Configuring Access Proxy Settings

The access proxy feature in the RealPresence DMA Edge system provides reverse proxy services for external devices. You can configure access proxy settings to enable firewall/NAT traversal for login, registration, and call requests. When the RealPresence DMA Edge system receives a request from a remote user, the system accepts or denies the request, based on your basic Access Control List (ACL) settings. If the request is accepted, the RealPresence DMA Edge system sends a new request on behalf of the remote user to the appropriate application server.

The RealPresence DMA Edge system is configured with three default reverse proxies that route communication requests based on the type of target application server:

  • HTTPS_proxy: HTTPS servers that provide management services (RealPresence Resource Manager system), and web-based video conferencing services (RealPresence Web Suite)

  • LDAP_proxy: LDAP servers that provide directory services
  • XMPP_proxy: XMPP servers that provide message, presence, or other XMPP services

In addition to the default proxies, the RealPresence DMA Edge system supports the following proxy configurations:

  • PassThrough_proxy: A passthrough reverse proxy configuration provides transparent relay of communication requests through the RealPresence DMA Edge system to internal application servers. PassThrough_proxy is used primarily for backward compatibility with the TCP reverse proxy feature. Note that if you upgrade your system to a new version, PassThrough_proxy will not display on the main Access Proxy Settings page if you did not configure a TCP reverse proxy in a previous version of the RealPresence DMA Edge system.

  • HTTP tunnel proxy: An HTTP tunnel proxy enables SIP guest users to attend web-based video conferences hosted by an enterprise’s RealPresence Web Suite. Due to restrictive firewall rules, if a SIP guest client cannot establish a native SIP/RTP connection to a RealPresence Web Suite video conference, the RealPresence DMA Edge system can act as a web proxy to tunnel the SIP call on port 443. Once the SIP guest client is connected to a meeting, the RealPresence DMA Edge system continues to tunnel TCP traffic, including SIP signaling, media, and Binary Floor Control Protocol (BFCP) content.

The default proxies may be edited or you can add new proxies for various internal application servers. When you configure the proxies, you must specify an external IP address and an external listening port for access proxy. Based on the network settings you configured, you may have external access proxy services assigned to more than one network interface. You can reuse an external IP address but the port, in most cases, must be unique for each proxy configuration that uses the same external IP address. For example, if you create two proxy configurations for LDAP directory services, the combined external IP address for access proxy and the external listening port cannot be the same for both LDAP proxy configurations.

If you create an HTTP tunnel proxy, both the HTTP tunnel proxy and the default HTTPS_proxy can use port 443 on the same external access proxy IP address.

The following examples show examples of external IP address and port combinations.

Table 1. Example 1
Name of Proxy External IP Address for Access Proxy External Listening Port
LDAP_proxy_1 172.16.0.6 389
LDAP_proxy_2 172.16.0.6 9980
HTTPS_proxy 172.16.0.6 443
HTTP tunnel proxy 172.16.0.6 443
Table 2. Example 2
Name of Proxy External IP Address for Access Proxy External Listening Port
LDAP_proxy_1 172.16.0.6 389
LDAP_proxy_2 172.16.0.7 389

If a RealPresence Resource Manager system and RealPresence Web Suite integrate with the RealPresence DMA Edge, the HTTPS proxy must be configured for the RealPresence Resource Manager system and RealPresence Web Suite. LDAP proxy and XMPP proxy must be configured for the RealPresence Resource Manager system.