Cirrus Data Cloud Management Relay is an optional feature that is built into Cirrus Migrate Cloud that facilitates connectivity from your private enclosed data center to Cirrus Data Cloud for both installation and operational purposes.

This document describes the management relay product feature. For guides on how to enable it and how to deploy CMC using the relay, see Using Cirrus Migrate Cloud via Management Relay

What it does
Cirrus Data Cloud Management Relay (CDC-Relay) allows any hosts with Cirrus Migrate Cloud deployed to act as a secured relay server. With CDC-Relay, other hosts in the same private network can connect to to Cirrus Data Cloud for installations and operations via the relay host.

The same secure communication scheme is used between hosts to CDC-Relay and CDC-Relay to Cirrus Data Cloud. Therefore, even with CDC-Relay, only outbound https traffic is needed and hosts are not required to accept inbound connections.

CDC-Relay can be enabled on any hosts with CMC installed. Both Windows and Linux hosts are supported.

There are additional benefits using CDC-Relay to communicate with Cirrus Data Cloud:
Observability / Security: CDC-Relay provides various metrics allowing you to know which hosts (or potentially unwanted hosts) is connecting over the relay and which hosts are active, along with other network-related information. Centralized communication will also allow easier infrastructure-level monitoring.
Control: You will have the ability to control which hosts can or cannot install CMC and communicate with Cirrus Data Cloud. An 1-Click kill switch can also be used to disable all connections.
Local Installation: Other than the first host, which can also be a standalone virtual host that is not part of any migration, all deployments in the same environment occur locally.

Who needs it
The following are common use cases for CDC-Relay.

Secure / Network-Restricted Environments
If you are in a network-restricted environment, where it is not possible to allow your migration hosts to connect to the Cirrus Data Cloud Endpoint even only for management purposes, you may first deploy CMC on a separate host , activate CDC Management Relay feature, and install CMC on the source/destination hosts via the relay host.

The relay host may be in a more secure network environment. E.g. the network may be more tightly monitored.
The relay host is single-purpose. As a result, up-to-date security packages or settings can be deployed.

Outdated Host Environments
For hosts that are end-of-life or outdated, which as a result does not have the required networking or security packages/configuration applied, CDC-Relay may be used to ensure that connection is secure. Without CDC-Relay, there are often obstacles configuring the hosts to connect to Cirrus Data Cloud such as TLS1.2 support, etc.

Difference between CDC-Relay and regular HTTP/HTTPS proxy
In pure network connectivity's perspective, regular http/https proxy can achieve the same objective. However, the following are common reasons why http/https proxy cannot or is not desirable to be used:

Security Concern HTTPS proxy is general purpose and therefore allowing connectivity between host and a https proxy may inadvertantly allow other applications on the hosts to potentially make use of it as well.
Deployment In many environments that do not need outbound connections to the internet, it may not be feasible to deploy a general-purpose proxy.

Network Requirements
The same secure communication scheme is used between hosts to CDC-Relay and CDC-Relay to Cirrus Data Cloud. Therefore, even with CDC-Relay:

Only outbound https traffic is needed and hosts are still not required to accept inbound connections to install and operate CMC.
Hosts with CDC Management Relay enabled will need to accept inbound https connections from port 4943 (and 4944 for Windows deployment) on its internal network interfaces for other hosts in the same network to connect to.

Architecture
The following diagram illustrates the use of CDC-Relay:



#app-hint:cdc-relay
Was this article helpful?
Cancel
Thank you!