LinkedIn
Twitter
Glad to know that you are getting started with Apigee Edge On Cloud.
Please find answers for your questions.
We would typically terminate inbound Internet connections on a reverse proxy within our DMZ. Is there any issues with this setup? Also Apigee edge server can act as a TLS server and client so would we terminate TLS/SSL on the apigee edge cloud for a request coming from a external party or use our reverse proxy in the DMZ.
- No Issues, That's how exactly enterprises work.Yes, Between Apigee & Client on northbound you can setup 1-way or 2-way SSL on top of that implement API Security using OAuth, JWT, Keys etc. Between Apigee Edge & Your OnPremises server we recommend using 2-way mutual SSL to secure connection between Apigee & Your Backend. Mutual SSL is most trusted to secure connection between Apigee & Backend so that no one can access backend directly except Apigee. All API calls will be secured using Apigee API Security Features like OAuth , Keys, Tokens on northbound.
- External Party talks to Apigee using 1-way SSL + API Securty, Apigee terminates nortboubd TLS/SSL. You will do API Management in Apigee by creating API Proxies. API Proxies talk to your backend OnPremises using 2-way SSL.
What is the best way to cross connect with AWS VPC for some of our services from Apigee Edge SaaS cloud API. We would need network connectivity to both AWS VPC and our on-prem for different requirements.
- You can connect with both the backends (AWS VPC, OnPremises). Just treat them as two different backends & Secure them using 2-way SSL.
Does apigee edge cloud servers have fixed ip address range so that we could use ip whitelisting on our firewall to allow inbound connections.If not please recommend alternatives.
- Yes, Apigee support team can share same. But we highly recommend Mutual SSL. You can do Mutual SSL + IP Whitelisting.
More about same here
-------------------------------
Anil Sagar
