Hello
Progress 11.3.2 (64-bit).
Aix 7 (64-bit)
We currently have Enterprise Database with Client Networking Licenses.
We are considering purchasing Appserver (probably PASOE) license for new REST project to provide WEB Reporting to both internal and External users.
Progress is telling us that if we put Appserver on same (AIX) server where our Database Server is, that we will have 'shared memory' connection from Appserver to DB Server - therefore we will save one network hop.
Since external users/clients will also have access to our reporting application, from security point of view, where should Appserver be installed, same server as DB server, or on separate server?
If 'separate server' which OS will you recommend to put Appserver on (AIX, Linux or Windows)?
Appserver is all new to us so apologies if I'm asking obvious questions...
Thanks
Jan
As Gus mentioned, you can have layers of security configured using PASOE. I would thinik of below options to make my PASOE Instance secure.
1. Use HTTPS only configuration in PASOE and disable other ports.
2. To protect your Appserver from external access, you can configure a Load balencer(Apache,IIS or nginx) of your choice and configure the load balancer to access PASOE instance only from the Load balancer configured machine. You can also startup multiple instances and load balance across the instance to always have your application running.
3. Disable HTTPS and HTTP and use only AJP13 connector to communicate between Load balancer and tomcat
4. Use HTTPS + PASOE Security (take benefit of Authentication & Authorization patterns in PASOE)
* you can configure PASOE to be quite secure. there are dox to explain how.
* you can have more than one appserver instance so you could have one for local users and another for remote if desired. and you should have a separate one for development anyhow.
I have no experience with PAS as we still use classic AppServer. However, we do some REST and the tomcat instance is on a PC in our DMZ which is outside of our internal LAN. We then open up the ports necessary in our firewall to allow the tomcat instance to get to our Appserver in our LAN which is running on same PC as DB.
As Gus mentioned, you can have layers of security configured using PASOE. I would thinik of below options to make my PASOE Instance secure.
1. Use HTTPS only configuration in PASOE and disable other ports.
2. To protect your Appserver from external access, you can configure a Load balencer(Apache,IIS or nginx) of your choice and configure the load balancer to access PASOE instance only from the Load balancer configured machine. You can also startup multiple instances and load balance across the instance to always have your application running.
3. Disable HTTPS and HTTP and use only AJP13 connector to communicate between Load balancer and tomcat
4. Use HTTPS + PASOE Security (take benefit of Authentication & Authorization patterns in PASOE)