FAQ - Medulla Infrastructure
- Architecture and Deployment of Medulla Relay Servers
- Procedure for adding relays to Medulla Dedicated SaaS
- Medulla Update - 5.4.x to 5.5.x
Architecture and Deployment of Medulla Relay Servers
Relay servers are local components designed to optimize resource distribution and communication between agents and the mainMedulla server.
1. The Classic Relay (LAN / Private Network)
The classic relay is installed within the company network. Its purpose is to serve as a local "cache" and distribution point for agents located on the same site or network segment.
-
Function: Bandwidth optimization and image deployment (Imaging).
-
Location: Remote site, behind a router or an inter-site link.
2. The DMZ Relay (Public Exposure)
The DMZ relay is a secure gateway between the Internet and the main Medulla server.
-
Function: Enables the management of mobile workstations (teleworking, travel) without directly exposing the main server to the Internet.
-
Location: Demilitarized Zone (DMZ), accessible via a public IP address or an external domain name.
-
Note: It does not support remote imaging (mastering) via the Internet.
3. Sizing (Technical Specifications)
The hardware requirements are identical for both roles, but their software functions will differ during configuration.
A. Relay Server(s) (LAN)
| Component | Recommended Specification |
| OS | Debian 12.x |
| Architecture | x86-64 |
| CPU | 4 cores |
| RAM | 8 GB |
| Partition / | 20 GB (EXT4) |
| /var partition | ≥ 400 GB (XFS) or mount point on array |
B. DMZ Relay Server (Mobile Workstations)
| Component | Recommended specification |
| OS | Debian 12.x |
| Architecture | x86-64 |
| CPU | 4 cores |
| RAM | 8 GB |
| Partition / | 20 GB (EXT4) |
| /var partition | ≥ 200 GB (XFS) or mount point on array |
4. Decision Summary
This table helps you determine which type of server to deploy based on your situation:
| Condition | Required Relay Type | Main reason |
| Fleet > 5,000 workstations on the same network | Classic Relay (LAN) | Reduction of CPU/RAM load on the main Medulla server. |
| Remote site (Different network without a transparent LAN connection) | Classic Relay (LAN) | Enable local imaging and save WAN bandwidth. |
| Mobile workstations (Remote work, outside the private network, without VPN) | DMZ Relay | Ensure secure agent communication over the Internet. |
| Interconnected sites (High-speed private connection, authorized LAN traffic) | None (Optional) | The main server can manage the entire system, including imaging. |
Procedure for adding relays to Medulla Dedicated SaaS
1. Setting up the server
Required settings:
- OS: Debian 12.x
- Architecture: x86-64
- CPU: 4 vCPUs
- RAM: 8 GB
- Storage
- /: 20 GB – EXT4
- /var: ≥ 400 GB – XFS (Or a dedicated mount point on an external array/volume)
2. Creating a user
Create the user "medulla" and grant them sudo privileges.
3. Installing the SSH key
The SSH public key provided as an attachment must be added to:
/home/medulla/.ssh/authorized_keys
4. Opening network ports
Traffic must be allowed in both directions between:
- Medulla Server
- Relay (your server)
4.1. Medulla Server → Relay Traffic
Port | Description
- 5269 | TCP / XMXPP
- 22 | TCP / SSH
- 22000 | TCP / Syncthing
- 8081 | TCP / HTTP(S)
- 9990 | TCP / XML RPC HTTPS
4.2. Relay Stream → Medulla Server
Port | Description
- 5269 | TCP / XMXPP
- 22 | TCP / SSH
- 22000 | TCP / Syncthing
- 8443 | TCP / HTTPS
- 22067 | TCP / BEP-Relay/TLS
- 9999 | TCP / XML RPC/HTTPS
- 7080 | TCP / XML RPC/HTTPS
5. Information to Provide
The team must provide us with:
- Create the entity you wish to dedicate to the relay in ITSM (only if you want an entity different from the parent entity).
- Confirmation that the above network ports have been opened.
- Confirmation that the SSH key has been added to the relay server.
- The password for the "medulla" user with passwordless sudo privileges.
- The FQDN of your relay server
6. Continuation of the installation
Once the machine is ready, we will perform the full software installation via Ansible.
A Medulla agent will be automatically generated to connect the workstations to this relay.
Medulla Update - 5.4.x to 5.5.x
Medulla / 5.4.x / Updating Medulla to 5.5.x / Medulla Maintenance
To update from version 5.4.x to 5.5.x and higher, please follow the steps below:
Download the file to the Medulla server:
curl https://dl.medulla-tech.io/up/update_medulla.shGrant execution permissions to the script:
chmod +x update_medulla.shRun the update:
./update_medulla.shOnce the procedure is complete, return to the Medulla interface.
All commands must be run as root or with an account that has administrator privileges.