WCF security best option for server to server communication over internet

When some ASP.NET applications, all on dedicated server开发者_如何学JAVA, need to communicate which security option is appropriate ?

Data to be transferred is small in amount; SSL, X509 certificate or any option is available.

The service should remain private between application servers. New server should be added to the cluster easily.

EDIT: All servers are communicating over internet (no VPN, no secure physical connection...)

---

For your particular scenario I would say Transport Security with Certificate Authentication

However, it might be a good idea to peruse the different scenarios and options available.

---

I'd recommend Message Security once you are communicating over internet.

Take a look at the Juwal Lowl framework for WCF that can be very helpful

http://msdn.microsoft.com/en-us/magazine/cc163382.aspx#S4

And here some arguents in favor to Message Security

http://msdn.microsoft.com/en-us/library/ms733137.aspx