On 22.09.2016 13:32, Timothy Ward wrote:
On 22 Sep 2016, at 12:16, Christian Schneider wrote:
There is one thing I am missing in your description. How do you configure the
proxy server that provides the secure endpoint? I think the typical production
approach will
> On 22 Sep 2016, at 12:16, Christian Schneider wrote:
>
> I think the model I described can be more secure as only the proxy needs
> access to the intranet but I clearly see the need for both approaches as you
> correctly stated that my approach is more complex.
>
>
I think the model I described can be more secure as only the proxy needs
access to the intranet but I clearly see the need for both approaches as
you correctly stated that my approach is more complex.
I agree about the proposed changes in Topology Manager and zookeeper
discovery. They should
Hi Christian,
This is very nearly the approach that I suggested, but it adds an additional
zone into the mix which I think is unnecessary, and I feel that hides the fact
that exactly the same security concerns exist with it.
In the layout that you’ve drawn the backend server publishes a
So lets think about a practical example. We want to expose a REST
service that is visible to the inside via its direct url on the server
that exposes the service and also via a proxy server where this service
will have a different url.
So the server side topology manager would detect that the
Hi Christian,
From an RSA perspective this is a Topology Management issue, not a discovery
issue. Services should be exposed by the Distribution Provider with multiple
ExportRegistrations (and hence multiple EndpointDescriptions), one for the
“internal” URL and one for the “proxied” URL The
I just had a discussion with Panu Hämäläinen about the DiscoveryPlugin
mechanism.
See https://issues.apache.org/jira/browse/ARIES-1613 and
https://issues.apache.org/jira/browse/ARIES-1614 .
What he needs is to have two zones of services, a backend zone and a
frontend zone.
The (or some)