In our business scenario, there are a few implicit requirements:
- We should be able to use existing infrastructure without adding new hardware/servers.
- We should be able to expose all services using only one endpoint, which is the gateway. Furthermore, we expose the services as standard HTTP port 80 while the actual ports for our internal services are not disclosed.
- We must have the least number of holes in firewall for all services, ideally the number would be one.
- We should have a consistent and clean URL pattern for all services. For example: http://greatplace.org/Services/thisService?param1=x and http://greatplace.org/Services/thatService/, etc.
- We may also use this gateway to expose other resources than web services, e.g. reports.
- The server farms can support different authentications, e.g. reports farm does not allow anonymous access.
- The solution must be reliable and easy to maintain though load balancing and redundancy are not big concerns at present.
So first we create two server farms, add servers (and port mappings if any) in each farm:
For the Reports Farm, we would like the original URL http://internal.server.ip:port/Reports/Pages/Report.aspx?ItemPath=SomePath to be routed to the servers in the reports farm with the exposed URL being http://external.server.ip/Reports/Pages/Report.aspx?ItemPath=SomePath, so the rule is like:
For the Services Farm, we would like the original URL, e.g. http://internal.server.ip:port/Services/Service1/Odata.svc/Products(5) to be routed to the servers in the services farm with the exposed URL being http://external.server.ip/Service1/Odata.svc/Products(5), so the rule is like:
And there we go. We can then configure the load balance and caching stuff as usual. It's awesome that ARR provides such great flexibility and capability in IIS.