CLOUDWATCH MULE® INTEGRATION

System Architecture

The CloudWatch Mule® Integration is an agent-based integration.

system-architecture

Pre-requisites

IO Connect Services API

The CloudWatch Mule® Integration does a license check via SSL and hence it requires outbound access to:

  • https://api.ioconnectservices.com/
  • Port: 443

 

On-prem Mule servers

On-prem Mule servers must be registered in Anypoint Runtime Manager (ARM) to be able to collect data. The RM Agent comes in the /bin folder of the Mule runtime, then you can perform the command in CLI. See instructions in https://docs.mulesoft.com/runtime-manager/servers-create

Any server that’s registered in a group or cluster in ARM must be able to gather metrics from those as well.

 

Mule Networking pre-requisites

In order for the agent to properly connect to ARM in Anypoint, specific network configuration must be allowed. All DNS names, ports and IPs needed to hook the agent are documented in https://docs.mulesoft.com/runtime-manager/rtm-agent-whitelists.

 

CloudHub applications

Given the cloud nature of applications deployed to CloudHub, all application and server metadata is intrinsically stored by default on Anypoint Control Plane. No special configuration is required other than the needed permissions in the connected app.

 

Ports and Hostnames to whitelist

The CloudWatch Mule® Integration must have an internet connection on port 443 for outbound connections at least.

In enterprises, it’s very common that all networks are behind a firewall to protect access. In many other cases, reverse proxies are used to protect outbound communications to restricted websites. Customers must configure rules in the firewall and proxies to ensure the communication to all IO Connect Services, Anypoint and CloudWatch.

 

IO Connect Services networking requirements

The CloudWatch Mule® Integration does a license check via SSL and hence it requires outbound access to:

  • https://api.ioconnectservices.com/
  • Port: 443

This is an outbound communication only and it’s initiated by the CloudWatch agent running on-premise.

 

MuleSoft Anypoint networking requirements

Communication from Mule servers, installed on-prem, must allow inbound and outbound connections to the following DNS names via port 443 (HTTPS) and 9999 (configurable websocket).

Here is a full list of the FQDNs that need to be whitelisted. Pick the ones corresponding to the region to which you MuleSoft organization belongs to.

  • anypoint.mulesoft.com
  • eu1.anypoint.mulesoft.com
  • mule-manager.anypoint.mulesoft.com
  • mule-manager.eu1.anypoint.mulesoft.com
  • runtime-manager.anypoint.mulesoft.com
  • runtime-manager.eu1.anypoint.mulesoft.com
  • arm-auth-proxy.prod.cloudhub.io
  • arm-auth-proxy.prod-eu.msap.io
  • data-authenticator.anypoint.mulesoft.com
  • data-authenticator.eu1.anypoint.mulesoft.com
  • analytics-ingest.anypoint.mulesoft.com
  • analytics-ingest.eu1.anypoint.mulesoft.com
  • exchange2-asset-manager-kprod.s3.amazonaws.com
  • exchange2-asset-manager-kprod-eu.s3.eu-central-1.amazonaws.com

Learn more about the MuleSoft Anypoint networking requisites in https://docs.mulesoft.com/runtime-manager/rtm-agent-whitelists

 

CloudWatch networking requirements

Communication from the CloudWatch agent is via port 443 (HTTPS).

 

PREVIOUS TOPIC


< OOTB Operations

NEXT TOPIC


Installation >