SlideShare a Scribd company logo

Denver MuleSoft Meetup: TDX Talk - Automatically Secure and Manage any API at Scale

Download as PPTX, PDF
Big Compass
Big Compass

Automatically Secure and Manage Any API at Scale Protect any API—anywhere—the moment it's deployed. Join us to learn how you can automate API management as part of your CI/CD pipeline with MuleSoft’s Anypoint Flex Gateway and hear about a real use case of Flex Gateway and Governance. Meet the Speakers: • Brian Statkevicus, MuleSoft Practice Manager at Big Compass • Sue Saio, Technical Product Marketing Manager at Salesforce

Technology
1 of 20
Automatically Secure and Manage any API at Scale Brian Statkevicus MuleSoft Practice Manager, Big Compass brian.statkevicus@bigcompass.com Sue Siao Technical Product Marketing Manager, Salesforce sue.siao@salesforce.com
Forward Looking Statements Updated: September 28, 2022 This presentation contains forward-looking statements about, among other things, trend analyses and future events, future financial performance, anticipated growth, industry prospects, environmental, social and governance goals, and the anticipated benefits of acquired companies. The achievement or success of the matters covered by such forward-looking statements involves risks, uncertainties and assumptions. If any such risks or uncertainties materialize or if any of the assumptions prove incorrect, Salesforce’s results could differ materially from the results expressed or implied by these forward- looking statements. The risks and uncertainties referred to above include those factors discussed in Salesforce’s reports filed from time to time with the Securities and Exchange Commission, including, but not limited to: impact of, and actions we may take in response to, the COVID-19 pandemic, related public health measures and resulting economic downturn and market volatility; our ability to maintain security levels and service performance meeting the expectations of our customers, and the resources and costs required to avoid unanticipated downtime and prevent, detect and remediate performance degradation and security breaches; the expenses associated with our data centers and third-party infrastructure providers; our ability to secure additional data center capacity; our reliance on third-party hardware, software and platform providers; the effect of evolving domestic and foreign government regulations, including those related to the provision of services on the Internet, those related to accessing the Internet, and those addressing data privacy, cross-border data transfers and import and export controls; current and potential litigation involving us or our industry, including litigation involving acquired entities such as Tableau Software, Inc. and Slack Technologies, Inc., and the resolution or settlement thereof; regulatory developments and regulatory investigations involving us or affecting our industry; our ability to successfully introduce new services and product features, including any efforts to expand our services; the success of our strategy of acquiring or making investments in complementary businesses, joint ventures, services, technologies and intellectual property rights; our ability to complete, on a timely basis or at all, announced transactions; our ability to realize the benefits from acquisitions, strategic partnerships, joint ventures and investments, including our July 2021 acquisition of Slack Technologies, Inc., and successfully integrate acquired businesses and technologies; our ability to compete in the markets in which we participate; the success of our business strategy and our plan to build our business, including our strategy to be a leading provider of enterprise cloud computing applications and platforms; our ability to execute our business plans; our ability to continue to grow unearned revenue and remaining performance obligation; the pace of change and innovation in enterprise cloud computing services; the seasonal nature of our sales cycles; our ability to limit customer attrition and costs related to those efforts; the success of our international expansion strategy; the demands on our personnel and infrastructure resulting from significant growth in our customer base and operations, including as a result of acquisitions; our ability to preserve our workplace culture, including as a result of our decisions regarding our current and future office environments or work-from-home policies; our dependency on the development and maintenance of the infrastructure of the Internet; our real estate and office facilities strategy and related costs and uncertainties; fluctuations in, and our ability to predict, our operating results and cash flows; the variability in our results arising from the accounting for term license revenue products; the performance and fair value of our investments in complementary businesses through our strategic investment portfolio; the impact of future gains or losses from our strategic investment portfolio, including gains or losses from overall market conditions that may affect the publicly traded companies within our strategic investment portfolio; our ability to protect our intellectual property rights; our ability to develop our brands; the impact of foreign currency exchange rate and interest rate fluctuations on our results; the valuation of our deferred tax assets and the release of related valuation allowances; the potential availability of additional tax assets in the future; the impact of new accounting pronouncements and tax laws; uncertainties affecting our ability to estimate our tax rate; uncertainties regarding our tax obligations in connection with potential jurisdictional transfers of intellectual property, including the tax rate, the timing of the transfer and the value of such transferred intellectual property; uncertainties regarding the effect of general economic and market conditions; the impact of geopolitical events; uncertainties regarding the impact of expensing stock options and other equity awards; the sufficiency of our capital resources; the ability to execute our Share Repurchase Program; our ability to comply with our debt covenants and lease obligations; the impact of climate change, natural disasters and actual or threatened public health emergencies; and our ability to achieve our aspirations, goals and projections related to our environmental, social and governance initiatives.
API Management - From Theory to Application Challenges to API Management Automate Gateway Deployment & Manage ANY API Real-life Implementation Use Cases Challenges to API Management Automate Gateway Deployment & Manage ANY API Real-life Implementation Use Cases
APIs are building blocks for composed applications
Need a new approach to effectively use, manage and engage with APIs Event driven Micro- services SaaS Integration B2B/ EDI API ecosystems Limited visibility & access to existing APIs Inconsistent enforcement of security and governance Complex operations and troubleshooting APIs sprawling across fragmented solutions and environments
Universal API management on Anypoint Platform Discover, Build and Catalog any API Ensure consistent API quality and security Control and secure access to any API Engage and create API Ecosystems Govern Manage Engage Discover Anypoint Platform New and existing product capabilities on a unified platform
Agenda Challenges to API Management Automate Gateway Deployment & Manage ANY API Real-life Implementation Use Cases Automate Gateway Deployment & Manage ANY API
Anypoint Flex Gateway Implement modern architecture with ultrafast, distributed API gateway to control and secure APIs Manage Security team Deploy to virtually any environment High performance on a small footprint Secure external and internal API traffic Fine grain traffic control and fault tolerance Manage using web UI or CI/CD pipeline Anypoint Flex Gateway (Ingress/Egress) Customers Payments Orders Products
Jenkins Protect and manage your microservices Automatically Deploy API Gateway Anypoint Platform Apply Policies Manage API Gateway Films API Anypoint Flex Gateway
Agenda Challenges to API Management Automate Gateway Deployment & Manage ANY API Real-life Implementation Use Cases Real-life Implementation Use Cases
Customer overview Capacity/Usage ● ~200 prod vCores and 320 non-prod vCores Business challenges ● Need to control access to 3rd party APIs in order to keep Mule and other apps compliant with state security requirements ● Code review requires senior resources that are stretched thin Western US state government client with centralized IT team that administers Anypoint Platform (CloudHub and RTF) and numerous state agencies to serve Solution UAPIM: Flex Gateway and API Governance
Amazon Elastic Container Service Current Architecture Anypoint Flex Gateway at the customer Anypoint Platform Manage APIs View Flex Gateway Anypoint Flex Gateway Amazon Elastic Container Registry Customized Anypoint Flex Gateway Docker Image
API registered with Flex Gateway
API Governance at the customer Phase 1 Phase 2 Phase 3 ● Existing APIs are updated as necessary ● New APIs must conform with HTTPs and OWASP rulesets ● No CI/CD enforcement ● Introduce custom ruleset with customer’s best practices ● CI/CD enforcement ● The customer is using the following Rulesets: ○ HTTPs Enforcement ○ OWASP API Security Top 10 ○ Anypoint API Best Practices too much noise. To be replaced with a custom ruleset with customer’s best practices.
Example from Design Center Footer
Key Learnings Need to add RAML/OpenAPI definition to ‘govern’ API Documentation could be more thorough Still a few ‘odd’ experiences with the UX
Next steps for this customer Configure their firewall to forward logs to Splunk Enable TLS Enable Business Groups
Key Takeaways 1. API sprawl is the reality Control and manage any API with Anypoint Flex Gateway 1. Code reviews are necessary for security Automate governance checks with Anypoint API Governance What to look out for later this year: Anypoint Flex Gateway Policy Development Kit Anypoint API Governance Govern policies and managed APIs
Let’s Continue our Connection Where do we go from here? Check out Big Compass blogs and case studies on MuleSoft Try out Anypoint Flex Gateway through tutorials Gain Insights Learn more Let’s meet again! Join us at World Tour NYC on May 4th! In person or Salesforce+
Thank you

Recommended

DC MuleSoft Meetup: TDX Talk: API Security The 3 Keys To Protect Your Digital...
DC MuleSoft Meetup: TDX Talk: API Security The 3 Keys To Protect Your Digital...DC MuleSoft Meetup: TDX Talk: API Security The 3 Keys To Protect Your Digital...
DC MuleSoft Meetup: TDX Talk: API Security The 3 Keys To Protect Your Digital...
Big Compass
 
RTC2023_Boost-App-Integration-with-AI_Kim.pdf
RTC2023_Boost-App-Integration-with-AI_Kim.pdfRTC2023_Boost-App-Integration-with-AI_Kim.pdf
RTC2023_Boost-App-Integration-with-AI_Kim.pdf
hossenkamal2
 
Architecting Integrations for Observability.pdf
Architecting Integrations for Observability.pdfArchitecting Integrations for Observability.pdf
Architecting Integrations for Observability.pdf
Manik S Magar
 
MuleSoft Online Meetup Group - B2B Crash Course: PM Insider Lecture
MuleSoft Online Meetup Group - B2B Crash Course: PM Insider LectureMuleSoft Online Meetup Group - B2B Crash Course: PM Insider Lecture
MuleSoft Online Meetup Group - B2B Crash Course: PM Insider Lecture
Manik S Magar
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
Manik S Magar
 
Toronto Developer Group - Winter 24' Release Highlights.pptx
Toronto Developer Group - Winter 24' Release Highlights.pptxToronto Developer Group - Winter 24' Release Highlights.pptx
Toronto Developer Group - Winter 24' Release Highlights.pptx
Karanraj Sankaranarayanan
 
Elevate productivity_ Unveiling the power of new Slack innovations.pdf
Elevate productivity_ Unveiling the power of new Slack innovations.pdfElevate productivity_ Unveiling the power of new Slack innovations.pdf
Elevate productivity_ Unveiling the power of new Slack innovations.pdf
TCS
 
INTERFACE, by apidays - The future of API Management in a hybrid, multi-clou...
INTERFACE, by apidays - The future of API Management in a hybrid, multi-clou...INTERFACE, by apidays - The future of API Management in a hybrid, multi-clou...
INTERFACE, by apidays - The future of API Management in a hybrid, multi-clou...
apidays
 

Recommended

DC MuleSoft Meetup: TDX Talk: API Security The 3 Keys To Protect Your Digital...
DC MuleSoft Meetup: TDX Talk: API Security The 3 Keys To Protect Your Digital...DC MuleSoft Meetup: TDX Talk: API Security The 3 Keys To Protect Your Digital...
DC MuleSoft Meetup: TDX Talk: API Security The 3 Keys To Protect Your Digital...
Big Compass
 
RTC2023_Boost-App-Integration-with-AI_Kim.pdf
RTC2023_Boost-App-Integration-with-AI_Kim.pdfRTC2023_Boost-App-Integration-with-AI_Kim.pdf
RTC2023_Boost-App-Integration-with-AI_Kim.pdf
hossenkamal2
 
Architecting Integrations for Observability.pdf
Architecting Integrations for Observability.pdfArchitecting Integrations for Observability.pdf
Architecting Integrations for Observability.pdf
Manik S Magar
 
MuleSoft Online Meetup Group - B2B Crash Course: PM Insider Lecture
MuleSoft Online Meetup Group - B2B Crash Course: PM Insider LectureMuleSoft Online Meetup Group - B2B Crash Course: PM Insider Lecture
MuleSoft Online Meetup Group - B2B Crash Course: PM Insider Lecture
Manik S Magar
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
Manik S Magar
 
Toronto Developer Group - Winter 24' Release Highlights.pptx
Toronto Developer Group - Winter 24' Release Highlights.pptxToronto Developer Group - Winter 24' Release Highlights.pptx
Toronto Developer Group - Winter 24' Release Highlights.pptx
Karanraj Sankaranarayanan
 
Elevate productivity_ Unveiling the power of new Slack innovations.pdf
Elevate productivity_ Unveiling the power of new Slack innovations.pdfElevate productivity_ Unveiling the power of new Slack innovations.pdf
Elevate productivity_ Unveiling the power of new Slack innovations.pdf
TCS
 
INTERFACE, by apidays - The future of API Management in a hybrid, multi-clou...
INTERFACE, by apidays - The future of API Management in a hybrid, multi-clou...INTERFACE, by apidays - The future of API Management in a hybrid, multi-clou...
INTERFACE, by apidays - The future of API Management in a hybrid, multi-clou...
apidays
 
DevOps Center_ArchitectGroup
DevOps Center_ArchitectGroup DevOps Center_ArchitectGroup
DevOps Center_ArchitectGroup
AmeyKulkarni84
 
Perth Meetup December 2021
Perth Meetup December 2021Perth Meetup December 2021
Perth Meetup December 2021
Michael Price
 
Mulesoft RPA & The Last Mile Problem (Dreamforce 22 ) | MuleSoft Mysore Meetu...
Mulesoft RPA & The Last Mile Problem (Dreamforce 22 ) | MuleSoft Mysore Meetu...Mulesoft RPA & The Last Mile Problem (Dreamforce 22 ) | MuleSoft Mysore Meetu...
Mulesoft RPA & The Last Mile Problem (Dreamforce 22 ) | MuleSoft Mysore Meetu...
MysoreMuleSoftMeetup
 
The Next Era of CRM.pdf
The Next Era of CRM.pdfThe Next Era of CRM.pdf
The Next Era of CRM.pdf
PatrickYANG48
 
Zero Trust Security - Updated
Zero Trust Security - UpdatedZero Trust Security - Updated
Zero Trust Security - Updated
Akshata Sawant
 
Go with the Flow - Jarrod Kingston
Go with the Flow - Jarrod KingstonGo with the Flow - Jarrod Kingston
Go with the Flow - Jarrod Kingston
Jarrod Kingston
 
[Madrid-Meetup April 22] UAPIM.pptx
[Madrid-Meetup April 22] UAPIM.pptx[Madrid-Meetup April 22] UAPIM.pptx
[Madrid-Meetup April 22] UAPIM.pptx
jorgelebrato
 
Next Generation Application Development, Alex Edelstein
Next Generation Application Development, Alex EdelsteinNext Generation Application Development, Alex Edelstein
Next Generation Application Development, Alex Edelstein
CzechDreamin
 
Sample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce DevelopersSample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce Developers
Salesforce Developers
 
Nonprofit User Group.pdf
Nonprofit User Group.pdfNonprofit User Group.pdf
Nonprofit User Group.pdf
MarianaLemus7
 
Alba Rivas - Building Slack Applications with Bolt.js.pdf
Alba Rivas - Building Slack Applications with Bolt.js.pdfAlba Rivas - Building Slack Applications with Bolt.js.pdf
Alba Rivas - Building Slack Applications with Bolt.js.pdf
MarkPawlikowski2
 
TDX Global Gathering - Wellington UG
TDX Global Gathering - Wellington UGTDX Global Gathering - Wellington UG
TDX Global Gathering - Wellington UG
Stephan Chandler-Garcia
 
Fort Worth Community - Record Triggered Automations.pdf
Fort Worth Community - Record Triggered Automations.pdfFort Worth Community - Record Triggered Automations.pdf
Fort Worth Community - Record Triggered Automations.pdf
AmeyKulkarni84
 
First Steps to Salesforce Release Management & DevOps [Salesforce User Group,...
First Steps to Salesforce Release Management & DevOps [Salesforce User Group,...First Steps to Salesforce Release Management & DevOps [Salesforce User Group,...
First Steps to Salesforce Release Management & DevOps [Salesforce User Group,...
Anna Loughnan Colquhoun
 
MuleSoft Composer - 09122021 - Virtual Muleys
MuleSoft Composer - 09122021 - Virtual Muleys MuleSoft Composer - 09122021 - Virtual Muleys
MuleSoft Composer - 09122021 - Virtual Muleys
Angel Alberici
 
Wellington Salesforce User Group - Summer 22 Release
Wellington Salesforce User Group - Summer 22 ReleaseWellington Salesforce User Group - Summer 22 Release
Wellington Salesforce User Group - Summer 22 Release
Anna Loughnan Colquhoun
 
Dreamforce 22 Unleash Powerful Data Transforms in Apex with DataWeave
Dreamforce 22 Unleash Powerful Data Transforms in Apex with DataWeaveDreamforce 22 Unleash Powerful Data Transforms in Apex with DataWeave
Dreamforce 22 Unleash Powerful Data Transforms in Apex with DataWeave
DanielBallinger3
 
MuleSoft Composer - OKC Oklahoma City MuleSoft Meetup 11/11/21
MuleSoft Composer - OKC Oklahoma City MuleSoft Meetup 11/11/21MuleSoft Composer - OKC Oklahoma City MuleSoft Meetup 11/11/21
MuleSoft Composer - OKC Oklahoma City MuleSoft Meetup 11/11/21
DianeKesler2
 
Dreamforce 2019: "Using Quip for Better Documentation of your Salesforce Org"
Dreamforce 2019: "Using Quip for Better Documentation of your Salesforce Org"Dreamforce 2019: "Using Quip for Better Documentation of your Salesforce Org"
Dreamforce 2019: "Using Quip for Better Documentation of your Salesforce Org"
Prag Ravichandran Kamalaveni (he/him)
 
Anypoint_Code_Builder_-Toronto Meetup.pptx
Anypoint_Code_Builder_-Toronto Meetup.pptxAnypoint_Code_Builder_-Toronto Meetup.pptx
Anypoint_Code_Builder_-Toronto Meetup.pptx
Anurag Dwivedi
 
Washington DC MuleSoft Meetup: CI/CD Pipeline with MuleSoft and Azure DevOps
Washington DC MuleSoft Meetup: CI/CD Pipeline with MuleSoft and Azure DevOpsWashington DC MuleSoft Meetup: CI/CD Pipeline with MuleSoft and Azure DevOps
Washington DC MuleSoft Meetup: CI/CD Pipeline with MuleSoft and Azure DevOps
Big Compass
 
Denver MuleSoft Meetup: Greatest MuleSoft Hits of 2022
Denver MuleSoft Meetup: Greatest MuleSoft Hits of 2022Denver MuleSoft Meetup: Greatest MuleSoft Hits of 2022
Denver MuleSoft Meetup: Greatest MuleSoft Hits of 2022
Big Compass
 

More Related Content

Similar to Denver MuleSoft Meetup: TDX Talk - Automatically Secure and Manage any API at Scale

Alba Rivas - Building Slack Applications with Bolt.js.pdf
Alba Rivas - Building Slack Applications with Bolt.js.pdfAlba Rivas - Building Slack Applications with Bolt.js.pdf
Alba Rivas - Building Slack Applications with Bolt.js.pdf
MarkPawlikowski2
 
Dreamforce 2019: "Using Quip for Better Documentation of your Salesforce Org"
Dreamforce 2019: "Using Quip for Better Documentation of your Salesforce Org"Dreamforce 2019: "Using Quip for Better Documentation of your Salesforce Org"
Dreamforce 2019: "Using Quip for Better Documentation of your Salesforce Org"
Prag Ravichandran Kamalaveni (he/him)
 

Similar to Denver MuleSoft Meetup: TDX Talk - Automatically Secure and Manage any API at Scale (20)

DevOps Center_ArchitectGroup
DevOps Center_ArchitectGroup DevOps Center_ArchitectGroup
DevOps Center_ArchitectGroup
 
Perth Meetup December 2021
Perth Meetup December 2021Perth Meetup December 2021
Perth Meetup December 2021
 
Mulesoft RPA & The Last Mile Problem (Dreamforce 22 ) | MuleSoft Mysore Meetu...
Mulesoft RPA & The Last Mile Problem (Dreamforce 22 ) | MuleSoft Mysore Meetu...Mulesoft RPA & The Last Mile Problem (Dreamforce 22 ) | MuleSoft Mysore Meetu...
Mulesoft RPA & The Last Mile Problem (Dreamforce 22 ) | MuleSoft Mysore Meetu...
 
The Next Era of CRM.pdf
The Next Era of CRM.pdfThe Next Era of CRM.pdf
The Next Era of CRM.pdf
 
Zero Trust Security - Updated
Zero Trust Security - UpdatedZero Trust Security - Updated
Zero Trust Security - Updated
 
Go with the Flow - Jarrod Kingston
Go with the Flow - Jarrod KingstonGo with the Flow - Jarrod Kingston
Go with the Flow - Jarrod Kingston
 
[Madrid-Meetup April 22] UAPIM.pptx
[Madrid-Meetup April 22] UAPIM.pptx[Madrid-Meetup April 22] UAPIM.pptx
[Madrid-Meetup April 22] UAPIM.pptx
 
Next Generation Application Development, Alex Edelstein
Next Generation Application Development, Alex EdelsteinNext Generation Application Development, Alex Edelstein
Next Generation Application Development, Alex Edelstein
 
Sample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce DevelopersSample Gallery: Reference Code and Best Practices for Salesforce Developers
Sample Gallery: Reference Code and Best Practices for Salesforce Developers
 
Nonprofit User Group.pdf
Nonprofit User Group.pdfNonprofit User Group.pdf
Nonprofit User Group.pdf
 
Alba Rivas - Building Slack Applications with Bolt.js.pdf
Alba Rivas - Building Slack Applications with Bolt.js.pdfAlba Rivas - Building Slack Applications with Bolt.js.pdf
Alba Rivas - Building Slack Applications with Bolt.js.pdf
 
TDX Global Gathering - Wellington UG
TDX Global Gathering - Wellington UGTDX Global Gathering - Wellington UG
TDX Global Gathering - Wellington UG
 
Fort Worth Community - Record Triggered Automations.pdf
Fort Worth Community - Record Triggered Automations.pdfFort Worth Community - Record Triggered Automations.pdf
Fort Worth Community - Record Triggered Automations.pdf
 
First Steps to Salesforce Release Management & DevOps [Salesforce User Group,...
First Steps to Salesforce Release Management & DevOps [Salesforce User Group,...First Steps to Salesforce Release Management & DevOps [Salesforce User Group,...
First Steps to Salesforce Release Management & DevOps [Salesforce User Group,...
 
MuleSoft Composer - 09122021 - Virtual Muleys
MuleSoft Composer - 09122021 - Virtual Muleys MuleSoft Composer - 09122021 - Virtual Muleys
MuleSoft Composer - 09122021 - Virtual Muleys
 
Wellington Salesforce User Group - Summer 22 Release
Wellington Salesforce User Group - Summer 22 ReleaseWellington Salesforce User Group - Summer 22 Release
Wellington Salesforce User Group - Summer 22 Release
 
Dreamforce 22 Unleash Powerful Data Transforms in Apex with DataWeave
Dreamforce 22 Unleash Powerful Data Transforms in Apex with DataWeaveDreamforce 22 Unleash Powerful Data Transforms in Apex with DataWeave
Dreamforce 22 Unleash Powerful Data Transforms in Apex with DataWeave
 
MuleSoft Composer - OKC Oklahoma City MuleSoft Meetup 11/11/21
MuleSoft Composer - OKC Oklahoma City MuleSoft Meetup 11/11/21MuleSoft Composer - OKC Oklahoma City MuleSoft Meetup 11/11/21
MuleSoft Composer - OKC Oklahoma City MuleSoft Meetup 11/11/21
 
Dreamforce 2019: "Using Quip for Better Documentation of your Salesforce Org"
Dreamforce 2019: "Using Quip for Better Documentation of your Salesforce Org"Dreamforce 2019: "Using Quip for Better Documentation of your Salesforce Org"
Dreamforce 2019: "Using Quip for Better Documentation of your Salesforce Org"
 
Anypoint_Code_Builder_-Toronto Meetup.pptx
Anypoint_Code_Builder_-Toronto Meetup.pptxAnypoint_Code_Builder_-Toronto Meetup.pptx
Anypoint_Code_Builder_-Toronto Meetup.pptx
 

More from Big Compass

Denver MuleSoft Meetup: Approve this! (or reject this!) with MuleSoft and Slack
Denver MuleSoft Meetup: Approve this! (or reject this!) with MuleSoft and SlackDenver MuleSoft Meetup: Approve this! (or reject this!) with MuleSoft and Slack
Denver MuleSoft Meetup: Approve this! (or reject this!) with MuleSoft and Slack
Big Compass
 
Denver MuleSoft Meetup: How To Best Use Anypoint Monitoring In Your Anypoint ...
Denver MuleSoft Meetup: How To Best Use Anypoint Monitoring In Your Anypoint ...Denver MuleSoft Meetup: How To Best Use Anypoint Monitoring In Your Anypoint ...
Denver MuleSoft Meetup: How To Best Use Anypoint Monitoring In Your Anypoint ...
Big Compass
 
Denver MuleSoft Meetup: Cool Features in DataWeave 2.3 and 2.4
Denver MuleSoft Meetup: Cool Features in DataWeave 2.3 and 2.4Denver MuleSoft Meetup: Cool Features in DataWeave 2.3 and 2.4
Denver MuleSoft Meetup: Cool Features in DataWeave 2.3 and 2.4
Big Compass
 

More from Big Compass (6)

Washington DC MuleSoft Meetup: CI/CD Pipeline with MuleSoft and Azure DevOps
Washington DC MuleSoft Meetup: CI/CD Pipeline with MuleSoft and Azure DevOpsWashington DC MuleSoft Meetup: CI/CD Pipeline with MuleSoft and Azure DevOps
Washington DC MuleSoft Meetup: CI/CD Pipeline with MuleSoft and Azure DevOps
 
Denver MuleSoft Meetup: Greatest MuleSoft Hits of 2022
Denver MuleSoft Meetup: Greatest MuleSoft Hits of 2022Denver MuleSoft Meetup: Greatest MuleSoft Hits of 2022
Denver MuleSoft Meetup: Greatest MuleSoft Hits of 2022
 
At Last, MuleSoft RPA Revealed - A Quick Guide To Automating Your Business | ...
At Last, MuleSoft RPA Revealed - A Quick Guide To Automating Your Business | ...At Last, MuleSoft RPA Revealed - A Quick Guide To Automating Your Business | ...
At Last, MuleSoft RPA Revealed - A Quick Guide To Automating Your Business | ...
 
Denver MuleSoft Meetup: Approve this! (or reject this!) with MuleSoft and Slack
Denver MuleSoft Meetup: Approve this! (or reject this!) with MuleSoft and SlackDenver MuleSoft Meetup: Approve this! (or reject this!) with MuleSoft and Slack
Denver MuleSoft Meetup: Approve this! (or reject this!) with MuleSoft and Slack
 
Denver MuleSoft Meetup: How To Best Use Anypoint Monitoring In Your Anypoint ...
Denver MuleSoft Meetup: How To Best Use Anypoint Monitoring In Your Anypoint ...Denver MuleSoft Meetup: How To Best Use Anypoint Monitoring In Your Anypoint ...
Denver MuleSoft Meetup: How To Best Use Anypoint Monitoring In Your Anypoint ...
 
Denver MuleSoft Meetup: Cool Features in DataWeave 2.3 and 2.4
Denver MuleSoft Meetup: Cool Features in DataWeave 2.3 and 2.4Denver MuleSoft Meetup: Cool Features in DataWeave 2.3 and 2.4
Denver MuleSoft Meetup: Cool Features in DataWeave 2.3 and 2.4
 

Recently uploaded

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Recently uploaded (20)

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

Denver MuleSoft Meetup: TDX Talk - Automatically Secure and Manage any API at Scale

  • 1. Automatically Secure and Manage any API at Scale Brian Statkevicus MuleSoft Practice Manager, Big Compass brian.statkevicus@bigcompass.com Sue Siao Technical Product Marketing Manager, Salesforce sue.siao@salesforce.com
  • 2. Forward Looking Statements Updated: September 28, 2022 This presentation contains forward-looking statements about, among other things, trend analyses and future events, future financial performance, anticipated growth, industry prospects, environmental, social and governance goals, and the anticipated benefits of acquired companies. The achievement or success of the matters covered by such forward-looking statements involves risks, uncertainties and assumptions. If any such risks or uncertainties materialize or if any of the assumptions prove incorrect, Salesforce’s results could differ materially from the results expressed or implied by these forward- looking statements. The risks and uncertainties referred to above include those factors discussed in Salesforce’s reports filed from time to time with the Securities and Exchange Commission, including, but not limited to: impact of, and actions we may take in response to, the COVID-19 pandemic, related public health measures and resulting economic downturn and market volatility; our ability to maintain security levels and service performance meeting the expectations of our customers, and the resources and costs required to avoid unanticipated downtime and prevent, detect and remediate performance degradation and security breaches; the expenses associated with our data centers and third-party infrastructure providers; our ability to secure additional data center capacity; our reliance on third-party hardware, software and platform providers; the effect of evolving domestic and foreign government regulations, including those related to the provision of services on the Internet, those related to accessing the Internet, and those addressing data privacy, cross-border data transfers and import and export controls; current and potential litigation involving us or our industry, including litigation involving acquired entities such as Tableau Software, Inc. and Slack Technologies, Inc., and the resolution or settlement thereof; regulatory developments and regulatory investigations involving us or affecting our industry; our ability to successfully introduce new services and product features, including any efforts to expand our services; the success of our strategy of acquiring or making investments in complementary businesses, joint ventures, services, technologies and intellectual property rights; our ability to complete, on a timely basis or at all, announced transactions; our ability to realize the benefits from acquisitions, strategic partnerships, joint ventures and investments, including our July 2021 acquisition of Slack Technologies, Inc., and successfully integrate acquired businesses and technologies; our ability to compete in the markets in which we participate; the success of our business strategy and our plan to build our business, including our strategy to be a leading provider of enterprise cloud computing applications and platforms; our ability to execute our business plans; our ability to continue to grow unearned revenue and remaining performance obligation; the pace of change and innovation in enterprise cloud computing services; the seasonal nature of our sales cycles; our ability to limit customer attrition and costs related to those efforts; the success of our international expansion strategy; the demands on our personnel and infrastructure resulting from significant growth in our customer base and operations, including as a result of acquisitions; our ability to preserve our workplace culture, including as a result of our decisions regarding our current and future office environments or work-from-home policies; our dependency on the development and maintenance of the infrastructure of the Internet; our real estate and office facilities strategy and related costs and uncertainties; fluctuations in, and our ability to predict, our operating results and cash flows; the variability in our results arising from the accounting for term license revenue products; the performance and fair value of our investments in complementary businesses through our strategic investment portfolio; the impact of future gains or losses from our strategic investment portfolio, including gains or losses from overall market conditions that may affect the publicly traded companies within our strategic investment portfolio; our ability to protect our intellectual property rights; our ability to develop our brands; the impact of foreign currency exchange rate and interest rate fluctuations on our results; the valuation of our deferred tax assets and the release of related valuation allowances; the potential availability of additional tax assets in the future; the impact of new accounting pronouncements and tax laws; uncertainties affecting our ability to estimate our tax rate; uncertainties regarding our tax obligations in connection with potential jurisdictional transfers of intellectual property, including the tax rate, the timing of the transfer and the value of such transferred intellectual property; uncertainties regarding the effect of general economic and market conditions; the impact of geopolitical events; uncertainties regarding the impact of expensing stock options and other equity awards; the sufficiency of our capital resources; the ability to execute our Share Repurchase Program; our ability to comply with our debt covenants and lease obligations; the impact of climate change, natural disasters and actual or threatened public health emergencies; and our ability to achieve our aspirations, goals and projections related to our environmental, social and governance initiatives.
  • 3. API Management - From Theory to Application Challenges to API Management Automate Gateway Deployment & Manage ANY API Real-life Implementation Use Cases Challenges to API Management Automate Gateway Deployment & Manage ANY API Real-life Implementation Use Cases
  • 4. APIs are building blocks for composed applications
  • 5. Need a new approach to effectively use, manage and engage with APIs Event driven Micro- services SaaS Integration B2B/ EDI API ecosystems Limited visibility & access to existing APIs Inconsistent enforcement of security and governance Complex operations and troubleshooting APIs sprawling across fragmented solutions and environments
  • 6. Universal API management on Anypoint Platform Discover, Build and Catalog any API Ensure consistent API quality and security Control and secure access to any API Engage and create API Ecosystems Govern Manage Engage Discover Anypoint Platform New and existing product capabilities on a unified platform
  • 7. Agenda Challenges to API Management Automate Gateway Deployment & Manage ANY API Real-life Implementation Use Cases Automate Gateway Deployment & Manage ANY API
  • 8. Anypoint Flex Gateway Implement modern architecture with ultrafast, distributed API gateway to control and secure APIs Manage Security team Deploy to virtually any environment High performance on a small footprint Secure external and internal API traffic Fine grain traffic control and fault tolerance Manage using web UI or CI/CD pipeline Anypoint Flex Gateway (Ingress/Egress) Customers Payments Orders Products
  • 9. Jenkins Protect and manage your microservices Automatically Deploy API Gateway Anypoint Platform Apply Policies Manage API Gateway Films API Anypoint Flex Gateway
  • 10. Agenda Challenges to API Management Automate Gateway Deployment & Manage ANY API Real-life Implementation Use Cases Real-life Implementation Use Cases
  • 11. Customer overview Capacity/Usage ● ~200 prod vCores and 320 non-prod vCores Business challenges ● Need to control access to 3rd party APIs in order to keep Mule and other apps compliant with state security requirements ● Code review requires senior resources that are stretched thin Western US state government client with centralized IT team that administers Anypoint Platform (CloudHub and RTF) and numerous state agencies to serve Solution UAPIM: Flex Gateway and API Governance
  • 12. Amazon Elastic Container Service Current Architecture Anypoint Flex Gateway at the customer Anypoint Platform Manage APIs View Flex Gateway Anypoint Flex Gateway Amazon Elastic Container Registry Customized Anypoint Flex Gateway Docker Image
  • 13. API registered with Flex Gateway
  • 14. API Governance at the customer Phase 1 Phase 2 Phase 3 ● Existing APIs are updated as necessary ● New APIs must conform with HTTPs and OWASP rulesets ● No CI/CD enforcement ● Introduce custom ruleset with customer’s best practices ● CI/CD enforcement ● The customer is using the following Rulesets: ○ HTTPs Enforcement ○ OWASP API Security Top 10 ○ Anypoint API Best Practices too much noise. To be replaced with a custom ruleset with customer’s best practices.
  • 15. Example from Design Center Footer
  • 16. Key Learnings Need to add RAML/OpenAPI definition to ‘govern’ API Documentation could be more thorough Still a few ‘odd’ experiences with the UX
  • 17. Next steps for this customer Configure their firewall to forward logs to Splunk Enable TLS Enable Business Groups
  • 18. Key Takeaways 1. API sprawl is the reality Control and manage any API with Anypoint Flex Gateway 1. Code reviews are necessary for security Automate governance checks with Anypoint API Governance What to look out for later this year: Anypoint Flex Gateway Policy Development Kit Anypoint API Governance Govern policies and managed APIs
  • 19. Let’s Continue our Connection Where do we go from here? Check out Big Compass blogs and case studies on MuleSoft Try out Anypoint Flex Gateway through tutorials Gain Insights Learn more Let’s meet again! Join us at World Tour NYC on May 4th! In person or Salesforce+

Editor's Notes

  1. Hello everyone, thank you for joining us today. I’m Sue and Brian and I will be talking about how you can automatically secure and manage any API at scale.
  2. Before we start, just as a reminder, you should base your purchasing decisions on products and services that are currently available.
  3. Today, we will discuss the challenges to API Management, talk of how you could automate the process, and Brian will share with us a real life use case on now a customer is utilizing Anypoint Platform. So, let’s get started.
  4. who here uses or interacts with APIs every day? As developers, admins, or IT professionals, you are interacting with APIs on daily, if not hourly basis. After all, APIs are building blocks that allow your organization to connect data to support application development and innovation.
  5. But, as API use increases, it also sprawls across fragmented solutions and environments and this leads to problems such as: Limited visibility and usability Inconsistent security & governance enforcement Hard to operate & manage And all of these ultimately leads to difficulty in managing your APIs to ensure that the data is secure and available to only those who should have access to it. We understand that it’s not practical to have just ONE environment where you deploy your applications. Depending on what you are building, where and how it’s deployed can vary. So in a way, API sprawl in a way is a necessity for growth.
  6. But that doesn’t mean that you should just leave it free for all. That’s why MuleSoft is offering Universal API Management. Universal API management on Anypoint Platform is a collection of new and existing products that provide a single control plane so you can Discover, Govern, Manage, and Engage ANY API that are built and deployed anywhere. This enables developers to build their applications wherever and however they prefer but you can still control the who and the how of API access.
  7. Alright, so let’s now discuss how you can automatically manage any API.
  8. Let’s talk about the product – MuleSoft provides Anypoint Flex Gateway so that you can protect ANY API running ANYwhere. You can deploy to virtually any environment, have flexibility to manage APIs at the Ingress as well within your microservices. All this while giving you rich fine-grained traffic control and API protection capabilities. And lastly, you can also chose to manage API in a web-based control plane, OR locally through declarative files.
  9. Here is an example we will look at for how you can deploy flex gateway. I have a films api that I have deployed in a docker container & let’s see how we can manage and protect it.
  10. Ultrafast response times with small footprint Manage and secure APIs in minutes Deploy to virtually any target environment Manage using Anypoint Platform or with declarative configuration via CI/CD pipelines Pay only for what you use
  11. This is an example of managing a non-Mule API. The customer endpoint is obfuscated, but that’s the endpoint the consumers will use. This points to: https://jsonplaceholder.typicode.com/users
  12. The challenge with Anypoint Best Practices ruleset is it has >20 violations and >30 warnings.
  13. We’d love to continue building our connection with you. We’ll be over by (explicitly explain where you’ll be) for the next 10 min to answer questions and get to know each other. This session was a sampling of how MuleSoft automate anything to empower everyone. I invite you to: visit booth xxxx, located in xxxx to watch our demos [or] attend xxxx session, at xxx am/pm, in room xxxx located in xxxx And finally, visit us online at MuleSoft.com to view our webinars and hear other customer stories. Use this link to create your own QR code