Hey of us, I am right here to hunt some assist about an issue I at present have in my firm archtecture.
My enterprise has a specific circulation the place I’ve to gather knowledge from my purchasers databases, retailer in my infrastructure, proccess this knowledge and generate experiences to ship again to them. The whole lot works high quality, we now have a clientApp that’s working inside their infrastructure, with entry to their database, and this app sends info to our APIs through https. Stunning.
My downside is that if the shopper restarts the VM that we use inside their infra, my app has to re-authenticate to stabilish communication with the API, and immediately that is being completed manually. After I say manually, it is actually what you’re considering, join through RDP, begins the service, present credentials, and it is linked. I wish to change that to a extra computerized method.
Beginning the service robotically is simple, I’ve many choices. The factor is that, as it’s a machine supplied by the shopper, in some situations it’s shared with different workers/corporations offering providers, subsequently I think about it as being an unsafe atmosphere, that means that anybody with entry may copy my information, decompile binaries, and many others.
I am on the lookout for an answer that might allow an computerized/semi computerized authentication methodology with out exhausting coding or storing some form of credentials to a file, for instance. The answer I got here up with is to make use of another info like a mixture of IP handle, MAC handle, machine title, and many others and put this clientApp occasion right into a “Pending approval” state. Then I can simply construct a webapp to visualise, validate and approve/reject the authentication. This is able to be a semi-automatic methodology, means simpler than connection through RDP to 20 completely different machines to start out the service.
This resolution is flawed as a result of all of this info like IP handle, machine title, and many others will be spoofed and replicated.
Any assist and additional questions are appreciated, I hope I used to be in a position to clarify clearly the issue.
Thanks!
