The RSOE runs on the same computer as an Unwired Server and is configured with the address of a Relay Server (the inner firewall is open to outgoing traffic, but not incoming traffic).
The RSOE connects to the Relay Server via HTTP or HTTPS and identifies itself through the Media Access Control (MAC) address, security token, and the backend Sybase Unwired Platform farm it services. The Relay Server identifies the RSOE’s authenticity. If the RSOE’s identity is accepted, the Relay Server sends it a list of all the other Relay Servers in the Relay Server farm. The RSOE establishes a blocking GET HTTP request to each of the Relay Servers in the farm. When a Relay Server receives a client request for a given Sybase Unwired Platform farm, it picks one of the available RSOE connections to that farm and sends the client request there.
In this way, the network administrator does not need to open ports on the inner firewall to allow connection requests between the firewalls into the intranet. All connection requests come from within the intranet. Avoiding firewall portholes protects the intranet from hackers who breach the outer firewall.
This network traffic contains exactly the same content, and thus the same security concerns as network communication between the device application or database and the Relay Server.