CloudHub 2.0 : Pairing Private Spaces using Transit Gateway(TG)
Private Spaces in CloudHub 2.0 refers the Private Kubernetes Cluster space which is logical and isolated space to deploy and manage mule applications in CloudHub. Private spaces are mapped to one particular region and can be chosen based on your requirement(typically closest to your company Data Centre & consumers presence).
In Private Space if you want to connect to private network (on premise physical data Centre / Cloud) below are the available options.
1.Anypoint VPN Gateway
2.Transit Gateways
To know more on Private Space, refer https://docs.mulesoft.com/cloudhub-2/ch2-private-space-about
In the large enterprises especially where applications need to interact and manage at global level might need to communicate from one private space to other private space where Transit gateway peering can be one consideration.
Recently started working global platform setup for one of the customer in CloudHub and was exploring the options to enable the direct connect between the regions between different private spaces considering Transit Gateway.
Here we have two customer Data Centers where one in EU-Central and another one is on US-Ohio, To manage the APIs/Integrations from MuleSoft, we have created 2 private spaces to connect to closest available regions in CloudHub where both my centre’s are in AWS Private cloud. To connect to respective Data Centre we can use the Transit Gateway, where one data Centre is in EU-Central and another one is US-Ohio.
Rest of the article explains Transit Gateway attachments and pairing between these two private spaces. Initial step is, attach the transit gateway from the private spaces.
- Login to AWS console and create the Transit Gateway in EU-Central region.
2. Establish the connectivity to Transit Gateway from private space- Click on create connection in Private Space and select the option of Transit Gateway
(Note: To attach it to Transit Gateway, Transit Gateway should be created in the same region of Private Space)
3. Provide the Transit gateway name and click next. Provide the Routes in CIDR notation, Static Routes value is the external networks which we wanted to connect from Private space and it must be in CIDR notation and then click next where you will be prompted to create resource share in AWS with MuleSoft AWSaccount ID.
4. Create Resource share in AWS and need to attach the same from Private Space and add the MuleSoft AWS id under the principals.
5. Post that, status of the resource share should change the status to active.
6. Now, copy resource ID and Owner ID of “Resource shares” and provide them in selected Private Space in CloudHub and Save.
7. Done!!! Now will be able to see the Transit Gateway attachment in Private space.
8. Repeat above steps to create and attach the Transit Gateway from Private space which is created in US Ohio region and post that you will see similar below
Now we have configured established the connectivity to corresponding data centres through Transit gateway attachments, now need to establish the cross regional connectivity through transit gateway pairing
Transit Gateway Pairing:
9. Login into AWS (region -> Frankfurt (eu-central-1)) -> Go to Transit Gateway Attachment and Click “Create transit gateway attachment” button to create an attachment for transit gateways peering and follow below steps.
10. Select the transit gateway to create attachment, select attachment type as ‘Peering Connection’ where account type is my account and select the other region transit gateway.
Provide the Transit Gateway ID (acceptor) of “Transit Gateway-US” Transit Gateway, created in “us-east-1” region) and click on “Create” button
This way Transit Gateway Peering Request Initiated in Frankfurt region as per below screenshot
Post that you will find the attachment request as pending in the transit gateway of US region, go head and accept the request same time create the static route between this two regions in AWS which makes the Transit gateway attachment is to active from pending.
Done !! Now enabled the connectivity between two private spaces with Transit gateway through Transit Gateway pairing.
