Topic
5 replies Latest Post - ‏2013-02-28T04:36:32Z by kenhygh
human_rebody
human_rebody
17 Posts
ACCEPTED ANSWER

Pinned topic Integration of DMZ DataPower & Internal network DataPower

‏2013-02-26T03:19:37Z |
Hi all,

There are 2 DataPower Appliances in the company. One is in DMZ which is used to serve the web services request from the outsider, the other is in the internal network. We will add a firewall rule for the connection between DMZ and internal network.

For a end to end setup for web service call, from a DMZ DataPower to internal network DataPower, do I need to set up the WSP in both of the DataPower? If it is true, is the setup like below?

WS Requestor <-> DMZ DataPower(WSP stored the end point of Internal Network DataPower) <-> Internal Network DataPower(WSP stored the end point of the real backside service provider) <-> WS Provider

Please let me know if my concept is totally wrong. Thanks.

Regards,
Thomas
Updated on 2013-02-28T04:36:32Z at 2013-02-28T04:36:32Z by kenhygh
  • kenhygh
    kenhygh
    1341 Posts
    ACCEPTED ANSWER

    Re: Integration of DMZ DataPower &#38; Internal network DataPower

    ‏2013-02-26T13:52:18Z  in response to human_rebody
    There is no one right answer.

    A lot of places I work would have the DMZ box terminate SSL, and maybe do authentication. It would not know about the services, no more than where to route them on the internal appliance. Probably use an MPGW.

    The internal appliance would 'know' about services, have WSPs with WSDL, so it can do schema validation, perhaps authorization, transformations, etc.

    You can certainly deploy your WSP on both, you would have the benefit of schema validation in the DMZ, at the cost of doing it in both machines.

    Ken
    • human_rebody
      human_rebody
      17 Posts
      ACCEPTED ANSWER

      Re: Integration of DMZ DataPower &#38; Internal network DataPower

      ‏2013-02-26T15:23:32Z  in response to kenhygh
      Hi Ken,

      Is it possible setting up the DMZ DataPower as a proxy which is just used to route all the traffic from client to the internal network DataPower? Do you mean MPGW can serve the purpose? Thanks.

      Regards,
      Thomas
      • kenhygh
        kenhygh
        1341 Posts
        ACCEPTED ANSWER

        Re: Integration of DMZ DataPower &#38; Internal network DataPower

        ‏2013-02-26T18:14:09Z  in response to human_rebody
        That's it exactly.
        • human_rebody
          human_rebody
          17 Posts
          ACCEPTED ANSWER

          Re: Integration of DMZ DataPower &#38; Internal network DataPower

          ‏2013-02-27T09:07:03Z  in response to kenhygh
          Thanks for the confirmation Ken.

          Actually I wanna do a POC for the end to end setup, however the network connectivity is not yet configured. Therefore I would like to clarify by now what I need to do once the network part finished. Could you please help me to verify the items below? Thanks a lot!!!

          1) Create a new MPGW in DMZ dataPower
          2) Type: static-backend, Backend URL: (It should be the WSP of URL of internal network DataPower)
          3) Response Type: Pass-Thru
          4) Request Type: Pass-Thru

          Regards,
          Thomas
          • kenhygh
            kenhygh
            1341 Posts
            ACCEPTED ANSWER

            Re: Integration of DMZ DataPower &#38; Internal network DataPower

            ‏2013-02-28T04:36:32Z  in response to human_rebody
            That should work