Monday, May 26, 2008

Reverse invoke / Reverse server

While browsing the latest SAP PI 7.1 documentation, I came across the latest doc of the SAP WebDispatcher. The WebDispatcher is a sort of reverse proxy that is very useful to restrict access to certain URLs of a web application server. The latest version of the WebDispatcher also supports "reverse invoke" or "reverse server".

A "reverse server" consists of 2 cooperating servers with a firewall blocking inbound connections. The server on the "inside" makes a number of connections to the server on the "outside". When the server on the outside receives a request, it forwards this request via one of these connections to the server at the "inside". The nice thing of this whole setup is that the firewall can remain closed.






"Reverse invoke" functionality is e.g. also available in WebMethods, where 2 integration servers cooperate. But is there any open source (Java) implementation that does something similar? Maybe a simple alternative is a small JMS server on the server at the "outside"?

1 comment:

-rr said...

Hi Guy!

I have just the same question (and discovered the same two standard software solutions - if they are substantially different at all: the webObjects Integration server is sold by SAP as "SAP business connector", maybe ).

JMS might be an option - for webservices, you can use an ESB to transform the HTTP request in JMS messaging. This works pretty well without programming, see e.g. the Apache synapse sample #250 and #251. But: an ESB is a heavyweight component, using it in the DMZ may raise further security questions.

A simpler solution similar to the SAP web dispatcher should be more performant, consisting of a "reverse invoke server" in the DMZ acting as proxy for the target web server in the inner net, and a "reverse invoke daemon" which establishes the connections from the inner net to the "reverse invoke server" and forwards the request to the target HTTP server in the inner net.

I am still looking for such a solution - please blog if you discover an open source implementation.

Robert Rudolph