When is a reverse proxy, TURN server or STUN server required?
Since version 16 of Pexip Infinity, we recommend that you deploy
If you do not want to deploy Proxying Edge Nodes, and all of your Conferencing Nodes are privately addressed, you will need to use a reverse proxy and a TURN server to allow external endpoints such as Connect app clients to access your Pexip Infinity services, and you may need to use a TURN server for Skype for Business / Lync clients. A TURN server can also act as a STUN server, however, in some Pexip Infinity deployment scenarios where the TURN server is deployed inside your enterprise firewall, you may need to configure a separate, external STUN server.
When connecting to a privately-addressed Conferencing Node, Connect app WebRTC clients that are behind a NAT may also use a STUN server to find out their public NAT address.
If you are using direct media then you may also want to provision details of a client TURN server to the WebRTC clients.
When using direct media we strongly recommend for enhanced security that you use your own dedicated TURN server that is located in your DMZ.
The following table shows when a reverse proxy, TURN server or STUN server needs to be deployed (if you are not using Proxying Edge Nodes). When used, they must be publicly accessible, and routable from your on-premises Conferencing Nodes.
External endpoint / client | Conferencing Node addresses | Reverse proxy | TURN server | STUN server (for Conferencing Nodes) |
STUN server (for WebRTC clients behind NAT) |
---|---|---|---|---|---|
Connect app WebRTC clients |
Private (on-premises) |
|
|
|
|
Skype for Business / Lync clients |
Private (on-premises) | - |
(only required if internal Conferencing Node cannot route to the public-facing interface of the SfB/Lync Edge server) |
|
|
Any endpoint / client | Publicly reachable — either directly or via static NAT | - | - | - | - |
Connect app WebRTC clients using direct media |
- |
- |
(provisioned as a Client TURN server) |
- |
|
|
Note that you may still want to deploy a reverse proxy in front of your Proxying Edge Nodes if, for example, you want to:
- host customized Connect web app content
- use it as a load balancer for Pexip's VMR Scheduling for Exchange service, to proxy requests from Outlook clients to Conferencing Nodes.