The general guiding principles of the Zen philosophy can actually be quite helpful in designing the Anypoint Platform for APIs‘ deployment architecture. The emphasis on having a holistic approach, while striving for simplicity, symmetry, and minimalism, works as well for meditation as for coming up with a stable, robust and secure architecture. Here, we will outline the four most common models in use today that dovetail with the teachings of the Zen philosophy.
The first model is a pure on-premises configuration.
In this case we generally recommend setting up the API Gateway cluster inside the DMZ to run the API proxy applications, with communication to the gateway restricted to only between the API Web management console, the Mule Management Console, and the service implementations themselves via another firewall and load balancer.
Another common approach is a hybrid configuration, with the API Gateway hosted on CloudHub, i.e. the API proxy applications are deployed on CloudHub with API Gateway runtime.
Secure communication between the proxy applications and the internal systems can be established via Virtual Private Cloud (VPC), 2-way SSL, IP-address whitelisting or a combination of these.
3. CloudHub VPC
For pure cloud deployment, the options depend on whether VPC is part of the infrastructure. For a configuration with VPC, some CloudHub workers can be dedicated to run API proxy applications and be left outside the VPC, with the CloudHub workers that service implementations are deployed on will be inside the VPC and behave like they are part of the internal network.
4. No CloudHub VPC
In each of the cases illustrated above, the configuration is straight-forward, using only common components, and communication opening between systems is kept to minimal for maximum security. In essence, they embody the Zen design philosophy to deliver good connectivity karma.