将Biztalk Web服务部署到DMZ [英] Deploying Biztalk Web Service to DMZ
问题描述
我们有一个带有IIS Web服务器的DMZ,而一个LAN上的BizTalk 2009.
We have a DMZ with an IIS Web Server, and BizTalk 2009 on a LAN.
我想知道部署BizTalk Web服务的最佳方法是什么,以便它可以在Internet上公开访问,但符合安全性最佳做法.
I'd like to know what is the best way to deploy a BizTalk Web Service so that it is publicly accessible on the Internet, but inline with security best practices.
我们是否应该将BizTalk生成的Web服务部署到IIS框中?
Should we deploy the BizTalk-generated Web Service to the IIS box?
我们应该将Web服务托管在BizTalk框上,还是将BizTalk公开(仅针对特定端口和特定外部IP)?
Should we host the Web Service on the BizTalk box and expose BizTalk to the world (for specific ports and specific external IP's only)?
我们应该使用IIS作为反向代理并在BizTalk上托管Web服务吗?
Should we use IIS as a reverse proxy and host the Web Service on BizTalk?
任何指导都值得赞赏.
推荐答案
我会认真考虑将Web服务与BizTalk架构分离,而不在DMZ设置中使用内置的已发布Web服务.自己创建一个Web服务,并使其能够覆盖实际的BizTalk Web服务,并在防火墙上打一个孔以允许连接到BizTalk Web服务.在此处.
I would seriously think about separating the web service from the BizTalk architecture and not use the built in published web service in a DMZ setting. Create a web service on its own and allow that to façade the actual BizTalk web service and just punch a hole in the firewall allowing the connection into the BizTalk web service. Take a look here.
这篇关于将Biztalk Web服务部署到DMZ的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!