Production Deployment Checklist

Given below is a checklist that will guide you to set up your production environment for WSO2 API-M.

Guideline Details
Security hardening

Guidelines for hardening the security of a WSO2 deployment in a production environment can be discussed under three high-level categories:

  • Product-level security
  • OS-level security
  • Network-level security

By default, WSO2 products identify the hostname of the current machine through the Java API. However, it is recommended to configure the hostname by setting the hostname parameter in the deployment.toml file.
Related links
Registry and governance

The API-M runtime uses a database registry for persistent storage of configurations. It is recommended to switch to a database like Oracle, MySQL, or MSSQL.

Note that the default setup does not include database backup procedures. The production setup should obviously need to have regular database backup procedures configured.

The Micro Integrator runtime uses a file-based registry instead of a database.

Performance Tuning

Most of the performance tuning recommendations are common to all WSO2 products. However, each WSO2 product may have additional guidelines for optimizing the performance of product-specific features.

  • Performance Tuning - WSO2 API-M runtime
  • Performance tuning - WSO2 Micro Integrator

The following ports must be accessed when operating within a firewall:

API-M Ports
  • 9443 - Used by the management console and services that use the servlet transport.
  • 9763 - Used by the services that use servlet transport.
  • 9999 - Used for JMX monitoring.
  • 8280 - Default HTTP port used by ESB for proxy services.
  • 8243 - Default HTTPS port used by ESB for proxy services.
Micro Integrator Ports
  • 8290 - Default HTTP port used by the Micro Integrator for proxy services and APIs.
  • 8253 - Default HTTPS port used by the Micro Integrator for proxy services and APIs.
  • 9164 - Default HTTPS port used by the Micro Integrator Management APIs.
Proxy servers If the runtime is hosted behind a proxy such as ApacheHTTPD, you can configure the runtime to use the proxy server. See the following topics for instructions:
High availability

Configure your deployment with high availability. Refer the recommended deployment patterns and select an option that fits your requirements.

In the cloud native deployment, high availability should be achieved via the container orchestration system (Kubernetes).

Data backup and archiving Implement a backup and recovery strategy for your system.