In the docs:
it states that: "Apigee recommends that you disable HTTP access in production environments"
But in a topology where the Management Server and Edge UI are on the same node, why is this necessary? If UI and MS are talking to each other via a localhost address, does this not mean that traffic would go via the loopback device? As such there is no risk of a packet capture on another host from picking up this traffic 'in the clear' (HTTP).
I would also point out that none of the topologies mentioned in the docs have UI and MS on different nodes:
http://docs.apigee.com/private-cloud/latest/installation-topologies
Solved! Go to Solution.
Rohan,
As before (MP question) it depends on your security practices. But generally speaking it is not required.
You can enable TLS on UI or terminate TLS for UI on the Load Balancer used for UI and keep MS as HTTP.
Also, leaving HTTP access to the management API enabled just for the Edge UI means the API is also available over HTTP externally unless you lock down port 8080.
Stephen
User | Count |
---|---|
3 | |
2 | |
2 | |
1 | |
1 |