INFRA Environment

The INFRA environment is the core of every Reemo instance. It gathers all the essential micro-services required for the platform to operate and provides the main functions: access management, user interface, internal orchestration, and data storage.

This environment is mandatory, regardless of the chosen usage mode (Remote Desktop or Reemo Containers). It can run independently or be combined with other environments (PROVISION, RELAYWS) depending on needs and enabled licenses.

Main Components

The INFRA environment is composed of several specialized micro-services, each with a specific role in the architecture:

  • Traefik: front-end service responsible for SSL termination (user, desktop, and container certificates) and routing to the correct micro-services.

  • Portal: user interface accessible from the browser.

  • Signal: service for registering and managing Reemo agents installed on computers and containers.

  • API: the core system, centralizes and processes all application requests.

  • APICRON: scheduler for recurring tasks.

  • APICRONLOG: manages log rotation and archiving in the database.

  • APICRONLDAP: scheduled synchronization with LDAP directories.

  • PROAPI: communication with container provisioning platforms (Reemo Containers).

  • PRORELAYAPI: communication with relay platforms (WebSocket connection mode).

  • MySQL: central database of the instance.

  • STUN: independent service used by WebRTC protocol for NAT traversal.

  • EXIM (optional): email sending server.

  • HAProxy: network gateway used in linking two clusters (e.g. Portal → API or API → Provision).

Deployment Modes

Reemo offers two main approaches for deploying the INFRA environment:

  • a simple cluster mode: suited for contexts where perimeter security is already handled by the internal network. Quick to deploy, all-in-one, ideal for testing or internal use.

  • a multi-cluster (DMZ) mode: ensures strict separation between the exposed zone (user access) and the core zone (API and database). Enforces strict network segmentation, more secure, recommended for production.

Simple Cluster Mode

In this mode, all INFRA micro-services are grouped on a single server.

This includes: the Traefik front-end, the Portal, the Signal service, the API, the scheduling services (APICRON, APICRONLOG, APICRONLDAP), and the database.

This deployment is easy to set up and recommended for:

  • testing and development environments,

  • internal installations where the cluster is not directly exposed to the Internet,

  • organizations with network security policies already enforced upstream (firewall, external reverse proxy).

../../_static/images/infra/serveur_infra.png

Simple Cluster Mode: all micro-services grouped on a single server.

Multi-Cluster Mode (DMZ)

The multi-cluster mode (with DMZ) introduces strict separation between two zones:

  • Portal Server (DMZ):

    • Hosts the micro-services accessible by end users: Traefik, Portal, Signal.

    • Includes HAProxy, acting as a secure proxy to the internal API cluster.

    • This zone is exposed to the Internet and must be protected by DMZ rules.

  • API Server (Internal):

    • Hosts the API, Provision API, Relay API, and scheduling services (APICRON, APICRONLOG, APICRONLDAP).

    • Also contains the database.

    • This zone is not directly accessible from the Internet, ensuring enhanced security.

Advantages:

  • Clear separation between public exposure and critical data.

  • Reduced attack surface on the API and database.

  • Suitable for sensitive production environments (banks, government, companies subject to strict security standards).

../../_static/images/infra/serveur_infra_multi.png

Multi-Cluster Mode (DMZ): strict separation between the DMZ front-end and the internal API.