About inSync Edge Server
In an inSync Private Cloud deployment, the inSync client might back up data outside the organization's firewall. This means providing access to the inSync Master and the inSync Storage Nodes from outside the firewall. As a security policy, your organization might not allow connections or requests that come from devices outside the firewall. In such scenarios, we recommend the use of inSync Edge Servers.
The inSync Edge Server sits in a demilitarized zone (DMZ), outside your organization's firewall and facilitates communication between the inSync client and the inSync Master, or the inSync client and the inSync Storage Node. By validating the requests that the inSync client sends to the inSync Master or to the inSync Storage Node, the inSync Edge Server introduces an additional layer of security. The inSync Edge Server acts as a gateway that filters requests via unauthorized networks to counteract the vulnerability of the Private Cloud setup.
inSync Edge Server deployment architecture
The following diagram illustrates a sample deployment of inSync Private Cloud with inSync Edge Servers. The organization has geographically distributed location, and each location is protected by a firewall.
As illustrated in the diagram, at least one inSync Edge Server is required for each location. Once inSync Edge Server is configured for the inSync Master or the inSync storage node. inSync Master and inSync Storage Nodes that are within the same network communicate directly. When the inSync Master needs to communicate with inSync Storage Nodes that are outside the network, the inSync Master communicates through the inSync Edge Server. The inSync client communicates with the inSync Master or the inSync Storage node through the inSync Edge Server.
Data flow through inSync Edge Server works
The following table explains the data flow between the inSync client, inSync Master, inSync Storage Node, and inSync Edge Server.
|1||The inSync client sends a backup or restore request to inSync Edge Server.|
The inSync Edge Server validates the request. If the validation is successful, the inSync Edge Server creates a communication tunnel between the inSync client and the inSync Master.
|3||The inSync Master acknowledges and authenticates the inSync client request. It redirects the inSync client to the appropriate inSync Storage Node.|
The inSync client sends the request to the inSync Edge Server that is configured for the inSync Storage Node with which the inSync client wants to communicate.
The inSync Edge Server configured with the inSync Storage Node validates the request. If the validation is successful, the inSync Edge Server creates a communication tunnel between the inSync client and the inSync Storage Node.
Data is backed up or restored.