Agentforce: The New AI Wave

Last month, I attended Dreamforce 2024, the world’s largest software conference, in San Francisco. This massive annual event is always a great learning experience. Dreamforce’s 2024 key announcement was a New AI Era with Agentforce.

Agentforce is synonymous with AI Agent. As I explained in my previous blog about AI agents, I will explain Agentforce in the context of Salesforce/MuleSoft.

The study found that 90% of businesses say that their industry has become more competitive in the last three years, and 48% say it has become much more competitive. This led to decreased margins, force to more productivity, and transformed businesses to remain relevant in the market for any industry.

So the question is, how do we close this gap and become relevant to the market for any industry?

We started the AI journey with Predictive analytics as the first wave of AI. Next, we move into the Generative AI wave. Now we are next inflection point as Agentforce or AI agent. So AI Agent is waiting for us to ultimately close this gap and of course, the way that we’re going to do this is to get more time back, more productivity, and have more business growth with AI agents.

agentforce

So here are a few queries, I am trying to explain

What is Agentforce?

The newest Salesforce tool allows customers to build and customize autonomous agents to scale their workforce. It is a UX for customers to leverage with their data sources to deliver more human-like interactions.

How does Agentforce help customers achieve business goals?

Agentforce gives companies a 24/7 agent to engage on their behalf to resolve sales, service, and marketing-related.

topics including customer service cases and prospect engagement.

With Agentforce, companies can drive productivity to deliver higher profitability, while building stronger customer relationships.

How does MuleSoft enhance Agentforce?

Salesforce primarily focuses on the front end “human assistant” type of agents with the Agentforce UX, while MuleSoft primarily focuses on back-end domain expert agents who manage domain complexity (inventory, payroll.) and power other prompts or agents.

MuleSoft expands the actionability of the Agentforce agent by providing API actions and other domain assets for

broader context to the role, knowledge, actions, guardrails, and channel.

How are customers accessing data for Agentforce?

The Agentforce messaging encourages customers to use Data Cloud to bring in their data and ground Agentforce. To add MuleSoft into this conversation, leverage our value prop for MuleSoft + Data Cloud; where MuleSoft accelerates value against four use cases (on-premises, transactional, unstructured, activation):

On-premise data: MuleSoft can run locally and stream data to Data Cloud, giving Agentforce additional context for improved grounding and better decision making.

Transactional data: Transactional systems will want queuing, error handling, and delivery controls for ingestion

— functionality MuleSoft can easily deliver so that Agentforce agents aren’t slowed down.

Unstructured data: MuleSoft offers pre-built accelerators for unstructured data ingestion to Google Drive,

Confluence, and SharePoint as well as OCR for images. Agentforce agents can have immediate access to data

from scanned images like government identification.

Activation: Use MuleSoft to respond to data events in Data Cloud and drive action in real time to any downstream system for full circle updates.

What is the agent use cases that MuleSoft supports?

● Service Agents: Agentforce needs contextual data from external systems in order to deflect cases faster

● Sales Agents: MuleSoft can upload, and share leads from and with partners without compromising data integrity, securely with your governance rules. Near real-time synchronization with external systems ensures that Agentforce can engage with prospects starting at the moment leads come in.

● Commerce Agents: Setting up and managing storefronts requires data from external systems including product information, inventory levels, and pending vendor shipments. MuleSoft connects to external systems for near real-time updates so Agentforce can respond with accurate information.

● Employee Service Agents (Workday): Automating onboarding and provisioning for new hires requires data from external systems, and in some cases is unstructured data found in pdf, jpg, and png files like scanned government I.D.s and manually filled out forms. MuleSoft’s Intelligent Document Processing makes it easier to upload unstructured data so that you can share it faster with Agentforce.

How is Agentforce different from the MuleSoft AI Chain (MAC) Project?

MAC Project mainly targets a technical person, i.e. MuleSoft users and developers. With the MAC Project, customers can create powerful agents, fully composed in the MuleSoft Anypoint Platform and benefit from its End-to-End Lifecycle Governance and Management capabilities. With API Management, you can sprinkle it on top of LLM specific policies, to further implement the security aspects when interacting with LLMs. MAC Project is an open source project, which is currently being productized. Agentforce is more for non-technical users who wants to build powerful agents directly in Salesforce. It is fully integrated into every Salesforce Cloud and provides out-of-the-box integration to the Salesforce ecosystem.

Zero Trust API Security Architect

The cybersecurity threat landscape has changed dramatically in the last couple of years. Every day new kinds of threats are coming and impacting the organization’s business. Infosec/Security teams have always had challenges with this new threat to find the root cause and mitigate these risks.

To mitigate and overcome these constant/real-time threats and risks, the security fraternity introduces Zero Trust Architecture (ZTA) Or Zero Trust Strategy (ZTS).  ZTA is not a product or application, but it is a concept and practice to mitigate any risk for your organization.

What is ZTA/ZTS?

Zero Trust is an information security model that denies access to applications and data by default. Threat prevention is achieved by continuously validating for security configuration and posture before being granted or keeping access to applications and data across users and their associated devices. All entities are untrusted by default; least privilege access is enforced; and comprehensive security monitoring is implemented.

Here are the basic properties for ZTA/ZTS

  • Default deny
  • Access by policy only
  • For data, workloads, users, devices
  • Least privilege access
  • Security monitoring
  • Risk-based verification

How API implement ZTA/ZTS?

API Security focuses on strategies and solutions to understand and mitigate the unique vulnerabilities and security risks of Application Programming Interfaces (APIs). In API security we establish certain rules and processes to mitigate security risks.  These rules and processes are around Zero trust architecture or strategy. Here are a few basic strategies in API security to implement ZTA.

  1. All API communications are secured regardless of network location – This risk can be mitigated by ensuring all communication happens over an encrypted communication channel (TLS) and implementing a proper Cross-Origin Resource Sharing (CORS) policy. The endpoint for API needs to be exposed through the HTTPS protocol.
  2. All API endpoints are authenticated regardless of their environments (Prod, QA, Dev) — By default, all APIs need to be authenticated and authorized using username/password, JSON Web Token (JWT), OAuth, OpenID Connect, or third-party services.
  3. All API resources are protected and restricted to all users by default — Running multiple versions of an API requires additional management resources from the API provider and expands the attack surface. As per ZTA, make sure all API versions and their resources are restricted if it is not used by the user. Always validate and properly sanitize data received from integrated APIs before using it.
  4. Access to API resources is determined by dynamic policy including the client identity, application/service, and the requesting asset – Any API requires resources such as network bandwidth, CPU, memory, and storage. It is easy to exploit these resources by simple API calls or multiple concurrent requests. According to Zero Trust Architect, all APIs must implement API policies like:
    • Client identity (ClientID/Client-Secret)
    • Execution timeouts (Rate limiting)
    • Maximum allowable memory
    • Maximum number of file descriptors
    • Maximum number of processes
    • Maximum upload file size
  5. Implement or configure API monitoring posture and API Alert system — API monitoring helps identify and resolve performance issues as well as security vulnerability issues before they negatively impact users, which can impact user experience. The alert system notifies the operation team to mitigate risk quickly.
  6. Continuous API security risk assessments – Continuous risk assessments help the Infosec/Security team identify any security risk gap. By conducting the security risk assessments, organizations establish a baseline of cybersecurity measurements, and such baselines could be referenced to or compared against future results to improve overall cyber posture and resiliency further and demonstrate progress. A Free Security assessments tool VAT is available to mitigate any security risk for your organization.

https://www.vanrish.com/secassessment/

Organizations that have adopted the Zero Trust API model, see trust as fundamental to creating a positive, low-friction work culture for their clients and empowering the organization at all levels. Many of our Vanrish Technology clients, we worked with have many of the technologies in place that can be leveraged toward full Zero Trust architect model adoption.

API Security

Modern-day APIs are the building block for integration and application for any organization. Every day organizations are using APIs to unlock new features and enable innovation. From banks, retail, and transportation to IoT, autonomous vehicles, and smart cities, APIs are a critical part of modern mobile, SaaS, and web applications and can be found in customer-facing, partner-facing, and internal applications.

Organizations are exposing sensitive data, such as Personally Identifiable Information (PII) through APIs, and because of this have increasingly become a target for attackers. Due to this organizations are concerned about their API security & compliance. API Security focuses on strategies and solutions to understand and mitigate the unique vulnerabilities and security risks of Application Programming Interfaces (APIs). According to the Open Web Application Security Project (OWASP) 2023, these API threats are categorized into 10 different categories

  1. Broken Object Level Authorization (BOLA) – Object-level authorization is an access control mechanism that is usually implemented at the code level to validate that a user can only access the objects that they should have permission to access.
    Comparing the user ID of the current session (e.g. by extracting it from the JWT token) with the vulnerable ID parameter isn’t a sufficient solution to solve Broken Object Level Authorization (BOLA).

    For example, any API providing a listing of all school revenue based on the school’s name of any county could be a security threat like this API endpoint: /county/{schoolName}/revenues.
    Hacker simply manipulates {schoolName} in the above endpoint’s school name to get all revenue details for all schools.

    To mitigate this risk Use the authorization mechanism to check if the logged-in user has access to perform the requested action on the record in every function that uses an input from the client to access a record in the database.
  2. Broken Authentication – API authentication is very vulnerable and an easy target for attackers. Attackers can gain complete control of other users’ accounts in the system, read their personal data, and perform sensitive actions on their behalf.

    API authentication flow and process need to be well protected and “Forgot password / reset password” should be treated the same way as authentication mechanisms. Make sure you know all possible flows to authentication to API (Mobile/Web/any link) and it gets well protected with authentication.
  3. Broken Object Property Level Authorization – When authorizing a user to access an object using an API endpoint, It is very important to validate that the user has permission to access the specific or all object properties.
    An API endpoint is considered as vulnerable if :
    • The API endpoint exposes properties of an object that are considered sensitive and should not be read by the user.
    • The API endpoint allows a user to change, add/or delete the value of a sensitive object’s property which the user should not be able to access.

      When you are exposing any API endpoint, always make sure that the user has access to the object’s properties you expose and avoid using any generic methods like to_json() and to_string().
  4. Unrestricted Resource Consumption – Enabling any API request, requires resources such as network bandwidth, CPU, memory, and storage. These resources have limited bandwidth and money associated with these resources.

    It is easy to exploit these resources by simple API calls or multiple concurrent requests. An API is vulnerable if at least one of the following limits is missing or set inappropriately.
    • Execution timeouts
    • Maximum allowable memory
    • Maximum number of file descriptors
    • Maximum number of processes
    • Maximum upload file size
    • Number of operations to perform in a single API client request (e.g. GraphQL batching)
    • Number of records per page to return in a single request-response
    • Third-party service providers’ spending limit
  5. Broken Function Level Authorization If any of the administrative API flows like delete, update, or create expose to unauthorized users it will be an easily vulnerable API endpoint. The best way to find broken function level authorization issues is to perform a deep analysis of the authorization mechanism while keeping in mind the user hierarchy, different roles or groups in the application, and asking the following questions:
    • Can a regular user access the administrative endpoint?
    • Can a user perform sensitive actions (e.g. creation, modification, or deletion) that they should not have access to by simply changing the HTTP method (e.g. from GET to DELETE)?
    • Can a user from Group X access a function that should be exposed only to users from Group Y, by simply guessing the endpoint URL and parameters?

      To mitigate this risk, the enforcement mechanism(s) must deny all access by default, requiring explicit grants to specific roles for access to every function.
  6. Unrestricted Access to Sensitive Business Flows — When you create an API endpoint some endpoints are more sensitive and critical than others. It is very important to understand which API endpoint and business flow you are exposing to the customer. Any restricted business flow exposed to clients can harm your business. In general, technical impact is not very severe but business impact might hurt your company’s credibility.

    For example, if your company offers a discount for one customer 20% and another customer 30% through API, if the first customer knows this discount variation, it will impact the credibility of the company as well as revenue loss.
    The mitigation planning should be done in two layers:
    • Business – identify the business flows that might harm the business if they are excessively used.
    • Engineering – choose the right protection mechanisms to mitigate the business risk.
  7. Server-Side Request Forgery – Server-Side Request Forgery (SSRF) vulnerability occurs when you are consuming remote APIs and resources without validating the remote endpoint or user-supplied URL. SSRF enables attackers to force the application to send formatted requests to an unknown destination even if protected by a firewall. Successful exploitation might lead to internal services enumeration (e.g. port scanning), information disclosure, bypassing firewalls, or other security mechanisms.

    The SSRF risk cannot be eliminated but you can mitigate these risks by isolating the resource fetching mechanism in your network, accepting media types for a given functionality, disabling HTTP redirections, Validating and sanitizing all client-supplied input data, and Using a well-tested and maintained URL parser to avoid issues caused by URL parsing inconsistencies.
  8. Security Misconfiguration — Security Misconfiguration vulnerability occurs when the latest patches are missing on the server or systems are outdated, Transport Layer Security (TLS) is missing, A Cross-Origin Resource Sharing (CORS) policy is missing, Error messages include stack traces or expose other sensitive information. Attackers often attempt to find unpatched flaws, common endpoints, services running with insecure default configurations, or unprotected files and directories to gain unauthorized access or knowledge of the system. These Security misconfigurations not only expose sensitive user data but also system details that can lead to full server compromise.

    Security misconfiguration risk can be mitigated by a repeating hardening process leading to fast and easy deployment, ensuring all communication happens over an encrypted communication channel (TLS), and implementing a proper Cross-Origin Resource Sharing (CORS) policy.
  9. Improper Inventory Management — It is important for organizations not only to have a good understanding and visibility of their own APIs and API endpoints but also how the APIs are storing or sharing data with external third parties. Multiple versions of APIs need to be properly managed, secure, patched and well-documented. Hackers usually get unauthorized access through old API versions or endpoints left running unpatched and using weaker security. requirements.
    Improper Inventory Management security vulnerability can be mitigated by documenting all hosted APIs for all environments (Prod or Non-Prod), Generating documentation automatically by adopting open standards and avoiding using production data with non-production API deployments.
  10. Unsafe Consumption of APIs — Unsafe Consumption of APIs vulnerability occurs when your developers tend to adopt weaker security standards, for instance, in regard to input validation, sanitization, URL redirections and not implementing timeouts for interactions with third-party services.
    This vulnerability can be mitigated by implementing proper data validation, and schema validation. Ensuring all API interaction happens on secured communication channels like TLS. Maintain an allowlist of well-known locations integrated APIs may redirect yours to do not blindly follow redirects.

Why Airlines Need Digital Transformation

When the Wright brothers flew their first plane they never imagined that after 100 years this industry will be one of the biggest and most complex. Initially Airlines were a part of luxury transportation but nowadays it is a necessity for most. Every day thousands of airplanes are flying and millions of passengers are reaching their destination.

To streamline the whole process, all departments of airlines should work synchronously and efficiently. There are a lot of variables involved to execute one task efficiently with a very little margin for error. The airline industry is the best example of machines and humans working together in harmony, which allows tasks to be completed quickly and accurately without any errors. The Airline’s biggest challenge is finding ways to reduce costs while still providing quality service.

Airline industries need to put forward the best process in place in order to remain competitive and profitable. All processes, including, operational structure, route network, fleet size, and pricing strategy need to be digitized and transparent to compete against their competitors and continue to be cost-effective.

Successful Adoption of Digital Transformation is the key to success to Airlines business.

Digital transformation allows Airlines to enable data efficiently and securely. It also helps in reducing the cost of operation and increases the efficiency.

Here are few area where Digital Transformation is helping Airlines to work efficiently and cost-effective .

Market & Partner Data – The Covid pandemic was a big disruption for the Airline market. Tracking and monitoring real-time Covid data after the pandemic is very important in managing your operation efficiently. Airlines work with their partner to get Market Data, Events, Weather, Traveler In-Flux, Reviews, and External Traveler Information for their operation. Integration with partner data is very important to get contextual insights for airlines.

Travel  Data – To run the airline industry efficiently their passenger System of Record needs to integrate efficiently. Those system are not limited to  Passenger service system (PSS),Computer reservation system ( CRS), Global distribution system (GDS), Enterprise Resource Planning (ERP), Traveler Profile, Fare, Schedule, Availability, Preferences, Assets, and Distribution with Offers & Orders (NDC).

Intent & Sentiment Data – Social Media Platform is one of the invaluable tools for airlines to stay ahead of their competitors. By leveraging Sentiment & Intent Behavior analysis on social media platforms, airlines can better understand passenger preferences and tailor services accordingly. This helps the Airlines build customer loyalty and increase profits over time.

Customer & Services Data – Managing historical customer and service data help airlines to get their customer sentiment and preference. These data includes Demographic and Identity Data, Profile, Cases Contact Center History, and Service Interactions data. This data helps airlines to understand passenger preference and provide better service. 

Marketing & Loyalty – Digital Transformation combining predictive analytics and human-centric design to create a more personalized experience to drive growth in loyalty, satisfaction and incremental revenue. It also helps in marketing to track Campaign Metrics, Digital Footprint, Experiential Targeting, Audience Segmentation, Digital Marketplace. 

Devices & Location Data – Airlines operation depends on IoT Sensor Data, Telemetry, Mobile, Voice, Geolocation, Location-Based data. This Intelligence based data is revolutionizing procurement through real time decision making. Allow the operational team to know the exact location of goods at any given time.

These are the big impact of digital transformation in airlines industries

  • Quicker time to market
  • Smooth Transitioning
  • Enhanced Business Agility
  • Reduce cost
  • Innovate and drive operational excellence   

ChatGPT: A Intro & Company Use-Case

The internet is full of buzz about the new AI based chatbot, chatGPT. ChatGPT reminds me of the early days of  google, how google came and changed our internet search forever. We were using lycos search engine but google gave a new definition of search engine. Similarly I am seeing chatGPT is trying to define our search which is based on AI and AI models. It is coming as a new disruptive technology. Suddenly google is looking like old school.

Generative Pretrained Transformer 3 (GPT-3)  from OpenAI, is the main component for Jasper.ai and other cloud based content writing, chatbot and machine learning applications. GPT-3 was first publicly released by OpenAI on June 11, 2020.  GPT-3 is based on the concept of natural language processing (NLP) tasks and “generative pretraining”, which involves predicting the next token in a context of up to 2,048 tokens. 

GPT-3 is based on Large language models (LLMs). Large language models (LLMs) are AI tools that can read, summarize, and translate text. They can predict words and craft sentences that reflect how humans write and speak.Three popular and powerful large language models include Microsoft ’s Turing NLG, DeepMind’s Gopher, and OpenAI ’s GPT-3.

ChatGPT was first publicly released by OpenAI on November 30, 2022 based on the GPT-3 framework. Initially developed as part of the GPT-3 research program, ChatGPT was built on top of the powerful GPT-3.5 language model to specifically address natural language processing tasks that involve customer service chat interactions.

OpenAI’s Chat GPT3 has demonstrated the capability of performing professional tasks such as writing software code and preparing legal documents. It has also shown a remarkable ability to automate some of the skills of highly compensated knowledge workers in general. ChatGPT has immense potential for ecommerce customer experience automation. ChatGPT allows customers to personalized shopping and fully automated 24 x 7 customer service on-demand.

In spite of chatGPT buzzwords, ability to content writing and customer service on-demand, I am little careful to use this technology for my business. I tested a few use-cases in chatGPT. It is working fine with some simple use-case and problem solving. But as soon as I added a few more variables to my problem, the chatGPT response was not correct.

Here is screenshot from ChatGPT for my problem and solution from chatGPT

The problem shown above chatGPT directly calculated from equation and response came as 5 min.

In chatGPT’s response it is not calculating a person’s waiting time in the queue. 

So from above question right answer would be

Average Waiting Time = Average Processing Time x Utilization / (1-Utilization).

Average Waiting Time = 5 x (5/6) / (1 – 5/6) = 25 minutes

So, the correct answer is 25 minutes waiting in line. If we add the 5 minutes at the kiosk, we obtain a total of 30 minutes.

So from the above issue, I would like to highlight a few points if your company is trying to implement any ChatGPT solution.

  1. Does the ChatGPT AI model is configured based on your company use case?
  2. Do you have enough historical data to run and test AI based chatGPT LLM models?
  3. ChatGPT runs on the big model like LLM model. Big models incur a big cost, and LLM are expensive.
  4. Since ChatGPT runs on a big model (LLM), ChatGPT  needs to overcome performance constraints.

Keep an eye out for GPT-4, which may be released as early as the first half of 2023. This next generation of GPT may be better at their results and more realistic. 

Recession: Impact in Software as a Service(SaaS) 

Global uncertainties continue to dominate headlines. Inflation is expected to reach the highest levels of ~3.5% in the US and Europe by the end of 2023. To ease inflation, Central Banks need to dampen demand, by making it expensive (for financial institutions, businesses and households) to borrow by increasing Federal Reserve interest rates . We are expecting a federal rate hike of 4.75% – 5.0% by the end of 2023. These are all data showing we are heading toward recession. The US labor market was robust last quarter but this quarter it is not very promising. Everyday we are hearing layoff news from different sectors.

IMF inflation forecast

These inflation and layoff news are impacting our tech market. Many companies have a growth challenge: They expect to get as much as 50 percent of their revenue from new businesses and products by 2026 but are not on a path that will take them there. Current economic conditions are forcing high-growth yet unprofitable tech startups to tighten their financial belts.

There are few realities, software companies are facing for their growth.

US-based Venture capitalists backed software startups slowed down – VC are very clear of high valuation and demanding that companies spend less, improve profit margin and high output. Unicorn creation also slowed in 2022 Q4. This is one of the lowest quarterly count since the first quarter of 2020.

Depressed company valuations – Private company valuations are cooling down. Over the last 4 quarters, we have seen public valuations compressing.

 Software companies have three critical revenue streams.

  1. License / Subscription Revenue – When the customer pays for the right to own and use a copy of the software/hardware product or subscribe/access  software platform
  2. software or hardware product – Customer pays for ongoing support or premium support.
  3. Cloud based licensed software – Customer pays the software provider for specific deliverables such as software implementation or technical training.

In the current world all these 3 revenue streams are shrinking. Companies are using only essential services to run their business. This is directly impacting software revenue, which is leading these companies into low valuation.

Infrastructure Maintenance –  SaaS companies are providing the software as a service. This means the customer does not have to purchase hardware to run the software—that cost is transferred to the SaaS provider. This is implying continuous software running coast. This cost is not going anywhere.So due to inflation this SaaS running cost increases tremendously.

Recession: Industry Impact

Recession prospect is certainly very scary. World over economies are contracting. The recession has had a significant impact on the global economy, leading to decreased GDP growth and an uncertain future for many industries. The IMF cut its forecast of global GDP for the year to 2.7% and for the US GDP growth forecast is 1.4% .China and India are key players for the world’s supply-chain requirement. Post COVID pandemic China is still struggling to provide supply-chain needs to the world and India is still in process to build supply-chain needs. Escalating Russia-Ukraine war and geopolitical tension is disrupting the world’s supply-chain. 

Due to all these issues,Inflation is very high across the world. The inflation rate depends on the balance between aggregate supply and aggregate demand within the economy. US inflation consumer prices rose 7% approx. in December 2022 from a year ago. Inflation driving up vendor price beyond budget expectation. The US Federal Reserve is increasing interest rates in the most aggressive way to curb this inflation. 

No industry is completely insulated from a recession, there are always opportunities within even the most impacted industries. The Impact of recession  is not equal for all kinds of industries. Most impacted industries are directly proportional to consumer sentiment, consumer basic requirement and consumer spending. Least impacted industries are not directly proportion to user sentiment and it is also supported by external system.

Here is worldwide recession industry impact index

In the above chart, most impact industries are consumer, consumer services and transportation. After COVID-19 this industry is cautiously optimistic about the return of travel and tourism. But  inflation and a volatile market are pulling these industries down. Loyalty programs are weakening between brand and customer. Recession industry impact index is average 8.5/10 approx. Hospitality and Airlines industries are trying to optimize their process to mitigate their risk. They are cutting routes, reducing flights, and, in some cases, shutting down offices to help reduce expenditures.

Retail and Manufacturing industries and also getting impacted with current inflation and escalating geopolitical tension. Clearly the industry has experienced unprecedented supply chain pressures and disruptions over the past two years; Global disruptions – such as the Russia / Ukraine war – continue to impact manufacturing supply chains, thereby increasing costs and delays. Recession industry impact index for this industry is 7.5/10 approx. Retail and Manufacturing industries are working on omni-channel commerce platforms, optimized operations, and omni-channel order orchestration and fulfillment to mitigate their risk. They are reducing overhead cost and going for digital.

The Federal/Central Government is the most recession proof industry. It needs to make ongoing investment to keep the country running. Critical infrastructure management, border, customs and immigration management are key activities the government can not ignore and reduce investment. Even in COVID-19 pandemic time influx of federal funding and ample emergency funds put state and local entities in recession-ready shape. Recession industry impact index for this industry is 1/10 approx.

Mule 4: Ease Your Integration Challenges

Much awaited Mulesoft 4 was officially announced in Mulesoft Connect 2018 in San Jose. When Mulesoft was born, it was really to create software that helps to interact systems or source of information quickly within or outside company. So the speed is an incredibly important thing over the years to develop and interact within systems. Need of speed for application and development hasn’t change drastically over the years but needs and requirement of customer’s application have changed. The integration landscape has also magnified. There are hundreds of new systems and sources of information to connect to, with more and more integration requirements. This integration landscape gets very messy and very quickly.

            Mule 4 provides a simplified language, simplified runtime engine and ultimately reduces management complexity.  It helps customers, developers to deliver application faster. Mule4 is really radically simplified development. It is providing new tool to simplify your development, deployment and management of your integration/API. It is also providing a platform to reuse Mule component without affecting existing application for faster development. Mule 4 is evolution of Mule3. You will not seem lost in Mule 4, if you are coming from Mule3. But Mule 4 implements fewer concepts and steps to simplify whole development/integration process. Mule 4 has now java skill is optional. In this release Mulesoft is improving tool and making error reporting more robust and platform independent.

Now let’s go one by one with all these new Mule4 features.

1. Simplified Event Processing and Messaging — Mule event is immutable, so every change to an instance of a Mule event results in the creation of a new instance. It contains the core information processed by the runtime. It travels through components inside your Mule app following the configured application logic. A Mule event is generated when a trigger (such as an HTTP request or a change to a database or file) reaches the Event source of a flow. This trigger could be an external event triggered by a resource that might be external to the Mule app.

Mule 4 Event flow

2. New Event and Message structure — Mule 4 includes a simplified Mule message model in which each Mule event has a message and variables associated with it. A Mule message is composed of a payload and its attributes (metadata, such as file size). Variables hold arbitrary user information such as operation results, auxiliary values, and so on.

Mule 4 message

Mules 4 do not have Inbound, Outbound and Attachment properties like  Mule 3. In mule 4 all information are saved in variables and attributes. Attributes in Mule 4 replace inbound properties. Attributes can be easily accessed through expressions.

 These are advantages to use Attributes in Mule 4.

  • They are strongly typed, so you can easily see what data is available.
  • They can easily be stored in variables that you can access throughout your flow
Example :
#[attributes.uriParams.jobnumber]

Outbound properties — Mule 4 has no concept for outbound properties like in Mule 3. So you can set status code response or header information in Mule 4 through Dataweave expression without introducing any side effects in the main flow.

Example:

 
<ee:transform xsi:schemaLocation="http://www.mulesoft.org/schema/mule/ee/core
 http://www.mulesoft.org/schema/mule/ee/core/current/mule-ee.xsd">
       <ee:message>
         <ee:set-payload>
           <![CDATA[
                %dw 2.0
                output application/json
                 ---
                 {message: "Bad request"}]]>
           </ee:set-payload>
         </ee:message>
    <ee:variables>
       <ee:set-variable variableName="httpStatus">400</ee:set-variable>
    </ee:variables>
  </ee:transform>

Session Properties –In Mule 4 Session properties are no longer exist. Data store in variables are passes along with  different flow.

3. Seamless data access & streaming – Mule 4 has fewer concepts and steps. Now every steps and task of  java language knowledge is optional. Mule 4 is not only leveraging DataWeave as a transformation language, but expression language as well. For example in Mule 3  XML/CSV data need to be converted into java object to parse or reroute them. Mule 4 gives the ability to parse or reroute through Dataweave expression without converting into java. These steps simplify your implementation without using java.

Mule 4 Data Access

4. Dataweave 2.0 — Mule 4 introduces DataWeave as the default expression language replacing Mule Expression Language (MEL) with a scripting and transformation engine. It is combined with the built-in streaming capabilities; this change simplifies many common tasks. Mule 4 simplifies data iteration. DataWeave knows how to iterate a json array. You don’t even need to specify it is json. No need to use <json:json-to-object-transformer /> to convert data into java object.

Mule 4 vs Mule 3 flow comparison

Here are few points about Dataweave 2.0

  • Simpler syntax to learn
  • Human readable descriptions of all data types
  • Applies complex routing/filter rules.
  • Easy access to payload data without the need for transformation.
  • Performs any kind of data transformation, normalization, grouping, joins, pivoting and filtering.

5. Repeatable Streaming – Mule 4 introduces repeatable streams as its default framework for handling streams. To understand the changes introduced in Mule 4, it is necessary to understand how Mule3 data streams are consumed

Mule 3 data streaming examples

In above three different Mule 3 flows, once stream data is consumed by one node it is empty stream for 2nd node. So in the above first example, in order to log the stream payload , the logger has to consume the entire stream of data from HTTP connector. This means that the full content will be loaded into memory. So if the content is too big and you’re loading into memory, there is a good chance the application might run out of memory.

So Mule 4 repeatable streams enable you to

  • Read a stream more than once
  • Have concurrent access to the stream.
  • Random Access
  • Streams of bytes or streams of objects

As a component consumes the stream, Mule saves its content into a temporary buffer. The runtime then feeds the component from the temporary buffer, ensuring that each component receives the full stream, regardless of how much of the stream was already consumed by any prior component

Here are few points, how repeatable streams works in Mule 4

  • Payload is read into memory as it is consumed
  • If payload stream buffer size is > 512K (default) then it will be persisted to disk.
  • Payload stream buffer size can be increased or decreased by configuration to optimize performance
  • Any stream can be read at any random position, by any random thread concurrently

6. Error Handling — In Mule 4 error handling has been changed significantly. Now In mule 4 you can discover errors at design time with visual interface. You no need to deal with java exception directly and it is easy to discover error while you are building flow. Every flow listed all possible exception which potential arises during execution.

Mule 4 Error Handling

Now errors that occur in Mule fall into two categories

  • Messaging errors
  • System errors

  Messaging errors — Mule throws a messaging error (a Mule error) whenever a problem occurs within a flow. To handle Mule errors, you can set up On Error components inside the scope-like Error Handler component. By default, any unhandled errors are logged and propagated.

System errors — Mule throws a system error when an exception occurs at the system level . If no Mule Event is involved, the errors are handled by a system error handler.

Try catch Scope — Mule 4 introduces a new try scope that you can use within a flow to do error handling of just inner components/connectors. This try scope also supports transactions and in this way it is replacing Old Mule 3 transaction scope.

Mule 4 A new try catch block

7. Class Loader Isolation — Class loader separates application completely from Mule runtime and connector runtime. So, library file changes (jar version) do not affect your application. This  also gives flexibility to your application to run any Spring version without worry about Mulesoft spring version. Connectors are distributed outside the runtime as well, making it possible to get connector enhancements and fixes without having to upgrade the runtime or vice versa

In above pic showing that every component in any application have their own class loader and running independently on own class loader.

8. Runtime Engine — Mule 4 engine is new reactive and non-blocking engine. In Mule 4 non-blocking flow always on, so no processing strategy in flow. One best feature of Mule 4 engine is, It is self-tuning runtime engine. So what does this mean? If Mule 4 engine is processing your applications on 3 different thread pools, So runtime knows  which application should be executed by each thread pool. So operation put in corresponding thread pool based on high intensive CPU processing or light intensive CPU processing or I/O operation. Then 3 pools are dynamic resizing automatically to execute application through self-tuning.


Mule 4 : Self tuning run time engine

So now self-tuning creates custom thread pools based on specific tasks. Mule 4 engine makes it possible to achieve optimal performance without having to do manual tuning steps.

Conclusion

Overall Mule 4 is trying to make application development easy, fast and robust. There are more features included in Mule 4 which I will try to cover in my next blog. I will also try to cover more in depth info in above topic of Mule 4. Please keep tuning for my next blog.