Architecture and Deployment of Medulla Relay Servers

Relay servers are local components designed to optimize resource distribution and communication between agents and the main Medulla server. 
 1. The Classic Relay (LAN / Private Network) 
 The classic relay is installed within the company network. Its purpose is to serve as a local "cache" and distribution point for agents located on the same site or network segment. 
 
 
 Function: Bandwidth optimization and image deployment (Imaging). 
 
 
 Location: Remote site, behind a router or an inter-site link. 
 
 
 2. The DMZ Relay (Public Exposure) 
 The DMZ relay is a secure gateway between the Internet and the main Medulla server. 
 
 
 Function: Enables the management of mobile workstations (teleworking, travel) without directly exposing the main server to the Internet. 
 
 
 Location: Demilitarized Zone (DMZ), accessible via a public IP address or an external domain name. 
 
 
 Note: It does not support remote imaging (mastering) via the Internet. 
 
 
 3. Sizing (Technical Specifications) 
 The hardware requirements are identical for both roles, but their software functions will differ during configuration. 
 A. Relay Server(s) (LAN) 
 
 
 
 Component 
 Recommended Specification 
 
 
 
 
 OS 
 Debian 12.x 
 
 
 Architecture 
 x86-64 
 
 
 CPU 
 4 cores 
 
 
 RAM 
 8 GB 
 
 
 Partition / 
 20 GB (EXT4) 
 
 
 /var partition 
 ≥ 400 GB (XFS) or mount point on array 
 
 
 
 B. DMZ Relay Server (Mobile Workstations) 
 
 
 
 Component 
 Recommended specification 
 
 
 
 
 OS 
 Debian 12.x 
 
 
 Architecture 
 x86-64 
 
 
 CPU 
 4 cores 
 
 
 RAM 
 8 GB 
 
 
 Partition / 
 20 GB (EXT4) 
 
 
 /var partition 
 ≥ 200 GB (XFS) or mount point on array 
 
 
 
 4. Decision Summary 
 This table helps you determine which type of server to deploy based on your situation: 
 
 
 
 Condition 
 Required Relay Type 
 Main reason 
 
 
 
 
 Fleet > 5,000 workstations on the same network 
 Classic Relay (LAN) 
 Reduction of CPU/RAM load on the main Medulla server. 
 
 
 Remote site (Different network without a transparent LAN connection) 
 Classic Relay (LAN) 
 Enable local imaging and save WAN bandwidth. 
 
 
 Mobile workstations (Remote work, outside the private network, without VPN) 
 DMZ Relay 
 Ensure secure agent communication over the Internet. 
 
 
 Interconnected sites (High-speed private connection, authorized LAN traffic) 
 None (Optional) 
 The main server can manage the entire system, including imaging.