Gatekeeper cloud design pattern

The gatekeeper cloud design pattern protects an application by placing all services behind a single facade, similar to a firewall.

Benefits

  • All services and data are private and hidden behind a single public endpoint, which significantly reduces the attack surface.
  • Request validation and malicious communication rejection is implemented in a single place.
  • The backend services can be optimised and scaled to handle legitimate requests only.
  • If any breach does occur, the exposure is limited to the sensitive information on the gatekeeper itself, which should be kept to a minimum.

Issues

  • The gatekeeper is a single point of failure for the entire application, and must be appropriately managed for high availability and redundancy.
  • The gatekeeper may affect performance by increasing latency, increasing load and introducing a bottleneck.

 

Azure example implementation

  • Place all backend services in a private virtual network.
  • Place the web app endpoint in an App Service Environment which includes an Application Gateway, from which we can make use of the Web Application Firewall which blocks many common security vulnerabilities.

gatekeeper

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s