App to App communication in Cloud Foundry - node.js

Assume you want to deploy 2 apps of which one provides some API to the second application.
With services I'd just bind the service (or declare it as dependency in my manifest) to my application and hence get the information regarding host, port and credentials passed to my application (e.g. via env variables in node.js). Is there a similiar mechanism for application to application "communication"?
So far my approach is to use a RabbitMQ service (or any message broker/queue) which both applications are bound to and which I then use for cross-app communication.
Thanks!

Using a message broker, as you do, is definitely a viable solution. This allows for asynchronous communication. Yet you will have to take care of authentication yourself, as opposed to app <-> service communication, where authentication/authorization is established through through cloudfoundry service binding.
Another way would be to use a service registry for this. Both apps would register with the service registry and be able to discover each other.
You could try spring cloud service registry (Eureka) or consul. As for your message broker solution, this will not generate credentials for your apps, as a cloudfoundry service binding does.

From your use case, for microservice to microservice discovery, you need Spring Cloud Services and Eureka.
I don't have much experience on nodejs. But some googling, will give you some articles. Here's one that may help you - https://www.npmjs.com/package/eureka-js-client
This article will give you an overview from Java and Spring perspective - https://spring.io/guides/gs/service-registration-and-discovery/.

Related

How to implement service discovery in nodejs?

Can somebody please explain how to implement service discovery with nodejs without any frameworks. only with nodejs and express.
All I can found it how to implement this with frameworks like sprint boot (which i don't want to use) on youtube.
What Steps I need to do to implement this. it very will help if example of the implementation.
A service discovery service is a service that provides endpoints to manage URLs or IPs of other services in the same environment. It's good practice because it allows to decouple services from each other. Reason is that with a service discovery system, services do not need to store each other's URLs or IPs. These values can simple be fetched from the discovery service. URLs or IPs can then also be updated at runtime (still with a grace period of course).
A very basic service discovery service would provide endpoints to
register a service instance,
to unregister a service instance, and
to lookup registered instances.
Translated to HTTP verbs:
POST /service/:name
DELETE /service/:name/:id
GET /service/:name
This of course does not take into account,
authentication and authorization to prevent unwanted manipulation
health checks to make sure that all registered services are actually alive and healthy
and how to set up storage so that the service is fast and scalable.
Though, it should give an idea on where to start. Generally i'd advise to use a proven solution like i.e. https://www.consul.io/

Azure as a proxy for application

We need to develop integration between ERP (Dynamics Nav) and cloud-based telephony provider.
The provider needs to have an endpoint published and accessible from internet but for security reasons it is not possible for us to allow inbound connections to our network. I think it should be possible to solve this by hosting small application in Azure which will serve as endpoint for telephony provider and to which ERP will connect as outbound persistent connection. The app will just forward requests to ERP.
Since I'm new to Azure the question is what of azure capabilities I could use to solve the task aside from hosting actual VM with application there?
I've just implemented the same using Azure Service Bus.
The VOIP system is putting a small JSON with call details after the end of the call and I'll get the messages from the Service Bus Queue from NAV.
The code is not complicated at all the whole solution is simple and cheap!
Let me know if you want to know more (= you need the code).
Cheers!
Azure AD has the concept of an "application proxy" that will open internal applications up using a connector that runs on prem. This doesn't require inbound ports and is protected by Azure AD authentication.
It's intended more as a user-facing way to get access to Legacy applications, although I don't see why it couldn't be used for integration as well.
https://learn.microsoft.com/en-us/azure/active-directory/application-proxy-publish-azure-portal
Otherwise, you could link an Azure Site to Site VPN up and use a service like API gateway to manage connections though this is more complicated.

How to manage nodejs microservices without service discovery?

We are developing microservices in NodeJS and deploying them to an Application server. These services run on random port which is set in config file programmatically. I know these services could be managed using service discovery like Eureka / Consul and similar. However, is there a way to manage them without using any service discovery.
However you call it, you will need a central place where services will need to register their host and port (and deregister when they shutdown gracefully), so that others know how to consume them. You can use a database (SQL/noSQL), Eureka, Consul, anything that will give you "put data" and "get data" capabilities.
Benefit of solutions like Eureka and Consul are built-in health checks and removing service from the registry if it fails them.

Service to service authentication in AWS - what are the best practices?

At the firm I am working currently, we have a lot of microservices, currently, most of them are deployed to Azure. In Azure, service to service authentication is simple: Azure Active Directory is an authorization server, and the service can request OAuth 2 tokens from it using either client credentials or client assertion (with JWT) flow. Then, the service can use this token to authenticate to other services.
In the last few months, we started moving some of our services to AWS. And this makes me wonder - is there an alternative to Azure Active Directory? I could not find something myself, so I thought it is better to ask: What is the recommended way to implement service to service authentication outside Azure? I know you can use Azure Active Directory also outside Azure. I am asking that because I guess there must be other tools out there, maybe with easier integration with AWS.
I didn't mention any programming language (we are using mainly C# here, and a little NodeJS recently) because I feel this question is language-agnostic - I will prefer solution that works well with many languages.
Thank you,
Omer
Amazon has AWS Directory Service.
It's Microsoft AD in AWS Cloud.
I wouldn't know of any AWS services that'll help you with that exact use-case. However, you could solve this by exposing two ports in the application; one for internal requests and one for external. You can use security groups to shield off the internal port for requests from the internet.
Another option that might involve more changes to your setup is to use a gateway. This pattern is used a lot for microservices, an elaborate description can be found e.g. here. The basic concept is that all outside (internet) requests go through a gateway service that allows certain routes and disallows certain other routes. In cases where users have to login, the gateway will usually handle the authentication.

Windows Azure: Consuming Third Party Web Service

I have searched a lot on this topic but didnt get any satifactory answer.
In Windows Azure how can we consume an external (third party) Web Service from the worker roles? Is it as simple as using a web reference in the solution or is it necessary to use Azure Service Bus?
It's as simple as calling the webservice using whatever method you need (REST, SOAP, etc.). For .NET developers using .asmx or WCF SOAP services, just generate the proxy like you normally would. In this model, there is no difference between what you do onpremises when the cloud is the client.
You would look at using the ServiceBus when you are hosting your own services (as opposed to consuming them), typically behind firewalls onpremises, and you want to give secure access to them or integrate them into cloud scenarios. There are other scenarios and capabilities of course, but that is a main one. If you simply want to consume another web service, the ServiceBus has nothing to do with that.
As long as the 3rd-party web service endpoint is reachable, use it the same way you'd use it from an on-premises server. If you need to connect to a service endpoint behind someone's firewall, then you'd want to consider AppFabric Service Bus.
Just remember that you'll be paying for bandwidth out of the data center (unless the 3rd-party web service is Windows Azure homed, and in the same data center).

Resources