The relay-endpoint deployment model architecture includes two instances of the AirWatch Content Gateway with separate roles. The AirWatch Content Gateway relay server resides in the DMZ and can be accessed from public DNS over the configured ports.

By default, the 443 is the port for accessing the Content Gateway. The AirWatch Content Gateway endpoint server is installed in the internal network hosting internal resources. This server must have an internal DNS record that can be resolved by the relay server. This deployment model separates the publicly available server from the server that connects directly to internal resources, providing an added layer of security.

The role of the endpoint server is to connect to the internal repository or content requested by the device. The relay server performs health checks at a regular interval to ensure that the endpoint is active and available.

These components can be installed on shared or dedicated servers. Install AirWatch Content Gateway on dedicated servers to ensure that performance is not impacted by other applications running on the same server.