We're in the middle of migrating an e-commerce integration from using batching to messaging (MSMQ). The e-commerce application itself is hosted on a web server that is not in our domain. The machine processing orders is in the domain in our LAN. The e-commerce app will write to a local MSMQ when an order is placed. Our order processing component should connect to this queue and read messages from it. We are not using WCF for this.
If it were up to me I'd either ditch MSMQ and go with RabbitMQ or put a vpn client on both machines like Hamachi.
I know that MSMQ can use HTTP as a transport via IIS. However I can't seem to find much documentation on how to set this up securely. Is it as simple as turning on one of the authentication options in IIS? I would prefer to use basic auth as we plan on doing this over HTTPS. After that, how to send credentials from the order processing component?
MSMQ supports HTTP and HTTPS. For details, see http://technet.microsoft.com/en-us/library/cc785272(v=ws.10).aspx
Cheers,
Yoel
Related
I have a static website in Azure that's hosted using the blob storage account. I need to make requests from this website to services hosted in other domains. In order to handle CORS, I need to build a forward proxy server that handles the requests from client and forwards them to the requested service. Similarly, response from the services will be forwarded to the client. What is the recommended way to achieve this?
You can write an Azure Function (with consumption plan) using your favourite programming language. Just send requests from front end to the Azure Function, then once you get the reply from 3rd party servers, return it to the front end.
PS: use the Http Trigger binding
https://learn.microsoft.com/en-us/azure/azure-functions/functions-bindings-http-webhook?tabs=csharp
I am implementing some real-time, collaborative features in an ASP.NET Web API based application using WebSockets and things are working fine when the app is deployed on a single web server.
When it is deployed on a farm behind a software (or hardware) load-balancer, I would like implement the pub-sub pattern to make any changes happening on one of the web servers invoke the same logic to check and push those changes via websocket to the clients connected to any of the other web servers.
I understand that this can be done if there an additional layer using RabbitMQ, Redis or some such pub/sub or messaging component.
But is there a way to use DNS or TCP broadcast or something that is already available on the Windows Server/IIS to publish the message to all the other sibling web-servers in the cluster?
No.
But you can use MSMQ instead of RabbitMQ, but still that's not really going to help as it's a queue and not pub/sub so ignore that.
If it's SignalR you're using there are plenty of docs on how to scale out like Introduction to Scaleout in SignalR
Even if it's not SignalR then you can probably get some ideas from there.
I am using Rabbit MQ broker in one of mobile apps that we are developing, I am bit puzzled about security aspects. we are using cloud hosted rabbitmq and hosting platform has given us user name and password (which have been changed since) and we are using SSLconnection so not so much worried about MIM or eavesdropping.
my concern is anybody who knows host and port can make connection to rabbitmq, since we have mobile app we are storing rabbitmq user name and password on device (although encrypted) so I guess that anybody who gets physical access to device and somehow decrypts username password can login to rabbitmq, and once you are logged in you can pretty much do anything on rabbitmq like deleting queues etc..
How are MQ like Rabbitmq used in mobile environment. Is there a better / more secure way of using rabbitmq.
In my experience, it is best to not have your mobile app connect to rabbitmq directly. Use a web server in between the app and RabbitMQ. Have your mobile app connect to your web server via HTTP based API calls. The web server will connect to RabbitMQ, and you won't have to worry about the mobile app having the connection information in it.
There are several advantages of this, on top of the security problem:
better management of RabbitMQ connections
easier to scale number of mobile users
ability to add more logic and processing to the back-end, as needed, without changing the mobile app
creating a connection to RabbitMQ is an expensive operation. It requires a TCP/IP connection. once that connection is open it stays open until you close it. if you open a connection from your mobile app and leave it open, you are reducing the number of available connections to RabbitMQ. if you open and close the connection quickly, you are inducing a lot of extra cost in creating and closing the connections constantly.
with a web server in the middle, you can open a single connection and have it manage multiple mobile devices. the web server will handle the http requests and use the one connection to rabbitmq to push messages to it.
since an HTTP web request is a short-lived connection, you'll be able to handle more users in a short period of time, than you would with direct rabbitmq connections.
this ultimately leads to better scalability as you can add another web server to handle thousands more mobile app instances, while only adding 1 new RabbitMQ connection.
this also lets you add middle-tier logic inside of the web server. you can add additional layers of processing as needed, without changing the mobile app. change the web server code and redeploy as needed.
if you must do this without a server in the middle, you likely won't be able to get around the security issue that you're having. the mobile device will contain the necessary information to make the connection.
Hi We have a UI component deployed to Bluemix on Noedjs which makes REST service calls (JSON/XML) to services deployed in Data-center. These calls will go through the IBM Data Power gateway as a security proxy.
Data Power establishes an HTTPS Mutual Authentication connection (using certs that are exchanged offline) to the caller.
Although this method is secure it is time consuming to set up and if this connection is in setup for each service request it will create a slow response for the end user.
To optimize response time we are looking for any solution which can pool connections between nodejs app deployed on Bluemix and DataPower security proxy. Any one has any experience in this area?
In regards to "it is time-consuming to set up", in datapower you can create a multi-protocol gateway (MPGW) in front of your services to act as router. The MPGW will match services calls based on their URI and route them accordingly. In this scenario, you will only need to configure a single endpoint in the Bluemix Cloud Integration service in order to work with all your services. One downside to this approach is that it will be harder to control access to specific on-premise services because they will all be exposed to your Bluemix app as a single service.
In regards to optimizing response times, where are you seeing the bottleneck?
If the establishment of the tcp connections is causing too much overhead, you should be able to configure your Node.js app to use or re-use persistent connections via keepalive settings or you can look into setting up a connection pool that manages that for you (e.g. https://www.npmjs.com/package/generic-pool seems a popular choice).
On the datapower side, make sure the front/back persistent timeout is set according to your requirements:http://www-01.ibm.com/support/knowledgecenter/SS9H2Y_7.2.0/com.ibm.dp.doc/mpgw_availableproperties_serviceview.html?lang=en
Other timeout values in datapower can be found at http://www-01.ibm.com/support/docview.wss?uid=swg21469404
I am building a ASP.NET MVC3 application that will be running on a couple web servers. Instead of each server/app sending its own emails(Asnyc) per request, I would like to leverage something like MSMQ and send messages to an email server that would pick up the messages and send an email.
I have an idea of how to do this with a console app, windows service and MSMQ but was looking for some direction from anyone who has had success/experience implementing something similar. Any guidance, experience, technology, blog posts would be appreciated.
From what I see you're simply after an e-mail relay service. You could just use a dedicated IIS to do this for you. IIS SMTP has builtin queued mail relay functionallity. Preferably you want to cluster this IIS SMTP service for max. reliability.
Regarding the consideration in the article linked I can't see the difference between the users page process waiting for sending a message to an SMTP server and sending a message to a MSMQ.
I believe when it come to redundancy you'll find it much easier to set up a clustered SMTP service than clustered MSMQ.