Vidyo Server for WebRTC Administrator Guide 3.2-A

Vidyo™ Server for WebRTC
Administrator Guide
Product Version 3.2
Document Version A
April, 2016
TABLE OF CONTENTS
Overview ...........................................................................................................................................1
Understanding the Configuration Procedure .................................................................................... 1
1. Using Vidyo Server for WebRTC Virtual Edition (VE) .....................................................................3
Understanding Vidyo Server for WebRTC VE Requirements ........................................................... 3
Virtual Machine Provisioning Requirements ..................................................................................... 4
Understanding Vidyo Server for WebRTC VE Support of VMware Features ................................... 4
Installing Vidyo Server for WebRTC VE ............................................................................................. 4
2. Configuring Your Vidyo Server for WebRTC ................................................................................13
Logging in to the System Console of Your Server and Changing the Default Password ............. 13
Using Your System Console Menus................................................................................................ 14
Configuring Your Hostname and Domain ....................................................................................... 15
Configuring Your Production Interface ............................................................................................ 16
Configuring Your Management Interface ........................................................................................ 19
Configuring Time Servers (NTP) ...................................................................................................... 20
Managing System Console User Accounts .................................................................................... 21
Viewing System Console User Accounts ............................................................................. 21
Adding System Console User Accounts.............................................................................. 22
Deleting System Console User Accounts ............................................................................ 23
Changing Your System Console Password ......................................................................... 25
Managing Static Hosts .................................................................................................................... 26
Viewing Static Hosts ............................................................................................................. 26
Adding a Static Host ............................................................................................................. 27
Deleting a Static Host ........................................................................................................... 28
Configuring Application Ports.......................................................................................................... 29
Viewing Applications from the Information Menu ........................................................................... 31
Viewing System Details from the Information Menu ....................................................................... 32
Rebooting Your Server..................................................................................................................... 33
Shutting Down Your Server.............................................................................................................. 33
Exiting the System Console of Your Server..................................................................................... 34
Logging in to the Admin Portal ........................................................................................................ 34
3. Configuring Your Vidyo Server for WebRTC System Settings .....................................................36
Understanding Vidyo Server for WebRTC Clusters ........................................................................ 36
Configuring Vidyo Server for WebRTC Clusters ............................................................................. 38
© 2016 Vidyo, Inc. all rights reserved. Vidyo’s technology is covered by one or more issued or pending United States patents, as more fully
detailed on the Patent Notice page of Vidyo's website http://www.vidyo.com/about/patent-notices/, as well as issued and pending
international patents. The VIDYO logotype is a registered trademark of Vidyo, Inc. in the United States and certain other countries, and is a
trademark of Vidyo, Inc. throughout the world. VIDYO and the Vidyo family of marks are trademarks of Vidyo, Inc. in the United States and
throughout the world.
TABLE OF CONTENTS
Adding Media Servers to the Cluster ................................................................................... 38
Deleting Media Servers from the Cluster ............................................................................. 39
Configuring Media Server Access Credentials .................................................................... 40
Managing Conferences ................................................................................................................... 40
Viewing Conference Participants .................................................................................................... 41
Managing Configurations ................................................................................................................ 43
Configuring Whitelisted Portals ............................................................................................ 43
Viewing, Adding, and Deleting Voice Numbers on Whitelisted VidyoPortal Tenants ......... 45
Configuring Cross-Origin Resource Sharing (CORS) ......................................................... 49
Configuring Your System Video Stream Resolution ............................................................ 50
Configuring Your System CPU Threshold............................................................................ 51
Configuring Your Network Traversal .................................................................................... 52
Managing Administrative and User Accounts ................................................................................ 55
Adding an Administrative or User Account .......................................................................... 55
Deleting Accounts ................................................................................................................ 56
Securing Your Vidyo Server with SSL and HTTPS .......................................................................... 57
Importing, Exporting, and Regenerating an SSL Private Key.............................................. 57
Generating and Viewing an SSL CSR .................................................................................. 59
Certificates Received from Your Certificate Authority .......................................................... 62
Uploading or Editing Your Server Certificate ....................................................................... 64
Configuring HTTPS Port Settings for Your Admin Pages .................................................... 67
Importing Trusted CA Certificates from the Advanced Tab ................................................ 68
Enabling HTTPS on Your Vidyo Server ................................................................................ 72
Maintaining Your System ................................................................................................................. 74
Downloading Logs................................................................................................................ 74
Upgrading Your System ....................................................................................................... 75
Rebooting Your Server..................................................................................................................... 75
Logging Out of Your Server ............................................................................................................. 76
4. Configuring the VidyoPortal for WebRTC ....................................................................................77
5. Vidyo Server for WebRTC Capacity Guidelines ...........................................................................78
6. Network Topology .......................................................................................................................81
7. Troubleshooting ..........................................................................................................................83
Do the WebRTC Servers have valid signed certificates? ............................................................... 83
Are the Media Servers configured on the Session Manager? ........................................................ 83
Has your VidyoPortal tenant been whitelisted?............................................................................... 83
Do you have enough Media Server capacity to handle all media streams? ................................. 83
Is DNS configured for resolving the Portal IP?................................................................................ 83
ii
TABLE OF CONTENTS
Have firewall rules been configured correctly? ............................................................................... 84
Does the client browser support WebRTC?.................................................................................... 84
8. Advanced Debugging Tips .........................................................................................................85
Connect to the Vidyo Server directly ............................................................................................... 85
Use the Diagnostics tool for troubleshooting ................................................................................. 85
iii
Overview
Vidyo™ Server for WebRTC enables users on desktop or mobile browsers to join conferences on
the VidyoPortal™ without needing to install browser plugins or extensions.
This document describes how to use Vidyo Server for WebRTC to connect with a
VidyoConferencing™ system. It is written for system administrators who must set up and maintain
a VidyoConferencing system.
This manual includes the following topics:
 Setup and Configuration of Vidyo Server for WebRTC
 Creating Vidyo Server for WebRTC Clusters
 Networking considerations
 Vidyo Server for WebRTC Capacity Guidelines
 Troubleshooting Guidelines
Note
To perform the setup and configuration described in this manual, you must have Admin
access to your Vidyo Server for WebRTC.
Understanding the Configuration Procedure
Configuration of your Vidyo Server for WebRTC requires you to perform the following procedures in
the order they appear here:
1. Use the system console to change the default Admin password and set up your network
configuration.
For more information, see Logging in to the System Console of Your Server and Changing
the Default Password and Configuring Your Hostname and Domain.
2. Perform the following additional configurations as needed:
 Upgrade your Vidyo Server for WebRTC.
For more information, see Upgrading Your System.
 Upload a new security certificate.
For more information, see Uploading Your Server Certificate.
 (Recommended) Configure your TURN server with a second IP address.
For more information, see Configuring Your Network Traversal.
 Adding one or more Media Servers.
1
Overview
For more information, see Adding Media Servers to the Cluster and Configuring Vidyo
Server for WebRTC Clusters.
3. Configure the VidyoPortal to allow VidyoWeb to use WebRTC.
For more information, see Adding Whitelisted VidyoPortals.
2
1. Using Vidyo Server for WebRTC Virtual
Edition (VE)
Vidyo’s virtual appliance of the Vidyo Server for WebRTC Virtual Edition (VE) allows you to enjoy the
benefits of your Vidyo Server within a virtual environment. The advantages of using virtual
appliances include:
 All the features and functionality of the physical appliance.
 The simplicity and efficiency of a software-based virtual appliance.
 Leveraging your investment in VMware vSphere infrastructure.
This chapter describes how to configure the Vidyo Server for WebRTC.
Understanding Vidyo Server for WebRTC VE Requirements
You can run multiple Virtual Edition Vidyo Servers (of any combination) on the same physical host.
Virtual Edition Vidyo Servers may be run on hardware that is also running non-Vidyo virtual
machines.
To run Vidyo Server for WebRTC VE, the following requirements must be met:
 Requires VMware vSphere ESXi Hypervisor software version 5.0 or later; version 5.5 or later
recommended.
 Must be compliant with the VMware qualified hardware list at
http://www.vmware.com/resources/compatibility/search.php.
 Requires Intel-based servers with a minimum Xeon 56xx Series at 2.0 GHz or faster, supporting
Intel Westmere and newer architectures, with AES-NI and hyper-threading enabled. Xeon E5
family with Sandy Bridge architecture or newer are recommended.
 At least 1Gbps vNICs.
 The BIOS settings of the host machine must be set for maximum performance, including both
CPU and memory settings.
 The BIOS settings must enable the Hyperthreading, Virtualization Technology (VT), and
Extended Page Tables (EPT) options on all ESX hosts.
 The memory must be the highest rated speed specified by the host CPU, and all memory
lanes of the CPUs must be populated with identical size and speed DIMMS.
 For 4+ socket systems, set your CPU affinity to two adjacent packages to ensure that
transcoding occurs on memory at most one node away.
 For large memory configurations (64 GB+), ensure that memory access is coalesced from
multiple memory channels, e.g., by enabling bank interleaving in the BIOS.
3
1. Using Vidyo Server for WebRTC Virtual Edition (VE)
 When running multiple virtual Vidyo Servers:
 Maintain 15% of the physical hardware CPU capacity as unreserved when deploying
multiple virtual machines on a physical host.
 When deploying multiple VidyoRouters™ on the same physical host, ensure that you have
sufficient network bandwidth. The physical host should have 1 Gbps Ethernet per 100-port
VidyoRouter.
 The physical host must use CPUs with at least 2.0 GHz in all cases, and in some cases
higher CPU speeds are required (see the CPU resource reservation guidelines in the
following sections for details).
 Do not co-locate high availability pairs on the same physical host.
Virtual Machine Provisioning Requirements
For more information about provisioning requirements, see 5. Vidyo Server for WebRTC Capacity
Guidelines.
Understanding Vidyo Server for WebRTC VE Support of
VMware Features
The following list includes VMware features and explains both if and how they are currently
supported by Vidyo Server for WebRTC VE:
 You can store and deploy backup copies of your Vidyo Server for WebRTC VE appliance using
vSphere’s export and import features.
 While your Vidyo Server for WebRTC VE appliance is powered off, it may be moved (cold
migration) or copied (cloned) from one host (or storage location) to another.
 You can resize your virtual machine and add vCPUs and vRAM; however, vNIC and removing
virtual hardware resources are not currently supported.
 Vidyo Server for WebRTC software updates are managed in the same manner as the regular
appliance. Always take snapshots (while your Vidyo Server for WebRTC VE appliance is
powered off) before updating. For more information see Upgrading Your System.
 Advanced features, such as vMotion, high availability, fault tolerance, and distributed resource
manager are not currently supported.
Installing Vidyo Server for WebRTC VE
The virtual appliance's filename reflects the appliance type and the software version. The following
screenshots contain blurred file paths and names to intentionally generalize the virtual server
appliance deployment with the latest software version at the time of release.
4
1. Using Vidyo Server for WebRTC Virtual Edition (VE)
Please refer to the Vidyo Server for WebRTC Release Notes for more detailed information
regarding release versions.
To install the Vidyo server for WebRTC VE:
1. Log in to the vSphere client (provided with Vidyo server for WebRTC) on your system.
2. From the File menu, select Deploy OVF Template.
5
1. Using Vidyo Server for WebRTC Virtual Edition (VE)
The Source dialog displays.
3. Click Browse and select the .ova file from your file system.
4. Click Next.
6
1. Using Vidyo Server for WebRTC Virtual Edition (VE)
The dialog changes to OVF Template Details.
This screen is read-only. If you need to change anything, click Back.
5. Click Next.
The dialog changes to Name and Location.
7
1. Using Vidyo Server for WebRTC Virtual Edition (VE)
The name displayed is a copy of the .ova filename as the vSphere default.
6. Type in a more descriptive name if desired.
7. Click Next.
The dialog changes to Disk Format.
8
1. Using Vidyo Server for WebRTC Virtual Edition (VE)
8. Be sure to select the Thin Provision radio button.
9. Click Next.
The dialog changes to Network Mapping.
10. Select the one network available for Vidyo server for WebRTC to use.
9
1. Using Vidyo Server for WebRTC Virtual Edition (VE)
11. Click Next.
The dialog changes to Ready to Complete.
12. Click Finish.
The Deploying dialog displays.
The Deployment Completed Successfully dialog displays.
13. Click Close.
10
1. Using Vidyo Server for WebRTC Virtual Edition (VE)
The vSphere Client window displays.
14. Click on the + sign to the left of the ESXi host name.
15. Click on Vidyo server for WebRTC in the left-side pane.
The tabs change.
16. Click the Resource Allocation tab to view and edit CPU and memory reservations.
17. Make reservations based on the expected load.
Refer to 5. Vidyo Server for WebRTC Capacity Guidelines to determine the correct resource
reservation.
18. Click on the Getting Started tab and click Power on the virtual machine.
19. Click the Console tab.
11
1. Using Vidyo Server for WebRTC Virtual Edition (VE)
You’re at your Vidyo server for WebRTC’s system console.
20. Log in as Admin.
If you haven’t changed your password yet, use the default password we have provided for
you.
You can now configure your Vidyo server for WebRTC network settings as described in the
2. Configuring Your Vidyo Server for WebRTC.
12
2. Configuring Your Vidyo Server for
WebRTC
Logging in to the System Console of Your Server and
Changing the Default Password
The very first time you log into your Vidyo Server for WebRTC, you are required to change the
default System Console password to one that is more secure. This System Console account is
also the same one used when accessing the Admin portal.
To log in to your System Console (also referred to as the Admin Console) and change the default
password:
1. Access the system console via the Console tab of a connected vSphere client or remotely
via SSH using the 192.168.1.110 default IP over port 2222.
2. Log in using the default Administrator account:
User Name: admin
Password: password (case sensitive)
3. At the login prompt, enter admin.
4. At the “(current) UNIX Password” prompt, enter password.
The password is case sensitve.
The Secure Password Change screen displays and prompts you to enter a new password
and then enter it again.
5. At the Password prompt, enter a new password.
When selecting a new password, follow these guidelines:
 The password should not be too similar to the old password.
 The password must be at least 3 characters different from the old password.
 The password should not be too simple or too short.
The algorithm here is a point system to satisfy the min password length (the default is
length 8 characters). The password gets extra points if it contains numbers, upper
case, lower case, or special characters. Each point is equivalent to 1 character.
 The password should not be a case change only of the old password or should not be
the reverse of the old password.
6. At the “Retype new password:” prompt, type your new password again.
13
2. Configuring Your Vidyo Server for WebRTC
If the passwords don’t match, you’ll be prompted to try again. If the passwords match, the
System Console main menu displays.
Using Your System Console Menus
When changing network settings in your Vidyo Server for WebRTC server, configurations are
applied after a system restart. For more information, see Rebooting Your Server.
There are three ways to navigate and make selections in the System Console menus:
1. Enter uppercase letters based on the desired menu item.
a. Type a number corresponding to your desired menu item.
The menu item should now be highlighted.
b. Press the Enter key.
2. Press Arrow keys to highlight your desired menu item.
a. Press one of the Arrow keys until the menu item is highlighted.
b. Press the Enter key.
3. Press the Tab key to highlight menu choices such as OK and Cancel.
a. Press the Tab key until the menu choice is highlighted.
b. Press the Enter key.
14
2. Configuring Your Vidyo Server for WebRTC
Configuring Your Hostname and Domain
To configure your hostname and domain:
1. Log in to the System Console.
For more information, see Logging in to the System Console of Your Server and Changing
the Default Password.
2. Enter 1 to select Hostname / Domain.
3. Press the Tab key to highlight OK.
4. Press the Enter key.
The Hostname screen displays.
5. Enter your desired hostname.
6. Press the Tab key to highlight OK.
7. Press the Enter key.
The Domain screen displays.
8. Enter your desired domain.
9. Press the Tab key to highlight OK.
10. Press the Enter key.
15
2. Configuring Your Vidyo Server for WebRTC
A Confirm box displays asking you if you are sure you want to change the hostname and
domain you provided.
11. Press the Tab key to highlight Yes.
Note
Be sure to configure your internal and external DNS so that the FQDN you configure here
resolves to the correct address. For example, your FQDN might resolve to a LAN address
internally and an Internet address externally.
12. Press the Enter key.
A message displays indicating that your changes are saved and a reboot is required for
your changes to take effect.
13. Press the Tab key to highlight OK.
14. Press the Enter key.
The Main Menu displays.
15. Reboot your server to apply your changes.
For more information, see Rebooting Your Server.
Configuring Your Production Interface
To configure your production interface:
1. Log in to the System Console.
For more information, see Logging in to the System Console of Your Server and Changing
the Default Password.
2. Enter 2 to select Production Interface.
3. Press the Tab key to highlight OK.
4. Press the Enter key.
16
2. Configuring Your Vidyo Server for WebRTC
The Production Interface menu displays.
5. If you want to Configure an IPv4 interface:
a. Press the Up or Down arrow keys to select IPv4 Configuration.
b. Press the Tab key to highlight OK.
c. Press the Enter key.
The IPv4 Production Interface screen displays.
d. Configure your IPv4 Production Interface using one of the following options:
 Select MANUAL which turns off IPv4 on the Production Interface (disabling the
interface).
 Select STATIC to provide a new IPv4 address, subnet mask, gateway, and up to
three DNS server addresses (separated by spaces).
 Select DHCP to provide IPv4 static routes.
Note
DHCP values take priority over search domain, DNS servers, NTP servers, and Network
MTU.
6. If you want to Configure IPv4 static routes on your production interface:
a. Press the Up or Down arrow keys to select IPv4 Static Routes.
b. Press the Tab key to highlight OK.
c. Press the Enter key.
The IPv4 Static Routes screen displays.
17
2. Configuring Your Vidyo Server for WebRTC
d. Configure your IPv4 Static Routes using one of the following options:
 Select A to add a static route.
 Provide your new network and network prefix in CIDR notation and your network
gateway to add your IPv4 static route.
 Select R to remove a static route.
7. If you want to Configure an IPv6 interface:
a. Press the Up or Down arrow keys to select IPv6 Configuration.
b. Press the Tab key to highlight OK.
c. Press the Enter key.
The IPv6 Production Interface screen displays.
d. Configure your IPv6 Production Interface using one of the following options:
 Select MANUAL which turns off IPv6 on the Production Interface (disabling the
interface).
 Select STATIC to provide a new IPv6 address, prefix, gateway, and up to three DNS
server addresses (separated by spaces).
 Select DHCP to enable IPv6 dynamic configuration.
Note
DHCP values take priority over search domain, DNS servers, NTP servers, and Network
MTU.
 Select AUTO to enable IPv6 automatic configuration.
8. If you want to configure Maximum Transmission Unit or Auto Negotiation on your
production interface:
a. Press the Up or Down arrow keys to select Interface Configuration.
b. Press the Tab key to highlight OK.
c. Press the Enter key.
The Production Interface menu displays.
d. Configure your Production Interface using one of the following options:
 Select Maximum Transmission Unit (MTU).
 Select Auto Negotiation.
9. Reboot your server to apply your changes.
For more information, see Rebooting Your Server.
18
2. Configuring Your Vidyo Server for WebRTC
Configuring Your Management Interface
To configure your management interface:
1. Log in to the System Console.
For more information, see Logging in to the System Console of Your Server and Changing
the Default Password.
2. Enter 3 to select Management Interface.
3. Press the Tab key to highlight OK.
4. Press the Enter key.
The IPv4 Management Interface menu displays.
5. If you want to view your active information:
a. Press the Up or Down arrow keys to select Active Information.
b. Press the Tab key to highlight OK.
c. Press the Enter key.
The Management Interface Active Information screen displays and shows your MAC,
LINK, MTU, and any configured IPv4 addresses and routes.
6. If you want to configure an IPv4 interface:
a. Press the Up or Down arrow keys to select IPv4 Configuration.
b. Press the Tab key to highlight OK.
c. Press the Enter key to highlight OK.
The IPv4 Management Interface screen displays.
19
2. Configuring Your Vidyo Server for WebRTC
d. Configure your IPv4 Management Interface using one of the following options:
 Select MANUAL which turns off IPv4 on the Management Interface (disabling the
interface).
 Select STATIC to provide a new IPv4 address, subnet mask, gateway, and up to
three DNS server addresses (separated by spaces).
7. If you want to Configure IPv4 static routes on your management interface:
a. Press the Up or Down arrow keys to select IPv4 Static Routes.
b. Press the Tab key to highlight OK.
c. Press the Enter key.
The IPv4 Static Routes screen displays.
d. Configure your IPv4 Static Routes using one of the following options:
 Select A to add a static route.
Provide your new network and network prefix in CIDR notation and your network
gateway to add your IPv4 static route.
 Select R to remove a static route.
8. If you want to configure Maximum Transmission Unit or Auto Negotiation on your
management interface:
a. Press the Up or Down arrow keys to select Interface Configuration.
b. Press the Tab key to highlight OK.
c. Press the Enter key.
The Production Interface menu displays.
d. Configure your Production Interface using one of the following options:
 Select Maximum Transmission Unit (MTU).
 Select Auto Negotiation.
9. Reboot your server to apply your changes.
For more information, see Rebooting Your Server.
Configuring Time Servers (NTP)
To configure your time servers (NTP):
1. Log in to the System Console.
For more information, see Logging in to the System Console of Your Server and Changing
the Default Password.
2. Enter 4 to select Time Servers (NTP).
20
2. Configuring Your Vidyo Server for WebRTC
3. Press the Tab key to highlight OK.
4. Press the Enter key.
The Network Time Servers screen displays.
5. Enter up to three network time server URLs separated by a space.
6. Press the Tab key to highlight OK.
7. Press the Enter key.
8. Reboot your server to apply your changes.
For more information, see Rebooting Your Server.
Managing System Console User Accounts
Viewing System Console User Accounts
To view system console user accounts:
1. Log in to the System Console.
For more information, see Logging in to the System Console of Your Server and Changing
the Default Password.
2. Enter 5 to select Users.
3. Press the Tab key to highlight OK.
4. Press the Enter key.
21
2. Configuring Your Vidyo Server for WebRTC
The Admin Users Management menu displays.
5. Press the Up or Down arrow keys to select Active Information.
6. Press the Tab key to highlight OK.
7. Press the Enter key.
The Users Active Information screen displays. View the current user and list of users, as
desired.
8. Press the Tab key to highlight OK.
9. Press the Enter key.
The Admin Users Management menu displays.
Adding System Console User Accounts
To add system console user accounts:
1. Log in to the System Console.
For more information, see Logging in to the System Console of Your Server and Changing
the Default Password.
2. Enter 5 to select Users.
3. Press the Tab key to highlight OK.
4. Press the Enter key.
22
2. Configuring Your Vidyo Server for WebRTC
The Admin Users Management menu displays.
5. Press the Up or Down arrow keys to select Add User.
6. Press the Tab key to highlight OK.
7. Press the Enter key.
The Admin Users Management menu prompts for a new username.
8. In the successive Admin Users Management menu prompts, enter a username, password,
and confirm your password.
When selecting a password, follow these guidelines:
 The password should not be too similar to the old password.
 The password should not be too simple or too short.
The algorithm here is a point system to satisfy the min password length (the default is
length 8 characters). The password gets extra points if it contains number, upper case,
lower case, or special character. Each point is equivalent to 1 character.
9. Press the Tab key to highlight OK.
10. Press the Enter key.
The Admin Users Management menu displays.
Deleting System Console User Accounts
To delete system console user accounts:
1. Log in to the System Console.
23
2. Configuring Your Vidyo Server for WebRTC
For more information, see Logging in to the System Console of Your Server and Changing
the Default Password.
2. Enter 5 to select Users.
3. Press the Tab key to highlight OK.
4. Press the Enter key.
The Admin Users Management menu displays.
5. Press the Up or Down arrow keys to select Remove User.
6. Press the Tab key to highlight OK.
7. Press the Enter key.
The Admin Users Management menu prompts you to select the user you want to delete.
8. Press the Up or Down arrow keys to highlight the desired user.
9. Press the Tab key to highlight OK.
10. Press the Enter key.
A confirmation dialog displays.
11. Press the Tab key to highlight Yes.
12. Press the Enter key.
The Admin Users Management menu displays.
24
2. Configuring Your Vidyo Server for WebRTC
Changing Your System Console Password
To change your system console password:
1. Log in to the System Console.
For more information, see Logging in to the System Console of Your Server and Changing
the Default Password.
2. Enter 5 to select Users.
3. Press the Tab key to highlight OK.
4. Press the Enter key.
The Admin Users Management menu displays.
5. Press the Up or Down arrow keys to select Change Password.
6. Press the Tab key to highlight OK.
7. Press the Enter key.
The Admin Users Management menu prompts you to select the name of the user account
for which you want to change the password.
8. Press the Up or Down arrow keys to highlight the desired user.
9. Press the Tab key to highlight OK.
10. Press the Enter key.
A confirmation dialog displays.
11. Confirm that you want to change the password of the account you selected.
a. Press the Tab key to highlight OK.
25
2. Configuring Your Vidyo Server for WebRTC
b. Press the Enter key.
12. Enter a new password and confirm your new password in the successive Admin Users
Management menu prompts.
Note
If the passwords don’t match, you’ll be prompted, your changes will be discarded, and the
Admin Users Management menu displays.
When selecting a new password, follow these guidelines:
 The password should not be too similar to the old password.
The default setting is at least 3 characters should be different from the old password.
 The password should not be too simple or too short.
The algorithm here is a point system to satisfy the min password length (the default is
length 8 characters). The password gets extra points if it contains a number, upper
case, lower case, or special character. Each point is equivalent to 1 character.
 The password should not be a case change only of the old password or should not be
the reverse of the old password.
Managing Static Hosts
Viewing Static Hosts
To view static hosts:
1. Log in to the System Console.
For more information, see Logging in to the System Console of Your Server and Changing
the Default Password.
2. Enter 6 to select Static Hosts.
3. Press the Tab key to highlight OK.
4. Press the Enter key.
26
2. Configuring Your Vidyo Server for WebRTC
The Static Hosts Management menu displays.
5. Press the Up or Down arrow keys to select Active Information.
6. Press the Tab key to highlight OK.
7. Press the Enter key.
The Static Hosts Active Information screen displays. View the current list of static hosts, as
desired.
8. Press the Tab key to highlight OK.
9. Press the Enter key.
The Static Hosts Management menu displays.
Adding a Static Host
To add a static host:
1. Log in to the System Console.
For more information, see Logging in to the System Console of Your Server and Changing
the Default Password.
2. Enter 6 to select Static Hosts.
3. Press the Tab key to highlight OK.
4. Press Enter key.
27
2. Configuring Your Vidyo Server for WebRTC
The Static Hosts Management menu displays.
5. Press the Up or Down arrow keys to select Add Host.
6. Press the Tab key to highlight OK.
7. Press the Enter key.
8. Enter the IP address and associated hostnames (separated by spaces) in the successive
Static Hosts Management menu prompts.
9. Press the Tab key to highlight OK.
10. Press the Enter key.
The Static Hosts Management menu displays.
Deleting a Static Host
To delete a static host:
1. Log in to the System Console.
For more information, see Logging in to the System Console of Your Server and Changing
the Default Password.
2. Enter 6 to select Static Hosts.
3. Press the Tab key to highlight OK.
4. Press the Enter key.
28
2. Configuring Your Vidyo Server for WebRTC
The Static Hosts Management menu displays.
5. Press the Up or Down arrow keys to select Remove Host.
6. Press the Tab key to highlight OK.
7. Press the Enter key.
The Static Hosts Management menu prompts you to select the static host you want to
delete.
8. Press the Up or Down arrow keys to highlight the desired static host.
9. Press the Tab key to highlight OK.
10. Press the Enter key.
A confirmation dialog displays.
11. Press the Tab key to highlight Yes.
12. Press the Enter key.
The Static Hosts Management menu displays.
Configuring Application Ports
To configure an application port:
1. Log in to the System Console.
For more information, see Logging in to the System Console of Your Server and Changing
the Default Password.
2. Enter 7 to select Applications.
29
2. Configuring Your Vidyo Server for WebRTC
3. Press the Tab key to highlight OK.
4. Press the Enter key.
The main menu displays.
5. Press the Up or Down arrow keys to highlight the desired application.
6. Press the Tab key to highlight OK.
7. Press the Enter key.
The Network Time Servers menu displays.
8. Enter a new port for your application to listen on in the Port field.
9. Press the Tab key to highlight OK.
10. Press the Enter key.
A confirmation dialog displays.
11. Press the Tab key to highlight Yes.
12. Press the Enter key.
A second confirmation dialog displays.
13. Press the Tab key to highlight Yes.
14. Press the Enter key.
The main menu displays.
30
2. Configuring Your Vidyo Server for WebRTC
Viewing Applications from the Information Menu
You can view your configured applications using the Information menu.
To view your configured applications using the Information menu:
1. Log in to the System Console.
For more information, see Logging in to the System Console of Your Server and Changing
the Default Password.
2. Enter 0 to select Information.
3. Press the Tab key to highlight OK.
4. Press the Enter key.
The Information menu displays.
5. Press the Up or Down arrow keys to select Applications.
6. Press the Tab key to highlight OK.
7. Press the Enter key.
The Applications screen displays.
8. View the applications and their IP addresses as desired.
9. Press the Tab key to highlight OK.
10. Press the Enter key.
The Information menu displays.
31
2. Configuring Your Vidyo Server for WebRTC
Viewing System Details from the Information Menu
You can view your configured system details using the Information menu.
To view your configured system details using the Information menu:
1. Log in to the System Console.
For more information, see Logging in to the System Console of Your Server and Changing
the Default Password.
2. Enter 0 to select Information.
3. Press the Tab key to highlight OK.
4. Press the Enter key.
The Information menu displays.
5. Press the Up or Down arrow keys to select System.
6. Press the Tab key to highlight OK.
7. Press the Enter key.
The System screen displays.
8. View the system information appearing on the screen as desired.
9. Press the Tab key to highlight OK.
10. Press the Enter key.
The Information menu displays.
32
2. Configuring Your Vidyo Server for WebRTC
Rebooting Your Server
To reboot your server:
1. Log in to the System Console.
For more information, see Logging in to the System Console of Your Server and Changing
the Default Password.
2. Enter 8 to select Reboot.
3. Press the Tab key to highlight OK.
4. Press the Enter key.
A Confirm dialog displays warning you that your system will reboot and asking if you are
sure.
5. Press the Tab key to highlight Yes.
6. Press the Enter key.
A second confirmation dialog displays.
7. Press the Tab key to highlight Yes.
8. Press the Enter key.
Your system reboots.
Shutting Down Your Server
To shut down your server:
1. Log in to the System Console.
For more information, see Logging in to the System Console of Your Server and Changing
the Default Password.
2. Enter 9 to select Shutdown.
3. Press the Tab key to highlight OK.
33
2. Configuring Your Vidyo Server for WebRTC
4. Press the Enter key.
A Confirm dialog displays warning you that if you shut down the server, it is no longer
accessible until it is turned on again and asking if you are sure.
5. Press the Tab key to highlight Yes.
6. Press the Enter key.
A second confirmation dialog displays.
7. Press the Tab key to highlight Yes.
8. Press the Enter key.
Your system shuts down.
Exiting the System Console of Your Server
To exit the system console of your server:
1. Press the Tab key to highlight Exit.
2. Press the Enter key.
Logging in to the Admin Portal
Now that you have connected your Vidyo Server for WebRTC server to the network, you must log in
as the Admin and configure your Vidyo Server for WebRTC.
To log in to your Vidyo Server for WebRTC Admin Portal:
1. Enter the Production interface IP address or FQDN for Vidyo Server for WebRTC in the
address bar of a web browser using one of the following ports:
http://[IP or FQDN address]/admin
OR (if certificates have been installed)
https://[IP or FQDN address]/admin
34
2. Configuring Your Vidyo Server for WebRTC
2. Log in to the Vidyo Server for WebRTC Admin Portal using your System Console account.
Note
If you do not enter information on this page, you will be logged out from inactivity.
35
3. Configuring Your Vidyo Server for
WebRTC System Settings
Tabs are shown along the top of your Vidyo Server for WebRTC Admin pages for Media Servers,
Conferences, Configurations, Access Control, Maintenance, and Logout are used to configure
different areas of your system. The following sections cover these tabs in more detail.
Understanding Vidyo Server for WebRTC Clusters
Vidyo Server for WebRTC comes from the factory configured as a single Standalone server. It has
a Media Server and a Session Manager. The role of the Media Server is to establish WebRTC calls
to the browser application, communicate with the VidyoPortal, and establish calls to the
VidyoRouter. The role of the Session Manager is to provide configuration for the cluster, monitor
the Media Servers and distribute WebRTC calls to the best Media Server, and provide signaling
and media proxying services.
Every cluster must have one or more Session Managers and one or more Media Servers. For very
small deployments or lab setups, a single server can act as both the Session Manager and Media
Server. A large deployment may have a single Session Manager (or two or three for High
Availability) and many Media Servers.
Only Session Managers require public IP addresses. The public IP address may be directly
configured on the Session Manager or may be a static NAT configured on a firewall. Media Servers
do not need public IP addresses. The Session Managers and Media Servers must be able to reach
each other.
36
3. Configuring Your Vidyo Server for WebRTC System Settings
Note
The Media Server that is on the same server as the Session Manager also must be added
to the list of Media Servers and configured in order to be used. In larger cluster
configurations, it may make sense not to configure it.
Once Vidyo Server for WebRTC is added to a Cluster in a Media Server role, its Admin portal only
provides a MAINTENANCE tab with controls for security, downloading logs, upgrading your
system, and shutting down and rebooting the machine.
Once you add a server to the cluster as described in Adding Media Servers to the Cluster, the
Session Manager requests heartbeat service from the Media Server. Once the Session Manager
receives the heartbeat from the server, it makes the Media Server available for calls.
For High Availability, you may configure multiple Session Managers to use the same Media Server
nodes. With a multiple Session Manager configuration you will need to have a single FQDN with
DNS load balancing across the Session Managers. When building a cluster with Media Servers
handling 50 or more simultaneous calls, it is recommended not to use the built-in Media Servers
on the Session Manager servers in order to reserve resources for media proxying.
Vidyo Server for WebRTC Cluster
Media Server
Tenant: xyz.mydomain.com
Session Manager
Media Server
Media Server
Session Manager
Vidyo Conference
Vidyo
User
Vidyo
User
Room Ext. 7001
37
Vidyo
User
3. Configuring Your Vidyo Server for WebRTC System Settings
Configuring Vidyo Server for WebRTC Clusters
Every Vidyo Server for WebRTC image contains a Session Manager and a Media Server packaged
together. The Session Manager manages the cluster load balancing. When additional servers are
added to a cluster as Media Servers, the Admin portal changes and only includes a
MAINTENANCE tab with controls for security, downloading logs, upgrading your system, and
shutting down and rebooting the machine.
For Standalone sever configurations, the same server must be added as a Media Server.
Adding Media Servers to the Cluster
To add Media Servers to the Cluster:
1. Log in to the Admin portal using your account.
For more information, see Logging in to the Admin Portal.
2. Click the MEDIA SERVERS tab.
3. Click Add Server.
4. Enter the Private or Public IP address or FQDN of the Media Server.
When https is used, it is best to provide an FQDN; providing an IP address will result in
browser warnings as the IP address will not match the domain name in the uploaded
certificate. If a private address is used, Session Manager will relay all the signaling
messages.
38
3. Configuring Your Vidyo Server for WebRTC System Settings
5. Add the username and password that will be used by the Session Manager to connect to
the Media Server.
Note
The same username and password needs to be configured on the media server from the
Security > Media Server Access tab.
6. Click Add.
Deleting Media Servers from the Cluster
To delete Media Servers from the Cluster:
1. Log in to the Admin portal using your account.
For more information, see Logging in to the Admin Portal.
2. Click the MEDIA SERVERS tab.
3. Select one or more checkboxes in the corresponding rows of the Media Servers you want
to delete.
4. Click Delete Servers.
A Delete Servers dialog displays.
5. Click Delete.
39
3. Configuring Your Vidyo Server for WebRTC System Settings
Configuring Media Server Access Credentials
To change the Media Server access password:
1. Log in to the Admin portal using your account.
For more information, see Logging in to the Admin Portal.
2. Navigate to MAINTENANCE > SECURITY.
3. Click the Media Server Access subtab
4. Change the username and password that you wish to use for the Session Manager to
communicate to the Media Server.
Note
When changing the username and password on an active server you must disconnect any
active calls that are running on that Media Server.
When you change the Media Server Access credentials on the Media Server, you must
delete and re-add the server on the Media Server Access subtab of all Session Managers.
The username and password MUST match in order for the Session Manager to utilize the
Media Server.
Managing Conferences
The Conferences tab provides a table display of all conferences taking place in your system.
To manage conferences on your Vidyo Server for WebRTC settings:
1. Log in to the Admin portal using your account.
For more information, see Logging in to the Admin Portal.
40
3. Configuring Your Vidyo Server for WebRTC System Settings
2. Click the CONFERENCES tab.
The tab provides the following information about conferences taking place in your system:
 Room Name
 Portal
 Host Name
 IP Address
 Action
Viewing Conference Participants
You can view the conference participants in conferences taking place on your system.
To view conference participants:
1. Log in to the Admin portal using your account.
For more information, see Logging in to the Admin Portal.
2. Click the CONFERENCES tab.
3. Click View Participants on the row corresponding to the conference whose participants you
wish to view.
41
3. Configuring Your Vidyo Server for WebRTC System Settings
The Conference View screen displays.
The top part of the screen provides the following information about the specific conference
taking place in your system:
 The Room Name field displays the name of the room being used for the conference in
your system.
 The Media Server field displays the name of the specific media server in which the
conference is taking place on your system.
 The No. of Participants field displays the total number of participants in the conference
on your system.
The lower part of the screen provides the following information about the participants in the
conference taking place on your system:
 The Participant Name field displays the name of the participant.
 The Browser Type field displays the browser and version being the participant is using
to access the conference.
 The Call Duration field displays the length of the call in minutes.
 The WebRTC field indicates whether or not the user is accessing the conference using
WebRTC.
 The JPEG field indicates whether or not the user is accessing the conference using
JPEG streaming.
 The Sharing field indicates whether or not the user is providing a Share to the
conference.
 The Action field displays the Terminate button.
4. Click the Terminate button in the Action column to remove the corresponding user from the
conference if desired.
5. Click Back.
The CONFERENCES tab displays.
42
3. Configuring Your Vidyo Server for WebRTC System Settings
Managing Configurations
The Configurations tab includes sub tabs you can use to manage the following options:
 Whitelisted Portals
 CORS
 Resolution (Capacity Management)
 Advanced
Configuring Whitelisted Portals
Adding Whitelisted VidyoPortals
You must specify the URL of the VidyoPortal tenants on which you wish to place calls.
Note
Your whitelisted VidyoPortal entries must include http or https as needed.
In order to have meeting links launch Vidyo Server for WebRTC, you must also configure
the VidyoPortal tenant to point to the Vidyo Server for WebRTC Session Manager.
For more information, see Adding Media Servers to the Cluster.
To add whitelisted VidyoPortals:
1. Log in to the Admin portal using your account.
For more information, see Logging in to the Admin Portal.
2. Click the CONFIGURATIONS tab.
3. Click the Whitelisted Portals subtab.
4. Click Add Portal.
43
3. Configuring Your Vidyo Server for WebRTC System Settings
The Add Portal dialog displays.
5. Enter the URL of the VidyoPortal tenant on which you wish to place calls in the Portal to be
whitelisted field.
Note
The URL must include http:// or https:// unless using a wildcard.
6. Click Add.
Note
You can easily add all tenants on a VidyoPortal by using a wildcard. For example, you can
enter *.example.com to add all tenants of the VidyoPortal with the example.com domain.
Deleting Whitelisted VidyoPortals
To delete whitelisted VidyoPortals:
1. Log in to the Admin portal using your account.
For more information, see Logging in to the Admin Portal.
2. Click the CONFIGURATIONS tab.
3. Click the Whitelisted Portals subtab.
4. Select one or more checkboxes in the corresponding rows of the VidyoPortals you want to
delete.
5. Click Delete Portals.
44
3. Configuring Your Vidyo Server for WebRTC System Settings
The Delete Portals dialog displays.
6. Click Delete.
Viewing, Adding, and Deleting Voice Numbers on Whitelisted
VidyoPortal Tenants
You can view, add, and delete voice numbers on a configured VidyoPortal tenant. These voice
numbers are displayed to JPEG streaming participants along with the extension to dial to join the
conference when prompted by the IVR.
Note
JPEG streaming is not used by VidyoWeb.
Viewing Voice Numbers on a Whitelisted VidyoPortal Tenant
To view voice numbers on a whitelisted VidyoPortal tenant:
1. Log in to the Admin portal using your account.
For more information, see Logging in to the Admin Portal.
2. Click the CONFIGURATIONS tab.
3. Click the Whitelisted Portals subtab.
4. Click View Voice Numbers in the row of the VidyoPortal tenant.
45
3. Configuring Your Vidyo Server for WebRTC System Settings
The Voice Numbers screen displays.
The voice numbers configured for the selected VidyoPortal tenant display in the table
display.
5. Click the Back button to return to the Whitelisted Portals subtab.
Adding Voice Numbers on a Whitelisted VidyoPortal Tenant
To add voice numbers on a whitelisted VidyoPortal tenant:
1. Log in to the Admin portal using your account.
For more information, see Logging in to the Admin Portal.
2. Click the CONFIGURATIONS tab.
3. Click the Whitelisted Portals subtab.
4. Click View Voice Numbers in the row of the VidyoPortal tenant.
46
3. Configuring Your Vidyo Server for WebRTC System Settings
The Voice Numbers screen displays.
5. Click Add Voice Number.
The Add Voice Number dialog displays.
6. Enter the voice number you wish to add to your VidyoPortal tenant in the Voice Number
field.
7. Click Add.
8. Click the Back button to return to the Whitelisted Portals subtab.
Deleting Voice Numbers on a Whitelisted VidyoPortal Tenant
To delete voice numbers on a whitelisted VidyoPortal tenant:
1. Log in to the Admin portal using your account.
For more information, see Logging in to the Admin Portal.
2. Click the CONFIGURATIONS tab.
47
3. Configuring Your Vidyo Server for WebRTC System Settings
3. Click the Whitelisted Portals subtab.
4. Click View Voice Numbers in the row of the VidyoPortal tenant.
The Voice Numbers screen displays.
5. Select one or more checkboxes in the corresponding rows of the voice numbers you want
to delete.
6. Click Delete Voice Numbers.
The Delete Voice Numbers dialog displays.
48
3. Configuring Your Vidyo Server for WebRTC System Settings
7. Click Delete.
8. Click Back to return to the Whitelisted Portals subtab.
Configuring Cross-Origin Resource Sharing (CORS)
CORS domains are needed by Application Developers hosting applications that use the
VidyoClient API for WebRTC on a different domain than the Vidyo Server for WebRTC is configured
to use. This does not need to be configured when using VidyoWeb.
You can add or delete CORS domains from your system using the CORS subtab.
Adding a CORS Domain
To add a CORS domain to your system:
1. Log in to the Admin portal using your account.
For more information, see Logging in to the Admin Portal.
2. Click the CONFIGURATIONS tab.
3. Click the CORS subtab.
4. Click Add CORS Domain.
The Add CORS Domain dialog displays.
5. Enter the name of your CORS domain in the CORS Domain field.
6. Click Add.
49
3. Configuring Your Vidyo Server for WebRTC System Settings
Deleting a CORS Domain
To delete a CORS domain to your system:
1. Log in to the Admin portal using your account.
For more information, see Logging in to the Admin Portal.
2. Click the CONFIGURATIONS tab.
3. Click the CORS subtab.
4. Select one or more checkboxes in the corresponding rows of the CORS domains you want
to delete.
5. Click Delete CORS Domain(s).
The Delete CORS Domain(s) dialog displays.
6. Click Delete.
Configuring Your System Video Stream Resolution
The resolution of video streams can have a big impact on the capacity of the Vidyo Server. For
more information about capacity recommendations, see Configuring Your System CPU Threshold.
The maximum resolution of video streams that your Vidyo Server will provide to clients can be set.
Additionally, the Vidyo Server can be configured to optimize for capacity or for quality. When
optimized for capacity, the lower complexity VP8 codec is used and subtle changes in resolution
and frame rate are employed during calls with multiple video tiles to allow for additional calls.
When optimized for quality, the VP9 codec is used and tile resolution and frame rate more closely
matches what is requested by the endpoint.
To configure your system video stream resolution:
1. Log in to the Admin portal using your account.
For more information, see Logging in to the Admin Portal.
50
3. Configuring Your Vidyo Server for WebRTC System Settings
2. Click the CONFIGURATIONS tab.
3. Click the Resolution subtab.
4. Select the desired Max Resolution from the drop-down.
5. Select either the Capacity or Quality radio button as desired.
Note
Selecting the Quality radio button is recommended for a better user experience. Selecting
the Capacity radio button allows the Vidyo Server to employ advanced logic to achieve
higher capacity.
For more information, see Configuring Your System CPU Threshold.
6. Click Update.
Configuring Your System CPU Threshold
The CPU Utilization Threshold configuration specifies the maximum CPU usage beyond which
additional calls will not be routed to a Media Server. You must specify a minimum range from 0 to
a maximum of 100%.
To configure your system CPU threshold:
1. Log in to the Admin portal using your account.
For more information, see Logging in to the Admin Portal.
2. Click the CONFIGURATIONS tab.
3. Click the Advanced subtab.
51
3. Configuring Your Vidyo Server for WebRTC System Settings
4. Enter a desired value for your CPU Utilization Threshold.
Note
The default and recommended value is 90%, which provides enough headroom for the
additional participants to be added to existing conferences.
5. Click Update.
Configuring Your Network Traversal
The Media Servers will attempt to establish non-relayed media sessions when possible by using a
STUN server. When a media relay is required to traverse far-end NAT, the Session Manager has an
embedded TURN server. To ensure the highest probability of browsers being able to establish
media sessions with the Media Server, it is recommended to configure the TURN server on a
separate IP address using port 443 for TCP, UDP, and TLS.
To configure the network traversal for your WebRTC server:
1. Log in to the Admin portal using your account.
For more information, see Logging in to the Admin Portal.
2. Click the CONFIGURATIONS tab.
3. Click the Advanced subtab.
You can use the default settings or configure based on your network preference.
In order for the Media Servers to attempt to establish non-relayed media streams, they
must use a STUN server on the outside of the NAT (usually on the Internet). By default they
will use a public STUN server on the Internet. To override the default and specify a specific
STUN server, deselect the Use default STUN server checkbox and enter the URI of your
preferred server.
4. Select Custom port (requires dedicated IP) from the Client Media Relay Port (TURN server
listening port) drop-down if you do not want to use the default TURN port (3478), or to turn
off the TURN server.
52
3. Configuring Your Vidyo Server for WebRTC System Settings
This is recommended for the greatest success in enabling browsers behind NAT, firewalls,
and web proxies so that calls can be established.
If you select Custom Port (requires dedicated IP), you need a dedicated IP address for the
TURN server on the same subnet as your Production IP address. A dedicated FQDN (if
TLS is to be enabled) must also be configured. When configuring a custom port, it is
recommended to set the Media Relay Port to 443.
5. Select the Enable TURN over TLS checkbox to allow tunneling media streams over TLS,
which is sometimes required for traversing firewalls and web proxies.
It is recommended to configure the Port as 443.
Note
Configuring the Media Relay Port (which is UDP and TCP) and the TLS port to 443 is
permissible and recommended.
Upon enabling TURN over TLS, you need to add certificates for the TLS connection.
53
3. Configuring Your Vidyo Server for WebRTC System Settings
6. Select the Use existing HTTPS certificate (must be SAN or wildcard) checkbox if you have
SAN or wildcard certificates already configured on the Security page, and the existing
HTTPS certificate will be used.
If you do not have a SAN or wildcard certificate or want to use a different certificate for this
FQDN, deselect the Use existing HTTPS certificate (must be SAN or wildcard) checkbox
and upload your certificates in the same manner that you do for security configurations.
54
3. Configuring Your Vidyo Server for WebRTC System Settings
Managing Administrative and User Accounts
The ACCESS CONTROL tab allows you to add administrative and user accounts that can access
the Vidyo Server for WebRTC Admin pages. These users may be assigned a role of “Admin”,
which grants the ability to view and change settings, or “User” which grants only the ability to view
the configuration.
Adding an Administrative or User Account
To add an administrative or user account:
1. Log in to the Admin portal using your account.
For more information, see Logging in to the Admin Portal.
2. Click the ACCESS CONTROL tab.
3. Click Add User.
55
3. Configuring Your Vidyo Server for WebRTC System Settings
The Add User dialog displays.
4. Provide the following information:
 Username
 Password
 Select Admin (Read/Write) or User (Read Only) from the User Role drop-down.
5. Click Add.
Deleting Accounts
To delete an account:
1. Log in to the Admin portal using your account.
For more information, see Logging in to the Admin Portal.
2. Click the ACCESS CONTROL tab.
3. Select the checkboxes to the left of the accounts you wish to delete.
4. Click Delete Users.
56
3. Configuring Your Vidyo Server for WebRTC System Settings
Securing Your Vidyo Server with SSL and HTTPS
Note
Browsers will block access to the camera and microphone unless the WebRTC Server is
using HTTPS and is configured with trusted certificates.
To secure your Vidyo Server by Enabling HTTPS, you must import a security bundle or complete
specific configurations done on sequential tabs from left to right in the Security section of the
Admin Pages. The tabs include:
1.
2.
3.
4.
The Private Key tab for Generating or Uploading an SSL Private Key.
The CSR tab for Generating an SSL Certificate Signing Request (CSR).
The Server Cert tab for Configuring your Certificate Chain.
The Advanced tab for deploying your Trusted CA Certificates.
The Advanced tab is also used to Import and Export Security Bundles. For more
information, see Importing Trusted CA Certificates from the Advanced Tab.
Importing, Exporting, and Regenerating an SSL Private Key
The following procedures show you how to import and regenerate an SSL Private Key.
An initial key with a 2048 key size is automatically generated when you first set up your system.
When regenerating, examine your own security requirements and applicable policies carefully
before deciding on a suitable key size.
Importing an SSL Private Key
Private keys can be imported into your server.
Note
Generating a new SSL Private Key requires a new CSR and SSL Server Certificate Chain.
Importing an SSL Private Key requires importing an associated SSL Server Certificate or
generating a new CSR and obtaining a new SSL Certificate from a Certificate Authority.
Private Keys are replaced if you choose to import from .p7b or .pfx bundle formats. For
more information, see Importing Certificates from a Certificate Bundle.
To import an SSL private key:
1. Log in to the Admin portal using your System Console account.
For more information, see Logging in to the Admin Portal.
57
3. Configuring Your Vidyo Server for WebRTC System Settings
2. Navigate to MAINTENANCE > SECURITY.
3. Click Import.
The Import Private Key pop-up displays.
4. Click Choose File to locate the private key file.
5. Enter a password in the Password field to encrypt data.
6. Click Import.
A Confirmation pop-up displays.
7. Click Yes.
If the upload completes, a system notification displays indicating the private key installed
successfully.
Regenerating an SSL Private Key
This system uses an asymmetrical (private key and public key) cryptosystem for security. Choose
the key size you desire and click the Regenerate button to create your private key.
Note
Changes made to an SSL Private Key require a new SSL Server Certificate. This requires
either importing an existing SSL Server Certificate or generating a CSR and obtaining an
SSL Certificate from a Certificate Authority.
58
3. Configuring Your Vidyo Server for WebRTC System Settings
To regenerate an SSL Private Key:
1. Log in to the Admin portal using your System Console account.
For more information, see Logging in to the Admin Portal.
2. Navigate to MAINTENANCE > SECURITY.
3. Click Regenerate.
The Regenerate Private Key pop-up displays.
4. Select 1024, 2048, or 4096 as your Private Key Size.
Note
Some countries or CAs limit the key size. Observe the limitations in effect in your country.
Check with your CA for Key Size requirements.
5. Click Regenerate.
If the change completes, a system notification is shown indicating the private key was
regenerated successfully.
Generating and Viewing an SSL CSR
A Certificate Signing Request (CSR) is a message sent to a Certificate Authority (CA) to request a
public key certificate for a person or web server. The majority of public key certificates issued are
SSL certificates, which are used to secure communications with web sites. The CA examines the
59
3. Configuring Your Vidyo Server for WebRTC System Settings
CSR, which it considers to be a wish list from the requesting entity. If the request is in line with the
CA's policy or it can be modified to bring it in line, the CA issues a certificate for the requesting
entity.
Generating an SSL CSR
To generate an SSL CSR:
1. Log in to the Admin portal using your System Console account.
For more information, see Logging in to the Admin Portal.
2. Navigate to MAINTENANCE > SECURITY.
3. Click the CSR subtab.
4. Check with your CA and carefully enter correct values for the following:
 Country Code (the 2 character ISO 3166 country code)
 State or Province Name
 Locality/City
 Organization
 Organization Unit
 Common Name (the FQDN of the server)
 Email Address
60
3. Configuring Your Vidyo Server for WebRTC System Settings
5. Provide all field information exactly as you registered it with your domain registration
provider.
You should consider all information on this screen mandatory before you click
Generate/Regenerate.
Note
Click Cancel to reload any previously saved field information.
Your SSL CSR is generated based on the SSL Private Key you entered during Importing an
SSL Private Key or Regenerating an SSL Private Key.
Viewing an SSL CSR
To view an SSL CSR:
1. Log in to the Admin portal using your System Console account.
For more information, see Logging in to the Admin Portal.
2. Navigate to MAINTENANCE > SECURITY.
3. Click the CSR subtab.
61
3. Configuring Your Vidyo Server for WebRTC System Settings
4. Click View.
The Certificate Signing Request pop-up displays.
5. Click Done.
Certificates Received from Your Certificate Authority
Most CAs instantly send certificates and provide at least a domain (server) certificate and may
provide a root and one or more intermediate certificates in separate files. However, some
authorities may provide the certificate data in a single email.
Note
When selecting the certificate type from your CA, be sure to select Apache2 or Tomcat. If
neither, the format supported by Vidyo Server is base64 X.509 pem or PKCS#7 (.p7b).
Your certificate authority may provide three types of files:
1. The domain certificate file. This is often named or titled server certificate.
2. One or more intermediate certificate files. This is optional.
3. The root certificate file.
Again, the certificate authority may send you these files, or require you to download them from
their website. Often, the certificates are not clearly identified, requiring you to identify each file type.
As mentioned, if your certificate authority provides certificate files in an email message, you must
copy and paste the appropriate text for each certificate type into a separate file and save it with the
correct extension, as described in the next section. Be sure to use a text editor that doesn’t
append carriage returns at the end of each line.
Vidyo recommends the following guidelines to identify certificate files from your CA:
 The domain file normally contains your server’s common name or FQDN.
62
3. Configuring Your Vidyo Server for WebRTC System Settings
 Intermediate files often contain the character string “inter” somewhere in the file name. Once
you identify which ones are the intermediates, you can then identify the root certificate file by
process of elimination.
 The remaining file is the CA’s root certificate file.
The CA may also only return the domain (server) certificate, and if needed or required, the root
and/or intermediate certificates need to be located, and manually downloaded from the CA’s
website.
If the root and/or intermediate certificates were not provided to you, your Vidyo server includes a
default bundle of common CA root and intermediate certificates. If you are using a mainstream CA,
the root and intermediate certificates may not be needed.
Note
Some CAs have several root and/or intermediate certificates available depending on the
type of certificate you have ordered. Be sure to locate the appropriate matching root and/or
intermediate certificates for your domain certificate. Contact your CA for assistance if
you’re not sure.
CAs provide different kinds of certificate file(s) to customers. Regardless, the following certificates
should be a part of what your CA provides to you:
 Domain Certificate (may have a .domain, .crt, or .cer extension).
 Intermediate Certificate(s) (optional, may be one or more, and may have an .inter, .crt, or
.cer extension).
 A Root Certificate (may have a .root, .crt, or .cer extension).
Certificate Files versus Bundles
Your CA may instead provide you with a .p7b file, which may contain Root and Intermediate or
Root, Intermediate, and Server Certificate content. Check with your CA to find out exactly where
each certificate is located. Your Vidyo server accepts the .pem, .crt, .cer, .p7b, and .pfx
formats. The .pfx format additionally includes the private key which may be password protected.
 Certificate Files (.pem, .crt, and .cer) are imported using the Server Certificate and
Advanced tabs. For more information, see Appending CA Chain Bundle and Importing Trusted
CA Certificates from the Advanced Tab.
 Bundles (.p7b and .pfx) are imported and/or exported (only .pfx formatted bundles can be
exported) from the Advanced tab. For more information, see Importing and Exporting
Certificates.
63
3. Configuring Your Vidyo Server for WebRTC System Settings
Uploading or Editing Your Server Certificate
Note
Perform the steps in this procedure after you receive certificate files back from your
certification authority.
An unsigned (self-issued) certificate does not provide a guarantee of security to your users.
Your Vidyo server checks certificates for validity based on the certificates issued date
range. Therefore, make sure that the time zone of your server is configured correctly prior
to applying your certificate.
If you instead plan on using self-signed certificates, you can click Generate Self-Signed to
have the server sign its own certificate (self-signed). Clicking Generate Self-Signed and
confirming removes your currently implemented server certificate.
Uploading Your Server Certificate
To upload your server certificate file:
1. Log in to the Admin portal using your System Console account.
For more information, see Logging in to the Admin Portal.
2. Navigate to MAINTENANCE > SECURITY.
3. Click the Server Cert subtab.
4. Click Upload.
The Upload SSL Certificate pop-up displays.
5. Click Choose File to locate the private key file.
6. Click Upload.
A Confirmation pop-up displays.
7. Click Yes.
If the upload completes, a system notification is shown indicating the private key installed
successfully.
Editing Your Server Certificate
Changes made to an SSL Private Key require a CSR and SSL Server Certificate. This includes
uploading existing keys, editing existing keys, and regenerating new keys.
64
3. Configuring Your Vidyo Server for WebRTC System Settings
To edit a server certificate:
1. Log in to the Admin portal using your System Console account.
For more information, see Logging in to the Admin Portal.
2. Navigate to MAINTENANCE > SECURITY.
3. Click the Server Cert subtab.
Note
When you click on the Server Cert subtab the Server Certificate Chain will be validated
against the Trusted CA Certificates (as configured in the Advanced subtab). A message will
indicate whether this server certificate would be accepted, warned, or rejected by web
browsers.
4. Click Edit.
65
3. Configuring Your Vidyo Server for WebRTC System Settings
The Server Certificate pop-up displays.
5. Modify certificate data in the scrollable text region on the pop-up as desired.
6. Click Save.
If the edit completes, a system notification displays indicating the change was successful.
Appending CA Chain Bundle
In addition to issuing SSL Certificates, a Trusted Root CA certificate can also be used to create
another certificate, which in turn can be used to issue SSL Certificates. The majority of SSL
certificates in use around the world are chained certificates of this type.
As the Intermediate Certificate is issued by the Trusted Root CA, any SSL Certificates issued by the
Intermediate Certificate inherits the trust of the Trusted Root, effectively creating a certification
chain of trust. In many cases the chaining is not limited to a single intermediate. More than one
intermediate certificate may be part of a Certificates Bundle.
To append CA chain bundle:
1. Log in to the Admin portal using your System Console account.
For more information, see Logging in to the Admin Portal.
66
3. Configuring Your Vidyo Server for WebRTC System Settings
2. Navigate to MAINTENANCE > SECURITY.
3. Click the Server Cert subtab.
4. Click Append CA Chain Bundle.
The Append CA Chain Bundle pop-up displays.
5. Click Choose File to locate the file.
6. Click Upload.
A Confirmation pop-up displays.
7. Click Yes.
Configuring HTTPS Port Settings for Your Admin Pages
Note
The Applications tab is also used for Management Interface settings.
If you set the HTTPS Port to anything other than 443, administrators will have to manually
add the port to the URL of the Admin Pages in their browsers. For example,
https://webrtc.example.com:8443/admin
To configure the HTTPS Port settings for your Admin pages:
1. Log in to the Admin portal using your System Console account.
For more information, see Logging in to the Admin Portal.
67
3. Configuring Your Vidyo Server for WebRTC System Settings
2. Navigate to MAINTENANCE > SECURITY.
3. Click the Ports subtab.
The HTTPS port is set to 443 by default. You can change the port value if necessary.
Otherwise, leave it as 443.
4. Click Save and Apply.
Note
Any active calls going through your specific Vidyo server are dropped when you click Save
and Apply.
A Confirmation pop-up displays.
5. Click Yes.
If the changes are applied to your Vidyo server, a system notification displays indicating the
settings saved successfully.
Importing Trusted CA Certificates from the Advanced Tab
The Advanced tab is used to upload trusted CA Certificates. This includes all Intermediate and
Root Certificates.
Note
If your system requires trusting other secure systems, such as VidyoPortals and
VidyoRouters, their certificates must also be uploaded in this tab.
68
3. Configuring Your Vidyo Server for WebRTC System Settings
Importing a CA Certificate
Vidyo servers ship with a default trusted Certificate Authority (CA) bundle and is enabled by
default. This Advanced tab function allows you to enable or disable the use of this list.
You may view the bundle by clicking the View button.
To import a CA Certificate:
1. Log in to the Admin portal using your System Console account.
For more information, see Logging in to the Admin Portal.
2. Navigate to MAINTENANCE > SECURITY.
3. Click the Advanced subtab.
4. Click Add.
The Add Trusted Certificate Authority pop-up displays.
5. Click Choose File to locate the client CA cert.
6. Click Upload.
69
3. Configuring Your Vidyo Server for WebRTC System Settings
A Confirmation pop-up displays.
7. Click Yes.
If the changes are applied to your Vidyo server, a system notification displays indicating the
settings saved successfully.
Importing and Exporting Certificates
You can also import or export certificate bundles using the Advanced subtab.
Importing Certificates from a Certificate Bundle
To import a bundle:
1. Log in to the Admin portal using your System Console account.
For more information, see Logging in to the Admin Portal.
2. Navigate to MAINTENANCE > SECURITY.
3. Click the Advanced subtab.
70
3. Configuring Your Vidyo Server for WebRTC System Settings
4. Click Import security bundle (.pfx, .p12, .p7b).
The Import Security Bundle pop-up displays.
5. Click Choose File to locate the bundle.
6. If using the .pfx format, enter the password.
7. Click Upload.
A Confirmation pop-up displays.
8. Click Yes.
If the changes are applied to your Vidyo server, a system notification displays indicating the
settings saved successfully.
Exporting a Security Bundle Containing Your Certificate Configuration
To export your security configuration:
1. Log in to the Admin portal using your System Console account.
For more information, see Logging in to the Admin Portal.
2. Navigate to MAINTENANCE > Security.
71
3. Configuring Your Vidyo Server for WebRTC System Settings
3. Click the Advanced subtab.
4. Click Export security bundle (.pfx).
The Export Security Bundle pop-up displays.
5. Enter a password in the Password field.
6. Click Export.
7. Your browser downloads a .pfx file containing your current security configuration.
Enabling HTTPS on Your Vidyo Server
HTTPS is enabled by default with a built-in self-signed certificate intended for bootstrapping.
Properly implementing HTTPS for your Vidyo Server for WebRTC system requires you to acquire a
signed, verified Secure Socket Layer (SSL) certificate. You must register a certificate with a
Certificate Authority (CA) such as VeriSign, GoDaddy, etc.
72
3. Configuring Your Vidyo Server for WebRTC System Settings
Note
An unsigned (self-issued) certificate does not provide a guarantee of security to your users
and will cause their web browsers to alert them.
Your Vidyo Server for WebRTC is secured using one of the following methods:
 Single Keyed Certificate – Configure and set up Vidyo Server for WebRTC using its own
separate, independently keyed certificate acquired from a CA.
 Third Party Shared Key, CSR, Certificate Bundle – Import a shared key, CSR, and certificate
bundle generated via a third-party server. Microsoft Windows server uses this method. When
sharing security elements (Keys, Certificates, Bundles) with third-party servers, the server and
your Vidyo Server for WebRTC FQDNs must all be covered under the same Wildcard or SAN
certificate.
Selecting HTTPS / HTTP Mode
To Select the HTTPS / HTTP Mode:
1. Log in to the Admin portal using your account.
For more information, see Logging in to the Admin Portal.
2. Navigate to MAINTENANCE > SECURITY.
3. Select any of the following options from the SSL Type drop-down:
 HTTP+HTTPS to allow both HTTP and HTTPS connections
 HTTPS Only to disable HTTP
 HTTPS + HTTP Redirect to redirect HTTP requests to HTTPS
A Confirmation dialog displays.
4. Click Yes.
5. Click Apply Settings for the configuration to take effect.
You can now browse your system over HTTPS.
6. Browse to the Vidyo Server for WebRTC Admin Pages to confirm that HTTPS is working
properly and that the browser does not post any security errors.
Be sure to include the HTTPS header in the URL (e.g., https://<FQDN>/admin). Verify that
HTTPS displays on the left side of the address bar and that a lock icon appears. Some
browsers emphasize an HTTPS session with a color like green or blue.
73
3. Configuring Your Vidyo Server for WebRTC System Settings
Note
You can also verify your signed certificate by displaying information for it in your web
browser. See the documentation that came with your web browser for information.
If your browser generates a root certificate error, first check that your operating system has
the latest root certificates update applied.
If you are successful browsing to your system’s Admin pages using HTTPS and you do not
receive any browser errors, continue with the next procedure.
Maintaining Your System
The MAINTENANCE tab includes controls for security, downloading logs, upgrading your system,
and shutting down and rebooting your Vidyo Server for WebRTC.
Downloading Logs
To download logs:
1. Log in to the Admin portal using your account.
For more information, see Logging in to the Admin Portal.
2. Navigate to MAINTENANCE > DOWNLOAD LOGS.
Your browser downloads log information in plain text format in a .tar.gz file.
To download logs from all Media Servers connected to a Session Manager:
1. Click MAINTENANCE > DOWNLOAD LOGS-ALL.
Note
It may take several minutes for all of the logs to be gathered and downloaded.
74
3. Configuring Your Vidyo Server for WebRTC System Settings
Upgrading Your System
The upgrade from software version 3.0 to 3.1 is an image upgrade. Users of version 3.0 must
replace their virtual machine with a 3.1 virtual machine and reconfigure it. Subsequent software
releases and security patches will be installed following the procedures outlined in this section.
To upgrade your system:
1. Log in to the Admin portal using your account.
For more information, see Logging in to the Admin Portal.
2. Navigate to MAINTENANCE > UPGRADE.
The current software version is shown in the Software Version field.
3. Click Choose File to locate the Vidyo Server for WebRTC installation file.
4. Click Upgrade and Reboot.
An Upgrade and Reboot dialog informs you that the change drops all of the active
conference calls on your Vidyo Server for WebRTC.
5. Click Upgrade and Reboot to confirm.
After your Vidyo Server for WebRTC reboots, return to the MAINTENANCE > UPGRADE
and confirm that the upgraded software version is the one currently being used by your
system.
Rebooting Your Server
To reboot your server:
1. Log in to the Admin portal using your account.
For more information, see Logging in to the Admin Portal.
75
3. Configuring Your Vidyo Server for WebRTC System Settings
2. Navigate to MAINTENANCE > SHUTDOWN/REBOOT.
3. Enter the Admin Username.
4. Enter the Admin Password.
5. Click the Reboot or Shutdown button to restart or shut down Vidyo Server for WebRTC.
You can also restart Vidyo Server for WebRTC by pressing the Power button on the unit to
power it off, and then pressing it again to power it back on.
Note
When Vidyo Server for WebRTC is restarted or shut down, all calls using Vidyo Server for
WebRTC that are in progress are ended. Additionally, once the server shuts down you can
power it back up only by physically pressing the Power button on the front of the unit.
Logging Out of Your Server
To log out of your server, click the LOGOUT tab.
76
4. Configuring the VidyoPortal for
WebRTC
VidyoWeb version 3.2 and later works with both the VidyoWeb plugin and WebRTC.
To enable VidyoWeb to work with your WebRTC cluster:
1. Log in to the Admin portal on VidyoPortal 3.3.3 (or later) using your Admin account.
For more information, refer to “Logging in as a Tenant Admin” in the VidyoConferencing
Administrator Guide.
2. Click the Settings tab.
3. Click Feature Settings on the left menu.
4. Click Vidyo Web.
Note
You must use VidyoWeb version 3.2 or later.
5. Enter the URL of your WebRTC Session Manager in the WebRTC Session Manager field.
Note
If your session manager is secured, you must include https in the WebRTC Session
Manager field and the URL should be an FQDN and not an IP address.
6. Select the Enabled radio button to enable the WebRTC Session Manager for guests.
For more information, refer to “Configuring VidyoWeb on your Tenant” in the
VidyoConferencing Administrator Guide.
Tip: If you are using multiple Session Managers for high availability, use a single FQDN that
resolves to both Session Managers on a round-robin basis.
77
5. Vidyo Server for WebRTC Capacity
Guidelines
Capacity planning for the Vidyo Server for WebRTC requires planning for the total CPU, memory,
and bandwidth, which is a requirement for all Media Servers and Session Managers.
The Vidyo Server for WebRTC is a Virtual Machine that can be deployed on a variety of hardware. It
is important to use Resource Reservation within VMWare to ensure that adequate memory and
CPU are available to handle the planned call load.
The recommended maximum resolution configuration is between 360p and 720p, with 480p or
540p typically being the optimum. Many laptops are not capable of encoding above VGA
resolution 640x480, causing them to fall back to VGA on occasion even if higher resolutions are
configured. 1080p should only be used in circumstances where the endpoint hardware is known to
be powerful enough. Resolutions below 360p should only be used if the video will only be
rendered into a small tile.
The following table provides the expected capacities for a recommended default configuration
using the Quality setting:
Vidyo Server for WebRTC
Version 3.2 Capacity
4 540p / 5 480p
Note
VM Configuration
Resource Reservation
RAM [GB]
Storage [GB]
CPU [GHz]
RAM [GB]
8
50
17.5
4
You should configure the Virtual Machine with the fewest number of vCPU required to
support the desired resource reservation.
On a single host, such as the Dell R430 with dual Intel E5-2680v3 CPUs running VMWare ESXi, you
could run 3 Virtual Editions.
To customize your solution based on your hardware and capacity goals, follow the instructions in
the remainder of this section.
To determine the Media Server CPU requirements, select the GHz per call based on the following
table:
Max Resolution Setting
GHz per call
360p
480p
540p
1.8
2.6
3
78
5. Vidyo Server for WebRTC Capacity Guidelines
Max Resolution Setting
GHz per call
720p
4.3
Note
A call is defined as bi-directional audio and video from a web browser into the Vidyo
infrastructure. For example, a two-way meeting with one WebRTC participant and one
VidyoDesktop participant counts as one call; whereas a two-way meeting with two
WebRTC participants counts as two calls.
If the majority of your meetings involve three or more participants, multiply your number by 1.2.
The resulting number is the total GHz that should be reserved per call. Multiply that number by the
peak number of simultaneous calls that you plan to manage to determine the total GHz required
across all Media Servers.
VMWare vSphere or vCenter will tell you the available Resource Reservation on your ESXi server.
To estimate what the available Resource Reservation will be before purchasing hardware, multiply
the number of physical CPU cores (not hyper-threaded cores or number of threads) by the base
clock speed (not the turbo clock speed).
Example: How many calls in two-party conferences could be expected to run on a server with a
dual Intel E5-2680v3 CPU (total of 24 physical cores at 2.5GHz) when 480p / Quality is the
resolution configuration and the max CPU threshold is set to 90%?
(24 x 2.5 x .9) / 2.6 = 20
Note
By selecting Capacity mode on the Configurations > Resolution tab of the Admin portal
you can increase capacity by up to 20%, but will reduce the picture quality.
In addition to CPU, the Server virtual machine must be configured with sufficient memory. Allocate
8GB of RAM for the capacities listed in the following table:
Resolution
Number of Media Streams per 8GB
360p
50
480p
32
540p
25
720p
16
Use the following table to plan the bandwidth required per call at different resolutions.
Resolution
Bandwidth (kbps)
360p
512
480p
768
79
5. Vidyo Server for WebRTC Capacity Guidelines
Resolution
Bandwidth (kbps)
540p
1024
720p
1536
For calls in multi-party conferences, multiply the number in the table above by 1.25.
For each Session Manager resource reservation plan 8Ghz and 8GB for 300 calls.
80
6. Network Topology
Vidyo Server for WebRTC has two standard configurable interfaces: the Production Interface and
the Management Interface. These interfaces are configured in the Vidyo Server console menu.
While enabling the Management Interface is optional, it is recommended for improved security. If
the Management Interface is not enabled, then all admin web pages run on the Production
Interface.
Optionally, a second IP address on the same subnet as the Production Interface may be
configured via the Admin Web Interface Configuration > Advanced subtab for the Media Relay
(TURN server).
Note
The Production interface have either a public Internet IP address, or a 1:1 NAT – a DMZ IP
address that maps directly to the public IP address on the other side of a Firewall.
The WebRTC server must be able to reach the VidyoPortal and VidyoRouter from the
Production Interface without using VidyoProxy.
As with all Vidyo Servers, for improved security it is suggested that the Management
Interface be an isolated network configured to allow connections from the corporate LAN,
but not allowed to make connections out to the corporate LAN.
The following table lists the Vidyo Server for WebRTC port usage:
Type
Number or Range
Direction
Interface
TCP
80 and/or 443
(recommended)
or configurable to
any port
In
Management* Admin Web Interface
TCP
22
(recommended)
or 2222
In
Management* ssh – access from the Internet should
be blocked
TCP
443
(recommended)
or 80
In
Production
WebRTC and Session Manager
signaling
UDP
60000-61000
Both
Production
SRTP – it is optional to open these
ports; if blocked media will be proxied
using TURN
UDP
and
TCP
3478
In
Production
TURN – TURN may be optionally
configured on a different IP address on
any port
81
Usage
6. Network Topology
Type
Number or Range
Direction
Interface
Usage
UDP
and
TCP
3478
Out
Production
STUN
TCP
80 or 443
Out
Production
VidyoPortal Web Services APIs
TCP
17992
Out
Production
VidyoManager EMCP
TCP
17990
Out
Production
VidyoRouter SCIP
*Management interface ports will run on the Production Interface if the Management Interface is
not enabled
Public Network
DMZ IP Space
Internet
Internal Network
VidyoPortal
Layer 3 Switch
Production Interface WAN
VidyoRouter
WebRTC
Enabled
Device
Vidyo Server for WebRTC
Firewall NAT
Management Interface
82
Vidyo Users via
Endpoints and
Browsers
7. Troubleshooting
Do the WebRTC Servers have valid signed certificates?
Invalid certificates will cause HTTPS connections to fail. If you use certificates that are not signed
by a valid Certificate Authority or Self-Signed or use HTTP, browsers will block or warn against
connections to your system and will not provide access to the camera and microphone. For more
information, see Securing Your Vidyo Server with SSL and HTTPS.
Are the Media Servers configured on the Session Manager?
The Media Servers Production IP Addresses must be correctly configured on the Session Manager
for it to route calls to the Media Server. If the Public IP Address associated with the Media Server is
incorrectly configured, browsers will not be able to reach the Media Server. For more information,
see Configuring Your Production Interface.
Has your VidyoPortal tenant been whitelisted?
All VidyoPortals for which you will use the Vidyo Server for WebRTC to connect calls must be
whitelisted on the Configurations page. See Configuring Whitelisted Portals.
Do you have enough Media Server capacity to handle all
media streams?
You should plan for sufficient capacity by following the recommendations in this guide. While in
production, monitor the Media Server capacity by looking at the Cluster View in the Session
Manager; from there the CPU percent utilization (from 0% to 100%) for every Media Server in the
cluster can be seen. For more information, see Configuring Vidyo Server for WebRTC Clusters and
Managing Configurations.
Is DNS configured for resolving the Portal IP?
Vidyo Server for WebRTC must be configured with a DNS server that can resolve the FQDN of the
VidyoPortal to which it is connecting calls. The DNS server can be configured through the Admin
Console. For more information, see 2. Configuring Your Vidyo Server for WebRTC.
83
7. Troubleshooting
Have firewall rules been configured correctly?
See the Network Topology section for a list of ports that must be opened. For more information,
see 6. Network Topology.
Does the client browser support WebRTC?
Only Chrome and Firefox browsers have supported WebRTC implementations.
84
8. Advanced Debugging Tips
Connect to the Vidyo Server directly
You can form the URL manually using the following as a guide:
https://[FQDN of Media Server]/zincadmin/conf.htm?portalUri=[URL of
VidyoPortal]&roomKey=[roomkey from room link]
The following screenshot shows the Welcome screen:
Use the Diagnostics tool for troubleshooting
Access the tool by manually forming the URL using the following as a guide:
https://[FQDN of Media Server]/web/test.html?portalUri=[URL of
VidyoPortal]&roomKey=[roomkey from room link]
85
Download PDF

advertising