Relays are used to facilitate the establishment of a secure connection between Clients and Connectors for data that is destined for a Resource.
Once a Client has been authorized to access a Resource by the Controller for that Resource, data intended for that Resource is sent over a new connection that is established between the Client and a Connector that can forward traffic to that Resource. This connection is end-to-end encrypted over a certificate-pinned TLS tunnel, and the connection is facilitated by, and routed through, a Relay that the Connector is connected to.
Relays are the only part of Twingate-controlled infrastructure that are involved in these data connections.
Twingate has a global network of Relays that are distributed throughout the world to minimize latency and provide for redundancy as follows:
- Latency: To minimize any additional latency created by routing a connection through a Relay, each Connector connects to the first available Relay that is geographically nearest.
- Redundancy: Each Relay location has a cluster of multiple Relays for redundancy. If a Relay in one location fails, another Relay in the same location is used. If an entire Relay Cluster location fails, Relays from the next nearest Relay Cluster location will automatically be used.
Twingate maintains Relay Clusters at the locations below. Locations were selected based on where we have assessed that public cloud resources are most commonly located.
This list is current as of March 2021:
- North America
- Los Angeles
- North Virginia
- South Carolina
Additional Relay Cluster locations may be able to be added upon request. If you have a Controller physically located somewhere that would benefit from a Relay Cluster positioned in another part of the world, please contact Twingate Support.
Data-carrying traffic passes through Relays on a transient basis and Relays do not store any traffic or network-identifiable information. Traffic that passes through a Relay has already been encrypted, since the Relay is essentially a hop along the end-to-end encrypted TLS tunnel between the Client and Connector. No data-carrying connections are terminated at the Relay.
Updated 5 months ago