Skip to main content

 

Druva Documentation

Understanding inSync Edge Server

About inSync edge server

In an inSync Private Cloud deployment, not all inSync clients may back up data from within the organization's firewall. You may have employees who are outside the organization's firewall and need to backup data from their devices. This means opening up access to the inSync master server and the storage nodes for access from outside the firewall. As a security policy, your organization may not allow direct outside access to any server within the firewall. In such cases, inSync recommends the use of inSync edge servers.

The inSync edge server sits in a demilitarized zone (DMZ), outside your organization's firewall and facilitates the communication between the inSync client and the inSync master server or the storage node. By validating the requests that are sent to master server, or a storage node, it introduces an additional layer of security in the inSync client - master server or inSync client - storage node communication. It acts as a gateway that filters requests via “unverified” networks, thus counteracting upon the vulnerability of the Private Cloud setup.

inSync edge server deployment architecture

The following diagram depicts a simple deployment of inSync Private Cloud with edge servers. The organization has geographically distributed locations, and each location is protected by a firewall. 

Edge Server-Master server&storagenode - FINAL.png

As illustrated in the diagram, at least one inSync edge server is required for each location. Once an edge server is configured to a master server or a storage node, the master server and the storage nodes communicate only with the edge servers. 

Data flow through inSync edge server

The following table explains the data flow between the inSync client, inSync Master Server, inSync Storage Node, and the edge server.

Step Description
Step 1 The inSync client sends a backup or restore request to the edge server.
Step 2 The edge server validates the request. If the validation is successful, it creates a communication tunnel through it between the inSync client and the Master server.
Step 3 The Master server acknowledges and authenticates the client request. It redirects the client to the appropriate storage node.
Step 4

The inSync client sends the request to the appropriate storage node.

  • If the storage node is on a different network than the Master server, the edge server configured with the storage node validates the request. On successful validation, it creates a communication tunnel through it between the inSync client and the storage node.
  • If the storage node is within the same network as that of the Master server, edge server does not validate the request. It just creates a communication tunnel through it between the inSync client and the storage node
Step 5 Data is backed up or restored. 
  • Was this article helpful?