Secure Shell, SOA Suite 12c

SSH Tunnel to access a remote server

Recently we started developing an SOA integration with SAP. The problem we were facing was that the servers where the Web Services from SAP were exposed, were only accesible from the machines where the SOA Suite was installed, but not from our local machines. Although we had access to the SOA servers from our computers, running a test was impossible to achieve:

failed-remote-server-access

At some point the validation/testing process became really tedious and complicated. That was when we thought about doing an SSH Tunnel. It would basically allow us to access the remote server (SAP) from our local machines through a “tunnel” and then be able to open the WSDL definitions on our browsers, directly test them on SoapUI, or whatever we might needed to do.

ssh-tunneling

The “easiest” way to do this, is with existing software like MobaXterm for Windows, or SSH Tunnel Manager for Mac. We only need to enter the required parameters and they will do it for us.

MobaXterm

mobaxterm-ssh-tunnel-config

SSH Tunnel Manager

ssh-tunnel-manager-config

 

In both cases the information to be completed is pretty straightforward, and that’s what makes it so simple. Once the connection is established, we would be able to get access.

The other way to do it is through a terminal. This is basically an ssh command, with a few more parameters to set. On windows it can be done from a local MobaXterm tab, or the Linux Bash Shell added on the Windows 10’s Anniversary Update, and from the regular terminal on OS X o Linux. The structure of the command would be something like the following:

ssh -N -p [ssh-server-port] [user-login]@[ssh-server-host] -L [local-port]:[remote-server-host]:[remote-server-port]

Replacing the text in the brackets with our actual values, it would look like this:

ssh -N -p 22 oracle@192.168.37.205 -L 10500:172.19.139.36:50000

Where:

-N     Do not execute a remote command. Commonly used for port forwarding.

-p     Port to connect to on the ssh server.

-L     Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side.

In my case, I’m on OS X, so the way for me to run was on terminal.

ssh-tunnel-with-terminal

We would be asked for the ssh server password, and once it’s on, it would hang in there until we manually close the connection.

In any of the cases, once the connection is established, we would be able to access the remote server (172.x.x.x:50000) from our local browser through localhost and the port specified (10500):

remote-server-access-explorer-ssh-tunnel

Running a test on SoapUI was possible too:

remote-server-test-soap-ui-ssh-tunnel

This actually saved us a lot of time and made things a whole lot easier. Hope it does for you too.

Advertisements
Standard
OAG 11g

Virtualize and protect Web Services in Oracle API Gateway 11g

Oracle API Gateway is a comprehensive platform for managing, delivering, and securing Web APIs. It provides Integration, Acceleration, Governance and Security for API and SOA-based systems. Some of the features for each functionality are:

Integration

Identity Management

Third-party Identity Management infrastructures integration to perform authentication and authorization of message traffic.

Scalability

Design to offer a highly flexible and scalable solution architecture. Administrators can deploy new API Gateway instances as needed, and deploy the same or different policies across a group of API Gateway instances as required.

REST APIs

REST support enables you to make enterprise application data and operations available using Web APIs. Converting legacy SOAP services, and deploy them as a REST API to be consumed by mobile apps is a great example.

Performance

Processing Offload

Offload the heavy lifting of XML from application servers and on to the network with high-performance core XML Acceleration engine (VXA), coupled with hardware acceleration.

Data Enrichment

Automatically populate content in XML and JSON documents from sources such as databases before they reach the consuming services.

Governance

Centralized Management

Web-based system management dashboard called API Gateway Manager provides centralized control of API Gateways and services in your domain.

Traffic Throttling

Protect services from unanticipated traffic spikes by smoothing out traffic. It also limits clients to agreed service consumption levels in accordance with service usage agreements.

Security

API Management

Secure Web APIs against attack and abuse and enables to govern and meter access to and usage of Web APIs

Audit Trail

Satisfy audit requirements by enabling service transactions to be archived in a tamper-proof store for subsequent audit.

Basic Architecture

We faced a requirement on a project where we had to expose our current OSB Web Services publicly through the API Gateway, which was in the DMZ.

I made a detailed video on how to achieve this virtualization on the API Gateway, as well as the implementation of a policy to protect them. All of this with Policy Studio, a policy development and configuration tool for remote administration.

Here it is:

For more information on the Oracle API Gateway, please refer to the Oracle Documentation.

Standard