Network Deployment Guide

This topic describes the various scenarios possible for deploying the gateway within a network. For increased organizational security, CA Technologies recommends separating service networks from management networks.
gateway83
This topic describes the various scenarios possible for deploying the 
Layer7 API Gateway
within a network. For increased organizational security, CA Technologies recommends separating service networks from management networks.
The following scenarios are described:
  • Single domain network:
    All network communication is handled within the internal management LAN ("eth0").
  • Two domain network:
    Two networks are used:
    • Wide Area Network representing the public LAN ("eth1")
    • two internal service LANs ("eth2" and "eth3").
  • Three and four domain network:
    Three or more networks are used:
    • Wide Area Network for the public LAN ("eth1")
    • internal management LAN for the private side ("eth0")
    • one or two internal service LANs ("eth2" and "eth3")
Single Domain Network
Use the single network configuration in scenarios where there is no need to separate management from message and back end traffic. For example, the Gateway is used for proof of concept, development, and testing setups, or in an ESB deployment. In this configuration, all networking occurs within the internal management LAN (eth0).
The single network configuration is simple and straightforward, but is not a common production deployment.
The following diagram illustrates the components within a single network configuration.
Network deploymentsingle domain network
Network deploymentsingle domain network
Two Domain Network
The two domain network is used in more complex layouts, where the service consumers are separate from the services that are protected by the Gateway cluster. In this layout, the services and resources are connected to the internal service LANs (eth2, eth3)
,
while the "public side" is connected to the WAN (eth1).
This layout assumes that no workstations on the public side are allowed to access management functions. You can use a load balancer on the public side to provide load sharing and high availability.
The following diagram illustrates the components within a two domain network configuration.
Network deploymenttwo domain network
Network deploymenttwo domain network
Three and Four Domain Network
In high security environments, management workstations are separated from services networks. In this multi-network setting, the "public side" is expected to have a load balancer and be on the WAN (eth1)
.
The management network is on the internal management LAN (eth0). The service networks are on the internal service LANs (eth2, eth3). This means there is no direct access from management nodes to the service systems, except through the Gateway cluster.
The following diagram illustrates how to separate web services from corporate resources using all four network interfaces.
Network deployment three and four domain network
Network deployment three and four domain network