Software AG Products 10.11 | Administrating API Gateway | Deployment | Deployment Configurations | Paired Deployment
 
Paired Deployment
 
Configuring Reverse Invoke Setup
Paired Deployment with Integration Server in Green Zone
Troubleshooting Tips: API Gateway and DMZ Connectivity
You can configure paired deployment using a reverse invoke setup.
Reverse Invoke Deployment for Paired Gateway Setup
Reverse invoke deployment allows you to securely expose your API end points without exposing the backend APIs or services. You can configure reverse invoke by initiating a connection from the backend servers of the API Gateway present in the demilitarized zone (DMZ).
In a normal configuration, your API Gateway accepts requests directly from the clients in DMZ zone which can cause network security issues. With reverse invoke setup, an additional API Gateway is used to enhance security. The additional API Gateway is placed in the insecure DMZ and the actual API Gateway that interacts with the native services, resides in the more secure green zone.
In a reverse invoke deployment scenario, the external clients send requests to the DMZ API Gateway. These requests are received by the external port of the DMZ API Gateway and forwarded to the registration port. The green zone API Gateway interacts with the registration port and receives the requests, processes the requests through the native service and sends back the responses to the registration port of the DMZ API Gateway. The responses are then forwarded to the external port of DMZ API Gateway and from there to the external clients. For more information on ports, see Ports .
Note:
The registration port and the external port operate independently. If you define the Registration port with the HTTP protocol, you can still configure the External port with the HTTPS protocol.