External Security and Load Balancing

<< Click to Display Table of Contents >>

Navigation:  Webservices > Integration >

External Security and Load Balancing

 

DTS Webservices do not provide an external Security Layer themselves and, while the distribution of requests within DTS is load balanced between the various data producer instances, another layer of load balancing may be desirable at the entry point of certain services. In these situations, we recommend using DTS Webservices in conjunction with a dedicated reverse proxy and load balancer, (e.g. Nginx, HAProxy, etc.).

In these section we will discuss when using such a layer may be desirable and what the advantages of using such a solution would be.

 

Security

 

An entry-point security layer is desirable if you need to provide access to the DTS services from outside your organization, or through the internet without network virtualization. It is also essential if you wish to setup a credentials barrier for accessing the services.

The advantages of using a reverse proxy in this case are:

The solution will use web-standard https with your desired encryption flavor and depth (SSL, TSL, etc.)

It will ensure encryption of all of the services' traffic, not just the message bodies (like document based encryption methods would)

It provides an easy way to define and configure credential barriers for various services with a lot of flexibility regarding login security

Can provide complementary features like redirecting unencrypted requests, DDoS attack protection, etc.

 

Load Balancing

 

An entry-point load balancer is desirable if high levels of traffic are expected on certain services and the initial request handling is likely to become a bottleneck. For such situations, multiple instances of a DTS webservice can be deployed on multiple application servers, and an external load balancer can be used to direct requests to the instances.

Advantages:

Greatly increases the intake capacity of individual webservices

Allows various criteria to be used for traffic routing

Allows the persistence of sessions and streams

 

All-In-One

 

Many reverse proxy / load balancing solutions provide all of the features required for securing and routing traffic from a single instance, are very efficient and conform to Web standards, thus providing the ideal approach for such situations.