About inSync edge server
In an inSync Private Cloud deployment, not all inSync clients may back up data from within the organization's firewall. You may have employees who are outside the organization's firewall and need to backup data from their devices. This means opening up access to the inSync master server and the storage nodes for access from outside the firewall. As a security policy, your organization may not allow direct outside access to any server within the firewall. In such cases, inSync recommends the use of inSync edge servers.
The inSync edge server sits in a demilitarized zone (DMZ), outside your organization's firewall and facilitates the communication between the inSync client and the inSync master server or the storage node. By validating the requests that are sent to master server, or a storage node, it introduces an additional layer of security in the inSync client - master server or inSync client - storage node communication. It acts as a gateway that filters requests via “unverified” networks, thus counteracting upon the vulnerability of the Private Cloud setup.
inSync edge server deployment architecture
The following diagram depicts a simple deployment of inSync Private Cloud with edge servers. The organization has geographically distributed locations, and each location is protected by a firewall.
As illustrated in the diagram, at least one inSync edge server is required for each location. Once an edge server is configured to a master server or a storage node, the master server and the storage nodes communicate only with the edge servers.
Data flow through inSync edge server
The following table explains the data flow between the inSync client, inSync Master Server, inSync Storage Node, and the edge server.
|Step 1||The inSync client sends a backup or restore request to the edge server.|
|Step 2||The edge server validates the request. If the validation is successful, it creates a communication tunnel through it between the inSync client and the Master server.|
|Step 3||The Master server acknowledges and authenticates the client request. It redirects the client to the appropriate storage node.|
|Step 4|| |
The inSync client sends the request to the appropriate storage node.
|Step 5||Data is backed up or restored.|