Making Zen of API Platform Deployment Architecture

February 24 2015

3 comments 0
motif

The general guiding principles of the Zen philosophy can actually be quite helpful in designing the Anypoint Platform for APIs‘ deployment architecture. The emphasis on having a holistic approach, while striving for simplicity, symmetry, and minimalism, works as well for meditation as for coming up with a stable, robust and secure architecture. Here, we will outline the four most common models in use today that dovetail with the teachings of the Zen philosophy.

1. On-premises

The first model is a pure on-premises configuration.
on-prem-e1424731537302

In this case we generally recommend setting up the API Gateway cluster inside the DMZ to run the API proxy applications, with communication to the gateway restricted to only between the API Web management console, the Mule Management Console, and the service implementations themselves via another firewall and load balancer.

2. Hybrid

Another common approach is a hybrid configuration, with the API Gateway hosted on CloudHub, i.e. the API proxy applications are deployed on CloudHub with API Gateway runtime.
hybrid
Secure communication between the proxy applications and the internal systems can be established via Virtual Private Cloud (VPC), 2-way SSL, IP-address whitelisting or a combination of these.

3. CloudHub VPC

For pure cloud deployment, the options depend on whether VPC is part of the infrastructure. For a configuration with VPC, some CloudHub workers can be dedicated to run API proxy applications and be left outside the VPC, with the CloudHub workers that service implementations are deployed on will be inside the VPC and behave like they are part of the internal network.
ch_vpc

4. No CloudHub VPC

If VPC is not used, then generally API proxy applications will not be needed. Instead, the service implementation applications on CloudHub will be deployed onto API Gateway runtime.
ch_no_vpc

In each of the cases illustrated above, the configuration is straight-forward, using only common components, and communication opening between systems is kept to minimal for maximum security. In essence, they embody the Zen design philosophy to deliver good connectivity karma.


We'd love to hear your opinion on this post

3 Responses to “Making Zen of API Platform Deployment Architecture”

  1. Really enjoyed the analogy to Zen philosophy. I wonder if there is another option in play which would be similar #4 No Cloud Hub VPC, but for running everything on-premise. Basically all of your APIs are internal to your company but cross many business lines. Still would like to take advantage of Mule ESB being the API implementation container, but also want to leverage various API policies deployed into the API Gateway to manage the API usage between business lines. What would that API Platform Deployment Architecture look like? Would I still leverage separate Mule ESB and API Gateway runtimes or combine them together like what was done on CloudHub?

    Agree(1)Disagree(0)Comment
    • In that case we still recommend having a separate API Gateway (cluster if High Availability desired), but instead of DMZ, the gateway will sit inside the corporate network.

      Thank you for the nice comments!!

      Agree(0)Disagree(0)Comment
  2. Nice outline. It helps for design and impletementation of solution in this area.

    Agree(0)Disagree(0)Comment