Note: This feature is currently in beta.
Starting with Jump Desktop Connect 6.7.x you can run on-premise, high availability relay servers. Relay servers allow you to control how Jump Desktop traffic is routed through your infrastructure. All traffic is run through a single UDP port so you can control exactally what goes in and out and apply proper QoS if needed. You can also run a relay server behind a NAT using port forwarding.
A note about security: Since all Jump Desktop Connect traffic is encrypted end-to-end, the relay server will not have access to the underlying protocol data. It will simply be transmitting opaque, encrypted data packets between computers.
Relay server configuration where the relay is hosted externally:
Alternate configuration where the relay server is hosted internally:
- Jump Desktop for Teams Enterprise subscription.
- A Windows, Mac or Linux machine that will act as a relay server inside or outside your network.
1. Setup Relay Server
- Make sure you have Docker installed on your server machine: How To Install Docker.
- Next select a port, username and password to run the relay server on. We'll need this for the next step. In the case below, we've used port 3478, with username MyUserName and password MyPassword and external IP 22.214.171.124. The external IP field is the public IP address of your WAN interface.
To start coturn on your internal machine run the following command. Note: These steps are for Linux or Mac:
docker run \
-p $RELAY_PORT:$RELAY_PORT/udp \
--listening-port $RELAY_PORT \
--user "$RELAY_USERNAME:$RELAY_PASSWORD" \
--realm jumpdesktop.com \
2. Setup Connect Settings
Once the relay server is running we will use Connect Settings to configure Jump Desktop Connect on your team machines with the relay server configuration.
- Create a new Connect Setting configuration or edit your existing configuration.
- In the Networking section click the Edit button next to the On Premise Relay Servers option.
- In the Edit Relays dialog, click the Add button to add a new relay server configuration.
- In the Add New Relay dialog enter the following:
- In the Username field enter the username you selected when setting up the relay server.
- In the Password field enter the password you used when setting up the relay server.
- In the Host enter the relay server's IP address followed by a ':' and then the port.
- Click Save
- Optional: Turn on Relay Connections Only.Normally Jump Desktop Connect will try it's best to create a direct peer-to-peer connection between machines using NAT traversal. If this fails, it will fallback to using your custom relay server. You can force Jump Desktop Connect to always use your relay server for connections. This is useful for high security environments where you want to control all traffic flow to and from your machines.
- Click Save to save the configuration.
- Make sure you Assign the Connect Settings to the computers you want to use the relay server with.
Testing Connections to make sure they're going through your relay server
To test if connections are using your custom relay server, apply the settings to a computer and then use the Jump Desktop to connect to the computer. Once you're connected:
- Click Help -> Diagnostic Logs
- Open up the latest Viewer logger file and then search backwards for the string: "Got candidate". There might be multiple hits with that string, but there should be at-least one hit with your relay server's address there. If you see your relay server's address, then things are working.
- Additionally if you want to check and make sure Relay Connections Only option is working, you can also search backwards in the logs for the string "Using Cand" and make sure your relay server's IP address is mentioned in that line.
High Availability Relay Servers
Jump Desktop Connect supports specifying multiple relay servers for high availability scenarios. Given multiple relay servers, Jump Desktop Connect will automatically skip servers that are down and choose the relay server that has the lowest latency.
For high availability scenarios we recommend at-least 2 or more relay servers.
You can add multiple relay servers in the Custom Relay Servers section by clicking the Add button.
The relay service only uses 1 port running on the UDP protocol. You should make sure your firewall allow incoming and outgoing UDP traffic on that port (RELAY_PORT above).
Running a Relay Service Behind a NAT
It's possible to run the relay service behind a NAT using port forwarding. Make sure the NAT is configured to forward UDP traffic on the external port to your relay server's internal IP address. For example if your relay server is running on internal IP: 192.168.2.10 and port 5000, then create the following port forwarding rule on your router or NAT:
External Port: 5000
External Protocol: UDP
Internal IP: 192.168.2.10
Internal Port: 5000