OCI Load Balancer: Listener-Backend Port translation Part-I
Recently I have comes across a requirement, where customer has to place/pull files from Vendor’s SFTP server. Similarly Vendor’s will be placing files on Customer’s SFTP server and the number of Vendors is 30+ and this count may vary (increase or decrease) with time.
The ideal solution any Integration person would give is to Install Agent on Vendor’s SFTP Server (or) any machine which talks to that SFTP server (basically letting OIC traffic through Vendor’s Firewall). But, sometimes you may come across customers/vendors who won’t agree to install an Agent on their Machines/servers. In such cases we would usually propose either of the 3 below architectures.
NOTE: There is more to why we have proposed OIC’s SFTP server as we have to perform few more actions on the incoming file to OIC SFTP server.
I have created two blogs for this so that it won’t be lengthy and boring. The second blog here, explains on how to setup Load Balancer with multiple listeners with different port on every listener and different port on backend.
Whitelist OIC Outbound IP at Vendor side
In this method, vendors will be aware of the OIC outbound IP.
Install OIC Agent on a VM in OCI and route traffic to Vendor via that VM
In this method, you will have to maintain the Linux VM.
Keep Load Balancer infront of Vendor’s SFTP server
In this method, vendors have to whitelist Load Balancer IP.
Now, let us take our use case with three vendors and see how we can access them from OIC using a Single Load Balancer.
From the above architecture it is clear that for accessing Vendor SFTP server from OIC through LB, flow would be as below:
Vendor1 SFTP server → OIC Connection on Load Balancer IP (Host) & Port (1000), will call Load Balancer which will hit Listener1, whose backend is Vendor1 SFTP on Host 192.29.105.170 on port XXXX.
Vendor2 SFTP server → OIC Connection on Load Balancer IP (Host) & Port (1001), will call Load Balancer which will hit Listener2, whose backend is Vendor2 SFTP on Host 138.1.118.90 on port YYYY.
Vendor3 SFTP server → OIC Connection on Load Balancer IP (Host) & Port (1002), will call Load Balancer which will hit Listener3, whose backend is Vendor3 SFTP on Host 204.216.200.217 on port ZZZZ.
The advantage with this approach is, in future if there is a change in Vendor SFTP Host or Port, we need not touch the OIC connection instead we can change the backend of Load Balancer only.
Now, let us take our use case with three vendors and see how Vendors can access OIC SFTP server to place files with no knowledge on who the other vendors are or access to the files other vendors are placing.
NOTE: Please check this blog to know how to setup Load Balancer as per the above architecture i.e., multiple listeners with a different port on listener and different port on backend.
In OIC, we will create individual users for Vendors so that there will be a separate directory created for them and only they can access that directory/files in it. We can also enable vendor access to OIC SFTP server with a different SSH key over password for additional security.
NOTE: Oracle Integration Cloud (OIC) comes with a free SFTP server capacity of 500GB. So, customers can cleanup the space at regular intervals moving old files to Object Storage or deleting based on the need.
!!Happy Reading!!
