About global settings

Global settings are system-wide configuration options that affect the entire Pexip Infinity platform. Some of the settings may be overridden at the location, Conferencing Node or VMR level — this is indicated in the table below where applicable.

To configure the global settings, go to Platform > Global settings. The settings are grouped into the following categories:

You should wait at least 90 seconds for any changes in configuration to be synchronized to all Conferencing Nodes; this may take longer in large deployments. You can go to Status > Conferencing Nodes to check when configuration was last updated.

Setting Description More information
Service configuration
Guests-only timeout

The length of time (in seconds) for which a conference will continue with only Guest participants, after all Host participants have left.

Default: 60 seconds

Using PINs to differentiate between Hosts and Guests
Last participant backstop timeout

The length of time (in seconds) for which a conference will continue with only one participant remaining. The type of participant (Host, Guest, automatically dialed, streaming etc) is irrelevant.

The time can be configured to values between 60 seconds and 86400 (1 day), or to 0 (never eject).

Default: 0 (never eject)

Automatically ending a conference
PIN entry timeout

The length of time (in seconds) for which a participant is allowed to remain at the PIN entry screen before being disconnected.

Default: 120 seconds

Limiting the time a participant can spend at the PIN entry screen
Waiting for Host timeout

The length of time (in seconds) for which a Guest participant can remain at the waiting screen if a Host does not join, before being disconnected.

Default: 900 seconds

Limiting how long Guests can wait for a Host
Default theme The theme to use for services that have no specific theme selected. Customizing conference images and voice prompts using themes
Maximum inbound call bandwidth (kbps) Limits the bandwidth of media being received by Pexip Infinity from individual participants, for calls where bandwidth limits have not otherwise been specified. Managing and restricting call bandwidth
Maximum outbound call bandwidth (kbps) Limits the bandwidth of media being sent by Pexip Infinity to individual participants, for calls where bandwidth limits have not otherwise been specified. Managing and restricting call bandwidth
Maximum call quality

Controls the maximum call quality for participants connecting to Pexip Infinity services.

You can override this global setting for each individual service (VMR, Call Routing Rule etc). For example, you could use the default option of "HD" for most of your services by default, but enable Full HD on some specific services. The options are:

  • SD: each participant is limited to SD quality.
  • HD: each participant is limited to HD (720p) quality.
  • Full HD (1080p): allows any endpoint capable of Full HD to send and receive its main video at 1080p.

Default: HD

See Setting and limiting call quality for more information.

Setting and limiting call quality
Maximum presentation bandwidth ratio

When sending main video and presentation to a standards-based (SIP or H.323) or WebRTC endpoint, this defines the maximum percentage of the call bandwidth to allocate to the presentation content (with the remainder allocated to main video). It must be in the range 25% to 75%.

Default: 75%

Managing and restricting call bandwidth
External participant avatar lookup

Determines whether or not avatars for external participants are retrieved using a method appropriate for the external meeting type. Currently this only applies to Microsoft Teams conferences. For all other conference types, and for when this option is not selected, avatars may be retrieved via external policy or user records as per standard behavior. You can also configure this setting on individual Call Routing Rules for Microsoft Teams conferences.

Default: enabled.

Configuring Pexip Infinity as a Microsoft Teams gateway
Connectivity
Enable SIP *

Controls support for the SIP protocol over TCP and TLS across all Conferencing Nodes in your Pexip Infinity deployment.

Note that disabling SIP will disable support for Skype for Business / Lync (MS-SIP).

Default: enabled.

Enabling and disabling SIP, H.323, WebRTC and RTMP
Enable SIP UDP

Allows or prevents incoming calls over SIP UDP.

Default: disabled.

Enable H.323 *

Enable WebRTC

Enable RTMP *

These boxes control support for the selected protocols across all Conferencing Nodes in your Pexip Infinity deployment.

Default: all of these settings are enabled by default.

Enable support for Pexip Infinity Connect clients and Client API

Enables support for the Pexip Infinity client API. This is required for integration with the Connect apps (web, desktop and mobile), and any other third-party applications that use the client API, as well as for integration with Microsoft Teams and Poly OTD endpoints for One-Touch Join.

This setting must be enabled if you want to Enable WebRTC or Enable RTMP.

Default: enabled.

Enable Far End Camera Control

Allows endpoints that support FECC to be controlled by a Host participant using a Connect app.

Default: enabled.

Control another participant's camera

Enable chat

Enables relay of chat messages between conference participants using Skype for Business / Lync and Infinity Connect clients.

You can override this setting on a per conference basis (for a Virtual Meeting Room or Virtual Auditorium).

Default: enabled.

Enabling and disabling chat messages
Enable outbound calls

Controls whether any calls can be made via the Infinity Gateway, and allows dial-out from a conference (via the Connect apps and the Administrator interface).

Default: enabled.

Placing calls via the Pexip Infinity Distributed Gateway

Manually dialing out to a participant from a conference

Enable legacy dialout API

This setting controls the system behavior when dialing out via a Connect app or the client API to a participant from an ongoing conference.

When selected (enabled), calls placed via the:

  • Connect apps always use automatic routing and thus must match an appropriate Call Routing Rule.
  • Client API or the legacy (webapp1) client can either use automatic routing or they can specify a dial-out protocol without any need for a Call Routing Rule i.e. it allows end-users to perform arbitrary dial outs (and thus circumvent any administrator-set rules).

When not selected (disabled), calls that are placed via:

  • any Connect app, or via the client API, always use automatic routing and thus must match an appropriate Call Routing Rule.

Note that dial out via the Administrator interface, management API or Automatically Dialed Participants (ADPs) is unaffected by this setting.

Default: disabled.

Manually dialing out to a participant from a conference
Default web app

Determines which version of the Connect web app will be presented by default to users when accessing a Conferencing Node (or reverse proxy) via its IP address or domain name. You can select a specific web app version, or you can choose to use the most recent release available at the time of upgrade (which for upgrades to v30 is Pexip Connect for Web).

Default: Always use newest web app after upgrade.

About Connect web app versions
Pexip Infinity domain (for Lync / Skype for Business integration)

The name of the SIP domain that is routed from Skype for Business / Lync to Pexip Infinity, either as a static route or via federation.

You can also configure the Pexip Infinity domain on a per-location basis, which would override this global setting for Conferencing Nodes in that location.

Skype for Business with Pexip Infinity

Enable Skype for Business / Lync auto-escalation

When selected, this automatically escalates a Skype for Business / Lync audio call so that it receives video from a conference.

Default: disabled.

Automatically escalating Skype for Business / Lync audio calls
Enable VbSS for Skype for Business

Controls support for Skype for Business Video-based Screen Sharing (VbSS).

Note that VbSS is always enabled for Microsoft Teams calls, regardless of this setting.

Default: disabled.

For information about enabling VbSS on your Skype for Business infrastructure see https://technet.microsoft.com/en-us/library/mt756736.aspx.

DSCP value for management traffic The DSCP value for SSH, HTTPS and SNMP management traffic sent from the Management Node and from Conferencing Nodes. This is an optional Quality of Service (QoS) setting used to prioritize different types of traffic in large, complex networks. Also see Configuring system locations.  
Enable SSH

Allows an administrator to log in to the Management Node and all Conferencing Nodes over SSH.

This setting can be overridden on individual nodes.

Default: enabled.

 
Enable directory

When disabled, Connect apps display aliases from their own call history only.

When enabled, registered Connect apps additionally display the aliases of Virtual Meeting Rooms, Virtual Auditoriums, Virtual Receptions, and devices registered to the Pexip Infinity platform.

Default: enabled.

Directory (phone book) of devices and VMRs for registered Connect apps
Enable restricted routing for Proxying Edge Nodes

When enabled, if a location only contains Proxying Edge Nodes, then those nodes only require IPsec connectivity with other nodes in that location, the transcoding location, the primary and secondary overflow locations, and with the Management Node. When disabled, a full connectivity mesh is required between all nodes in the deployment.

Default: enabled.

Deployment guidelines for Proxying Edge Nodes
Media encryption

Controls the media encryption requirements for participants connecting to Pexip Infinity services.

You can override this global setting for each individual service (VMR, Call Routing Rule etc). For example, you could use the default option of "best effort" for most of your services, but enforce encryption on some specific services.

  • Best effort: each participant will use media encryption if their device supports it, otherwise the connection will be unencrypted.
  • Required: all participants (including RTMP participants) must use media encryption.
  • No encryption: all H.323, SIP and MS-SIP participants must use unencrypted media. (RTMP participants will use encryption if their device supports it, otherwise the connection will be unencrypted.)

Default: Best effort

 
Port ranges
Signaling port range start and end *

The start and end values for the range of ports (UDP and TCP) that all Conferencing Nodes use to send signaling (for H.323, H.245 and SIP).

Default: 33000–39999.

 
Media port range start and end *

The start and end values for the range of ports (UDP and TCP) that all Conferencing Nodes use to send media for H.323, SIP, Skype for Business / Lync, WebRTC and RTMP (note that RTMP uses TCP only).

Default: 40000–49999.

 
Codecs
Codecs

Controls which codecs to offer in audio/video negotiation (SDPs).

Some third-party systems can experience issues if they are sent a large SDP from Pexip Infinity. You can reduce the size of the SDP by disabling specific, unwanted codecs.

Default: all codecs are selected except AAC-LD128, H.264 High (mode 0) and H.264 High (mode 1).

To enable the H.264 High Profile codec, move H.264 High (mode 1) into the list of Chosen Codecs. For optimal interoperability results, only enable H.264 High (mode 1) — leave H.264 High (mode 0) in the Available Codecs list.

 
Security
OCSP state

Determines whether OCSP is used to check the status of TLS certificates.

Off: OCSP is not used.

On: OCSP is used, and the request is sent to the URL specified in the TLS certificate. If no URL is specified in the TLS certificate, the OCSP responder URL configured below is used.

Override: OCSP is used, and the request is sent to the OCSP responder URL specified in the OCSP responder URL field, regardless of any URL encoded in the TLS certificate.

Default: Off.

Using OCSP to check the status of certificates
OCSP responder URL

The URL to which OCSP requests are sent if either:

  • the OCSP state is set to On but no URL is present in the TLS certificate, or
  • the OCSP state is set to Override (in which case any URL present in the certificate is ignored).
Using OCSP to check the status of certificates
SIP TLS certificate verification mode

Determines whether to verify the peer certificate for connections over SIP TLS.

Off: the peer certificate is not verified; all connections are allowed.

On: the peer certificate is verified, and the peer's remote identities (according to RFC5922) are compared against the Application Unique String (AUS) identified by Pexip Infinity — the SIP URI — before the connection is allowed.

Default: Off.

Verifying SIP TLS connections with peer systems
Maximum log age (days)

The maximum number of days of logs and call history to retain on Pexip nodes. On busy systems, logs may still be rotated before this time due to limited disk space.

Enter 0 to have no set limit.

Default: 0.

 
HTTP Content Security Policy

Determines whether or not HTTP Content-Security-Policy (CSP) headers for Conferencing Nodes are enabled.

Default: enabled.

 
HTTP Content Security Policy Header

Defines the contents of the HTTP Content-Security-Policy headers for Conferencing Nodes when CSP is enabled.

The default header string contains multiple directives such as frame-src and script-src, delimited by the ; character.

For more information on CSP, see Content Security Policy - An Introduction and Content Security Policy | OWASP Foundation.

Default: upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com;

Note that these defaults are appropriate for typical usage of Pexip Infinity. For example, the Microsoft addresses are required for Outlook add-ins. The reserved domain example.com is included to support a third-party JavaScript library that is used by the Connect web app for PDF content sharing. You may need to add extra headers if you use custom plugins with the Connect web app.

 
Break-in resistance
Enable PIN brute force resistance

Select this option to instruct Pexip Infinity to temporarily block all access to a VMR that receives a significant number of incorrect PIN entry attempts.

You can override this setting on a per location basis.

Default: enabled.

Break-in resistance settings to mitigate rogue calls
Maximum PIN failures

The maximum number of PIN failures allowed in any 10-minute window before the VMR is blocked.

Default: 20.

Enable VOIP scanner resistance

Select this option to instruct Pexip Infinity to temporarily block service access attempts from any unknown source IP addresses that dial a significant number of incorrect aliases.

You can override this setting on a per location basis.

Default: enabled.

Maximum scanner attempts

The maximum number of incorrect dial attempts in any 10-minute window before the source IP address is blocked.

Default 20.

External system integration
Enable HTTP access for external systems

Access for external systems is over HTTPS by default. If this box is selected, access over HTTP is also permitted.

Default: disabled.

Integrating with external systems
External system username and password The username and password used by external systems (such as CUCM) when authenticating with Pexip Infinity. Integrating with external systems
Management web interface configuration
Login banner text Any text entered here is displayed in a message box on the login page. This field supports plain text only.  
Enable management web interface session timeout

Controls whether inactive users are automatically logged out of the Administrator interface after a period of time.

If enabled, users are logged out after a number of minutes of inactivity as specified in the Management web interface session timeout setting.

If disabled, users of the Administrator interface are never timed out. You may want to use this option if, for example, you have an administrator session that permanently monitors the system live view.

Default: enabled.

 
Management web interface session timeout

The number of minutes a browser session may remain idle before the user is logged out of the Management Node Administrator interface, if Enable management web interface session timeout is selected.

Default: 30 minutes.

 
Show conferences and backplanes in Live View

Controls whether conferences and backplanes are shown in the Live View graph. If you have a very busy deployment, it may be useful to disable conferences and backplanes from the Live View for an improved viewing experience.

Note that when conferences and backplanes are removed, the conferences and participants counts in Live View always show 0 (even if there are conferences in progress).

Default: enabled.

Viewing live and historical platform status
Management start page

Controls the first page you are directed to after logging into the Administrator interface.

Default: Live View

Using the Pexip Infinity Administrator interface
Reporting

Enable incident reporting

Incident reporting URL

Contact email address

If incident reporting is enabled, reports are sent to the specified URL.

This setting is configured during initial installation of the Management Node (when running the installation wizard).

Automatically reporting errors
Automatically send deployment and usage statistics to Pexip

Select this option to allow submission of deployment and usage statistics to Pexip. This will help us improve the product.

This setting is configured during initial installation of the Management Node (when running the installation wizard).

Automatically sending usage statistics
Advanced event sink tuning

Event sink connection timeout

Event sink maximum retry backoff

Initial retry backoff

Internal cache expiration

Time to wait for media streams message

Maximum number of background POSTs

A range of advanced options to tune the event sink processes.

See Using event sinks to monitor conference and participant status for details.

Using event sinks to monitor conference and participant status
Cloud bursting
Enable bursting to the cloud

Bursting threshold

Tag name and value

Minimum lifetime

Cloud provider
These options enable and configure the Pexip Infinity platform for dynamic cloud bursting to either Microsoft Azure, Amazon Web Services (AWS) or Google Cloud Platform (GCP).

Configuring dynamic bursting to the AWS cloud

Configuring dynamic bursting to the Microsoft Azure cloud

Configuring dynamic bursting to the Google Cloud Platform (GCP)

Pexip Private Cloud
Enable Pexip Private Cloud Select this option to enable a connection from your deployment to the Pexip Private Cloud. A connection to the Pexip Private Cloud is required if you wish to deploy a Pexip Smart Scale location.
Gateway URL The URL used by your deployment to connect to the Pexip Private Cloud. This must be in the format https://  
Customer ID The username used to authenticate your connection to the Pexip Private Cloud.  
Authentication token The token used to authenticate your connection to the Pexip Private Cloud.  
Live captions (available and required when Live Captions are enabled via Tech preview features)
Default enabled value VMRs Select this option to enable live captions on all VMRs by default.  
Live captions service API gateway The API service used by the Conferencing Nodes in a location to handle live captions (such as livecaption-api.pexip.io).  
Live Captions App-Id Auto populated when live captions are enabled the first time. This value will not change if you disable and re-enable live captions.  
Live captions JWT public key Auto populated when live captions are enabled. This value will not change if you disable and re-enable live captions.  
Tech preview features
Enable Live Captions

Select this option to enable live captions for participants using the web app. This allows you to configure a VMR to convert the live meeting audio to a readable text (live transcription).

This is a technology preview feature and can be enabled via Platform > Global settings > Tech preview features > Enable Live Captions. Please contact your Pexip authorized support representative or your Pexip Solution Architect for guidance on enabling this feature specific to your environment. When enabling this feature note that:

  • Only the local user can view the captions, all the other meeting participants will get the notification - "this meeting is being transcribed"
  • When using web app, the Turn live captions on button is only displayed when the live captions are enabled via global settings and per VMR level.
  • The Turn live captions on button is not available for Skype for Business / Lync and Microsoft Teams gateway calls.
  • When using Connect web app (Webapp2), the live transcriptions history can be viewed on the left side panel, but this feature is not available for Pexip Connect for Web (Webapp3).
  • If the outgoing locations are not configured, then the live caption feature will be disabled for all the Conferencing Nodes in that location.

Configuring Virtual Meeting Rooms (VMRs)

About system locations

Live captions

Enable media relay on TCP port 443

This setting enables media relay on TCP port 443 on all Conferencing Nodes. This is intended as a fallback mechanism for use by WebRTC clients that are behind strict firewalls that block RTP media to Pexip's standard ports. This setting should only be enabled when it is impossible to amend the firewall's rules to allow UDP media, as sending media over TCP can result in increased latency and jitter.

Enabling this setting may cause disruption to ongoing WebRTC sessions.

This setting is not compatible with the Connect desktop app for Citrix Workspace app.

 
Enable Dual Screen layouts This setting enables multiscreen participant display for endpoints with two screens. Conference layouts and speaker names
Enable Voice Focus

Select this option to improve the way in which voice activity is detected by better distinguishing between actual speech and background noise. This reduces the probability that people who are not speaking but have audible background noise will be switched into the main speaker position. Note that this does not remove any noise from the audio.

When enabled it applies to all call types and all layouts.

 
Enable Softmute

Softmute is advanced speech-aware audio gating which helps to minimize noise coming from a participant who has their microphone turned on in a conference, but is not speaking. If non-voice noise is detected, this feature softens the gain from that participant. It does not entirely suppress noise from an audio signal.

To enable or disable softmute during a conference, you can use the client REST API requests enable_softmute and disable_softmute at the conference level. For example, the REST URI to enable softmute could take the following format:

https://10.0.0.1/api/client/v2/conferences/meet_alice/enable_softmute

Note that these REST API requests will be deprecated in version 31, and will be replaced with a VMR configuration option.

Pexip client REST API
Enable Direct Media

Select this option to enable the Direct Media configuration setting on VMRs. This allows you to configure a VMR for end-to-end encrypted calls between two WebRTC participants.

When enabling this feature, note that:

  • Only two WebRTC participants can join a Direct Media call.
  • If additional participants join the conference (using any call protocol such as WebRTC or SIP for the additional participants) the call is escalated to a standard, transcoded call with media sent via Conferencing Nodes, and is no longer a Direct Media call. In conference history, the original participants are shown as being transferred to a new call, and new participant history records are created for the new call. If the call de-escalates back to two WebRTC participants then it becomes a Direct Media call again (with new participant history records again).
  • Video, audio-only, and presentation and control-only connections are supported.
  • Presentation / screen sharing, and chat is supported (via the direct media connection).
  • All of the standard authentication methods for joining the VMR are supported.
  • The first participant to join sees a "Welcome" or "Waiting for the host" screen until the second participant joins and the media connection is established. Currently this page cannot be customized.
  • Within the Connect app, each user can view a Secure check code (select Control and then select Get media stats). Both users should see the same code, proving that media is not being sent via, and transcoded by a Conferencing Node.
  • All call signaling is still handled by the Conferencing Node.
  • When viewing the conference graph in the Administrator interface, a direct media line is shown between the two participants, plus the signaling connections to the Conferencing Node:

Client TURN servers

In some network topologies, for example if the Connect apps are behind a NAT or have firewall restrictions, they may not be able to establish a direct connection between each other. To overcome this, the clients may need to use a TURN server to relay media between each other.

When using Direct Media we strongly recommend for enhanced security that you use your own dedicated TURN server that is located in your DMZ.

To use a TURN server:

  1. Configure a TURN server (Call control > TURN servers).

  2. Configure your system locations with the Client TURN servers to provision to the Connect app WebRTC clients:

      1. Go to Platform > Locations.
      2. Select the Conferencing Node's location.
      3. Select one or more Client TURN servers.
      4. Optionally, you can select Enforce media routing via a client TURN server if you want to force the WebRTC client to route its media through one of the specified client TURN servers.
      5. Select Save.
      6. Repeat for other locations as necessary.

      When a WebRTC client connects to a Conferencing Node in that location, the Conferencing Node will provide it with the details of the nominated TURN servers. These TURN servers may be used by the client to provide a media connectivity path if it cannot make a direct media connection to another client.

Configuring Virtual Meeting Rooms (VMRs)

Using TURN servers with Pexip Infinity

Enable Breakout Rooms

This setting configures the use of breakout rooms on VMRs. When enabled, you can configure individual VMRs so that its participants can be sent into different breakout rooms.

Managing participants

In version 30, the only way to manage the sending of participants to and from breakout rooms is via the Pexip client REST API using the room participant function.

These participant POST requests take the format:

https://<node_address>/api/client/v2/conferences/<conference_alias>/participants/<participant_uuid>/room

for example

https://10.0.0.1/api/client/v2/conferences/meet_alice/participants/10063ba5-565f-42ba-a62f-b7f89e60955a/room

The request must contain one field:

room_id number The room to which the participant is sent. Range: 0-5.

Room IDs

The room_id controls which participants are in which room, and thus can see and hear each other:

  • When participants join a VMR that has breakout rooms enabled, they join room 1 by default.
  • You use the client API room participant function to send a participant to a different room (or back to room 1). This API operates on one participant at a time.
  • The room ID can be in the range 0-5. Rooms 1-5 are the segregated breakout rooms.
  • Room 0 is a special "broadcast" room. Participants in room 0 appear with audio/video in all of the other rooms, and can see/hear all of the other participants in all of the other rooms.

Limitations

This feature currently has some limitations:

  • It is not supported in Adaptive Composition layouts.
  • Presentation content is only supported in room 1 (presentation is stopped if the participant is moved elsewhere).
  • There is no roster filtering in the Connect apps.
  • Live captions (also technology preview) is limited to just room 1. If enabled, all rooms/participants are shown the captions from room 1.

Configuring Virtual Meeting Rooms (VMRs)

Pexip client REST API

* If you change any of these settings, all existing calls will be disconnected and all Conferencing Nodes will be automatically restarted.