# Architecture and Deployment of Medulla Relay Servers Relay servers are local components designed to optimize resource distribution and communication between agents and the main**Medulla** server. ##### 1. The Classic Relay (LAN / Private Network) The classic relay is installed within the company network. Its purpose is to serve as a local "cache" and distribution point for agents located on the same site or network segment. - **Function:** Bandwidth optimization and image deployment (Imaging). - **Location:** Remote site, behind a router or an inter-site link. ##### 2. The DMZ Relay (Public Exposure) The DMZ relay is a secure gateway between the Internet and the main Medulla server. - **Function:** Enables the management of mobile workstations (teleworking, travel) without directly exposing the main server to the Internet. - **Location:** Demilitarized Zone (DMZ), accessible via a public IP address or an external domain name. - **Note:** It does not support remote imaging (mastering) via the Internet. ##### 3. Sizing (Technical Specifications) The hardware requirements are identical for both roles, but their software functions will differ during configuration. **A. Relay Server(s) (LAN)**
**Component****Recommended Specification**
**OS**Debian 12.x
**Architecture**x86-64
**CPU**4 cores
**RAM**8 GB
**Partition /**20 GB (EXT4)
**/var partition**≥ 400 GB (XFS) or mount point on array
**B. DMZ Relay Server (Mobile Workstations)**
**Component****Recommended specification**
**OS**Debian 12.x
**Architecture**x86-64
**CPU**4 cores
**RAM**8 GB
**Partition /**20 GB (EXT4)
**/var partition**≥ 200 GB (XFS) or mount point on array
##### 4. Decision Summary This table helps you determine which type of server to deploy based on your situation:
**Condition****Required Relay Type****Main reason**
**Fleet > 5,000 workstations** on the same network**Classic Relay (LAN)**Reduction of CPU/RAM load on the main Medulla server.
**Remote site** (Different network without a transparent LAN connection)**Classic Relay (LAN)**Enable local imaging and save WAN bandwidth.
**Mobile workstations** (Remote work, outside the private network, without VPN)**DMZ Relay**Ensure secure agent communication over the Internet.
**Interconnected sites** (High-speed private connection, authorized LAN traffic)**None (Optional)**The main server can manage the entire system, including imaging.