Boomi Molecule on the AWS Cloud

Quick Start deployment guide

QS

October 2020
Boomi Quick Start team
Andrew Glenn, AWS Integration & Automation team

See the GitHub repository to view source files, report bugs, submit feature ideas, and post feedback about this Quick Start. To comment on the documentation, refer to Feedback.

This Quick Start was created by Boomi in collaboration with Amazon Web Services (AWS). Quick Starts are automated reference deployments that help people deploy popular technologies on AWS according to AWS best practices.

Overview

This Quick Start deploys Boomi Molecule on the AWS Cloud. If you are unfamiliar with AWS Quick Starts, refer to the AWS Quick Start General Information Guide.

This Quick Start is for users who want an integration platform as a service (iPaaS) that can be hosted on AWS. This Quick Start deploys a Boomi Molecule cluster on AWS that you administer through Boomi AtomSphere.

Costs and licenses

This deployment requires a Boomi Molecule Enterprise license.

There is no cost to use this Quick Start, but you will be billed for any AWS services or resources that this Quick Start deploys. For more information, refer to the AWS Quick Start General Information Guide.

Architecture

Deploying this Quick Start with default parameters builds the following Molecule environment in the AWS Cloud.

Architecture
Figure 1. Quick Start architecture for Molecule on AWS

As shown in Figure 1, this Quick Start sets up the following:

  • A highly available architecture that spans three Availability Zones.*

  • A virtual private cloud (VPC) configured with public and private subnets according to AWS best practices, to provide you with your own virtual network on AWS.*

  • In the public subnets:

    • Managed network address translation (NAT) gateways to allow outbound internet access for resources in the private subnets.*

    • A Linux bastion host in an Auto Scaling group to allow inbound Secure Shell (SSH) access to Amazon Elastic Compute Cloud (Amazon EC2) instances in public and private subnets, with Amazon CloudWatch for monitoring.*

  • A Network Load Balancer to route traffic to the Kubernetes pods in the private subnets.

  • In the private subnets:

    • Boomi Kubernetes Molecule deployed to Kubernetes nodes in an Auto Scaling group.

    • Amazon Elastic File System (Amazon EFS) mount points.

  • Amazon Elastic Kubernetes Service (Amazon EKS) to provide the Kubernetes control plane.

* The template that deploys this Quick Start into an existing VPC skips the components marked by asterisks and prompts you for your existing VPC configuration.

Deployment options

This Quick Start provides the following deployment options:

  • Deploy Molecule into a new VPC. This option builds a new AWS environment consisting of the VPC, subnets, NAT gateways, security groups, bastion hosts, and other infrastructure components. It then deploys Boomi Molecule into this new VPC.

  • Deploy Molecule into an existing VPC. This option provisions Boomi Molecule in your existing AWS infrastructure.

This Quick Start provides separate templates for these options. It also lets you configure Classless Inter-Domain Routing (CIDR) blocks, instance types, and Molecule settings.

Authentication

In addition to the two deployment options, there is one authentication option:

  • Deploy with authorized account ID, username, and password (not MFA compatible).

To create an installation token, refer to Creating an Installation Token later in this guide or contact your administrator.

Predeployment steps

Prepare your Boomi account

Ensure that your Boomi account has at least one available Enterprise Molecule license and that you have a valid Boomi account ID and login credentials.

If you deploy Amazon EKS into an existing VPC, ensure that your VPC has private subnets in different Availability Zones for the workload instances. The subnets require egress internet access using a NAT gateway or an HTTP proxy. If you want to use the Kubernetes integration with Elastic Load Balancing, you must tag each private subnet with kubernetes.io/role/internal-elb=true and each public subnet with kubernetes.io/role/elb=true.

Deployment steps

  1. Sign in to your AWS account, and launch this Quick Start, as described under Deployment options. The AWS CloudFormation console opens with a prepopulated template. Deployment takes about 1 hour to complete.

  2. Ensure that you set the correct AWS Region, and choose Next.

  3. On the Create stack page, keep the default setting for the template URL, and then choose Next.

  4. On the Specify stack details page, change the stack name if needed. Review the parameters for the template. Provide values for the parameters that require input. For all other parameters, review the default settings and customize them as necessary. When you finish reviewing and customizing the parameters, choose Next.

    Unless you are customizing the Quick Start templates for your own projects, don’t change the default settings for the following Amazon Simple Storage Service (Amazon S3) parameters: Quick Start S3 bucket name, Quick Start S3 bucket Region, and Quick Start S3 key prefix. Changing these settings automatically updates code references to point to a new Quick Start location. For more information, refer to the AWS Quick Start Contributor’s Guide.

  5. On the Configure stack options page, you can specify tags (key-value pairs) for resources in your stack and set advanced options. When you finish, choose Next.

  6. On the Review page, review and confirm the template settings. Under Capabilities, select the two check boxes to acknowledge that the template creates IAM resources that might require the ability to automatically expand macros.

  7. Choose Create stack to deploy the stack.

  8. Monitor the stack’s status, and when the status is CREATE_COMPLETE, the Boomi Molecule deployment is ready.

  9. To view the created resources, choose the Outputs tab.

Postdeployment steps

Test the deployment

To view the Molecule in Boomi AtomSphere, log in to your Boomi account. On the Manage menu, choose Atom Management.

image
Figure 2. Boomi Dashboard with an unattached AWS-managed Molecule Cluster

You can attach Molecules to any environment you have staged and deploy workloads to that Molecule cluster. On the Boomi dashboard, your deployed Molecule is under Unattached Atoms. For more information, refer to Attaching an Atom to or detaching an Atom from an environment.

Security

This Quick Start deploys a Boomi Molecule EKS cluster into the private subnets of an AWS managed VPC. It cannot be reached through the internet. The cluster communicates through a NAT gateway in the public subnet for updates and patches, and through a public-facing Network Load Balancer to Boomi AtomSphere. You can only access the cluster at a command-line level through the bastion host in the public subnet.

Performance monitoring

Monitoring the CPU, network, and Amazon Elastic Block Store (Amazon EBS) performance of your cluster is done through CloudWatch metrics. CPU and network performance are measured in utilization, network in and out, network packets in and out, and system status checks. Amazon EBS volume performance is measured in read and write throughput, average read and write size, read and write bandwidth, read and write latency, and volume idle time. Amazon EFS reports metrics to CloudWatch and can be monitored there. Metrics include client connections, data read and data write bytes, and I/O percent limits.

Creating an installation token

Administrators can create an installation token without having to share login credentials for an Atom/Molecule installation.

  1. On the Manage menu, choose Atom Management.

  2. Choose New, Molecule.

  3. On the Build page, choose the Welcome tab.

  4. Under the Create heading, choose Molecule.

  5. Choose Security Options.

  6. For Token Valid for, select the length of time the token is valid (30 minutes to 24 hours).

  7. Click Generate Token.

image
Figure 3. Molecule Setup

Creating an API token

Administrators can create a long-lived API token without having to share Boomi login credentials.

  1. On the Settings menu, choose Account Information and Setup.

  2. Choose the AtomSphere API Tokens tab.

  3. Choose Add New Token.

  1. Enter a unique name for the token.

image
Figure 4. New AtomSphere API Token

  1. Choose Generate Token.

  2. Choose Copy to copy the token string to the clipboard without exiting. When you are ready to exit, click Copy to Clipboard & Close to copy the token string and exit the dialog.

image
Figure 5. Copying the token string
Copy the token key value to a secure location. It is recommended that you treat tokens with the same level of security as you would a password. If you lose it, you will have to generate a new token and revoke the old one.

Additional information

Bastion host, pod autoscaling, and node autoscaling

The Amazon EKS Quick Start deploys the following:

  • A virtual bastion host for an administrator to run Kubectl commands against the Kubernetes cluster.

  • Kubernetes horizontal pod autoscaling with target CPU utilization of 60%. This automatically scales pods if average pod utilization exceeds 60%.

  • Three nodes in the Auto Scaling group (the maximum capacity). To automatically scale the nodes, we need to increase the maximum capacity values.

Upgrade Boomi Molecule Docker image

To upgrade the Boomi Molecule image, complete the following steps.

  1. Log in to the bastion host.

  2. Run the following Kubectl command.

    kubectl get statefulset -n eks-boomi-molecule -o yaml > statefulset.yaml

  3. Edit statefulset.yaml and update the Boomi Molecule image.

  4. Run the following Kubectl command. This will invoke a rolling restart of the StatefulSet.

    kubectl apply -f statefulset.yaml -n eks-boomi-molecule

Apply SSL certificate to the load balancers

Follow the instructions in this section to add listeners to the Application Load Balancer and Network Load Balancer.

Application Load Balancer

  1. Add an HTTPS listener for your Application Load Balancer.

    1. For Protocol : port, select HTTPS.

    2. For Default actions, select Forward to, then select the target group.

  2. Add an inbound rule to the security group attached to the Application Load Balancer.

    1. For rule Type, choose HTTP.

    2. For rule Source, choose Anywhere-IPv4. This automatically adds a rule for the 0.0.0.0/0 IPv4 CIDR block.

  3. Add a new A record to your domain in Amazon Route 53.

  4. Edit the record name.

  5. Route traffic to the Application Load Balancer.

Network Load Balancer

  1. Create a listener for your Network Load Balancer.

    1. For Protocol : port, select TLS.

    2. For Default actions, select Forward to, then select the target group.

  2. Add a new A record to your domain in Amazon Route 53.

  3. Edit the record name.

  4. Route traffic to the Network Load Balancer.

Troubleshooting

For troubleshooting common Quick Start issues, refer to the AWS Quick Start General Information Guide and Troubleshooting CloudFormation.

After you successfully deploy a Quick Start, confirm that your resources and services are updated and configured—including any required patches—to meet your security and other needs. For more information, refer to the Shared Responsibility Model.

Feedback

To submit feature ideas and report bugs, use the Issues section of the GitHub repository for this Quick Start. To submit code, refer to the Quick Start Contributor’s Guide. For all other feedback, use the following GitHub links:

Notices

This document is provided for informational purposes only. It represents current AWS product offerings and practices as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of AWS products or services, each of which is provided “as is” without warranty of any kind, whether expressed or implied. This document does not create any warranties, representations, contractual commitments, conditions, or assurances from AWS, its affiliates, suppliers, or licensors. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers.

The software included with this paper is licensed under the Apache License, version 2.0 (the "License"). You may not use this file except in compliance with the License. A copy of the License is located at http://aws.amazon.com/apache2.0/ or in the accompanying "license" file. This code is distributed on an "as is" basis, without warranties or conditions of any kind, either expressed or implied. See the License for specific language governing permissions and limitations.