CloudHub is a significant investment when considering how to solve integration challenges. While it is a platform as a service component (PaaS) of Anypoint Platform, using it effectively still requires upfront planning to configure it in the right way.
As a Platform Architect, you need to know key aspects of documenting the platform architecture and configuring it correctly. While the configuration of some CloudHub platform components may seem straightforward, it’s important to understand the implications of setup, as not doing it properly can have an impact on scaling later.
What to keep in mind when setting up CloudHub
Let’s explore some key considerations to be aware of when setting up CloudHub.
1. Business groups
Business groups enable different business functions to manage and administer Anypoint Platform while allowing multi-tenant use cases. This makes it easy for an organization to have a single Anypoint subscription and delegate vCores to different business groups.
While documenting the platform architecture, agree on business groups details with the customer upfront as it will act as a basis to separate and control access to Anypoint Platform resources.
It’s important to have an optimal number of sandbox environments for the development and testing of the APIs. You can go with dev, test, and staging environments of sandbox, and prod for production. Try to mirror the environments currently supported by the customer for other core applications.
We’ve repeatedly seen situations where customers tried to use or asked about Design environment vCores for deploying the Anypoint Studio applications. Note that vCores for the Design environment are only for Design Center applications.
3. Identity provider
The identity provider needs to be configured if your organization wants to enable single sign-on (SSO) capabilities to Anypoint Platform for users. The customer needs to have an external identity provider (IDP) which supports LDAP, SAML, PingFederate, or OpenAM protocols.
Setting up an identity provider involves multiple applications, so make sure to have the right resource with external identity provider expertise to collaborate for setup and testing. List the roles that need to be created in the external identity provider and mapped to Anypoint roles.
4. Client provider
Anypoint Platform is a default client provider in CloudHub. Customers needing to use OAuth 2.0 to authorize client applications require an external client provider. CloudHub supports OpenAM, PingFederate, and OIDC providers to be easily hooked up to enable client application authorization.
5. Virtual Private Cloud (VPC) setup
Anypoint Virtual Private Cloud (VPC) enables CloudHub workers to access resources behind the corporate network securely. VPC sizing is a key activity to determine the right CIDR block. It’s important to choose the VPC CIDR block and size carefully so that it can cater the future needs.
When you connect the VPC with your wider corporate network using any of the given connectivity options, the CIDR block must be unique across the network. If you’re designing the CIDR range, get it verified from the network team having visibility of the whole corporate network.
There are multiple connectivity options, such as a VPN tunnel or connecting a private AWS VPC to your Anypoint VPC through VPC peering or AWS Direct Connect. Consider if this is suitable for your connectivity use case, and plan accordingly.
As a note, MuleSoft announced Transit Gateway support for CloudHub which significantly simplifies the network access between VPCs and on-premises data centers.
6. Load balancers
CloudHub comes with default Shared Load Balancer which provides basic functionality. It’s managed by MuleSoft and doesn’t support custom SSL certificates.
Organizations looking to have their vanity domain and functionality for custom SSL certificates need to use Dedicated Load Balancer (DLB). You can consider having one DLB per VPC and apply different mapping rules configurations to route requests appropriately.
For vanity domains, make sure to configure CNAME records for the domain to point to the appropriate Dedicated Load Balancer (DLB) URL.
7. MuleSoft Enterprise Maven Repository
The Mule-Maven plugin enables automated deployments to CloudHub. MuleSoft has certain maven dependencies which are only available from the MuleSoft Enterprise Maven Repository.
You can reach out to MuleSoft support to get Enterprise Maven Repository credentials and configure your pom.xml and settings.xml appropriately.
Ensuring a successful platform setup is not an easy job. It requires upfront planning, technical proficiency, collaboration with multiple technical teams, and a platform mindset to meet the client’s expectations.
If you want to learn more about the proven way of setting up the Anypoint Platform, leverage MuleSoft’s Catalyst Methodology from Catalyst Knowledge Hub.