SlideShare a Scribd company logo

Rtf externalize tls MuleSoft meetup

S
Sandeep Deshmukh

This document outlines an agenda for an online Meetup discussing externalizing TLS certificates and properties for Runtime Fabric applications. The agenda includes guidelines, a walkthrough of a utility for externalizing certificates, a demo, and Q&A. Deepak Suseelan from MuleSoft will present on three options for externalizing certificates - injecting during deployment, using secure properties, and a custom admission controller. The presentation will demonstrate a utility for the second option using secure properties and discuss tradeoffs of each approach.

Technology
1 of 17
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Oct, 2021 Online English Meetup Group Externalize TLS Certificates and properties for Runtime Fabric Applications Sandeep Deshmukh Moderator Deepak Suseelan Technical Architect MuleSoft Speakers: Recording
2 ● Guidelines ● Walkthrough of Utility ● Demo ● Q&A Agenda
All contents © MuleSoft, LLC MuleSoft Meetups: Virtual Muleys 3
All contents © MuleSoft, LLC Guidelines for today 1. Pop questions in the chat and anyone can try to answer! 2. Remaining questions will be asked in your behalf at the end of the session 3. The Recording will be shared in the Meetups page and in the VirtualMuleys Youtube Channel 4. Your feedback drives the content of these meetups, fill the surveys at the end of the event, let us know what you think! 4
All contents © MuleSoft, LLC +25 Virtual Community Meetups in October New Meetup groups looking for speakers • Communication, Media, Technology • Higher Education • Nonprofit Organizations Local virtual events in +20 cities • Join from anywhere! → Join the Global Group: https://meetups.mulesoft.com/online-group-english/ → RSVP for upcoming events: https://meetups.mulesoft.com/events/ 5
All contents © MuleSoft, LLC Speakers 6 Deepak Suseelan Technical Architect , MuleSoft Professional Services
All contents © MuleSoft, LLC This presentation involves custom developed components that is not part of MuleSoft product suite and therefore not supported by MuleSoft support. Technical assistance for these components are limited to this presentation and associated documentation.This is an UNLICENSED utility, please review the considerations. If you need assistance on extending this application, contact your MuleSoft Customer Success representative or MuleSoft Professional Services Disclaimer
All contents © MuleSoft, LLC Anypoint Runtime Fabric VM Mule App VM Mule App Mule App Runtime Fabric components Runtime Fabric appliance Mule App network Runtime Fabric Mule App Mule App VM Runtime Fabric orchestrates and automates the deployment of Mule runtimes into containers in any cloud or on-premises environment Benefits ● Deploy consistently across any cloud or data center ● Run multiple runtime versions in the same Runtime Fabric ● Scale horizontally and redeploy w/ zero-downtime ● Easily manage via the control plane hosted by MuleSoft ● Flexible deployment upon existing infrastructure or managed K8s services Overview
All contents © MuleSoft, LLC Issues with bundling certificates with application ● Use of self-signed or non-compliant certificates ● Unable to track and renew certificates in a timely manner ● Cannot guarantee the safety of private keys ● Unable to track non-compliant certificates ● No accountability ● Security Constraints Why Externalize Certificates
All contents © MuleSoft, LLC Option 1( Most Common) - Inject TLS certificates during CD process ● Most commonly used solution ● Does not involve any custom mule components ● Does not modify the container after it is created Certificate Externalization With RTF ● TLS certificates get stored in Anypoint Exchange repo along with the application ● Any change in certificate would mean re-deployment of all the applications
All contents © MuleSoft, LLC Option 2 - Using Secure Properties Certificate Externalization With RTF https://docs.mulesoft.com/runtime-fabric/1.10/manage-secure-properties
All contents © MuleSoft, LLC Option 2 - Using Secure Properties Link: https://github.com/mulesoft-catalyst/rtf-secure-file-provider Certificate Externalization With RTF ● Separation of TLS certificate deployment pipeline from Application deployment ● TLS certificates are never stored as part of the application even in Exchange ● No need to re-deploy applications after updating certificate ● Possibility of hitting the size limit of secure properties Depending on the number of files being stored ● Container modified after deployment for adding files to classpath
Performance Tools Demo
All contents © MuleSoft, LLC Option 3 - Using Custom Admission Controller Certificate Externalization With RTF Self Managed
All contents © MuleSoft, LLC Option 3 - Using Custom Admission Controller Link: https://github.com/mulesoft-catalyst/RTF-Custom-Admission-Controller Certificate Externalization With RTF ● Separation of TLS certificate deployment pipeline from Application deployment ● TLS certificates are never stored as part of the application even in Exchange ● No need to re-deploy applications after updating certificate ● Files can be stored in any external storage with no size restrictions ● Only for RTF on self managed kubernetes ● The webhook becomes the most critical part of your infrastructure. It needs to be highly available and fault tolerant. ● Webhook is a Mule application and will be counted towards core subscription ● Requires at least intermediate level knowledge of Kubernetes
Performance Tools Demo
17 Thank you

More Related Content

PDF
Introduction to Red Hat OpenShift 4
HngNguyn748044
 
PPTX
Demystifying the use of circuit breakers with MuleSoft
Sandeep Deshmukh
 
PPTX
Introduction to Anypoint Runtime Fabric on Amazon Elastic Kubernetes Service ...
Anoop Ramachandran
 
PPTX
Patna MuleSoft Meetup Anypoint Cloudhub 2.0
shyamraj55
 
PDF
Kubernetes or OpenShift - choosing your container platform for Dev and Ops
Tomasz Cholewa
 
PDF
面白いゲームを作る方法
kosenconf012hachinohe
 
PPTX
Introduction to CloudHub 2.0
NeerajKumar1965
 
PDF
Stellar
YongraeJo
 
Introduction to Red Hat OpenShift 4
HngNguyn748044
 
Demystifying the use of circuit breakers with MuleSoft
Sandeep Deshmukh
 
Introduction to Anypoint Runtime Fabric on Amazon Elastic Kubernetes Service ...
Anoop Ramachandran
 
Patna MuleSoft Meetup Anypoint Cloudhub 2.0
shyamraj55
 
Kubernetes or OpenShift - choosing your container platform for Dev and Ops
Tomasz Cholewa
 
面白いゲームを作る方法
kosenconf012hachinohe
 
Introduction to CloudHub 2.0
NeerajKumar1965
 
Stellar
YongraeJo
 

Similar to Rtf externalize tls MuleSoft meetup (20)

PDF
Virtual meetup - Exploring the Runtime Fabric deployment model
Jimmy Attia
 
PPTX
Dubai meetup- Anypoint Runtime Fabric
satyasekhar123
 
PDF
Surat MuleSoft Meetup#2 - Anypoint Runtime Fabric
Jitendra Bafna
 
PDF
MuleSoft Online Meetup a Guide to RTF application deployment - October 2020
Royston Lobo
 
PPTX
Deploying and Managing Anypoint Runtime Fabric on OpenShift
Harshana Martin
 
PPTX
Designing Apps for Runtime Fabric: Logging, Monitoring & Object Store Persist...
Eva Mave Ng
 
PDF
MuleSoft_NZ_Meetup_11
MizuhoHoshino
 
PPTX
Montreal MuleSoft_Meetup_07-July.pptx
Sadik Ali
 
PPTX
São Paulo MuleSoft Meetup #5 - Runtime Fabric
Guilherme Pereira Silva
 
PDF
MuleSoft Sizing Guidelines - VirtualMuleys
Angel Alberici
 
PPTX
EXT - Evented APIs
Florence Next
 
PDF
Melbourne Virtual MuleSoft Meetup October 2021
Daniel Soffner
 
PPTX
Running and Managing Mule Applications
MuleSoft
 
PPTX
Baltimore jan2019 mule4
ManjuKumara GH
 
PDF
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys Meetups
Angel Alberici
 
PPTX
Washington DC MuleSoft Meetup 05-12-22-2.pptx
ivaturia
 
PPTX
Kochi Mulesoft Meetup #11 - Runtime Fabric on Google Kubernetes Engine (GKE)
sumitahuja94
 
PDF
MuleSoft Meetup Singapore - Reliable Messaging & RTF Operations
Julian Douch
 
PPTX
Madrid meetup #7 deployment models
Mario Alberto Martinez Lopez
 
PPTX
Nyc mule soft_meetup_13_march_2021
NeerajKumar1965
 
Virtual meetup - Exploring the Runtime Fabric deployment model
Jimmy Attia
 
Dubai meetup- Anypoint Runtime Fabric
satyasekhar123
 
Surat MuleSoft Meetup#2 - Anypoint Runtime Fabric
Jitendra Bafna
 
MuleSoft Online Meetup a Guide to RTF application deployment - October 2020
Royston Lobo
 
Deploying and Managing Anypoint Runtime Fabric on OpenShift
Harshana Martin
 
Designing Apps for Runtime Fabric: Logging, Monitoring & Object Store Persist...
Eva Mave Ng
 
MuleSoft_NZ_Meetup_11
MizuhoHoshino
 
Montreal MuleSoft_Meetup_07-July.pptx
Sadik Ali
 
São Paulo MuleSoft Meetup #5 - Runtime Fabric
Guilherme Pereira Silva
 
MuleSoft Sizing Guidelines - VirtualMuleys
Angel Alberici
 
EXT - Evented APIs
Florence Next
 
Melbourne Virtual MuleSoft Meetup October 2021
Daniel Soffner
 
Running and Managing Mule Applications
MuleSoft
 
Baltimore jan2019 mule4
ManjuKumara GH
 
MuleSoft Runtime Fabric (RTF): Foundations : MuleSoft Virtual Muleys Meetups
Angel Alberici
 
Washington DC MuleSoft Meetup 05-12-22-2.pptx
ivaturia
 
Kochi Mulesoft Meetup #11 - Runtime Fabric on Google Kubernetes Engine (GKE)
sumitahuja94
 
MuleSoft Meetup Singapore - Reliable Messaging & RTF Operations
Julian Douch
 
Madrid meetup #7 deployment models
Mario Alberto Martinez Lopez
 
Nyc mule soft_meetup_13_march_2021
NeerajKumar1965
 
Ad

More from Sandeep Deshmukh (6)

PPTX
Operationalizing CloudHub 2.0 - Meetup.pptx
Sandeep Deshmukh
 
PPTX
DataWeave Meetup.pptx
Sandeep Deshmukh
 
PPTX
Runtime Fabric on OpenShift _--_ MuleSoft Meetup Deck.pptx
Sandeep Deshmukh
 
PPTX
City & County of Denver's MuleSoft Journey
Sandeep Deshmukh
 
PPTX
Rtf v2 ingress muleSoft meetup self managed kubernetes
Sandeep Deshmukh
 
PPTX
On prem to cloud hub migration (updated)
Sandeep Deshmukh
 
Operationalizing CloudHub 2.0 - Meetup.pptx
Sandeep Deshmukh
 
DataWeave Meetup.pptx
Sandeep Deshmukh
 
Runtime Fabric on OpenShift _--_ MuleSoft Meetup Deck.pptx
Sandeep Deshmukh
 
City & County of Denver's MuleSoft Journey
Sandeep Deshmukh
 
Rtf v2 ingress muleSoft meetup self managed kubernetes
Sandeep Deshmukh
 
On prem to cloud hub migration (updated)
Sandeep Deshmukh
 
Ad

Recently uploaded (20)

PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Cloud computing and distributed systems.
kkkkkhan
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Approach and Philosophy of On baking technology
30anthuong17
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Encapsulation theory and applications.pdf
gurumoop
 

Rtf externalize tls MuleSoft meetup

  • 1. Oct, 2021 Online English Meetup Group Externalize TLS Certificates and properties for Runtime Fabric Applications Sandeep Deshmukh Moderator Deepak Suseelan Technical Architect MuleSoft Speakers: Recording
  • 2. 2 ● Guidelines ● Walkthrough of Utility ● Demo ● Q&A Agenda
  • 3. All contents © MuleSoft, LLC MuleSoft Meetups: Virtual Muleys 3
  • 4. All contents © MuleSoft, LLC Guidelines for today 1. Pop questions in the chat and anyone can try to answer! 2. Remaining questions will be asked in your behalf at the end of the session 3. The Recording will be shared in the Meetups page and in the VirtualMuleys Youtube Channel 4. Your feedback drives the content of these meetups, fill the surveys at the end of the event, let us know what you think! 4
  • 5. All contents © MuleSoft, LLC +25 Virtual Community Meetups in October New Meetup groups looking for speakers • Communication, Media, Technology • Higher Education • Nonprofit Organizations Local virtual events in +20 cities • Join from anywhere! → Join the Global Group: https://meetups.mulesoft.com/online-group-english/ → RSVP for upcoming events: https://meetups.mulesoft.com/events/ 5
  • 6. All contents © MuleSoft, LLC Speakers 6 Deepak Suseelan Technical Architect , MuleSoft Professional Services
  • 7. All contents © MuleSoft, LLC This presentation involves custom developed components that is not part of MuleSoft product suite and therefore not supported by MuleSoft support. Technical assistance for these components are limited to this presentation and associated documentation.This is an UNLICENSED utility, please review the considerations. If you need assistance on extending this application, contact your MuleSoft Customer Success representative or MuleSoft Professional Services Disclaimer
  • 8. All contents © MuleSoft, LLC Anypoint Runtime Fabric VM Mule App VM Mule App Mule App Runtime Fabric components Runtime Fabric appliance Mule App network Runtime Fabric Mule App Mule App VM Runtime Fabric orchestrates and automates the deployment of Mule runtimes into containers in any cloud or on-premises environment Benefits ● Deploy consistently across any cloud or data center ● Run multiple runtime versions in the same Runtime Fabric ● Scale horizontally and redeploy w/ zero-downtime ● Easily manage via the control plane hosted by MuleSoft ● Flexible deployment upon existing infrastructure or managed K8s services Overview
  • 9. All contents © MuleSoft, LLC Issues with bundling certificates with application ● Use of self-signed or non-compliant certificates ● Unable to track and renew certificates in a timely manner ● Cannot guarantee the safety of private keys ● Unable to track non-compliant certificates ● No accountability ● Security Constraints Why Externalize Certificates
  • 10. All contents © MuleSoft, LLC Option 1( Most Common) - Inject TLS certificates during CD process ● Most commonly used solution ● Does not involve any custom mule components ● Does not modify the container after it is created Certificate Externalization With RTF ● TLS certificates get stored in Anypoint Exchange repo along with the application ● Any change in certificate would mean re-deployment of all the applications
  • 11. All contents © MuleSoft, LLC Option 2 - Using Secure Properties Certificate Externalization With RTF https://docs.mulesoft.com/runtime-fabric/1.10/manage-secure-properties
  • 12. All contents © MuleSoft, LLC Option 2 - Using Secure Properties Link: https://github.com/mulesoft-catalyst/rtf-secure-file-provider Certificate Externalization With RTF ● Separation of TLS certificate deployment pipeline from Application deployment ● TLS certificates are never stored as part of the application even in Exchange ● No need to re-deploy applications after updating certificate ● Possibility of hitting the size limit of secure properties Depending on the number of files being stored ● Container modified after deployment for adding files to classpath
  • 14. All contents © MuleSoft, LLC Option 3 - Using Custom Admission Controller Certificate Externalization With RTF Self Managed
  • 15. All contents © MuleSoft, LLC Option 3 - Using Custom Admission Controller Link: https://github.com/mulesoft-catalyst/RTF-Custom-Admission-Controller Certificate Externalization With RTF ● Separation of TLS certificate deployment pipeline from Application deployment ● TLS certificates are never stored as part of the application even in Exchange ● No need to re-deploy applications after updating certificate ● Files can be stored in any external storage with no size restrictions ● Only for RTF on self managed kubernetes ● The webhook becomes the most critical part of your infrastructure. It needs to be highly available and fault tolerant. ● Webhook is a Mule application and will be counted towards core subscription ● Requires at least intermediate level knowledge of Kubernetes