This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Apigee SaaS to OnPremise connectivity- Planning

Posted on 07-14-2019 08:47 AM
abiramradhakris
New Member
Reply posted on --/--/---- --:-- AM

Hi,

If we have a situation where Apigee SaaS need to be integrated with OnPremise set up for generating Token (in OnPremise) and invoking the backend , where Apigee SaaS is a Resource Server and OAUTH is thro on premise OAUTH server, what should plan looks like for integrating such case.

1. MTLS Configuration between Apigee SaaS and On Premise Env.

2. Client should be able to invoke hte Apigee SaaS.

3. Infrastructure readiness & connectivity (Like Firewall clearance and any Whitelisting if required) in On Premise for incoming Apigee request.

3."Configuration of all Apigee Proxies to do required Environment changes. for KeyValue and TargetServer.

4. Creation of Apigee Proxies to invoke the on premise API and turn on trace for error.

5.Validate the APigee Analytics.

6.Integrate the Apigee SaaS with OnPremise Enterprise Logging Framework.

Is there anything missing in plan or steps to be added in order to capture such integration or to plan correctly and derive @ correct estimation.

0 3 345
Topic Labels
0 Likes
Reply
3 REPLIES 3

Posted on --/--/---- --:-- AM
cjking
Staff
Reply posted on --/--/---- --:-- AM

> Infrastructure readiness & connectivity (Like Firewall clearance and any Whitelisting if required)

If you have not done so already you will need to request static southbound IPs from Support for your SaaS deployment if you want to whitelist the incoming IPs. If you're doing mTLS then doing IP whitelisting as well may be overkill but it depends on your security requirements.

0 Likes
Reply

Posted on --/--/---- --:-- AM
abiramradhakris
New Member
In response to cjking
Reply posted on --/--/---- --:-- AM
@Christian King

Thanks for response. We have requested for Static IPs for SaaS.

Good to know that whitelisting between Apigee SaaS and On Premise and MTLS between say Apigee SaaS and Onpremise Load balance seems to be similar security measures.. Is it because its covering same Layer..?

& https between Apigee SaaS and Onpremise (componet) with above Whiltelist will be enough (without MTLS) will be fine, if that's true.

0 Likes
Reply

Posted on --/--/---- --:-- AM
cjking
Staff
Reply posted on --/--/---- --:-- AM

From a security point of view IP whitelisting and MTLS overlap to some extent - they both allow the backend to verify that the request is coming from Apigee.

IP whitelisting has been around a long time, is very cheap in terms of CPU cycles and is well understood which is why it is popular but it relies on the security of inter-network routing and has a number of well understood issues like https://en.wikipedia.org/wiki/BGP_hijacking and https://en.wikipedia.org/wiki/Man-in-the-middle_attack for which it has no defense.

MTLS is more complex to set up and more computationally expensive (although much less than it used to be) but provides better security, and security against more things (eg, eavesdropping, DNS hijacking).

In the end, which of these (or both) you want to use will come down to what level of security you need, what you need security against, and any regulations you have to comply with.

0 Likes
Reply