A SOAP-Based Architecture

 

A management application can issue a SOAP request to one of the Traffic Managers in a cluster. The application might be running on a stand alone management server, one of the server nodes, or on one of the Traffic Managers themselves.

The application can issue the request to any of the Traffic Managers in a cluster. All Traffic Managers then automatically synchronize their configuration, so a configuration change sent to one Traffic Manager is automatically replicated across the cluster.

Security Considerations

The SOAP-based management application communicates with a SOAP server running on the Traffic Manager’s Admin Server (the Traffic Manager-based service used to provide the Administration UI), so the same security considerations apply:

•If a management network or IP-based access control is in use to secure the Admin Server, these will affect the locations that the management application can run from.

•SOAP traffic is automatically encrypted using SSL.

•The Admin Server authenticates itself with its SSL certificate, which is typically self-signed.

•You might need to ensure that your SOAP application accepts self-signed certificates, or install a trusted SSL certificate in your Admin Server.

•SOAP requests are authenticated using the credentials of a users who is a member of a group with “Control API” permissions in the Admin Server. To define a group, click System > Users > Groups in the Traffic Manager Admin UI.

By default, the “admin” group (which includes the user named “admin”) is the only group that is permitted to use the Control API. You can add this permission to other groups as required.

You might want to define a specific username for your management application to use so that you can track its activity using the Traffic Manager’s Audit Log.