strongDM Network Architecture
strongDM Network Architecture

When Datasources and Servers are not publicly accessible, a Relay will be deployed behind your firewall. It is the only component permitted access to the firewalled Datasource and/or Server.

All connectivity between Clients, Datasources and Servers will be conducted via Relays in this case.

Gateways are simply Relays that have been assigned an IP address (and optionally, a DNS entry).

When Clients connect to the strongDM network, they request a list of available Gateways (hosted by the customer or strongDM). All connections then occur through one or more Gateways depending on the optimal Route computed by the strongDM system.

From the point of view of a Datasource or Server, all traffic will originate from the closest Relay or Gateway.

The Relay component is a statically-compiled native binary, and can be deployed as a native Linux service, a native Docker container, or a native Kubernetes container.

Environment Variables
Log Retention