• Documentation
    • Search documentation
    karat

    +

    K

    API Reference ↗
    Data connectivity & integrationPeer ManagerCreate and update a peer connectionEstablish a data relay connection

    Establish a data relay connection

    A data relay connection enables Enrollment administrators to exchange data between two enrollments over an existing cross-domain solution (CDS) instead of over a direct network connection. Like a Multipass exchanger (MPX) connection, a data relay connection serves as a prerequisite to creating a peer connection.

    Use a data relay connection when no direct network connection is available between the two enrollments, meaning you must use an existing CDS to exchange data. If a network connection is available between the two enrollments, establish an MPX connection instead.

    In Peer Manager, you can establish a data relay connection by configuring one or more CDS channels per remote enrollment. Each channel routes data in a single direction (Export or Import) through one type of CDS transport, such as a shared file directory, an HTTP endpoint, an S3 bucket, or a Lattice ↗ service. The instructions in the sections below outline actions an Enrollment administrator on each enrollment must take to establish the connection.

    Coordinate CDS channel details with the remote administrator

    Before either Enrollment administrator creates a channel, coordinate the following with the remote enrollment's administrator so that the CDS channels on each side of the connection match:

    • Direction of each channel: Each channel sends data in one direction only. To export data from Enrollment A to Enrollment B, the administrator on Enrollment A creates an Export channel and the administrator on Enrollment B creates an Import channel. To send data in both directions, both administrators create a matching pair of Export and Import channels.
    • Connection type: Both sides of a channel must use the same connection type. For example, if the exporting side uses HTTP, the importing side must also use HTTP. The available connection types are:
      • File: The exporting side writes data as files to a directory, and the importing side reads from that directory.
      • HTTP: Data is sent over the network. This option also supports any CDS that can be configured to pass through HTTP requests.
      • S3: The exporting side writes data to an S3 bucket, and the importing side reads from the bucket and removes the files after processing.
      • Lattice: Both sides connect to a Lattice service URI using either Kubernetes service account authentication or a static token.
    • Channel secret (optional): If the exporting side signs outgoing payloads with a secret, the importing side must register the same secret to validate the incoming payloads.
    • Remote enrollment RID: Each administrator must provide the other enrollment's RID when creating their channel. Locate the enrollment RID using the Get Current Enrollment endpoint in the Foundry API or by navigating to Control Panel and sourcing the RID from the URL: https://{FOUNDRY_URL}/workspace/control-panel/enrollment/{ENROLLMENT_RID}/home.

    Create a CDS channel

    After you coordinate the CDS channels with the other administrator, follow the steps below on your enrollment to create each CDS channel that you are responsible for:

    1. In Peer Manager, open the Network connections tab.
    2. In the Send data across a CDS section, select New CDS channel for Peer Manager to route you to the New channel page.
    3. Fill in the Channel details section:
      • Channel name: A name to identify the channel.
      • Channel description (optional): A short description of the channel's purpose.
      • Remote enrollment RID: The RID of the enrollment on the other side of the channel.
      • Channel secret (optional): A secret used to sign outgoing payloads or validate incoming payloads. The secret must match on both sides of the channel.
      • Channel to override (optional): The name of a read-only channel that this channel will override.
      • Direction: Select Export if this channel sends data to the remote enrollment or Import if this channel receives data from the remote enrollment.
    4. Review the Guard configuration section. For Export channels, you must set a Schema version that is compatible with your CDS, as accepting the default may cause channel creation to fail.
    5. Select the data types the channel carries in the Integrations section from the available options:
      • Peering: Routes the control plane traffic that the two enrollments use to coordinate peer connections and peering jobs over the channel. You must select this integration to use the channel as the underlying transport for a peer connection.
      • Chat: Routes cross-enrollment chat messages between users on the two enrollments.
      • Geotime: Routes geotemporal data, such as positions and tracks, between the two enrollments.
      • Heartbeat: Routes periodic heartbeat signals across the channel so each enrollment can detect whether the channel is reachable and operating normally.
    6. Optionally toggle Peer media sets if you need to configure an additional pipe to transfer binary data from media sets to or from the secondary CDS channel that supports binary files.
    7. Select a Connection type that matches what the other administrator selected in the Channel configuration section and fill in the corresponding configuration fields for that transport.
    8. Select Save changes to create the channel, which will appear in the CDS channels table in the Network connections tab.

    If you need to send data in both directions, repeat the steps above to create a second channel with the opposite direction.

    Next steps

    After both administrators create their matching CDS channels and confirm the channels are healthy, you can return to Peer Manager to create a peer connection that uses the data relay channels. From the Network connections tab in Peer Manager, you can view and manage the CDS channels associated with the remote enrollment.