A Workspace ONE relay server acts as a middleman in distributing content within a Workspace ONE UEM environment to Android Rugged devices. It essentially functions as a content distribution node, alleviating some of the burden from the main server.
Here’s a breakdown of its functionality and benefits:
- Content Distribution: The relay server acts as an FTP/SFTP/HTTPS server that stores and distributes product installation files (apps, configurations etc.) to Android devices. For example within Workspace ONE UEM under Devices – Provisioning. This reduces the traffic on the central Workspace ONE UEM server, especially when dealing with a large number of devices.
- Bandwidth Management: By placing a relay server within your network, you can control data usage by distributing content locally instead of relying solely on the internet connection to the Workspace ONE UEM server.
- Improved Performance: Relay servers can improve download speeds for devices on the network, particularly in geographically dispersed locations.
Note: Relays cannot be leveraged if you deploy Android applications and profiles via Resources – Apps or Resources – Profiles & Baselines.
In essence, relay servers enhance the efficiency of content delivery within Workspace ONE UEM by creating a localised distribution point. This is helpful for organisations with a significant number of devices or those facing bandwidth limitations.
For most customers, these are configured as pull relays. Pull service-based relay servers periodically contact the Workspace ONE UEM to monitor for new products, profiles, files, actions, and applications provisioned to devices under the pull relay servers purview.
The relay server creates an outbound HTTPS connection on port 443 to the Workspace ONE UEM console and periodically polls for changes or additions. If the server finds changes or additions, then it downloads the new content onto the server before pushing it to its devices.
When an administrator needs to deploy an application to their Android devices, the remote devices can communicate to their local relay server (LAN speeds) to receive the application instead of communicating across wide area networks to a remote UEM server.
The relay architecture as illustrated as follows:
This blog article provides step by step instructions to install a pull relay server:
Installing Internet Information Services (IIS)
The relay server can leverage popular FTP servers such as IIS or FileZilla. For the purposes of this article, I’ve used Internet Information Services (IIS). To install IIS, follow these step by step instructions.
- Open Server Manager
- Select Add roles and features
- Click Next
- Select Role-based or feature-based installation
- Click Next on Select a server from the server pool
- Select Web Server (IIS)
- Select Add Features
- Select Next – Next – Next and then select the FTP Server as shown:
8. Click Next
9. Click Install. It will take a minute or two to enable this role on your server.
10. Click Close when completed
Configure the FTP Server
1. Create a directory on your server for the FTP server. For example, C:\FTPRelay.
2. Create a local user called FTPUser (for example) and make it a member of a local group called (for example) FTPUsers. This group should be given full control of your relay directory, which in my case was C:\FTPRelay.
3. Open the Internet Information Services (IIS) Manager and browse to Sites as shown. Right click and select Add FTP Site.
4. Create a FTP site name and choose a directory on your server as follows:
5. For the purposes of my lab, I selected No SSL. However, for a production environment if you’re using SSL select your required certificate. Click Next
6. For Authentication, ensure that only Basic is selected. Change the Authorisation to Specified roles or user groups and enter FTPUsers. Click Finish when completed.
7. Click Finish
8. Select your new FTP site (in my case FTPRelay as shown below). Click Advanced Settings… and then change the Control Channel Timeout and Data Channel Timeout to 1000000 (seconds) as shown:
This will ensure the Android Hub has plenty of time to download any necessary files.
Configure a Relay Server
1. From the Workspace ONE UEM Admin console, select Devices – Provisioning – Relay Servers – List View.
2. Then select Add – Add Relay Server as follows:
3. Enter a relay server name (in my case it’s relay1) and change the Relay Server Type to Pull as shown:
4. Select the Assignment tab and update the Managed By option to be associated Organisational group as required. In my case, I left the top most OG called Demo.
5. Select the Device Connection tab and enter applicable settings for your FTP server at your remote site/office. For example for my lab:
6. Select the Pull Connection tab and configure the Pull Local Directory and Pull Discovery Text (which was the IP address of my relay server).
7. Click Save
8. The relay will then be added to the UEM console but will be in a disabled state (red circle). Note the orange warning alert under Relay Server. This is expected until the relay software is installed and running (see the next section).
9. Click the red circle and the relay will change to a green circle as follows:
Install the Relay Server
1. Login to the Workspace ONE UEM admin console and select Groups & Settings – Enterprise Integration – Pull Service Installers. Click Generate if the Download Configuration button is not available.
2. Click Download Configuration
3. Enter an appropriate certificate password and click Download.
4. Save this configuration file.
5. Click Download Windows Pull Service Installer (assuming your relay server is running Windows) and copy the downloaded install file to your relay server along with the configuration file.
6. Place the installer and configuration file in the same directory.
7. Run the installer and accept the installation defaults.
8. Enter the certificate password when prompted and click Next
9. Enter a proxy server if required and click Next
10. When prompted to provide customer discovery text, click Next
Note: If you do enter text, please note that the value entered is not the full Discovery Text value. The installer will append it to a unique GUID and store it in the appsettings.json file. This file can be found in the install directory of the Pull Service under the /bin folder. You’ll then copy the complete text and copy it to the pull discovery text within the UEM console (above) instead of the IP address.
11. Click Install.
Note: If the relay installer requires any prerequisite software, this will be automatically downloaded and your relay server may need to be restarted. In which case, after the restart, the relay installation continues on from before.
12. When the installation is finished the Relay Service service is shown as follows:
13. From the Workspace ONE UEM Admin console, select Devices – Provisioning – Relay Servers – List View.
14. Click the refresh icon and the Relay Server status should change to a green tick as follows:
On the relay server you can also review the PullServiceLog as shown:
Within a few minutes, applicable product files will be downloaded to the relay server FTP directory. For example in my lab:
If you have a product configured (for example) to install an Android application, you can review this application and check on it’s relay distribution status as shown:
For my lab I had also installed another relay server (relay2) and it’s also shown:
Testing your Relay
For testing, I deployed a couple of small test Android applications such as RAR for Android and APKPure using separate Workspace ONE UEM products as shown:
I reviewed the IIS FTP logs on my relay server(s) to ensure my test Android device was using these relays correctly:
That’s it! You’ve now installed and configured a relay server which can be used by your Android rugged devices.
Many Miles Away 