Deploying Biztalk Web Service to DMZ

一笑奈何 提交于 2019-12-22 12:53:00

问题


We have a DMZ with an IIS Web Server, and BizTalk 2009 on a LAN.

I'd like to know what is the best way to deploy a BizTalk Web Service so that it is publicly accessible on the Internet, but inline with security best practices.

Should we deploy the BizTalk-generated Web Service to the IIS box?

Should we host the Web Service on the BizTalk box and expose BizTalk to the world (for specific ports and specific external IP's only)?

Should we use IIS as a reverse proxy and host the Web Service on BizTalk?

Any guidance much appreciated.


回答1:


I would seriously think about separating the web service from the BizTalk architecture and not use the built in published web service in a DMZ setting. Create a web service on its own and allow that to façade the actual BizTalk web service and just punch a hole in the firewall allowing the connection into the BizTalk web service. Take a look here.




回答2:


One option is deploy the services internaly using BizTalk but connect them to the Azure Service Bus and use that to expose them to the outside world. BizTalk WCF support the relay bindings used for communication with the service bus.

Once setup it should be less to worry about (except the Azure bill I guess ;)) but it also ties nicely in with the Access Control giving you fine grained access control to who can do what etc.




回答3:


Adding to Bryan comment, This can be done in a very straight forward way using WSO2 Cloud Services gateway (CSG). What needs to be done is, deploy a CSG outside the firewall ( probably in a DMZ) and publish your service on to it. and thats it.

For more information check out: http://wso2.com/cloud/connectors/services-gateway



来源:https://stackoverflow.com/questions/4653345/deploying-biztalk-web-service-to-dmz

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!