Configuring Reverse Invoke Setup

Edit online

In this scenario, you can configure the threat protection rules in webMethods API Gateway server located in the DMZ. In the webMethods API Gateway instance located in the green zone, you can configure the authentication, authorization, and mediation rules prior to routing the requests to the native API.

The following figure describes how reverse invoke works. The client requests are sent to the webMethods API Gateway instance in DMZ. These requests are present on the registration port. The green zone webMethods API Gateway listens to these requests through the listener port, processes the request through the native service application and responds back to the webMethods API Gateway instance in DMZ. The webMethods API Gateway instance in DMZ responds to the external clients.

Important: A connection between webMethods API Gateway Server in DMZ and the webMethods API Gateway Server in Green zone is available except when a request is being made to the webMethods API Gateway in green zone or a response is being returned from the webMethods API Gateway in green zone. In other words, DMZ webMethods API Gateway connection utilization is I/O bound. Therefore, if you expect large, simultaneous transactions, increase the number of registered connections accordingly.
Reverse invoke

To configure reverse invoke

  1. Configure external and registration ports on webMethods API Gateway in DMZ.
    1. Log on to webMethods API Gateway as an Administrator user.
    2. Expand the menu options icon, in the title bar, and select Administration.
    3. Navigate to Security > Ports.
    4. Click Add ports.
    5. Select API Gateway external option from the Type drop-down menu.
    6. Click Add.
    7. Provide the following information in the API Gateway external listener configuration to configure the External port.
      • External port. Specifies the port number you want to use for the external port.

        Use a number that is not already in use. This is the port that clients connect to through your outer firewall.

      • Alias. Specifies an alias for the port.

        An alias must be between 1 and 255 characters in length and include one or more of the following: letters (a -z, A-Z), numbers (0-9), underscore (_), period (.), and hyphen (-).

      • Description (optional). A description of the port.
      • Protocol. Specifies the protocol to use for this port (HTTP or HTTPS).

        If you select HTTPS, additional security and credential boxes appear for which you have to provide the required values.

      • Bind address (optional). Specifies the IP address to which to bind this port.

        Specify a bind address if your machine has multiple IP addresses and you want the port to use this specific address. If you do not specify a bind address, webMethods API Gateway picks one for you.

      • Backlog. Specifies the number of requests that can remain in the queue for an enabled port before webMethods API Gateway begins rejecting requests.

        The default is 200. The maximum value is 65535.

      • Keep alive timeout. Specifies when to close the connection if the server has not received a request from the client within this timeout value (in milliseconds) or when to close the connection if the client has explicitly placed a close request with the server.

        The default value is 20000ms.

      Note: For more information on ports, see Ports.
    8. If you want to configure m-TLS, select HTTPS in the Protocol field under API Gateway external listener configuration and select one of the following options in the Client authentication field, in the in Security configuration section.
      • Request client certificate. This option requests for a certificate from the client. However, even if the client does not provide a valid certificate, the connection is established.
      • Require client certificate. This option requests for a certificate from the client. If the client does not provide a valid certificate, the connection is not established. If you select this option, you must also configure the following fields in the Listener specific credentials section.
        • Keystore alias. Select a Keystore.
        • Key alias(signing). Select a Key alias.
        • Truststore alias. Select Truststore.
    9. Provide the required information to configure the registration port, in the API Gateway registration listener configuration section.

      The important fields to be configured are Registration port, Alias, and Protocol. For more information on ports, see Ports.

    10. Configure the Keystore alias, Key alias, and Truststore alias fields. in the Listener specific credentials section.
  2. Click Add.
  3. Click the Inactive icon in the Enabled column next to the external and registration ports to enable them.
    The port is enabled and a success message appears.
  4. Execute the following steps in the green zone webMethods API Gateway.
    1. Create an webMethods API Gateway internal port.
    2. Select HTTPS in the Protocol field.
    3. In the API Gateway external server section, type the hostname of the DMZ webMethods API Gateway in the Host field.
    4. Type the port number of the webMethods API Gateway registration port of DMZ webMethods API Gateway in the Port field.
    5. In the Registration credentials section, provide the following information.
      • Keystore alias. Select a Keystore.
      • Key alias(signing). Select a Key alias.
      • Truststore alias. Select Truststore.
  5. Configure the internal port of the webMethods API Gateway in green zone with the registration port of webMethods API Gateway in DMZ.
  6. Configure load balancer URL in the green zone webMethods API Gateway.
    1. Expand the menu options icon, in the title bar, and select Administration.
    2. Navigate to General > Load balancer.

      Provide the configured external server host and port or an external load balancer URL. The API endpoints expose this port for external consumers. If you have a Load Balancer, then the requests from the Load Balancer must be directed to webMethods API Gateway's external port.

      For more information on load balancers, see Clusters and Load Balancers.

  7. Create an API in the internal webMethods API Gateway Server with routing protocol and endpoint as the native API. For more information on how to create APIs, see Creating an API.
  8. You can now access the API by using the URL in the format http://externalserver:externalport/gateway/api-name/resource-path.