So you want to secure the XML traffic going from StoreFront to your Controllers (Brokers)… I think that's a good decision!
In many enterprise level deployments I encounter the following are true:
- They want to Secure XML – the transaction between StoreFront and the Controllers that contains user information. It's obscured over plaintext but SSL is always better!
- They DO NOT have IIS installed on the Controllers (as in, no Director or StoreFront roles installed) to keep services isolated and lower the attack surface.