This is the central server that will define configuration for the nodes it manages. You generally need to install only one root server, except if you have completely separated environments where each environment requires its own server.
The machines managed by Rudder are called nodes, and can be any type of machine (physical, virtual, cloud instance, container, etc). For a machine to become a managed Node, you need to install the Rudder agent on it. The agent will run a local inventory and register itself to the root server. Then, you can accept the node in the Rudder root server interface for it to become a managed node.
Relay servers can be added to Rudder, for example to manage a DMZ or to isolate specific nodes from the main environment for security reasons.
Relay server’s purpose is to solve a simple problem: sometimes, one would want to manage multiple networks from Rudder, without having to allow all the subnet access to the other for security reasons. A solution for this would be to have a kind of "Rudder" proxy that would be relaying information between the subnet and the main Rudder server. This is the reason relay servers were created.
Using a relay, you are able to:
Separate your Rudder architecture into separate entities that still report to one server
Prevent laxist security exceptions to the Rudder server