, this deployment decision has significant long-term implications for cost, control, and maintenance.
This article provides a detailed cost-benefit analysis for the technical decision-maker. We will break down the hosting requirements, compare the leading cloud providers, analyse the 3CX-hosted option, and discuss the critical networking considerations you'll face. This guide aims to equip you with the data needed to make the right choice for your business's budget, technical resources, and strategic goals.
Before you can compare costs, you must understand your resource needs. 3CX is a lightweight and efficient application, but its resource requirements scale directly with user count and, more importantly, simultaneous usage. The "user count" is a good baseline, but always factor in call centre activity (queues, recording) which demands more CPU and disk I/O.
3CX officially recommends deploying on a Debian 10 OS for maximum performance and compatibility. While Windows is supported, it typically requires double the RAM and CPU for the same user load, making it a less-efficient choice for cloud hosting.
Here is a typical baseline for 3CX resource requirements when using the preferred Debian 10 OS:
| User Count (Extensions) | Simultaneous Calls (Approx.) | vCPUs | RAM (GB) | SSD Disk (GB) | Typical Cloud Instance |
|---|---|---|---|---|---|
| 1-25 Users | 4-8 SC | 1 | 1 GB | 30 GB | DigitalOcean Basic Droplet, AWS Lightsail ($6) |
| 26-50 Users | 10-16 SC | 2 | 2 GB | 40 GB | DigitalOcean Basic Droplet, AWS Lightsail ($12) |
| 51-100 Users | 24-32 SC | 2-4 | 4 GB | 50 GB | Vultr High Frequency, AWS EC2 (t3.medium) |
| 101-250 Users | 48-64 SC | 4 | 8 GB | 80 GB | AWS EC2 (t3.large), Azure B4ms |
| 251-500+ Users | 96-128+ SC | 8 | 16 GB | 100+ GB | AWS EC2 (c5.2xlarge), DigitalOcean CPU-Optimised |
Do not use standard HDDs. You must use SSDs for optimal performance. The disk space is primarily for the OS, 3CX application, and call recordings. If you plan to record all calls, your disk space requirements will increase significantly.
For most of the day, the PBX will be idle. The CPU needs to handle bursts of activity (call setup, transcoding, web client logins). CPU-Optimised or "Burstable" instances (like AWS T-series) are often a good fit.
This is the single biggest resource driver. If you enable "record all calls," your CPU will work harder for transcoding, and your disk I/O and storage needs will multiply. For high-recording environments (100+ users), you may need to offload recordings to a separate storage bucket (like S3).
The easiest way to deploy 3CX on a self-hosted cloud provider is by using the 3CX PBX Express tool. This is a wizard-based "bring your own account" deployment tool that automatically provisions a new instance, installs Debian 10, installs 3CX, and runs the initial setup.
However, for full control, many IT administrators prefer a manual setup. Let's use AWS Lightsail (using the London region) as a common, cost-effective example for an SMB.
Log in to your AWS Lightsail console.
Click "Create instance."
Select the "Europe (London)" region (to be geographically close to your users).
Select "Linux/Unix" as the platform and "OS Only."
Choose "Debian 10" as the blueprint.
Select your instance plan based on the requirement table above (e.g., the $12/month plan for 2GB RAM, 2 vCPU).
Give your instance a unique name (e.g., 3CX-PBX-Server).
This is critical. By default, your instance has a dynamic IP.
Go to the "Networking" tab for your new instance.
Click "Create static IP" and attach it to your 3CX-PBX-Server instance. This static IP is what you will use for your DNS FQDN.
This is the most important step. In the "Networking" tab, you must open the 3CX ports.
Do not open all ports to the world. Create specific rules:
SSH into your new instance using the IP and the downloaded key.
Follow the official 3CX manual installation guide for Debian 10. This typically involves running apt update, apt install wget, and then using wget to download the 3CX repository and apt to install the 3cx-common package.
The installation will prompt you to run the 3CXConfig tool, a text-based wizard that will ask for your licence key, FQDN, and admin credentials.
Before you run the installer, you must have a Fully Qualified Domain Name (FQDN) (e.g., pbx.yourcompany.co.uk).
Go to your DNS provider (e.g., Route 53, Cloudflare, Namecheap).
Create an "A" record pointing your FQDN to the Static IP you created in Step 2.
This FQDN is what all your phones, apps, and browsers will use to find the PBX.
Crucial UK Budgeting Note (AWS/DigitalOcean): While major providers like AWS and DigitalOcean have UK-based data centres (e.g., London), they typically bill in US Dollars ($). This means the monthly cost for your UK business will fluctuate with the GBP/USD exchange rate. You must also account for VAT, which will be added to your bill. When comparing costs, a UK-based hosting provider that bills in Pounds (£) may offer a more predictable monthly expense.
3CX offers its own "Hosted by 3CX" solution, which adds another layer to your decision matrix.
This is a simple, "hands-off" offering where 3CX provisions and manages the cloud instance for you.
Pros:
Cons:
This is the model described in the AWS Lightsail guide above. You own and manage the cloud VM.
Pros:
Cons:
Once your PBX is in the cloud, you have to connect your endpoints (desk phones, softphones) to it. This is where most IT administrators run into trouble.
Your office desk phone is behind its own firewall/router (NAT). Your 3CX server is behind its own cloud firewall. They need a way to talk to each other reliably. You have two options: STUN or SBC.
What it is: A method where the desk phone queries an external STUN server to discover its own public IP address and port. It then sends this information to the 3CX server in its SIP registration packet.
How it's used: This is the default "remote provisioning" method for 3CX when you don't use an SBC. You configure the phone in the 3CX console as a "Remote STUN" phone.
Pros: "Free" (no extra hardware/VM). Simple for a single remote phone (e.g., a home office).
Cons (Major): Unreliable: STUN does not work well (or at all) with certain types of firewalls (Symmetric NAT). One-Way Audio: The #1 cause of one-way audio with remote phones. No Security: The SIP/RTP traffic is unencrypted (unless you force TLS/SRTP, which has its own issues). Scalability: Does not work for an office with more than one phone. If two phones behind the same NAT try to register with STUN, the router will get confused, and only one will work.
What it is: A lightweight piece of software (provided by 3CX) that you install on a device at the remote office location. This can be a Raspberry Pi, a small Windows/Debian VM, or even a regular PC.
How it works:
Pros: Extremely Reliable: Solves all NAT traversal problems. It just works. Secure: All traffic is encrypted inside the 3CX Tunnel. Plug and Play: Phones at the remote site will show up in the 3CX console for PnP provisioning, just as if they were on the local LAN. Resilient: The SBC can even proxy media, helping maintain call quality over poor connections.
Cons: Requires Hardware: You need a dedicated, always-on device at the remote site (though a £50-£70 Raspberry Pi is a cheap and popular solution).
Conclusion: SBC is the Professional Choice. If you are connecting a single home user's softphone or mobile app, the 3CX app's built-in tunnel works perfectly. If you are connecting a single desk phone, STUN might work. But if you are connecting a remote office with 2 or more desk phones, an SBC is not optional. It is the required, professional, and only stable solution.
So, which hosting model is right for you?
| Hosting Model | Initial Cost | Monthly Cost | Control | Maintenance |
|---|---|---|---|---|
| On-Premise | High (Server Hardware) | Low (Power, cooling) | Absolute | High (All) |
| 3CX-Hosted | None | Low (Free 1st yr, then per-licence) | Low (Console only) | None (Managed) |
| Self-Hosted Cloud (Small) | None | Very Low (c. $6-$12/mo) | Absolute | Medium (OS, FW) |
| Self-Hosted Cloud (Large) | None | Medium-High ($40-$160+/mo) | Absolute | Medium (OS, FW) |
For the SMB with no IT staff (or a non-technical owner):
Winner: 3CX-Hosted. The simplicity and lack of maintenance are worth the (eventual) cost and loss of control.
For the technical IT Admin managing one or more sites (under 100 users):
Winner: Self-Hosted Cloud (e.g., Lightsail/DigitalOcean). The combination of extremely low cost (even with VAT) and total control is unbeatable. The responsibility for OS updates and firewall management is well within the skillset of a typical IT admin. Use SBCs for all remote sites.
For the large enterprise (250+ users) or Call Centre:
Winner: Self-Hosted Cloud (e.g., AWS EC2/Azure). You need the granular control and high-performance, dedicated resources (like CPU-Optimised instances) that the "budget" providers don't offer. You also have the internal IT resources to manage the platform 24/7.
For the organisation with strict data compliance (e.g., Legal, Health):
Winner: On-Premise or Self-Hosted (in a UK data centre). You must have full control over the hardware and data location. An on-premise server (or a VM on your existing VMWare/Hyper-V cluster) gives you a 100% "air-gapped" solution if needed, or you can host in a specific "Europe (London)" region to comply with UK GDPR and Data Protection Act 2018 requirements.
Ultimately, the right choice balances your budget, your team's technical expertise, and your need for control.
Our certified 3CX engineers can guide you through hosting selection, installation, and configuration—ensuring optimal performance for your UK business.
Get Your Free ConsultationA comprehensive overview of 3CX features, licensing tiers, and implementation strategies.
Explore our managed 3CX solutions and professional installation services.
A broader comparison of deployment models beyond just 3CX.
With over 25 years’ experience at T2k, Lee began his career as a telecoms engineer before progressing to Sales Director. He leverages his foundational technical knowledge to provide businesses with impartial, expert advice on modern communications, specialising in VoIP and cloud telephony. As a primary author for T2k, Lee is dedicated to demystifying complex technology for businesses of all sizes.
Your trusted technology partner.
