| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Exposing Message Broker based Web Service to Internet |
« View previous topic :: View next topic » |
| Author |
Message
|
| ruimadaleno |
 Posted: Thu May 08, 2014 8:49 am Post subject: Exposing Message Broker based Web Service to Internet |
 |
|
Master
Joined: 08 May 2014
Posts: 274
|
Hi all,
in my company several web services where developed in message broker 8.0.03
These services are consumed by internal applications/systems.
The challenge for the future is to expose this services to our clients/suppliers througth the internet/VPN, so i'm writing this post to get help from the forum on how to achieve this goal.
i'm looking for information on configuration, best practices, available options to expose web services developed in message broker to third party's throughout the internet.
Best regards
Rui Madaleno |
|
| Back to top |
|
 |
| Vitor |
| Posted: Thu May 08, 2014 9:20 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
There's no conceptual difference between externally exposing a web service provided by WMB and exposing a web service provided (for example) by WAS.
All of the challenges (security, protection against DDoS, uptime, controlling new versions, etc, etc) are the same and so are the various solutions you can deploy. As with any web service, the correct mix of solutions is entirely dependant on your individual challenges.
There's a wealth of material on the Internet about hardening your web services.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| ruimadaleno |
| Posted: Fri May 09, 2014 12:56 am Post subject: |
|
|
Master
Joined: 08 May 2014
Posts: 274
|
| Vitor wrote: |
There's no conceptual difference between externally exposing a web service provided by WMB and exposing a web service provided (for example) by WAS.
All of the challenges (security, protection against DDoS, uptime, controlling new versions, etc, etc) are the same and so are the various solutions you can deploy. As with any web service, the correct mix of solutions is entirely dependant on your individual challenges.
There's a wealth of material on the Internet about hardening your web services. |
I Vitor,
thank you for your answer. I understand that , conceptually, there is no difference exposing a web service provided by WAS or Broker.
My goal is to search for best practices on how to achieve this, starting by planning the architecture to expose these services.
Some questions i'm looking for examples/best practices/patterns.
Should i expose broker machine directly to internet ? of course not .. it must have some kind of proxy/reverse proxy in the middle - Any good documents on this configurations ?
Should i create a dedicated execution group to hold this services ? should i put this services on a tottaly separated machine ?
can you point me some documentation on this subjects so i can start to build knowledge on it ?
Best regards
Rui Madaleno |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Fri May 09, 2014 4:42 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
One of the typical architectures of your requirement is satisfied by the use of a DATAPOWER appliance in your DMZ.
Look up the documentation on the product and see if this is what you need. 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| Vitor |
| Posted: Fri May 09, 2014 4:43 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| ruimadaleno wrote: |
| Should i expose broker machine directly to internet ? of course not .. it must have some kind of proxy/reverse proxy in the middle - Any good documents on this configurations ? |
Yes - the Internet is full of them. You can put an Apache server out front, IPT, a DataPower appliance, etc, etc, etc. As I say above, the "best" practice is the best practice for your specific needs.
| ruimadaleno wrote: |
| Should i create a dedicated execution group to hold this services ? should i put this services on a tottaly separated machine ? |
Would you use a dedicated WAS server to host web services that are externally facing? If yes, use a dedicated broker machine. If no, use the combined machine. It's the same decision process and includes such points as level of isolation needed, control of code on separated machines and traffic flow control.
Use of an external execution group is more about traffic on the broker machine than internal or external exposure. There are several use cases where even if all of your web services are consumed internally, you'd split them across different execution groups.
| ruimadaleno wrote: |
| can you point me some documentation on this subjects so i can start to build knowledge on it ? |
Ask Mr Google. Seriously. There's more stuff out there than I can reasonably list.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| ruimadaleno |
| Posted: Tue May 13, 2014 12:54 am Post subject: |
|
|
Master
Joined: 08 May 2014
Posts: 274
|
Thank you all for your reply's
fjb_saper: I'm aware of datapower capabilities, but the €uros it requires are out of my company budget 
Vitor:I've asked mr google for this topic but the results, documentation, etc are so much i could not get a decent document to read, so , i decided to ask for help here in the group to get a first filter on documentation or get some pointers to good documents discovered/read by other forum members.
Best regards
Rui Madaleno |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
