Pexip Infinity VMware Installation Guide V33.a
Pexip Infinity VMware Installation Guide V33.a
Pexip Infinity VMware Installation Guide V33.a
Software Version 33
October 2023
Pexip Infinity VMware Installation Guide
Contents
Introduction 4
Further configuration 19
Integrating with a call control system 20
Configuring the Pexip Infinity Distributed Gateway 20
Registering devices directly to the Pexip Infinity platform 20
Customizing the user experience 20
Informing users about the new video conferencing service 20
Introduction
This installation guide describes the minimum steps required to deploy and test a simple Pexip Infinity platform in a VMware
environment.
Full information on configuring and using Pexip Infinity is available:
l on the Pexip Infinity technical documentation website (from where all documentation can also be downloaded in PDF format)
l as online help, by clicking the Help link in the top right corner of the Pexip Infinity Administrator interface (available after the
Management Node has been deployed).
You must ensure you have completed all necessary platform-based Planning and prerequisites prior to installation.
Please visit the Pexip Academy for access to a range of training resources and videos, including VMware installations.
Prerequisites
You must have a suitable VMware environment already installed.
If an ESXi host is being managed by vCenter Server, all administration must be performed via vCenter Server. Do not log in directly
to the ESXi host; configuration changes made in this way may be lost. To ensure that ESXi hosts being managed by vCenter Server
are accessible via vCenter Server only and are not directly accessible, you should put them in Lockdown mode. Lockdown mode
forces all operations to be performed through vCenter Server.
Synchronizing time
Pexip Infinity uses NTP servers to obtain accurate system time. This is necessary to ensure correct operation, including configuration
replication and log timestamps.
All host servers must be synchronized with accurate time before you install the Management Node or Conferencing Nodes on
them.
NTP must be enabled on the Management Node VM before you deploy any Conferencing Nodes (this is done during installation of
the Management Node).
We strongly recommend that you configure at least three distinct NTP servers or NTP server pools on all your host servers and the
Management Node itself. This ensures that log entries from all nodes are properly synchronized.
The VMs hosting the Management Node and Conferencing Nodes use the UTC timezone, and all logs are in UTC. Do not attempt to
change the timezone on these systems. Note however that the administrator web interface uses your local time.
To synchronize time on the host server using the vSphere web client (HTML 5):
1. Select the Configure tab and then System > Time Configuration.
2. From the Time Configuration page, ensure that value in the Date & Time field is correct.
General recommendations
Pexip Infinity can take advantage of advanced CPU features, so for optimal performance we recommend that you run Conferencing
Nodes on your newer host servers.
CPUs with a large cache (15–30 MB+) are recommended over CPUs with a smaller cache (4–10 MB), especially when running 10 or
more participants per conference.
To protect the overall quality of the conference, we highly recommend that any hardware resources allocated to a Conferencing Node
are reserved specifically for its own use.
CPU
The CPU is the most critical component in a successful deployment of the Pexip Infinity platform.
Newer Intel (or AMD) CPUs typically provide more features which Pexip Infinity will utilize to give better performance. We therefore
recommend that you deploy Pexip Infinity on newer hardware, and move applications that are not so time-critical (for example, mail
servers, web servers, file servers) to your older hardware.
Memory
The memory specified for the Pexip Infinity deployment should not be shared with other processes, because Pexip Infinity accesses
memory at a high speed when active. However, the amount of memory needed is quite small compared to the workload, and
increasing the memory beyond the recommended scope will not significantly increase performance.
Storage
Apart from storing the Pexip Infinity application, the disk activity during operation will mainly be used for logging. There is therefore no
need to deploy your fastest or newest SSD drives for this application, as most of the real-time activity happens in memory. Standard
disk access as required for most servers should be used to get good logging performance. Although Pexip Infinity will work with SAS
drives, we strongly recommend SSDs for both the Management Node and Conferencing Nodes. General VM processes (such as
snapshots and backups) and platform upgrades will be faster with SSDs.
Network
Gigabit Ethernet connectivity from the host server is strongly recommended, because Conferencing Nodes are sending and receiving
real-time audio and video data, and any network bottlenecks should be avoided. The amount of traffic to be expected can be
calculated based on the capacity of the servers, but typically 100 Mbps network links can easily be saturated if there is a large number
of calls going through a given Conferencing Node. In general, you can expect 1–3 Mbps per call connection, depending on call control
setup.
Traffic shaping
Any shaping of the Conferencing Node traffic that can potentially limit its flow should not be used without considerable planning. If
bandwidth usage to or from a Conferencing Node is too high, this should be addressed in the call control, as shaping it on the
Conferencing Node level will most likely reduce the experience for the participants.
NIC teaming
VMware NIC teaming is a way to group several network interface cards (NICs) to behave as one logical NIC. When using NIC teaming in
ESXi, we recommend you load balance based on originating virtual port ID due to its low complexity (it does not steal CPU cycles from
the host). You can also load balance based on source MAC hash; however we do not recommend IP hash because of the high CPU
overhead when a large number of media packets are involved.
Management Node: we recommend upgrading the hardware version of the Management Node VM to match the ESXi host version
that the Management Node is running on.
Conferencing Nodes: we recommend upgrading the hardware version of the Conferencing Node VMs to at least match the ESXi host
version that you are running in your environment.
See https://kb.vmware.com/s/article/1010675 for ESXi version to virtual hardware version compatibility information, and instructions
on upgrading a VM's hardware version (vmversion).
vMotion
Conferencing Nodes (and the Management Node) can be moved across host servers using vMotion.
You must put the Conferencing Node into maintenance mode and wait until all conferences on that node have finished before
migrating it to another host server.
For more information on vMotion in general, see http://www.vmware.com/products/vsphere/features/vmotion.html.
1. Deploying the VM template: this creates a new unconfigured instance of a generic Management Node VM.
The process for deploying the template in a VMware hypervisor environment is described below.
2. Running the installation wizard: after deploying the Management Node template, the installation wizard allows you to enter the
basic configuration details for your Management Node VM.
This flowchart provides an overview of the basic steps involved in deploying the Pexip Infinity platform on VMware:
1. Either:
a. Ensure the VM Manager can access the Management Node OVA image file hosted on the Pexip download page. or
b. Download the Management Node OVA image file from the Pexip download page to your local machine.
2. Log in to the VM Manager (vCenter Server).
3. If you are using VMware 7.0u3 or later you must import an intermediate certificate bundle to enable VMware to trust the OVA
image:
a. Go to https://dl.pexip.com/resources/certificates/index.html, and download the intermediate certificate PEM file 2022_10-
bundle.pem.
b. Import the PEM file into VMware as described in https://kb.vmware.com/s/article/84240.
Note that:
o If you do not import the certificate bundle, you can still deploy the OVA image but you will have to ignore the untrusted
certificate warnings.
o Earlier versions of VMware do not require the certificate bundle as they do not perform the same level of validation.
4. Select VMs and Templates.
5. Click on the Actions menu and select Deploy OVF Template....
The Deploy OVF Template window will open.
6. At the Select template step, either enter the URL to download the Management Node OVA imge file, or Browse to the location of
the Pexip Infinity OVA file, and select Next:
7. If you are using VMware 7.0u3 or later, a Source Verification pop-up appears (even if you have imported the certificate bundle).
Verify that the certificate thumbprint shown is AF:1F:4D:92:2D:DF:5F:81:1C:C2:BC:D5:38:28:14:75:0A:D9:02:0E and then select
Yes to proceed.
8. At the Select name and folder step:
a. Enter an appropriate Name for the Management Node. This name is used in the VMware interface to identify this
Management Node virtual machine (VM).
b. Select the location or datacenter within which the Management Node will be located.
c. Select Next.
9. At the Select a compute resource step, select the host, cluster, resource pool or vApp in which to run the template, and select
Next.
10. At the Review details step, you may see the following warning:
This warning message is shown whenever any advanced settings are part of an OVA deployment. Here, the advanced configuration
options that are being referenced are those mandated for the US Department of Defense JITC (Joint Interoperability Test
Command) certification.
Select Next.
11. At the License agreements step, read the license agreements, and if you agree to the terms select Accept and then Next.
12. At the Select storage page, select a Thick virtual disk format, a VM Storage Policy and Datastore to be used, and select Next.
13. At the Select networks step, select the VM Network and IP configuration, and select Next.
14. At the Ready to complete page, review the configuration and select Finish.
Progress is shown in the Recent Tasks tab at the bottom of the screen. When the template has been deployed successfully, a green tick
will appear.
Setting Default value Multiple entries allowed? Can be changed via Pexip Infinity
Administrator interface?
† The NTP server must be accessible by the Management Node at the time the startup wizard is run. Installation will fail if the
Management Node is unable to synchronize its time with an NTP server.
‡ After they have been configured, do not attempt to change these settings by any other means. To change these settings on server-
based deployments, you must re-run the installation wizard.
The installation begins and the Management Node restarts using the values you have configured.
1. Open a web browser and type in the IP address or DNS name that you assigned to the Management Node using the installation
wizard (you may need to wait a minute or so after installation is complete before you can access the Administrator interface).
2. Until you have uploaded appropriate TLS certificates to the Management Node, your browser may present you with a warning that
the website's security certificate is not trusted. You should proceed, but upload appropriate TLS certificates to the Management
Node (and Conferencing Nodes, when they have been created) as soon as possible.
The Pexip Infinity Conferencing Platform login page will appear.
3. Log in using the web administration username and password you set using the installation wizard.
You are now ready to begin configuring the Pexip Infinity platform and deploying Conferencing Nodes.
As a first step, we strongly recommend that you configure at least 2 additional NTP servers or NTP server pools to ensure that log
entries from all nodes are properly synchronized.
It may take some time for any configuration changes to take effect across the Conferencing Nodes. In typical deployments,
configuration replication is performed approximately once per minute. However, in very large deployments (more than 60
Conferencing Nodes), configuration replication intervals are extended, and it may take longer for configuration changes to be applied
to all Conferencing Nodes (the administrator log shows when each node has been updated).
Brief details of how to perform the initial configuration are given below. For complete information on how to configure your Pexip
Infinity solution, see the Pexip Infinity technical documentation website at docs.pexip.com.
Configuration Purpose
step
1. Enable DNS Pexip Infinity uses DNS to resolve the hostnames of external system components including NTP servers, syslog servers,
SNMP servers and web proxies. It is also used for call routing purposes — SIP proxies, gatekeepers, external call control
(System > DNS
and conferencing systems and so on. The address of at least one DNS server must be added to your system.
Servers)
You will already have configured at least one DNS server when running the install wizard, but you can now change it or
add more DNS servers.
Configuration Purpose
step
2. Enable NTP Pexip Infinity uses NTP servers to obtain accurate system time. This is necessary to ensure correct operation, including
configuration replication and log timestamps.
(System > NTP
Servers) We strongly recommend that you configure at least three distinct NTP servers or NTP server pools on all your host servers
and the Management Node itself. This ensures that log entries from all nodes are properly synchronized.
You will already have configured at least one NTP server when running the install wizard, but you can now change it or
add more NTP servers.
3. Add licenses You must install a system license with sufficient concurrent call capacity for your environment before you can place calls
to Pexip Infinity services.
(Platform >
Licenses)
4. Add a These are labels that allow you to group together Conferencing Nodes that are in the same datacenter. You must have at
system location least one location configured before you can deploy a Conferencing Node.
(Platform >
Locations)
5. Upload TLS You must install TLS certificates on the Management Node and — when you deploy them — each Conferencing Node. TLS
certificates certificates are used by these systems to verify their identity to clients connecting to them.
(Certificates > All nodes are deployed with self-signed certificates, but we strongly recommend they are replaced with ones signed by
TLS either an external CA or a trusted internal CA.
Certificates)
6. Add Virtual Conferences take place in Virtual Meeting Rooms and Virtual Auditoriums. VMR configuration includes any PINs required
Meeting Rooms to access the conference. You must deploy at least one Conferencing Node before you can call into a conference.
(Services >
Virtual Meeting
Rooms)
7. Add an alias A Virtual Meeting Room or Virtual Auditorium can have more than one alias. Conference participants can access a Virtual
for the Virtual Meeting Room or Virtual Auditorium by dialing any one of its aliases.
Meeting Room
(done while
adding the
Virtual Meeting
Room)
Name Enter the name to use when referring to this Conferencing Node in the Pexip Infinity Administrator interface.
Description An optional field where you can provide more information about the Conferencing Node.
Hostname Enter the hostname and domain to assign to this Conferencing Node. Each Conferencing Node and
Domain Management Node must have a unique hostname.
The Hostname and Domain together make up the Conferencing Node's DNS name or FQDN. We recommend
that you assign valid DNS names to all your Conferencing Nodes.
IPv4 address Enter the IP address to assign to this Conferencing Node when it is created.
Network mask Enter the IP network mask to assign to this Conferencing Node.
Note that IPv4 address and Network mask apply to the eth0 interface.
Gateway IPv4 address Enter the IP address of the default gateway to assign to this Conferencing Node.
Note that the Gateway IPv4 address is not directly associated with a network interface, except that the
address entered here lies in the subnet in which either eth0 or eth1 is configured to use. Thus, if the gateway
address lies in the subnet in which eth0 lives, then the gateway will be assigned to eth0, and likewise for
eth1.
Secondary interface The optional secondary interface IPv4 address for this Conferencing Node. If configured, this interface is used
IPv4 address for signaling and media communications to clients, and the primary interface is used for communication with
the Management Node and other Conferencing Nodes.
Option Description
Secondary interface The optional secondary interface network mask for this Conferencing Node.
network mask
Note that Secondary interface IPv4 address and Secondary interface network mask apply to the eth1
interface.
System location Select the physical location of this Conferencing Node. A system location should not contain a mixture of
proxying nodes and transcoding nodes.
If the system location does not already exist, you can create a new one here by clicking to the right of the
field. This will open up a new window showing the Add System Location page.
SIP TLS FQDN A unique identity for this Conferencing Node, used in signaling SIP TLS Contact addresses.
TLS certificate The TLS certificate to use on this node. This must be a certificate that contains the above SIP TLS FQDN. Each
certificate is shown in the format <subject name> (<issuer>).
IPv6 address The IPv6 address for this Conferencing Node. Each Conferencing Node must have a unique IPv6 address.
If this is left blank, the Conferencing Node listens for IPv6 Router Advertisements to obtain a gateway
address.
IPv4 static NAT address The public IPv4 address used by this Conferencing Node when it is located behind a NAT device. Note that if
you are using NAT, you must also configure your NAT device to route the Conferencing Node's IPv4 static
NAT address to its IPv4 address.
Static routes From the list of Available Static routes, select the routes to assign to the node, and then use the right arrow
to move the selected routes into the Chosen Static routes list.
Enable distributed This should usually be enabled (checked) for all Conferencing Nodes that are expected to be "always on", and
database disabled (unchecked) for nodes that are expected to only be powered on some of the time (e.g. nodes that
are likely to only be operational during peak times).
Enable SSH Determines whether this node can be accessed over SSH.
Use Global SSH setting: SSH access to this node is determined by the global Enable SSH setting (Platform >
Global Settings > Connectivity > Enable SSH).
Off: this node cannot be accessed over SSH, regardless of the global Enable SSH setting.
On: this node can be accessed over SSH, regardless of the global Enable SSH setting.
3. Select Save.
4. You are now asked to complete the following fields:
Option Description
Deployment type Select Manual (ESXi 8.0 and above), Manual (ESXi 7.0), Manual (ESXi 6.7) or Manual (ESXi 6.5) as
appropriate.
Number of virtual CPUs Enter the number of virtual CPUs to assign to the Conferencing Node. We recommend no more than one
to assign virtual CPU per physical core, unless you are making use of CPUs that support Hyper-Threading.
System memory (in Enter the amount of RAM (in megabytes) to assign to the Conferencing Node. The number entered must be a
megabytes) to assign multiple of 4.
We recommend 1024 MB (1 GB) RAM for each virtual CPU. The field automatically defaults to the
recommended amount, based on the number of virtual CPUs you have entered.
Option Description
SSH password Enter the password to use when logging in to this Conferencing Node's Linux operating system over SSH. The
username is always admin.
Logging in to the operating system is required when changing passwords or for diagnostic purposes only, and
should generally be done under the guidance of your Pexip authorized support representative. In particular,
do not change any configuration using SSH — all changes should be made using the Pexip Infinity
Administrator interface.
5. Select Download.
A message appears at the top of the page: "The Conferencing Node image will download shortly or click on the following link".
After a short while, a file with the name pexip-<hostname>.<domain>.ova is generated and downloaded.
Note that the generated file is only available for your current session so you should download it immediately.
6. When you want to deploy the Conferencing Node VM, use a vSphere client to log in to vCenter Server. Select the VMs and
Templates tab, click on the Actions menu and select Deploy OVF Template....
7. Follow the on-screen prompts to deploy the .ova file; this is similar to the steps you used when deploying the Management Node.
You should always deploy the nodes with Thick Provisioned disks.
After deploying a new Conferencing Node, it takes approximately 5 minutes before the node is available for conference hosting and for
its status to be updated on the Management Node. Until it becomes available, the Management Node reports the status of the
Conferencing Node as having a last contacted and last updated date of "Never". "Connectivity lost between nodes" alarms relating to
that node may also appear temporarily.
Disabling EVC
We strongly recommend that you disable EVC (Enhanced vMotion Compatibility) for any ESXi clusters hosting Conferencing Nodes that
include a mix of old and new CPUs. If EVC is enabled on such clusters, the Pexip Infinity platform will run more slowly because the
Conferencing Nodes assume they are running on older hardware.
To disable EVC:
1. Open a browser (we recommend Chrome or Edge) and type in the IP address (or FQDN, if you've set it up already) of one of the
Conferencing Nodes.
If your browser displays a security warning, this means that it does not trust the Conferencing Node's certificate. This could be
because you have not replaced the node's default self-signed certificate, or you have used your own private certificates that
have not been signed by an external Certificate Authority.
2. When prompted, enter your name.
3. In the Meeting ID field, enter the alias of the Virtual Meeting Room you are using for testing.
4. Ensure that you have selected the camera and microphone you wish to use, and they are working correctly:
o You should see your own image in the video window.
o The microphone icon shows a green bar to indicate the level of audio being detected. To join without your audio, select the
microphone icon; this will change to to indicate that your microphone is off.
5. Select Join.
6. From another device, join the conference in the same way.
The two participants should be able to see and hear each other, and share content.
See About the Connect web app for more information.
Further configuration
You are now ready to continue configuring the Pexip Infinity platform and services and deploying more Conferencing Nodes.
Specifically, you should now do the following:
l Assigning hostnames and FQDNs
l Enabling SNMP on Conferencing Nodes
We also have provided some Example emails for sending to new users, which you can use as a basis for the information you provide to
your users.
Prior to installation
1. Download the appropriate Pexip Infinity Management Node installation file from the Pexip download page.
2. Ensure that you have appropriate host servers (see Server design guidelines).
3. Assign network IP addresses and host names for the Management Node and Conferencing Nodes.
4. Create DNS records for your Management Node administration.
5. Create DNS records to allow endpoints/clients to discover your Pexip Infinity Conferencing Nodes (see DNS record examples).
6. Generate or request certificates (Base64-encoded X.509 PEM format) for the Management Node and Conferencing Nodes (see
guidelines at Certificate creation and requirements).
Hypervisor maintenance
1. Enable automatic startup on every VM.
2. Backup your Management Node VM, and optionally, your Conferencing Node VMs.
VM name: ................................................................
Conferencing Nodes
For complete information on how to configure your Pexip Infinity solution, see the Pexip Infinity technical documentation website at
docs.pexip.com.