Server Routing and Relays

Media Shuttle deployments in a secure network environment may require server routing or relays to allow file transfers to a public cloud or on-premises storage.

Routing rules may be necessary for deployments with separate IPs for inbound and outbound network traffic, or for transfers that must pass through a perimeter network. Relays can also be used in environments where local firewalls require high security and can only connect to specific IP addresses.

For each destination, you can specify up for four relays using the same supported operating system. Relays also require less complex firewall configuration as they limit all file transfer traffic to a single port per server.

Note: Implementing a relay server limits the maximum transfer speed to 400-500 Mbps, regardless of overall network capacity.

Network Addressing and Traffic Flow

Cloud Storage

Media Shuttle deployments using cloud storage automatically determine the inbound or outbound IP addresses used to reach a storage location using public DNS. The addition of a routing rule on Signiant SDCX Servers can allow portal members on an internal network to reach cloud storage on the public Internet.

Example traffic flow before and after cloud relaying

On-Premises Storage

Relays may be required where network environments use separate outbound and inbound IP addresses when routing network traffic through a firewall. In this case, Signiant SDCX Servers are not able to determine the inbound IP addresses, and require a relay to transfer files.

In a typical relay setup for transfers between on-premises locations, traffic originating from the internal network is routed through a Signiant relay behind the firewall and a relaying SDCX Server in the organization's perimeter network. Network restrictions may also require that an additional relaying SDCX Server be deployed externally.

Example traffic flow before and after on-premises relaying

Establishing a Relay

A Signiant SDCX Server can be configured to act as a relay to allow file transfers to an SDCX Server that must traverse a corporate firewall to on-premises or cloud storage.

Setting up an SDCX Server as a relay requires that you deploy the SDCX Server software within a perimeter network, change the server configuration to act as a relay, add the relay in the IT Administration Console, then finalize proxy configuration if required.

Deploying and Configuring the Relay

To deploy a relay server:

1. Install the SDCX Server software software on the relay server.

2. Connect to the relay server using SSH or another remote access tool.

3. Open the dds configuration file in a text editor:

   Linux: /usr/Signiant_Media_Shuttle/bin/agent/bin/dds.conf
   Windows: C:\Program Files\Signiant Media Shuttle\bin\agent\bin\dds.cfg

4. Change Relay mode is none to Relay mode is open.

5. Save the file.

6. Restart the SDCX Server:

   Linux: ./siginit restart
   Windows: Navigate to Start > Programs > Media Shuttle Services > Restart Services

Configuring Relays in Media Shuttle

Once the relay server has restarted, add the relay hostname or IP address in Media Shuttle:

1. In the IT Administration Console, choose the Storage tab.
2. Hover over the assigned storage location and click .

3. Click Network Configuration. 4. Select Relays and enter the relay's hostname or IP address. 5. Click Save.

Note: You can also enter relays for cloud object storage, allowing you to direct outbound traffic from these storage locations through relays assigned to a Signiant SDCX Server.

Finalizing Proxy Configuration

Once the relay is set in the IT Administration Console, the relay server may require additional configuration in the following scenarios:

• The relay server cannot directly resolve the storage server hostname to its IP address.
• The connection needs to be passed through another relay before reaching the storage server.
• Only UDP 49221 is open between the relay and the storage server. A defined relay will force all traffic through UDP 49221.

To configure a relay proxy:

1. Connect to the relay server using SSH or another remote access tool.

2. Open the dds configuration file in a text editor:

   Linux: /usr/Signiant_Media_Shuttle/bin/agent/bin/dds.conf
   Windows: C:\Program Files\Signiant Media Shuttle\bin\agent\bin\dds.cfg

3. Add the following to the end of the file:

   Proxy for <hostname> is <SDCX server ip address> port=49221

   Example: Proxy for sdcx-server.example.com is 10.20.130.240 port=49221

Note: You must also configure your firewall rules to ensure that traffic coming into the relay is routed to the internal storage servers, and that the relay has unrestricted outbound access to port 443.

Configuring Multiple Relay Hops in a Row

If setting up multiple relays in a row, you must identify each relay hop individually but you can only specify the first relay hop in the Relays field on the Storage tab in your IT Administration Console. Additional relay hops must include a rule directing traffic to the next target.

Contact Signiant Support for help setting up a chain of relays.

Load Balancing

Load balancing across multiple on-premises SDCX Servers can also be achieved with a third-party load balancer to avoid multiple SDCX Servers having public IP addresses. In this case, the load balancer IP acts as the relay.

When connecting to a load-balanced group of SDCX Servers, the connection is made with the first successfully-responding relay.

Note: If an SDCX Server configured as a relay is offline, it remains in the load-balanced group.