DNS

For Infinity virtual intercom panels to connect to the VIP server, the Domain of the VIP server must be available to all users, wherever they are. On the public Internet, this is usually accomplished using a public DNS server. On a private network, a private DNS server may be used. In either case, a DNS name must be created and available for lookup by VIP panels.

SSL Certificates

Panels connect to the server using WebRTC. This is a secure connection that uses an SSL certificate associated with the VIP server. When operated on the public Internet a unique domain name associated with a DNS entry can be used to obtain an SSL certificate for the server.

However, Amazon, Google, and other generic addresses cannot be issued SSL certificates. SSL certificate providers regard these addresses as impossible to verify ownership for and thus are not secure by definition. In these cases, your VIP system public address must have a public or private DNS name and then obtain an SSL certificate from one of the companies that issues them.

An SSL certificate is still required even if your VIP system is on a private network with no Internet gateway, or if port 80 is closed between the public and your private network(s). An SSL certificate can be associated with your VIP server using a method called DNS-01 challenge.

VIP Server Beacon

Working in conjunction with the VIP panel invitation mechanism, VIP Beacon signaling server is used by VIP server to keep track of WebRTC connections from panels and accessories in real-time. When a VIP client connects it gets the information about the panel endpoint. Stream description information (SDP) is exchanged using the Beacon signaling server. It is required to both make WebRTC connections and to tell VIP server when panel and accessory connections have been closed.

STUN

On a private LAN, direct peer-to-peer network connections can be made between a VIP panel and the VIP server. A STUN (Session Traversal Utilities for NAT) server is used by the clients to find network addresses that are used during the session. For example, a VIP panel user is at home and the user’s PC is behind a router. The VIP panel knows what its local PC IP address is but does not know what its public IP address is. The panel contacts a STUN server which tells the panel what its public IP address is. This IP address can then be sent to the VIP server. STUN servers are available on the Internet on a subscription basis, or a private STUN server can be built.

TURN

A TURN (Traversal Using Relay NAT) server allows VIP panels to connect to the VIP server when they are not on the same local network and NAT traversal is not possible. On a public network the VIP panels are behind routers and STUN (above) provides the public address of each panel. A connection needs to be made between the VIP panel and the VIP server. In case a direct connection cannot be established, a TURN server is used to relay the media traffic. TURN servers are available on the Internet on a subscription basis and STUN and TURN services are offered together. A private STUN and TURN server could also be built.