Deploying MuleSoft Applications in China

by Sandeep Deshmukh and Nilesh Shrimali

In today’s environment, organizations often find themselves compelled to adapt rapidly, in response to new demands emerging from the post-pandemic era. The majority of these entities are currently navigating their digital transformation journeys, aiming to craft digital patient experiences through portals, web applications, wearables, and other innovative tools. Simultaneously, they are obligated to facilitate shared access to healthcare data, and PII data per government mandates.

Given that many life sciences and manufacturing organizations operate on a global scale, they encounter challenges in formulating deployment strategies as they strive toward their digital future. This journey necessitates a focus on speed, agility, and connectivity to deliver top-tier care for their clientele.

Many of MuleSoft’s Customers have a significant presence in China, a nation renowned as one of the largest in the world, boasting a high population and GDP. With over 1.3 billion residents, China presents unique technological considerations, notably renowned as the “Great Firewall” — a set of regulatory and technical restrictions that have introduced distinctive challenges for technology vendors in recent years. After working with some of our strategic customers, some of the known considerations for China deployment Strategy are listed below:

China data-residency / data protection laws

Laws about data residency and protection in China mandate that any company collecting personal data must store it within the country. The ‘Cross-border Transfer of Personal Information’ regulation, currently in draft form, aims to impose more stringent regulations, including assessments, on companies involved in the cross-border transfer of personal data.

** Per the recent update on this topic though, China plans to ease some of these restrictions.

No CloudHub Region in China

In the context of MuleSoft solutions, there is no provision for CloudHub or AnyPoint Control Plane in China, and there are no plans for deployment in that region in the near future. For those utilizing the Anypoint Control Plane, customers are required to use either the US or EU-based control plane. In the next section, we will discuss some of the options around MuleSoft deployments in the China region.

Cloud platform restrictions

Cloud platform restrictions are noteworthy, as major hyper-scalers like AWS and Microsoft offer platform-specific features that might not be accessible in China.

If you’re just starting with MuleSoft and wish to gain a more in-depth understanding of the hosting possibilities specific to MuleSoft in China, it’s essential to grasp the platform’s two key components: the Control Plane and the Runtime Plane, as we’ll explore further below.

Control Plane:

This is the feature of the Anypoint Platform architecture for designing, deploying, and managing APIs and Mule applications. The control plane encompasses product features and components integrated into the Anypoint Design Center, Anypoint Management Center, and Anypoint Exchange. The control plane has limited metadata and metrics stored in the Anypoint Management Center. This metadata assists you with managing, monitoring, and troubleshooting integration runtimes, and APIs.

As of this writing, the MuleSoft control plane is only available in regions US East (North Virginia) and Europe (Frankfurt).

Runtime Plane:

Component of the Anypoint Platform architecture where the APIs and Mule applications are deployed. The runtime plane consists of the Mule runtime server and associated services that provide support.

Runtime Plane Hosting Options in China

As of this writing, here are a few options available for deploying Mule applications in the Runtime Plane in China :

1. Mule Runtime on Runtime Fabric(Available)
2. Mule Runtime on Standalone** (Available)
3. Flex Gateway ( Available — Suitable for API gateway use-cases)

** — Mule Runtime on Standalone is not available for Customers with new pricing and packaging model.

Mule Runtime on Runtime Fabric:

Customers receive Runtime Fabric (RTF) as a bundled collection of components and services designed to operate seamlessly on their pre-existing Kubernetes clusters, which they provision themselves. They have the flexibility to deploy this package either on Kubernetes clusters offered by Public Clouds or opt for a standardized bare metal solution using public Kubernetes distributions. For the most current list of supported Kubernetes providers, please refer to the MuleSoft documentation. Notably, we have recently expanded support for Runtime Fabric on Alibaba Cloud Container Service (ACK) to facilitate deployments in China. (Release notes)

Mule runtime on Standalone:

It is possible to deploy Mule runtime on the standalone physical machines, or VMs managed by the customers on their own hardware or the ones provided by Hyper-scalars like AWS (EC2), Azure, Google etc.

Flex Gateway

Flex Gateway is a product that simplifies API management holistically. It is light weight, low cost with the same great features as the Mule Traditional Gateway using Mule Runtime. Customers in China can manage the non Mule API using Flex Gateway (on prem) hosted in China. Check documentation for more details on Deployment models

Monitoring Considerations

For deployments with data residency requirements, the Application logs need to be stored in the China region. MuleSoft provides flexibility in using the 3rd party monitoring agents to be installed in the Kubernetes cluster for RTF, Standalone Servers, or Flex Gateway which allows you to store logs in the local geographical region.

If you have entitlement for Advanced monitoring (Titanium features) in your subscription, your application logs will be sent to the US control plane or EU control plane based on your setup. We recommend you to disable application logs monitoring for your Mule Deployments using the configurations provided by MuleSoft to control monitoring data. Runtime Fabric Application Logs config here. For standalone deployment, you can disable application logs to be sent to the control plane using this configuration. Note: disable Anypoint Monitoring log forwarding but keep metrics collection enabled.

External Log Forwarding for RTF

External Log Forwarding for Standalone

External Log Forwarding Flex Gateway

Network Connectivity from Runtime Plane to Control Plane

When considering optimal experiences for application management and deployment, the following considerations are key:

1. Network Proxy setup
2. Bridge the Great Firewall of China

It is important to ensure stable connections between the runtime and control plane. Hence, a network solution like VPN, Direct Connectivity from cloud providers’ VPC to an on-premise network or another network, from which the customer’s control plane can be accessed by runtime plane, is recommended

To help customers understand what a reference architecture from Cloud providers for the China region deployments could look like, we have illustrated an example below. Other examples with AWS Architecture are also listed here

Considerations when developing applications for Global Deployments

There are various considerations to be taken when building great apps. We have listed a few below that are essential when you are considering global needs:

Solution Design

1. When feasible and depending on the use cases, think about implementing an Event-Driven Architecture (EDA) pattern, which can help to reduce the coupling and increase the stability when the network is not stable
2. Proximity of data transport i.e. closest to origin and destination. For example, MQ in Singapore for China works better than in the USA or London

Data Privacy

1. Protect Sensitive information
2. Acknowledge Consent and Privacy laws
3. Encryption needs when handling data while in-flight as well as storage

Solution packaging

1. Do not package too many flows or functions in a single project, which may make an application size too large and slow for the deployment
2. Create different packages for resources such as DataWeave, WSDLs and Template examples

Sizing considerations

In a standalone runtime environment, all applications share server resources such as vCPU and memory. In contrast, Runtime Fabric adopts a containerized model, assigning dedicated vCPU and memory to each application based on the allocated size. When a Mule application is deployed to Runtime Fabric, it comes with its own Mule runtime engine (Mule), and the specified number of replicas or instances determines the resources available for each application. These resource allocations are determined by the values configured during deployment.

In this documentation, you will find the parameters necessary for defining configurations when deploying on Runtime Fabric. If both reserved vCPU and vCPU limit are set to the same value, the application is allocated cores in a guaranteed model. However, when the vCPU limit exceeds the reserved vCPU, the application can burst up to the vCPU limit or idle vCPU, whichever is less.

Sizing considerations are influenced by factors such as:

• The number of APIs/applications
• Volume of calls
• Workload type for application (Batch, Event-Based, Real or Near Real-time)
• High availability (HA) factor, with a recommended 2+ replicas for production
• Performance benchmarking specific to Runtime Fabric
• Consideration of reserved CPU for Runtime Fabric’s built-in services (e.g., Anypoint monitoring sidecar, RTF agent, etc.)

As applications with burst capabilities contend for unallocated CPU, it is advisable to:

• Deploy batch applications running nightly alongside APIs that experience peak loads during the day.
• Deploy multiple replicas of an API to distribute across worker nodes, maximizing burstable surface area and providing high availability

Skillset required to support China Deployments

The Multi-Layer Protection Scheme (MLPS) cyber security framework is applicable for companies operating or doing business in China. The specifics of hiring local experts may be influenced by the MLPS requirements of other relevant regulations. A dedicated Anypoint Platform operator is recommended for China’s customers, who can help to manage the Anypoint Platform and provide support for Mule applications, runtimes and control plane.

In our experience with Runtime Fabric, we have identified that a solid understanding of Linux, Docker, and Kubernetes is essential for effectively managing Runtime Fabric clusters. Familiarity with key Kubernetes commands is particularly beneficial when addressing Runtime Fabric issues. At a minimum, Runtime Fabric is recommended for customers in China. So, knowledge of Kubernetes and container services of different cloud providers is required, like Aliyun’s ACK, AWS’s EKS, and Azure’s AKS etc. Furthermore, we recommend investing in certifications for the foundational technologies, including Kubernetes. For Standalone Runtime, a good understanding of Java components and Linux/Windows operating systems would be enough to manage and maintain the Mule Deployments.

Conclusion

To sum up this blog post, we discussed the deployment possibilities for running your Mule applications on infrastructure hosted within China. Prioritizing security regulations, MuleSoft will soon be available on Hyperforce, allowing you to securely deploy and automate workflows globally while adhering to regional regulatory standards. We’re launching our first Hyperforce control plane and expanding into Canada next year, and to Japan, Australia, the UK, and other EU operating zones in the coming years. If you require further assistance with implementation or architecture guidance for China deployment, please reach out to MuleSoft Professional Services or a MuleSoft-certified Partners.

References:

McKinsey. (Year). Cloud in China: The outlook for 2025. McKinsey & Company Blog. https://www.mckinsey.com/capabilities/mckinsey-digital/our-insights/cloud-in-china-the-outlook-for-2025

Hunton, P. (2019, June 19). China issues draft regulations on cross-border transfer of personal information. Hunton Andrews Kurth Privacy & Information Security Law Blog. https://www.huntonprivacyblog.com/2019/06/19/china-issues-draft-regulation-on-cross-border-transfer-of-personal-information/

Acknowledgements:

Special thanks also to Siebre MuleSoft certified local partner in China who helped collaborate with the Mule Solutions Teams Globally.