Pass the Salesforce MuleSoft MuleSoft-Integration-Architect-I Questions and answers with Dumpstech

Explanation

Security Assertion Markup Language (SAML) is an open standard that allows identity providers (IdP) to pass authorization credentials to service providers (SP).

SAML transactions use Extensible Markup Language (XML) for standardized communications between the identity provider and service providers.

SAML is the link between the authentication of a user’s identity and the authorization to use a service.

WS-Security is the key extension that supports many authentication models including: basic username/password credentials, SAML, OAuth and more.

A common way that SOAP API’s are authenticated is via SAML Single Sign On (SSO). SAML works by facilitating the exchange of authentication and authorization credentials across applications. However, there is no specification that describes how to add SAML to REST web services. 

Reference : https://www.oasis-open.org/committees/download.php/16768/wss-v1.1-spec-os-SAMLTokenProfile.pdf

To track the entire lifecycle of each request across different microservices, the DevOps team should consider adopting tracing. Distributed tracing allows teams to follow a request as it travels through the various microservices, providing visibility into how long each part of the request lifecycle takes and where any bottlenecks or failures occur. Tools like Zipkin, Jaeger, and AWS X-Ray are commonly used for this purpose. Tracing complements metrics and logging by providing detailed insights into the interactions and dependencies between services.

Explanation

As the Anypoint Platform organization administrator, you can configure identity management in Anypoint Platform to set up users for single sign-on (SSO).

Configure identity management using one of the following single sign-on standards:

1) OpenID Connect: End user identity verification by an authorization server including SSO

2) SAML 2.0: Web-based authorization including cross-domain SSO

Explanation

Before we answer this question , we need to understand what median (50th percentile) and 80th percentile means. If the 50th percentile (median) of a response time is 500ms that means that 50% of my transactions are either as fast or faster than 500ms.

If the 90th percentile of the same transaction is at 1000ms it means that 90% are as fast or faster and only 10% are slower. Now as per upstream SLA , 99th percentile is 800 ms which means 99% of the incoming requests should have response time less than or equal to 800 ms. But as per one of the backend API , their 95th percentile is 1000 ms which means that backend API will take 1000 ms or less than that for 95% of. requests. As there are three API invocation from upstream API , we can not conclude a timeout that can be set to meet the desired SLA as backend SLA's do not support it.

Let see why other answers are not correct.

1) Do not set a timeout --> This can potentially violate SLA's of upstream API

2) Set a timeout of 100 ms; ---> This will not work as backend API has 100 ms as median meaning only 50% requests will be answered in this time and we will get timeout for 50% of the requests. Important thing to note here is, All APIs need to be executed sequentially, so if you get timeout in first API, there is no use of going to second and third API. As a service provider you wouldn't want to keep 50% of your consumers dissatisfied. So not the best option to go with.

*To quote an example: Let's assume you have built an API to update customer contact details.

- First API is fetching customer number based on login credentials

- Second API is fetching Info in 1 table and returning unique key

- Third API, using unique key provided in second API as primary key, updating remaining details

* Now consider, if API times out in first API and can't fetch customer number, in this case, it's useless to call API 2 and 3 and that is why question mentions specifically that all APIs need to be executed sequentially.

3) Set a timeout of 50 ms --> Again not possible due to the same reason as above Hence correct answer is No timeout is possible to meet the upstream API's desired SLA; a different SLA must be negotiated with the first downstream API or invoke an alternative API

Explanation

Correct answer is using below set of activities Until Successful component ActiveMQ long retry Queue ActiveMQ Dead Letter Queue for manual processing We will see why this is correct answer but before that lets understand few of the concepts which we need to know. Until Successful Scope The Until Successful scope processes messages through its processors until the entire operation succeeds. Until Successful repeatedly retries to process a message that is attempting to complete an activity such as: - Dispatching to outbound endpoints, for example, when calling a remote web service that may have availability issues. - Executing a component method, for example, when executing on a Spring bean that may depend on unreliable resources. - A sub-flow execution, to keep re-executing several actions until they all succeed, - Any other message processor execution, to allow more complex scenarios. How this will help requirement : Using Until Successful Scope we can retry sending the order to backend systems in case of error to avoid manual processing later. Retry values can be configured in Until Successful Scope Apache ActiveMQ It is an open source message broker written in Java together with a full Java Message Service client ActiveMQ has the ability to deliver messages with delays thanks to its scheduler. This functionality is the base for the broker redelivery plug-in. The redelivery plug-in can intercept dead letter processing and reschedule the failing messages for redelivery. Rather than being delivered to a DLQ, a failing message is scheduled to go to the tail of the original queue and redelivered to a message consumer. How this will help requirement : If backend application is down for a longer duration where Until Successful Scope wont work, then we can make use of ActiveMQ long retry Queue. The redelivery plug-in can intercept dead letter processing and reschedule the failing messages for redelivery. Mule Reference: https://docs.mulesoft.com/mule-runtime/4.3/migration-core-until-successful

SOAP API specifications are provided as WSDL. Design center doesn't provide the functionality to create WSDL file. Hence WSDL needs to be created using XML editor

Explanation

Correct answer is Federated Identity Management As the Anypoint Platform organization administrator, you can configure identity management in Anypoint Platform to set up users for single sign-on (SSO). Configure identity management using one of the following single sign-on standards: OpenID Connect: End user identity verification by an authorization server including SSO SAML 2.0: Web-based authorization including cross-domain SSO Where as Client Management is where Anypoint Platform acts as a client provider by default, but you can also configure external client providers to authorize client applications. As an API owner, you can apply an OAuth 2.0 policy to authorize client applications that try to access your API. You need an OAuth 2.0 provider to use an OAuth 2.0 policy

To convey the necessary non-functional requirement (NFR) related to protecting backend services from a high rate of requests according to SLAs, the following steps should be taken:

Create a Shared RAML Fragment: Develop a RAML fragment that defines the NFR, including the SLAs for different subscription levels ("Gold", "Silver", "Platinum"). This fragment should include the details on rate limiting and throttling based on the new parameter added to the Accounts object.

Update API Specifications: Integrate the shared RAML fragment into each API specification. This ensures that the NFR is consistently applied across all relevant APIs.

Publish to Exchange: Publish the updated API specifications and the shared RAML fragment to Anypoint Exchange. This makes the NFR visible and accessible to all stakeholders and developers, ensuring compliance and implementation consistency.

This approach ensures that the NFR is clearly communicated and applied uniformly across all API implementations.

References

MuleSoft Documentation on RAML and API Specifications

Best Practices for API Design and Documentation

Explanation

* Setting a transaction timeout for the Bitronix transaction manager

● Set the transaction timeout either

– In wrapper.conf

– In CloudHub in the Properties tab of the Mule application deployment

● The default is 60 secs. It is defined as

mule.bitronix.transactiontimeout = 120

* This property defines the timeout for each transaction created for this manager.

If the transaction has not terminated before the timeout expires it will be automatically rolled back.

---------------------------------------------------------------------------------------------------------------------

Additional Info around Transaction Management:

Bitronix is available as the XA transaction manager for Mule applications

● To use Bitronix, declare it as a global configuration element in the Mule application

● Each Mule runtime can have only one instance of a Bitronix transaction manager, which is shared by all Mule applications

● For customer-hosted deployments, define the XA transaction manager in a Mule domain

– Then share this global element among all Mule applications in the Mule runtime

Graphical user interface, table Description automatically generated with medium confidence

To address the reliability and scalability issues faced by the insurance provider, adding a load balancer and configuring additional servers in a cluster configuration is the optimal solution. Here's why:

Load Balancing: Implementing a load balancer will help distribute incoming API requests evenly across multiple servers. This prevents any single server from becoming a bottleneck, thereby improving the overall performance and reliability of the system.

Cluster Configuration: By setting up a cluster configuration, you ensure that multiple servers work together as a single unit. This provides several benefits:

High Availability: If one server goes down, the load balancer can redirect traffic to other available servers in the cluster, minimizing downtime.

Scalability: Additional servers can be added to the cluster to handle increased load as the business grows.

Fault Tolerance: Clustering allows for automatic failover and recovery, ensuring that applications remain available even if one server fails.

Maintenance: With a cluster configuration, servers can be taken offline for maintenance one at a time without affecting the overall availability of the applications, as the load balancer can redirect traffic to the remaining servers.

VM Queues and Object Stores: In a clustered environment, the use of VM queues and object stores can be more efficiently managed as these resources are distributed across multiple servers, reducing the risk of contention and improving throughput.

MuleSoft Documentation on Clustering: https://docs.mulesoft.com/mule-runtime/4.3/clustering

Best Practices for Scaling Mule Applications: https://blogs.mulesoft.com/dev/mule-dev/mule-4-scaling-applications/