Relays are used to facilitate the establishment of a secure connection between Clients and Connectors for data that is destined for a Resource.
Once a Client has been authorized to access a Resource by the Controller for that Resource, data intended for that Resource is sent over a new connection that is established between the Client and a Connector that can forward traffic to that Resource. This connection is end-to-end encrypted over a certificate-pinned TLS tunnel, and the connection is facilitated by a Relay that the Connector is connected to. When necessary, the encrypted tunnel may also be routed through the Relay.
Relays are one part of Twingate-controlled infrastructure that are involved in these data connections.
Twingate has a global network of Relays that are distributed throughout the world to minimize latency and provide for redundancy as follows:
- Latency: To minimize any additional latency created by routing a connection through a Relay, each Connector connects to the first available Relay that is geographically nearest.
- Redundancy: Each Relay location has a cluster of multiple Relays for redundancy. If a Relay in one location fails, another Relay in the same location is used. If an entire Relay Cluster location fails, Relays from the next nearest Relay Cluster location will automatically be used.
Twingate maintains Relay Clusters at the locations below. Locations were selected based on where we have assessed that public cloud resources are most commonly located.
- North America
- Los Angeles
- South Carolina
- South America
- São Paulo
- Middle East
- Tel Aviv
Data-carrying traffic may pass through Relays on a transient basis and Relays do not store any traffic or network-identifiable information. Traffic that passes through a Relay has already been encrypted, since the Relay is essentially a hop along the end-to-end encrypted TLS tunnel between the Client and Connector. No data-carrying connections are terminated at the Relay.
Last updated 2 months ago