You are here: Integration > Reverse proxy and TURN server > Deploying via OVA template

Deploying the reverse proxy and TURN server using an OVA template

Pexip provides a preconfigured Reverse Proxy and TURN Server appliance via an OVA template suitable for deployment on VMware ESXi. This OVA template is provided "as-is" and provides a reference installation which will be suitable for typical Pexip deployments where:

  • Conferencing Nodes are deployed in internal, private networks.
  • The reverse proxy and TURN server is deployed in a DMZ environment using one or two network interfaces.

Deployment steps

These steps involve:

Downloading the OVA template

Download the Pexip RP/TURN OVA template from https://dl.pexip.com/rpturn/v4/index.html to the PC running the vSphere client. Either the vSphere desktop client or web client can be used.

We recommend that you verify the OVA file integrity after downloading the OVA file by calculating the MD5 sum of the downloaded file (for instance using WinMD5 Free from www.winmd5.com) and comparing that with the respective MD5 sum found in file readme.txt (located in the same download location as the OVA images).

Deploying the OVA template

To deploy the OVA template:

  • vSphere Web Client: go to Hosts and clusters, right-click on a host server and choose Deploy OVF Template....
  • vSphere Client for Windows: go to Hosts and clusters, click File and Deploy OVF Template.

During the OVA deployment, we recommend that you use the default options. Also make sure to assign the correct VMware network/port group for the network interface of the virtual machine.

vSphere desktop client

vSphere web client

After the OVA template has been deployed, power on the newly-created virtual machine.

Setting the password for SSH/console access

After the virtual machine has powered on, open the VMware console for the Reverse Proxy and TURN Server virtual machine, right-click on the virtual machine in the vSphere client and choose Open Console.

Initial login prompt

Before you can start the install wizard, you must change the password. To do this:

  1. Log in as user pexip with password PEXIP (these are case sensitive).
  2. You are prompted to set a new account password. To do this you must enter the new password twice.
  3. After setting the new password, the Pexip Reverse Proxy/TURN banner is shown, and you are prompted to enter the new password again.

    After this password has been entered, the install wizard will start.

Running the installation wizard

The installation wizard is divided into several steps, which are explained below. Some steps require a single line of input, while others allow multiple lines of input to be entered, one line at a time. Some steps also allow multiple entries on the same line.

The configuration example described here is based on the Example deployment: single NIC on public address (shown below), with the following additional assumptions:

  • The reverse proxy and TURN server interface (198.51.100.130) resides in the same subnet as its default gateway (198.51.100.129).
  • Router 10.40.0.1 is the next hop when accessing all internal hosts. The internal networks are defined by CIDR 10.0.0.0/8 (10.0.0.0-10.255.255.255).
  • Hosts residing in the internal network 10.0.50.0/24 will access the reverse proxy and the TURN server over SSH.

Note that all IP addresses in this guide are examples only — actual IP addressing will be deployment specific.

The following table shows, for each step, the prompt text that is shown, the example text you should input, and an explanation of the step.

Step Prompt text Example input Explanation for this example deployment
1 IP address 198.51.100.130
[ENTER]

198.51.100.130 is the IP address of the reverse proxy/TURN server interface.

If the intention is to have dual NICs, specify the address of the internally-facing NIC (see Configuring a second NIC).

2 Subnet mask 255.255.255.0
[ENTER]
The reverse proxy/TURN server has a network mask of 255.255.255.0.
3 Default Gateway 198.51.100.129
[ENTER]
The reverse proxy/TURN server has a default gateway of 198.51.100.129.
4 Network address and subnet mask of network/host allowed to access this host over SSH 10.0.50.0
[SPACE]
255.255.255.0
[ENTER]
10.0.50.0 is the network address and 255.255.255.0 is the subnet mask of the enterprise's management network that is allowed to access this host over SSH.
5 Hostname proxy
[ENTER]
The reverse proxy has a hostname of proxy. The hostname and domain (configured in the next step) must match the actual DNS name by which the reverse proxy will be addressed (proxy.example.com).
6 Domain suffix example.com
[ENTER]

The reverse proxy has a domain name/suffix of example.com. This means, since the host name in the previous step was configured as proxy, that the full FQDN of this reverse proxy is proxy.example.com.

If a custom SSL certificate is created for this reverse proxy, this FQDN needs to match the Subject Name and Subject Alternative Name of the SSL certificate. For more information, see Replacing the default SSL certificate on the reverse proxy.

7 DNS server(s), space separated 8.8.8.8
[SPACE]
8.8.4.4
[ENTER]
The reverse proxy is configured to use DNS servers 8.8.8.8 and 8.8.4.4. DNS is in this case mainly used to resolve the hostnames of NTP servers.
8 NTP server(s), space separated 0.no.pool.ntp.org
[SPACE]
1.no.pool.ntp.org
[SPACE]
2.no.pool.ntp.org
[ENTER]

The reverse proxy is configured to use three different pools of NTP servers, to ensure proper NTP time synchronization.

We recommend that at least three NTP servers are used.

9

Enter the IP address of each conference node separately, followed by [ENTER].

Press [ENTER] on an empty line to finish entering conference nodes: Enter IP of next conference node or press [ENTER] if finished

10.40.0.10 [ENTER]
10.40.0.11 [ENTER]
[ENTER]

Here, the IP addresses of both Pexip Conferencing Nodes are input, one at a time – 10.40.0.10 is the first Conferencing Node and 10.40.0.11 is the second Conferencing Node.

(If you are deploying a TURN server only, input '169.254.0.1' followed by <ENTER>. 169.254.0.1 is a link-local IP address which is not used in production networks.)

10

Choose a space-separated username and password to enable the built in TURN server

Enter ‘disable’ to disable the built in TURN Server

Example: someusername [SPACE] somepassword [ENTER]

pexip
[SPACE]
admin123
[ENTER]

When deploying the TURN server application, you must enter some credentials, for example, entering:

pexip [SPACE] admin123 [ENTER]

would set the username to 'pexip' with a password of 'admin123'.

These are the credentials you would use when configuring Pexip Infinity with the access details for this TURN server.

(If you are deploying the reverse proxy only, input 'disable'.)

When all of the installation wizard steps have been completed, the appliance will automatically reboot.

After the appliance has started up again it will be ready for use — Infinity Connect Mobile client and Infinity Connect users will now be able to access Virtual Meeting Rooms from outside your network.