Cloud Services GateWay (CSG) can be used to expose a private service to the public through a cooperate firewall (New in version 4.0). CSG consists of two parts:
- CSG Agent - This feature let you to add/edit CSG servers and publish/unpublished services to a remote CSG server. This feature should be installed in WSO2 Application server.
CSG - This feature runs on WSO2 ESB. It requires Qpid component to run on the system.
WSO2 ESB is delivered with an built-in Qpid server.
Once installed successfully, you can see the following log line on the WSO2 ESB log:
If the component starting fails, you will get a detail message why it has happened (most of the time because of missing Qpid broker component).
Most of the cooperate networks are secured with cooperate firewalls. There are services deployed in the private network that can only be accessed within the organization. If the user wants to access one of these services outside the organization, the firewall will not allow to do that. However, CSG can be useful in this situation.
When the CSG component is installed within ESB, the user can deploy a proxy service which will act as a front end for the private services. This minimal Proxy has a very specific feature. The Proxy will have a JMS endpoint and the private service (when published) will start listen to this JMS queue. This queue will use the CSG as the communication medium for the front end proxy and the back end private service.
The technique that is used to publish private to public is very simple. When you are within the firewall, you can access the outside but not from outside to inside. When you publish a private service, that service will act as the client and will always make the connection to internet from the cooperate firewall. Since the firewall allows connection from inside to outside, there is no problem to publish services and use them outside. Once published, a Proxy Service will be deployed on ESB that you can use.
The deploying Proxy has the following name: "private service nameProxy". For example, a back end echo service with the service name "Echo" will have Proxy name "EchoProxy."
Deployment of CSG
When installing CSG will be installed on WSO2 ESB and CSG agent will be available in all service hosting products.
When deploying CSG the private services which will be hosted on one of the service hosting products (such as AS, BPS, BRS, MS etc..) and will be deployed behind the corporate firewall. The ESB which contains the CSG component will be deployed in a place where publicly accessible.