The document discusses Anypoint VPC, VPN and Dedicated Load Balancer in MuleSoft. It provides an agenda for the meetup including a speaker introduction. It then presents a customer problem statement about implementing MuleSoft for connecting applications. The remainder of the document dives into technical details about VPC, VPN, DLB architecture and configuration, access methods, and includes references for additional information.
Toronto Virtual Meetup #7 - Anypoint VPC, VPN and DLB ArchitectureAlexandra N. Martinez
Join us for this meetup where Jitendra Bafna (Jacky) will be talking about Anypoint VPC, VPN and DLB Architecture. He will mention the best practices, some use cases, and a live demo!
End-End Security with Confluent Platform confluent
(Vahid Fereydouny, Confluent) Kafka Summit SF 2018
Security and compliance are key concerns for many organizations today and it is very important that we can meet these requirements in our platform. This is also extremely critical for customers who are adopting Confluent cloud offerings, since moving the streaming platform to cloud exposes new security and governance issues.
In this session, we will discuss how Confluent is providing control and visibility to address these concerns and enable secure streaming platforms. We will cover the main pillars of IT security in access control (authentication, authorization), data confidentiality (encryption) and auditing.
Die Bereitstellung und der Betrieb eines verteilten und skalierbaren Datensystems kann eine Herausforderung darstellen. Wenn die Plattform skaliert wird, um zusätzliche Use Cases zu unterstützen, stehen Unternehmen vor Herausforderungen wie langen Bereitstellungszyklen, betrieblicher Komplexität oder Schwierigkeiten bei der Gewährleistung von Security auf Unternehmensebene.Eine umfassende Sicherheitsstrategie beinhaltet die Sicherstellung des Zugriffs auf Ressourcen auf eine Weise, die einfach genug zu begründen ist, aber dennoch flexibel genug, um die Sicherheitsrichtlinien Ihres Unternehmens präzise umzusetzen. Wenn die Nutzung von Event Streaming zunimmt, müssen Sie möglicherweise Dutzenden oder sogar Hunderten von Benutzern/Service-Accounts Zugriff gewähren. Dazu gehören nicht nur Kafka, sondern auch Connect, KSQL, Schema Registry usw., und es erfordert eine neue Denkweise über die Autorisierung.In diesem Webinar stellen wir die neuen Security-Komponenten (Role Based Access Control -RBAC und Secret Protection) von Confluent Platform live vor und gehen auch auf die Best Practices in diesem Umfeld ein.
In this webinar, we review the benefits of deploying a microservices architecture with Cassandra as your backbone in order to ensure your applications become incredibly reliable. We discuss in detail:
- How to create microservices in Node.js with ExpressJs and Seneca
- Tuning the Node.js driver for Cassandra: error handling, load balancing and degrees of parallelism
- Additional best practices to ensure your systems are highly performant and available
The sample service is available on GitHub: https://github.com/jorgebay/killr-service
Cloud Native Spring - The role of Spring Cloud after Kubernetes became a main...Orkhan Gasimov
Presentation of my talk about Spring Cloud features that can integrate with AWS, GCP and Azure turning Spring Cloud into a distributed platform that is capable to work with different environments like Kubernetes, Cloud or Local with adoption of Spring abstractions.
Toronto Virtual Meetup #7 - Anypoint VPC, VPN and DLB ArchitectureAlexandra N. Martinez
Join us for this meetup where Jitendra Bafna (Jacky) will be talking about Anypoint VPC, VPN and DLB Architecture. He will mention the best practices, some use cases, and a live demo!
End-End Security with Confluent Platform confluent
(Vahid Fereydouny, Confluent) Kafka Summit SF 2018
Security and compliance are key concerns for many organizations today and it is very important that we can meet these requirements in our platform. This is also extremely critical for customers who are adopting Confluent cloud offerings, since moving the streaming platform to cloud exposes new security and governance issues.
In this session, we will discuss how Confluent is providing control and visibility to address these concerns and enable secure streaming platforms. We will cover the main pillars of IT security in access control (authentication, authorization), data confidentiality (encryption) and auditing.
Die Bereitstellung und der Betrieb eines verteilten und skalierbaren Datensystems kann eine Herausforderung darstellen. Wenn die Plattform skaliert wird, um zusätzliche Use Cases zu unterstützen, stehen Unternehmen vor Herausforderungen wie langen Bereitstellungszyklen, betrieblicher Komplexität oder Schwierigkeiten bei der Gewährleistung von Security auf Unternehmensebene.Eine umfassende Sicherheitsstrategie beinhaltet die Sicherstellung des Zugriffs auf Ressourcen auf eine Weise, die einfach genug zu begründen ist, aber dennoch flexibel genug, um die Sicherheitsrichtlinien Ihres Unternehmens präzise umzusetzen. Wenn die Nutzung von Event Streaming zunimmt, müssen Sie möglicherweise Dutzenden oder sogar Hunderten von Benutzern/Service-Accounts Zugriff gewähren. Dazu gehören nicht nur Kafka, sondern auch Connect, KSQL, Schema Registry usw., und es erfordert eine neue Denkweise über die Autorisierung.In diesem Webinar stellen wir die neuen Security-Komponenten (Role Based Access Control -RBAC und Secret Protection) von Confluent Platform live vor und gehen auch auf die Best Practices in diesem Umfeld ein.
In this webinar, we review the benefits of deploying a microservices architecture with Cassandra as your backbone in order to ensure your applications become incredibly reliable. We discuss in detail:
- How to create microservices in Node.js with ExpressJs and Seneca
- Tuning the Node.js driver for Cassandra: error handling, load balancing and degrees of parallelism
- Additional best practices to ensure your systems are highly performant and available
The sample service is available on GitHub: https://github.com/jorgebay/killr-service
Cloud Native Spring - The role of Spring Cloud after Kubernetes became a main...Orkhan Gasimov
Presentation of my talk about Spring Cloud features that can integrate with AWS, GCP and Azure turning Spring Cloud into a distributed platform that is capable to work with different environments like Kubernetes, Cloud or Local with adoption of Spring abstractions.
Containerising the Mule Runtime with Kubernetes & From Zero to Batch : MuleS...Angel Alberici
Speakers:
- Arno Brugman
- Anu Vijayamohan
Host: Angel Alberici
Youtube: Virtual Muleys (https://www.youtube.com/c/VirtualMuleysOnline/videos)
Meetups: https://meetups.mulesoft.com/online-group-english/
After our first session, Containerizing the Mule Runtime with Kubernetes, you will understand the pros and cons of containerizing the Mule Runtime and how Anypoint Runtime Fabric eliminates many of the management and maintenance headaches. We will discuss:
Introduction to containerization
Containerization environments
Containerizing the Mule Runtime with Kubernetes
Building the Image
Deploying the application
CI/CD
Runtime Fabric
After our second session, From Zero to Batch, you will understand the concept of Batch Processing in Mule 4. We will discuss:
Introduction to Batch processing
Use Cases for Batch
Batch Processing Features in Mule 4
Best Practices for Batch Processing
Error Handling
Performance Tuning Considerations
Certification Tips
SpringBoot and Spring Cloud Service for MSAOracle Korea
Cloud 환경에서 MSA를 하기 위해서 Service Discovery, Circuit Breaker 등을 사용하여 Application을 개발하는 방법과 SpringBoot 와 Spring Cloud Service 를 사용하는데, Cloud에서 Kubernetes를 위시한 Container 생태계가 어떻게 MSA에 영향을 미치는지 알아봅니다.
Istio is a service mesh—a modernized service networking layer that provides a transparent and language-independent way to flexibly and easily automate application network functions. Istio is designed to run in a variety of environments: on-premise, cloud-hosted, in Kubernetes containers.
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPOlivia LaMar
This presentation covers:
* The NGINX Ingress Controller for Kubernetes
* NGINX Plus to up-level your KIC Architecture
* NGINX App Protect for securing your Kubernetes services
* Demo of both working in tandem to set:
* Kubernetes routing policy with NGINX KIC
* Granular, Per-App and Per-Service Security Policy with NGINX App Protect
Streaming a Million Likes/Second: Real-Time Interactions on Live VideoC4Media
Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/39NIjLV.
Akhilesh Gupta does a technical deep-dive into how Linkedin uses the Play/Akka Framework and a scalable distributed system to enable live interactions like likes/comments at massive scale at extremely low costs across multiple data centers. Filmed at qconlondon.com.
Akhilesh Gupta is the technical lead for LinkedIn's Real-time delivery infrastructure and LinkedIn Messaging. He has been working on the revamp of LinkedIn’s offerings to instant, real-time experiences. Before this, he was the head of engineering for the Ride Experience program at Uber Technologies in San Francisco.
From Code to Customer with F5 and NGNX London Nov 19NGINX, Inc.
Presentations by Vincent Laverne, Miles Martin, David Luke, Dan Henley and Owen Garrett and at ‘From Code to Customer with F5 and NGNX’ Lunch and Learn in the Shangri-La Hotel, At The Shard, London. Presentations provide tips and insight into how customers are using F5 and the NGINX Application Delivery Platform to drive a transformational agenda that supports their current environments & immediate application requirements in addition to laying the foundational building blocks for a world of cloud-based microservices applications. Solution areas covered will include Load Balancing, API Management & Service Mesh implementation options.
NGINX Microservices Reference Architecture: What’s in Store for 2019 – EMEANGINX, Inc.
Watch this webinar to hear about valuable insights from our customers who have used the NGINX MRA. Learn about our approach to a service mesh solution based on our control plane, NGINX Controller, new tool to migrate faster to KuberNetes as well as new Professional Services offerings.
Join this webinar to learn:
- The status of nginMesh
- How the three MRAs differ from the sample “Ingenious” application
- About our approach to service mesh solutions using NGINX Controller
- About new professional services offerings that shorten the time from concept to production for microservices initiatives
https://www.nginx.com/resources/webinars/nginx-microservices-reference-architecture-whats-in-store-2019-emea/
Replacing and Augmenting F5 BIG-IP with NGINX Plus - EMEANGINX, Inc.
The way we build applications has changed a lot since 1996, when F5 BIG-IP was released. Companies that use F5 BIG-IP complain of high cost and lack of agility. In this webinar we describe how to replace or augment your F5 BIG-IP deployment with NGINX Plus for cost savings and greater agility.
Watch this webinar to learn:
- A brief history of F5 Networks and the BIG-IP, from initial release to early success
- About five industry trends that are disrupting F5 and making F5 BIG-IP a hindrance to the modern enterprise looking for agility
- Three ways to gracefully replace or augment F5 BIG-IP with NGINX Plus, without having to rip and replace
- About application architectures possible with NGINX Plus, but not with F5 BIG-IP, such as API gateways
https://www.nginx.com/resources/webinars/replacing-augmenting-f5-big-ip-nginx-plus-emea/
MuleSoft Deployment Strategies (RTF vs Hybrid vs CloudHub)Prashanth Kurimella
Differences between MuleSoft Deployment Strategies (RTF vs Hybrid vs CloudHub)
For additional information, read https://www.linkedin.com/pulse/mulesoft-deployment-strategies-rtf-vs-hybrid-cloudhub-kurimella/
Scale your application to new heights with NGINX and AWSNGINX, Inc.
On-demand Link:
https://www.nginx.com/resources/webinars/scale-application-new-heights-nginx-aws/
In this webinar we will discuss how AWS and NGINX can complement each other to create highly scalable, high performance and secure web applications. We will cover the different ways that NGINX can integrate with AWS services such as NLB, Route53 and PrivateLink to add new layers of security and functionality to your high traffic website, streaming service or IOT system.
Microservices with Node.js and RabbitMQPaulius Uza
Microservices with Node.js and RabbitMQ. Case study of real world infrastructure scalability using data-layer-rabbitmq library.
https://github.com/bdswiss/data-layer-rabbitmq
Presented at Node.js Athens Meetup, Dec 17 2015
Containerising the Mule Runtime with Kubernetes & From Zero to Batch : MuleS...Angel Alberici
Speakers:
- Arno Brugman
- Anu Vijayamohan
Host: Angel Alberici
Youtube: Virtual Muleys (https://www.youtube.com/c/VirtualMuleysOnline/videos)
Meetups: https://meetups.mulesoft.com/online-group-english/
After our first session, Containerizing the Mule Runtime with Kubernetes, you will understand the pros and cons of containerizing the Mule Runtime and how Anypoint Runtime Fabric eliminates many of the management and maintenance headaches. We will discuss:
Introduction to containerization
Containerization environments
Containerizing the Mule Runtime with Kubernetes
Building the Image
Deploying the application
CI/CD
Runtime Fabric
After our second session, From Zero to Batch, you will understand the concept of Batch Processing in Mule 4. We will discuss:
Introduction to Batch processing
Use Cases for Batch
Batch Processing Features in Mule 4
Best Practices for Batch Processing
Error Handling
Performance Tuning Considerations
Certification Tips
SpringBoot and Spring Cloud Service for MSAOracle Korea
Cloud 환경에서 MSA를 하기 위해서 Service Discovery, Circuit Breaker 등을 사용하여 Application을 개발하는 방법과 SpringBoot 와 Spring Cloud Service 를 사용하는데, Cloud에서 Kubernetes를 위시한 Container 생태계가 어떻게 MSA에 영향을 미치는지 알아봅니다.
Istio is a service mesh—a modernized service networking layer that provides a transparent and language-independent way to flexibly and easily automate application network functions. Istio is designed to run in a variety of environments: on-premise, cloud-hosted, in Kubernetes containers.
Securing Kubernetes Clusters with NGINX Plus Ingress Controller & NAPOlivia LaMar
This presentation covers:
* The NGINX Ingress Controller for Kubernetes
* NGINX Plus to up-level your KIC Architecture
* NGINX App Protect for securing your Kubernetes services
* Demo of both working in tandem to set:
* Kubernetes routing policy with NGINX KIC
* Granular, Per-App and Per-Service Security Policy with NGINX App Protect
Streaming a Million Likes/Second: Real-Time Interactions on Live VideoC4Media
Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/39NIjLV.
Akhilesh Gupta does a technical deep-dive into how Linkedin uses the Play/Akka Framework and a scalable distributed system to enable live interactions like likes/comments at massive scale at extremely low costs across multiple data centers. Filmed at qconlondon.com.
Akhilesh Gupta is the technical lead for LinkedIn's Real-time delivery infrastructure and LinkedIn Messaging. He has been working on the revamp of LinkedIn’s offerings to instant, real-time experiences. Before this, he was the head of engineering for the Ride Experience program at Uber Technologies in San Francisco.
From Code to Customer with F5 and NGNX London Nov 19NGINX, Inc.
Presentations by Vincent Laverne, Miles Martin, David Luke, Dan Henley and Owen Garrett and at ‘From Code to Customer with F5 and NGNX’ Lunch and Learn in the Shangri-La Hotel, At The Shard, London. Presentations provide tips and insight into how customers are using F5 and the NGINX Application Delivery Platform to drive a transformational agenda that supports their current environments & immediate application requirements in addition to laying the foundational building blocks for a world of cloud-based microservices applications. Solution areas covered will include Load Balancing, API Management & Service Mesh implementation options.
NGINX Microservices Reference Architecture: What’s in Store for 2019 – EMEANGINX, Inc.
Watch this webinar to hear about valuable insights from our customers who have used the NGINX MRA. Learn about our approach to a service mesh solution based on our control plane, NGINX Controller, new tool to migrate faster to KuberNetes as well as new Professional Services offerings.
Join this webinar to learn:
- The status of nginMesh
- How the three MRAs differ from the sample “Ingenious” application
- About our approach to service mesh solutions using NGINX Controller
- About new professional services offerings that shorten the time from concept to production for microservices initiatives
https://www.nginx.com/resources/webinars/nginx-microservices-reference-architecture-whats-in-store-2019-emea/
Replacing and Augmenting F5 BIG-IP with NGINX Plus - EMEANGINX, Inc.
The way we build applications has changed a lot since 1996, when F5 BIG-IP was released. Companies that use F5 BIG-IP complain of high cost and lack of agility. In this webinar we describe how to replace or augment your F5 BIG-IP deployment with NGINX Plus for cost savings and greater agility.
Watch this webinar to learn:
- A brief history of F5 Networks and the BIG-IP, from initial release to early success
- About five industry trends that are disrupting F5 and making F5 BIG-IP a hindrance to the modern enterprise looking for agility
- Three ways to gracefully replace or augment F5 BIG-IP with NGINX Plus, without having to rip and replace
- About application architectures possible with NGINX Plus, but not with F5 BIG-IP, such as API gateways
https://www.nginx.com/resources/webinars/replacing-augmenting-f5-big-ip-nginx-plus-emea/
MuleSoft Deployment Strategies (RTF vs Hybrid vs CloudHub)Prashanth Kurimella
Differences between MuleSoft Deployment Strategies (RTF vs Hybrid vs CloudHub)
For additional information, read https://www.linkedin.com/pulse/mulesoft-deployment-strategies-rtf-vs-hybrid-cloudhub-kurimella/
Scale your application to new heights with NGINX and AWSNGINX, Inc.
On-demand Link:
https://www.nginx.com/resources/webinars/scale-application-new-heights-nginx-aws/
In this webinar we will discuss how AWS and NGINX can complement each other to create highly scalable, high performance and secure web applications. We will cover the different ways that NGINX can integrate with AWS services such as NLB, Route53 and PrivateLink to add new layers of security and functionality to your high traffic website, streaming service or IOT system.
Microservices with Node.js and RabbitMQPaulius Uza
Microservices with Node.js and RabbitMQ. Case study of real world infrastructure scalability using data-layer-rabbitmq library.
https://github.com/bdswiss/data-layer-rabbitmq
Presented at Node.js Athens Meetup, Dec 17 2015
AWS re:Invent 2016: Hybrid Architecture Design: Connecting Your On-Premises W...Amazon Web Services
You’re trying to minimize your time to deploy applications, reduce capital expenditure, and take advantage of the economies of scale made possible by using Amazon Web Services; however, you have existing on-premises applications that are not quite ready for complete migration. Hybrid architecture design can help! In this session, we discuss the fundamentals that any architect needs to consider when building a hybrid design from the ground up. Attendees get exposure to Amazon VPC, VPNs, Amazon Direct Connect, on-premises routing and connectivity, application discovery and definition, and how to tie all of these components together into a successful hybrid architecture.
At this joint NYC Cloud Foundry and NY PHP meetup, we'll discuss the shift to Platform-as-a-Service and what it means for PHP development on the cloud.
First, we'll take a look at the "traditional" cloud Infrastructure-as-a-Service (virtual servers and disks) model and describe how Platform-as-a-Service builds upon it to provide the runtimes and data services for hosting PHP applications.
We'll then demonstrate how a PHP developer can use buildpacks and services within a Cloud Foundry PaaS to deploy scalable and resilient apps to his or her cloud of choice.
Along the way we'll compare the variety of buildpacks available to PHP developers, show techniques for binding to services, and highlight best practices for creating born-on-the-cloud apps based on a microservices architecture.
Special thanks to Dan Mikusa for helping with the buildpack comparison.
PHP developers: Please give all three build packs a try. Provide your feedback and submit pull requests on GitHub.
DISCOVER THE FUTURE OF MULE INTEGRATION AS WE DELVE INTO CHOUDHUB 2.0'S INNOVATIVE FEATURES, DIFFERENCES OF CLOUDHUB 1.0 AND CLOUDHUB 2.0, SHARED SPACE AND PRIVATE SPACE.
CloudHub provides a variety of tools to architect your integrations and APIs so that they are maintainable, secure, and scalable. This guide covers the basic network architecture, DNS, and firewall rules.
Couchbase Server on Azure Cloud - best practices for deploying a development or production environment with Couchbase Server on Microsoft's Azure Cloud Platform.
This slide is special for master students (MIBS & MIFB) in UUM. Also useful for readers who are interested in the topic of contemporary Islamic banking.
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
Normal Labour/ Stages of Labour/ Mechanism of LabourWasim Ak
Normal labor is also termed spontaneous labor, defined as the natural physiological process through which the fetus, placenta, and membranes are expelled from the uterus through the birth canal at term (37 to 42 weeks
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
A workshop hosted by the South African Journal of Science aimed at postgraduate students and early career researchers with little or no experience in writing and publishing journal articles.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
2. 2
Agenda
1 MuleSoft as a Multitenant Platform
2 What is MuleSoft VPC VPN and DLB
3 Dedicated Load Balancer V/S Shared Load Balancer
4 Anypoint VPC VPN and DLB Architecture and Use Cases
5 Live Demonstration
6 References
4. 4
Speaker
Jitendra Bafna
Senior Solution Architect
Capgemini
About the speaker:
Working as Senior Solution Architect at Capgemini.
Surat MuleSoft Meetup Leader.
12.5+ Years of Experience in Integrations and API Technologies.
Certified MuleSoft Integration Architect and platform Architect.
5. 5
ACME bank is looking to implement MuleSoft platform for connecting SaaS applications like
Salesforce, applications in private AWS cloud like SAP systems and on premise datacenter like
Databases and other core resources.
They want Cloud based solution where they don’t want to manage infrastructure and all
applications must be highly available and fault tolerance.
Applications can be access by fewer client publicly.
Problem Statement
6. 6
MuleSoft Region and Multitenancy
First, the worker cloud is a multitenant cloud of
virtual machines. These VMs provide the
security and isolation needed for your
integrations to run custom code without
affecting others.
Second, the management console and the
platform services have a "shared everything"
architecture – all tenants share the same web
UI, monitoring services, load balancers, etc.
These services do not process or transmit your
data.
Region Sub-Domain
US East (North Virginia) us-e1.cloudhub.io
US East (Ohio) us-e2.cloudhub.io
US West (Oregon) us-w2.cloudhub.io
US West (North
California)
us-w1.cloudhub.io
Canada (Central) ca-c1.cloudhub.io
Brazil (Sao Paulo) br-s1.cloudhub.io
Europe (Ireland) ir-e1.cloudhub.io
Europe (Frankfurt) de-c1.cloudhub.io
UK (London) uk-e1.cloudhub.io
Asia Pacific (Tokyo) jp-e1.cloudhub.io
Asia Pacific (Sydney) au-s1.cloudhub.io
Asia Pacific (Singapore) sg-s1.cloudhub.io
US West (Oregon)
US East (N. Virginia)
US East (Ohio)
US West (N. California)
EU (Ireland)
EU (London)
EU (Frankfurt)
Asia Pacific (Tokyo)
Asia Pacific (Singapore)
Asia Pacific (Sydney)
Central (Canada)
South America (Sao Paulo)
Runtime Manager (CloudHub)
US West (Oregon)
7. 7
VPC stands for Virtual Private Cloud and it allows you to create logical or isolated networks in the cloud
where you can deploy or run the resources securely. MuleSoft cloudhub is a multi-tenant integration
platform as a service. Anypoint VPC allows you to create an isolated network where you can host the
workers or mule applications.
Anypoint VPC allows you to extend your corporate network and allows cloudhub workers to connect
resources behind the firewalls. VPC allows to connect cloudhub workers to on premise datacenter using
below techniques.
Secure VPN Tunnel (IPsec Tunnelling)
Private AWS using VPC Peering.
AWS Direct Connect.
What is Anypoint VPC?
8. 8
Anypoint VPC
Create a secure virtual network within Cloudhub.
Connect Cloudhub to assets behind the firewall.
Deploy mule runtime securely.
Connect Cloudhub to any public cloud or on premise datacenter
securely.
Advantages
Multiple VPC can be created in the same region.
Always create VPC in the same region or near to your datacenter
or AWS region (VPC peering).
All non prod environments like dev, test, sit can be mapped to non
prod VPC and production environment to prod VPC.
Multiple environments can be mapped to the same VPC’s.
Always create the VPC in the parent business group and share
with sub business groups.
Use Cases
To run the integration or apis within secure networks or private
subnets, you can deploy api with the VPC. For example, you have
system apis that are accessing backend databases and those apis
must be deployed within a secure or private network in cloudhub, so
it is accessible by the applications deployed within the same VPC.
For creating the dedicated load balancer, we need to create a VPC.
For creating VPN IPsec tunnelling, AWS Direct Connect or VPC
peering, we need to create a VPC.
Accessing APIs within Anypoint VPC
For accessing applications within VPC, you can use below url.
Port 8091: - http://mule-worker-internal-<appname>.region.cloudhub.io:8091/
Port 8092: - https://mule-worker-internal-<appname>.region.cloudhub.io:8092/
Creating Anypoint VPC, VPN and DLB is the self service but you can
request MuleSoft to create VPN IPsec tunnelling, VPC Peering or AWS
Direct Connect by filling Anypoint VPC discovery template.
Characteristics
9. 9
VPC Firewall Rules
Type Port Firewall Rule
http.port 8081 Accessible from anywhere outside VPC over HTTP.
https.port 8082 Accessible from anywhere outside VPC over HTTPS.
http.private.port 8091 Accessible within VPC over HTTP.
https.private.port 8092 Accessible within VPC over HTTPS.
10. 10
You have four environments dev, test, sit and prod.
Application on dev and sit must run on 1 Worker.
Application on the test must be run on 2 Workers.
Application on prod must run on 2 Workers.
Total Application = 10 (Near Future)
The organization will have 2 VPC’s, one for PROD and another for NON PROD.
The problem statement is that we need to decide the minimum CIDR block will be needed for PROD
and NON-PROD VPC.
VPC Sizing Requirements
11. 11
VPC Sizing Solution
There will be 2 IPs reserved for
each VPC for infrastructure.
For Production VPC, we require
around 302 IPs and it will be
provided by a subnet mask of /23
(e.g. 192.168.0.0/23). This subnet
mask will provide 512 IPs.
For Non-Production VPC, we
require around 602 IPs and it will
be provided by a subnet mask of
/22 (e.g. 192.168.0.0/22). This
subnet mask will provide 1024
IPs.
12. 12
Always create a VPC in the same region or close to your datacenter or AWS region (VPC Peering).
Always choose a higher or appropriate range of CIDR masks because the CIDR mask cannot be updated
once VPC is created. To change the CIDR mask, we need to re-create VPC and it requires downtime for
your applications.
Always choose a CIDR mask which doesn't overlap with your datacenter IP addresses or subnets.
Always create a separate VPC for production and non production environments.
Always create VPC in parent business groups and share with child business groups.
VPC Sizing Best Practices
15. 15
Dedicated Load Balancer is optional components in Anypoint Platform which allows to route external
HTTP/HTTPs traffic to multiple applications deployed to cloudhub within VPC.
Each Dedicated Load Balancer has a DNS A record lb-name.lb.anypointdns.net that resolves to the
two public IP addresses of the two instances.
What is Dedicated Load Balancer?
16. Dedicated Load Balancer
16
Shared Load Balancer available in all environments by default.
Shared Load Balancer provided basic functionality like TCP load
balancing.
Shared Load Balancer doesn’t allow you to configure custom SSL
certificates and proxy rules.
Shared Load Balancers have lower rate limits and it is different for
each region.
Application deployed to Cloudhub exceeds the rate limit for
shared load balancers, it will return 503 - Service Unavailable.
Shared Load Balancer
One of the limitations of SLB is the lower rate limit. To avoid that
issue, you can use a dedicated load balancer.
All applications can be hosted under a single domain.
Custom SSL certificates can be configured on DLB and optionally
two-way authentication can be enforced.
Handle load balancing among the different CloudHub workers that
run your application.
Dedicated Load Balancer
Off: Causes the load balancer to silently drop the request.
On: Accepts the inbound request on the default SSL endpoint
using the HTTP protocol.
Redirect: Redirects the request to the same URL using the
HTTPS protocol.
HTTP Inbound Mode
Disable Static IPs specify to use dynamic IPs, which do not persist
when the DLB restarts.
Keep URL encoding specifies the DLB passes only the %20 and
%23 characters as is. If you deselect this option, the DLB decodes
the encoded part of the request URI before passing it to the
CloudHub worker.
Support TLS 1.0 specifies to support TLS 1.0 between the client
and the DLB.
Upstream TLS 1.2 specifies to force TLS 1.2 between the DLB
and the upstream CloudHub worker.
Other Configurations
17. 17
Dedicated Load Balancer Certificates
Configure SSL certificate to enable HTTPS (Public Key and Private Key). For two way authentication, you
can configure Client Certificate and that is optional. The dedicated load balancer must be associated with at
least a pair of one certificates.
Generally, we configure the certificates on Dedicated Load Balancer from CA authority. For
testing purposes, you can use self signed certificates.
openssl req -newkey rsa:2048 -nodes -keyout test-private.pem -x509 -days 3000 –out test-public-crt.pem
Above command will generate Private Key and Public Key that can be configured on dedicated load balancer.
18. 18
Dedicated Load Balancer Certificates
Alternatively, you can generate certificates by passing .cfg file in openssl command.
You can add below content in .cfg file and pass to openssl command.
[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no
[ req_distinguished_name ]
countryName = US
stateOrProvinceName = Arizona
localityName = Phoenix
organizationName = Test
commonName = example.com
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1 = api-dev.example.com
DNS.2 = api-qa.example.com
openssl req -newkey rsa:2048 -nodes -keyout test-private.pem -x509 -days 3000 –out test-public-crt.pem -config test-com.cfg
19. 19
Dedicated Load Balancer Certificates
Creating wildcard Certificates
You can even create the wild card certificate to support subdomain requests.
[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
prompt = no
[ req_distinguished_name ]
countryName = US
stateOrProvinceName = Arizona
localityName = Phoenix
organizationName = Test
commonName = *.example.com
20. 20
Dedicated Load Balancer Mapping Rules
Mapping rules are used on dedicated load balancers to translate input URI to call applications deployed
on CloudHub. A pattern is a string that defines a template for matching an input text. Whatever value is
placed within curly brackets ({ }) is treated as a variable. Variable names can contain only lowercase
letters (a-z) and no other characters, including slashes.
21. 21
Dedicated Load Balancer Mapping Rules
Mapping rules are used on dedicated load balancers to translate input URI to call applications deployed
on CloudHub. A pattern is a string that defines a template for matching an input text. Whatever value is
placed within curly brackets ({ }) is treated as a variable. Variable names can contain only lowercase
letters (a-z) and no other characters, including slashes.
23. 23
Dedicated Load Balancer Whitelisted CIDR’s
To allow dedicated load balancers must be used by a set of IP addresses or single IP
addresses, you need to add those IP addresses in form of CIDR notations (e.g. 192.168.1.0/24).
By default CIDR mask is 0.0.0.0/0 which means all IP addresses are allowed to access
dedicated load balancer.
25. 25
What is Anypoint VPN?
VPN stands for Virtual Private Network and Anypoint VPN creates a secure connection between CloudHub
and On Premise data centers.
Anypoint VPN supports site-to-site internet protocol security (IPSec) connections.
Each Anypoint VPN connection consists of two tunnels that enable you to connect to a single public IP
address at a remote location. To connect additional remote locations,create another VPN.
The physical or software appliances, called VPN endpoints, are terminators on your side of connection.
The MuleSoft side of the connection is an implementation of a virtual private gateway (VGW). The
MuleSoft VGW is associated with a single MuleSoft VPC but can support up to 10 VPN connections.
The MuleSoft VGW implementation supports a maximum throughput of 1.25 Gbps.
26. 26
Anypoint VPN
Types of VPN Routing
Anypoint VPN supports dynamic or static routing for VPN connections.
Dynamic routing - Your device uses Border Gateway Protocol (BGP) to advertise routes to Anypoint
VPN. Use BGP routing if your device supports this protocol.
Static routing - Requires you to specify the routes (subnets) in your network that are accessible through
Anypoint VPN.
27. 27
Anypoint VPN IP Sec Tunneling
Anypoint VPN IPSec Tunneling VPN IPSec tunnel is set of protocols or standards to establish the connection
with on premise datacenter. IPSec tunnel is applied at the IP layer and it allows to connect the entire network
instead of a single device.
28. 28
VPC Peering
VPC peering basically connects two VPCs. In this case, it pairs your private Amazon VPC
directly to your Anypoint VPC. This enables you to route traffic between the two VPCs so they
can communicate as though they are in the same network.
33. 33
Accessing Application Over Public Internet
deployed within VPC
There are various ways that you can api's over the public internet when an application is
deployed within the VPC.
Deploy the application on port 8081 (http.port) or 8082 (https.port), as per firewall rule these ports
are accessible anywhere. So this apis can be access using
http://<appname>.region.cloudhub.io/ or
https://<appname>.region.cloudhub.io/
In case an application deployed on port 8091 (http.private.port) or 8092 (https.private.port), as per
above firewall rule these ports are accessible within VPC.
So this apis can be accessible on our public internet using a dedicated load balancer if
your IP Address is whitelisted in DLB configurations.