We are evaluating mesibo for InApp messaging within our SaaS application. We would need OnPrem setup to comply to Data compliance requirements.
One clarity we would need on this regard is, when we switch from Cloud to Onprem setup still client side code continues to use https://mesibo.com url. In this case we believe all the traffic gets routed to our OnPrem server via Mesibo server.
Please confirm if this understanding is right? If so would there be any data residing on Mesibo server? This clarity is required for us to respond to our customers.
Thanks
No, once you enable On-premise, your client directly connects to your on-premise server. You can verify it using netstat utility. mesibo cloud will have no access to your data.
Refer to the following to learn more https://mesibo.com/documentation/faq/on-premise/#do-i-need-to-change-or-recompile-my-apps-to-run-with-mesibo-on-premise
Mesibo APIs support both cloud and on-premise. By default, it connects
to the cloud. However, if the app is configured to be on-premise, the
mesibo cloud will refuse to serve and will ask the client to connect
to an on-premise server, and will disconnect. Then onward, the client
will directly connect to the on-premise server and then all the
messages and calls will route to your mesibo on-premise server.
Related
I have a frontend app in Fargate (ECS) in a private subnet exposed to internet through an Application Load Balancer. My frontend makes API calls to my backend apps, also in Fargate, same VPC.
Users calls to my frontend are made via HTTPS, but my frontend communicates with my backend via HTTP (AWS Service Discovery - AWS Cloud Map). This way, the user browser is showing the error "blocked: mixed content" since half of the communication is made via HTTPS and the other half uses HTTP.
infra here
As far as I know and had been searching, it is not possible to use a SSL/TLS certificate with Service Discovery.
I've made a lot of researches and couldn't find something really useful. I also tried to create an internal load balancer for each backend service but the communication is timing out, it only works when I have a VPN connected.
What am I missing here? Do I need an internal load balancer in front of each backend service to attach a certificate between frontend and backend? What is the best approach to solve this?
Users calls to my frontend are made via HTTPS, but my frontend communicates with my backend via HTTP (AWS Service Discovery - AWS Cloud Map). This way, the user browser is causing the error "blocked: mixed content" since half of the communication is made via HTTPS and the other half uses HTTP.
The user's browser wouldn't know anything about this if the communication was happening between the front-end server and the back-end server. Apparently you have front-end client JavaScript code running in the user's web browser trying to access the backend server directly.
If you want to access the backend server directly from the user's web browser, then service discovery won't work, because service discovery is only for traffic that is inside the VPC. And of course by trying to use service discovery in this way you are also causing a security issue which the browser is correctly blocking you from doing. You will need to add another load balancer, or another listener on your current load balancer, that exposes the backend API to the Internet.
Alternatively you could use a reverse proxy like Nginx on your front-end server to send backend API requests to the backend service, and then have your client-side JavaScript code send all requests to the front-end server.
I'm currently developing an application for a client and their requirement is that the application needs in transit and at rest encryption. I assured that it was and was required to provide documentation for that. I referenced this documentation from Google Cloud's website. They replied by asking if my claim stands in light of the following section
Using a connection directly to a VM using an external IP or network load balancer IP
If you are connecting via the VM's external IP, or via a network-load-balanced IP, the connection does not go through the GFE. This connection is not encrypted by default and its security is provided at the user's discretion
My mobile application uses Firebase SDK to talk to the Firebase database and Firebase functions. I have no background in networking nor do I understand what is exactly being referenced here despite Googling the concepts. Is my data still encrypted? Does the above section apply to my use case?
No, that applies only to VMs and network load balancers. Both Cloud Functions (so long as you're using https for all requests) and the Firebase Realtime database encrypt data in transit.
I have a web app with a React frontend on Firebase that connects to a Django backend running on Google App Engine.
I have this setup duplicated for a "staging" environment. The problem is that anyone can access this staging environment.
I'd like to set this up so that you need to be on our VPN to access it.
Can someone point me in the right direction to setup this VPN and move the staging environment behind it?
If you are using Firebase Hosting I believe there's no other way to restrict the access and it does not have a firewall feature. You should use authentication method to restrict and limit who can access your web app.
In App Engine, you can restrict the access of your web server/application by using the following:
App Engine Firewall - #JohnHanley answer, control which using IP addresses can connect to the app.
Identity Aware Proxy - without using VPN you can limit who can access of your App Engine by using their user account. IAP is free but when used with Compute Engine, the required load balancing and firewall configuration may incur additional costs.
App Engine with Load Balancer - to secure and make your App Engine(Standard & Flexible) receives only internal and Cloud Load Balancing traffic
I'd like to set this up so that you need to be on our VPN to access
it.
You cannot limit access to just your VPN. App Engine is in Google's network and you cannot limit access based upon a VPN.
You can use App Engine firewall rules to control which IP addresses can connect to the service. Firebase however does not have firewall rules.
If the public side of your Internet router has a static IP address, then this is simple to setup.
I recommend using authorization to limit who can access your services.
In my application, I have to show the work items of logged in user. I have tried to pull work items of TFS from the application and It’s working fine on local server, but when it is deployed to the cloud server, it is not working and getting error message saying ‘TF400324 : The remote name could not be resolved’, as a cloud application is trying to ping internal TFS.
Is there any way to connect to internal TFS from the application hosted on cloud server ?
Many thanks in advance..
You can setup an Azure VPN tunnel between your cloud service and your internal network:
http://azure.microsoft.com/en-us/services/virtual-network/
Or you could expose your internal TFS to the internet:
http://msdn.microsoft.com/en-us/library/bb668967.aspx
Or you could use the Azure BizTalk Hybrid Connections to enable the communication:
http://azure.microsoft.com/en-us/documentation/articles/integration-hybrid-connection-overview/
After multiple tries, Service Bus Relay Binding is the one, to ping on-premise environment(internal tfs) from azure cloud server(web role).
The below link works like charm..
Service Bus Relay Binding
Hope It Helps to Somebody who has faced the same issue I've faced. Have Fun..
We are migrating from a dedicated server with a local virtual SMTP server to Windows Azure. As far as I can tell Windows Azure does not allow a local SMTP server to be setup in IIS. The SMTP Server option in the management console is missing. How would I setup an email relay so that I can have a .net web application send emails from a Windows Server 2012 virtual machine in Azure?
This is more like corollary to what #mcollier has stated. Given that you are already on Azure and you get 25,000 free emails (there are higher plans as well) with your subscription as well.
You can configure a Virtual SMTP server which relays to the sendgrid services. For the development perspective you will have the view of using your own SMTP server / service. Setting up a sendgrid based service is explained in this link.
I have used sendgrid earlier and my experience with this was amazing. As #mcollier has pointed out, using services like Sendgrid will give good chance of staying away from spam problem, if you try to setup and use the SMTP service of your own because of the reverse lookup etc.
PS: The above Virtual SMTP Server can be replaced with Amazon SES, which is equivalently a good service. Check out more info here.
First, assuming you're using a Windows Azure IaaS VM. Correct? If so, I think you need to enable that role/feature in Windows Server.
Second, why the need to send emails from that specific server? Would a service like SendGrid work? One problem people sometimes have with email servers in Windows Azure is the domain of your service (something.cloudapp.net) does not match your vanity domain when a reverse DNS lookup is performed. This could cause the email to be flagged as spam (since you don't technically own the sending domain, something.cloudapp.net).
I developed an direct relay application using the normal RFC email commands and lock that on my application, but strange that some test emails get delivered using the relay on windows AZURE VM, and all other mails are not getting any bounce response, and making a sense that every email is being delivering,
This is strange behaviour on azure vm.
so it means you can't send email using azure vm as a smtp mail server, if like to test then simply download promailer marketing manager from jsmtp.com