MuleSoft Operational and API Management Capabilities

This article will discuss about what are the different operational and API management capabilities provided by the MuleSoft and those can be leverage depending on the client requirements and expectations and that includes Cloudhub (With VPC and Without VPC), Runtime Fabric Manager and Customer Hosted Mule Runtime.

We will be discussing all the operational and API management capabilities with various use cases.

Use Case 1: Cloudhub Architecture

XYZ client wants to implement the MuleSoft to connect SaaS based applications for data syncing and migration. They also wants to expose Rest APIs for exchanging the data securely with API Authentication.  Client is looking for Cloud Based solution where they don't have to manage the platform and underlying infrastructure. There are other non functional requirements.

• APIs must be High available and Scalable.
• APIs must be Auto Healing.
• HTTP workload is not high.

Solution

In above solution, we will be having Runtime Manager in Anypoint Platform where applications can be deployed which can directly connect to the SaaS based applications like Salesforce and any application publicly available.

API manager will be used to govern or manage the API lifecycle and it will enable API authentication or authorization for client to connect APIs securely. Runtime Manager will peer the API Manager via API Proxy or API Auto Discovery.

All applications can be deployed on more than one worker for the high availability and fault tolerance. Anypoint Platform provides the capabilities of Intelligent healing of the application.

When we deploy the application in the Cloudhub on one or more worker within the particular region, application will be deployed to one Availability Zone for 1 worker or multiple Availability Zone for more than one worker (i.e. Each region have three Availability Zone).

In case, Availability Zone goes down due to the power failure or underlying hardware fails where application is deployed, the platform automatically migrates application to other Availability Zone in same region and restart the application.

Check this article https://dzone.com/articles/deploying-mulesoft-application-on-1-worker-vs-mult

Use Case 2: Cloudhub Architecture (Accessing Application Within Private Datacenter and AWS Cloud)

XYZ clients wants to implement the MuleSoft to connect SaaS based application like Salesforce, NetSuite etc., application running in AWS cloud like SAP systems, applications running in on premise datacenter like JDBC databases and other resources.

Client is looking for the Cloud Based solution where they don't have to manage the platform and underlying infrastructure. There are other non functional requirements.

• APIs must be High available and Scalable.
• APIs must be Auto Healing.
• HTTP workload is not high.

APIs must accessible by fewer clients publicly and securely.

Solution

In above solution, we need to setup Anypoint VPC that can connect to the on premise datacenter and AWS cloud. All the application will be deployed privately within the Anypoint VPC in the Runtime Manager.

Application deployed within the VPC can access the SaaS application directly over public internet.

For accessing databases and resources staying in on premise datacenter, we need to setup VPN IPSec Tunneling between Anypoint VPC and on premise datacenter.

For accessing applications like SAP in AWS cloud, we need to setup VPC peering between Anypoint VPC and AWS VPC (i.e. For VPC peering, both Anypoint and AWS VPC must exists in the same region).

API manager will be used to govern or manage the API lifecycle and it will enable the API authentication or authorization for client to connect APIs securely. Runtime Manager will peer to API Manager via API Proxy or API Auto Discovery.

All applications can be deployed on more than one worker for the high availability and fault tolerance. Anypoint Platform provides the capabilities of Intelligent healing of the application.

When we deploy the application on the Cloudhub with one or more worker in the particular region, application will be deployed to one Availability Zone for 1 worker or multiple Availability Zone for more than one worker (i.e. Each region have three Availability Zone).

In case, Availability Zone goes down due to the power failure or underlying hardware fails where application is deployed, the platform automatically migrates application to other Availability Zone in same region.

Check this article https://dzone.com/articles/deploying-mulesoft-application-on-1-worker-vs-mult

To access application deployed privately within Anypoint VPC in Runtime Manager, we need to create dedicated load balancer. Dedicated load balancer will allows client to access application deployed within Anypoint VPC. To access application by fewer client, we need to make use of whitelisted CIDRs at dedicated load balancer. 

Use Case 3: Customer Hosted MuleSoft Runtime (Hybrid Implementation)

XYZ institution is looking to implement cost effective solution. Solution must be highly available and having low workloads. Due to compliance or security requirements within the organization, they cannot move to cloud based approach.

All the APIs must be highly available and secured using API Authentication or Authorization.

Solution

In above solution, we can host mule runtime in customer datacenter with clustering enabled between multiple servers. Clustering will ensure the high availability and improve performance.

For HTTP workloads, we need to setup external load balancer. Client can directly send request to external load balancer and external load balancer will send request to one of the server.

We will be having Control plane in Anypoint platform and data plane in on premise server. This enabled the hybrid implementation. API Manager and on premise mule runtime will be peer using API Proxy or API Auto Discovery. So we can apply any required security policies.

Use Case 4: Leverage Anypoint API Management Capabilities for Non MuleSoft Application

XYZ client wants to implement API Management Capabilities for Non MuleSoft applications. They having ‘n’ number of web services and apis implemented using non mule technologies but there is no capabilities of API governance and also need to enable OAuth 2.0 Authentication for all the web services and apis. 

Non mule webservices and apis exists behind firewall in on premise datacenter.

Solution

In above solution, we have to create Anypoint VPC to connect on premise datacenter using Anypoint VPN IPSec Tunneling.

We need to create API Proxy using Anypoint API Manager which will deploy proxy application within Anypoint VPC in Runtime Manager and that will be connect to on premise non mule web services and apis.

Policies can be apply on the API proxy for enabling OAuth2 Authentication. We need to have dedicated load balancer for interacting with proxy deployed within VPC. Client can send request to Dedicated Load Balancer and it will be route to the proxy application and proxy application will route request to on premise datacenter webservices and apis.

To understand more on Anypoint API Manager capabilities, please go through below tutorials.

https://www.youtube.com/playlist?list=PL5GwZHHgKcuDNxON4BmQa_aiEb16BgDlv

Conclusion

We have discussed platform architecture that can be implemented using MuleSoft depending on the requirements and expectations with MuleSoft operational and API management capabilities.