There are 2 DataPower Appliances in the company. One is in DMZ which is used to serve the web services request from the outsider, the other is in the internal network. We will add a firewall rule for the connection between DMZ and internal network.
For a end to end setup for web service call, from a DMZ DataPower to internal network DataPower, do I need to set up the WSP in both of the DataPower? If it is true, is the setup like below?
WS Requestor <-> DMZ DataPower(WSP stored the end point of Internal Network DataPower) <-> Internal Network DataPower(WSP stored the end point of the real backside service provider) <-> WS Provider
Please let me know if my concept is totally wrong. Thanks.
Pinned topic Integration of DMZ DataPower & Internal network DataPower
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2013-02-28T04:36:32Z at 2013-02-28T04:36:32Z by kenhygh
Re: Integration of DMZ DataPower & Internal network DataPower2013-02-26T13:52:18ZThis is the accepted answer. This is the accepted answer.There is no one right answer.
A lot of places I work would have the DMZ box terminate SSL, and maybe do authentication. It would not know about the services, no more than where to route them on the internal appliance. Probably use an MPGW.
The internal appliance would 'know' about services, have WSPs with WSDL, so it can do schema validation, perhaps authorization, transformations, etc.
You can certainly deploy your WSP on both, you would have the benefit of schema validation in the DMZ, at the cost of doing it in both machines.
Re: Integration of DMZ DataPower & Internal network DataPower2013-02-26T15:23:32ZThis is the accepted answer. This is the accepted answer.
- kenhygh 120000PD1B
Is it possible setting up the DMZ DataPower as a proxy which is just used to route all the traffic from client to the internal network DataPower? Do you mean MPGW can serve the purpose? Thanks.
Re: Integration of DMZ DataPower & Internal network DataPower2013-02-27T09:07:03ZThis is the accepted answer. This is the accepted answer.
- kenhygh 120000PD1B
Actually I wanna do a POC for the end to end setup, however the network connectivity is not yet configured. Therefore I would like to clarify by now what I need to do once the network part finished. Could you please help me to verify the items below? Thanks a lot!!!
1) Create a new MPGW in DMZ dataPower
2) Type: static-backend, Backend URL: (It should be the WSP of URL of internal network DataPower)
3) Response Type: Pass-Thru
4) Request Type: Pass-Thru