I am planning to setup communication between two Datapower boxes(A & B) in a way that for a particular application D/P(A) is connected to D/P(B).
D/P (A) would be the entry point of the requests and D/P (B) which provide access to internal services would be contacted by D/P(A) to service the request.
I need to make sure the D/P(B) will only accept request from D/P(A) -
Please provide some insight which would be a better and effective solution.
1. Implement two way SSL between D/P(A) and D/P(B) - with D/P(B) in Reverse mode, but I dont want to block hardwire D/P(B) only to accept D/P(A)s client certificate on port 443. As D/P(B) and the services it facades can be accessed by other application directly on 443.
2. I am planning to set up username token between D/P(A) and D/P(B) - Any idea how can this be implemented of would it really be a right approach with considering the performance issues of WS-Policy.
3. Any other approach ?