Global organizations require global IT infrastructure to support their processes, and APIs are no exceptions to this requirement. In Part 2 of this blog post series, we will discuss the solution design and the implementation steps for the business requirements discussed in Part 1.
Table of Contents
Solution design
Solution design diagram
Implementation plan
Conclusion
Solution design
After thorough analysis of the requirements and available CloudHub regions, the ACME Inc. Center for Enablement (C4E) has come up with the following Solution Design.
Solution design diagram
The diagram below shows the solution design and the components required for the implementation. Applications will (continue to) use the vanity domain api.acme.com, whereby Route 53 will be configured to ensure geographical routing based on the application's location.
Implementation plan
The C4E has also created an Implementation Plan, as described below.
- Create Private Spaces in Regions eu-central-1 (deu-c1) and us-east-1 (usa-e1)
- Check configuration of AWS Route 53 Hosted Zone
- Create TLS Context
- Check configuration of existing VPC and DLB in Region ap-northeast-2 (au-s1)
- Deploy Orders API to the three environments
- Configure AWS Route 53 with required DNS Records and geolocation policies
Now let's get started with the implementation!
Create Private Spaces in Anypoint Platform
- Create a Private Space in Region Europe (Frankfurt) by following the steps described here. The team decides to name this Private Space acme-priv-sp-deu-c1.
- Create a Private Space in Region US East (Northern Virginia) following the same steps as above. The team decides to name this Private Space acme-priv-sp-usa-e1
The creation of the Private Spaces runs in the background and will take approximately 30 minutes to complete.
Check configuration AWS Route 53 Hosted Zone
AWS Route 53 uses Hosted Zones for the management of a Top-Level Domain (TLD). ACME Inc. is already using AWS Route 53 for the management of their domain acme.com, so in this case the team does not need to create a new Hosted Zone.
You can follow the steps described here to create a Hosted Zone for your own domain. Please note that using services in AWS Route 53, e.g. domain registration, DNS queries etc. are subject to the corresponding fees, which you will have to pay for.
Create TLS Context
The C4E at ACME Inc. has already gathered the needed PEM-files from their networking team to configure the Private Space with a TLS Context for api.acme.com. They configure both Private Spaces following the steps described here.
Check configuration of existing VPC and DLB
The C4E has decided to deploy the Orders API with the application name acme-inc-orders-api in all environments. As this name is available and unique inside the VPC, and the mapping rule inside the DLB has already been set up to forward API calls to the corresponding Mule App, no further changes are needed. While they are checking the configuration in Runtime Manager > Load Balancers, they make note of the DLB's domain, which they need to configure the DNS Records.
Deploy the Orders API
The C4E goes ahead and deploys the Orders API to the 2 Private Spaces in Frankfurt and Northern Virginia and to the VPC in Australia, a major milestone! Since API Security is of course highly important, they also created 3 APIs in API Manager and connected these to the Mule Apps using the ApiId, and implemented the Client ID enforcement policy. Lastly, they created an API Group in API Manager and bundled all 3 API instances in the group, so that one set of credentials can be used to access all global API instances. With this in place, they can provide their customer with all the flexibility needed to call the API from any geographical location.
After some sanity checks and test calls, all signs are green to go ahead with the global implementation.
Configure AWS Route 53
Now it's time to bring it all together. The C4E collaborates with the networking team to configure AWS Route 53.
First, the team gathers the required network configuration information for both of the Private Spaces, especially the Public DNS Target, to create the needed DNS Records.
Record Name: api
Record Type: CNAME
Value: xxxx.deu-c1.cloudhub.io
Routing Policy: Geolocation
Location: Europe
Record ID: 20230810-132419
Note: it can take up to 24 hours to propagate the DNS record to all global DNS servers.
To check whether the DNS record is available, you can run the Terminal command as shown below. The CNAME record should point to the CloudHub Public DNS Target, and in turn, the A Records should correspond with the Inbound Static IPs.
user@laptop: ~ $ dig api.acme.com ; <<>> DiG 9.10.6 <<>> api.acme.com ;; global options: +cmd ;; Got answer: ... ;; ANSWER SECTION: api.acme.com. 60 IN CNAME xxxx.deu-c1.cloudhub.io. xxxx.deu-c1.cloudhub.io. 60 IN A 10.0.0.1 xxxx.deu-c1.cloudhub.io. 60 IN A 10.0.0.2 xxxx.deu-c1.cloudhub.io. 60 IN A 10.0.0.3 ;; Query time: 83 msec ;; SERVER: 100.1.2.3#53(100.1.2.3) ;; WHEN: Thu Aug 10 16:36:45 CEST 2023 ;; MSG SIZE rcvd: 133
Basically, the DNS Record will ensure that a call to the domain api.acme.com will be routed to the CloudHub domain in Europe (Frankfurt) where the Orders API is running, if the call originates from an IP Address residing in Europe.
The table below provides an overview of all DNS records created to complete the implementation. The team also added a CNAME Record with Geolocation Default to ensure that calls originating from a different continent or from an non-identifiable IP Address are routed to the Orders API running in North America.
| Name | Routing | Differentiator | Value |
|---|---|---|---|
| api.acme.com | Geolocation | Europe | xxxx.deu-c1.cloudhub.io |
| api.acme.com | Geolocation | North America | xxxx-usa-e1.cloudhub.io |
| api.acme.com | Geolocation | Oceania | acme-inc-au-s1.lb.anypointdns.net |
| api.acme.com | Geolocation | Default | xxxx-usa-e1.cloudhub.io |
Conclusion
The leadership team at ACME Inc. is very impressed and happy with the solution created by the C4E, and is confident it will be of great value to their customers. The C4E has successfully implemented a global and scalable solution, that ensures fast response times from any geographical location, in turn providing an excellent customer and developer experience. Using Geopeeker, the team double-checks the global response times and DNS resolution, and sees everything is working as intended.
As soon as the implementation is completed, the team notices that the operating costs on AWS Route 53 continue to increase, so they do make one small change. They decide to adjust the Time-to-Live (TTL) of each CNAME Record to 86,400 seconds (or 1 day) to increase the cache period and reduce the number of queries made by clients against the DNS Service, in turn reducing operating costs. It is indeed common practice to first configure the records with a short TTL, and increase it as soon as everything is configured as required.
And there you have it: leveraging the Anypoint Platform, we are able to successfully create API runtimes in different regions, enabling us to globally deploy APIs on fully-managed and highly scalable infrastructure. Using AWS Route 53 we further extend our solution by ensuring global content delivery, providing an application network that can be reached by customers throughout the world!