Opening reverse tunnels between remote sites and the Federation host

2024-04-19Last updated

To establish a reverse tunnel connection between a remote site and the Federation™ host, you must open the tunnel from the remote site.

Before you begin

Create a reverse tunnel on the Federation host and generate a tunnel keyfile.
Note: For security reasons, a keyfile can only be used once.

Procedure

  1. In Config Tool, sign in to the remote system.
  2. Open the System task, and click the Roles view.
  3. Click Add an entity > Reverse Tunnel .
  4. On the Specific info page, enter the keyfile for this tunnel.
    Do one of the following:
    • If the keyfile was copied to the clipboard, paste it into the Tunnel keyfile field.
    • Click Select file (), browse for the keyfile, and click Open.
    Creating a role dialog in Config Tool showing the specific info section when creating a reverse tunnel.
    The tunnel site name and the time it was created are displayed.

    Creating a role dialog in Config Tool showing the specific info section with reverse tunnel info completed.

  5. Confirm that you have the correct name and click Next.
    If you used the wrong keyfile, click Clear () and try again.
  6. (Optional) Enter the role name and description.
    The default role name is Reverse Tunnel. If multiple hosts federate this site, choose a different name for each host.
  7. Click Next > Create > Close .
    The Reverse Tunnel role is created. It takes a few seconds for the role to connect to the Reverse Tunnel Server role on the Federation host.
    Reverse Tunnel role in Config Tool showing a connected tunnel.
  8. (Optional) Click the Properties tab and select an Encryption option.
    Important: By default, connections to a Security Center SaaS Federation host require encryption.
    Encrypt
    Encrypt video in transit from the remote site to the Federation host.
    Prefer encryption
    Encrypt video in transit if both the remote site and the Federation host support TLS. Use this option if you are not certain of the capabilities of the Federation host.
    Do not encrypt
    Do not encrypt video in transit. Only use this option if the video is encrypted through other methods.
  9. (Optional) Turn on the Create agents on role servers option.
    By default, servers hosting Directory, Media Router, and Redirector roles all require internet access for reverse tunneling.

    When this option is enabled, only servers listed on the Resources need outbound internet access for reverse tunneling.

  10. (Optional) Click the Resources tab and configure failover for the Reverse Tunnel role.
    For information about role failover, see Setting up role failover on the TechDoc Hub.

After you finish

  1. Sign in to the Federation host and confirm that the status of the remote site is Online.
  2. Connect the Federation host to the remote site through the reverse tunnel.