# FAQ - Medulla Infrastructure # Architecture and Deployment of Medulla Relay Servers Relay servers are local components designed to optimize resource distribution and communication between agents and the main**Medulla** server. ##### 1. The Classic Relay (LAN / Private Network) The classic relay is installed within the company network. Its purpose is to serve as a local "cache" and distribution point for agents located on the same site or network segment. - **Function:** Bandwidth optimization and image deployment (Imaging). - **Location:** Remote site, behind a router or an inter-site link. ##### 2. The DMZ Relay (Public Exposure) The DMZ relay is a secure gateway between the Internet and the main Medulla server. - **Function:** Enables the management of mobile workstations (teleworking, travel) without directly exposing the main server to the Internet. - **Location:** Demilitarized Zone (DMZ), accessible via a public IP address or an external domain name. - **Note:** It does not support remote imaging (mastering) via the Internet. ##### 3. Sizing (Technical Specifications) The hardware requirements are identical for both roles, but their software functions will differ during configuration. **A. Relay Server(s) (LAN)**
**Component****Recommended Specification**
**OS**Debian 12.x
**Architecture**x86-64
**CPU**4 cores
**RAM**8 GB
**Partition /**20 GB (EXT4)
**/var partition**≥ 400 GB (XFS) or mount point on array
**B. DMZ Relay Server (Mobile Workstations)**
**Component****Recommended specification**
**OS**Debian 12.x
**Architecture**x86-64
**CPU**4 cores
**RAM**8 GB
**Partition /**20 GB (EXT4)
**/var partition**≥ 200 GB (XFS) or mount point on array
##### 4. Decision Summary This table helps you determine which type of server to deploy based on your situation:
**Condition****Required Relay Type****Main reason**
**Fleet > 5,000 workstations** on the same network**Classic Relay (LAN)**Reduction of CPU/RAM load on the main Medulla server.
**Remote site** (Different network without a transparent LAN connection)**Classic Relay (LAN)**Enable local imaging and save WAN bandwidth.
**Mobile workstations** (Remote work, outside the private network, without VPN)**DMZ Relay**Ensure secure agent communication over the Internet.
**Interconnected sites** (High-speed private connection, authorized LAN traffic)**None (Optional)**The main server can manage the entire system, including imaging.
# Procedure for adding relays to Medulla Dedicated SaaS #### 1. Setting up the server --- Required settings: - OS: Debian 12.x - Architecture: x86-64 - CPU: 4 vCPUs - RAM: 8 GB - Storage - /: 20 GB – EXT4 - /var: ≥ 400 GB – XFS (Or a dedicated mount point on an external array/volume) #### 2. Creating a user --- Create the user "medulla" and grant them sudo privileges. #### 3. Installing the SSH key --- The SSH public key provided as an attachment must be added to: ``` /home/medulla/.ssh/authorized_keys ``` #### 4. Opening network ports --- Traffic must be allowed in both directions between: - Medulla Server - Relay (your server) ##### 4.1. Medulla Server → Relay Traffic **Port | Description** - 5269 | TCP / XMXPP - 22 | TCP / SSH - 22000 | TCP / Syncthing - 8081 | TCP / HTTP(S) - 9990 | TCP / XML RPC HTTPS ##### 4.2. Relay Stream → Medulla Server **Port | Description** - 5269 | TCP / XMXPP - 22 | TCP / SSH - 22000 | TCP / Syncthing - 8443 | TCP / HTTPS - 22067 | TCP / BEP-Relay/TLS - 9999 | TCP / XML RPC/HTTPS - 7080 | TCP / XML RPC/HTTPS #### 5. Information to Provide --- **The team must provide us with:** - Create the entity you wish to dedicate to the relay in ITSM (only if you want an entity different from the parent entity). - Confirmation that the above network ports have been opened. - Confirmation that the SSH key has been added to the relay server. - The password for the "medulla" user with passwordless sudo privileges. - The FQDN of your relay server #### 6. Continuation of the installation --- Once the machine is ready, we will perform the full software installation via Ansible. A Medulla agent will be automatically generated to connect the workstations to this relay. # Medulla Update - 5.4.x to 5.5.x

Medulla / 5.4.x / Updating Medulla to 5.5.x / Medulla Maintenance

To update from version 5.4.x to 5.5.x and higher, please follow the steps below: Download the file to the Medulla server: ```bash curl https://dl.medulla-tech.io/up/update_medulla.sh ``` Grant execution permissions to the script: ``` chmod +x update_medulla.sh ``` Run the update: ``` ./update_medulla.sh ``` Once the procedure is complete, return to the Medulla interface.

All commands must be run as root or with an account that has administrator privileges.