The relay-endpoint deployment model architecture includes two instances of the AirWatch Content Gateway with separate roles. The AirWatch Content Gateway relay server resides in the DMZ and can be accessed from public DNS over the configured ports.
By default, 443 is the port for accessing the Content Gateway. The AirWatch Content Gateway endpoint server is installed in the internal network hosting internal resources. This server must have an internal DNS record that the relay server can resolve. This deployment model separates the publicly available server from the server that connects directly to internal resources, providing an added layer of security.
The role of the endpoint server is to connect to the internal repository or content requested by the device. The relay server performs health checks at a regular interval to ensure that the endpoint is active and available.
These components can be installed on shared or dedicated servers. To ensure that other applications running on the same server does not impact the performance, install AirWatch Content Gateway on dedicated servers.