Configure access to WebRTC-based destinations
You can configure
BlackBerry Access for macOS
and BlackBerry Access for Windows
to allow communication using WebRTC protocol-based web clients such as Citrix
VDI browser-based access.To allow
Windows
users to share their screens, ensure that the BlackBerry
Dynamics
policy in BlackBerry UEM
allows screen captures.WebRTC traffic can often have high bandwidth demands. For this reason,
BlackBerry
recommends routing this traffic directly. Route WebRTC traffic directly
If the WebRTC destination is accessible directly over the internet, use the following routing configuration:
- On theSecuritytab of theBlackBerry Accessapp configuration policy, clear theEnforce Strict Tunnelcheckbox to disable strict tunnel.
- Optionally, for improved performance, you can enable UDP protocol support. On theBlackBerry Access (Mac and Win)tab of theBlackBerry Accessapp configuration policy, select theEnable UDP Protocol supportcheckbox.
- Configure theBlackBerry DynamicsConnectivity profile to route traffic directly to the WebRTC destination, as follows:
- ForBlackBerry UEMversion 12.11 and later: Add the WebRTC destination URL to theAdditional serverssection and specifyDirect connectivity. This allows the connection to route directly even if the default route is set to use aBlackBerry Proxycluster.
- ForBlackBerry UEMversion 12.10 and earlier andGood Control: DisableRoute All. Ensure that existing internal domains or servers are configured to route throughBlackBerry Proxyclusters. Do not add the WebRTC destination to theBlackBerry DynamicsConnectivity profile. This will allow the connection to route directly.
TheBlackBerry DynamicsConnectivity profile and strict tunnel configuration have no effect on UDP connections. UDP connections route directly to the WebRTC destination through the local internet connection.
Route WebRTC traffic through BlackBerry Proxy
If the WebRTC destination is not directly accessible over the internet, or the traffic is required to route through a
BlackBerry Proxy
cluster, take the following items into consideration:- To route WebRTC traffic throughBlackBerry Proxyclusters, allBlackBerry Proxyclusters must be configured to use Direct Connect. For more information, see the Direct Connect content.If you do not configure theBlackBerry Proxyclusters with Direct Connect, the WebRTC destination does not load. For more information, visit support.blackberry.com/community to read article 62766.
- Ensure that enoughBlackBerry Proxyservers are installed to handle the load generated by the WebRTC traffic.
- This configuration supports only TCP-based WebRTC connections.BlackBerry Proxyservers support only TCP protocol.