I have a situation where messages are being generated by an internal application but the consumers for the messages are outside our enterprise network. Will either of http(s) transport or REST connectivity work in this scenario, with HTTP reverse proxy on DMZ? If not, is it safe to have a broker on the DMZ which can act as gateway to outside consumers?
Asked
Active
Viewed 391 times
0
-
What do you mean by "safe"? It's worth being specific here as "safe" to one person might not be "safe" to another. – Justin Bertram Apr 15 '18 at 20:31
-
@JustinBertram I mean "secure". I am not quite sure if it is a good idea to have broker on the DMZ. – sanjeev Apr 16 '18 at 06:10
-
The question remains. What specifically do you mean by "secure"? Without a clear understanding of what you're asking it will be difficult to provide clear answers. – Justin Bertram Apr 16 '18 at 12:48
1 Answers
0
Well, the rest/http approach to connect to ActiveMQ is very limited as it does not support true messaging semantics.
Exposing an ActiveMQ broker is no less secure than any other communication software if precautions are taken (TLS, default passwords changed, high entropy passwords are used and/or mutual authentication, recent patches applied, web console/jolokia not exposed externally without precautions etc etc).
In fact - you can buy online ActiveMQ instances from Amazon - which indicates that at least they think it's not such a bad idea to put them on the Internet.
Petter Nordlander
- 22,053
- 5
- 50
- 84