Relay

A tdx Volt Relay enables Volts to bypass firewall and NAT systems and make data and services available to clients on the wider internet.

A Relay is implemented as ‘tunnel’ or bi-directional grpc stream that is initiated from the ‘client’ to the Relay Volt. Once a session is established, the Relay can then proxy grpc calls over the bi-direction byte stream.

For example, consider Alice’s Volt, which is behind a firewall, wishes to invoke functions on a service exposed by Bob’s Volt, which is itself behind a firewall. If both Alice and Bob establish a session with a third Relay Volt, then Alice is able to send the invocation request to Bob via the intermediate Relay Volt.

A Volt may establish connections to many Relay Volts concurrently.

Obviously for the Relay tdx Volt to be reachable it will need to be visible on the public internet. However there may be scenarios where it’s desireable to enable Relay on a tdx Volt that is not on the public internet, for example to take advantage of the discovery capabilities it brings (see below).

Encryption

The Relay tdx Volt has no visibility of the payload, other than the identity fingerprint of the recipient.

All data that passes through the Relay is encrypted before it enters the Relay using the intended recipients public key. When the payload is received it is decrypted and processed before the response is encrypted using the originating callers public key and sent back via the Relay.

Authentication

By default the Relay will require both ends of the ‘pipe’ to be authenticated. This means that both Alice and Bob will need to have bound to the Relay Volt.

A Relay can also run in ‘open’ mode, which means that any client can use the Relay with no authentation required. Note that this only applies to the establishment of the Relay session, authentication and policy will be applied as normal by the tdx Volt that is the target of any invocation, and the Relay payload is encrypted no matter what authentication mode.

Discovery

The Relay tdx Volt provides a discovery function that allows any tdx Volt connected to the Relay to discover the configuration of any other tdx Volt connected to the Relay. A tdx Volt will only participate in this discovery function if it has set ‘discoverable’ on in the tdx Volt settings.

Configuration

The Relay feature is optional and can be switched on and off from the ‘settings’ in the fusebox app.

The tdx Volt may need to be restarted for any Relay configuration change to take effect.