Relays, much like Gateways, are how the strongDM network connects with resources such as databases and servers. Unlike a Gateway, the Relay does not listen for client connections.
When might this be helpful? For a secure a network where you are not able to expose ports, the strongDM Relay is the answer. Since the Relay will dial out to connect to your Gateways preserving the egress-only nature of your firewall, but allowing your strongDM clients to reach any configured resources in the network.
Generating a Relay token
Generate a relay token. Log into the Admin UI and select Gateways on the left navigation bar. Click on the add relay button in the upper right, and a box will pop up. You can rename the relay here, or do it later. Click on create and the relay token will appear onscreen. Copy the relay token and put it aside. You will need it again in a later step.
Set up a 64-bit Linux instance that will run the gateway. Machines should have at least 2 CPUs and 4 GB of memory. If this is using SELinux you will need to disable to install the gateway: SE Linux
Login to the gateway instance and download the SDM binary:
$ curl -J -O -L https://app.strongdm.com/releases/cli/linux
$ unzip sdmcli_*_linux_amd64.zip
Run the installer:
$ sudo ./sdm install --relay
The installer must be run by a user that exists in the
/etc/passwdfile. Any users remotely authenticated, such as with LDAP or an SSO service, will fail to complete the installation.
You will be prompted for the Relay token you created in Step 1. Paste it into the terminal and press enter. For security purposes you will not see the token on the screen.
Login to the Admin UI the Gateway you created should now appear as Online, with a heartbeat. You may need to hard refresh the page.
Repeat this process to create a second Relay, we recommend running them in pairs for high-availability.
If any errors occur, please copy them into an email and send to firstname.lastname@example.org.