Hi!
As far as I understand (after some readings), proteting an internal SAP BC server with reverse invoke means that two different SAP BC server must exist (the reverse invoke one in DMZ). However, I’m just wondering if it possible to use only one SAP BC server, which will have both functionalities ie internal and reverse invoke.
Assuming the answer is no, does anyone know which service to invoke in the reverse invoke server to send eg. a purchase order from the internal server to reverse invoke server.
Any help/advise on the topic will be very appreciated.
With best regards,
Damien
A Reverse Invoke server really does (almost) nothing to “protect” it’s Internal server. It’s purpose is to remove the need to open inbound (from DMZ into Internal network) connections. That allows the DMZs inner firewall to reject all (at least most) inbound connection requests, which increases the protection offered by the inner firewall, because it is the internal server that opens an outbound connection to the RI server in the DMZ. The idea is that allowing outbound connections is safer than allowing inbound connections.
(I say “almost” because there are a couple of things w/regard to certificates and “filters” that can be done on the RI server that actually do provide some minimal protection.)
A Reverse Invoke connection between an RI server and it’s Internal server only applies to inbound data. That is, data originating somewhere (typically somewhere on the internet), destined for the Internal server. The Reverse Invoke connection has nothing to do with sending outbound data. That is data originating on the Internal server and destined to somewhere else.
An RI server is an inbound proxy.
A Reverse Invoke server has “Proxy” ports, “Regular” ports and (typically) one “Registration” port. A “Proxy” port may only be a HTTP/S port. There is no such thing as an FTP proxy port. “Regular” ports are just normal Integrations Server ports and may be HTTP/S, FTP, or email. A “Registration” port is the port the Internal Server connects to on the Reverse Invoke server. The protocol of that connection is something called SOCK or SSLSOCK. All that matters about that it that it is a “pipe” through which data moves from the RI to the IS.
Since a Reverse Invoke server is really just a webMethods Integration server, there is nothing that prevents you from creating whatever service(s) you wish on the RI server. Having done that, those service can be invoked, by way of a “Regular” port, exactly the same way as services that reside on a “normal” Integration server are invoked. Therefore, your question about sending a “purchase order” is really, “How do I send a purchase order from one Intergration Server into a second Integration server, which will, in turn, send the purchase order to a third server (of some type)?”. The answer is that there are many ways to potentially do that, none of which have anything to do with “Reverse Invoke”.
BTW - I do not know if a single Integration Server can act as both a RI server AND the RI’s Internal server. I’ve never tried, but I can’t think of any configuration issue that would prevent you from trying.
What a great description of RI. Can we use some of this material to update the wMUsers glossary?
You cannot set the same server as a Proxy and an internal server. The moment you configure a server as an internal server it disbles the proxy ports.
Rob,
Thanks.
Please feel free.
I just wanted to thank you guys for all those explanations.
Regards,
Damien