We are trying to replicate the above architecture design. As I mentioned in my previous blog, 1st part of the same architecture here, this architecture can cater to most of the current industry demands where developers can orchestrate internal APIs or On-Prem APIs. They can secure internal APIs with the API manager instance which is running inside a virtual network and if a developer needs to expose APIs for the business needs for the 3rd party vendor, they can do that too by using an Application Gateway.
As Application Gateway is a layer 7 load balancer, we can decide what traffic we want to come inside and what to block.
In the first part, we created below resources:
- Virtual Network
- API Manager inside a virtual network with a specific subnet
- A Virtual Machine
- An API inside the virtual machine
- An API proxy on API manager and pointed that to VM’s API
- We also successfully tested our API internally from the API manager
Architecture Diagram:
Step 1: Create an Application Gateway resource
- Create an application gateway resource as mentioned below
- We want to keep very basic so won’t be selecting Auto Scaling or Availability
- Click next to put frontends details
- Create an app-gw-public IP and put a private IP in the same subnet 10.0.2.10
Click next to add Backends as mentioned below
- Give the Backend pool name
- apim-backend-pool
- API Gateway FQDN – api.demo.com
- Click next to add Routing Rules
Add routing rules and fill in the below details
- Add Rule
- Add Listener
- I am keeping it simple and using frontend with HTTP on port 8080
- Add backend target details
- Add Backend setting
- Once done it should be as below
- Click the tag and create it. We will configure for internal IP later or part 3
After adding the setting, one more setting is required which is important.
- Click on “Health Probes”
- Give “/status-0123456789abcdef” in path
- Choose the backend setting as HttpSetting
- Click Test and Add
- You can check the "Backend Health", it should be green if all is good.
Testing:
I am hitting the application gateway’s public IP address with an 8080 port from my machine and getting the expected result
This request is going via the Application gateway to the API manager to Virtual Machine (where we have created an API)
Internal Listener Setup:
Since Internal and External can’t listen on the same port, so using the 443 port and uploading a wild card cert for the same that I used in the API Manager custom domain, fill out below details
- Use Private IP in Frontend IP
- Port: 443
- Give any name in my case its gatewaycert
- Upload .pfx cert
- Provide password which was used during certificate creation
- Click on Add
Provide below routing details
- Choose Internal Listener this time
- Give priority number I have given 10
- Click Add
Provide Below details for the Backend Targets
- Choose same apim-backend-pool
- Choose same HttpSeting as our backend is going to be same
- Click on Add button
We have now configured everything, let’s test this out from the Postman
- Login to the VM that we have
- Try with Private IP Address this time, other URL parameter will remain same
- You can see the expected result as mentioned below
We have demonstrated that we can now access the Application gateway inside the virtual network. The above request is flowing through Application Gateway to API Manager to Virtual Machine
We now might have another requirement where we have to expose our APIs to the 3rd party vendor. for that, we have exposed our developer portal to the Internet so that our vendor can access those APIs. Let’s expose our developer portal on internet in our next blog here
No comments:
Post a Comment