Planning TURN services to traverse NAT

The IBM® Sametime® TURN Server works with Sametime Media Manager, enabling clients to communicate across a NAT or firewall during a multimedia session.

When planning a Sametime audio/video deployment, ask yourself the following questions and then use the answers to help determine the placement of the Sametime Media Manager and the TURN Server:

  • Do I want to provide audio/video connections between internal (intranet) and external (extranet) users?
    The TURN Server must be reachable by all clients, as well as by all Sametime servers for which the TURN Server provides services. This 'reachability' requirement may dictate that the Sametime Media Server and the TURN Server be installed in DMZ area of the enterprise network.
    Note: In DMZ deployments, both internal and external clients must be able to resolve the name of the TURN Server to the "proper" IP address, so that your network architecture may direct different IP addresses for internal and external clients. IBM require that you configure the TURN Server's identity with a Fully Qualified Domain Name (FQDN), and that you use Domain Name Service (DNS) to provide clients with the proper IP address for their environment.
  • Is my deployment internal-only on a server with a single network IP address?

    If Sametime audio/video is used between internal users on a flat network (without the use of Network Address Translation), communication occurs directly between clients ("peer-to-peer") and does not use the TURN Server.

  • Do my clients have multiple IP addresses on multiple subnets?

    If this is the case, you have to enable the Sametime NAT traversal feature, so the clients will perform the necessary connectivity checks and find a candidate pair on which the media can be sent. If Sametime audio/video is used between internal users on a flat network (without the use of Network Address Translation), communication occurs directly between clients (peer-to-peer), and the TURN Server address can be set to 0.0.0.0 in SSC, to indicate that allocation of relayed address is not necessary.

This graphic shows a simple topology where multimedia connections can be established between IBM Sametime clients using the TURN Server and ICE:


A Sametime deployment using a TURN Server to enable NAT traversal