{ Community }
  • Academy
  • Docs
  • Developers
  • Resources
    • Community Articles
    • Apigee on GitHub
    • Code Samples
    • Videos & eBooks
    • Accelerator Methodology
  • Support
  • Ask a Question
  • Spaces
    • Product Announcements
    • General
    • Edge/API Management
    • Developer Portal (Drupal-based)
    • Developer Portal (Integrated)
    • API Design
    • APIM on Istio
    • Extensions
    • Business of APIs
    • Academy/Certification
    • Analytics
    • Events
    • Hybrid
    • Integration (AWS, PCF, Etc.)
    • Microgateway
    • Monetization
    • Private Cloud Deployment
    • Insights
    • IoT Apigee Link
    • BaaS/Usergrid
    • BaaS Transition/Migration
    • Apigee-127
    • New Customers
    • Topics
    • Questions
    • Articles
    • Ideas
    • Leaderboard
    • Badges
  • Log in
  • Sign up

Get answers, ideas, and support from the Apigee Community

  • Home /
  • Edge/API Management /
avatar image
1
Question by srinivas veeraraghavan · Jul 18, 2018 at 12:31 AM · 669 Views public cloudtopology

Apigee Edge SaaS Cloud Topology

We are starting use of the Apigee Edge SaaS Cloud product ( API management and gateway both on the public cloud ) . I have the following queries around the overall deployment topology from cloud to on-premise services.

  • We would typically terminate inbound Internet connections on a reverse proxy within our DMZ. Is there any issues with this setup? Also Apigee edge server can act as a TLS server and client so would we terminate TLS/SSL on the apigee edge cloud for a request coming from a external party or use our reverse proxy in the DMZ.
  • What is the best way to cross connect with AWS VPC for some of our services from Apigee Edge SaaS cloud API. We would need network connectivity to both AWS VPC and our on-prem for different requirements.
  • Does apigee edge cloud servers have fixed ip address range so that we could use ip whitelisting on our firewall to allow inbound connections.If not please recommend alternatives.

Could you please also share any best practices or reference architecture documentation available for enterprise deployments.

Comment
Add comment
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Close

1 Answer

  • Sort: 
avatar image
2

Answer by Anil Sagar @ Google   · Jul 18, 2018 at 02:26 AM

@srinivas veeraraghavan ,

Glad to know that you are getting started with Apigee Edge On Cloud.

Please find answers for your questions.

We would typically terminate inbound Internet connections on a reverse proxy within our DMZ. Is there any issues with this setup? Also Apigee edge server can act as a TLS server and client so would we terminate TLS/SSL on the apigee edge cloud for a request coming from a external party or use our reverse proxy in the DMZ.

  • No Issues, That's how exactly enterprises work.Yes, Between Apigee & Client on northbound you can setup 1-way or 2-way SSL on top of that implement API Security using OAuth, JWT, Keys etc. Between Apigee Edge & Your OnPremises server we recommend using 2-way mutual SSL to secure connection between Apigee & Your Backend. Mutual SSL is most trusted to secure connection between Apigee & Backend so that no one can access backend directly except Apigee. All API calls will be secured using Apigee API Security Features like OAuth , Keys, Tokens on northbound.
  • External Party talks to Apigee using 1-way SSL + API Securty, Apigee terminates nortboubd TLS/SSL. You will do API Management in Apigee by creating API Proxies. API Proxies talk to your backend OnPremises using 2-way SSL.

What is the best way to cross connect with AWS VPC for some of our services from Apigee Edge SaaS cloud API. We would need network connectivity to both AWS VPC and our on-prem for different requirements.

  • You can connect with both the backends (AWS VPC, OnPremises). Just treat them as two different backends & Secure them using 2-way SSL.

Does apigee edge cloud servers have fixed ip address range so that we could use ip whitelisting on our firewall to allow inbound connections.If not please recommend alternatives.

  • Yes, Apigee support team can share same. But we highly recommend Mutual SSL. You can do Mutual SSL + IP Whitelisting.

More about same here

-------------------------------

Anil Sagar

Learn Apigee Concepts in 4 Minutes HandsOn

Comment
Add comment Show 1 · Link
10 |5000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by Apigeeks only
  • Viewable by the original poster
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users
avatar image srinivas veeraraghavan · Jul 20, 2018 at 12:34 AM 0
Link

Thank you very much for your prompt response and recommendations. This is very useful.

Followup clarification regarding API Security itself, are there any best practices/recommendations for public facing APIs handling sensitive personal data. Could you please share Apigee best practices/recommendations for this.

Follow this Question

Answers Answers and Comments

59 People are following this question.

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Related Questions

Edge system topologies 1 Answer

how to add three or more data centers to the apigee edge ? 1 Answer

Is it possible to use an LDAP server within a policy flow, in Apigee Edge in the public cloud? 1 Answer

Public Cloud - Partial Failure When Deploying 1 Answer

How many routers and message processors are used by default in apigee public cloud? 1 Answer

  • Products
    • Edge - APIs
    • Insights - Big Data
    • Plans
  • Developers
    • Overview
    • Documentation
  • Resources
    • Overview
    • Blog
    • Apigee Institute
    • Academy
    • Documentation
  • Company
    • Overview
    • Press
    • Customers
    • Partners
    • Team
    • Events
    • Careers
    • Contact Us
  • Support
    • Support Overview
    • Documentation
    • Status
    • Edge Support Portal
    • Privacy Policy
    • Terms & Conditions
© 2019 Apigee Corp. All rights reserved. - Apigee Community Terms of Use - Powered by AnswerHub
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Create an article
  • Post an idea
  • Spaces
  • Product Announcements
  • General
  • Edge/API Management
  • Developer Portal (Drupal-based)
  • Developer Portal (Integrated)
  • API Design
  • APIM on Istio
  • Extensions
  • Business of APIs
  • Academy/Certification
  • Analytics
  • Events
  • Hybrid
  • Integration (AWS, PCF, Etc.)
  • Microgateway
  • Monetization
  • Private Cloud Deployment
  • Insights
  • IoT Apigee Link
  • BaaS/Usergrid
  • BaaS Transition/Migration
  • Apigee-127
  • New Customers
  • Explore
  • Topics
  • Questions
  • Articles
  • Ideas
  • Members
  • Badges