Author Archives: Joel Maloff

About Joel Maloff

Joel Maloff leads all channel and business development work at In addition, he serves in a technical advisory capacity regarding vendor relationships and other areas as needed. Joel has previously served as Senior Vice President of Sales and Marketing at BandTel, Senior Vice President of Corporate Strategies at GlobalTouch Telecom, and CTO at Fusion Telecom. He was also Principal Consultant for Maloff Group International and consulted for corporations and governments in North America, South America, Asia, Europe, and Australia. He has written several books and contributed many articles to various industry publications.

How Much Bandwidth Do I Need for VOIP?

by Joel Maloff

iStock_000005944404SmallAs businesses and home users set aside traditional analog phone services, replacing them with Voice over Internet Protocol (VOIP), one of the challenges becomes allocating the right amount of bandwidth to your Internet phone service.

How much of your current bandwidth is needed for high-quality voice calls? This is a question we are asked every day by our customers.

Start by asking yourself a few questions:

  • What is the actual data upload and download speed that your Internet Service Provider (ISP) delivers?
  • What other services and applications on your network consume a portion of that available bandwidth?
  • Are there Quality of Service (QoS) settings that you can tweak to optimize your network for VoIP?

Minimum and Recommended Bandwidth for VOIP Service

The bandwidth that our VOIP phone service requires depends on the number of concurrent calls you want to make. The table below shows the minimum bandwidth required to make calls from a account, as well as recommended speeds for optimal performance.

Number of Concurrent Calls Minimum Required Bandwidth Recommended speed
1 100 Kbps Up and Down 3 MBps Up and Down
3 300 Kbps Up and Down 3 MBps Up and Down
5 500 Kbps Up and Down 5 MBps Up and Down
10 1 MBps Up and Down 5-10 MBps Up and Down

How Does VOIP Use My Bandwidth?

The answer is simple and complex. VoIP services use a variety of codecs to compress and decompress voice data, allowing it to travel over the Internet efficiently. uses codecs that require approximately 100 kilobits per second (kbps) traveling up from your phone line and down to your phone line per second for each call. So if you have three people, all on calls at the same time, the minimum requirement is 300 kbps up and 300 kbps down.

In addition, since the Internet “pipe” into your home or business is being used for other functions too—web browsing, sending and receiving email, file transfers, web-based office services, point-of-sale systems, and so on—there are numerous candidates contending for bandwidth.

How to Determine Your Functional Bandwidth

It helps to know how much bandwidth you really have. However, your Internet Service Provider (ISP) will probably only confirm what you signed up for, also known as the advertised “up to” value, as in “up to 50 Mbps” or “up to 150 Mbps.”

The best way to determine your bandwidth, is to run a throughput test using a site like This will give you a snapshot of your current functional bandwidth, but it is important to note that this metric can vary depending on how much bandwidth all of the different applications you are using require at any given point in time. This test also provides variable results depending on the location used for testing.

Keep in mind that your upload speed is usually slower than your download speed, so you need to make sure that the lower number of the upload speed matches what you need. Since most service providers do not guarantee sustained bandwidth besides the up-to value, we recommend adding a 5x to 10x safety margin when estimating bandwidth.

Calculating the Bandwidth You Need

If you know that your ISP can sustain a certain speed, simply multiply the number of expected concurrent calls by 100 kbps. If you deal with an “up to” ISP, a good solution would be to add the safety margin mentioned above so that you can sustain the required bandwidth, even when your Internet service falters.

For example, 10 concurrent users would require 1 Mbps (10 X 100 kbps x safety margin), which means you would be smart to allow for 5 to 10 Mbps both up and down. Depending on the other services and applications using your Internet connection and on the capabilities of your router, 3 to 5 Mbps may be sufficient, or you may need to increase your bandwidth. This must be evaluated on a case-by-case basis, as each organization is different.

Optimizing Your Quality of Service

High-quality voice calls are the norm today but consistent quality does require some effort. One way to evaluate your VoIP capacity is using the VOIP test (works best on Safari and Firefox). This tool lets you evaluate your network performance by simulating one, three, five or ten concurrent calls from your office to the system.

Also, some but not all routers have the ability to prioritize voice services so that the impact of other applications doesn’t degrade voice quality. To prevent audio issues caused by voice and data competing for the same bandwidth, make sure your network router’s Quality of Service (QoS) settings are set as follows, so that they prioritize the transmission of voice packets to your WAN connection (ISP).

  • UDP/5060 – Priority: High
  • UDP/6060 – Priority: High
  • UDP/16384 to 32768 – Priority: High

Finally, if your router has an Application Layer Gateway (ALG) function, that should be disabled. We also recommend disabling the Stateful Packet Inspection (SPI) function—in some cases, the router cannot handle the high rate of inbound voice packets when the SPI feature is enabled. In all cases, though, check with your security expert before changing configuration settings.

We hope these guidelines help you determine how much bandwidth you need to support high-quality VOIP phone service. If you have specific questions, please leave them in the comments below or contact us directly!

Cloud-based Unified Phone Systems On the Rise

by Joel Maloff

going_uprecent report from Infonetics Research shows that sales of unified communications, including cloud-based phone services like those offered by, jumped 27 percent from the first quarter of 2013 to that of 2014. At the same time, worldwide sales of PBX systems and components fell by eight percent!

The message is very clear—hardware, premises-based systems are on the decline and cloud-based systems are on the rise.

Even though companies like have been touting the benefits of cloud-based solutions for many years, what seems to be happening is that the unified communications industry has passed the point of critical mass, and is no longer being questioned on its applicability or viability for companies of all sizes. Cloud solutions simply make too much sense when it comes to capital outlay, flexibility to add and delete accounts, diminished management requirements, and the inevitable obsolescence of hardware systems.

Companies like Microsoft, Avaya, Cisco, NEC and Mitel will continue to offer physical phone systems, but their hardware is no longer on a growth path. They have now been overtaken by cloud-based communications. Larger organizations may retain premises-based systems for some time to come, but even these companies will add hosted solutions as a more economical alternative for smaller facilities.

Finally, I believe that as cloud communications become mainstream, we will see an escalation in the erosion of the communications systems of the past, and even greater growth rates for services like those offered by

The Voice Telephony Migration – From Copper To The Cloud

by Joel Maloff

Migrate to cloud button on keyboardIn a recent Washington Post article, the author discussed plans from AT&T for their transition from a traditional Time Division Multiplexing (TDM) physical facilities-based telephony environment to one that is entirely based on using the Internet, as has been doing for nearly six years now! The article is a bit misleading, as it implies that these are bold and innovative steps on the part of AT&T. There is much more to the story, and this industry-wide transition is going to be very exciting for all of us!

To put this into perspective, The US Government’s Federal Communication Commission (FCC) created a Technical Advisory Council (TAC) to assist the Commission in understanding how technology could and/or should be evolving. In June 2011, The TAC issued a report calling for the “sunset” (end of life) of the Public Switched Telephone Network (PSTN) as we know it by 2018! That is four years from today! The rationale was very clear. For example, by this year – 2014 – the number of traditional telephone access lines was expected to have dropped to 42 million in the US, declining by an average of 8%-10% each year. It was projected that, by 2014, there would be 32 million VoIP access lines accounting for nearly 45% of all access lines (Source). The PSTN is withering away and AT&T knows it. Will a complete and total transition happen by 2018? Probably not, but much work is underway from many different parts of our industry to help move this along.

In May 2013, the FCC issued a call for comments and trials regarding various elements of the transition to an all-IP network environment (Source). The Commission indicated their views as to why this transition must go forward. “… (A)s we move from TDM to all-IP networks, providers are migrating to voice over Internet Protocol (VoIP) interconnection. VoIP interconnection should be more efficient and has the potential to unleash new, innovative services and features.” Also, “as we transition away from TDM, the nation’s emergency calling (911) system must also migrate to Next Generation 9-1-1 (NG911). Although there is broad consensus regarding the benefits and potential of NG911, when these new capabilities will be introduced is less certain.” The ability to replace wired with wireless information transport will also be considered, especially for rural or high-density areas. Lastly, consideration is being given to telephone numbers and related database issues. “The technology transition offers an opportunity to take a fresh look at the assignment of numbers and the features, capabilities, and security of numbering-related databases.” For example, there have been industry proposals for a unified, IP-accessible database that provides secure access to number-related information. A technology trial could test new technical proposals for assigning telephone numbers individually instead of in blocks of 1,000. We may then be able to determine what protocols and procedures are most effective to assign and port numbers in an all-IP environment. This would improve services for customers of companies such as!

As you can clearly see, the article regarding AT&T’s planning for the migration fails to mention the fact that the entire telecommunications world is undergoing change. We at believe that this is for the better, and are delighted to be playing an active and continuing role in making these dreams reality!

Cryptolocker Revisited

by Joel Maloff

customer_extortionAs an update to my October 29 comments on the Cryptolocker hold-your-files-for-ransom malware, you may have a hard time believing this next phase in the evolution of extortion: They now have a customer service and support site for those that wanted to pay the ransom but had technical issues, and couldn’t figure out how to do it!

The Cryptolocker Decryption Service—I did not make this up! It is not April Fools’s Day yet!—permits victims to view their “order status” (the ransom payment) and complete the transaction. If someone makes the payment, but the decryption code fails, they can get quality customer service from these thieves.

Also, in the past, if a user failed to pay up within 72 hours, the key was destroyed resulting in their files being lost forever. Our good-hearted criminals realized, however, that they were leaving money on the table, so will now allow latecomers to buy a key. In this case, the fee jumps from $300 to $4,000!

It also turns out that victims wishing to pay the ransom, who had already removed the malware, would need to reinstall the malware for the decryption key to work. The customer service site can provide a key that works without the annoyance of having to re-infect and then disinfect your machine again.

Customer service is incredibly important to us here at, and I must admit that the ingenuity combined with the complete absence of ethics demonstrated by those at Cryptolocker has astounded me—and it takes a lot for that to happen!

CyberHostage – The New Realities

by Joel Maloff

Remember the old Westerns where the bad guys targeted the stagecoach to rob? Remember the famous apocryphal answer to the question of why a bank robber robbed banks? Of course, the answer was “because that’s where they keep the money.” Today, there is a new breed of thieves that know that very well. What is the most important electronic asset that you have today? It is not your computer – if damaged, they can be replaced. It is not software that can be corrupted. That can also be replaced. In fact, it is your data – the documents, pictures, presentations, and videos that you have created and that are irreplaceable.

Imagine seeing this flash up on your screen:

warningThese hoodlums have not displayed silly messages or destroyed your hard drive. Rather, they have encrypted all of your personal files and are now demanding that you pay a ransom within a designated period of time for them to provide you with the key to decrypt the files. Fail to pay the ransom and the key self-destructs leaving the files unusable.

So far, reports of people paying the ransom have indicated that the bandits are at least honoring that obligation for now, but after all, they are thieves and trust seems to be questionable.

Your first reaction may be “OK. I back up my files regularly to an external hard drive, so I am good.” Not so fast. If the hard drive was attached to your computer when the attack occurred, it too could be infected. Removing the virus is easy. Unfortunately, the files remain encrypted and without paying the ransom, are likely lost forever.

There are a variety of ways that you can protect yourself before you are attacked by Cryptolocker or other malware or ransomware programs.

  • Regularly backup your important files. If you can, store your back-ups offline where they cannot be affected in the event of an attack on your active files. Your backups are useless if they are scrambled by CryptoLocker along with the primary copies of the files. If you use an external hard drive, unplug it from your computer while you are actively using your machine so it cannot be affected by “drive-by malware.” Reconnect it when you are finished to enable regularly scheduled back-up sessions.
  • Keep your anti-virus software up to date and run a malware detection tool (like on a regular basis. Malware can be harming your computer without you knowing it. Catching and eliminating it early makes good sense!
  • Keep your operating system and software up to date with patches. This reduces the potential for malware to enter unnoticed through security holes. CryptoLocker authors do not use extravagant intrusion techniques because other malware already opened the door.

As with all security, the best way to protect yourself is before you have been attacked. Cryptolocker is likely only the first of the Twenty-First Century version of an old-fashioned hold-up. It cannot infect your computer unless you open the executable file. Be cautious about what you open. Create walls between your active computer files and those that you have backed up. Having your most important documents in another room will not save them if the building burns down. Keep them somewhere else – like in the cloud! Being held a CyberHostage is not fun. Knowing this threat is out there is the first step to not becoming a victim!