Hi, i would like to ask about good practices or the advantages and disadvantages about this solutions:
In case you have Apigee X deployed in a project in GCP following the idea that @miguelmendoza explains in his article in the forum or @strebel in this another article.
My main doubts are related to how the certificates has to be dealt, i mean. In the example, the shared vpc has a vpn connection that connects gcp env with on-premises/another cloud env.
The apigee Proxy will point to the url of the backend https://backend.example/service , my question is is recommended to do the configuration of the SNI in the apigee?
Or is better to create a load balancer to manage the sni headers and redirect to the proper backend?
Hi @Tropicar , thank you so much for your question and for your patience! We’re closely following this conversation and ensuring you get a response. In the meantime, we’d like to invite other community members to share their insights.
In almost every case the recommendation would be to Use Load Balancer to Manage SNI
• A load balancer like Google Cloud Load Balancer can handle SNI, route traffic, and perform SSL termination. This provides a centralized place for managing certificates.
• Simplifies backend changes. If the backend URL changes, you only update the load balancer, and Apigee continues pointing to the load balancer’s URL.
• Better for environments with multiple backend services or environments requiring advanced routing logic.
• Can enhance scalability and reliability by leveraging the load balancer’s features, such as health checks and failover.
If you want to use Apigee to do the SNI, you can achieve that by using Host Headers for southbound calls.
