Ivanti Cloud Relay

The Ivanti Cloud Relay uses an Ivanti Cloud back-end to make it easier for administrators to enable end-users that work from home to connect their devices to corporate, on-premises Relay Servers.

In Workspace Control environments using Relay Servers, Workspace Control Agents residing on devices outside the corporate firewall do not receive configuration updates from the Datastore unless they are connected to the corporate network through VPN. Using Ivanti Cloud Relay, Workspace Control Agents no longer require a VPN connection to receive the latest Datastore information.

Introduced in Ivanti Workspace Control 2021.2 (version


Workspace Control Agents that reside outside of the corporate network connect to a Relay Server as described in the following scenarios:

  • The Relay Server is part of the corporate network, but not in the DMZ. Workspace Control Agents outside the network connect to the Relay Server only using a VPN connection.

  • The Relay Server is part of the DMZ network. Workspace Control Agents outside the network connect to the Relay Server through an inbound port in the corporate firewall using SSL certificates.

  • The Cloud Relay acts as a tunnel that abstracts the connection between the Workspace Control Agents and the Relay Server. Agents outside the network connect to the Relay Server through the Cloud Relay without requiring an inbound port, certificates or additional infrastructure, except the Cloud Tunnel Adapter installed on-premises.

Ivanti Cloud Relay uses only an outbound connection from within the corporate network to the Internet and, thus, alleviates security concerns about inbound ports in the corporate firewall. This enables Workspace Control Agents outside the corporate network to connect to the on-premises Relay Server.

The Cloud Relay creates a tunnel between the Workspace Control Agents and the on-premises Relay Server that is part of the corporate network. Ivanti Cloud Relay employs the following components:

  • The Cloud Relay Tunnel

  • The Cloud Tunnel Adapter

The Cloud Tunnel Adapter resides within the corporate network and connects directly to both the Relay Server and the Cloud Relay Tunnel (using outbound connections). It passes on requests received from Workspace Control Agents through the Cloud Relay Tunnel connection and returns data from the on-premises Relay Server to the requesting Agents.

(click the image to enlarge it)

Benefits of using Ivanti Cloud Relay

Using Ivanti Cloud Relay offers the following benefits:

  • The Workspace Control Agents connect directly to the Cloud Relay Tunnel and do not require a VPN connection to access the Datastore information.

  • No more inbound connection through the corporate firewall.

  • Ivanti Cloud Relay connections are encrypted using Transport Layer Security (TLS).

  • The Cloud Relay Tunnel is hosted on the Ivanti Cloud. It does not store any information in the Cloud, and thus, there are no associated storage costs or GDPR concerns.

How to acquire Ivanti Cloud Relay

Ivanti Cloud Relay is purchased as a separate SKU. It is not included in the SKU of any Workspace Control module: Composition, Governance or Security. For more details on modules, see Workspace Control Modules.
Please contact your Ivanti Sales representative to acquire a Cloud Relay license.

Cloud Relay is also available as a free trial. Request a trial license at https://www.ivanti.com/products/workspace-control.