Pull service-based relay servers periodically contact the Workspace ONE ™ UEM console to check for new products, profiles, files, actions, and applications assigned to devices under the pull relay servers purview. Configure a pull server to deliver content to devices without excessive bandwidth use.
If you make changes or additions, the server creates an outbound connection to the UEM console to download the new content to the server before pushing it to its devices. Pull service is best used when traversing any NAT firewall or SaaS to on-premises hybrid environments because SaaS customers typically do not want the service to tie-up bandwidth when content is delivered from Workspace ONE UEM to the store server.
Pull Relay Server Security
Client-server applications such as Workspace ONE UEM use the transport layer security (TLS) cryptographic protocol to communicate across a network. TLS is supported by the file transfer protocol (FTP), file transfer protocol over SSL (FTPS), and SSH file transfer protocol (SFTP).
These file transfer protocols only secure those parts of the process where data is in transit between the client and the server. Because of this limitation, VMware recommends the use of OS-level disk encryption. There are several operating system-specific tools available (for example BitLocker for Windows, GnuPG for Linux).
To create a pull relay server, you must first have an FTP, Explicit FTPS, or SFTP server to function as the relay server. FTP(S) servers must be compliant with RFC 959 and RFC 2228 set by the Internet Engineering Task Force.
The ports you configure when you create your FTP, Explicit FTPS, Implicit FTPS (Android only), or SFTP server must be the same ports you enter when creating a relay server in the Workspace ONE UEM console.
The process covers the installation of one server at a time. For bulk installation, you must use a third-party application. Workspace ONE UEM supports importing servers in bulk through the Bulk Import option. See Import Relay Servers in Bulk for more information.