Hi, First, I'd recommend grabbing the 2.5 beta release on labs which supports this deployment more naturally than the 2.0.1 release.
If you're using HTTP based channels you'd want to define your channel definition like so: <channel-definition id="my-secure-http" class="mx.messaging.channels.SecureHTTPChannel"> <endpoint url="https://{ip for your BIG-IP}" class="flex.messaging.endpoints.HTTPEndpoint" /> ... The server-side endpoint class is HTTPEndpoint (non-secure) but the client-side channel class is SecureHTTPChannel and the endpoint url that is compiled into the swf is secure (https). The endpoint url needs to point to your accelerator and that in turn needs to connect back to the proper FDS url. If you're using RTMP, you'd want a channel definition like: <channel-definition id="my-rtmps" class="mx.messaging.channels.SecureRTMPChannel"> <endpoint url="rtmps://{ip and port on your BIG-IP that is configured to do TCP pass through}" class="flex.messaging.endpoints.RTMPEndpoint"/> <properties> <bind-address>...</bind-address> <bind-port>...</bind-port> </properties> ... You use <bind-address> and <bind-port> to specify the IP and port that the server-side RTMP endpoint will listen for RTMP connections on. The IP and port values in the endpoint url string will reference your accelerator, and after the SSL handshake it will need to do TCP pass through back to the bind-address and bind-port that FDS is configured to use. HTH, Seth ________________________________________ From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of box110a Sent: Tuesday, March 27, 2007 9:03 AM To: [email protected] Subject: [flexcoders] FDS sitting behind SSL accelerator We're working on our production environment design and would like to put FDS behind an SSL accelerator (H.A.) like nCipher's nFast or a BIG-IP server. We haven't purchased any hardware yet, so a proof of concept will require something like apache/mod_jk/mod_ssl. Has anybody had any success doing this with FDS. What I can't figure out is how do I set up my data-managment-config.xml destination channels? If my FDS server is sitting in the DMZ talking plain text, how do I get my clients to talk SSL if they are compiled (by FDS) if they're using the same config files? so It should look like this: [client] -ssl-> [H.A. & passthrough to DMZ] -plain text-> FSD any thoughts?
