Establish a data relay connection(建立数据中继连接)¶
A data relay connection enables Enrollment administrators to exchange data between two enrollments over an existing cross-domain solution (CDS) instead of over a direct network connection. Like a Multipass exchanger (MPX) connection, a data relay connection serves as a prerequisite to creating a peer connection.
:::callout{theme="neutral"} Use a data relay connection when no direct network connection is available between the two enrollments, meaning you must use an existing CDS to exchange data. If a network connection is available between the two enrollments, establish an MPX connection instead. :::
In Peer Manager, you can establish a data relay connection by configuring one or more CDS channels per remote enrollment. Each channel routes data in a single direction (Export or Import) through one type of CDS transport, such as a shared file directory, an HTTP endpoint, an S3 bucket, or a Lattice ↗ service. The instructions in the sections below outline actions an Enrollment administrator on each enrollment must take to establish the connection.
Coordinate CDS channel details with the remote administrator¶
Before either Enrollment administrator creates a channel, coordinate the following with the remote enrollment's administrator so that the CDS channels on each side of the connection match:
- Direction of each channel: Each channel sends data in one direction only. To export data from
Enrollment AtoEnrollment B, the administrator onEnrollment Acreates an Export channel and the administrator onEnrollment Bcreates an Import channel. To send data in both directions, both administrators create a matching pair of Export and Import channels. - Connection type: Both sides of a channel must use the same connection type. For example, if the exporting side uses HTTP, the importing side must also use HTTP. The available connection types are:
- File: The exporting side writes data as files to a directory, and the importing side reads from that directory.
- HTTP: Data is sent over the network. This option also supports any CDS that can be configured to pass through HTTP requests.
- S3: The exporting side writes data to an S3 bucket, and the importing side reads from the bucket and removes the files after processing.
- Lattice: Both sides connect to a Lattice service URI using either Kubernetes service account authentication or a static token.
- Channel secret (optional): If the exporting side signs outgoing payloads with a secret, the importing side must register the same secret to validate the incoming payloads.
- Remote enrollment RID: Each administrator must provide the other enrollment's RID when creating their channel. Locate the enrollment RID using the Get Current Enrollment endpoint in the Foundry API or by navigating to Control Panel and sourcing the RID from the URL:
https://{FOUNDRY_URL}/workspace/control-panel/enrollment/{ENROLLMENT_RID}/home.
Create a CDS channel¶
After you coordinate the CDS channels with the other administrator, follow the steps below on your enrollment to create each CDS channel that you are responsible for:
- In Peer Manager, open the Network connections tab.
- In the Send data across a CDS section, select New CDS channel for Peer Manager to route you to the New channel page.
- Fill in the Channel details section:
- Channel name: A name to identify the channel.
- Channel description (optional): A short description of the channel's purpose.
- Remote enrollment RID: The RID of the enrollment on the other side of the channel.
- Channel secret (optional): A secret used to sign outgoing payloads or validate incoming payloads. The secret must match on both sides of the channel.
- Channel to override (optional): The name of a read-only channel that this channel will override.
- Direction: Select Export if this channel sends data to the remote enrollment or Import if this channel receives data from the remote enrollment.
- Review the Guard configuration section. For Export channels, you must set a Schema version that is compatible with your CDS, as accepting the default may cause channel creation to fail.
- Select the data types the channel carries in the Integrations section from the available options:
- Peering: Routes the control plane traffic that the two enrollments use to coordinate peer connections and peering jobs over the channel. You must select this integration to use the channel as the underlying transport for a peer connection.
- Chat: Routes cross-enrollment chat messages between users on the two enrollments.
- Geotime: Routes geotemporal data, such as positions and tracks, between the two enrollments.
- Heartbeat: Routes periodic heartbeat signals across the channel so each enrollment can detect whether the channel is reachable and operating normally.
- Optionally toggle Peer media sets if you need to configure an additional pipe to transfer binary data from media sets to or from the secondary CDS channel that supports binary files.
- Select a Connection type that matches what the other administrator selected in the Channel configuration section and fill in the corresponding configuration fields for that transport.
- Select Save changes to create the channel, which will appear in the CDS channels table in the Network connections tab.
If you need to send data in both directions, repeat the steps above to create a second channel with the opposite direction.
Next steps¶
After both administrators create their matching CDS channels and confirm the channels are healthy, you can return to Peer Manager to create a peer connection that uses the data relay channels. From the Network connections tab in Peer Manager, you can view and manage the CDS channels associated with the remote enrollment.
中文翻译¶
建立数据中继连接¶
数据中继连接(data relay connection)使注册管理员(Enrollment administrators)能够通过现有的跨域解决方案(CDS,cross-domain solution)在两个注册(enrollments)之间交换数据,而无需通过直接网络连接。与多通交换器(MPX,Multipass exchanger)连接类似,数据中继连接是创建对等连接(peer connection)的先决条件。
:::callout{theme="neutral"} 当两个注册之间没有直接网络连接时,请使用数据中继连接,这意味着您必须使用现有的CDS来交换数据。如果两个注册之间存在网络连接,请改用建立MPX连接。 :::
在Peer Manager中,您可以通过为每个远程注册配置一个或多个CDS通道(CDS channels)来建立数据中继连接。每个通道通过一种CDS传输方式(如共享文件目录、HTTP端点、S3存储桶或Lattice ↗服务)在单一方向(导出(Export)或导入(Import))上路由数据。以下各节中的说明概述了每个注册上的注册管理员为建立连接必须执行的操作。
与远程管理员协调CDS通道详情¶
在任一注册管理员创建通道之前,请与远程注册的管理员协调以下事项,以确保连接两侧的CDS通道匹配:
- 每个通道的方向: 每个通道仅单向发送数据。要将数据从
注册A导出到注册B,注册A的管理员创建导出通道,注册B的管理员创建导入通道。要双向发送数据,双方管理员都需要创建一对匹配的导出和导入通道。 - 连接类型: 通道两侧必须使用相同的连接类型。例如,如果导出端使用HTTP,导入端也必须使用HTTP。可用的连接类型包括:
- 文件(File): 导出端将数据作为文件写入目录,导入端从该目录读取数据。
- HTTP: 数据通过网络发送。此选项也支持任何可配置为传递HTTP请求的CDS。
- S3: 导出端将数据写入S3存储桶,导入端从存储桶读取数据并在处理后删除文件。
- Lattice: 双方使用Kubernetes服务账户认证或静态令牌连接到Lattice服务URI。
- 通道密钥(Channel secret)(可选): 如果导出端使用密钥对传出负载进行签名,导入端必须注册相同的密钥以验证传入负载。
- 远程注册RID: 每个管理员在创建通道时必须提供对方注册的RID。使用Foundry API中的获取当前注册(Get Current Enrollment)端点,或导航到控制面板并从URL中获取RID:
https://{FOUNDRY_URL}/workspace/control-panel/enrollment/{ENROLLMENT_RID}/home。
创建CDS通道¶
与对方管理员协调好CDS通道后,请按照以下步骤在您的注册上创建您负责的每个CDS通道:
- 在Peer Manager中,打开网络连接(Network connections)选项卡。
- 在通过CDS发送数据(Send data across a CDS)部分,选择新建CDS通道(New CDS channel),Peer Manager将引导您进入新建通道(New channel)页面。
- 填写通道详情(Channel details)部分:
- 通道名称(Channel name): 用于标识通道的名称。
- 通道描述(Channel description)(可选):简要描述通道的用途。
- 远程注册RID(Remote enrollment RID): 通道另一侧注册的RID。
- 通道密钥(Channel secret)(可选):用于签名传出负载或验证传入负载的密钥。通道两侧的密钥必须匹配。
- 要覆盖的通道(Channel to override)(可选):此通道将覆盖的只读通道名称。
- 方向(Direction): 如果此通道向远程注册发送数据,选择导出;如果此通道从远程注册接收数据,选择导入。
- 查看防护(Guard)配置部分。对于导出通道,您必须设置与您的CDS兼容的模式版本(Schema version),因为接受默认值可能导致通道创建失败。
- 在集成(Integrations)部分,从可用选项中选择通道承载的数据类型:
- 对等连接(Peering): 路由两个注册用于协调对等连接和对等作业的控制平面流量。要使用该通道作为对等连接的底层传输,必须选择此集成。
- 聊天(Chat): 在两个注册的用户之间路由跨注册聊天消息。
- 地理时间(Geotime): 在两个注册之间路由地理时间数据(geotemporal data),如位置和轨迹。
- 心跳(Heartbeat): 通过通道定期路由心跳信号,以便每个注册能够检测通道是否可达且正常运行。
- 如果需要配置额外的管道以将二进制数据从媒体集(media sets)传输到支持二进制文件的辅助CDS通道,可选择切换对等媒体集(Peer media sets)。
- 选择与对方管理员在通道配置(Channel configuration)部分选择的连接类型(Connection type)相匹配的类型,并填写该传输方式对应的配置字段。
- 选择保存更改(Save changes)以创建通道,该通道将出现在网络连接选项卡的CDS通道表中。
如果您需要双向发送数据,请重复上述步骤创建方向相反的第二个通道。
后续步骤¶
双方管理员创建匹配的CDS通道并确认通道运行正常后,您可以返回Peer Manager创建使用数据中继通道的对等连接。在Peer Manager的网络连接选项卡中,您可以查看和管理与远程注册关联的CDS通道。