I'm working on a POC for Blockchain and Bluemix (new to both), and the Dedicated Bluemix doesn't have the Blockchain services in it. So, I moved to the Public Bluemix environment but have to pay for the database usage.
Is there any way we can have a connection between the Public and Dedicated Bluemix environments, such that my application is deployed in Public Bluemix and the database is deployed in the Dedicated Bluemix environment?
It's a technical question...
I can't tell you 100% if this works but you could try this...
From the Public Bluemix create a Secure Gateway connection to a net zone with access to the Dedicated Bluemix, whether that on prem or public dedicated.
On the net zone with access to your Bluemix dedicate you would have to setup a Secure Gateway client, either a Docker image or if you have a Datapower near to your Bluemix dedicated you could use it as your Secure Gateway Client.
Good luck
Related
We want to deploy our application on a cloud inside our corporate network so that it can be used to test APIs that exist within that network. We do not want to allow public access to this application nor to the internal APIs.
I've looked at deploying ICP internally onto resources (VMs) we've made available, but am wondering if IBM Cloud Dedicated is the better solution since I believe it's closer to IBM Cloud, which is where we've deployed our public-facing application.
IBM Cloud Dedicated is a single-tenant cloud environment, but it's hosted in an IBM data centre, so it might not meet your requirements. It can use VPN to securely connect to the local data centre - but that's also possible with public cloud, using the Secure Gateway. Depending on the sensitivity of the application, public cloud and secure gateway could be a good solution.
If you do want something inside the corporate nework, IBM Cloud Private (ICP) is a good choice. It's a significant part of IBM's hybrid cloud guidance so I personally wouldn't worry too much about technical differences between it and the public cloud.
Should I be able to setup secure gateway to be able to connect to my on-prem SQL server DB, using SQL Server Management Studio on my laptop from home (not on prem)?
You don't "have to" use the secure gateway in order for your application on the cloud to see your local db. You could simply give your application the public ip (and port) of the local machine and they should work fine.
It is however a good practise to use the Secure Gateway service as it can ensure the security of the local-to-cloud communication. Make sure to have a look at the documentation to learn how the service works - https://console.ng.bluemix.net/docs/services/SecureGateway/secure_gateway.html
Corporate AS400 server having Application and database DB2 running. currently there is no reporting tool for this application.
Planning to create new application on IBM bluemix with PHP. how can I connect secure DB2 database with IBM bluemix API.
As commented by mustaccio, you have tagged your question with secure-gateway - have you seen the Bluemix secure gateway documentation?
About Secure Gateway
Last updated: 6 December 2016
The Secure Gateway service provides you with a secure way to access
your on-premises or cloud data from your Bluemix® application through
a secure passage.
How Secure Gateway works
As displayed in the following diagram, the
service works by using a client to connect to your Bluemix
organization. Next, you add the service to your Bluemix organization.
Then, by using the Secure Gateway UI or REST API you can begin
creating your gateway by connecting to your client and creating a
destination point to your on-premises or cloud data. To increase
security, you can add application-side Transport Layer Security (TLS),
which encrypts the data that travels from your app to the client. You
can extend this security with client-side TLS, which encrypts the data
from the client to the on-premises or cloud data. When you complete
your gateway configuration, you can monitor the behavior of your
gateways and destinations in the Secure Gateway Dashboard.
Source: https://console.ng.bluemix.net/docs/services/SecureGateway/sg_overview.html#sg_overview
The Secure Gateway documentation describes all the steps you need to follow to connect a Bluemix application to an internal service.
I'm currently deploying on cloud foundry, Now I have a frontend server and a backend server.
Both deployed as micro services with the Cloud Foundry nodejs build pack.
I would like to hide the backend server from the outside world, that only my frontend server can access it. How do I do that?
If I remove the route to the backend server the server is hidden from the outside but then I do not know how to access it from my frontend.
I'm new to Cloud Foundry maybe there is an easy way.
Thanks
Andreas
Thanks for the information so far.
I do however not understand how I could now hide my backend instance from being accessed from the outside, but allow for access of the frontrontend?
Basically what roule would I need to set in my space in order to allow only port 80 to be accessed of my frontend instance (lets say the frontend ip is 168.192.0.5).
could you make an example?
If you are using OSS Cloud Foundry, you can put the backend services into their own space, and then set the security group rules for that space so that they will not respond to outside IP addresses:
https://docs.pivotal.io/pivotalcf/adminguide/app-sec-groups.html
If you are using Pivotal Cloud Foundry, you can use Spring Cloud Service Discovery, as Amit said.
What about using "cf push myjavaapp --no-route"?
The no-route option tell Bluemix that your backend is not a web application.
Another solution to hide the back-end microservice from the public is to use containers (also available on Bluemix, based on Docker, see https://www.ng.bluemix.net/docs/containers/container_gettingstarted.html). Containers have a private IP by default and can access other containers in the same space. You can assign the front-end microservice a public IP using e.g. following command
cf ic ip bind {public_ip} {container_name}
but don't assign a public address to your back-end microservices.
(A few weeks ago I've created a simple example for a microservice in a container, you can find the code at
https://hub.jazz.net/project/matthiashub/bluemix-unistuttgart-container/overview I admit that this was done in Java and not in nodejs but I think you get the idea.)
I have a public Bluemix CF APP which exposes a REST Service. I would like to have the option, that the public url bound to the CFApp would be inaccessible from outside. The REST Service itself should only be usable from other CF Apps in my org, for example over API Management. I don't want to implement an own security mechanism for it, because API Management provides already everything I need to control, which clients will access my service. So some kind of private route inside Bluemix public, only available to runtimes and services in my Bluemix organisation.
This is not currently possible with IBM Bluemix, due to limitations in Cloud Foundry.
All bound routes are accessible from the external network.
If you want to have a private API exposed, you have the following options.
Add authentication to the REST API, managing the credentials as a user-provided service bound to all the apps. The API will be accessible externally but only by users with the credentials.
Use an application service, like a message queue, to expose an internal RPC-style API. Applications can bind to the same service and it will only be accessible internally.