Groundplex network rules and security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-20-2022 08:06 AM
Hello SnapLogic Community,
My institution is a new customer and we are planning for a groundplex install. I am interested to know if other groundplex customers allow incoming transactions from cloud partners directed to on-site databases and ERP systems? We do not license the API management function and don’t yet have plans to allow incoming transactions to API endpoints on internal systems. We do however currently exchange a lot of files.
For groundplex customers accepting incoming transactions from cloud partners, how is your groundplex positioned in your network? Is there a server or other device between your groundplex and the cloud? Thanks for any advice you can offer to a newbie.
- Labels:
-
General Information
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-25-2022 10:21 AM
A load balancer needs to be provisioned for such scenarios where APIs are triggered on the Snaplex nodes externally. The Snaplex nodes should not be exposed to the external network, all requests to the Snaplex should come through the load balancer.
The load balancer requirement is the same with or without the APIM management feature being enabled. Enabling the APIM feature will provide additional authentication and authorization mechanisms to protect the API endpoint.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-26-2022 10:27 AM
Hi @geliason,
@akidave’s suggestions will likely better suit your use cases, but here’s another option (with limitations😞
When you create a triggered task to expose an endpoint for inbound calls, it provides both external and in-network endpoint URLs. You can provide the “Cloud URL” to the cloud partners without exposing your groundplex outside the network or having to manage an external load balancer. With that said, the Cloud URL has its limitations, so you will want to read the Support & Limitations section of the documentation before settling on this option.
For us: we do use the triggered-task Cloud URL capability for transactional activity with small payloads. However, we typically build pipelines to use the partner APIs to pull or push data on schedule or demand. We’ve also had cases where we used ours or our partner’s sFTP servers.