NServiceBus gateway for cross site sending

1
votes

I have a few servers that are within different DMZs. Each of these servers will be running a few NServiceBus services and/or a web application which sends messages. I'll need to be able to send messages across the different sites a lot of the time. Opening the required ports poses a security problem our network admin is not willing to compromise on.

I've had a look at the NServiceBus Gateway. ( http://docs.particular.net/nservicebus/gateway/ ) I do think that this is going to be a good solution. However my I'm not exactly sure on the best way to implement it.

Consider a network consisting of multiple services where multiple messages will need to be sent across the sites. Is it best to create an additional service on the same server which handles all messages coming from within that network or to let each service manage it's cross site sending?

Thanks

2
nservicebus
Are your DMZs physically distributed (geolocation wise) and/or do they represent different departments in your company (therefore different responsibilities)?Daniel Marbach
Why doesn't your admin allow MSMQ over DMZ? In the end it is an application protocol which can be secured and stateful inspected as every other. As long as there is no connection from the DMZ into the intranet this is perfectly safe.Daniel Marbach

2 Answers

1
votes

The nservicebus gateway is a viable solution. Although you must consider the following: the gateway like everything in NSB is also oppinionated. It only allows send semantics over it. You also need to carefully design your SOA service boundaries. Cross site communication should connect logical services which are physically seperate on mutiple sites. Communication going over the gateway should have significant business importance but not be very chatty (because cross site is very expensive operation).

0
votes

The gateway does require you to open ports to at least allow incoming http communication.