print

Mendix Cloud

What is Mendix Cloud?

Mendix Cloud is the deployment solution through which Mendix provides hosting environments for customers. It is built on top of Amazon Web Services (AWS), available in multiple regions around the globe, and comes with high availability options.

Mendix Cloud is the most optimized cloud for running Mendix applications. It comes standard with deep insights, alerting, high availability, and backup and log management, all of which are self-service available. For more information, see Mendix Cloud Features.

Is Mendix Cloud a Good Fit for Me?

Mendix Cloud was created to provide an easy-to-use, secure, scalable, highly performance, and highly available platform experience. It offers a variety of cloud deployment offerings that enable seamless functioning and scaling of enterprise-grade, business-critical Mendix applications.

The goal is to help enterprises accelerate their digital transformation journeys by providing the best user experience, optimal self-service control, and unmatched speed.

The Mendix Cloud provides a low time to value. Deploying your applications to the Mendix Cloud doesn’t require any upfront investment, expertise, or experience with Cloud deployment.

What Features Does Mendix Cloud Offer?

The Mendix Cloud has a full range of features that make it efficient for managing your application deployments and monitoring your app and database performance. The Mendix Cloud enables you to configure custom domains, backups, alerts, and logs. You can use the fine-grained access controls that are provided, and you can use the rich set of tools for monitoring and live debugging.

The Mendix Cloud is the most optimized and self-service cloud for running Mendix applications. It comes with a rich set of features to ensure that your applications are run with the best possible business continuity and self-control.

The sections below describe the features delivered by the Mendix Cloud.

Seamless platform integration

This feature allows you to deploy a Mendix application with a single click from both the Mendix Developer Portal and Mendix Studio Pro.

Control Center also integrates with Mendix Cloud for governance of your applications deployed on Mendix Cloud.

Permissions management

Fine-grained access management for your Mendix Cloud environments is handled for each of your applications in the Mendix Portal. Each team member can subscribe or unsubscribe to alerts, and the Technical Contact of an application can manage the various permissions of each team member per environment.

The Technical Contact is the first point of contact from Mendix Support about the application. The Technical Contact receives the following alerts about the application:

  • Notifications for platform maintenance from Mendix Support
  • Alerts from the applications when problems arise, such as if the CPU load is high or the application is running out of disk space

High-availability

Mendix applications consist of five components that are critical for application functionality. These all have to be highly available to create a highly available application:

  1. Mendix Runtime
  2. Database
  3. File storage service
  4. HTTPS routing layer
  5. Network

Because Mendix is hosted on Amazon Web Services (AWS), the file storage service, HTTPS routing layer, and network are highly available by default. Mendix provides Premium plans for mission-critical apps, which add high availability for the Mendix Runtime and database, making your app highly available.

The Mendix Runtime supports out-of-the-box horizontal scaling with Premium plans. When you have at least two instances, these will run in different Availability Zones (AZs) giving you a highly available Runtime. You can easily scale your application up or down.

The database comes with a fallback option with Premium plans. This replicates the database of your application in a different AZ within the same cloud region. If an AZ becomes unavailable, your horizontally-scaled instances can use the secondary database.

Mendix Cloud also offers a regional fallback option, available with Premium Plus plans. This replicates the database of your application to a different zone within a different cloud region. With that, you can choose to temporarily move your app to this different region in the case of a full outage of the primary region.

Disaster recovery

Mendix Cloud architecture keeps runtime engines and databases in the same availability zone (AZ) to minimize latency in database operations. It automatically applies failover for the application runtime to a geographically separate AZ if the current AZ fails. New copies of your app will be started automatically in the new AZ. File storage buckets are automatically replicated by AWS across multiple AZs and, with Mendix Fallback options, the database can be replicated to another AZ automatically.

In the rare event that a single runtime engine crashes, other runtime engines that are still running (if your app is horizontally scaled) automatically take over all user requests while the Health Manager replaces the crashed runtime engine with a new runtime engine. Because of the stateless architecture of Mendix, end-users are not impacted in this scenario.

Disaster recovery tests are performed quarterly on the Mendix platform. These tests are reported in our ISAE 3000 Type II report, ISAE 3402 Type II report, SOC 1 Type II report, SOC 2 Type II report, SOC 3 Type II report, ISO/IEC 27001:2013, ISO/IEC 27017:2015, ISO/IEC 27018:2019, NEN 7510-1:2017 certification, and HIPAA assurance letter.

For disaster recovery purposes, Mendix Cloud uses incremental backups with a 15-minute recovery point objective (RPO). Nightly backups are available on a self-service basis. In addition to the automatic backups, it is also possible to trigger a backup manually using the Mendix Portal or API.

Resource management

In the Mendix Cloud, environments are provisioned to allow for staged deployment. You can have as many environments as you need, but Mendix Cloud nodes come with at least two environments (Acceptance and Production), while most of them have three environments (Test, Acceptance, and Production). The Mendix Cloud supports adding further environments to fit with your deployment strategy, including DTAP environment strategies.

Staging and deployment to each of these environments can be automated with the Deploy API so that development teams can set up fully automated CI/CD pipelines for their Mendix apps.

Mendix provides visibility into company cloud environments for Mendix Admins in the Control Center. This includes information on an environment’s resource pack, whether the fallback option is in place, and the cloud location. For administering cloud environments, you can initiate requests to Mendix Support to make modifications to the cloud environments.

Custom domains

When you receive a new Mendix Cloud environment for your application, a URL will be assigned based on the name of your app. In addition to this domain, you can upload an SSL/TLS certificate to configure a secure custom domain.

Backup management

A backup of all data (model, database, and file storage) is made on a daily basis for all of your environments. Backups are stored in secured locations that are geographically dispersed.

Backups are available for restore as follows:

  • Nightly backups – maximum 2 weeks history (counted from the day before the request)
  • Sunday backups – maximum 3 months history (counted from the day before the request)
  • Monthly backups (1st Sunday of each month) – maximum 1-year history (counted from the day before the request)

As part of the Premium and Premium Plus cloud resource packs, Mendix also offers the option to use live data replication in order to enable a fallback environment.

Log management

In the Mendix Cloud, log files are available on a self-service basis. This includes the log files generated by your application so you can troubleshoot. It also includes the access logs generated by the Mendix Cloud infrastructure, which will provide you with detailed insight into all the requests that are made to your application.

Monitoring

The Mendix Portal provides all the necessary metrics for you to analyze the performance of your application. This is not limited to insights into memory or CPU utilization, as it is even possible to see metrics on the actual model execution. This allows you to respond more quickly to a specific performance bottleneck and optimize your application more easily.

Alerting

To be proactive and ensure business continuity, Mendix Cloud sends alerts for all the critical metrics of your application, like CPU, memory, and disk. These alerts will keep you informed of your app’s health on an ongoing basis.

For advanced monitoring requirements, Mendix provides deep integration with major third-party Application Performance Monitoring tools, such as DataDog, New Relic, Dynatrace, AppDynamics, and Splunk. This allows customers to not only monitor system/application level metrics, but link these to business metrics, enabling customers to monitor applications in the context of business goals and SLAs.

Live debugging

If you need to perform a root cause analysis on a running application and the issue only occurs in when running your app on the Mendix Cloud, it is possible to connect Mendix Studio Pro to any environment and perform live debugging.

APIs

All management actions, such as stopping, starting, deploying, and configuring your application and accessing the logs and backups, can all be performed through the Mendix Portal, as well as through APIs. The APIs allow you to extend and customize your deployment process in external pipeline tools, such as Jenkins, GitLab, or Azure DevOps.

Webhooks

To further automate the deployment running in the Mendix Cloud, Mendix offers webhooks for these applications. These webhooks can be triggered for different events, such as a commit to your application’s repository or a deployment package upload. Once triggered, it will send a notification to any external system from where you can start your deployment process, such as Jenkins, GitLab, or Azure DevOps.

The Mendix Cloud also provides webhooks for alert events, allowing you to extend and customize your incident management in external tools, such as Jira or PagerDuty.

How is the Data in the Mendix Cloud Managed?

Application data is stored in the region where your application is running. This includes data in your database and file documents stored in your file storage.

Backups are always stored in at least one secondary location, separate from the primary hosting location. Each individual backup is immutable; in other words, once it has been written to Mendix’s storage location, it can no longer be modified or overwritten.

Wherever possible, we replicate the backups to another region in the same country as the primary region. In cases where this isn’t possible, for example, where AWS only provides one region, we will replicate the backups to a region in another country. This replication location is selected based on data exchange agreements between the two countries and proximity.

For applications with regional fallback, Mendix replicates the data in the database and the file documents on the file storage to the fallback region in real time. This allows Mendix to switch your application to the fallback region quickly in case of an outage of the primary region.

How Can I Connect Securely to External Systems From Mendix Cloud?

The best practice for setting up a secure connection between the Mendix Cloud and your on-premises solution is by using a reverse-proxy with client-server certificates. This allows you to set up a peer-to-peer connection between your application in the cloud and the on-premises solution.

To connect to your service from the Mendix Cloud, the service can be exposed on an external IP address and port. This can be firewalled to only allow the Mendix Cloud to connect to it.

TLS with client certificate validation adds the requirement that services being used validate the identity of your Mendix application, including encryption in transit using TLS.

Mendix Cloud doesn’t support accessing your on-premises services using a VPN. If peer-to-peer integration is not possible because of corporate policies, you can also use Mendix Cloud Dedicated.

What Does the Mendix Cloud Architecture Look Like?

Mendix Cloud is a PaaS-based cloud architecture using Cloud Foundry running on top of AWS. A Mendix application runs within fully isolated containers, consuming platform-as-a-service (PaaS) services like databases and storage.

For each region, Mendix Cloud architecture is set up with high availability and divided into multi-availability zones. This means there is a fully reliable offering for disaster recovery.

How Are My Apps & Data Secured in the Mendix Cloud?

Security controls for the Mendix Cloud include various levels of encryption, transport layer security (TLS), access restrictions, protection from malicious and unwanted internet traffic, and node settings and permissions. The sections below describe these security controls in detail.

Access management

Users with the Technical Contact role can manage all the settings in the cloud node and can edit the privileges of regular development team members with the view, deploy, and monitor permissions. Other team members are restricted in what they can manage.

A cloud node always has only one Technical Contact (while any number of team members can have view, deploy, and monitor permissions). Only the Technical Contact or the Mendix Admin can give the Technical Contact user role to another team member (after this, the new user has the Technical Contact role, and the old user does not).

Node permissions provide fine-grained access control to the management of your application. The Technical Contact of an application can manage the various permissions of each team member per environment:

  • Manage Permissions. The Technical Contact can delegate permission management to other users, allowing them to grant permissions to other users. The permissions they can grant are limited to the permissions the granting user has themselves.
  • Transport Rights. With transport rights, you can deploy new versions of the application to the node, create new deployment packages, stop and start the environment, and change configuration settings such as constants and scheduled events.
  • Access to Backups. This permission grants access to the backups of the environment. You can view, create, download, and restore a backup.
  • Access to Monitoring. Team members with Access to Monitoring permissions can view the application metrics, logs, and alerts. This allows them to successfully operate Mendix Cloud environments.
  • Receive Alerts. When the option to receive alerts is turned on in the Mendi Portal, the user can subscribe to notifications when an alert is triggered. Alerts are triggered when the application goes offline unexpectedly, if the app logs a critical-level message, if a health check fails, or if various infrastructure problems occur.
  • API Rights. Team members with API Rights permissions can use the Mendix Cloud APIs to get programmatic access to the environment.

Encryption

Mendix offers encryption for data at rest and in transit for app environments out of the box. For more encryption control, Mendix supports the encryption of specific columns within application databases and makes it possible to encrypt uploaded files.

The Mendix Runtime that is running in a container is accessed via a load-balanced routing layer of clustered Nginx web servers that routes traffic to the relevant app environment, whereby the web server is responsible for the TLS connections. In addition, all common access and security services from the IaaS provider are used for the traffic that goes to their infrastructure. The TLS connection, starting from the browser, terminates at the web server service on the load-balanced routing layer. This ensures that data is encrypted end to end so other app environments cannot intercept any data from the target app environment.

Isolation and containment

Within the Mendix Cloud, the logical term “environment” is used to describe the application isolation. Each application runs in an environment and is fully separated from other apps for computing, memory, and storage.

A Mendix app runs on one or more Mendix Runtime Engine instances within the environment (where the environment is dedicated to a single application). Also, for each application, a dedicated database and S3 bucket are provisioned to ensure full isolation on the data level.

A Mendix Cloud node is a grouping of virtual and autonomous instances of the Mendix Runtime that is dedicated to your company. A Mendix Cloud node includes a minimum of two environments (acceptance and production), each running in their own app environment. You can expand this to have as many environments as you need.

Each app environment also includes firewall, web server, and database services. Mendix Cloud is based on containerization. The purpose of an app container is to contain the behavior and consumption of an environment while shielding other environments (and apps) from each other.

Mendix Cloud uses containers designed to run applications and dependencies in isolation. Containers consist of two layers: a read-only layer with an operating system root file system and a non-persistent read/write layer for Mendix applications and dependencies.

Databases and files are also logically contained within the Mendix Cloud. A database for a Mendix application is hosted on a separate instance of PostgreSQL, and this specific instance only allows traffic from this specific Mendix application.

As each app environment has its own dedicated web server and firewall services, Mendix supports customization at an app environment-level through the Mendix Portal without affecting other app environments. For example, the customization of request handlers for a specific app environment is not compromised by the demands and desires of other Mendix customers.

The app environment setup allows all instances of the same application to operate identically but independently. Because the app environments are fully standardized, Mendix optimizes the combination of OS, integration software, and virtualization software while implementing the highest possible degree of security and performance. Furthermore, Mendix offers encryption for data at rest for app environments out of the box.

Firewall

All Mendix apps hosted in the Mendix Cloud are protected by an AWS Web Application Firewall (WAF).

WAF is a security service that protects your applications from malicious and unwanted internet traffic without modifying your application code. WAF addresses various attack categories, including many high-risk and commonly occurring vulnerabilities described in OWASP publications such as OWASP Top 10. These include the following:

  • Cross-site scripting
  • HTTP protocol violations
  • Bots, crawlers, and scanners
  • HTTP Denial of Service
  • Server-side request forgery
  • Local File inclusion
  • Log4j remote code execution

DDoS

All Mendix apps hosted in the Mendix Cloud are behind AWS Shield Advanced and are defended against the most common and frequently occurring network and transport layer DDoS attacks. In addition to this protection, Mendix Cloud has extra detection and mitigation of large and sophisticated DDoS attacks, near real-time visibility of DDoS attacks, and 247 access to the AWS DDoS Response Team.

Physical security controls

Mendix Cloud is hosted in industry-leading data centers, which are reviewed bi-annually for compliance by Mendix’s certified Information Security Officers. All the data centers possess third-party certifications and/or third-party assurance reports, such as ISO/IEC 27001:2013, SOC 2, and PCI-DSS.

Penetration testing

An independent auditing firm periodically performs security audits of Mendix, which are reported through our ISO/IEC 27001, ISO/IEC 27017, 27018, and NEN 7510 certificate, PCI DSS Level 1 Service Provider Attestation of Compliance, ISAE 3000 Type II attestation report, ISAE 3402 Type II attestation report, SOC 1 Type II attestation report, SOC 2 Type II attestation report, SOC 3 Type II attestation report, and HIPAA assurance letter.

In addition, a leading IT security firm performs monthly penetration tests on the Mendix platform. These tests are based on the Open Web Application Security Project (OWASP), Information Systems Security Assessment Framework (ISSAF), and Open Source Security Testing Methodology Manual (OSSTMM).

For vulnerability management, a program is in place for continuous monitoring of the security posture of the Mendix Platform. Before a release is shipped, the release is scanned by Snyk, Veracode, and SonarQube.

Hardening

The Mendix Security team has an established hardening security baseline based on international standards like SANS and CIS. This is audited by our independent third-party auditors and results in our annual published ISAE 3402 Type II report, SOC 1 Type II report, SOC 2 Type II report, SOC 3 Type II report, PCI DSS Level 1 Service Provider Attestation of Compliance, ISO/IEC 27001:2013, ISO/IEC 27017:2015, ISO/IEC 27018:2019, NEN 7510-1:2017 certification, and HIPAA assurance letter.

Access restrictions

Within the Mendix Cloud, it is possible to restrict access for incoming requests using multiple controls. By configuring access restrictions, you have fine-grained control over the external access to your application.

Restricting access within the Mendix Cloud is configured by access restriction profiles. An access restriction profile can contain any number of IPv4 and IPv6 address ranges, or a client certificate authority, or both. This ensures that an app is only accessible from another specific machine or location (like your office).

Audit logging

Mendix applies extensive logging throughout the application lifecycle. Logging is done not only on actions performed by the Mendix Runtime but also on activities during an application’s design, development, and deployment. Accordingly, there is a full audit trail of all the relevant activities in an app, as well as who executed them and when they were executed.

Which Aspects of Deployment Does Mendix Cloud Manage for Me?

The Mendix Cloud is a fully managed deployment option. That means that Mendix takes care of setting up, maintaining, and troubleshooting the infrastructure. This allows our customers to focus on application development.

[legal_table title=”Mendix Cloud”]

For applications running in the Mendix Cloud, Mendix guarantees an average availability of 99.5% up to 99.95%, depending on your plan.

Mendix provides an RPO of up to 15 minutes and an RTO of up to 15 minutes.

When approved by the user, Mendix Support can access the graphs and activity logs of a Mendix Cloud application. For troubleshooting customer tickets, Mendix Support uses this data to assist users more effectively. This is only done with the customer’s consent to comply with specific data privacy laws.

In addition, Mendix Support utilizes their experience to advise on app cloud resource pack sizing, performance tuning, app optimization, and more.

FAQ

  • What Mendix Cloud Regions Are Available?

    Mendix Cloud is available in the following regions:

    • Australia (Sydney)
    • Bahrain
    • Brazil (São Paulo)
    • Canada (Montreal)
    • EU (Frankfurt, Germany)
    • EU (Dublin, Ireland)
    • India (Mumbai)
    • Indonesia (Jakarta)
    • Japan (Osaka, Tokyo)
    • Singapore (Singapore)
    • South Africa (Cape Town)
    • South Korea (Seoul)
    • UAE
    • UK (London)
    • US East (North Virginia)
    • US West (Oregon)

    New applications can be placed in any of the available regions. Mendix adds new regions based on customer demand.

  • Can I Have My Own Mendix Cloud Region?

    Yes, you can. Mendix Cloud provides a specific edition that offers a customer-specific Mendix Cloud instance. This edition is called Mendix Cloud Dedicated.

    For more information, see the Mendix Cloud Dedicated page.

  • Can I Run Applications for the US Government in the Mendix Cloud?

    Mendix Cloud for Government is Platform as a Service offering that meets the rigorous security and compliance standards set by the Federal Risk and Authorization Management Program (FedRAMP) Moderate Impact Level.

    For more information, see the Mendix Cloud for Government page.