I created the secure gateway in my space and connected it to the client on my laptop (Mac Installer), I also created the destination (localhost, port 3000, TCP), now I need to create some APIs with API Management service but I am not able to see the APIs deployed in My laptop form the APIM Service.
Do I Need to configure something special to be able to connect it to my local APIs? I also need to do the same for some SOA services with WSDL.
Any help or info about how to configure this connections will be really appreciated.
Thank you very much!
#Luis Florez
Please see the section Importing or composing APIs in the page
https://www.ng.bluemix.net/docs/services/APIManagement/index.html
and it will provide some pointers to expose APIs in API management service.
Related
I'm sure this is a very basic question, but I have been spending a lot of time on it and have not found a clear answer.
I am trying to create a bicep file with the appropriate setup for my webapi, but have been struggling with vnet as I transition from a prototype to a beta release. I thought it might be easy to find a template for a app service for web api, connecting to an Azure SQL database and files from blob storage using a vnet. The place where I am stuck right now it
service endpoints
subnet delegation
I read this post, which was helpful, but did not address service endpoints. Do I use delegation wherever possible and service endpoints when they are not available?
I have other service to add like notification hubs and am considering api management as well as key vault but really need to get the basics down and I am struggling.
A great reference for learning Bicep and seeing examples of how to create them:
Azure/ResourceModules
Azure/azure-quickstart-templates
Note while the quick start repoistory is ARM templates, you can take most of those and use Bicep CLI to convert them to Bicep.
The primary difference between delegation and service endpoints with virtual networks (vnets):
delegation means a given subnet is only going to be used by that service (this is related to PaaS services)
service endpoint is allowing secure and direct connectivity for that service to the subnet assigned
An example of the above:
Delegation
Deploying App Services is one of the most common Azure services that requires a dedicated subnet be allocated just for that service, aka delegation.
Service Endpoint
Deploying a Virtual Machine that you need to access a Storage Account from? The subnet where the Virtual Machine is deployed will need to have the Microsoft.Storage service endpoint enabled to allow the secure, direct connection to it.
One thing to note on service endpoints, while they are still used Microsoft recommends use of Private Endpoints as well. This allows you to directly connect to the service endpoint over the private/internal network of your VNet.
I have a query on a design hope you guys can clarify my doubt.
I have a specific requirement in which Mule is used just to expose the back end services in API gateway, backend services are written in Spring boot and other technology, all these services needs to be exposed in API gateway.
Is this a good practice to do that and if yes how can we do that?
I saw that in API manager we can create proxy layer on top of the services developed in Mule but is it possible to create proxies for the services developed in different technologies?
Absolutely ... For creating proxy service, it doesn't matter what type of technology does the backend service have.
It can create a proxy layer for any kind of backend service available either locally, in cloud or other remote location till the service url is accessible.
This proxy will create an additional layer hiding the actual url to the external world.
it doesn't matter what technology you are using for development as long as those are REST services and accessible to the cloudhub application. You can deploy those on-premise and can integrate your local runtime with cloudhub. Also, mule supports spring projects and you can directly configure your spring project/details inside mule.
We have a server in our DMZ that we use to host our WCF web services on for some external clients.
This server only accepts connections from a single IP address to make it more secure.
Does anyone know if this it is possible to add application insights to a service that only accepts connections from a single IP? would I need to make changes to allow application insights to work?
Thanks
Martin.
Application Insights collects telemetry and sends it out to back-end servers hosted in Azure. So, till you have outbound connectivity to Azure, your web services will work fine with Application Insights.
The company I'm working at does not have a great Infrastructure, it is treated as one big network, there is no network segregation. As such when were developing applications we have a TEST/UAT/PROD/DR setup. I have been developing a suite of services that have been deployed on all the above regions. How do i make sure that a developer can not call a production web service by accident? Is there anyway to restrict the service by caller (ie: server name?).
BTW all these services are internal and are not externally available.
Thanks Again for your help.
Josh
You could use Role based Authorization
Authorization In WCF-Based Services
I'm looking into creating a WCF service that will connect to our Product Management system to provide/update product licensing information. It will be a self hosting service wrapped up in an NT service and I'm looking at ways to mutually authenticate both the service and the client. Clients will be desktop applications running on the same machine as the service so I'm thought netTCP binding with Transport security would be sufficient but having looked at the documentation I think I can only achieve Windows credential security which probably isn't going to be good enough for me. Principally I'm trying to prevent spoof applications invoking operations on our service and also trying to prevent spoof services masquerading as our own.
Can anyone give me any suggestions? I'm a little concerned that I might have to look into certificates :S
Cheers,
Chris.
You can use certificates (service / client) to do mutual authN.
See http://msdn.microsoft.com/en-us/library/ms733102.aspx