Help Center> API Gateway> Best Practices> Selectively Exposing Service Capabilities of a Data Center

Updated on 2023-04-06 GMT+08:00

View PDF

Selectively Exposing Service Capabilities of a Data Center

The backend services of APIG can be deployed in the following modes:

Deployed in a VPC and accessible only using private IP addresses.
You can create a VPC channel on APIG to enable network routing between APIG and the VPC.
Deployed on the public network and accessible using a public IP address.
Deployed in an on-premises data center and not accessible using a public IP address.
If you use a dedicated API gateway, you can set up a connection between your on-premises data center and the gateway.

This section describes the precautions for using APIG to selectively expose APIs of backend services deployed in a local data center.

Connecting a Data Center to APIG

Create a VPC.
For details, see the section "Creating a VPC" in the Virtual Private Cloud User Guide.

To allow APIG to access services in your on-premises data center, bind a VPC to your dedicated gateway, and establish a connection between the data center and VPC.

Figure 1 Creating a VPC
- Specify a subnet for your dedicated gateway.
- A connection can be used to connect a local data center to only one VPC. You are advised to bind the same VPC to all your cloud resources to reduce costs.
- If a VPC already exists, you do not need to create a new one.
Create a dedicated gateway.
For details, see section "Creating a Dedicated Gateway" in the User Guide.

Figure 2 Creating a dedicated gateway
Enable Direct Connect by referring to the Direct Connect User Guide.
1. Create a connection.
  Apply for a connection from your account manager. If you do not have an account manager, contact technical support.
2. Create a virtual gateway.
  The virtual gateway is a logical gateway for accessing the VPC bound to the dedicated gateway.
  
  Select the subnet that the dedicated gateway uses, to connect to the VPC. For details about the subnet, go to the gateway details page.
3. Create a virtual interface.
  The virtual interface links the connection with the virtual gateway, enabling connectivity between the connection and the VPC of the dedicated gateway.
  
  Configure the remote gateway and remote subnet as the gateway and subnet for accessing the open API of your on-premises data center. For example, if the API calling address of your data center is http://192.168.0.25:80/{URI}, configure the remote gateway and remote subnet as those of 192.168.0.25.
Verify the network connectivity.
Create another pay-per-use ECS and select the same VPC, subnet, and security group as the dedicated gateway. If the data center can connect to the ECS, the data center can also connect to the dedicated gateway.

Exposing APIs with the Dedicated Gateway

After you connect the data center to the dedicated gateway, you can expose APIs using the gateway. For details, see "API Opening" in the User Guide.

When creating an API, specify the backend address as the API calling address of your data center.

Previous topic: Selectively Exposing CCE Workloads

Next topic: Exposing Backend Services Across VPCs