I am looking to set up web services on an app server in one MarkLogic cluster
that will be called by another app server in a different MarkLogic cluster. I
would like to set it up so that the servers are configured to only accept
connections from each other.
The connections will not be ad hoc so I would prefer to install certs or public
keys for all apps on all the clusters. I would rather not have to log into the
remote cluster all the time but let the servers trust the connections to the
other servers, and let each server handle it's own user authentication, but yet
have a trusted connections to remote servers.
The communication will be going "out in the wild" so I can't secure the
networking connection (as with a VPN) between the servers so I'll need to use
SSL for the protocol. This does not need to be an extremely fast connection
because it's more of a command and control scenario, and each cluster will
operate independently from each other and just periodically pass data and
commands back and forth. The web service is what exposes the interaction
between them, and not anything lower level like data replication.
So my questions are:
1. How do I set up one App Server (listening for web service requests) to only
accept requests from previously configured remote clients and which are using
the correct certs\keys?
2. How do I code the client side call in XQuery to pass the appropriate
certs\key info to the other server and reject the connection if the server has
the wrong certs\keys?
I know how to set up SSL on a server when a browser is involved, but I'm not
real clear how to do this when another MarkLogic app server is involved as the
client. I tried setting something up but both the server and client seem to
accept any connection and any certs so I don't think I'm doing it securely
enough.
thanks,
-Ryan
_______________________________________________
General mailing list
General@developer.marklogic.com
http://developer.marklogic.com/mailman/listinfo/general
