Considerations for Securing Commerce Communication Channels Using SSL
This topic provides secure communication information to consider when planning a deployment. Information in this topic includes:
Recommendations for Secure Communications in Commerce Server 2009 R2 Deployment
Performance Considerations When Using Secure Socket Layer (SSL)
The information contained in this topic assumes that you have a strong knowledge HTTP transport security.
For a secure deployment to a production environment, the use of certificates signed by a certificate authority (CA) is recommended.
Recommendations for Secure Communications in a Commerce Server 2009 R2 Deployment
In a secure Microsoft Commerce Server 2009 R2 deployment, communication channels must be configured to use Secure Sockets Layer (SSL) for HTTP transport security.
The following table lists commerce communication channels where transport security is recommended for a secure deployment.
Commerce communication channel |
Suggested binding type |
Note |
|---|---|---|
Between the Web server and the client browser. |
IIS 7.0 SSL binding with transport security |
Configured in IIS 7.0 |
Between WCF Routing Service endpoint and the Silverlight application client |
WCF BasicHttpBinding with transport security |
Applies to two-tier and three-tier commerce deployment. By default, the Commerce Server Business Administration Ribbon available on the Solution Storefront does not provide transport security. |
Between the a Commerce Foundation operation service endpoint to the SharePoint STS |
WCF namedNetPipeBinding with transport security |
Applies to Microsoft SharePoint 2010 two-tier commerce deployment only, where an operation service used for communicating with the STS runs in service mode. |
Between the Commerce Foundation operation service endpoint and the Routing Service. |
WCF ws2007FederationHttpBinding with Transport security for message credential |
Applies to three-tier commerce deployment only. |
Between the Web application and the Commerce Foundation Operation service endpoint. |
WCF wsHttpBinding with transport security |
Applies to three-tier commerce deployment only. |
Between the application server and the commerce databases. |
Although this connection does not use WCF bindings, SSL encryption is recommended. For more information, see How to Configure Secure Communications with the Commerce Server Databases |
Applies to three-tier and two-tier commerce deployment. |
For configuration details and examples, see Securing Communication Channels.
Performance Considerations When Using Secure Socket Layer (SSL) for Secure Communications
To minimize the negative performance impact that SSL can have on your e-commerce solution, SSL offloading is recommended on the Web front end. For information on how to configure Commerce Server 2009 R2 to work with an SSL offloader, see Using an SSL Offloader for Performance Improvement.
See Also
Other Resources
How to Configure SSL Between the Silverlight Web Business Tools Client and the Routing Service
How to Configure SSL between a Commerce Application and a Commerce Foundation Endpoint
How to Configure SSL between the Routing Service and the Commerce Foundation Endpoint
How to Configure Secure Communications with the Commerce Server Databases