We are developing a merchant application in that we have various modules like Schedule, Booking, Invoice e.t.c, each of this module are runs in different server, those are exposed through as RESTful granular services. UI layer will communicate with these granular service accordingly. To identify the request and redirect to specific micro service runs in service layer of various sever we have created a service gateway. Some of the service required data manipulation on the go which is presently accomplished through Mule ESB and some routing activities are also managed through it.
Actual purpose of the Service gateway is to match the request with service dictionary available and redirect to the respective micro service, at present its been developed in j2ee framework and runs in wildfly server. So to achieve the same process in light weight manner we come across a micro service manager like"getKong" and Customising "nginx" server to manage microservices, Mule ESB.
Along with Service Bus management is it advisable to use the Mule ESB as MicroService maanager as like getKong or any other valuable suggestion ?
In my personal opinion, you have three options:
If you don't need to perform authentication/authorization or/and
Throttling and your routing can be quite complex/complicated than is
completely fine to do it in Mule ESB.
If you do just URL rewrite nginx is probally the best choice for
minimum overhead and maximum performances.
If you really need an API manager with all the rich features than is
fine getKong or, if you want to stay in the MuleSoft
world and your are willing to pay, you can have a look at API
Gateway.
Hope this helps
Related
We are planning to implement CDC in our project and Pact is being considered as primary candidate. Currently I am working on a POC to set up end to end flow with CI/CD integration with GitLab. I have couple of questions related to Authentication/Authorization/security.
Consumer - Pact Broker: Consumers here are external partners. I see client side certificates as an option. I am not able to find much documentation or info on Web for the options available. Pact broker will be hosted in AWS. Can we place this behind a gateway?
Pact Broker and Provider: Both components are part of our infrastructure. In this case I understand that we will be generating a GitLab trigger token which will be passed as part of future requests to Provider pipeline. We will be using same token every time.
Could you please advise options available in both cases to make the communication more secure.
Thanks in advance.
We are planning to implement CDC in our project and Pact is being considered as primary candidate.
Good choice! :)
I have couple of questions related to Authentication/Authorization/security
The OSS broker doesn’t have any security controls other than basic auth and read-only/read-write access permissions (which isn’t very appropriate for external use for obvious reasons). There is basic support for redacting credentials in the UI, but you can still get them through API calls (even for read-only accounts).
Consumer - Pact Broker: Consumers here are external partners. I see client side certificates as an option. I am not able to find much documentation or info on Web for the options available. Pact broker will be hosted in AWS. Can we place this behind a gateway?
Where did you see that client certificates were supported? I’m sorry to say that is incorrect.
You can definitely put it behind a gateway/reverse proxy type thing: https://docs.pact.io/pact_broker/configuration/#running-the-broker-behind-a-reverse-proxy
You would need to add your own authentication layer for this purpose, so using a an API gateway for this that might be a good starting point.
Pact Broker and Provider: Both components are part of our infrastructure. In this case I understand that we will be generating a GitLab trigger token which will be passed as part of future requests to Provider pipeline. We will be using same token every time.
The provider side authentication is the same as consumer.
Alternatively, we have created Pactflow, which is a commercial version of the OSS Broker designed for enterprise use which has a full security model wrapped over the OSS broker including API tokens, and secrets, teams management and other useful features (see https://pactflow.io/features/ for more). We are also almost ready release CI users and fine-grained permissions management.
Let me briefly describe the context. Near future will bring changes which means in short introducing API Management solution for the company (large). A lot of different systems around, SOAP, REST, some other protocols.
The goal is to have one marketplace when user/customer could easily search through those mess. The case is that most of the avaliable APIS/Services are behind departments gateways, there are many of services behind such GW coupled by deparment context mostly. The main goal of GW's is to protect backend services in a way that those gateways verifies token with Identity & Authorization Provider (one common for company).
How can i publish those services which are behind those gateways? There are no swagger definition available for most of them. I have some concept idea but would be more than happy to know production solution for that case.
By using wso2 API Manager You can publish REST, SOAP, Websocket API's and you can provide different types of authentication like OAuth2, JWT, etc.
You can provide Scope(Authorization) for each API's
If you are a beginner wso2 API Manager is shipped with Pizza Shack API for learning purpose. Start the wso2 API management server and visit https://localhost:9443/publisher with authentication admin:admin. Once you visit the publisher portal it'll guide you to publish API.
Here is the link for documentation regarding the publishing of API's https://docs.wso2.com/display/AM210/API+Publishing
How can i publish those services which are behind those gateways?
There are no swagger definition available for most of them. I have
some concept idea but would be more than happy to know production
solution for that case.
The swagger definition is another way of publishing API in API manager if you have already swagger definition you can just import. But whatever API's you'll publish in API manager inside it stores as a Swagger definition.
If you are using Wso2 API manager for Production use please refer the following:https://docs.wso2.com/display/AM260/Product+Administration which will describe the necessary changes and fine-tuning to be done for production.
Further if you can have multitenant setup, in which each tenant will have a separate store which is a great feature https://wso2.com/library/articles/2016/08/article-multi-tenant-api-management-with-wso2-api-manager/
We have an enterprise web application implemented based on Spring-Security for authentication/authorization. This application is currently deployed on-premises on client side and usually we connect it to existing AD/LDAP systems.
Now we'd like to setup this web application within Amazon AWS for demo purposes. Therefore we need a kind of an user access frontend, where users can register and as soon as an admin approved this, the user should have access to the webapp ui. In addition a simple analytics layer is needed, to see some information about the user access.
It is important to have this "frontend" (could be a simple website based on a CMS like WordPress) just to explain the demo, to have the user registration functionality and the analytics layer. We explicitly don't want to include this in the existing web application, so it must be decoupled from each other.
What could be the right approach to setup such an environment? I just need the right direction to dig into the topics.
After a first research, we see that Amazon Cognito could be the right backend service for user data management. But we don't see "an easy way" to enable a simple frontend as described above (e.g. I didn't find a wordpress plugin to connect wordpress user data management with Apache Cognito). Also on the backend side I haven't find useful information how to integrate Apache Cognito with Spring Security.
If you are looking for a simple frontend we launched a new feature which gives you basic signup/login pages for your user pool.
I want to register two sample Java web applications with Spring Registry so that both applications can communicate directly. I don't know much about programming.
Here I found the Spring Registry code, where Spring backend application is registering itself when it is deployed on Cloud Foundry, so that any Spring frontend application that is trying to reach the backend can communicate directly.
How can I register a simple Java dynamic web application to make direct communication between them without using the third-party services like RabbitMQ?
I think you are misunderstanding the use cases. The Netflix Eureka registry is for service registry that helps facilitate service to service communication.
Suppose a service - abc.foo.com and it needs to call another service pqr.foo.com. You don't want the path for the pqr service hardcoded in the abc service. Hardcoding like is an anti-pattern for cloud native applications. The approach is to have service abc and pqr register themselves with a service registry (eureka, consul, etc.). Then at runtime, the service, abc here, can interrogate registry and get an active instance of the pqr service and invoke it.
For your Java web applications, that need to call each other, I am assuming, all your interactions (service calls) are done on server-side. In which case, using Eureka registry, one microservice an easily find and get instance of another service and invoke it. You don't need RabbitMQ for that.
I would recommend looking at the jHipster project. It is an open source project. They have a Eureka based registry service, a gateway service, microservices and client-side UI (Node.js).
It will be a good starting point and there is a lot of open source help available.
I hope this helps!
I am developing a web application for image upload and retrieval with AWS cloud services using a micro service architecture.
I am new to AWS and micro service architecture, please help me map the components of the architecture to AWS components.
Do i consider each micro service to run on one EC2 instance with auto scaling and load balancing?
Or do I run each micro service on one EC2 cluster?
If i put my static html files in an S3, how can i call database methods to load the html pages with content?
Is it by calling am API gateway from the client?
I have searched the web, but was unable to find a tutorial which implements multiple services as micro services using AWS EC2 / ECS.
Please help me figure out how to map my requirements and if there are any tutorials on implementing a similar app, will be very helpful.
Thank you in advance! :)
In short, you could use the serverless architecture i.e (with AWS's APIGateway and Lambda services) to build robust micro service based web applications.
Since you said that you were new to micro services architecture, I am listing down the best approaches.
Frontend/client
Single page applications(SPA) work well in the front-end and as they are a static site, they could be easily deployed to S3. This is the most cost efficient approach for SPAs. Here is a video deploying SPA on S3. This video will guide you through step by step instructions for deploying your SPA.
In case, you use react and redux in the front end, check out these steps for deploying react app to S3.
Backend
AWS EC2 is a good option. But there are many more alternatives available. As you said, you were new to backend, setting up EC2, VPC's and Elastic-ip is a little difficult process.
Nowadays, SPA's cover a lot of business logic, routing, etc., We need our backend only as API's for performing CRUD operations with database. I would like to suggest a bleeding edge technology called serverless. Here is the tutorial for launching your backend within 5 minutes. AWS lambda is a service that is called as function as service. You can build your backend using AWS lambda + API gateway + DynamoDB.
For eg: say you want to register some details in backend, you will POST all the data from client to your backend with url and proper path. In AWS lambda, you write your logic for POST as a function, which contains the logic to parse the data from request and send to dynamoDB. Now, this function can be exposed to world by connecting this function with API gateway( an another service in AWS). At the end we get an API, which can be used in your angular 2 APP. SO, on invoking the POST, angular 2 -> API gateway -> Lambda(extract request and send to DB) -> dynamoDB.
Benefits of using serverless compared to EC2.
You don't need to manage your server(EC2) from updating the new security patch to auto-scaling, everything is taken care by lambda. Serverless is a fully managed service.
You only pay when your lambda functions are invoked. On the contrast, even though your web app doesn't receive traffic for a given day, you have to pay the day-tariff for the given day.
Here is my github repo which could be a boiler plate for reactJS + Serverless + graphQL web app.
Having said, try serverless when compared to traditional backend approach. Any questions on this would be welcomed.