Bayer LiveKit Infra¶
- LiveKit Version: v1.9.11
- Infrastructure Version: 1.0.0.beta1
- Last Updated: April 2026
- Maintained by: Bayer LiveKit Platform Team ⧉
- Audience: Bayer internal developers and platform engineers
- Status: Active
Table of Contents¶
Introduction¶
LiveKit ⧉ is an open-source, high-performance WebRTC stack designed for building sophisticated, real-time audio and video applications. At its core, LiveKit functions as a Selective Forwarding Unit (SFU)—it receives media streams from participants and intelligently routes them to others without the overhead of mixing or transcoding. This architectural approach ensures ultra-low latency and seamless communication, even at a massive scale.
Implementing a self-hosted LiveKit stack on AWS EKS allows you to maintain full ownership of your real-time communication (RTC) infrastructure while leveraging the elasticity of the cloud. By deploying within your corporate network, you effectively turn a high-bandwidth, low-latency requirement into a controlled internal asset.
Tip
For the full upstream reference, see the official LiveKit documentation ⧉.
Key Benefits¶
1. Optimized Network & Infrastructure (Bayer Network) Security & Compliance: Keeps media streams entirely within the Bayer VPC and behind corporate firewalls to eliminate public internet exposure and minimize the attack surface. Low Latency: Leverages internal AWS Direct Connect and private routing to bypass public internet hops, drastically reducing jitter for high-quality WebRTC performance.
2. The "Regional Sovereignty" Approach Regional Fault Tolerance: Ensures high availability by hosting independent clusters in the US and EU so that a localized outage in one region never impacts global service continuity. Dual-Tier Environment Strategy: Delivers dual infrastructure across both a Non-Prod sandbox for rapid POC experimentation and a hardened Production environment for mature, mission-critical applications.
3. Zero-Trust Compliance & Security Identity-Aware Governance: Enforces strict Bayer compliance by requiring identity-based authentication for every connection, ensuring only authorized users can access the communication infrastructure. Rigorous Infrastructure Policy: Aligns with the highest internal data protection standards by applying Zero-Trust policies to every access method and network layer within the VPC.
4. Autoscaling on High Load Dynamic Resource Allocation: Utilizes EKS autoscaling to automatically provision additional nodes during high-concurrency events like town halls, ensuring a stable and responsive platform. Cost Efficiency: Maximizes budget by scaling down resources during low-traffic periods and utilizing an open-source observability stack to avoid expensive third-party licensing fees.
5. Advanced Full-Stack Observability Multi-Layered Metrics: Uses Prometheus to capture deep technical insights ranging from hardware-level CPU interrupts to container-level pod restarts and SFU health. Centralized Log Intelligence: Employs Grafana Loki to instantly correlate metric spikes with distributed logs, enabling rapid root-cause analysis across the global infrastructure. Real-Time Quality Surveillance: Leverages LiveKit quality subscriptions to populate a centralized monitoring dashboard, enabling rapid identification and manual intervention of connection drops before they impact user experience. Automated Incident Response: Features a downtime notification subscription and custom application alerts to provide immediate visibility into service interruptions and performance anomalies.
Architecture¶
Components¶
| Component | Description |
|---|---|
| LiveKit Server | Core media server — routes audio/video/data streams between participants using Selective Forwarding |
| Signaling Service | WebSocket-based signaling for session negotiation, room management, and participant coordination |
| TURN Server | Built-in TURN/STUN server for NAT traversal — ensures connectivity behind firewalls and restrictive networks |
| Redis / Valkey | Distributed state store — manages room state, participant sessions, multi-node coordination, and distributed locking |
| ACM (AWS Certificate Manager) | TLS certificate management for secure WebSocket (WSS) and TURN (TLS) connections |
Available Regions¶
Non-Production¶
| Region | Signaling URL | TURN URL | Status |
|---|---|---|---|
| EU-Central-1 | wss://eu.livekit-np.int.bayer.com |
turn.eu.livekit-np.int.bayer.com |
✅ Active |
| US-East-1 | wss://us.livekit-np.int.bayer.com |
turn.us.livekit-np.int.bayer.com |
✅ Active |
Production¶
| Region | Signaling URL | TURN URL | Status |
|---|---|---|---|
| EU-Central-1 | wss://eu.livekit.int.bayer.com |
turn.eu.livekit.int.bayer.com |
✅ Active |
| US-East-1 | wss://us.livekit.int.bayer.com |
turn.us.livekit.int.bayer.com |
✅ Active |
Important
All endpoints are internal-only — accessible via Bayer corporate network or VPN only.
Related Resources¶
| Resource | Description |
|---|---|
| LiveKit Official Documentation ⧉ | Upstream LiveKit concepts and API reference |
| LiveKit Platform Service | LKPS — the orchestration layer that issues tokens for this infrastructure |
| Bayer LiveKit SDK | Python SDK for building agents that connect to this infrastructure |
| Environments & URLs | Full list of endpoints per region and environment |