Phidiax and team recently came across the opportunity to provide a service based payment solution for one of our client implementations. Phidiax team members Tom Canter and Nic Trajkovic devised a streamlined cloud based approach to achieve client requirements; a Service Oriented Architecture (SOA) Solution which includes an Azure based Façade service, with BizTalk Server on-premise. This approach was also showcased at AzureCon 2015
This solution quickly became a challenge during integration with vendors, like SalesForce and Bluefin. It became apparent that Azure Service Bus (the acting SOA facade layer) needed an additional flexible façade (Azure Web App) to ensure security standards and flexibility for less malleable integrating vendor systems
An approach to use Azure Cloud Web Apps to provide secure access to on premise services for vendors such as Salesforce and Payment processors. Essentially, we are enabling Hybrid solutions by utilizing our current on-premise Service Oriented Architecture (SOA) approach, and adding a cloud-based Azure Façade Layer to increase security, scalability, malleability, and interoperability.
Salesforce outbound messaging provides a codeless limited security model that doesn’t work well with the Azure ServiceBus Relay. Salesforce also provides Apex, a codeful integration tool, which adds to flexibility. In addition, Payment processors all have unique requirements to implement their unique security requirements.
This discussed approach moves the security boundary to the external Azure cloud edge of your hybrid environment, minimizing your surface area of attack, and capitalizing on Azure cloud horsepower and networks. This approach allows you to use Salesforce in a HIPAA compliant manner to reach your existing on-premise applications. This approach is also a general solution that extends to issues involving PCI compliance with Payment processing systems like Bluefin.
In general, this solution enables you to apply any method to secure your services at the Azure layer, allowing you to rely on the strength of the Azure security structure while extending your inbound API access to these internal services
Please see the below video for a demo: