Automotive & EV
Smart IT solutions for connected and electric mobility.
Explore More
We design, configure, and optimise MuleSoft Anypoint Platform deployment architectures — CloudHub, Runtime Fabric on Kubernetes, on-premises Mule runtimes, and hybrid environments that span multiple clouds and data centres. We select the right deployment model for your data residency requirements, network topology, security constraints, and operational capabilities — and implement it with the environment management, CI/CD pipeline, and monitoring configuration that production Anypoint deployments require.
Choosing the right MuleSoft deployment model determines your operational overhead, data residency compliance posture, infrastructure cost, and long-term scalability. We assess your requirements and make a documented recommendation before any deployment begins.
| Consideration | CloudHub 2.0 | Runtime Fabric (RTF) | On-Premises Mule |
|---|---|---|---|
| Infrastructure management | ✓ Fully managed by MuleSoft (Salesforce) | ✓ You manage Kubernetes; MuleSoft manages Mule | ✗ You manage everything — hardware, OS, runtime |
| Data residency control | ✓ MuleSoft's cloud — data passes through Salesforce infrastructure | ✓ Full control — runs on your own infrastructure or private cloud | ✓ Full control — runs entirely in your data centre |
| Deployment speed | ✓ Fastest — provision workers in minutes via Anypoint Runtime Manager | ✓ Slower — requires Kubernetes cluster and RTF agent first | ✗ Slowest — requires hardware, OS, and runtime provisioning |
| Auto-scaling | ✓ Built-in horizontal scaling — add CloudHub workers automatically | ✓ Kubernetes HPA-based horizontal pod autoscaling | ✗ Manual scaling — requires additional hardware provisioning |
| Private network connectivity | ✓ Via CloudHub VPC with VPN or Direct Connect/ExpressRoute | ✓ Direct — RTF pods run in the same network as your systems | ✓ Direct — Mule runtime has direct LAN access to internal systems |
| Compliance (GDPR, HIPAA, etc.) | ✓ MuleSoft GovCloud available for regulated US workloads | ✓ Full control of data handling and infrastructure audit | ✓ Full control — data never leaves your perimeter |
| Operational team requirement | ✓ Minimal — no infrastructure or Kubernetes expertise needed | ✓ Kubernetes administration expertise required | ✗ Server administration, OS patching, and runtime management required |
| Cost model | ✓ vCore-based subscription — higher per-unit cost but zero infra overhead | ✓ Kubernetes infra cost + RTF licence — typically lower at scale | ✓ Capex hardware + Mule licence — low recurring cost, high initial |
| Best for | ✓ Teams that want to focus on integration, not infrastructure | ✓ Regulated industries, data sovereignty, or large-scale Kubernetes estates | ✓ Air-gapped environments, legacy data centres, or existing Mule 3 estates |
✓ Green = preferred for this factor | ✓ Yellow = acceptable with trade-offs | ✗ Red = significant limitation. We produce a deployment model recommendation document for every engagement — documenting the chosen model and the rationale for each requirement.
Every deployment model requires a different set of configurations to be production-ready. Here is what we design and implement in each — and the design rules we apply to ensure production reliability.
MuleSoft's fully managed iPaaS runtime — you deploy Mule applications, Salesforce manages the underlying infrastructure, patching, and horizontal scaling. Best for teams that want fast time-to-value and zero infrastructure management overhead.
Container-based Mule runtime running on Kubernetes in your own infrastructure — AWS EKS, Azure AKS, GCP GKE, or on-premises Kubernetes. Gives full data residency control with Anypoint Platform management plane for deployment and monitoring.
Standalone Mule runtime installed on your own servers or VMs — either as a standalone runtime, a Mule runtime cluster, or a hybrid deployment where on-premises Mule handles internal data while CloudHub handles externally accessible APIs.
From deployment model assessment and architecture design through environment configuration, CI/CD pipeline, network setup, monitoring, and ongoing deployment management — every layer of a production Anypoint Platform deployment.
We assess your data residency requirements, network topology, compliance constraints, operational capabilities, and workload characteristics — and produce a written Deployment Architecture Recommendation documenting the chosen model and the rationale for every requirement.
We configure a full multi-environment CloudHub deployment — VPC creation and subnet design, VPN or Direct Connect to on-premises systems, static IP and DLB configuration, vCore sizing per application, Object Store, Anypoint Monitoring, and environment promotion pipelines.
We design and implement Runtime Fabric deployments on AWS EKS, Azure AKS, GCP GKE, or on-premises Kubernetes — including cluster sizing, RTF agent installation, node pool configuration, Ingress setup, HPA autoscaling, RBAC design, and Anypoint Monitoring agent deployment.
We design the network and security architecture for your Anypoint deployment — VPC peering and VPN tunnels to on-premises systems, TLS certificate management, Anypoint Security policies, mTLS configuration, IP whitelisting, and private DNS configuration for internal service discovery.
We implement automated CI/CD pipelines for Anypoint Platform deployments — GitHub Actions or Azure DevOps pipelines that run MUnit tests, apply coverage gates, deploy to dev and test on merge, and deploy to staging and production via approval-gated promotion workflows.
We design and implement a full Anypoint environment strategy — dev, test, staging, and production — with environment-specific property configurations, secrets management via Anypoint Secrets Manager or external vault, environment access control by team role, and environment refresh procedures.
We configure Anypoint Monitoring for every deployed application — custom dashboards per integration domain, alert thresholds for CPU, memory, error rate, and response time, log management and search configuration, and Anypoint Visualizer topology diagrams for your full application network.
We manage Mule runtime upgrades across CloudHub and RTF — testing upgrade compatibility in staging, identifying deprecated features and configuration changes, executing staged production upgrades with rollback capability, and managing Kubernetes version upgrades for RTF cluster environments.
Production-ready Anypoint deployments require configuration across a wide range of platform features — each one contributing to reliability, security, or observability. We configure all of them.
Private cloud network isolating your CloudHub workers — with subnet configuration and security groups
Encrypted tunnel from CloudHub VPC to your on-premises systems or private cloud
Persistent key-value storage for Mule flows — idempotency keys, watermarks, session state
Cloud-native message queue setup — dead-letter queues, message TTL, subscriber configuration
Centrally managed secrets for Anypoint — connector credentials, certificates, API keys
Runtime security — threat protection, JWT, Crypto module, secure properties configuration
APM dashboards, distributed tracing, custom alert thresholds, log management setup
Live application dependency and network topology maps for all deployed Mule applications
Anypoint CLI and Runtime Manager API for automated deployment pipelines and environment management
CloudHub worker and RTF HPA autoscaling policies tuned to application throughput patterns
CloudHub DLB with SSL termination, custom domain, and routing rules for external API access
Mule runtime heap sizing, GC policy, and thread pool configuration for on-premises and RTF
A requirements-first, documentation-driven process — every deployment architecture is designed and documented before any configuration begins, and validated in a non-production environment before production is touched.
We capture every deployment requirement — data residency, compliance framework, network topology, connectivity to on-premises systems, security standards, operational team capabilities, expected workload volumes, and SLA target — before selecting a deployment model.
We produce a Deployment Architecture Document — chosen model, network topology diagram, VPC/cluster design, environment strategy, sizing recommendation, secrets management approach, and CI/CD pipeline design — reviewed and approved before any configuration begins.
We build and validate the non-production Anypoint environment first — CloudHub VPC, RTF cluster, or on-premises runtime — verifying connectivity to source systems, monitoring agent setup, and CI/CD pipeline deployment before the production environment is configured.
We implement the automated deployment pipeline — GitHub Actions or Azure DevOps — with MUnit test execution, coverage gates, automated deployment to dev and test on merge, environment-specific property injection, and approval-gated staging and production promotions.
We apply the full security configuration — VPC firewall rules, TLS certificates, Anypoint Secrets Manager, mTLS for inter-service communication, API Manager policies, and access control by environment and team role — validated against the security requirements captured in phase one.
We deploy the production Anypoint environment following the same architecture as non-production — validated in staging with production-equivalent load before the production configuration is finalised and the first Mule applications are deployed.
We configure Anypoint Monitoring dashboards and alert thresholds, validate metrics are flowing correctly, and produce a Platform Operations Runbook — covering environment management, deployment procedures, incident response, and runtime upgrade process — before handover.
Deployment architecture decisions are permanent. Choosing the wrong model, misconfiguring VPC network isolation, or skipping proper environment management creates problems that are expensive to fix after integrations are live in production.
We document your requirements — data residency, compliance, network topology, team capabilities, cost constraints — before recommending a deployment model. We have seen CloudHub deployed for a healthcare client with HIPAA requirements that needed RTF. Getting the model wrong before a single Mule application is deployed is avoidable.
We produce a Deployment Architecture Document — network topology, environment strategy, sizing, secrets management, CI/CD design — reviewed and approved before any Anypoint Platform configuration begins. Documented architectural decisions cannot be misremembered.
We design VPC network isolation, TLS configuration, Secrets Manager, and API Manager policies into the deployment from the start — not added to the backlog after the first security review. Security retrofitted into a running environment is always more expensive and less complete than security designed in.
We implement automated CI/CD pipelines on every deployment engagement — not as an optional add-on. Manual deployments to Anypoint environments accumulate inconsistency and create configuration drift between environments that causes "works in staging, fails in production" incidents.
Runtime Fabric on Kubernetes requires Kubernetes expertise that most MuleSoft specialists do not have. Our team includes Kubernetes-certified engineers who have deployed RTF on AWS EKS, Azure AKS, and GCP GKE — including node pool design, HPA autoscaling, Ingress configuration, and certificate management.
Anypoint Monitoring dashboards and alert thresholds are configured and validated before the first Mule application is deployed to any environment — not added reactively when something fails. You cannot diagnose incidents in a monitoring-free environment.
Deployment architects hold MuleSoft MCD, Integration Architect, and Kubernetes certifications — covering the full range of skills required to design and implement production Anypoint Platform environments.
Salesforce Administrator
Advanced Administrator
Sales Cloud Consultant
Service Cloud Consultant
Marketing Cloud Consultant
Platform Developer I
SF Agentforce Specialist
Integration Architect
Data Architect
Salesforce Marketing Associate
At Rackwave Technologies, we deliver tailored IT Consulting Services across a wide range of industries. Our industry-focused approach ensures that every solution aligns with specific operational challenges, compliance requirements, and growth objectives—rather than generic technology implementations.
IT systems for real-time tracking and efficient operations.
Explore MoreReal feedback from teams whose Anypoint Platform is now properly configured, monitored, and managed — not held together with manual deployments and post-it notes.
"We had been running CloudHub without VPC configuration for 18 months — our integration traffic was going over the public internet. Rackwave's assessment identified this immediately and implemented proper VPC isolation, VPN to our on-premises SAP, and dedicated load balancer within 3 weeks. We should have done this on day one."
"Runtime Fabric on Azure AKS for GDPR compliance. Our previous vendor had attempted it and given up after 6 weeks. Rackwave had the RTF cluster running, registered in Anypoint, and the first Mule application deployed within 4 weeks. The Kubernetes depth they brought was the difference."
"The CI/CD pipeline Rackwave implemented means no engineer can deploy to production manually. Every deployment goes through MUnit tests and the approval gate. In 12 months we have had zero configuration drift between environments and zero 'works in staging but fails in production' incidents."
Interviews, tips, guides, industry best practices, and news.
“Rackwave Technologies has significantly improved our marketing performance while providing reliable cloud services. We’ve been using their solutions for a while now, and the experience has been seamless, scalable, and results-driven.”
David Larry
Founder & CEO
Everything you need to know about MuleSoft Cloud & Hybrid Deployment Architecture.
CloudHub is MuleSoft's fully managed cloud iPaaS — you deploy Mule applications via Anypoint Runtime Manager and MuleSoft manages the underlying infrastructure, OS, patching, and worker scaling. Runtime Fabric (RTF) is a container-based Mule runtime that runs on Kubernetes infrastructure that you manage — either on-premises, on AWS EKS, Azure AKS, or GCP GKE. You retain full control of the infrastructure; MuleSoft manages the Mule runtime layer. The key practical difference is: CloudHub is faster to get started and requires no infrastructure expertise, while RTF gives you full data residency control and typically lower per-unit cost at scale.
Choose Runtime Fabric when: you have data sovereignty or data residency requirements that prevent data passing through MuleSoft's infrastructure; your compliance framework (GDPR, HIPAA, PCI-DSS, ISO 27001) requires audit control of all infrastructure your data touches; you have an existing Kubernetes estate with the operational expertise to manage it; network latency to your on-premises systems is a concern and you need Mule pods running in the same network; or your integration workload is large enough that CloudHub vCore costs make RTF more cost-effective. For most other situations, CloudHub is the more pragmatic choice.
A CloudHub VPC (Virtual Private Cloud) is a logically isolated private network in the MuleSoft cloud where your CloudHub workers run — isolated from other CloudHub tenants. Without a VPC, your CloudHub workers share a public network with other MuleSoft customers. A VPC is required if: you need private connectivity between CloudHub and your on-premises systems (via VPN or Direct Connect); your security policy requires network isolation for integration traffic; or you need static IP addresses for outbound traffic from CloudHub (required for IP whitelisting by downstream systems). We recommend VPC configuration as standard on every production CloudHub deployment.
We configure private network connectivity between CloudHub VPC and your on-premises data centre using either IPsec VPN tunnels (supported by most corporate firewalls and routers) or AWS Direct Connect / Azure ExpressRoute for dedicated private links. Both options create an encrypted private connection between CloudHub workers and your on-premises systems, eliminating the need for your systems to be publicly accessible from the internet. VPN tunnels are faster to set up; Direct Connect/ExpressRoute provides more consistent bandwidth and lower latency for high-throughput integrations.
We size CloudHub workers based on three factors: the memory requirements of the Mule applications being deployed (typically 0.5 to 1 vCore for standard integration flows, 2 to 4 vCores for high-throughput batch processing), the concurrency requirements (how many simultaneous requests or messages the flow must handle), and the expected peak load profile. We baseline worker CPU and memory consumption using Anypoint Monitoring during initial deployment and adjust sizing based on observed metrics. We also design auto-scaling policies so workers scale horizontally during peak load rather than over-provisioning for peak at all times.
Yes — this is a hybrid deployment. A common pattern is to run externally-accessible Experience APIs on CloudHub (because external consumers need a public endpoint) while running System APIs that access sensitive on-premises data on an on-premises Mule runtime or RTF cluster (because those flows never expose internal data externally). CloudHub workers and on-premises Mule runtimes can be managed from the same Anypoint Runtime Manager environment, with the same deployment pipeline deploying different applications to different targets based on the application configuration.
We configure a minimum of four Anypoint environments as part of every enterprise deployment engagement: Development (for individual developer testing), Test (for integrated functional testing and MUnit test execution), Staging (a production-equivalent environment for UAT and pre-production validation), and Production. Each environment gets its own CloudHub VPC or RTF namespace, environment-specific property configurations, separate Anypoint Secrets Manager secrets, and scoped access control limiting which team members can deploy to each environment. The CI/CD pipeline automates promotion between environments based on approval gates.
We configure Anypoint Secrets Manager for all sensitive credentials — connector passwords, API keys, certificates — so they are never stored in source code or deployment pipelines. For non-sensitive environment-specific properties (base URLs, environment identifiers, feature flags), we use Anypoint Runtime Manager application properties with environment-specific overrides. We also support integration with external secret management tools — HashiCorp Vault and AWS Secrets Manager — for organisations that have an enterprise secrets management standard that Anypoint must use rather than replace.
Yes — CI/CD pipeline implementation is included in every deployment engagement. We implement automated pipelines using GitHub Actions or Azure DevOps that run MUnit tests on every commit, enforce a coverage gate blocking deployment if tests fail or coverage drops below threshold, deploy automatically to Development and Test on merge, and use approval gates for Staging and Production promotions. We also configure environment-specific property injection in the pipeline so the same application artifact is deployed across all environments without manual configuration changes.
Runtime Fabric on Kubernetes runs Mule applications as containers on a Kubernetes cluster that you own and manage. The cluster can be on AWS EKS, Azure AKS, GCP GKE, or on-premises Kubernetes (OpenShift, Rancher, or vanilla). RTF requires: a Kubernetes cluster meeting MuleSoft's minimum node specifications; the RTF agent installed on the cluster and registered with your Anypoint organisation; a dedicated node pool for Mule application pods with appropriate resource limits; an Ingress controller for external API traffic; and persistent storage for Object Store. We design the Kubernetes cluster architecture, install and configure RTF, and validate application deployment before handover.
