AnsweredAssumed Answered

Questions about hybrid implementation

Question asked by daniele_tonna on Dec 15, 2017

Hi community,
one of our Customer is going to adopt a hybrid implementation of CA API Managment SaaS (with the API Portal SaaS and the API Gateway on-premises).

The on-premises API Gateway will be exposed to internet using a reverse proxy (acting as load balancer too). The reverse proxy/load balancer will be in a DMZ network and therefore behind a firewall. Considering the scenarion just described I have a couple of question about.

  • Q1. Can the communication between API Portal SaaS and API Gateway on-premises occur through the reverse proxy/load balancer or must exists a "direct channel" between API Portal SaaS and API Gateway on-premises?
  • Q2. I know that in a deployment without API Portal the reverse proxy/load balancer exposing the API Gateway can be configured to porform "port translation" (i.e. reverse proxy/load balancer will expose port 443 and it will forward the traffic to API Gateway on-premises on port 8443). Is this configuration "supported" for a deployment with API Portal SaaS too?
  • Q3. In order to implement the proper firewall rules which ports will be used in the communication between API Portal SaaS and API Gateway on-premises?

 

Thanks in advance,
Daniele

Outcomes