Notes on the STUN/TURN server deployment

Fundamentals

These notes are to be understood as a supplement to our online help and our best practice documents 'STUN/TURN Topologies' and 'Setting up the UCServer for ProCall Mobile Apps'.

Explanation

The STUN/TURN server is required to enable audio/video connections across network and firewall boundaries and connects the services:

• STUN (Session Traversal Utilities for NAT), see
  
  • https://de.wikipedia.org/wiki/Session_Traversal_Utilities_for_NAT
• TURN (Traversal Using Relays around NAT), see
  • https://en.wikipedia.org/wiki/Traversal_Using_Relays_around_NAT

In addition, the publication of the UCServer for signaling is also required.

Use cases

The following topologies must be distinguished in principle:

• For pure internal use of audio/video no additional STUN/TURN service is needed.
• For internal and external use (mobile app, etc.), the STUN/TURN service must be made available on the internet.
  

The following options are available for connecting internal and external audio/video clients:

• UCConnect Cloud Service, see https://support.estos.de/en/ucconnect/best-practice-dienste-ueber-ucconnect-aktivieren-und-einrichten
• Provision of the STUN/TURN server on the internet 

STUN/TURN server in the DMZ

CAUTION: The provision of the STUN/TURN service in a DMZ contradicts the basic STUN/TURN functionality and has considerable dependencies on the firewall and DNS configuration, therefore this constellation is generally not recommended. The functionality of the STUN/TURN service cannot be guaranteed by estos in this constellation and is the responsibility of the system engineer..

Further information

Setting up the UCServer for ProCall Mobile Apps