Skip Navigation

Configure access to WebRTC-based destinations

You can configure
BlackBerry Access for macOS
 and
BlackBerry Access for Windows
to allow communication using WebRTC protocol-based web clients such as
Citrix
VDI browser-based access.
To allow
Windows
users to share their screens, ensure that the
BlackBerry Dynamics
policy in
BlackBerry UEM
allows screen captures.
WebRTC traffic can often have high bandwidth demands. For this reason,
BlackBerry
recommends routing this traffic directly.
Route WebRTC traffic directly
If the WebRTC destination is accessible directly over the internet, use the following routing configuration:
  • On the
    Security
    tab of the
    BlackBerry Access
    app configuration policy, clear the
    Enforce Strict Tunnel
    checkbox to disable strict tunnel.
  • Optionally, for improved performance, you can enable UDP protocol support. On the
    BlackBerry Access (Mac and Win)
    tab of the
    BlackBerry Access
    app configuration policy, select the
    Enable UDP Protocol support
    checkbox.
  • Configure the
    BlackBerry Dynamics
    Connectivity profile to route traffic directly to the WebRTC destination, as follows:
    • For
      BlackBerry UEM
      version 12.11 and later: Add the WebRTC destination URL to the
      Additional servers
      section and specify
      Direct connectivity
      . This allows the connection to route directly even if the default route is set to use a
      BlackBerry Proxy
      cluster.
    • For
      BlackBerry UEM
      version 12.10 and earlier and
      Good Control
      : Disable
      Route All
      . Ensure that existing internal domains or servers are configured to route through
      BlackBerry Proxy
      clusters. Do not add the WebRTC destination to the
      BlackBerry Dynamics
      Connectivity profile. This will allow the connection to route directly.
    The
    BlackBerry Dynamics
    Connectivity profile and strict tunnel configuration have no effect on UDP connections. UDP connections route directly to the WebRTC destination through the local internet connection.
Route WebRTC traffic through BlackBerry Proxy
If the WebRTC destination is not directly accessible over the internet, or the traffic is required to route through a
BlackBerry Proxy
cluster, take the following items into consideration:
  • To route WebRTC traffic through
    BlackBerry Proxy
    clusters, all
    BlackBerry Proxy
    clusters must be configured to use Direct Connect. For more information, see the Direct Connect content.
    If you do not configure the
    BlackBerry Proxy
    clusters with Direct Connect, the WebRTC destination does not load. For more information, visit support.blackberry.com/community to read article 62766.
  • Ensure that enough
    BlackBerry Proxy
    servers are installed to handle the load generated by the WebRTC traffic.
  • This configuration supports only TCP-based WebRTC connections.
    BlackBerry Proxy
    servers support only TCP protocol.