0

We would like to split API Manager so it will run on two seperate machines:

Machine #1 will run

* API gateway - and any dependent component, but as minimal as possible

Machine #2 will run

* API Key Manager
* API publisher
* API store

On machine #1 we would like to install the miminum posssible set. Not sure if ESB is required there? Carbon? Something else?

Is such configuration is even possible? Suppose a publisher adds an API via machine #2, how this information becomes available to the gateway running on another machine?

Abimaran Kugathasan
  • 31,165
  • 11
  • 75
  • 105
Ofer Lahav
  • 411
  • 4
  • 14

1 Answers1

0

You can have a setup with the configuration that you mentioned above. In this case, in api-manager.xml of the 2# you have section called, Gateway which need to point to your gateway address. Also iin gateway which is 1# need to know the keymanager location to validate the incoming tokens. So api-manager.xml of gateway have section called APIKeyValidator which need to point to 2# where the key manager resides. More information can be found in [1]

[1] https://docs.wso2.com/display/CLUSTER420/Clustering+API+Manager

harsha89
  • 347
  • 4
  • 19
  • Host #2 does not have IP access to host #1, so requesting API gateway to access the key manager on host #2 is an issue, so I guess we'll have to install key manager alongside the gateway on host #1. – Ofer Lahav Jan 17 '16 at 15:15
  • In typical deployment gateway will be placed in DMZ while KeyManager in MZ. Because exposing key manager functionalities in DMZ is a security risk. If you need it you can have a both keymanager and gateway in a one node. – harsha89 Jan 17 '16 at 15:27
  • With this configuration, can I have one manager connected to multiple nodes running GW + KeyManager? How are the keys be synced between all the gateways? – Ofer Lahav Jan 18 '16 at 15:40
  • If we take seperate GW and KM, GW simply perform validation request to KM and get token data. If you enabled clustering our distributed cache implementation based on Hazelcast will replicatem gateway key cache. If both used in single machine you will need to point KeyManager Url from GW. You may point same GW point to it's own KeyManager. KeyManager will also use distributed cache to replicate the key cache. – harsha89 Jan 19 '16 at 08:44