Relay Server as Firewall Protection

The Relay Server is a pair of Web server plug-ins, which you can install on an Internet Information Service (IIS) server on Windows, or on the Apache Web server on Linux.

The Relay Server is intended to run between a company’s inner and outer firewalls. The outer firewall has HTTP and HTTPS ports open to allow client Internet traffic to reach the Relay Server. The client’s URL includes the address of the client-side plug-in of the Relay Server and the name of the back-end Sybase Unwired Platform “farm” the client is trying to reach. A farm includes multiple Relay Servers for load balancing and fault tolerance. The network administrator must install a load balancer in front of the Relay Servers. The load balancer is not included with Sybase Unwired Platform. To make the interaction secure, clients should use end-to-end encryption.

The server-side plug-in accepts connections from various Relay Server Outbound Enabler (RSOE) processes, which indicate to the Relay Server what back-end farm each process represents. The Relay Server matches the farm name in the client’s request to a server-side plug-in connection, and routes the client’s request contents to that connection. Other than the farm name in the request URL, the Relay Server knows nothing about the content of these messages. The clients are not authenticated or authorized in any way. The client information is in memory and therefore is not susceptible to interception or modification. But, if the administrator turns certain tracing options up very high, data may get copied to log files. If end-to-end encryption is used, the data is undecipherable.

Security administrators secure the Relay Server as they would with any other Web server or proxy server they run between firewalls, so the same security precautions should be taken of setting up a proxy server.