API access management production deployment architecture
This production deployment environment shows an API access management architecture.
There are many considerations when deploying a production environment. For high availability and redundancy, the environment requires clustering and load-balancing. Load balancers are required as part of the networking infrastructure to achieve high availability by ensuring that requests are sent to available servers they are front-ending. Best practices in network design and security also include firewalls to ensure that only required ports and protocols are permitted across zones.
PingAccess provides high availability and basic load balancing for the protected web apps in the protected zone. For more information, see Managing load balancing strategies. |
The following environment example is a recommended production quality deployment architecture for an API access management use case.
The following table describes the three zones within this proposed architecture.
External Zone |
External network where incoming application programming interface (API) requests originate. |
DMZ |
Externally exposing segment where PingAccess is accessible to API clients. A minimum of two PingAccess engine nodes will be deployed in the DMZ to achieve high availability. Depending on your scalability requirements, you might require more nodes. |
Protected Zone |
Backend controlled zone in which Sites hosting the protected APIs are located. All requests to these APIs must be designed to pass through PingAccess. PingFederate is accessible to API clients in this zone. A minimum of two PingFederate engine nodes will be deployed in the protected zone. Administrative nodes for both PingAccess and PingFederate can be co-located on a single machine to reduce hardware requirements. |