Introduction
MuleSoft’s CloudHub is a multi-tenant integration platform in the Cloud. CloudHub Virtual Private Cloud (VPC) allows you to create a virtual, private, and isolated network segment on AWS cloud to host your CloudHub workers. CloudHub VPC is part of CloudHub managed services which allows us to deploy, run and manage our applications in a dedicated and secure environment.
VPN stands for Virtual Private Network and Anypoint VPN creates a secure connection between CloudHub and Customer networks. In this blog we will explore how to set up VPC and VPN in Anypoint Platform.
Walkthrough
Steps to create VPC:
- In your Runtime Manager, click on the VPCs and create VPC.
- Name the VPC and then choose a region closest to your data centre.
- Give the CIDR block size and range for the VPC. The block size that can be assigned for Anypoint VPC is 24 (256 IP addresses) and the largest 16 (65,536 IP addresses).
- addresses) and the largest 16 (65,536 IP addresses). Choose the environment and the business group.
Configure the firewall rules. MuleSoft provides four default firewall rules. Custom firewall rules can be used to allow specific IP ranges and ports.
Click on create VPC
Now go to VPN and click on create VPN
Name the VPN and choose the VPC from the dropdown.
Remote IP Address needs to be taken from the resource that we create in Azure.
First sign in to Microsoft Azure portal. (You can use the trial version for this walkthrough) https://portal.azure.com/
Create a resource group.
A resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group.
Open the resource group.
Add a new Virtual Network and click on create. The resource group and region will come by default. Click on create and review and then create.
Create a virtual network gateway. Give a name to the gateway and one for the Public IP address. And also choose the virtual network from the network. After clicking on create, it will take some time to generate the Public IP address. The same IP address is used as a Remote IP address for creating a VPN.
A virtual network gateway is composed of two or more VMs that are deployed to a specific subnet you create called the gateway subnet.
Copy the public IP address.
To get the value of CIDR, go to the Virtual Network created, click on the subnets in the left palette. Default and Gateway Subnet will be displayed. Copy the default subnet value and paste as the CIDR.
The status, tunnel1 and tunnel2 will be PENDING. If successful then status will become AVAILABLE and tunnel1 and tunnel2 will be DOWN. If failed, both the tunnels would be pending and the status will be failed.
- To make the tunnels UP in Azure, create Local Network Gateway for both the tunnels separately. Give a name to the gateway. The IP Address should be taken from the Local external IP address of Tunnel 1 in Anypoint Platform. The Address Space is the CIDR of the VPC.
A local network gateway is a specific object that represents your on-premises location (the site) for routing purposes.
Do the same for tunnel2.
Now go to the Virtual Network Gateway in the left palette and select connections. Give a name for the connection. Make the connection type site-to-site IPsec. Choose the local network gateway from the drop-down. For Shared PSK Key, copy the value from the respective tunnel in the Anypoint Platform. Create for both the tunnels.
Once both the connections are made perfectly then both the tunnels will be UP.
Our task is completed. We have now successfully configured VPC and VPN (azure cloud) in the Anypoint Platform. Hope this helps you.
References
- https://blogs.mulesoft.com/api-integration/security/isolate-your-worker-instances-using-a-vpc/
- https://docs.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal#:~:text=The local network gateway is,the site) for routing purposes
- https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways
