Hi Security folks,
I need one suggestion related to configuring OHS reverse proxy in OIM HA environment. I have external and internal load balancer. My OHS is configured in DMZ area. It is reverse proxy to my Web Logic as well as OIM managed server. All managed servers (OIM and SOA) are in clustered mode. OIM self service is exposed to public, OIM admin console and weblogic admin console is only accessible internally. Although OIM admin console and weblogic admin servers are internally access both are coming from external load balancer. We have created Firewall rules so that both the URL's are only accessible internally.
Self Service URL which is coming from external load balancer is hitting OHS and OHS reverse proxy settings are resolving to my internal load balancer. My internal load balancer then resolve actual application server URL i.e. 14000/identity.
My question here is :: what is recommended to provide in reverse proxy setting i.e. Actual host name of my application server (OIM host name and port) or VIP of internal load balancer? and Why?
Regards,
Nitin Natekar