Last modified on August 10, 2022

As with gateways, strongDM uses relays to connect with network resources such as databases and servers. However, relays do not listen for client connections. They can be deployed behind your firewall when internal subnets do not allow ingress, and you are not able to expose ports publicly.

Relays create a reverse tunnel to form connections to the gateway. With this action, they preserve the egress-only nature of your firewall and allow your strongDM clients to reach any configured resources in the network.

strongDM Network Architecture
strongDM Network Architecture

When clients connect to the strongDM network, they request a list of available gateways. strongDM determines the most suitable route and sends all connections through one or more of these gateways. From the point of view of a resource, such as a database or server, all traffic originates from any relay or gateway with access to the resource.

The relay component can be deployed as a native Linux service, Docker container, or Kubernetes container. For more, check the Download & Install page in the Admin UI.

Relay settings and configurations can be managed in the strongDM Admin UI. To learn more, see the Admin UI Relays walk-through.