Configure Ivanti Cloud Relay

From the Workspace Control Console, the following Ivanti Cloud Relay setting can be configured:

Rotating Cloud Relay Agent and Cloud Tunnel Adapter registration keys is useful when a company's security policies require administrators to periodically change the keys, or when a security breach has occurred.

Select the Rotate keys button to renew (rotate) Cloud Relay registration keys. This process generates new registration keys and then overwrites the keys that are currently in use.


(click the image to enlarge it)

Ensure to update the registration keys in other locations where they are used, such as deployment scripts.

When Workspace Control Agents connect to the Ivanti Cloud Relay infrastructure, they need to pass an authorization process. This process can be automatic or manual.

If the authorization process is automatic, then any Workspace Control Agents configured to connect to the Cloud Relay infrastructure are permitted to do so. To enable the automatic authorization of Workspace Control Agents, select the Enable agents by default option from the Settings tab.


(click the image to enlarge it)

If the authorization process is manual, then any Workspace Control Agents configured to connect to the Cloud Relay infrastructure are able to register with the Cloud Relay, but are not allowed to connect and communicate. To manually authorize Workspace Control Agents that are registered with the Cloud Relay, go to the Agents tab. Select the desired Workspace Control Agents from the list and then select Enable.


(click the image to enlarge it)

Use the Search button while the search field empty to refresh the list of Workspace Control Agents.

To temporarily suspend Workspace Control Agents from connecting to the Cloud Relay, select the desired Agent(s) and then select Disable.

To permanently remove Workspace Control Agents from the Cloud Relay environment, select the desired Agent(s) and then select Delete.

Depending on your company's network security policies, you may need to change the default ports used by the Ivanti Cloud Relay. For example, if the company's firewall security rules block traffic across the default ports, they can be changed to values that are already allowed by the firewall.

Under the Settings tab, the following are the listening ports used by the Ivanti Cloud tenant to manage Cloud Relay traffic:

  • Agents — This outbound port is used by Workspace Control Agents to connect to the Cloud Relay.

    Default port: 1942

  • Cloud Adapter (control) — This port is used for control purposes by the Cloud Tunnel Adapter for the outbound connection to the Cloud Relay backend.

    Default port: 8080

  • Cloud Adapter (data) — This port is used by the Cloud Tunnel Adapter for the outbound connection to the Cloud Relay backend for data transfer between Workspace Control Agents and the Relay Server.

    Default port: 443


(click the image to enlarge it)

The ports can be configured to other values by administrators. When the ports are changed, the configuration of the Cloud Relay backend is automatically updated and all Workspace Control Agents and Cloud Tunnel Adapters automatically start using the new settings.

Changes to Cloud Relay ports can take several minutes to take effect in the Cloud Relay backend. Until this process is complete, further port changes cannot be made.