Accessing the RelativityOne backend

To access RelativityOne backend resources, use the information and procedures provided in this topic.

RelativityOne VPN ports

The following ports must be opened on user machines and/or firewalls for the GlobalProtect VPN to use when accessing file data in RelativityOne.

Destination Port Protocol Description
443 TCP Used for communication between GlobalProtect agents and portals, or GlobalProtect agents and gateways and for SSL tunnel connections. GlobalProtect gateways also use this port to collect host information from GlobalProtect agents and perform host information profile (HIP) checks.
4501 UDP Used for IPSec tunnel connections between GlobalProtect agents and gateways.

To ensure that concurrent transfers can occur, you must make firewall changes to allow outbound connections to the server on TCP port 443, which is required to be opened to the [customerinstance].relativity.one endpoint for login.

The opening of the required ports for the Windows firewall are typically handled on the end-user's machine. However, if you use any third party firewalls, you must manually open the ports referenced above. Improperly configured ports and/or a lack of UDP port ranges result in transfer failures.

For more information, contact Relativity Support.

You can test the TCP port connection by running the following commands in Windows Powershell:

  • Test-NetConnection -ComputerName [FQDN] -Port 33001

For more information on FQDN, refer to the list of FQDN in the Firewall privacy considerations section

Connecting to your VPN network

The first step in accessing the RelativityOne data directly is connecting to RelativityOne via your GlobalProtect VPN connection. Your GlobalProtect VPN is used to access back-end components of your RelativityOne environment.

Your VPN enables a secure connection between your computer and resources on your Relativity instance's network. The following resources are available when you connect to the GlobalProtect VPN client:

For Sandbox environments, you can access the following back end resources via the VPN:

For more information on how to connect to your VPN client, see GlobalProtect VPN client.

Once connected to the VPN, you can connect to the Accessing the RelativityOne backend or Connecting to Utility Server.

Connecting to Utility Server

Note: This functionality is not currently available for FedRAMP customers / government entities.

The Utility Server is a virtual machine that can optionally be connected to your RelativityOne instance. It contains additional support tools to help you work with data in your RelativityOne staging area before editing and loading it into your RelativityOne instance. You access your Utility server through a remote desktop connection, using an issued set of credentials and a custom IP address.

Once you are connected to your Utility Server, you can perform the following actions:

  • Access a mapped drive for the file share (TenantUser accounts) - access your uploaded files to edit in the staging area before you add them to your RelativityOne workspaces or save them to a RelativityOne file storage location. You can also access and verify any production sets before you download them locally.
  • Install applications - if you have TenantAdmin access you can install applications
  • Manage user administration - if you have TenantAdmin access and have Terminal Services licensed on the computer you can manage user administration yourself.

Note: It's not recommended to store files on your Utility Server. If your Utility Server becomes inaccessible, you will lose the files you stored.

Note: Direct SQL Access on the Utility Server is not supported.

Complete the following actions to connect:

  1. If you haven't already, connect to the Global Protect VPN using the credentials provided.
  2. After you have connected to the VPN client, open the ZIP file you downloaded, and then open the Credentials text file to view your provided Utility Server credentials.
  3. Launch the Windows Remote Desktop Connection tool.
  4. When the Windows Remote Desktop Connection window appears, enter the IP address provided via the Credentials file in the Computer field.
  5. Click Connect.
  6. Enter the Username and Password (provided in the Credentials text file) when prompted, and then click OK.
  7. When prompted again, enter your TenantUser, TenantUser2, or TenantAdmin (by request only) Utility Server credentials, and then click OK.

Note: For added security, change your password after you log in. We recommend changing the password every 90 days.

You have successfully logged into the RelativityOne Utility Server.

The Utility Server comes pre-loaded with the following tools:

  • Notepad++—to correct any errors in load files or other data editing needs.
    Notes:
  • You can install Microsoft Office using your own license to correct any errors in load files or other, more robust data editing needs.
  • You can add other minor third-party tools to perform file manipulations. If your Utility Server becomes inaccessible, we will issue you a new Utility Server.

Note: Relativity does not install any third party or custom applications on customer utility servers. You must re-install any custom applications if you're issued a new Utility Server.

See Utility Server for more information.

Connecting to Direct SQL

Note: Direct SQL access is not included automatically with your RelativityOne subscription, and must be requested by contacting your customer success manager or implementation specialist.

In addition to querying and manipulating data through Relativity's suite of API's, administrators and developers can extend the power of the Platform even further by directly querying the SQL database. This is an important aspect of the Platform that you may be accustomed to using in your Relativity Server deployment, and something you can also take advantage of in RelativityOne. You can run Relativity Scripts in your RelativityOne instance, and you can also run SQL scripts in SQL Server Management Studio (SSMS) directly against your Relativity databases. Direct SQL can be used for situations that require running custom reports, Relativity scripts, or running commands directly in SQL Server Management Studio against your RelativityOne database.

You will be provided with one TenantAdmin account that you can use to create additional accounts with the limited permissions that you specify.

Note: You do not receive access to the physical server, you are only able to access SQL via the SQL Management Studio. No additional infrastructure components (certificates, etc.) are required for the access - only the VPN connection and SQL Server Management Studio.

To connect to Direct SQL using SQL Server Management Studio:

  1. Download the latest version of SQL Server Management Studio version (see Microsoft's SSMS download page) to the local machine or server that has the VPN connection.
  2. Connect to the GlobalProtect VPN.
  3. Use the server name and credentials received from Support to connect to the primary SQL server using SQL Server Management Studio from your local machine. When connecting via SQL Server Management Studio, add the the following additional connection string parameters on the Additional Connection Parameters tab:
    multisubnetfailover=true;trustservercertificate=true
    Note that the values are all lower case without spaces, and are separated by a semicolon.
    Connect to SQL Server
  4. To access RelativityOne databases, refer to the SQL server coding considerations section in the RelativityOne developer considerations page on the Platform site. This page contains information on the following:
    • Access to SQL servers and databases
    • SQL Server query resiliency
    • Direct SQL access and location considerations, including how to return a list of SQL instances and instance values

Note: You are required to change the password on the first connection to your EDDS SQL Server instance and must manage these passwords internally. See SQL tenant admin operations overview on the Platform site.

See Direct SQL access.