Kbase P22591: What is the recommended topology of MQ broker for secure net
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
11/25/2003 |
|
Status: Unverified
GOAL:
What is the recommended topology of MQ broker for secure network?
FIX:
There are some basic configurations.
1 SonicMQ in DMZ, without a reverse proxy server
2 SonicMQ within LAN and reverse proxy server in DMZ.
3 Open SSL port directly to Sonic on internal LAN
If you are in total control of your Firewall rules then the easiest way is to open an SSL port directly to the SonicMQ on internal LAN. Reverse proxy should be the last resort: in addition to performance, the reliability could be an issue -- the proxy modifies actual URL and it sometimes messed it up -- the application must be very well tested with a particular proxy.