I want to consider using a Bluemix to run my application? For a firewall problem, I want to use a secure gateway of IBM that is one service in Bluemix. It uses a web socket. I customized a web socket of jetty in the past. So I am wondering if a web socket client makes a permanent connection with a web socket server. Does the server giving data back to the client? If the connection is disconnected for some reason, how can the web socket handle this exception?
If you're wondering about how Bluemix Secure Gateway handles these situations, then yes, the Secure Gateway Client creates a persistent secure websocket connection to the Secure Gateway Servers which allows for the necessary communication between your application and your resource(s) behind the firewall. If the websocket connection goes down, the Secure Gateway Client will attempt to establish a new websocket connection with the Secure Gateway Servers.
Related
I am currently trying to connect a React Native app to a Meteor server. I am able to connect to the web socket using a browser Web Socket Client. However, my react native app which uses the react-native-meteor boilerplate is unable to connect to the web socket (it is able to connect to web sockets on the local network). I am using a self-signed SSL certificate. Could this be preventing a successful connection from the phone app to the web socket?
Any help is appreciated!
Turns out that the answer is yes. I added an SSL certificate to my server and was finally able to connect to the server through a secure websocket.
Our customer is planning for APIC on Bluemix cloud to On-premise connectivity for IIB APIs.
For secure connection we are planning to use Secure gateway service on Bluemix and creating secure gateway client on customer existing DataPower .
At present there is an internet connectivity via eth0 of DataPower at customer datacenter where a service is running on 443.
We want to seggregate traffic comming from Bluemix and the existing non-bluemix traffic.
So We are planning to create a new eth1 dedicated for Bluemix calls, that will also talk to internet on port 443 and 9000 (as required by secure gateway service) .
How do we make sure Bluemix traffic cames to Gateway via Eth1
The Secure Gateway Client initiates the connection to the SG Servers in Bluemix with the combination of requests across 443 and 9000. Once that connection has been initiated, it will remain open and all traffic from Secure Gateway will travel across it.
I am trying to access a secured WAS URL via the Secure Gateway. I can access an unsecured page via HTTP. When I set the Secure Gateway Destination to HTTPS and try to access the secured page (requires a userid/password), the connection fails.
Last year I was told that HTTPS was not supported. However, I think that I just don't know how to configure the Secure Gateway to do it now.
In order for HTTPS to be in use on both sides of the connection (app to Secure Gateway Server, and Secure Gateway Client to on-premises resource), the protocol should be HTTPS (which it sounds like you have) and you should also enable Destination-side TLS under the Advanced options panel of the destination. This will cause the connection being made from the Secure Gateway Client to the on-premises resource to be HTTPS rather than HTTP.
I am going to use Secure Gateway service in Bluemix and I have some questions about how I should make it work.
Systems in my data center's intranet access the Internet through a proxy (with no authentication). Can Secure Gateway connect to Bluemix via a proxy?
Does it connect to Bluemix via HTTPS protocol?
The network admins asked me: What are the IPs (or the IP range) of Bluemix, any idea?
Thank you very much.
A Secure Gateway instance runs in two parts, as shown in "Reaching enterprise backend with Bluemix Secure Gateway via console": the gateway and the gateway client. The gateway runs in Bluemix, the gateway client runs in the data center containing one or more systems of record to connect to. The gateway client needs network access to the Bluemix data center (typically via the Internet) and to the systems of record (via the data center's internal network). The gateway client initiates the connection, so it needs to know Bluemix's address, but Bluemix doesn't need to know the gateway client's address.
To answer your questions specifically:
A proxy isn't supported. The gateway and its client need direct access to each other.
The connection uses HTTPS for SSL encryption. The transport level security (TLS) options can be used to add authentication.
Bluemix's IP addresses aren't published.
For point 3:
The client connects outbound to the cloud services. Once the SecGW is connected, all additional Destination connects flow through that connection, no additional firewall or iptables rules are needed. If they have a rule in-place so that the on-premises machine where the SecureGateway client is installed can use the outbound port 443 (HTTPS) to make connections, that is all they need.
Does the Datapower Secure Connection in Bluemix require the Datapower to be internet facing ?
If Bluemix starts the connection, the answer is maybe yes.
But as the Basic Secure Connection (Software), if that one initiates the connection, the server running the Basic Secure Connection only needs to have internet access (behind a firewall/gateway/etc...), but doesn't need to be internet facing : IP# on internet.
I have set up a Bluemix DataPower Secure Connection (in the Bluemix Cloud Integration Service) towards my on-premise DataPower appliance. The DataPower Secure Connection are pointing to an Internet IP, and my on-premise firewall maps this to the DataPower appliances "DMZ" ethernet interface.
On the DataPower appliance, the Cloud Gateway Service is configured to receive connections from the Bluemix DataPower Secure Connections. This seems to work well for endpoints I have added to the Cloud Gateway Service. Right now I am working on adding (1-way and 2-way) TLS in the Bluemix DataPower Secure Connection.
To my knowledge the DataPower connector and the Basic Secure connector must be able to connect to your DataPower. This is usually initiated by the on-premises side, either your DataPower or the Basic Connector client running on-premises.
Also, DataPower v7.2 now supports Secure Gateway connectivity which is the preferred way to securely connect your cloud applications to your on-premises DataPower resources. The UI for DataPower has been updated to provide the ability to configure for these connections.