I'm currently at the drawing board of a new service cloud we're building with a service oriented architecture. The idea is like this:
The question is if this setup is possible with a PaaS (preferably Heroku or Google App Engine) with the main issue being to have multiple services that are non-public but at the same time accessible from different applications (BL).
Basically: How to protect the services from public access (preferrably without auth and tokens) but at the same time let any of my applications reach them?

Oracle SOA Cloud Service provides a PaaS (Platform as a Service) computing platform solution for designing, deploying, and managing composite applications in the cloud.
Only Oracle SOA offers the ability to move existing, on-premises integrations and composite applications to the cloud as-is with Bring Your Own License (BYOL), and the ability to create modern integrations with Oracle Integration. Find a certified integration system integrator.
While SOA is a flexible set of design principles used during the phases of systems development and integration that when deployed, will provide a loosely-integrated suite of services that can be used within multiple business domains, a cloud-based service is an internet-based computing solution where resources, ...
The relationship between cloud computing and SOA is that cloud computing provides IT resources you can leverage on demand, including resources that host data, services, and processes.
You might want checkout WSO2 Cloud. it consists of an App Cloud and an API Cloud. For your scenario there you can isolate your service cloud with WSO2 API Cloud. You can expose your service cloud fronting WSO2 API Cloud and providing some APIs only to your tenant domain.In WSO2 App Cloud you can deploy your publicly accessible applications, which can consume the service cloud APIs which are isolated to your domain.
Moreover to the solution WSO2 App Cloud is not only hosting, it provides you a development platform as well. You can develops services and apps from scratch. It provides you build facilities, database provisioning, an editor etc.
Both of above clouds have the auto-scaling capability (you don't need to worry about it). App cloud provides you a development, testing and production environment to manage your apps/services lifecycle.WSO2 API Cloud allows you to not only create, manage, and publish your APIs within the developer community, but also enables you to share them in the Cloud
More information can be be found at https://docs.wso2.com/display/AppCloud/WSO2+App+Cloud+Documentation https://docs.wso2.com/display/APICloud/WSO2+API+Cloud+Documentation
Note that WSO2 Cloud is a beta service at the moment.
Disclaimer: I work for WSO2 Cloud.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With