MCPA - Level 1: MuleSoft Certified Platform Architect - Level 1 Certification Video Training Course
MCPA - Level 1: MuleSoft Certified Platform Architect - Level 1 Certification Video Training Course includes 99 Lectures which proven in-depth knowledge on all key concepts of the exam. Pass your exam easily and learn everything you need with our MCPA - Level 1: MuleSoft Certified Platform Architect - Level 1 Certification Training Video Course.
Curriculum for Mulesoft MCPA - Level 1 Certification Video Training Course
MCPA - Level 1: MuleSoft Certified Platform Architect - Level 1 Certification Video Training Course Info:
The Complete Course from ExamCollection industry leading experts to help you prepare and provides the full 360 solution for self prep including MCPA - Level 1: MuleSoft Certified Platform Architect - Level 1 Certification Video Training Course, Practice Test Questions and Answers, Study Guide & Exam Dumps.
Hi. In this video, we will see both the customer-hosted control plane and the runtime plane setups that we discussed earlier. Now the runtime plane site for thecustomer hosted there are two ways. One is the scratch implementation or complete maintenance, where the customer hosts the runtime plan, and the other is the cloud version. Although not exactly cloud-based, the iPad functionality can be replicated on-premises or in a customer-hosted cloud, correct? Like AWS. Now what's changing now in this particular video is the left-hand side, which is the control plane, right? So here is the customer-hostile control plane. One thing I would like to explain to you ina short before we proceed is that for mule softhosted run time plane, we saw total four combinations, right? MuleSoft hosts a control plane with two MuleSoft-hosted runtime planes and two customer-hosted runtime planes. But whereas for the customer-hosted runtime plan, we are going to have a look at only two combinations, which are again customer-hosted runtime plans only, right? This is the reason for this: a customer-hosted runtime plan can only connect to the customer-hosted control planes. The customer-hosted control planes can only control the customer-hosted runtime planes. They cannot connect to the MuleSoft-hosted ones, okay? whereas the MuleSoft-hosted control plane connects to any combination. That is why we saw four combinations, right? Okay, let us move on to the first setup for the customer-hosted control plane with the customer-hosted runtime plan. So what you are looking at in front of you is a complete lock environment because both are customer-hosted, where on the left you see the control plane components like the API manager and runtime manager. As a result, the control plane is always a clubon with only displaced dockerized images. So like the mule run times, you will not have the option to either have a complete bare mule run installation or go with an iPad Kubernetes Docker cluster. No, for the control plane, there is always only one way of implementing the customer-hosted control plane, which is the Kubernetes cluster with each of your control plane components as the top-range image. Okay? So that can be hosted on a kind of private cloud, okay? private cloud edition. Now that can connect to the runtime plan again, which can be a bare-bones installation like we discussed in the last video installation on the blue fiscal blades or VMs maintained by a new set of experts who are on the customer side. Okay? And the next combination is the last one: the same customer-hosted control plane controlling the cloud version of the Mule soft runtime plane. OK? As a result, you may have some reservations. Oh, this is looking a bit different. The runtime plane setup here appears to be different from the one seen in the previous video, where it has a covert display in darkerized images, correct? Yeah. The reason for the change is that we want to emphasise that the same Kubernetes Docker cluster with any point in time fabric is one cloud version that customers can host, and the other is the third-party PCF. So PCF, as you must have heard, is a pivotal cloud foundry. Right. Instead of hosting on the cloud, it is a cloud offering that allows the customer to control the Ipass behavior. So, as I pass them, it compares the iPad's provisioned mule runtimes, but on a private Pivotal Cloud Foundry. OK, so the setup is somewhat similar. Just to familiarise you with the terminologies and the control over who is doing what there. If there is a cook and a docker here, the Pivotal Code Foundry will take care of your setup handle.So if you see this PCF router, it is similar to the load balancer and the PCF droplet, and the Foundry is a small private cloud, having your own VPC network and also that control. It's just that the tool is changing. Okay. That's why to represent this without demeaning it, here is the best place. Right. So these are all the six combinations on the setups for the control plan and runtime plan. So as an architect you should be reviewingthis for every project you're going to doon MuleSoft for the customers as a platformarchitect role and decide which combinations best fit. It is not always the same combination. Every time that fits for the entire project, there can be more than one that can fit because of the multiple teams and different sorts of sections in your of the multiple teaSo the best fits one shouldbe decided and proceeded forward. Thank you. Happy learning.
Hi, I hope you have done the brainstorming exercise and come up with some current deployment options that fit into your current project or any of your previous projects. I'm very sure that you must have evaluated various ways to decide which model is the right fit for your deployment architecture. However, I thought I would explain this to you visually. Though I have given the possible criteria as the assignment solution previously, I thought it would be better if I just showed you a kind of decision tree on how we can evaluate the right deployment model with the main criteria taken into consideration. There are important factors—so many important factors. But I would say some of the main ones that play a key role are these six of them, on which I'm going to zoom in. One is the security or compliance-related decision point. So based on this, your decision would change. Similarly the jurisdiction rules, thecost, time and then theinfrastructure and the architecturerelated decisions. These decision points would really drive the way you would choose the right deployment model. So I'll start with this. I will zoom in a little bit and start from the organization. Let's say you have an organisation and now you are at a point where you need to decide which deployment model is the right fit for you. The first is that you should simply evaluate, okay, is the data and metadata something that can stay outside your on premises or should it not leave on premises? If you decide yes, your only option is to invest in premises infrastructure because you have no other choice. If your data and metadata are required inside the premises, you will have no choice but to stay. If it is not, then you would think, "Okay, that's a decision point, which is whether you are a startup or an existing enterprise." If you're a startup, cloud architecture, or cloud infrastructure, is unquestionably the best fit these days. That way, you can go to production quickly, and you don't need heavy teams or infrastructure teams to set up all the servers and so on, so cloud is the best fit if you're a startup. If not, if you're an existing enterprise, then you'd have to think about a few more points, like, okay, are you planning for a complete cloud migration, meaning everything will be moved from on-premises to the cloud? Or is it just a partial one or a step-by-step migration? Okay, because you may have other reasons, such as legacy systems or old, home-built systems that will remain on premises for whatever reason, or because you have so many servers, you may want to do a step-by-step migration, Only new apps could be deployed or built on the cloud, and the existing ones would still be running on premises. So with such evolution points, you have to just think, and if your answer is yes, then you would still go with the cloud architecture. Okay, if it's a complete cloud migration; if not, then you would have to go for the half-model, which is a hybrid model, with some parties on-premises and some parties in the infrastructure cloud. Okay, but if you are unsure then to help youwith I have provided some more decision points that mayhelp you because you won't find this chart anywhere. It's not like a museum-provided chart. I spent some quality time creating this chart to assist you from my end by providing you with some correct decision points that may assist you as much as possible in making a decision. So if you are unsure, what you can think of is, have you done any assessment or not with respect to the number of APIs or new applications that you are going to build? If you have already done that assessment, then it is good. You have to just ask one more question to yourself. that okay.Are the apps less in number or more in number? If they are less in number, definitely thefully cloud infrastructure is the best fit. If not, if you have a lot of apps, then what you need to see is, okay, are you planning for cost savings by moving away from maintaining them on premises? That might be more, but if you have done any assessment with respect to the cost and see, OK, still if I go fully cloud with all these apps, you would save more money compared to having them on premises. Then you would have to just decide, okay, what should you do? Yes, if you think that on-premises maintenance is costly with respect to time and money, then you would have to go with the hybrid solution. Okay, but no, if you think we are very happy to stay on premises and there are no cost obligations, then you'd have to go over the premises. Only this way you can make decisions andif you're not done any assessment then youmay have to do it first and see. OK. I completed the assessment and will go through the same process again to determine whether you want to go on premises or hybrid, or you may think no. I don't want to go through all of this because, if you're a startup again and don't have time for all of this, you can just jump to the same conclusion that's fine. You are a fullycloud infrastructure flowerable company. Okay, so this is what the decision point is? First decide whether your infrastructure is to be a fullycloud one or is it going to be a hybridone or is it going to be fully onpremises? Okay, so these decision points help you to evaluate the high-level infrastructure solution, whether it is going to be cloud, hybrid, or on premises. Once you've made your decision, let's take a look at the cloud component of the fully cloud infrastructure. There are further discussion points to decide finally whatis going to be your real deployment model. So what you can see here is nextcomes when you decide is it fully cloud? Do you have any jurisdiction regulations on your data? Okay, meaning many countries have these rules that your data should not go outside of your country, state, or whatever the jurisdiction ranges are, right? So if such rules exist, then you may have to ask one question before deciding if it is going to be a fully MuleSoft-hosted environment or not: does MuleSoft have any MuleSoft-hosted control plane in your jurisdiction? Okay, the reason is that if you don't have a control plane, you won't be able to use the fully hosted MuleSoft infrastructure because all data and control must pass through the new software control plane. So if you have one, you are very lucky, and then you need to decide. Just like how you done before deciding the infrastructure andsolutions is the assessment of a number of APS orthe new apps, how many are they going to be? If they are less than numbers, you are good to go. You can just go and decide. You will use fully ITAs, which means museum-hosted control planes as well as museum-hosted time plans. Okay? Or if you have not done the assessment yet, you can again try to do it, then come back and make your decision. If you're opposed to a startup and want to commit fraud as soon as possible, you can opt for the fully iPad infrastructure. Okay? In this way you get everything hosted and all youneed to do is build your apps and deploy them. But if you think okay, no there is acost implication when you do the assessment you cameto know there is definitely a lot of appsand it will have a lot of cost implication. If you go with the fully iPad approach, then what you need to do next is okay. You have two options: either you have to go with a hybrid deployment model for MuleSoft or find the best fit. So then the factors that come into play are, okay, do you have an infrastructure team, a strong infrastructure team, infrastructure architects, network architects, or cloud infrastructure people? So if you have such a strong team, then again, you have to just think, are you going to retain them? Not nearly hiring them because thatwould again cost you more. But if you already have them, are you planning to retain them? Does it still save you money compared to going with fully integrated PAs? Yes. Then, without doubt, you can go with the IPAs plus IAS model, meaning infrastructure platform as a service plus the IAS cloud provider. You can use GCP, AWS, or Azure to create a hybrid model that combines the control plane with the soft-hosted one. Still, that's an iPad. You prepare and can host a few apps on the Mule softer runtime plan, and you can host your Mule runtimes on infrastructure as a service providers such as AWS, Azura, or GCP. That way, you can have a hybrid deployment model. So these are some considerations for time, money, and other factors when deciding whether to use fully IPAs or the hybrid deployment model. Okay, now, within the fully IPAs and IAS-plus hybrid deployment model, there are further down two ways: you can go with the shared worker cloud or you can have any point VPC set up a private network and have the worker cloud, which is private to you. Okay, so for that again, the racing points are just very straightforward. You need to see OK, are you just trying the model platform to see how it works for you, or are you just an NGO or nonprofit organisation that you want to have non-critical apps running? Then you can just go with the shared worker cloud; it's not a problem. If that is not the case, and you want to go with the private worker cloud due to some sensitive or critical apps, you can go with the private broker cloud by having the any point VPC setup and all so that you will get a dedicated VPC graded for the virtual private cloud and your workers will be hosted within that private cloud. Both options are the fastest deployment models in the hybrid deployment model. This first one, where you have iPads plus, is a combination, meaning you have hosted the control plane and the customer has hosted the time plane. You can have three variants inside it. One is using the runtime fabric. So the Runtime fabric is a mule softproduct which helps you to actually control theentire microservices runtimes or containers and gives youthe same features as the cloud hub featurewhich is hosted by the mule software. Using runtime fabric, you can achieve similar deployment and microservices architectures. So you can use that option, or you can have any point in a virtual cloud factory. This is appropriate if you already have a PCF-provided infrastructure, or you can simply host your own Mule runtimes on the IAS provider machines. If it's AWS, then it's EC2, and if it's your VMs or machines, you can just deploy MuleTime and host your apps however you want. Okay, so you'd have to decide whether you want to go with the fully microservices architecture, in which case you'd have to choose one of the RDS for PCF. If not, if you just want to deploy your apps and make them run, you can go with the self-managed Mule runtimes. Okay? You can still use the muft-hosted control plane to connect to custom muft runtimes hosted on AWS or zero GCP, but it's not Microsoft architecture. You won't have any containers or anything. If you choose this Microsoft architecture then like I wasmentioning, you have two options and how you decide isjust based on the decision is based on the PCF. If you have infrastructure that is provided by PCF, then you can just go with that without any doubt. But if not, then the best choice for you would be the runtime fabric. Okay? Runtime fabric is very powerful, and it really helps you to simply bring in the same kind of deployment architecture that you get on the cloud hub. Okay. And then we return to the jurisdiction rules. If you do not have a newshosting hosted control panel in your jurisdiction, you cannot use either of these two options because they will not be used for your control panel. Right? So you would have to go with a fully IaaS model. Okay, still, it is a fully cloud-based model, right? It's fully cloud infrastructure, but it is fully IAS, meaning no hosted servers, planes, control plan, or runtime plan would be available for you. Both the control plane and the run-time plan would have to be hosted in your cloud infrastructure as a service platform. Okay? So again, there are three options, same as you saw in the hybrid deployment model: one is RTF, one is PCF, and one is self-managed mule runtimes. So what you can do here is, again, the decision is almost the same as whether you go with the RTF, PCF, or self-managed mule runtime. It is the first criteria based on the microservices architecture. If you don't want it, you can go with the self-maintenance runtimes, but if you want the Microsoft architecture, then you can go with either RTS or PCF, and the decision is again purely based on the PCF infrastructure. All right, now the next set of deployment models are the hybrid infrastructure deployment solutions and the on-premises infrastructure deployment solutions. Even for hybrid, the jurisdiction rules will come into play again because of the same reason: whether your cloud infrastructure will allow you to keep the data inside the jurisdiction or not. All right, so we have to again make the check. If you have any jurisdiction rules, then the same question Do you have a MuleSoft-hosted control plane or not? If so, you're ready to go with the iPads plus on premises combination, which is a hybrid infrastructure combination in which you have the Microsoft hosted control planes and your runtimes run on your own infrastructure, which is on your own data centre on premises machines, okay? There is no need to have any private cloud providers for your VM, EC, etc on.But if you don't have any museum control plan in your jurisdiction, then obviously you would have to go with the fully IAS solution. Again, like we discussed, the reason is that you can't have MuleSoft host a control plane, so you have no option but to go with the fully integrated model to host your own control planes. Okay? So if there are any jurisdiction rules and you have the museum-hosted control plane in your jurisdiction, then in this particular iPad plus comprehensive model you have two options: one is RTF and one is self-maintained runtimes. Okay, you don't have the PCF here; this is because the PCF is intended for scenarios in which you have a cloud provider and want to manage your infrastructure on the cloud provider. But we're talking about the on-premises option here, the hybrid model with the cloud control plane and your own data centre or machine card. So you cannot use PCF for that, but RTF can still do that. RTF can bring microservices architecture with containers, and Kubernetes manages your deployment architecture on a third-party card provider. RTF can do the same thing on your own infrastructure with ease. All right, so you have two options. Again, the only additional point is whether you want to go with the Microsoft architecture or not. If you want to go with that, choose RTF. If not, choose your self-maintained Mule runtimes. Okay, coming to the last one, which is the on-premises infrastructure and solutions, everything will be fully on-premises here. Also, you have only two options: one is any point-runtime fabric and the other is a self-maintenance run time. So like I mentioned many times RTF beings with theMicrosoft picture, the difference is that here you would haveto host your own control plane instead of mutual supportedone because it is fully on premises and same wayfor the self managed, the only addition factor is microservicesif you wanted to go with that, if not gowith the selfmade neurons. Okay, you may also be interested in these colour representations in order to determine which model is the quickest to set up and run your code and which one takes the longest. I tried to put the fastest one in dark green, the fast one, which is fine, and then the moderate one, which is balanced, the one that is neither too fast nor too slow, and the slowest models are in red. All right, so based on your requirements, you'd have to choose which one you want to go with. All right, I have attached this difference sheet to this video or lecture. If you access the webpage, you can find that in the resources section on the right side. If you access the webpage, you will see a resources dropdown waiting for theresources, and you can download the sheet. Okay, same thing on mobile, right? Happy learning.
Hi. In this video we will look intothe next foundation which is access management. We are going to learn this in two parts, OK? As the content is a bit elaborate and we will deep dive a little bit with demonstrations, we will have it in two parts. So in this first part, what we'll understand is that after aligning the C4E and recently deciding your deployment model in the previous video slide, the next important foundation in this early phase of the project, or the foundation phase of the project, is establishing your org structure in the system, right? Because now your organisation definitely has a structure. So that structure has to be reflected in the system as well for better maintainability. So, in this first section, we will look at and understand the setup of organisation structure on any point platform using business groups, as well as how we can control access to those business groups, create various environments, restrict access of different users on those environments, fire roles and permissions, and so on. For now, it all starts at the organisation level because that's the starting point. That's the Master, right? Now the organisation is like a complete collection of all entries like lobs, users, roles, etcetera. This is from a systematic perspective. OK? So when you log into the Newport platform, generally what you see on the top right will be the organization, and the organisation is the complete collection of all the entities. So the business group falls under it. Okay? The business group is the component that falls directly under the organisation in the Arc structure creation. The business group is like a vertical in your organization. Remember how we talked about teams during the iteration process? Your organisation has it could be LOB's likeHR, Sales or Finance and all different verticalsdepartments or lobby, whatever we call, right? So these fall under the category of the business group. So it's basically a suborganization, on. So your organisation may not have direct relationships with A, HR, Finance, and Sales directly.It's like I said, structure, right? It's a hierarchy may be undergoing. There are three departments or verticals. Under each vertical, there could be HR, finance, and sales. So it depends on the structure. So it's suburbanization and a business group. There can be many other business groups as well. That tree can go on to keep growing. So let us now understand the structure in more So what you are seeing in front of you now is the high level of structure that I am trying to put together based on the scenarios that we have taken across this course. Our favourite HR, finance, and sales departments Okay? So let's say we have an organization, Arc One. I am naming it RG ARC. Now under it, I want to create three different business groups to represent HR, Finance, and one as sales.Okay, so let's say I created them. Now what comes next? Now we have the organization, and the lobby has been created. So happy? Okay, now I have three business groups. So how can I control this in a business group whenever some assets are built or published, and all you can control is that these are all being worked on under the HR business group so that all those assets are components and will be tied to the HR business group so that there is no cost cut between finance and HR? Similarly, finance will do their part and sales will do a part.So this is the design-time part. Fine. Now what comes next is the environment for the runtime part, right? Okay, you have designed the Ramble, and then you are ready. We have the specs to start the work. So you have done the application. So when you deploy, for example, the runtime plane or runtime components, you should have different runtimes, right? For example, you will undoubtedly have a sandbox first, followed by an average environment and then a higher environment. All right? So you will definitely have to create environments to promote your assets, which you are building. You have to create the environment in which I'm going to show it as a horizontal representation, so that cuts across different ones. However, keep in mind that the environments are not common just for picture representation. I put it horizontally. But the environments are not the same for all the business groups. Environments are also subsets of business groups. In other words, the HR business group may have two environments, such as sandbox and design, whereas HBOS may have three environments, including sandbox, design, and test. And sales might only have a design environment. It's not making sense, but I'm just saying environments are also a subset of business groups. Okay, so what else can we do with the structure? There are a lot of things. For example, as a whole organization, say you have obtained from MuleSoft some ten virtual courses of licencing or 20 virtual courses of licensing. Okay? Now when we create this orchestrator and define the business groups, you have the control to say, "Okay, I have a total of ten virtual codes with me." I will dedicate only two virtual codes to the HR team, for example, and only two virtual codes to the finance team and six to the sales team. Because I expect more work tobe done on the sales team. Many APIs are going to come there and I have to hostlot of APIs in the sales business group or sales APIs. And they have many environments, heavytesting and also whatever is thereason, you are dedicating more course. So if there is no control, then whoever consumes or creates more assets will keep taking the ver consumes So how do you control it? So if this any point platform gives you such controlthat at the creation of the business group itself. As you can see, I only have two vehicles for this lob or business group. As a result, the vehicles will be maxed out while the sets are being built or deployed. Whatever can be assigned will be what is assigned. With the creation of business groups, they see only two, for example, let's say only see two.So they have to arrange or create a place accordingly, right? So two is a small number; I'm just saying, for example, that it depends on the real number of VCOs, okay? Yeah. So even that control can be given. So you're limiting a friend's ability to consume how much level, right? It can be updated as well. It's not a one-time thing, but that control is there. So I hope you understand this, right? I hope you are not confused about the organisation and business groups, as well as what control we can provide at the business group and environment levels. So the next things that pop up in your mind—definitely there will be some questions like whether our assets deployed in one business group are visible in the other group— Say there is an API created in the HR business group. Will it be visible in the finances as well or not? And how do the lobbies know what assets are being implemented by others? OK, they have separate business groups. Everybody is working in their own business group. Okay, but how do we know finance is aware of the existence of an API? Because we said all those things before, okay? They'll be sharing the assets between departments, and they'll reuse them. A lot of reasons should be enforced, emphasized, and all that. Right, so how will we enforce all these things if there are three different business groups? That's another question that may come, right? Another question is how to keep users from poaching assets from other lobbying groups so that they don't play with other teams or lobbying business groups. APS, right? So this is where user management comes into play. Okay? Now, before I jump into the user management, I would like to answer the second question that I was telling you about. How do the laws know that there are as many across different teams? Right? So if you remember, this is the place where any point exchange will come into play, okay? You may have 100 business groups or maybe subbusiness groups that are suburbanizations, but as per the convention and the new operation model, remember, once the API is designed, it has to be published to any PointExchange card and any Point Exchange. It is all guys at the organisational level. The organisational level can be found. Of course, if you want to specifically search for a particular business group, that option is also there. But there is organisation level, such as where the finance team guy can go into the new point exchange and select, "Okay, my organisation name and search for the API." They can tell if there is a present they are looking for right now or if there are any other teams. So any contraction is the place where discoverability will come into play, and even self-service. Okay? Now, in order to prevent users from tampering with other business group assets or to control how assets are displayed in both business groups, access management or user management will be used. Okay? So how do I control the access? So we control access to users based on their roles and permissions, all right? So things like restricting access to the business groups So, in terms of level of control, we can either restrict access for our users to the business group level. Meaning when they log in, theycan only see HR business group. For example, they won't know that OK, there is a separate business group like finance that has that level of control, and once they log in to the business group, you can further control access within the business group at the environment level. Say, okay, an HR team member is logged in, but that user only has access to the sandbox environment in the HR business group. So when they log in, they only see the HRP business group; they won't be seeing other business groups, and within that business group, they will only be able to see the sandbox environment. They won't see the other environments, even if they exist, and even in the sandbox. So, if you want to control further down at the component level for any reason, the reason could be as follows: For the sandbox, the user may have full access, but for the test environment, you want to give only some users read access to logs or audits, but not to control, delete, or add them, so you can further build on the environment at the component level by only allowing access to audit levels. So only to to able access theanalytics part, not the runtime manager propertiesare uploading, the new applications and all. Got it. So such a fun kind of final control is available. So it is possible to control access up to the component level right from the business group on the platform. So you get very feasible access control on the endpoint platform. So let us now jump into a demonstration on this so that we can see and visually understand these parts on the any point platform, like we can do on the endpoint platform. Happy learning. See in the mo.
Hi, let us now have a small demonstration on the organisation structure, how to set it up in the Hippo platform using business groups and creating multiple environments in each business group, as well as controlling access and permissions on the components, business groups, and environments in the platform. Okay, so let us log in to the Any Point Platform. Once we log in to the Endpoint platform, you can access the access management section either from the landing page or from the left side navigation blade, where we have access management under the management center. Okay, so let's move on to this. So one more thing is that, by default, when we log into the endpoint platform and enter into the landing page or, in fact, on any of the pages that you access on the Any Point platform, we will see the organisation or the business group. By default, you logged in on the top right side. On the top banner, on the right-hand side, you will see the organisation or business group. When you click on the particular icon that you see, you will see it as a master, which will help you determine whether it is an organisation or business group. What you see as a master is nothing but the organization. So Master states that it is the top-most business group in the hierarchy. Okay? organisation itself is also considered a business group on the platform. As the platform, the topmost one, the root, is referred to as the master. So here, Udemy (or Udmi) is the organisation name. Okay? So, like we discussed in the previous video, we can now start with the organisation structure. Okay, so now I have my organization. I want to create, say, HR sales and finance. Let's take the same examples that we used in our previous video. So what we need to do is either go and click on the "add business group" button or go and keep creating from the current organisation as well. Either of them does the same thing. So let's say we add the business group. You can now name the business group. I'm going to give it as HR, and we can choose the owners in this case because it's a trail account and I'm the only one operating; you're seeing just my name. So I'm going to add that user as the owner of the business group. And there are a few options you can select to say if the business group can have nested business groups. Okay, say I can create HR, and can I have more business groups under HR? So, when creating the business group, the owner can choose whether or not to allow the creation of additional business groups. So based on that, it will be created. I'll show you one more example. So let's say we check this option for HR Business Group. I'll leave a check and say yes, I'd like to create environments for this business group. Okay, I did that. And the next two options are—remember, I was explaining that we can control the number of courses that are allocated to each business group? In fact, the organisation can allocate a limited or certain number of V courses to a specific business group, right? So, if you recall from the previous video, I explained this. So it's clear that there are two environments here: sandbox and design. It's a great environment. However, the courses we have are sandbox and design. And what it's asking here is: how many V-courses do we want to allocate for this business group? How many types of Sandbox V course would we like to allocate, and how many types of Design V course? So I'm going to say I want to allocate points to the Sandbox V course and the Design V course. Okay? And I'm just going to say "add the business group." Now within a moment, you will see the HR business group added. So now this option of "plus," meaning to add further business groups under HR, is coming because we have checked the option saying yes, this owner can create multiple business groups within the business group. Remember when I was explaining about a checkbox option where I said, "Let me leave it"? Because of that. So let me show you another case. Now I'm going to add another business group, which is finance, and I'm going to select myself again as the owner, and this time I'm going to say no. I don't want to allow the owner to create more business groups, right? Yes, but I want to create multiple environments. So I'm going to leave this. So if you notice keenly because we are already allocated, the organisation has a total of nine sandbox courses and one V course in the design. Out of zero nine already zero two to the HR andalready allocated . 2 Design V goes to the HR business group. So there are a total of two courses in both of these. Again, I'm going to say I want to allocate another two courses to the finance group. I'm going to do that and say yes, add the business group. Now, if you notice that the finance group has been added, you will not see this plus icon. See, you don't see it because while creating we haveopted saying we do not want any further more businessgroups to be created under the business group. That is the reason. Then let's go ahead and create thelast one, our sales business group. The same way, I'm going to leave both options open. I'm going to say that this time I want to give. Three vehicles (3 and 0). Okay, that's it. So this is how we create business groups. So what happens now is that whenever I log in or an organisation administrator logs in now, he or she will be able to see all the business groups that are created under the organization. So the master is visible. And then there is Udmi, Finance, HR, and Udmi Sales. If you see the Udmi under the master, that's because this is the root and first one and is the type of business group that is the organisation itself. And then below that, we see all finance, HR, and sales under Udmy because they are directly under the organization. So let's say if we create one more business group under Sales, then that would be visible under Sales under that name. Whatever we do, I think you get the picture now, right? The idea of how it looks is fine. So now, once we have the business groups, it's very simple to navigate or enter into each business group. We just have to go and say, "If I select Finance, I will enter the Finance Business Group," and all control under this business group will be within this particular group. So, if I go back to the landing page, any point platform, you can navigate to the businessgroup immediately after entering the landing page, and you can switch between them as an organisation administrator. So when we go to the landing page now, it's the same as when we go to AP Manager, then Manager, and so on. It's just that all of these assets and components have been moved to Finance. So, for example, if I open the API manager here under the Finance Business group, we don't see any APIs at the moment. It is empty, right? because it's a newly created business group and we don't have anything because you haven't created anything yet. But let me switch to the master one, which is the organisation one. Okay, here I go. If you look here, we already have an API called Math API. Remember, we created this as part of every first demo to explain API terms, right? So at that time, we had already created an API called Mathapa. But we use the organization's business group. That is why this is under this one. Finance, on the other hand, does not have one. As a result, it is clear that each businessgroup has its own assets that are built and managed. AP managed. It has its own runtimes. Okay? runtime manager and all. The same way, if I go to the Design Center, you see nothing inside the Design Center. We have not created or designed any RAM or any specification yet because we have not created any specification yet, right? Same example. Let me go back to Organization One. And in the organisation one, we see the Math API. Because this is the one we created during the first demo, right? So let's now do one small thing. Let us now go and create one more API in the Finance Business Group as well. So because of the time restrictions, what I will do is just for demonstration sake, right? I will take the same grammar that we have for the Math API. and I'm just going to name it differently there. Okay? So I'm going to copy this. All right. Now I'll just go out of this view. What I'm going to do is go back to the Finance Business Group. Okay? So now what? I'm going to do the same thing, which I'll repeat again. I'll go and create a new API specification, and this time I'm going to name it Math API. I will say "add API. Okay? Add the NUMS API. Okay? Just a few names for demonstration purposes. And I'm going to say, "Create it." Here we are in the API Designer. So I'm going to just paste what I copied before. I'll just remove the title and the duplicate specs. Yeah. So I'll leave everything else as it is. Now I'm going to save this and publish it to the Any point Exchange, I'll give a version number and API version, and I'm going to say publish to Exchange. It's done now. So if we navigate to the Exchange now and see under AllUdemy, under the organization, all the apps you see are both the Add Numeric API as well as the Math API. Whereas this one belongs to the organisation business group, this one belongs to the finance business group. However, if you want to see only what is under the finance business group for whatever reason, you can go ahead and select the finance business group only, and the assets that belong to only this business group will appear in the result. Say you're seeing only Agna, maybe not the other one. So, let's say there are HR and sales ones, and they're also developing different assets, and a finance team member or finance lob wants to discover or look into the APIs developed across the organisation in the Exchange. They should be coming to the All UDM, where they can enter their organisation name and search for the APS, or look at what they have, and they can open and self-serve themselves. They can see what APIs they have. OK, there is a math EPA built by the organisation called Good Me. And then they can go and see what operations they have used that for, and they can try it out by clicking on "try it," putting in the details, and then just hitting "sample send" to get the sample request and response formats. Got it? Right. So this is how different teams can build their assets in their own business groups, then share them through AI Exchange and build APL ad connectivity and a publication architecture. So even the runtimes are affected. If you see the runtime in the finance business group again there, you will not be seeing any running applications because we have not deployed any Mule application yet into this business group. But whereas, if you remember, the same Math API that we saw in the organisation of Odmi was also deployed into the Runtime Manager, So we will be seeing the application running there. Whereas the FinanceBusiness group should not be visible, I'm going to choose the sandbox. If you see there are no applications in the sandbox in Finance Business Group, Now I'll select the Udmy Business Group. I'm going to select Sandbox again. If you see, we already have a MathAPI which is running deployed on 17 June. So what I'm trying to explain here is that once the business groups are created, the structure itself is like a copy of the entire platform for each business group, including Design Center, API Manager, Runtime Manager, even Access Management. Everything is like a copy, and a substructure is formed. A subordination is formed, and they can work individually in isolation because the courses at the organisation level, the licensing, and then how that licencing V course is distributed and allocated are up to the organisational administrator. All right? Now, remember how we talked about the environments? So, if I go back to the Finance Business Group, we now have two environments: sandbox and design, correct? So let's say we want to create one more environment. We can accomplish this by going to Access Management. Once you go to the access management, we can go to the environment. Once the environment space is launched, we have to click on Add Environment and give a name to your environment. I want to say Sid for example, haveto choose the type of the environment. There are three types available here: design, environment, sandbox, and production. Design is any non-produced sandbox or any designed environment. I'm going to choose sandbox because it is not a production type. I'm going to select Sandbox and click Create. All right? So now, if you go back to, say, Runtime Manager or API Manager, again, any of these two things, now you will be seeing your sight environment as well, right? So this is how you control. But as again explained in the previous video, this society is only created under the Finance Group. It won't be available in any other business group. It is not shared. These environments are not shared. say if we go to HR, right? If you click on the environments in this HR business group, you will only see sandbox and design because the asset will scale under the Finance business group, is that clear? So we have seen how the business groups can be created as a natural structure and then, within the business groups, how the assets are created and how they are maintained. And they are not shared there in the same way that isolation is, or they belong to a specific business group, such as APIManager or Runtime Manager, and the only way they can be shared or discovered is through any point exchange and environments. Also, we have seen how to create environments within each business group. Now let's move on to the next thing, which is because I am an organisation administrator now, I am able to very easily switch between all these business groups, right? So how about in reality, where everyone is an organised administrator? And remember, I also told I'll explainhow do we control the access. Now say I want Finance Team members to onlyaccess this UDM by Finance Business Group and HRTwo XR Business Group and Sales Business Group. Right. So how do we control that? So that's very simple. The very first thing an organisation administrator has to do is go to access management. Once you go to Access Management, select the relevant business group. Let's say finance. The first time I'm going to do this as an organised administrator, I'm going to go to the Finance Business group and invite some users to this group. Okay, let's say you go to Users and click on Invite User. You must provide your organisational email address, as well as any additional email addresses you wish to add. I'm going to give mine now to a different user. For now, I'm going to say that this person has audit log views. Why I'm selecting Audit Log Views is Iwant to just show you some examples later. So I'm going to select Audit Log Universe. Okay, fine. Now I'm going to send an invitation. I'll be soon receiving an email, and at any point in time, we can see the pending invites here who have not been added yet but are invitations that were sent. You can see the details here and what roles they have been assigned. Okay, quickly I'll go to my mobile phone and complete the registration process, which won't take much time. All right, so I have received an email from anypoint platform.It's asking me if I was invited to this particular business group. I'm going to click on the link, which I'm doing. You won't be seeing it on the screen, but I'm doing it on my mobile at the moment. I can't record it. I'm sorry. What I'm going to say is that I'm going to join as a new user. I'm referring to myself now as Prasad Finance. I'm going to give my other details and my username as "Presade." Okay. and a password. All right. I'm not a robot. And then accept and create an account in Finance. loading and done. Okay, so now what I'm going to do is, if I refresh this page again, you'll see there are no pending invites anymore. And you see that Presad Finances is now added as a member, right? So I'll quickly log out of this organisational administrator role or a full admin role, where I'm able to see everything. I'm going to sign out, and I'm going to give the user name I have read out to you. And I'm going to put the password I'm going to log in now. Let me refresh it one more time. Okay, maybe it's because of the URL, which belongs to the previous one. Let me properly hit the base URL. Yeah, I think it's loading now. Yeah, see, so now I have logged in as PF. It's sharing personal finance here. And if you click here, it's showing Udmi because that's my organisation name. But the actual business group is Finance. I don't see any other, and it's not a master, obviously. Right. So I should be knowing.Okay, if this is the master, there are other master business groups. Okay. And here I'm seeing manager runtime, manager monitoring, secrets, and all other things. Also, I see all the details. If you see that I'm not seeing the access management or some other particular components because I have very privileged access, I have a very less that's whyI'm not seeing all other things. And if you want to try out and say gointo the Runtime Manager, let's see what it will show. See, now it is showing you do not currently have access to this feature; please contact the administrator. Okay? This is the reason I wanted to pick that auditor—something where there are very minimal privileges. So I can't go to any of this. Even if I go to AP Manager, you are going to see a similar message. All right? So now what I'll do is go back and log in as an organisation administrator, and I will give some extra privileges to this particular user. I'll go to the access management. I'm already in the Finance Business Group. I'm going to select the user's finance. And if you see the roles at present, this user belongs to our AP audit logs. Right? So what I'm going to do now is I'm going to make this user a design administrator, okay? And I'm going to say, "Hide that person. Fine. So there are extra permissions for this particular user now. So if I go and sign out, let us do this quickly. I'll properly refresh the URL this time around. I will enter finance and the password. Yeah. So this time, because I'm a Cloud Hub Administrator, let me try and see if I can access the Runtime Manager now or not. So this is how we control the access and permissions for the user on different business groups and then, under the business group, on different environments and components as well. All right, so one last thing I want to show is the creation of the custom roles. So what you are seeing here are all the default roles that come out of the box for the Anypoint platform. So each one has its purpose, as shown in the description. So let us say we want to create a custom role for our organization. Saying, "I'm just going to name it CTRL for demonstration purposes, and to just make it interesting, I will say sit. Okay? Now that we have the custom sit ready, we can restrict access to it with a custom role. So what you can do is open this role, and how it can be set is, say, you can select a particular environment like Sid, and say, for example, for now I'm going to select, say, view, view, and view. Okay, I'm going to add this. I want to change the description a little bit. a custom role that only allows access to Sit Okay? Yeah, okay, I only helped you. Similarly, I go to runtime manager, select sit again, and then check the boxes for read alerts, read applications, read servers, and manage no. Yeah. and download applications. Okay, I'm going to add this design center. No. I'm not going to give that. No monitoring, no secrets, sid, read secrets, metadata. That's it. No grant of access, nothing. Okay? So now I've created a customer, which is a role that can only access and read on a site environment, correct? So I've closed the loop and granted a specific view only, read-only privileges. Now I can go and add any user under this. So now it's inside us. But already we've granted elevated access to this user. It can be for a new user. So we can go and invite another user again. And while inviting that user some Xyz@gmail.com andsay, this user we are inviting for acustomerless ID and send the invitation. All right, let me refresh that. Maybe deduct it as an invalid email or something. user before, right? Users with invitations can come here. Maybe dejectedly as "invalid email ID," but you get the picture. So this is how we control access, create different custom roles, and restrict permissions under business groups, environments, and components. All right, happy learning.
Hi. In this Part 2 of Access Management, we will look into identity management, client management, connected apps, and audit logging. So without wasting much time, let us move into each of these things. So, the first one is identity management. On the Any Point platform, the identity management is mostly about the users of the platform—who logs in and who accesses the Any Point platform. So it's worried about or concerned about the users of the platform. This could be either the WebViewer users who are accessing the platform via the Any Point platform, the Any Point newspap.com WJ website, or the users accessing the platform via the APIs. Remember, we discussed that there are platform APIs as well, using which we can interact with the platform. Any action we take on the Wi can also be used by the APS. As a result, users who interact in any way, whether directly or through identity management concerns, are subject to idle management. Single sign-on is also supported by identity management. Okay? So anything you keep in the platform, as we saw in the previous video, falls under identity management when we present the credentials and access stuff. And if, say, we do not want Any Point Platform users because in a big organisation there will be multiple applications running, we can enable single sign-on using identity management, which is is SSO. OSo here it can act in two ways. We can configure one external identity provider if you want, or the Any Point platform can itself act as an identity provider. Okay? So it can be both. If you already have an external identity provider, you can integrate with the platform, or you can use Any Point Platform itself as an identity provider. All right. Now, next comes client management. The client management is mostly concerned about the API clients, i.e., the people who are calling the application APIs. So the ones we create and publish in order to exchange and make them available, correct? So whoever requests access, consumes those APIs, and then later, say, presents the credentials as an authtoken, does so when calling our exposed APIs. So those client management related accessing or operationthings will be the client management concerns. Okay? Here also, just like identity management, any point for client management can act itself as a client provider, or we can configure an external client provider. Okay, so you might think, what is the difference between this entity and a client? Both are kind of dealing with authentication and authorization only, right? But there is a fine line, such as when we emphasise and explain that identity management should not be used. APS is to control the users or configure the users who can access the platform. Assume you entered your username and password correctly for Any Point platform, which is anypointmillsoft.com. And there is a username and password section. So whatever credentials you enter there to login—those user credentials—how we control or how we integrate is identity management. Those usernames and passwords could be directly configured in the platform or organization, which may use a large identity provider such as LDAP or Radius, or they will have their own set up, correct? so that users can be a part of it and log in so that they can use the same credentials to log into multiple application organizations, whereas client management is the client Providers are the ones who actually grant you the work tokens for accessing your API, and later, when the request comes, the AP request comes with that token. They are the ones who will authorise whether it is a validated token and whether it is a proper one or not, correct? So that is the client management part. Okay, so this is how client management will come into play, and identity management is for the users. Now in the next slide, let us have a look at the standards that are supported for identity management and client management in the platform and what providers are also supported as of today. Okay, so this is a small chart I have prepared so that it will be a little bit visually appealing and you'll understand it easily. So for identity management, the standards are like Open ID. Connect. All of them are well-known: open ID and Connect. SAML 20 which are popular and the providersare also the popular ones which is salesforceidentity being a salesforce company use it ofcourse support the salesforce identity provider. The pink Federate. Octa is another well-known identity provider for managing users and everything in the organization, and the next one is client management, where the only standard is obviously OAuth 2 dot 0, and the providers are again Web Time Opening, which are the ones that are currently supported. Now here again, as an architect, you may need to give some advice to your customer when choosing these identity providers or client itect, you maSo if they already have one dedicated and don't want to waste money, they should stick with it. That is a different topic, but let's say you are given a recommendation or a question asking for a recommendation to advise which one to go with. Then, if you closely notice, the benefit will come if we choose the providers who are common between identity management and client management, meaning the providers who can act as both an identity provider and a client provider, such as Octa. Ping. Federated. They can act as both client management. client providers and identity providers. They can issue a token of value, and they can manage their faults. So you should have to find that combination. In the future, there may be more supported providers, but as of now, the providers with the pink flags flying, I am a doctor," as you see on the slide in front of you, are supported. So you may have to decide on saying, "Okay, you can go with these three or something like that." Okay, now let's move on to the next one, which is the connected apps feature. OK, so what is this ConnectedApps feature on the platform? So this "connected apps" feature is kind of a feature that enables external applications. In fact, it's not external external. It can be your own custom app you're building, right? I'm not talking about APIs; I'm talking about integrating a custom app, such as a mobile app or a desktop app, with any point platform via open ID. So, it's still not making sense. So what this is say, let megive you a reallife example, okay? So you've probably noticed that recently, all of the major corporations have begun to integrate their operations with WhatsApp or Slack, right? So those kinds of integrations wherein, in WhatsApp itself, let's say if you type, "Even I get my sister banks as well," So if you type in my bank balance" or "I want to see the last statement, last 10-minute statement, the last ten transactions, and all," So on WhatsApp itself, you can, like, request that, choose one of three options, and it will get you the retail price. So it's integrating that app with whatever is on the application on the provider site or bank side. Similarly, Slack has, for example, integration with many tools, like Slack with Confidence, Slack with Zero, and Slack with even Mills after Bamboo, as is your right. So you can be a bucket. So you can from Slack itself say like performance,like merge or in the bit bracket, or ifit's zero, you can assign tickets, comment, you cando a lot of things from Slack itself. So these are all counted as apps. Slack is a concrete app for zero. Okay? What is WhatsApp to those banks? So there's that, because they don't present credentials every time, right? They don't log in each time you press that. So they're connected via the word token mechanism and remain there at all times. Of course, if the user decides or the administrator decides to revoke the access, they can do it and issue a fresh token or fresh connection. But this is a kind of agreed-upon app connectivity between those particular providers and the apps. Okay? So this is also supported in the platformtoday, so that any custom apps or existingapps you want to integrate to the platform. Assume you have a BBB combination and want to integrate a mobile app or a small WhatsApp integration into your platform. So, because you are the operations admin, you can give options and decide or control deploy this or undeploy this, or stop the API manager and make it inactive or delete it, or whatever. Such kind of integrations you can do imaginary thing. Innovation is the only limit. The final topic in this access management part two topic is audit logging. So this is the main thing, right? So as the name clearly says, it's very evident that this audit logging is about checking off or looking at the changes made by any of this combination of users on the platform, be it through WhatsApp or direct login or whatever we discussed so far. At the end of the day, one should know who is doing what, right? So, for example, who is clicking, what action was taken by someone in what organization, in what environment, on what object? So all these things are auditedin this particular alt log section. So this is also not just about the Web UI, okay? Even if someone is using the platform APIs and trying to do the same gender UI, those actions are also logged. Because, like I said before, it doesn't matter to MuleSoft whether it's a Webbar API; whenever there is an action, it will have the same behavior. Okay, so it will be audited the same way. So, what is locked up like any other big product? So the time, when the audit occurred, the product on which the action was taken, what type one or what object the action was taken on, who the user is, who did it, the environment, all of these things are logged in the audit, wherever the payloads are also logged. Okay, so this covers our access management section, both parts one and two. Now, we will also have a short demo on the access management part. Like the previous demo, this won't be so interactive in nature. In the previous game, we saw how to physically create the user's rules, restrict their permissions, and drill down the control level from the business group to the component. For that, it won't be that level because, unfortunately, due to restrictions like not having an identity provider licence or a client provider licence with me, I will not be able to physically create or configure an identity provider or a client provider. But, in the demonstration, I'll show you where we can go to configure it and open the page to see what settings we need to provide. And that should give you proper ideas when you implement a new real estate project. Okay, thank you. Happy learning.
Student Feedback
Download Free Mulesoft MCPA - Level 1 Practice Test Questions, Mulesoft MCPA - Level 1 Exam Dumps
File | Votes | Size | Last Comment |
---|---|---|---|
Mulesoft.examanswers.MCPA - Level 1.v2024-10-29.by.lijuan.24q.vce | 1 | 516.35 KB | |
Mulesoft.Testking.MuleSoft Certified Platform Architect - Level 1.v2020-01-23.by.Gary.27q.vce | 4 | 1.07 MB | Mar 26, 2020 |
Similar Mulesoft Video Courses
Only Registered Members Can Download VCE Files or View Training Courses
Please fill out your email address below in order to Download VCE files or view Training Courses. Registration is Free and Easy - you simply need to provide an email address.
Log into your ExamCollection Account
Please Log In to download VCE file or view Training Course
Only registered Examcollection.com members can download vce files or view training courses.
SPECIAL OFFER: GET 10% OFF
Pass your Exam with ExamCollection's PREMIUM files!
SPECIAL OFFER: GET 10% OFF
Use Discount Code:
MIN10OFF
A confirmation link was sent to your e-mail.
Please check your mailbox for a message from support@examcollection.com and follow the directions.
Download Free Demo of VCE Exam Simulator
Experience Avanset VCE Exam Simulator for yourself.
Simply submit your e-mail address below to get started with our interactive software demo of your free trial.
Add Comments
Feel Free to Post Your Comments About EamCollection's Mulesoft MCPA - Level 1 Certification Video Training Course which Include Mulesoft MCPA - Level 1 Exam Dumps, Practice Test Questions & Answers.