- Public: PassS environment leveraging Softlayer virtual servers on Internet, quicly productive with architecture multi tenant.
- Dedicated: Is your own exclusive Softlayer environment yhat’s securely connected to both the public Bluemix and your own network (VPN) or a direct network connection with architecture single tenant.
- Local: In on your own datacenter with OpenStack or VMWare, is more expensive for the process capability that require for bluemix, with architecture single tenant.
On bluemix, your organization could find service across for mobile, IoT, Watson and other services for other kind of applications.
Your organization need to evaluate and choose what critical components, can be run on the Public Cloud, Private Cloud or maybe on your own datacenter.
For example, for a mobile application that could be consume services provided by the different components deployed on NodeJS, java or other on bluemix through the communication protocol HTTP (REST).
¿What do you need?
- Reuse all that you have on your solution/organization an project.
- Choose the appropriate micro-services.
- Ensure the security of your business.
- Auto-scaling, High Ability (HA) and all related with alternatives, decisions, restrictions of the architecture.
Example High level Solution Architecture with micro-services
Proxy: Component developed in NodeJS, which functions as a gateway mobile applications, manages incoming requests, referring them to the internal component responsible for processing, through the services or operations configured in API Management. In addition, this server is responsible for masking data and keep in cache (quickly access), using Cache.
Cache: bluemix service that do the masking information to the end user, to ensure security in the public cloud, so that different identifiers maintained in session can not be traced, preventing them can access information from intruders. Also, this service charge to maintain recent and frequently consulted for faster data access.
API Management: bluemix Service that manages and consume services that are exposed in the public cloud, on the other deployed components bluemix.
Database: Service database bluemix (DBaaS), in which all the information managed by the components deployed in bluemix persisted.
Workload Scheduler: bluemix service that allows, through previous configuration automatically make calls to REST services.
The other components depend of infrastructure client, buy in general there are many layers of security before to arrive to applications as a Firewall, Identity Provider, gateways, ESB, applications, etc. For example, on bluemix you can integrated to a Federate authentication on the customer.
I just started using the IBM Bluemix technology, from a BlueMix standpoint, it uses S390 processors (mainframe), so the docker configuration is pretty extensive. However, if the user selects classic mode, then they will have access to Intel processors. In addition, the problem I found with the setup is based on the SG (Security Groups). If you select Classic -> Network -> Security Groups, the user then selects the server and both interfaces, it will not allow the connection (allow_http, allow_https, allow_outbound, allow_ssh, etc). The user needs to go to Classic -> Overview, select the interfaces and select the SGs (associate the SG with the with the public interface). There seems to be a problem with the design but after working through it, it seems to work, there were just some concerns in the beginning.
ResponderEliminarI impressed but it will take some time to get a feel for everything, but once the user goes through the setup issues with the interface (I have configured Terraform for this as well), then the system works pretty well.
Also, I have noticed a large number of external users trying to access the system (remote users performing nmap scans), we captured this using the logs, our findings were pretty substantial, IBM needs to do better overall job from an overarching security standpoint. (they do have a firewall, but the SGs work fine as well). One thing we noticed, there needs to be a dashboard that provides a SIEM type of review or analysis found on the left frame of the window (I do think that is missing, Azure, AWS, or Google have a handle of that).
But with anything, there are shortcomings but it does work pretty well.
Todd