Using the reverse proxy and TURN server with Infinity Connect and Skype for Business / Lync clients
Infinity Connect clients can connect directly to a Conferencing Node, but this does not provide a mechanism for balancing load between multiple Conferencing Nodes, or failing over in the event of a node failure. In addition, many customers may deploy Conferencing Nodes in a private network but would like to also provide access to external users using the Infinity Connect web app.
To resolve these issues, a reverse proxy in the DMZ can be used to forward the HTTPS traffic from the browser to the Conferencing Nodes, and a TURN server can be used to forward media from a private network to the public Internet.
When the reverse proxy has been deployed, Infinity Connect users with WebRTC-compatible browsers can access conferences via https://<reverse-proxy>/webapp/, where <reverse-proxy> is the FQDN of the reverse proxy. This mechanism uses HTTPS for accessing the web pages and conference controls, and RTP/RTCP for the media streams (via a TURN server if necessary).
Note that Microsoft Edge browser version 44 and earlier (which is WebRTC-compatible) cannot use STUN and thus cannot send media to Pexip Infinity via a TURN server.
(If the reverse proxy is not available, Infinity Connect web app users can connect via https://<node>/, where <node> is the IP address or URL of the Conferencing Node, providing the web app can reach the node's IP address directly.)
The Infinity Connect desktop and mobile clients work by sending HTTP GET and POST requests to a specific destination address to fetch information about a meeting (such as the participant list) and to send various commands (such as to mute or remove conference participants).
Clients discover the destination address for those HTTP requests through a custom DNS SRV lookup for _pexapp._tcp.<domain>. For instance, if the desktop or mobile client attempts to place a call to a meeting URI of firstname.lastname@example.org, it will perform a DNS SRV lookup for _pexapp._tcp.example.com.
For more information, see Setting up DNS records and firewalls for Infinity Connect client connectivity.
Note that the Infinity Connect mobile client will keep polling the reverse proxy periodically to update the participant list for a given virtual meeting room for as long as the application is active.
It may be necessary to configure Pexip Infinity with the address of a STUN server, such as stun.l.google.com, so that each Conferencing Node can discover its reflexive address, which is essential for certain Skype for Business / Lync call scenarios to work correctly.