SlideShare a Scribd company logo

MuleSoft Meetup Roma - CloudHub Networking Stategies

Download as PPTX, PDF
A
Alfonso Martino

CloudHub Networking Stategies & DLB setup and configuration demo

Technology
1 of 52
Thursday 22/04/2021 Rome MuleSoft Meetup Group Networking Strategies on CloudHub
2 Muleys, Meetup Leaders and… speakers: Contacts: ● amartino@mulesoft.com ● sbenfari@mulesoft.com Introductions
3 ● CloudHub Physical Architecture (50 mins) ● Demo time: Application traffic routing through Dedicated Load Balancer (30 mins) ● Q&A (15 mins) ● Trivia quiz (15 mins) Agenda
CloudHub Physical Architecture
MuleSoft’s Anypoint Platform Control Plane Runtime Plane Unified single solution for iPaaS and full lifecycle API Control Plane: MuleSoft Managed : 2 Control plane US (N Virginia) & EU (Frankfurt or Dublin) Customer Managed : Private Cloud Edition - PCE Runtime plane: This is where the APIs & Integrations are hosted. CloudHub: MuleSoft Managed Runtime plane Standalone Mule/RTF/PCE : Customer managed.
6 CloudHub (Commercial/GovCloud) Hybrid (Standalone/RTF) On-premise (Private Cloud Edition) Control Plane Runtime Plane Managed by MuleSoft Managed by the Customer (Data center) Managed by the Customer (3rd party Cloud) MuleSoft’s Anypoint Platform Deployment Model
Runtime Plane Worker Worker Mule App Mule App Worker Mule App Worker Mule App Worker Mule App Worker Mule App Anypoint CloudHub Anypoint Platform Control Plane Internal & External APIs RUNTIME MANAGER ACCESS MANAGEMENT MANAGEMENT CENTER VISUALIZER ADVANCE MONITORING EXCHANGE PARTNER MANAGER` API DESIGNER DESIGN CENTER API ANALYTICS CLOUDHUB
Worker Mule App Worker Mule App Worker Mule App Anypoint CloudHub Architecture SHARED/DEDICATED LOAD BALANCER RUNTIME PLANE HTTP/S mTLS mTLS mTLS mTLS RUNTIME MANAGER ADVANCED MONITORING MANAGEMENT CENTER API MANAGER CUSTOMER VPC CONTROL PLANE
Multi-tenancy Support and Logical Segregation Business Groups & Environments
● Business Groups provide a mechanism for delegating management and administration of Anypoint Platform to users within different business units or functions ● Business Groups provide complete isolation of resources allowing for multitenant use cases within your Anypoint Platform account ● Centralized administrators can create a multi-level hierarchical structure of Business Groups and then delegate users from the specific groups to be administrators at BG level Multi-tenancy Implementation on CH Business Groups Reference Documentation: https://docs.mulesoft.com/access-management/business-groups
11 ● Business Groups reside all within Master Org (root), as part of Customer unique subscription ● Flexible model - it enables delegation at different level ○ Certain Core Functions such as SSO and common artifacts (i.e. libraries) are setup at the root org level and shared across Business Groups. ○ Infrastructure Components can be defined centrally or specific to a Business Group. ○ Operations and Deployments are local to a Business Group. ● Business Group level environments are logical boundaries and map to shared/centralized infrastructure without need for replication. Multi-tenancy Implementation on CH Business Groups Reference Documentation: https://docs.mulesoft.com/access-management/business-groups
12 Root Org LoB 1 (BG) LoB 2 (BG) LoB 3 (BG) VPC Sandbox VPC PROD Dev Test UAT PROD Side note - APIs in different VPCs can still communicate each other (depending on networking rules implemented) Dev Test UAT Dev Test UAT PROD PROD Multi-tenancy Implementation on CH Business Groups & Environment Segregation - Typical Setup
Anypoint Resources (i.e VPC or redistributable entitlements like vCores or Static IPs) can be created at any level of the Anypoint Organization structure but can only be shared vertically down the Anypoint Organization structure, not up or across Example 2: VPC created in Business Group B Example 1: VPC created in Business Group A Example 3: VPC created in Master Organization Multi-tenancy Implementation on CH Resources Inheritance in a Hierarchical Org Structure
CloudHub Virtual Private Cloud
15 Isolated network segment specific to a customer hosted in our AWS account and managed by MuleSoft ● Workers are deployed into this network segment and assigned an internal IP address within the address space determined by the customer (CIDR block) ● Can be connected to customer’s data center or one of their private AWS VPC (via peering) ● The base Anypoint VPC subscription includes two Anypoint VPCs ● Each Anypoint VPC can be associated with multiple environments (typically 1 VPC for PROD and 1 for SANDBOX) ● It allows you to configure firewall rules to apply to your workers ● Regional service (it must be binded to a specific Region) CloudHub Networking Virtual Private Cloud (VPC) Reference Documentation: https://docs.mulesoft.com/runtime-manager/virtual-private-cloud Availability Zone 1 Availability Zone 2 Availability Zone 4 Each VPC has its own firewall to gate access Region Mule Worker Mule Worker Mule Worker Mule Worker Mule Worker Mule Worker A VPC is created within an AWS Region A VPC can span up to 4 Availability Zones A VPC can have a maximum of 64K IP addresses Non-Production VPC - [10.1.0.0/16] Production VPC - [10.1.1.0/24] A VPC must have minimum of 256 IP addresses
16 CloudHub Networking Virtual Private Cloud (VPC) Sizing Proper sizing has to be performed upfront (no possibility to change it later) Supported CIDR blocks /24 - /16 No costs associated to over provisioning For each worker deployed to CloudHub, the following IP assignation takes place: ● A few IP addresses are reserved for infrastructure ● At least two IP addresses per worker to perform at zero-downtime General Rule of Thumb - 10 IPs per Mule Application (interface)
High Availability & Disaster Recovery
CloudHub offers several features for redundancy and reliability, which includes reliability across data centers within a region ● Multiple workers for the same application are distributed across two or more data centers. ● Apps are automatically restarted whenever they fail. ● The load balancer directs traffic to other workers if a worker is down If an application uses a single worker, when the availability zone is unavailable, CloudHub automatically restarts the application in a different availability zone. In this case, the application might experience downtime. Important: define upfront the Business Critical apps which can’t tolerate service disruption and allocate them multiple Workers! High Availability CloudHub Deployment Model & Self-healing Mechanisms
Disaster Recovery 19 CloudHub Global Infrastructure - DR across Regions Global Infrastructure relying on AWS Regions Automatic disaster recovery across regions is not offered by CloudHub If a Region goes down, the applications within the region are unavailable and not automatically replicated in other regions.
Disaster Recovery 20 CloudHub Global Infrastructure - DR across Regions Mitigation Strategy Multi-Region deploy (active-active, active-passive, pilot fire) It requires ● External Load Balancer provisioned by Customer (i.e. AWS ELB) ● Setup of VPC and VPN connectivity across the different regions w/ local DC ● Fully stateless Apps to avoid message loss (AMQ, ObjectStore, VM Queues are regional services)
Connectivity Options with On-prem
CloudHub Networking Connectivity Options
CloudHub Networking Virtual Private Network Connecting to your Anypoint VPC via VPN extends your corporate intranet and allows CloudHub workers to access resources behind your corporate firewall. ● Anypoint VPN supports site-to-site Internet Protocol security (IPsec) connections. A physical or software appliance, called a VPN endpoint, is the terminator on your side of the connection. The MuleSoft side of the connection is an implementation of a virtual private gateway (VGW) ● MuleSoft VGW can support up to 10 VPN connections per VPC ● Supports Dynamic (BGP protocol) and Static Routing - BGP is the preferred option ● Anypoint VPN acts only as a responder (you must initiate traffic to open tunnel - see KB how to generate interesting traffic) ● Each Anypoint VPN connection consists of two tunnels for HA ● MuleSoft VGW implementation supports a maximum throughput of 1.25 Gbps (shared across all the VPNs connected to the VPC) ● Anypoint Management Console allows to download device specific configuration ● VPN and Direct Connect can’t coexist on same VPC ● VPC CIDR block can’t overlap to Data Center IP range VPN Requirements: https://docs.mulesoft.com/runtime-manager/vpn-about KB: https://help.mulesoft.com/s/article/Anypoint-VPN-Knowledge-Articles Test / troubleshoot connectivity (KB) here
Load Balancing Strategies
Load Balancing 25 CloudHub Shared Load Balancer (default) • This type of load balancer sits outside of the Customer’s VPC and it is shared between all the CloudHub customers • There is one SLB clustered instance in each CloudHub region that serves all the CloudHub customers in that AWS region (limited throughput respect DLB) • SLB can only be used to load balance calls for the external-facing APIs (internal LB through HTTP Connector or Messaging patterns) • It supports HTTPS, but it is not possible to use custom TLS certificates • Impossible to setup vanity domains
Shared Load Balancer (default) Region AWS Region CloudHub Shared VPC Mule Worker appEthel [us-e2] [cloudhub.io] CloudHub Domain Name Shared Load Balancer [us-e2.cloudhub.io] SLB Domain Name <app_name>.<region>.cloudhub.io appEthel.us-e2.cloudhub.io Standard FQDN template 1 HTTP/S Client http://3.23.92.132:8081 http://appLucy.us- e2.cloudhub.io 4 http://mule-worker-appLucy.us- e2.cloudhub.io:8081 5 Default mapping rules for the Shared Load Balancer 3 appLucy.us-e2.cloudhub.io:80 mule-worker-appLucy.us-e2.cloudhub.io:8081 appEthel.us-e2.cloudhub.io:443 mule-worker-appEthel.us-e2.cloudhub.io:8082 When an application is deployed to CloudHub, the application gets several public DNS records. 2 Mule Worker [3.23.92.132] appLucy Mule Worker [3.12.83.228] appLucy A CNAME record(alias) to the shared load balancer of the region where the app is deployed to. A records for all public IP addresses of the shared load balancer A records for all public IP addresses of the CH workers running the app. An app can be directly accessed (i.e., the SLB can be bypassed) by pre-pending "mule-worker-" to the FQDN of the app. A records for all private IP addresses of the CH workers running the app. An app can be directly accessed from other apps within a customer VPC by pre-pending "mule-worker-internal-" to the FQDN of the app. appLucy.us-e2.cloudhub.io. 60 IN CNAME us-e2.cloudhub.io. us-e2.cloudhub.io. 60 60 IN A 3.130.220.225 us-e2.cloudhub.io. 60 60 IN A 3.22.15.255 us-e2.cloudhub.io. 60 60 IN A 18.221.57.233 mule-worker-appLucy.us-e2.cloudhub.io. 30 IN A 3.23.92.132 mule-worker-appLucy.us-e2.cloudhub.io. 30 IN A 3.12.83.228 mule-worker-internal-appLucy.us-e2.cloudhub.io. 60 IN A 172.25.6.221 mule-worker-internal-appLucy.us-e2.cloudhub.io. 60 IN A 172.25.92.140
Load Balancing 27 CloudHub Dedicated Load Balancer (Subscription req.) • The Dedicated Load Balancer sits inside the Customer’s VPC • It is possible to configure more than one DLB in a VPC • Unlike SLB, a DLB instance can be used for load balancing internal traffic across the workers within a VPC. • It supports Custom TLS Certificates (including 2-Way TLS Authentication) • It allows to define proxy rules - Vanity Domain Names • It allows to enforce IP Whitelist/Blacklist
● A DLB is an optional add-on entitlement ● A DLB typically has higher throughput capabilities than a Shared Load Balancer ● A DLB supports custom SSL certificates and two-way SSL (Mutual SSL) ● A DLB supports proxy rules for mapping applications to custom domains, so, for example, everything can be hosted under a single vanity domain ● A DLB is deployed inside of a particular Anypoint VPC ■ A VPC can have more than one DLB ■ A DLB cannot span multiple VPC ● A DLB is comprised of one or more load balancer units but can be scaled ■ A single load balancer unit is comprised of two workers ■ You can assign a maximum to 4 load balancer units to a DLB ■ A fully maxed out DLB will have 8 workers Load Balancing CloudHub Dedicated Load Balancer (Subscription req.)
Using a Single DLB ● Provides network isolation of Mule applications within a VPC ● Governs which internal endpoints can be accessed via customizable mapping rules ● Supports IP Whitelisting to govern which networks can access the DLB ● Performs load balancing of internal traffic across workers within a VPC ● Offloads TLS processing by terminating TLS connections at the DLB
Dedicated Load Balancer Architecture http://appLucy.us- e2.cloudhub.io 7 [cloudhub.io] CloudHub Domain Name Region AWS Region [us-e2] Customer VPC [10.100.1.0/24] DNS records for the Dedicated Load Balancer 3 HTTP/S Client https://my- dlb.lb.anypointdns.net/appLucy 6 Mule Worker appLucy Mule Worker appLucy Mule Worker appEthel ● FQDN for the apps the same as in SLB architecture. ● DNS entries are similar as in SLB architecture, except internal addresses will be from the 10.100.1.0/24 pool. Default mapping rules for the Dedicated Load Balancer 4 Default mapping rules for the Shared Load Balancer 5 Shared Load Balancer [us-e2.cloudhub.io] <lb_name>.lb.anypointdns.net my-dlb.lb.anypointdns.net Standard FQDN template for the DLB 2 Dedicated Load Balancer [my-dlb.lb.anypointdns.net] Default firewall rules for the customer VPC 1 Source CIDR Dest. Port 10.100.1.0/24 8091 10.100.1.0/24 8092 0.0.0.0/0 8081 0.0.0.0/0 8082 my-dlb.lb.anypointdns.net. 60 IN A 3.130.220.225 my-dlb.lb.anypointdns.net. 60 IN A 3.22.15.255 internal-my-dlb.lb.anypointdns.net. 30 IN A 10.100.1.21 internal-my-dlb.lb.anypointdns.net. 30 IN A 10.100.1.105 appLucy.us-e2.cloudhub.io:80 mule-worker-appLucy.us-e2.cloudhub.io:8081 appEthel.us-e2.cloudhub.io:443 mule-worker-appEthel.us-e2.cloudhub.io:8082 my-dlb.lb.anypointdns.net:8080/appLucy mule-worker-internal-appLucy.us-e2.cloudhub.io:8091 my-dlb.lb.anypointdns.net:443/appEthel mule-worker-internal-appEthel.us-e2.cloudhub.io:8092
Using Multiple DLBs ● Provides for even greater network isolation of Mule applications within a VPC ● Provides for a flexible governance and load balancing architecture ○ Use one DLB to expose and load balance external facing APIs (e.g., Experience APIs) ○ Use a second DLB to hide internal APIs (e.g., Process and System APIs) but still allow internal APIs to be load balanced. ○ Naming convention and patterns allow for dynamic routing and protection of internal APIs KB: https://help.mulesoft.com/s/article/How-to-dynamically-restrict-external-access-to-specific-APIs-using-Dedicated-Load-Balancers
[cloudhub.io] Region [us-e2] Customer VPC [10.100.1.0/24] Process requests from anywhere 4 Multiple Dedicated Load Balancers Architecture Mule Worker Exp. API Mule Worker Exp. API Mule Worker Exp. API Mule Worker Process API Mule Worker Process API Mule Worker Process API Mule Worker System API Mule Worker System API Mule Worker System API 5 Process requests only from VPC addresses Default mapping rules for each DLB 3 ● All applications within the VPC should be exposed on either port 8091 for HTTP or 8092 for HTTPS ● All applications have internal addresses from the 10.100.1.0/24 pool. 1 /{app} mule-worker-internal-{app}.us-e2.cloudhub.io:8091 Internal/Private DLB [int-dlb.lb.anypointdns.net] External/Public DLB [ext-dlb.lb.anypointdns.net] Firewall rules for the customer VPC to allow traffic from only within the VPC 2 Source CIDR Dest. Port 10.100.1.0/24 8091 10.100.1.0/24 8092 Whitelisted CIDR 0.0.0.0/0 Whitelisted CIDR 10.100.1.0/24 Shared DLB [us-e1.cloudhub.io]
Demo time: Application traffic routing through DLB
Prerequisite - Permissions Required Runtime Manager> Read applications + Create Applications + CloudHub Network Admin
Prerequisite - Org Entitlements The Anypoint Organisation must included at least following entitlements: ● 1 VPC ● 1 Dedicated Load Balancer ● At least 0.1 vCores allocated
Prerequisite - Development Tools A certificate generation tool e.g. Open SSL A REST client e.g. Postman or Advanced REST Client Anypoint Studio
Creating a VPC 1. Provide a name 2. Choose the AWS deployment region 3. Provide a CIDR (must not clash with any internal network ranges if relevant) Choose environments to be included in the VPC 1. Optionally share with sub BGs Documentation Reference CIDR Size Reference
Configure Firewall Rules In order to block public inbound traffic remove the Anywhere 0.0.0.0/0 rules Note that all internal traffic will use port 8091 for HTTP and port 8092 for HTTPS Documentation Reference
Creating a DLB - Prerequisites A VPC must already exist A certificate key pair in PEM format How to create a key pair using SSL
Creating a DLB 1. Provide a name 2. Choose the VPC to associate with 2 workers is default - each DLB license allows for 2 workers 1. Whitelist the IPs to accept traffic from in CIDR notation. Anywhere is default
Creating a DLB Choose how HTTP requests should be handled Additional optional configurations (leave defaults)
Creating an SSL Endpoint Upload the public and private keys If mutual TLS was required a client cert can be added
API Naming and URL Mapping Rules A common use case customers have is to make only certain APIs publicly accessible. For example, we may want to make our Experience APIs available to the public internet but secure our Process and System APIs within the VPC. This can be achieved by defining a naming convention for ‘public’ and ‘private’ applications, and then applying mapping rules based on this convention.
Configuring URL Mapping Rules In the example below, we map all incoming requests to applications with the naming convention exp- {app} This means only Experience APIs will be accessible via the DLB Default Mapping Rules Custom Mapping Rules
Creating a DLB Once all configuration options are complete create the DLB and wait for it to start
Testing a VPC and DLB Configuration Create a simple Mule app which listens for HTTP requests Ensure the listener uses port 8091
Testing a VPC and DLB Configuration 1. Deploy the app to CloudHub 2. Ensure the region matches the VPC region and the environment is included in the VPC 3. Ensure the HTTP port is 8091 (8092 for HTTPS listeners)
Testing a VPC and DLB Configuration In order to send a request, we must call the DLB endpoint/app-name, keeping in mind any mapping rules e.g. mapping rule adds exp- prefix, to the request must not include this prefix *If a Chrome security alert appears, typing “this is unsafe” while on the page will bypass the warning
Q&A
What’s next
51 ● Share: ○ Tweet using the hashtag #MuleSoftMeetups ○ Invite your network to join: https://meetups.mulesoft.com/rome/ ● Feedback: ○ Fill out the survey feedback and suggest topics for upcoming events ○ Contact MuleSoft at meetups@mulesoft.com for ways to improve the program What’s next?
Thank you

Recommended

On prem to cloud hub migration (updated)
On prem to cloud hub migration (updated)On prem to cloud hub migration (updated)
On prem to cloud hub migration (updated)Sandeep Deshmukh
 
Patna MuleSoft Meetup Anypoint Cloudhub 2.0
Patna MuleSoft Meetup Anypoint Cloudhub 2.0Patna MuleSoft Meetup Anypoint Cloudhub 2.0
Patna MuleSoft Meetup Anypoint Cloudhub 2.0shyamraj55
 
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys Meetups
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys MeetupsMuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys Meetups
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys MeetupsAngel Alberici
 
Microsoft azure overview
Microsoft azure overviewMicrosoft azure overview
Microsoft azure overviewAli Mkahal
 
Runtime Fabric on OpenShift _--_ MuleSoft Meetup Deck.pptx
Runtime Fabric on OpenShift _--_ MuleSoft Meetup Deck.pptxRuntime Fabric on OpenShift _--_ MuleSoft Meetup Deck.pptx
Runtime Fabric on OpenShift _--_ MuleSoft Meetup Deck.pptxSandeep Deshmukh
 
Top 10 F5 iRules to migrate to a modern load balancing platform
Top 10 F5 iRules to migrate to a modern load balancing platformTop 10 F5 iRules to migrate to a modern load balancing platform
Top 10 F5 iRules to migrate to a modern load balancing platformAvi Networks
 
VMware on AWS를 통한 하이브리드 클라우드 구축 적용 - 홍정진, AWS Partner SA/ VMC on AWS
VMware on AWS를 통한 하이브리드 클라우드 구축 적용 - 홍정진, AWS Partner SA/ VMC on AWSVMware on AWS를 통한 하이브리드 클라우드 구축 적용 - 홍정진, AWS Partner SA/ VMC on AWS
VMware on AWS를 통한 하이브리드 클라우드 구축 적용 - 홍정진, AWS Partner SA/ VMC on AWSAmazon Web Services Korea
 
MuleSoft Integration with AWS Cognito Client Credentials and Mule JWT Validat...
MuleSoft Integration with AWS Cognito Client Credentials and Mule JWT Validat...MuleSoft Integration with AWS Cognito Client Credentials and Mule JWT Validat...
MuleSoft Integration with AWS Cognito Client Credentials and Mule JWT Validat...Manish Kumar Yadav
 

Recommended

On prem to cloud hub migration (updated)
On prem to cloud hub migration (updated)On prem to cloud hub migration (updated)
On prem to cloud hub migration (updated)Sandeep Deshmukh
 
Patna MuleSoft Meetup Anypoint Cloudhub 2.0
Patna MuleSoft Meetup Anypoint Cloudhub 2.0Patna MuleSoft Meetup Anypoint Cloudhub 2.0
Patna MuleSoft Meetup Anypoint Cloudhub 2.0shyamraj55
 
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys Meetups
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys MeetupsMuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys Meetups
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys MeetupsAngel Alberici
 
Microsoft azure overview
Microsoft azure overviewMicrosoft azure overview
Microsoft azure overviewAli Mkahal
 
Runtime Fabric on OpenShift _--_ MuleSoft Meetup Deck.pptx
Runtime Fabric on OpenShift _--_ MuleSoft Meetup Deck.pptxRuntime Fabric on OpenShift _--_ MuleSoft Meetup Deck.pptx
Runtime Fabric on OpenShift _--_ MuleSoft Meetup Deck.pptxSandeep Deshmukh
 
Top 10 F5 iRules to migrate to a modern load balancing platform
Top 10 F5 iRules to migrate to a modern load balancing platformTop 10 F5 iRules to migrate to a modern load balancing platform
Top 10 F5 iRules to migrate to a modern load balancing platformAvi Networks
 
VMware on AWS를 통한 하이브리드 클라우드 구축 적용 - 홍정진, AWS Partner SA/ VMC on AWS
VMware on AWS를 통한 하이브리드 클라우드 구축 적용 - 홍정진, AWS Partner SA/ VMC on AWSVMware on AWS를 통한 하이브리드 클라우드 구축 적용 - 홍정진, AWS Partner SA/ VMC on AWS
VMware on AWS를 통한 하이브리드 클라우드 구축 적용 - 홍정진, AWS Partner SA/ VMC on AWSAmazon Web Services Korea
 
MuleSoft Integration with AWS Cognito Client Credentials and Mule JWT Validat...
MuleSoft Integration with AWS Cognito Client Credentials and Mule JWT Validat...MuleSoft Integration with AWS Cognito Client Credentials and Mule JWT Validat...
MuleSoft Integration with AWS Cognito Client Credentials and Mule JWT Validat...Manish Kumar Yadav
 
The Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureThe Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureAptera Inc
 
VMware Site Recovery Manager
VMware Site Recovery ManagerVMware Site Recovery Manager
VMware Site Recovery ManagerJürgen Ambrosi
 
Jenkins를 활용한 Openshift CI/CD 구성
Jenkins를 활용한 Openshift CI/CD 구성 Jenkins를 활용한 Openshift CI/CD 구성
Jenkins를 활용한 Openshift CI/CD 구성 rockplace
 
database migration simple, cross-engine and cross-platform migrations with ...
database migration simple, cross-engine and cross-platform migrations with ...database migration simple, cross-engine and cross-platform migrations with ...
database migration simple, cross-engine and cross-platform migrations with ...Amazon Web Services
 
Application Migrations
Application MigrationsApplication Migrations
Application MigrationsAmazon Web Services
 
Distributed Caching in Kubernetes with Hazelcast
Distributed Caching in Kubernetes with HazelcastDistributed Caching in Kubernetes with Hazelcast
Distributed Caching in Kubernetes with HazelcastMesut Celik
 
다양한 배포 기법과 AWS에서 구축하는 CI/CD 파이프라인 l 안효빈 솔루션즈 아키텍트
다양한 배포 기법과 AWS에서 구축하는 CI/CD 파이프라인 l 안효빈 솔루션즈 아키텍트다양한 배포 기법과 AWS에서 구축하는 CI/CD 파이프라인 l 안효빈 솔루션즈 아키텍트
다양한 배포 기법과 AWS에서 구축하는 CI/CD 파이프라인 l 안효빈 솔루션즈 아키텍트Amazon Web Services Korea
 
마이크로서비스를 위한 AWS 아키텍처 패턴 및 모범 사례 - AWS Summit Seoul 2017
마이크로서비스를 위한 AWS 아키텍처 패턴 및 모범 사례 - AWS Summit Seoul 2017마이크로서비스를 위한 AWS 아키텍처 패턴 및 모범 사례 - AWS Summit Seoul 2017
마이크로서비스를 위한 AWS 아키텍처 패턴 및 모범 사례 - AWS Summit Seoul 2017Amazon Web Services Korea
 
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...Amazon Web Services
 
MuleSoft Online Meetup a Guide to RTF application deployment - October 2020
MuleSoft Online Meetup a Guide to RTF application deployment - October 2020MuleSoft Online Meetup a Guide to RTF application deployment - October 2020
MuleSoft Online Meetup a Guide to RTF application deployment - October 2020Royston Lobo
 
Container Security
Container SecurityContainer Security
Container SecurityAmazon Web Services
 
Washington DC MuleSoft Meetup: CI/CD Pipeline with MuleSoft and Azure DevOps
Washington DC MuleSoft Meetup: CI/CD Pipeline with MuleSoft and Azure DevOpsWashington DC MuleSoft Meetup: CI/CD Pipeline with MuleSoft and Azure DevOps
Washington DC MuleSoft Meetup: CI/CD Pipeline with MuleSoft and Azure DevOpsBig Compass
 
금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...
금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...
금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...Amazon Web Services Korea
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep diveWinton Winton
 
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...SlideTeam
 
Database change management with Liquibase
Database change management with LiquibaseDatabase change management with Liquibase
Database change management with LiquibaseJarosław Szczepankiewicz
 
Azure DevOps Pipeline setup for Mule APIs #36
Azure DevOps Pipeline setup for Mule APIs #36Azure DevOps Pipeline setup for Mule APIs #36
Azure DevOps Pipeline setup for Mule APIs #36MysoreMuleSoftMeetup
 
Understanding Azure Disaster Recovery
Understanding Azure Disaster RecoveryUnderstanding Azure Disaster Recovery
Understanding Azure Disaster RecoveryNew Horizons Ireland
 
Introduction of Windows azure and overview
Introduction of Windows azure and overviewIntroduction of Windows azure and overview
Introduction of Windows azure and overviewVishal Tandel
 
Azure Stack Fundamentals
Azure Stack FundamentalsAzure Stack Fundamentals
Azure Stack FundamentalsCenk Ersoy
 
Montreal MuleSoft_Meetup_16-Aug.pptx
Montreal MuleSoft_Meetup_16-Aug.pptxMontreal MuleSoft_Meetup_16-Aug.pptx
Montreal MuleSoft_Meetup_16-Aug.pptxshubhamkalsi2
 
Operationalizing CloudHub 2.0 - Meetup.pptx
Operationalizing CloudHub 2.0 - Meetup.pptxOperationalizing CloudHub 2.0 - Meetup.pptx
Operationalizing CloudHub 2.0 - Meetup.pptxSandeep Deshmukh
 

More Related Content

What's hot

The Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureThe Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureAptera Inc
 
VMware Site Recovery Manager
VMware Site Recovery ManagerVMware Site Recovery Manager
VMware Site Recovery ManagerJürgen Ambrosi
 
Jenkins를 활용한 Openshift CI/CD 구성
Jenkins를 활용한 Openshift CI/CD 구성 Jenkins를 활용한 Openshift CI/CD 구성
Jenkins를 활용한 Openshift CI/CD 구성 rockplace
 
database migration simple, cross-engine and cross-platform migrations with ...
database migration simple, cross-engine and cross-platform migrations with ...database migration simple, cross-engine and cross-platform migrations with ...
database migration simple, cross-engine and cross-platform migrations with ...Amazon Web Services
 
Distributed Caching in Kubernetes with Hazelcast
Distributed Caching in Kubernetes with HazelcastDistributed Caching in Kubernetes with Hazelcast
Distributed Caching in Kubernetes with HazelcastMesut Celik
 
다양한 배포 기법과 AWS에서 구축하는 CI/CD 파이프라인 l 안효빈 솔루션즈 아키텍트
다양한 배포 기법과 AWS에서 구축하는 CI/CD 파이프라인 l 안효빈 솔루션즈 아키텍트다양한 배포 기법과 AWS에서 구축하는 CI/CD 파이프라인 l 안효빈 솔루션즈 아키텍트
다양한 배포 기법과 AWS에서 구축하는 CI/CD 파이프라인 l 안효빈 솔루션즈 아키텍트Amazon Web Services Korea
 
마이크로서비스를 위한 AWS 아키텍처 패턴 및 모범 사례 - AWS Summit Seoul 2017
마이크로서비스를 위한 AWS 아키텍처 패턴 및 모범 사례 - AWS Summit Seoul 2017마이크로서비스를 위한 AWS 아키텍처 패턴 및 모범 사례 - AWS Summit Seoul 2017
마이크로서비스를 위한 AWS 아키텍처 패턴 및 모범 사례 - AWS Summit Seoul 2017Amazon Web Services Korea
 
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...Amazon Web Services
 
MuleSoft Online Meetup a Guide to RTF application deployment - October 2020
MuleSoft Online Meetup a Guide to RTF application deployment - October 2020MuleSoft Online Meetup a Guide to RTF application deployment - October 2020
MuleSoft Online Meetup a Guide to RTF application deployment - October 2020Royston Lobo
 
Washington DC MuleSoft Meetup: CI/CD Pipeline with MuleSoft and Azure DevOps
Washington DC MuleSoft Meetup: CI/CD Pipeline with MuleSoft and Azure DevOpsWashington DC MuleSoft Meetup: CI/CD Pipeline with MuleSoft and Azure DevOps
Washington DC MuleSoft Meetup: CI/CD Pipeline with MuleSoft and Azure DevOpsBig Compass
 
금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...
금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...
금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...Amazon Web Services Korea
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep diveWinton Winton
 
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...SlideTeam
 
Azure DevOps Pipeline setup for Mule APIs #36
Azure DevOps Pipeline setup for Mule APIs #36Azure DevOps Pipeline setup for Mule APIs #36
Azure DevOps Pipeline setup for Mule APIs #36MysoreMuleSoftMeetup
 
Understanding Azure Disaster Recovery
Understanding Azure Disaster RecoveryUnderstanding Azure Disaster Recovery
Understanding Azure Disaster RecoveryNew Horizons Ireland
 
Introduction of Windows azure and overview
Introduction of Windows azure and overviewIntroduction of Windows azure and overview
Introduction of Windows azure and overviewVishal Tandel
 
Azure Stack Fundamentals
Azure Stack FundamentalsAzure Stack Fundamentals
Azure Stack FundamentalsCenk Ersoy
 

What's hot (20)

The Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft AzureThe Layman's Guide to Microsoft Azure
The Layman's Guide to Microsoft Azure
 
VMware Site Recovery Manager
VMware Site Recovery ManagerVMware Site Recovery Manager
VMware Site Recovery Manager
 
Jenkins를 활용한 Openshift CI/CD 구성
Jenkins를 활용한 Openshift CI/CD 구성 Jenkins를 활용한 Openshift CI/CD 구성
Jenkins를 활용한 Openshift CI/CD 구성
 
database migration simple, cross-engine and cross-platform migrations with ...
database migration simple, cross-engine and cross-platform migrations with ...database migration simple, cross-engine and cross-platform migrations with ...
database migration simple, cross-engine and cross-platform migrations with ...
 
Application Migrations
Application MigrationsApplication Migrations
Application Migrations
 
Distributed Caching in Kubernetes with Hazelcast
Distributed Caching in Kubernetes with HazelcastDistributed Caching in Kubernetes with Hazelcast
Distributed Caching in Kubernetes with Hazelcast
 
다양한 배포 기법과 AWS에서 구축하는 CI/CD 파이프라인 l 안효빈 솔루션즈 아키텍트
다양한 배포 기법과 AWS에서 구축하는 CI/CD 파이프라인 l 안효빈 솔루션즈 아키텍트다양한 배포 기법과 AWS에서 구축하는 CI/CD 파이프라인 l 안효빈 솔루션즈 아키텍트
다양한 배포 기법과 AWS에서 구축하는 CI/CD 파이프라인 l 안효빈 솔루션즈 아키텍트
 
마이크로서비스를 위한 AWS 아키텍처 패턴 및 모범 사례 - AWS Summit Seoul 2017
마이크로서비스를 위한 AWS 아키텍처 패턴 및 모범 사례 - AWS Summit Seoul 2017마이크로서비스를 위한 AWS 아키텍처 패턴 및 모범 사례 - AWS Summit Seoul 2017
마이크로서비스를 위한 AWS 아키텍처 패턴 및 모범 사례 - AWS Summit Seoul 2017
 
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
Using HashiCorp’s Terraform to build your infrastructure on AWS - Pop-up Loft...
 
MuleSoft Online Meetup a Guide to RTF application deployment - October 2020
MuleSoft Online Meetup a Guide to RTF application deployment - October 2020MuleSoft Online Meetup a Guide to RTF application deployment - October 2020
MuleSoft Online Meetup a Guide to RTF application deployment - October 2020
 
Container Security
Container SecurityContainer Security
Container Security
 
Washington DC MuleSoft Meetup: CI/CD Pipeline with MuleSoft and Azure DevOps
Washington DC MuleSoft Meetup: CI/CD Pipeline with MuleSoft and Azure DevOpsWashington DC MuleSoft Meetup: CI/CD Pipeline with MuleSoft and Azure DevOps
Washington DC MuleSoft Meetup: CI/CD Pipeline with MuleSoft and Azure DevOps
 
금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...
금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...
금융 X 하이브리드 클라우드 플랫폼 - 한화생명 디지털 트랜스포메이션 전략 - 김나영 AWS 금융부문 사업개발 담당 / 박인규 AWS 금융...
 
Open shift 4 infra deep dive
Open shift 4 infra deep diveOpen shift 4 infra deep dive
Open shift 4 infra deep dive
 
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...
An Architectural Deep Dive With Kubernetes And Containers Powerpoint Presenta...
 
Database change management with Liquibase
Database change management with LiquibaseDatabase change management with Liquibase
Database change management with Liquibase
 
Azure DevOps Pipeline setup for Mule APIs #36
Azure DevOps Pipeline setup for Mule APIs #36Azure DevOps Pipeline setup for Mule APIs #36
Azure DevOps Pipeline setup for Mule APIs #36
 
Understanding Azure Disaster Recovery
Understanding Azure Disaster RecoveryUnderstanding Azure Disaster Recovery
Understanding Azure Disaster Recovery
 
Introduction of Windows azure and overview
Introduction of Windows azure and overviewIntroduction of Windows azure and overview
Introduction of Windows azure and overview
 
Azure Stack Fundamentals
Azure Stack FundamentalsAzure Stack Fundamentals
Azure Stack Fundamentals
 

Similar to MuleSoft Meetup Roma - CloudHub Networking Stategies

Montreal MuleSoft_Meetup_16-Aug.pptx
Montreal MuleSoft_Meetup_16-Aug.pptxMontreal MuleSoft_Meetup_16-Aug.pptx
Montreal MuleSoft_Meetup_16-Aug.pptxshubhamkalsi2
 
Operationalizing CloudHub 2.0 - Meetup.pptx
Operationalizing CloudHub 2.0 - Meetup.pptxOperationalizing CloudHub 2.0 - Meetup.pptx
Operationalizing CloudHub 2.0 - Meetup.pptxSandeep Deshmukh
 
MuleSoft Meetup Vancouver 5th Virtual Event
MuleSoft Meetup Vancouver 5th Virtual EventMuleSoft Meetup Vancouver 5th Virtual Event
MuleSoft Meetup Vancouver 5th Virtual EventVikalp Bhalia
 
MuleSoft Meetup Pune 25 Mar 2023.pdf
MuleSoft Meetup Pune 25 Mar 2023.pdfMuleSoft Meetup Pune 25 Mar 2023.pdf
MuleSoft Meetup Pune 25 Mar 2023.pdfKunal Gupta
 
Mumbai MuleSoft Meetup 12
Mumbai MuleSoft Meetup 12Mumbai MuleSoft Meetup 12
Mumbai MuleSoft Meetup 12Akshata Sawant
 
MuleSoft Surat Live Demonstration Virtual Meetup#1 - Anypoint VPC VPN and DLB
MuleSoft Surat Live Demonstration Virtual Meetup#1 - Anypoint VPC VPN and DLBMuleSoft Surat Live Demonstration Virtual Meetup#1 - Anypoint VPC VPN and DLB
MuleSoft Surat Live Demonstration Virtual Meetup#1 - Anypoint VPC VPN and DLBJitendra Bafna
 
Mulesoft Meetup Roma - CloudHub 2.0: a fully managed, containerized integrati...
Mulesoft Meetup Roma - CloudHub 2.0: a fully managed, containerized integrati...Mulesoft Meetup Roma - CloudHub 2.0: a fully managed, containerized integrati...
Mulesoft Meetup Roma - CloudHub 2.0: a fully managed, containerized integrati...Alfonso Martino
 
Webinar: Dealing with automation tool overload!
Webinar: Dealing with automation tool overload!Webinar: Dealing with automation tool overload!
Webinar: Dealing with automation tool overload!Cloudify Community
 
IBM Cloud Integration Platform High Availability - Integration Tech Conference
IBM Cloud Integration Platform High Availability - Integration Tech ConferenceIBM Cloud Integration Platform High Availability - Integration Tech Conference
IBM Cloud Integration Platform High Availability - Integration Tech ConferenceRobert Nicholson
 
20151019 v mworld2015-recap-02
20151019 v mworld2015-recap-0220151019 v mworld2015-recap-02
20151019 v mworld2015-recap-02Kevin Groat
 
Tungsten Fabric Overview
Tungsten Fabric OverviewTungsten Fabric Overview
Tungsten Fabric OverviewMichelle Holley
 
Red Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShiftRed Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShiftKangaroot
 
VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...
VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...
VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...VMworld
 
VMworld 2014: How to Build a Hybrid Cloud
VMworld 2014: How to Build a Hybrid CloudVMworld 2014: How to Build a Hybrid Cloud
VMworld 2014: How to Build a Hybrid CloudVMworld
 
CIT-2697 - Customer Success Stories with IBM PureApplication System
CIT-2697 - Customer Success Stories with IBM PureApplication SystemCIT-2697 - Customer Success Stories with IBM PureApplication System
CIT-2697 - Customer Success Stories with IBM PureApplication SystemHendrik van Run
 
03-03-2023 - APIForce (1).pdf
03-03-2023 - APIForce (1).pdf03-03-2023 - APIForce (1).pdf
03-03-2023 - APIForce (1).pdfAmir Khan
 

Similar to MuleSoft Meetup Roma - CloudHub Networking Stategies (20)

Montreal MuleSoft_Meetup_16-Aug.pptx
Montreal MuleSoft_Meetup_16-Aug.pptxMontreal MuleSoft_Meetup_16-Aug.pptx
Montreal MuleSoft_Meetup_16-Aug.pptx
 
Operationalizing CloudHub 2.0 - Meetup.pptx
Operationalizing CloudHub 2.0 - Meetup.pptxOperationalizing CloudHub 2.0 - Meetup.pptx
Operationalizing CloudHub 2.0 - Meetup.pptx
 
MuleSoft Meetup Vancouver 5th Virtual Event
MuleSoft Meetup Vancouver 5th Virtual EventMuleSoft Meetup Vancouver 5th Virtual Event
MuleSoft Meetup Vancouver 5th Virtual Event
 
CloudPresentation.pptx
CloudPresentation.pptxCloudPresentation.pptx
CloudPresentation.pptx
 
Madrid meetup #7 deployment models
Madrid meetup #7 deployment modelsMadrid meetup #7 deployment models
Madrid meetup #7 deployment models
 
MuleSoft Meetup Pune 25 Mar 2023.pdf
MuleSoft Meetup Pune 25 Mar 2023.pdfMuleSoft Meetup Pune 25 Mar 2023.pdf
MuleSoft Meetup Pune 25 Mar 2023.pdf
 
Mumbai MuleSoft Meetup 12
Mumbai MuleSoft Meetup 12Mumbai MuleSoft Meetup 12
Mumbai MuleSoft Meetup 12
 
MuleSoft Surat Live Demonstration Virtual Meetup#1 - Anypoint VPC VPN and DLB
MuleSoft Surat Live Demonstration Virtual Meetup#1 - Anypoint VPC VPN and DLBMuleSoft Surat Live Demonstration Virtual Meetup#1 - Anypoint VPC VPN and DLB
MuleSoft Surat Live Demonstration Virtual Meetup#1 - Anypoint VPC VPN and DLB
 
Mulesoft Meetup Roma - CloudHub 2.0: a fully managed, containerized integrati...
Mulesoft Meetup Roma - CloudHub 2.0: a fully managed, containerized integrati...Mulesoft Meetup Roma - CloudHub 2.0: a fully managed, containerized integrati...
Mulesoft Meetup Roma - CloudHub 2.0: a fully managed, containerized integrati...
 
Could the “C” in HPC stand for Cloud?
Could the “C” in HPC stand for Cloud?Could the “C” in HPC stand for Cloud?
Could the “C” in HPC stand for Cloud?
 
Webinar: Dealing with automation tool overload!
Webinar: Dealing with automation tool overload!Webinar: Dealing with automation tool overload!
Webinar: Dealing with automation tool overload!
 
IBM Cloud Integration Platform High Availability - Integration Tech Conference
IBM Cloud Integration Platform High Availability - Integration Tech ConferenceIBM Cloud Integration Platform High Availability - Integration Tech Conference
IBM Cloud Integration Platform High Availability - Integration Tech Conference
 
20151019 v mworld2015-recap-02
20151019 v mworld2015-recap-0220151019 v mworld2015-recap-02
20151019 v mworld2015-recap-02
 
Tungsten Fabric Overview
Tungsten Fabric OverviewTungsten Fabric Overview
Tungsten Fabric Overview
 
Red Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShiftRed Hat multi-cluster management & what's new in OpenShift
Red Hat multi-cluster management & what's new in OpenShift
 
VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...
VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...
VMworld 2013: vCloud Hybrid Service: Enterprise Applications on vCloud Hybrid...
 
VMworld 2014: How to Build a Hybrid Cloud
VMworld 2014: How to Build a Hybrid CloudVMworld 2014: How to Build a Hybrid Cloud
VMworld 2014: How to Build a Hybrid Cloud
 
CIT-2697 - Customer Success Stories with IBM PureApplication System
CIT-2697 - Customer Success Stories with IBM PureApplication SystemCIT-2697 - Customer Success Stories with IBM PureApplication System
CIT-2697 - Customer Success Stories with IBM PureApplication System
 
03-03-2023 - APIForce (1).pdf
03-03-2023 - APIForce (1).pdf03-03-2023 - APIForce (1).pdf
03-03-2023 - APIForce (1).pdf
 
cc.pptx
cc.pptxcc.pptx
cc.pptx
 

Recently uploaded

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 

Recently uploaded (20)

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 

MuleSoft Meetup Roma - CloudHub Networking Stategies

  • 1. Thursday 22/04/2021 Rome MuleSoft Meetup Group Networking Strategies on CloudHub
  • 2. 2 Muleys, Meetup Leaders and… speakers: Contacts: ● amartino@mulesoft.com ● sbenfari@mulesoft.com Introductions
  • 3. 3 ● CloudHub Physical Architecture (50 mins) ● Demo time: Application traffic routing through Dedicated Load Balancer (30 mins) ● Q&A (15 mins) ● Trivia quiz (15 mins) Agenda
  • 5. MuleSoft’s Anypoint Platform Control Plane Runtime Plane Unified single solution for iPaaS and full lifecycle API Control Plane: MuleSoft Managed : 2 Control plane US (N Virginia) & EU (Frankfurt or Dublin) Customer Managed : Private Cloud Edition - PCE Runtime plane: This is where the APIs & Integrations are hosted. CloudHub: MuleSoft Managed Runtime plane Standalone Mule/RTF/PCE : Customer managed.
  • 6. 6 CloudHub (Commercial/GovCloud) Hybrid (Standalone/RTF) On-premise (Private Cloud Edition) Control Plane Runtime Plane Managed by MuleSoft Managed by the Customer (Data center) Managed by the Customer (3rd party Cloud) MuleSoft’s Anypoint Platform Deployment Model
  • 7. Runtime Plane Worker Worker Mule App Mule App Worker Mule App Worker Mule App Worker Mule App Worker Mule App Anypoint CloudHub Anypoint Platform Control Plane Internal & External APIs RUNTIME MANAGER ACCESS MANAGEMENT MANAGEMENT CENTER VISUALIZER ADVANCE MONITORING EXCHANGE PARTNER MANAGER` API DESIGNER DESIGN CENTER API ANALYTICS CLOUDHUB
  • 8. Worker Mule App Worker Mule App Worker Mule App Anypoint CloudHub Architecture SHARED/DEDICATED LOAD BALANCER RUNTIME PLANE HTTP/S mTLS mTLS mTLS mTLS RUNTIME MANAGER ADVANCED MONITORING MANAGEMENT CENTER API MANAGER CUSTOMER VPC CONTROL PLANE
  • 9. Multi-tenancy Support and Logical Segregation Business Groups & Environments
  • 10. ● Business Groups provide a mechanism for delegating management and administration of Anypoint Platform to users within different business units or functions ● Business Groups provide complete isolation of resources allowing for multitenant use cases within your Anypoint Platform account ● Centralized administrators can create a multi-level hierarchical structure of Business Groups and then delegate users from the specific groups to be administrators at BG level Multi-tenancy Implementation on CH Business Groups Reference Documentation: https://docs.mulesoft.com/access-management/business-groups
  • 11. 11 ● Business Groups reside all within Master Org (root), as part of Customer unique subscription ● Flexible model - it enables delegation at different level ○ Certain Core Functions such as SSO and common artifacts (i.e. libraries) are setup at the root org level and shared across Business Groups. ○ Infrastructure Components can be defined centrally or specific to a Business Group. ○ Operations and Deployments are local to a Business Group. ● Business Group level environments are logical boundaries and map to shared/centralized infrastructure without need for replication. Multi-tenancy Implementation on CH Business Groups Reference Documentation: https://docs.mulesoft.com/access-management/business-groups
  • 12. 12 Root Org LoB 1 (BG) LoB 2 (BG) LoB 3 (BG) VPC Sandbox VPC PROD Dev Test UAT PROD Side note - APIs in different VPCs can still communicate each other (depending on networking rules implemented) Dev Test UAT Dev Test UAT PROD PROD Multi-tenancy Implementation on CH Business Groups & Environment Segregation - Typical Setup
  • 13. Anypoint Resources (i.e VPC or redistributable entitlements like vCores or Static IPs) can be created at any level of the Anypoint Organization structure but can only be shared vertically down the Anypoint Organization structure, not up or across Example 2: VPC created in Business Group B Example 1: VPC created in Business Group A Example 3: VPC created in Master Organization Multi-tenancy Implementation on CH Resources Inheritance in a Hierarchical Org Structure
  • 15. 15 Isolated network segment specific to a customer hosted in our AWS account and managed by MuleSoft ● Workers are deployed into this network segment and assigned an internal IP address within the address space determined by the customer (CIDR block) ● Can be connected to customer’s data center or one of their private AWS VPC (via peering) ● The base Anypoint VPC subscription includes two Anypoint VPCs ● Each Anypoint VPC can be associated with multiple environments (typically 1 VPC for PROD and 1 for SANDBOX) ● It allows you to configure firewall rules to apply to your workers ● Regional service (it must be binded to a specific Region) CloudHub Networking Virtual Private Cloud (VPC) Reference Documentation: https://docs.mulesoft.com/runtime-manager/virtual-private-cloud Availability Zone 1 Availability Zone 2 Availability Zone 4 Each VPC has its own firewall to gate access Region Mule Worker Mule Worker Mule Worker Mule Worker Mule Worker Mule Worker A VPC is created within an AWS Region A VPC can span up to 4 Availability Zones A VPC can have a maximum of 64K IP addresses Non-Production VPC - [10.1.0.0/16] Production VPC - [10.1.1.0/24] A VPC must have minimum of 256 IP addresses
  • 16. 16 CloudHub Networking Virtual Private Cloud (VPC) Sizing Proper sizing has to be performed upfront (no possibility to change it later) Supported CIDR blocks /24 - /16 No costs associated to over provisioning For each worker deployed to CloudHub, the following IP assignation takes place: ● A few IP addresses are reserved for infrastructure ● At least two IP addresses per worker to perform at zero-downtime General Rule of Thumb - 10 IPs per Mule Application (interface)
  • 17. High Availability & Disaster Recovery
  • 18. CloudHub offers several features for redundancy and reliability, which includes reliability across data centers within a region ● Multiple workers for the same application are distributed across two or more data centers. ● Apps are automatically restarted whenever they fail. ● The load balancer directs traffic to other workers if a worker is down If an application uses a single worker, when the availability zone is unavailable, CloudHub automatically restarts the application in a different availability zone. In this case, the application might experience downtime. Important: define upfront the Business Critical apps which can’t tolerate service disruption and allocate them multiple Workers! High Availability CloudHub Deployment Model & Self-healing Mechanisms
  • 19. Disaster Recovery 19 CloudHub Global Infrastructure - DR across Regions Global Infrastructure relying on AWS Regions Automatic disaster recovery across regions is not offered by CloudHub If a Region goes down, the applications within the region are unavailable and not automatically replicated in other regions.
  • 20. Disaster Recovery 20 CloudHub Global Infrastructure - DR across Regions Mitigation Strategy Multi-Region deploy (active-active, active-passive, pilot fire) It requires ● External Load Balancer provisioned by Customer (i.e. AWS ELB) ● Setup of VPC and VPN connectivity across the different regions w/ local DC ● Fully stateless Apps to avoid message loss (AMQ, ObjectStore, VM Queues are regional services)
  • 23. CloudHub Networking Virtual Private Network Connecting to your Anypoint VPC via VPN extends your corporate intranet and allows CloudHub workers to access resources behind your corporate firewall. ● Anypoint VPN supports site-to-site Internet Protocol security (IPsec) connections. A physical or software appliance, called a VPN endpoint, is the terminator on your side of the connection. The MuleSoft side of the connection is an implementation of a virtual private gateway (VGW) ● MuleSoft VGW can support up to 10 VPN connections per VPC ● Supports Dynamic (BGP protocol) and Static Routing - BGP is the preferred option ● Anypoint VPN acts only as a responder (you must initiate traffic to open tunnel - see KB how to generate interesting traffic) ● Each Anypoint VPN connection consists of two tunnels for HA ● MuleSoft VGW implementation supports a maximum throughput of 1.25 Gbps (shared across all the VPNs connected to the VPC) ● Anypoint Management Console allows to download device specific configuration ● VPN and Direct Connect can’t coexist on same VPC ● VPC CIDR block can’t overlap to Data Center IP range VPN Requirements: https://docs.mulesoft.com/runtime-manager/vpn-about KB: https://help.mulesoft.com/s/article/Anypoint-VPN-Knowledge-Articles Test / troubleshoot connectivity (KB) here
  • 25. Load Balancing 25 CloudHub Shared Load Balancer (default) • This type of load balancer sits outside of the Customer’s VPC and it is shared between all the CloudHub customers • There is one SLB clustered instance in each CloudHub region that serves all the CloudHub customers in that AWS region (limited throughput respect DLB) • SLB can only be used to load balance calls for the external-facing APIs (internal LB through HTTP Connector or Messaging patterns) • It supports HTTPS, but it is not possible to use custom TLS certificates • Impossible to setup vanity domains
  • 26. Shared Load Balancer (default) Region AWS Region CloudHub Shared VPC Mule Worker appEthel [us-e2] [cloudhub.io] CloudHub Domain Name Shared Load Balancer [us-e2.cloudhub.io] SLB Domain Name <app_name>.<region>.cloudhub.io appEthel.us-e2.cloudhub.io Standard FQDN template 1 HTTP/S Client http://3.23.92.132:8081 http://appLucy.us- e2.cloudhub.io 4 http://mule-worker-appLucy.us- e2.cloudhub.io:8081 5 Default mapping rules for the Shared Load Balancer 3 appLucy.us-e2.cloudhub.io:80 mule-worker-appLucy.us-e2.cloudhub.io:8081 appEthel.us-e2.cloudhub.io:443 mule-worker-appEthel.us-e2.cloudhub.io:8082 When an application is deployed to CloudHub, the application gets several public DNS records. 2 Mule Worker [3.23.92.132] appLucy Mule Worker [3.12.83.228] appLucy A CNAME record(alias) to the shared load balancer of the region where the app is deployed to. A records for all public IP addresses of the shared load balancer A records for all public IP addresses of the CH workers running the app. An app can be directly accessed (i.e., the SLB can be bypassed) by pre-pending "mule-worker-" to the FQDN of the app. A records for all private IP addresses of the CH workers running the app. An app can be directly accessed from other apps within a customer VPC by pre-pending "mule-worker-internal-" to the FQDN of the app. appLucy.us-e2.cloudhub.io. 60 IN CNAME us-e2.cloudhub.io. us-e2.cloudhub.io. 60 60 IN A 3.130.220.225 us-e2.cloudhub.io. 60 60 IN A 3.22.15.255 us-e2.cloudhub.io. 60 60 IN A 18.221.57.233 mule-worker-appLucy.us-e2.cloudhub.io. 30 IN A 3.23.92.132 mule-worker-appLucy.us-e2.cloudhub.io. 30 IN A 3.12.83.228 mule-worker-internal-appLucy.us-e2.cloudhub.io. 60 IN A 172.25.6.221 mule-worker-internal-appLucy.us-e2.cloudhub.io. 60 IN A 172.25.92.140
  • 27. Load Balancing 27 CloudHub Dedicated Load Balancer (Subscription req.) • The Dedicated Load Balancer sits inside the Customer’s VPC • It is possible to configure more than one DLB in a VPC • Unlike SLB, a DLB instance can be used for load balancing internal traffic across the workers within a VPC. • It supports Custom TLS Certificates (including 2-Way TLS Authentication) • It allows to define proxy rules - Vanity Domain Names • It allows to enforce IP Whitelist/Blacklist
  • 28. ● A DLB is an optional add-on entitlement ● A DLB typically has higher throughput capabilities than a Shared Load Balancer ● A DLB supports custom SSL certificates and two-way SSL (Mutual SSL) ● A DLB supports proxy rules for mapping applications to custom domains, so, for example, everything can be hosted under a single vanity domain ● A DLB is deployed inside of a particular Anypoint VPC ■ A VPC can have more than one DLB ■ A DLB cannot span multiple VPC ● A DLB is comprised of one or more load balancer units but can be scaled ■ A single load balancer unit is comprised of two workers ■ You can assign a maximum to 4 load balancer units to a DLB ■ A fully maxed out DLB will have 8 workers Load Balancing CloudHub Dedicated Load Balancer (Subscription req.)
  • 29. Using a Single DLB ● Provides network isolation of Mule applications within a VPC ● Governs which internal endpoints can be accessed via customizable mapping rules ● Supports IP Whitelisting to govern which networks can access the DLB ● Performs load balancing of internal traffic across workers within a VPC ● Offloads TLS processing by terminating TLS connections at the DLB
  • 30. Dedicated Load Balancer Architecture http://appLucy.us- e2.cloudhub.io 7 [cloudhub.io] CloudHub Domain Name Region AWS Region [us-e2] Customer VPC [10.100.1.0/24] DNS records for the Dedicated Load Balancer 3 HTTP/S Client https://my- dlb.lb.anypointdns.net/appLucy 6 Mule Worker appLucy Mule Worker appLucy Mule Worker appEthel ● FQDN for the apps the same as in SLB architecture. ● DNS entries are similar as in SLB architecture, except internal addresses will be from the 10.100.1.0/24 pool. Default mapping rules for the Dedicated Load Balancer 4 Default mapping rules for the Shared Load Balancer 5 Shared Load Balancer [us-e2.cloudhub.io] <lb_name>.lb.anypointdns.net my-dlb.lb.anypointdns.net Standard FQDN template for the DLB 2 Dedicated Load Balancer [my-dlb.lb.anypointdns.net] Default firewall rules for the customer VPC 1 Source CIDR Dest. Port 10.100.1.0/24 8091 10.100.1.0/24 8092 0.0.0.0/0 8081 0.0.0.0/0 8082 my-dlb.lb.anypointdns.net. 60 IN A 3.130.220.225 my-dlb.lb.anypointdns.net. 60 IN A 3.22.15.255 internal-my-dlb.lb.anypointdns.net. 30 IN A 10.100.1.21 internal-my-dlb.lb.anypointdns.net. 30 IN A 10.100.1.105 appLucy.us-e2.cloudhub.io:80 mule-worker-appLucy.us-e2.cloudhub.io:8081 appEthel.us-e2.cloudhub.io:443 mule-worker-appEthel.us-e2.cloudhub.io:8082 my-dlb.lb.anypointdns.net:8080/appLucy mule-worker-internal-appLucy.us-e2.cloudhub.io:8091 my-dlb.lb.anypointdns.net:443/appEthel mule-worker-internal-appEthel.us-e2.cloudhub.io:8092
  • 31. Using Multiple DLBs ● Provides for even greater network isolation of Mule applications within a VPC ● Provides for a flexible governance and load balancing architecture ○ Use one DLB to expose and load balance external facing APIs (e.g., Experience APIs) ○ Use a second DLB to hide internal APIs (e.g., Process and System APIs) but still allow internal APIs to be load balanced. ○ Naming convention and patterns allow for dynamic routing and protection of internal APIs KB: https://help.mulesoft.com/s/article/How-to-dynamically-restrict-external-access-to-specific-APIs-using-Dedicated-Load-Balancers
  • 32. [cloudhub.io] Region [us-e2] Customer VPC [10.100.1.0/24] Process requests from anywhere 4 Multiple Dedicated Load Balancers Architecture Mule Worker Exp. API Mule Worker Exp. API Mule Worker Exp. API Mule Worker Process API Mule Worker Process API Mule Worker Process API Mule Worker System API Mule Worker System API Mule Worker System API 5 Process requests only from VPC addresses Default mapping rules for each DLB 3 ● All applications within the VPC should be exposed on either port 8091 for HTTP or 8092 for HTTPS ● All applications have internal addresses from the 10.100.1.0/24 pool. 1 /{app} mule-worker-internal-{app}.us-e2.cloudhub.io:8091 Internal/Private DLB [int-dlb.lb.anypointdns.net] External/Public DLB [ext-dlb.lb.anypointdns.net] Firewall rules for the customer VPC to allow traffic from only within the VPC 2 Source CIDR Dest. Port 10.100.1.0/24 8091 10.100.1.0/24 8092 Whitelisted CIDR 0.0.0.0/0 Whitelisted CIDR 10.100.1.0/24 Shared DLB [us-e1.cloudhub.io]
  • 33. Demo time: Application traffic routing through DLB
  • 34. Prerequisite - Permissions Required Runtime Manager> Read applications + Create Applications + CloudHub Network Admin
  • 35. Prerequisite - Org Entitlements The Anypoint Organisation must included at least following entitlements: ● 1 VPC ● 1 Dedicated Load Balancer ● At least 0.1 vCores allocated
  • 36. Prerequisite - Development Tools A certificate generation tool e.g. Open SSL A REST client e.g. Postman or Advanced REST Client Anypoint Studio
  • 37. Creating a VPC 1. Provide a name 2. Choose the AWS deployment region 3. Provide a CIDR (must not clash with any internal network ranges if relevant) Choose environments to be included in the VPC 1. Optionally share with sub BGs Documentation Reference CIDR Size Reference
  • 38. Configure Firewall Rules In order to block public inbound traffic remove the Anywhere 0.0.0.0/0 rules Note that all internal traffic will use port 8091 for HTTP and port 8092 for HTTPS Documentation Reference
  • 39. Creating a DLB - Prerequisites A VPC must already exist A certificate key pair in PEM format How to create a key pair using SSL
  • 40. Creating a DLB 1. Provide a name 2. Choose the VPC to associate with 2 workers is default - each DLB license allows for 2 workers 1. Whitelist the IPs to accept traffic from in CIDR notation. Anywhere is default
  • 41. Creating a DLB Choose how HTTP requests should be handled Additional optional configurations (leave defaults)
  • 42. Creating an SSL Endpoint Upload the public and private keys If mutual TLS was required a client cert can be added
  • 43. API Naming and URL Mapping Rules A common use case customers have is to make only certain APIs publicly accessible. For example, we may want to make our Experience APIs available to the public internet but secure our Process and System APIs within the VPC. This can be achieved by defining a naming convention for ‘public’ and ‘private’ applications, and then applying mapping rules based on this convention.
  • 44. Configuring URL Mapping Rules In the example below, we map all incoming requests to applications with the naming convention exp- {app} This means only Experience APIs will be accessible via the DLB Default Mapping Rules Custom Mapping Rules
  • 45. Creating a DLB Once all configuration options are complete create the DLB and wait for it to start
  • 46. Testing a VPC and DLB Configuration Create a simple Mule app which listens for HTTP requests Ensure the listener uses port 8091
  • 47. Testing a VPC and DLB Configuration 1. Deploy the app to CloudHub 2. Ensure the region matches the VPC region and the environment is included in the VPC 3. Ensure the HTTP port is 8091 (8092 for HTTPS listeners)
  • 48. Testing a VPC and DLB Configuration In order to send a request, we must call the DLB endpoint/app-name, keeping in mind any mapping rules e.g. mapping rule adds exp- prefix, to the request must not include this prefix *If a Chrome security alert appears, typing “this is unsafe” while on the page will bypass the warning
  • 49. Q&A
  • 51. 51 ● Share: ○ Tweet using the hashtag #MuleSoftMeetups ○ Invite your network to join: https://meetups.mulesoft.com/rome/ ● Feedback: ○ Fill out the survey feedback and suggest topics for upcoming events ○ Contact MuleSoft at meetups@mulesoft.com for ways to improve the program What’s next?