Mulesoft , Architectural suggession

Question

I have following architectural issues .

I have two tomcat servers . Each running few services. One of the server is deployed at DMZ and other one is behind firewall ( inside application landscape). I am in the process of deploying another server Mule ESB. Consolidating all the services and deploying it on single Mule EE server.

My question is what would be the right security strategy for implementing the services running on DMZ and other set of service running behind the firewall. Since i am consolidating my services running on DMZ and behind the firewall , and deploying it on ESB which is hosted behind firewall , is there any security issues you can foresee. if i remove services from DMZ and deploying it on behind the firewall , do you foresee any other issues like performance etc

Answer 1

As per the Security you can implement to have Certificates on your Services which you expose.There are also some API managements like Layer 7 which can be implemented.As per your question on performance, if wont affect much.

Answer 2

There will not be any security issues, also there wont be any performance issues.

Can you confirm where this Mule ESB server will sit - It must be behind the firewall. If yes then you can install on-prem version of API Gateway in DMZ location which will give you more security policies (comes by default with mule api gateway ) without building those at the service level.

Note, you can build your own custom policies for the Services which can be added through API manager for API Gateways and this can be developed by YAML/XML files.