BEA AquaLogic™ Service Bus behind the Firewall in Service-Oriented Architecture from BEA Systems

BEA White Paper BEA AquaLogic Service Bus behind the Firewall in Service-Oriented Architecture

2.3.10. SSL and TLS: Designing and Building Secure Systems, by Eric Rescorla,

Addison-Wesley, 2001

http://www.rtfm.com/sslbook/

2.3.11. Setting up a test network

http://www.networkworld.com/columnists/2004/0712nutter.html

2.3.12. Firewalls and Internet Security: Repelling the Wily Hacker, Second Edition;

William R. Cheswick, Steven M. Bellovin, and Aviel D. Rubin

http://www.wilyhacker.com/

3. Problem definition: How to establish two-way

inbound and two-way outbound SSL authentication

between client, BEA AquaLogic Service Bus, and

business service separated by firewalls

The goal is to establish inbound two-way and outbound two-way SSL authentication, each through the firewall,

for the scenario in which:

" A client sends an HTTPS request to a BEA AquaLogic Service Bus proxy service.

" A BEA AquaLogic Service Bus proxy service routes the request to a BEA WebLogic Server 9.x-hosted

business service over HTTPS.

" A business service receives a request and sends an HTTPS response to the client via the BEA AquaLogic

Service Bus proxy service.

4. Deployment architecture, set-up, and configuration

In general, the details of the installation and configuration depend on the operating system, the number of

machines, and the desired cluster sizes of BEA WebLogic Server domains. Typically in a production environ-

ment, the client, the BEA AquaLogic Service Bus proxy service, and the business service are hosted on sepa-

rate machines. In addition, each BEA WebLogic Server cluster node is hosted on a separate hardware system.

The following section describes a simplified example of how to set up and configure request/response messag-

ing between a client, a BEA AquaLogic Service Bus proxy service, and a business service for testing. The

example uses minimum hardware consisting of two systems, each running a Microsoft Windows operating sys-

tem. The first machine hosts the client and business service. The second machine hosts the BEA AquaLogic

Service Bus proxy service.

The first and second machines are separated by two firewalls, with a lab network between firewalls. The lab

network simulates a public network like the Internet. This is a simplification of a typical set-up in which each