Important
|
Mutual authentication for connectivity between Runtime Fabric and the Anypoint Platform control plane is enabled by default for Runtime Fabric versions 1.6.45 and later. The following instructions to enable mutual authentication apply only to those versions earlier than 1.6.45. |
Mutual authentication improves the security of communication between Runtime Fabric and Anypoint Platform and is highly recommended.
For Runtime Fabric versions earlier than 1.6.45, enable mutual authentication using the Runtime Fabric API. For Runtime Fabric versions 1.3.60 and later, use Runtime Manager to enable it.
Before enabling mutual authentication, verify the following endpoint and port are reachable from all Runtime Fabric controller and worker nodes:
-
US control plane:
-
configuration-resolver.prod.cloudhub.io:443
-
-
EU control plane:
-
configuration-resolver.prod-eu.msap.io:443
-
Failure to meet these requirements before enabling mutual authentication results in errors with creating and managing application deployments on Runtime Fabric.
You can use the latest version of the rtfctl utility to validate that all required endpoints are reachable from each Runtime Fabric controller node:
cd /opt/anypoint/runtimefabric ./rtfctl update ./rtfctl test outbound-network --mutual-tls-check
-
From Runtime Manager, select the appropriate environment and click Runtime Fabrics.
-
Select a Runtime Fabric.
-
For Enable mutual authentication with Anypoint Platform connectivity, set the toggle to On.
From a Runtime Fabric workstation, run the following cURL command:
curl --location --request PATCH 'https://[eu1]anypoint.mulesoft.com/runtimefabric/api/organizations/<ORG-ID>/fabrics/<RUNTIME-FABRIC-ID>' --header 'Content-Type: application/json' --header 'Authorization: Bearer <TOKEN>' --data-raw '{"features": {"enhancedSecurity": true}}'
Replace these placeholders with your unique values:
-
<ORG-ID>
-
<RUNTIME-FABRIC-ID>
-
<TOKEN>