Secure Deployments with TIBCO Rendezvous
Overview of secure communication using the Rendezvous secure daemons.
The Apache module of the TIBCO API Exchange Gateway is enhanced to support the secure communication using the Rendezvous secure daemons, rvsd and rvsrd. For detailed information on secure daemons (rvsd and rvsrd), see Chapter 6, Secure Daemons in the TIBCO Rendezvous Administration Guide.
For the DMZ (De-Militarized Zone) setup, the Apache server runs on the machine outside the firewall and the Core Engine runs on a machine inside the firewall. The following options are available to run the Apache server:
- Option 1: Run the Apache server on the same machine where secure rvsrd (or rvsd) daemon runs.
- Option 2: Run the Apache server and secure rvsrd (or rvsd) daemon on different machines. In this case, the Apache server acts a client to connect to rvsrd (or rvsd) daemons. If the Apache server and rvsd daemon are running on the machines in the same subnet, rvrd configuration is not required to connect from the Apache server to rvsd. However, if the Apache server and the rvsrd daemon are running on machines in different subnets, you must configure routing daemon between the two machines (one with Apache server machine running rvrd and the other machine running rvsrd).
The Core Engine runs on a machine in a secure network inside the firewall which has rvrd running. Configure rvsrd(running on a machine where the Apache server runs in case of Option 1) and rvrd (running on a machine where the Core Engine is running) as neighbors. See TIBCO Rendezvous Administration Guide for configuration setup details of the Rendezvous daemons.
This chapter mainly explains the configuration details required for the Apache module to connect to rvsrd (or rvsd) daemons.
Figure Secure Deployment with Rendezvous illustrates an example deployment of the Apache module and the Core Engine in a DMZ setup where the Apache module communicates with the secure Rendezvous daemons. In this deployment, the Apache server and Rendezvous secure daemon (rvsrd) runs on the same machine, Machine 1. The deployment consists of the following components:
Components of Machine 1
- The Apache server. Refer to ASG_HOME/readme file for the supported version of the Apache server.
- The TIBCO API Exchange Gateway Apache Module. See Setting up and Configuring Apache Module for details.
- The TIBCO Rendezvous secure daemon (rvsrd). Refer to the ASG_HOME/readme file for the supported Rendezvous version.