3. 3
The information in this presentation is confidential and proprietary to MuleSoft and may not be disclosed
without the permission of MuleSoft. This presentation is not subject to your license agreement or any other
service or subscription agreement with MuleSoft. MuleSoft has no obligation to pursue any course of
business outlined in this document or any related presentation, or to develop or release any functionality
mentioned therein. This document, or any related presentation and MuleSoft's strategy and possible future
developments, products and or platforms directions and functionality are all subject to change and may be
changed by MuleSoft at any time for any reason without notice. The information on this document is not a
commitment, promise or legal obligation to deliver any material, code or functionality. This document is
provided without a warranty of any kind, either express or implied, including but not limited to, the implied
warranties of merchantability, fitness for a particular purpose, or non-infringement. This document is for
informational purposes and may not be incorporated into a contract. MuleSoft assumes no responsibility for
errors or omissions in this document, except if such damages were caused by MuleSoft intentionally or
grossly negligent.
All forward-looking statements are subject to various risks and uncertainties that could cause actual results to
differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-
looking statements, which speak only as of their dates, and they should not be relied upon in making
purchasing decisions.
Safe Harbor statement
4. 4
● Slow network…No problem. Please disconnect and join back
● Questions in handy for the Q&A AFTER each topic.
○ Use the Q&A section in your Chat tab.
○ Address using @[Name] if you are addressing someone specifically
● Turn On your camera for Pictures before the Wrap up
● Troubleshooting in Bevy virtual https://help.bevylabs.com/article/499-troubleshooting-in-bevy-
virtual
● The meetup is recorded
Mic Check...
5. 5
● Introductions
● Product Updates
● Anypoint Studio and new Features
● CloudHub Demystified
● Interactive Quiz
● Picture Time
● Wrap up
Agenda
6. 6
●About the organizer:
○ Chinmaya Sahu
○ Ganesh Kumar
○ Sakthi
●About the speakers:
○ Christina Bauer
○ Igor Repka
Introductions
8. Anypoint DataGraph
8
Serve data from all your APIs to developers instantly
Unify APIs into powerful data services
Explore, unify and serve data from all your APIs into
powerful services, without new code
Consume many APIs a single request
Enable developers to consume multiple APIs at once
with a single, visually built GraphQL query
Reach new levels of productivity
Replace custom code for many API requests with a
managed service that requires no maintenance
9. A graph of APIs unlocks new efficiencies
Product Customer Shipment
Invoice Order
Invoice Total
Order ID
Customer ID
Product ID
Shipment ID
Customer ID
Order ID
Order Status
Shipment ID
Exp. Delivery Date
Tracking ID
Customer ID
Customer Email
Customer Address
Product ID
Product Name
Stock
Developers
10. Try out Anypoint DataGraph for free!
10
At GA, DataGraph will be a
part of the Anypoint Platform
free trial. Use our tutorial to
try it for yourself!
Use our tutorial on your
trial account!
Anypoint DataGraph is a part
of the Anypoint Platform free
trial. Sign up for a new trial
account!
Sign up for a free trial!
11. DataWeave Playground & Tutorial
Explore and learn DataWeave in a sandbox environment
developer.mulesoft.com/learn/dataweave
Learn and master
DataWeave
● Walk through a guided
tutorial with interactive
output to learn the
fundamentals
Explore and
validate scripts
● Write and test data
mappings to experiment for
new projects
Available now
13. 13
The information in this presentation is confidential and proprietary to MuleSoft and may not be disclosed
without the permission of MuleSoft. This presentation is not subject to your license agreement or any other
service or subscription agreement with MuleSoft. MuleSoft has no obligation to pursue any course of
business outlined in this document or any related presentation, or to develop or release any functionality
mentioned therein. This document, or any related presentation and MuleSoft's strategy and possible future
developments, products and or platforms directions and functionality are all subject to change and may be
changed by MuleSoft at any time for any reason without notice. The information on this document is not a
commitment, promise or legal obligation to deliver any material, code or functionality. This document is
provided without a warranty of any kind, either express or implied, including but not limited to, the implied
warranties of merchantability, fitness for a particular purpose, or non-infringement. This document is for
informational purposes and may not be incorporated into a contract. MuleSoft assumes no responsibility for
errors or omissions in this document, except if such damages were caused by MuleSoft intentionally or
grossly negligent.
All forward-looking statements are subject to various risks and uncertainties that could cause actual results to
differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-
looking statements, which speak only as of their dates, and they should not be relied upon in making
purchasing decisions.
Safe Harbor statement
14. (May 2020 - April 2021)
API Design Development Debugging
New Features of Anypoint Studio 7.5 - 7.9
14
15. 15
Create new API specifications in Studio (OAS,
RAML)
Edit API specifications in Studio
API Design Perspective
API Console
API Design
21. 21
The information in this presentation is confidential and proprietary to MuleSoft and may not be disclosed
without the permission of MuleSoft. This presentation is not subject to your license agreement or any other
service or subscription agreement with MuleSoft. MuleSoft has no obligation to pursue any course of
business outlined in this document or any related presentation, or to develop or release any functionality
mentioned therein. This document, or any related presentation and MuleSoft's strategy and possible future
developments, products and or platforms directions and functionality are all subject to change and may be
changed by MuleSoft at any time for any reason without notice. The information on this document is not a
commitment, promise or legal obligation to deliver any material, code or functionality. This document is
provided without a warranty of any kind, either express or implied, including but not limited to, the implied
warranties of merchantability, fitness for a particular purpose, or non-infringement. This document is for
informational purposes and may not be incorporated into a contract. MuleSoft assumes no responsibility for
errors or omissions in this document, except if such damages were caused by MuleSoft intentionally or
grossly negligent.
All forward-looking statements are subject to various risks and uncertainties that could cause actual results to
differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-
looking statements, which speak only as of their dates, and they should not be relied upon in making
purchasing decisions.
Safe Harbor statement
22. 22
● CloudHub Deployment Use Cases
○ Shared LB
○ Basic DLB
○ DLB with No Publicly Accessible APIs
○ DLB and One Direction
○ External vs Internal API Access
● Physical Reference Architecture (Sample)
Agenda
24. 24
Shared LB
Requirement Applicable for the UC
High Availability
Resilience
(Mutual) TLS
Custom/Vanity domains (DNS)
Restricting access to APIs on infra level
Separation between publicly facing APIs and internally facing APIs
Resolving internal domains in internal network
IP Whitelisting
Description Shared Load Balancer is a default LB on CloudHub. Every API deployed on CloudHub is accessible via Shared LB, unless restricted by CloudHub VPC
firewall
Best Applied When • Client wants to keep it simple and see a quick win – deploying APIs with the minimum configuration required
• Client is comfortable exposing all the APIs directly on the Public Internet i.e. isolation not required
• Client is interested in application level of security only (policies applied via API Manager)
Pros • Support of HA an Resilience
• Easy to use, no extra configuration required
Cons • Lack of security on infrastructure level (no IP Whitelisting, VPC Firewall, custom certificates)
26. 26
Basic DLB
Description DLB exposes two endpoints: public to enable access via public internet (e.g. for mobile apps) and internal to enable communication inside the VPC and all
the paired VPCs (e.g. API to API calls, on-prem legacy system calling Mule APIs on cloud via secured VPN tunnel).
Best Applied When • Client is using a VPN Tunnel to access Highly Available APIs within a VPC
• Client wants to provide vanity domains and improved security access to both public and private APIs (whitelisting and mTLS)
• Client is comfortable exposing secured Private APIs directly on the Public Internet i.e. isolation not required
Pros • Increased Management over API Access
• Increased Security
Cons • Private APIs endpoints exposed to public internet
• DLB must be purchased as extra license
Requirement Applicable for the UC
High Availability
Resilience
(Mutual) TLS
Custom/Vanity domains (DNS)
Restricting access to APIs on infra level
Separation between publicly facing APIs and internally facing APIs
Resolving internal domains in internal network
IP Whitelisting
27. Basic DLB
27
Mapping
<lb-name>.lb.anypointdns.net/<app-name>
<app-name>.cloudhub.io
CloudHub VPC
Public App
http://mule-worker-<app-name>.cloudhub.io:<port>
8081 <- 80 HTTP
8082 <- 443 HTTPS
http://<app-name>.cloudhub.io
Direct Connect/Peering/IPSec
Shared
Load
Balancer
Customer Backend
https://mule-worker-nettools.eu.cloudhub.io:8082/
Dedicated
Load
Balancer
http://<vanity-domain-name>
https://api.company.com/
Mapping rules
Public
Internet
8091 <- HTTP
8092 <- HTTPS
8092
AWS Region
8092
CNAME internal-<dlbname>.lb.anypointdns.net
443: TLS
443: TLS
CNAME
<dlbname>.lb.anypointdns.net
App for DB Access
Blocked by VPC Firewall
internal-<dlbname>.lb.anypointdns.net
IP Whitelist
28. 28
DLB with No Publicly Accessible APIs
Description DLB and CloudHub VPC are configured to disable public access to APIs. Despite client deploying on CloudHub, all the APIs are kept internal.
Best Applied When • Client wants to keep all the APIs accessible via internal network only
• Client is using a VPN Tunnel to access Highly Available APIs within a VPC
• Client wants to provide vanity domains and improved security access to private APIs (whitelisting and mTLS)
Pros • Increased Security
• Increased Management over API Access
Cons • No ability to expose APIs to 3rd party applications or consumers (e.g. mobile)
• DLB must be purchased as extra license
Requirement Applicable for the UC
High Availability
Resilience
(Mutual) TLS
Custom/Vanity domains (DNS)
Restricting access to APIs on infra level
Separation between publicly facing APIs and internally facing APIs
Resolving internal domains in internal network
IP Whitelisting
29. DLB with No Publicly Accessible APIs
29
Mapping
<lb-name>.lb.anypointdns.net/<app-name>
<app-name>.cloudhub.io
CloudHub VPC
Int App
http://mule-worker-<app-name>.cloudhub.io:<port>
8081 <- 80 HTTP
8082 <- 443 HTTPS
http://<app-name>.cloudhub.io
Direct Connect/Peering/IPSec
Shared
Load
Balancer
Customer Backend
Dedicated
Load
Balancer
http://<vanity-domain-name>
https://api.company.com/
Mapping rules
Public
Internet
8091 <- HTTP
8092 <- HTTPS
8091
AWS Region
8091
CNAME internal-<dlbname>.lb.anypointdns.net
443: TLS
443: TLS
App for DB Access
Blocked by VPC Firewall
internal-<dlbname>.lb.anypointdns.net
Mapping rules
IP Whitelist
CNAME
<dlbname>.lb.anypointdns.net
Blocked by IP Whitelist config
30. 30
DLB and One Direction
Requirement Applicable for the UC
High Availability
Resilience
(Mutual) TLS
Custom/Vanity domains (DNS)
Restricting access to APIs on infra level
Separation between publicly facing APIs and internally facing APIs
Resolving internal domains in internal network
IP Whitelisting
Description CloudHub acts as a gateway to on-prem systems and/or APIs. Only Experience APIs and/or API Proxies are deployed on CloudHub. This use case is very
similar to DMZ in more traditional infrastructure topologies.
Best Applied When • Client wants to use CloudHub as a DMZ
• Client is using a VPN Tunnel to access APIs deployed on-prem from CloudHub (via Experience APIs or API Proxies)
Pros • DMZ as infrastructure, client doesn’t need to build their own servers for DMZ
• Easy to configure
• Easy to apply application edge security via API Manager
Cons • Client must consider how to split v/Cores between the on-prem and CloudHub – sometimes it could require extra vCores to be purchased
• DLB must be purchased as extra license
31. 31
DLB and One Direction
Mapping
<lb-name>.lb.anypointdns.net/<app-name>
<app-name>.cloudhub.io
CloudHub VPC
Public App
http://mule-worker-<app-name>.cloudhub.io:<port>
8081 <- 80 HTTP
8082 <- 443 HTTPS
http://<app-name>.cloudhub.io
Direct Connect/Peering/IPSec
Shared
Load
Balancer
Customer Backend
https://mule-worker-nettools.eu.cloudhub.io:8082/
Dedicated
Load
Balancer
http://<vanity-domain-name>
https://api.company.com/
Mapping rules
Public
Internet
8091 <- HTTP
8092 <- HTTPS
8092
AWS Region
8092
443: TLS
443
CNAME
<dlbname>.lb.anypointdns.net
App for DB Access
Blocked by VPC Firewall
internal-<dlbname>.lb.anypointdns.net
API (Cloud) to API (Cloud) not implemented
IP Whitelist
On-prem to API (Cloud) not implemented
32. 32
External vs Internal API Access
Requirement Applicable for the UC
High Availability
Resilience
(Mutual) TLS
Custom/Vanity domains (DNS)
Restricting access to APIs on infra level
Separation between publicly facing APIs and internally facing APIs
Resolving internal domains in internal network
IP Whitelisting
Description API deployed on CloudHub are split into two categories: APIs exposed to internet and APIs that can be called only internally via VPN Tunnel. Internal API can
be called only by another API running on CloudHub or by a system that is deployed on the network paired with CloudHub VPC (e.g. on-prem system)
Best Applied When • Client with CloudHub deployment wants to split APIs into two categories: accessible publicly (via internet), accessible internally (API to API or on-prem
system to API communication)
• The access to APIs must be control on infrastructure level as well as on application level
• Client wants internal systems to have access to APIs deployed on CloudHub via VPN tunnel, but also wants these APIs to be hidden from public use
Pros • Full control of API access on both infrastructure and application level on the CloudHub
Cons • Two DLBs must be purchased as extra license
33. 33
External vs Internal API Access
Mapping
<lb-name>.lb.anypointdns.net/<app-name>
<app-name>.cloudhub.io
CloudHub VPC
Public App
http://mule-worker-<app-name>.cloudhub.io:<port>
8081 <- 80 HTTP
8082 <- 443 HTTPS
http://<app-name>.cloudhub.io
Direct Connect/Peering/IPSec
Shared
Load
Balancer
Customer Backend
https://nettools.eu.cloudhub.io/
http://<vanity-domain-name>
https://api.company.com/
Mapping rules
Public
Internet
8091 <- HTTP
8092 <- HTTPS
8091
AWS Region
8091
CNAME internal-<dlbname>.lb.anypointdns.net
443: TLS
443: TLS
Internal - App for DB Access
Blocked by VPC Firewall
Mapping rules
Dedicated
Load
Balancer
IP Whitelist
CNAME
<dlbname>.lb.anypointdns.net
Dedicated
Load
Balancer
IP Whitelist
Blocked by IP Whitelist config
Blocked by mapping rules config
35. 35
● Go to www.menti.com
● Joining Code - 40432979
Interactive Quiz
36. 36
● Go to www.menti.com
● Joining Code - 20698990
Feedback and Topics for Next Meetup
37. 37
● Share:
○ Tweet your pictures with the hashtag #MuleMeetup
○ Invite your network to join: https://meetups.mulesoft.com/munich/
● Feedback:
○ Contact your organizers
● MeetUp Recordings:
○ Youtube Channel: MuleSoft Meetup Munich
https://www.youtube.com/channel/UCGp3GH-t2NPXG_YSWbnHgjw
● Next Meetup:
○ Tentative (1st/2nd Week of July 2021)
What’s Next