MuleSoft - Design Best Practices
MuleSoft - Design Best Practices
DRAFT
1
© Customer 2017. All rights reserved
Table of Contents
1. Overview ............................................................................................................................................... 4
1.1. Design Considerations................................................................................................................... 4
1.2. Integration Style............................................................................................................................ 4
1.3. Demand and Capacity Planning .................................................................................................... 4
1.4. High Availability and Reliability ..................................................................................................... 4
1.5. Performance Optimization............................................................................................................ 4
1.6. Security ......................................................................................................................................... 5
1.7. MuleSoft Preferred SDLC Approach.............................................................................................. 5
2. Design Considerations........................................................................................................................... 5
2.1. Use cases ....................................................................................................................................... 5
2.2. API Design Considerations ............................................................................................................ 5
2.3. Requirements .............................................................................................................................. 10
2.4. Application Type ......................................................................................................................... 10
2.5. Infrastructure .............................................................................................................................. 10
3. Integration Style.................................................................................................................................. 10
3.1. Migration..................................................................................................................................... 10
3.2. Aggregation ................................................................................................................................. 11
3.3. Broadcast .................................................................................................................................... 11
3.4. Proxy ........................................................................................................................................... 12
3.5. Chained Services ......................................................................................................................... 12
3.6. Branch ......................................................................................................................................... 13
3.7. Asynchronous Messaging............................................................................................................ 13
4. Demand and Capacity Planning .......................................................................................................... 14
5. High Availability and Reliability ........................................................................................................... 15
5.1. On-premise ................................................................................................................................. 15
5.2. Cloudhub ..................................................................................................................................... 16
6. Performance Optimization.................................................................................................................. 17
6.1. High Throughput ......................................................................................................................... 17
2
© Customer 2017. All rights reserved
6.2. Low Latency ................................................................................................................................ 17
7. Security ............................................................................................................................................... 17
7.1. API Security ................................................................................................................................. 17
7.2. Anypoint Platform Security Components ................................................................................... 18
8. MuleSoft Preferred SDLC Approach.................................................................................................... 18
8.1. Design.......................................................................................................................................... 19
8.2. Development............................................................................................................................... 19
8.3. Testing ......................................................................................................................................... 20
8.4. Deployment................................................................................................................................. 20
8.5. Maintenance ............................................................................................................................... 20
9. References .......................................................................................................................................... 20
3
© Customer 2017. All rights reserved
1. Overview
This document addresses the overall approach to be followed while architecting and designing MuleSoft
projects. It is recommended to create a project specific document that references this document and to
override/add any additional project specific details.
This document has the following sections, which are critical while designing a MuleSoft project.
1.1. Design Considerations
For any successful project implementation, architecture and design is the critical phase. Ensuring that all
important aspects are covered while designing a project is the key for success. Mule projects design is
based out of following keys aspects:-
• Use cases
• API Design Considerations
• Requirements: Both functional and non-functional
• Application type
• Infrastructure
1.2. Integration Style
MuleSoft project implementations would mostly fall under the below high level integration styles. The
first 4 are traditional integration approaches, while the last 4 are mostly for micro-service based
implementations.
• Migration
• Broadcast
• Aggregation
• Bi-directional synchronization
• Proxy
• Chained services
• Branch
• Asynchronous messaging
4
© Customer 2017. All rights reserved
1.6. Security
The integrations have to be secured. The security approach usually needs to be discussed with client
before coming up with the overall design. The different security approach principles in Mule projects will
fall under the below 5 categories.
2. Design Considerations
The design considerations aspects are detailed as below:-
5
© Customer 2017. All rights reserved
• Experience API: These should be the only public APIs in the entire layer of APIs, which all
channels would directly access. They would largely be channel agnostic but will build flexibility
to allow channel developers to make them channel specific. This layer exists to provide
o Abstraction of different functions from an API client perspective, allowing for different
configurable attributes for pagination, field filtration
o Since this is the only layer the API client interacts with, in the API layered architecture,
all responsibilities that relate to a gate-keeper function will be done at this layer - such
as SLA checks (rate limiting or throttling), security checks, monetization and the like.
• Process API: This is an optional layer. Where complex orchestration/aggregation is required
resulting in managing multiple calls to different domain APIs (System or Microservices), a
Process API would be needed. If the case for a complex orchestration or aggregation doesn't
exist, Experience APIs will communicate directly with System APIs. This layer is needed to
perform complex facade functions of orchestration and the associated operations leading to
errors, failovers, alternate paths and the like including transaction management where
applicable.
• System API: This layer only exists to provide a micro service-like-facade on a monolith
application not yet broken into micro services. The system APIs provide a micro service
abstraction and help create bounded contexts in order to access functions within a monolith
application, using modern architectural paradigms of single bounded context and self-contained
APIs.
6
© Customer 2017. All rights reserved
Experience layer guidelines
• API Identification
o APIs should be designed to be channel agnostic, and should be designed to support
multiple channels. The design should optimize data to conform to a specific user
experience across channels, and should be able to support dynamic inbound and
outbound payloads per channel.
o APIs should be modeled by not aligning to screen design, but should focus on details
needed to complete actions pertaining to use cases across screens/channels. This
enables screens to be changed with minimal changes to the API interface.
• API Design
o APIs should be designed to be non-blocking, with a decision made on sync or non-sync
flows to be implemented.
o Data considerations needed to support the business needs from an experience point of
view should include – inbound and outbound data models, required and non-required
fields.
o Process or System API responses should be mapped Experience API responses (payload
reduction) in order to segregate clearly the responsibilities per layer.
o APIs should be designed to support Pagination and navigation (we recommend Hateoas)
o API payloads should use Compression (gzip used by default at ios and android dev kits)
7
© Customer 2017. All rights reserved
o APIs should offer dynamic Data Filtration and transformations where applicable.
o This is also the layer where non-functional aspects such as the following should be
handled – rate limiting/throttling, Analytics, Security / Authentication and Authorization
(JWT/ OAuth2 security schemas in RAML).
o APIs should be designed to support multiple versions.
• API Implementation
o Experience APIs should be documented to make it easier for API developers to consume
and contribute to them.
o Mocks for APIs should be created along with MUnits in a TDD paradigm, in order to
ensure clients to the APIs can develop to the specification, while the API is being
developed.
o Experience APIs should externalize configuration where applicable for different markets
to customize them without needing to perform changes to API implementations.
• API Operations
o Experience APIs should be monitored and controlled for use per channel.
o Experience APIs usage should directly correlate to monetization decisions.
8
© Customer 2017. All rights reserved
of requests flowing through individual flow paths to understand patterns of usage of
API, errors/exceptions with highlights to occurrences at specific as well as trends on the
different types of exceptions/errors.
o Should be auto scaled and support other hooks to enable scaling the APIs up or down
based on usage.
9
© Customer 2017. All rights reserved
2.3. Requirements
The requirements will be ranging from Functional and Non-Functional. From functional requirements
perspective, it is the FSPEC which details out the functionality required to achieve as part of the
Integration. In case of Non-functional Requirements (NFRs), the following aspects need to be
understood well.
• SLAs – Service Level Agreements
• TPS – Transactions per second to be processed by the interface / API
• Response Time – The expected response times for real-time APIs
• Size of Payload – The expected size of payload to be processed
• HA – High Availability need to be considered
• DA – Any Disaster Recovery methods to be in place
• Environments – How many environments need to be accounted (DEV, QA, PROD … etc.)
2.4. Application Type
The application types which can be implemented would be:-
• Cloud only: In this type of applications, use only Cloudhub
• On-Premise: Traditional enterprise integration applications
• Hybrid: This is a common approach we see for most of the implementations, where we do both
Cloud and On-Premise implementations.
2.5. Infrastructure
The infrastructure needs to be considered depending on the application types.
• Cloudhub: The infrastructure will be managed by MuleSoft and the back end is on AWS.
• On-Premise: The customer has to manage the servers, load balancers, clusters, firewalls … etc.
• Hybrid: Along with the above Cloudhub and On-Premise infrastructure elements, MuleSoft
managed VPC tunnel where MuleSoft configures the VPC between Cloudhub and Customer on-
premise network.
3. Integration Style
The Integration styles are explained in detailed below for some examples from traditional integrations
and micro-service based approaches.
3.1. Migration
The most common style of Integration we see is Migration, as most of the Integrations are moving Cloud
based and we look at migrating on-premise integrations.
• Data migration is moving a specific set of data at a particular point in time from one system to
another.
• Migration pattern allows developers to build automated migration services that create
functionality to be shared across numerous teams in an organization.
• Implementation of the Migration can be record-by-record or in batch depending on volume.
10
© Customer 2017. All rights reserved
3.2. Aggregation
The interface usually takes or receives data from multiple systems and copies or moves it into just one
system. This kind of approach enables the extraction and processing of data from multiple systems into
one application.
3.3. Broadcast
We can say this is the opposite style of Integration when compared to Aggregation pattern, as the data
transferred from a single source to multiple destination systems.
This approach is most common use case is keeping data up-to-date between multiple systems, which
usually implemented as one-way synchronization from one to many systems.
11
© Customer 2017. All rights reserved
We look at Microservices style of integrations usually to achieve Functional decomposition; Domain
based segregation of services which allows low coupling and high cohesion. The following are the same:-
3.4. Proxy
Proxy patterns usually come in implementations, where client will not invoke the actual service directly.
The most common use-case would be each individual service does not need be exposed to consumer
and should instead go through an interface.
In the below depicted pattern, the request are coming from load balancer to the proxy service and the
proxy service is fetching data from target services A and B. The proxy service is just acting as routing
service for requests to Service A or Service B in the backend.
12
© Customer 2017. All rights reserved
• Client is blocked until the complete chain of request/response is completed
3.6. Branch
This type of Integration style usually extends the Aggregator type, and is used in situations:-
• To allow simultaneous response processing from two, likely mutually exclusive, chains of
Microservices
• Can also be used to call different chains, or a single chain, based upon the business needs
The services will be de-coupled using message queues or web sockets, instead of REST.
13
© Customer 2017. All rights reserved
4. Demand and Capacity Planning
Demand planning is an important aspect while designing MuleSoft projects / solutions. This activity is
usually done during sales cycle or any new opportunities. This activity can also be done while client is
evaluating any changes in existing projects too.
This metric would give estimation of what is needed today and in the future in terms of platform
capabilities and capacity. The below are the high level capabilities considered during this phase.
When we are taking about capacity planning, the following aspects are what we need to account for.
• Number of Cores
• Number of B2B partners
• Number of MQ messages
• Number of Environments (Production and Sandboxes)
It is very important to consider different phases or project rollouts, while doing capacity planning. The
reason being, while phase 1 is being rolled out, phase 2 development activities might start and need to
account for additional environments.
The outcome of capacity planning would be after having clear understanding of the following sequence
of steps. The recommendation will be given along with discussion with MuleSoft Engagement Manager.
14
© Customer 2017. All rights reserved
• Understanding of Architecture: The details around network setup, reference integrating
applications and format of messages need to be understood.
• Understanding of Integrations: Each type of integration can have different use-cases, and each
use-case will have different requirements. Need to understand various aspects of integrations,
like real-time vs batch, complexity, peak-volume … etc.
• Understanding Requirements: This is as mentioned in requirements section.
• Sizing Overview: The sizing overview step will give a picture about required capacity and the list
of recommendations. For example for Cloudhub based development, the number of cores will
be provided. This will be output of discussion along with MuleSoft Engagement Manager. While
the requirements change, the sizing needs to be re-assessed again.
5.1. On-premise
High availability can be achieved by below two models for on-premise MuleSoft implementations.
• Mule Clustering – Where multiple Mule servers are available within the same cluster
environment and the routing of requests will be done by the load balancer.
• Load balanced standalone Mule instances – The high availability can be achieved even without
cluster, with the usage of only load balancer pointing requests to different Mule servers.
15
© Customer 2017. All rights reserved
Reliability will depend on the components used for On-premise implementations. This is relevant to the
availability of data and messages, specifically in case of errors states, system failures etc. When you
consider introducing messaging layer for reliability, you need to choose from below:-
5.2. Cloudhub
High availability can be achieved for Cloudhub applications by utilizing Cloudhub Fabric, where same
application can be deployed to multiple workers which is usually called as horizontal scaling.
Cloudhub Fabric will have an inbuilt load balancer provided by MuleSoft, which routes the requests to
horizontally scaled applications.
16
© Customer 2017. All rights reserved
• Object Store – For persistent key value pair based data storage, which can be accessed by
multiple workers.
• Persistent Queues – To avoid any message loss and achieve reliability.
6. Performance Optimization
When performance optimization is being done for an application, the following goals have to be
considered. Usually these goals will be opposing each other.
• High throughput
• Low latency
• Reliability
• Security
The design recommendations from MuleSoft for optimal performance are listed below.
• Minimal or no usage of session variables need to be considered. The larger or more session
variables will impact the performance of the application.
• Java payloads usually give best possible performance. Try to avoid large XML payloads
• Preferably use MEL over scripting languages like Groovy
• Dataweave need to be used over one to one transformers. However Dataweave need to be
avoided if possible in Batch jobs.
While configuring thread pools, selecting the right processing strategy of the flow is also important.
While calculating the number of threads, considering a 1 vCore we need to keep 2000 as the maximum
allowed threads.
The other aspects of Reliability and Security are covered in the other individual sections.
7. Security
There are several aspects of security need to be considered while designing Mule applications.
17
© Customer 2017. All rights reserved
7.2. Anypoint Platform Security Components
Anypoint platform provided security components consists of below 3 aspects
• Anypoint Enterprise Security – This module can be incorporated in both Cloud and On-premise
based applications. It has capabilities around Filtering IPs, Securing passwords in property files,
Message level encryption such as PGP … etc. It also provides OAUTH 2.0 capability and
processors to ensure message integrity.
• API Security Manager – Securing the APIs using various API manager policies and custom policies
• Virtual Private Cloud (VPC) – Securing the Cloud / On-premise network, using options such as
VPC peering, VPN tunnel and Cloudhub direct connect.
18
© Customer 2017. All rights reserved
8.1. Design
For designing MuleSoft APIs / Interfaces, the below MuleSoft components can be used.
• API Designer
• Anypoint Exchange
8.2. Development
For developing MuleSoft projects, utilities required are as below:-
• Anypoint Studio
• Maven / Gradle plugins
19
© Customer 2017. All rights reserved
• DevKit and APIkit for developing custom connectors / APIs respectively.
8.3. Testing
For unit testing Mule applications the following components are required.
8.4. Deployment
After developing and unit testing, the applications can be deployed as Mule runtime agent application or
as an API.
8.5. Maintenance
In order to manage / maintain the deployed Mule applications, we can use MMC for on-premise and API
Manager / Runtime manager from Cloudhub perspective.
9. References
The following references are considered while writing this document.
# Reference Link
1 https://training.mulesoft.com/instructor-led-training/aparch-solution-design
2 https://www.MuleSoftsoft.com/resources/esb/cloud-integration-patterns
https://docs.MuleSoftsoft.com/MuleSoft-user-guide/v/3.9/understanding-enterprise-
3
integration-patterns-using-MuleSoft
4 https://www.mulesoft.com/ty/wp/secrets-great-api
20
© Customer 2017. All rights reserved