1

Does the Datapower Secure Connection in Bluemix require the Datapower to be internet facing ? If Bluemix starts the connection, the answer is maybe yes. But as the Basic Secure Connection (Software), if that one initiates the connection, the server running the Basic Secure Connection only needs to have internet access (behind a firewall/gateway/etc...), but doesn't need to be internet facing : IP@ on internet.

Aymeric
  • 95
  • 1
  • 4

2 Answers2

0

To my knowledge the DataPower connector and the Basic Secure connector must be able to connect to your DataPower. This is usually initiated by the on-premises side, either your DataPower or the Basic Connector client running on-premises. Also, DataPower v7.2 now supports Secure Gateway connectivity which is the preferred way to securely connect your cloud applications to your on-premises DataPower resources. The UI for DataPower has been updated to provide the ability to configure for these connections.

doktoroblivion
  • 428
  • 3
  • 14
  • I tried to setup a connection between my Datapower and Bluemix using a Datapower Secure Connection in Bluemix. Did not succeed and wanted to be sure that the Datapower doesn't need to be on Internet, but can be on-premise behind a gateway. – Aymeric Apr 30 '15 at 09:27
0

I have set up a Bluemix DataPower Secure Connection (in the Bluemix Cloud Integration Service) towards my on-premise DataPower appliance. The DataPower Secure Connection are pointing to an Internet IP, and my on-premise firewall maps this to the DataPower appliances "DMZ" ethernet interface.

On the DataPower appliance, the Cloud Gateway Service is configured to receive connections from the Bluemix DataPower Secure Connections. This seems to work well for endpoints I have added to the Cloud Gateway Service. Right now I am working on adding (1-way and 2-way) TLS in the Bluemix DataPower Secure Connection.

halfer
  • 19,824
  • 17
  • 99
  • 186
tverilytt
  • 73
  • 1
  • 2
  • 8
  • So it meens that the Datapower appliance needs an Internet IP@. @Erick it seems that for Datapower connection it's Bluemix that initiates the call, not Datapower. – Aymeric May 12 '15 at 08:45
  • Well, Bluemix needs to be able to reach DataPower's Cloud Gateway Service. Network-wise, the DMZ firewall typically NAT to DataPowers IP (which is an internal IP address). – tverilytt May 13 '15 at 09:38
  • I also now have tested with TLS, and it also seems to work well. With TLS, my Bluemix application has to do a HTPS connection to the Bluemix DataPower Secure Connection endpoint. And then that connection takes care of the secure connection to on-premise DataPower Cloud Gateway. In that Cloud Gateway, desired on-premise service endpoints are configured. Also now there is a new Bluemix service - Secure Gateway. Which involves Docker and DataPower. I have not tested that yet. – tverilytt May 13 '15 at 09:47