When is a reverse proxy, TURN server or STUN server required?

Since version 16 of Pexip Infinity, we recommend that you deploy Proxying Edge Nodes instead of a reverse proxy and TURN server if you want to allow externally-located clients to communicate with internally-located Conferencing Nodes.

If you do not want to deploy Proxying Edge Nodes, and all of your Conferencing Nodes are privately addressed, you will need to use a reverse proxy and a TURN server to allow external endpoints such as Infinity Connect clients to access your Pexip Infinity services, and you may need to use a TURN server for Skype for Business / Lync clients. A TURN server can also act as a STUN server, however, in some Pexip Infinity deployment scenarios where the TURN server is deployed inside your enterprise firewall, you may need to configure a separate, external STUN server.

When connecting to a privately-addressed Conferencing Node, Infinity Connect WebRTC clients that are behind a NAT may also use a STUN server to find out their public NAT address.

The following table shows when a reverse proxy, TURN server or STUN server needs to be deployed (if you are not using Proxying Edge Nodes). When used, they must be publicly accessible, and routable from your on-premises Conferencing Nodes.

External endpoint / client Conferencing Node addresses Reverse proxy TURN server STUN server
(for Conferencing Nodes)
STUN server
(for WebRTC clients behind NAT)

Infinity Connect WebRTC clients

Private (on-premises)

(if the TURN server is inside the firewall)

Skype for Business / Lync clients * Private (on-premises) -

(only required if internal Conferencing Node cannot route to the public-facing interface of the SfB/Lync Edge server)

(if the TURN server is inside the firewall)

Any endpoint / client Publicly reachable — either directly or via static NAT - - - -

* Also requires a Skype for Business / Lync Edge Server when Conferencing Nodes are privately addressed (see Example deployment in an on-premises Skype for Business / Lync environment).

Note that you may still want to deploy a reverse proxy in front of your Proxying Edge Nodes if, for example, you want to:

  • host customized Infinity Connect web app content
  • use it as a load balancer for Pexip's VMR Scheduling for Exchange service, to proxy requests from Outlook clients to Conferencing Nodes.