• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Oracle SOA - Api management cvc
 

Oracle SOA - Api management cvc

on

  • 160 views

Oracle SOA - Api management cvc

Oracle SOA - Api management cvc

Statistics

Views

Total Views
160
Views on SlideShare
160
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Oracle SOA - Api management cvc Oracle SOA - Api management cvc Presentation Transcript

    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.1
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.2 API Management Tim E. Hall VP, Product Management September 6th, 2013
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.3 Program Agenda §  Overview of API Management §  What are the components of current solution?
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.4 Current Trends: Integration Everywhere How to address the growing number of touch points & reduce complexity? On-premise Applications Siebel, PeopleSoft, JDE, SAP… Devices and Sensors RFID, Smart Meter, Location-based Cloud Applications Taleo, RightNow, Fusion CRM, 3rd Party Business Process Outsourcing Non-core competencies Mobile Clients Tablets, Smart Phones Transactions Enterprise Integration B2B APIs EventsData Services Processes
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.5 What to Offer? API or Mobile App? Offering? Mobile App: Closed Consumption API: Open Consumption
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.6 “Integration Everywhere” OnStar §  SOA Suite §  BPEL, Rules & WSIF for SMS messaging Choice Hotels §  SOA Suite §  Service-enable 25 year old reservation system Sabre §  Oracle Enterprise Repository §  Developer Community Management for APIs SFpark §  Oracle Service Bus §  Data collection and message protocol conversation Integration Everywhere – Mobile & APIs Customer Examples
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.7 What to Offer? API or Mobile App? § Offering Services § Mobile App? § API? § Hybrid? § How much of the user-experience do you want to control? § How do you provide access for Developers? § Do you monetize your API?
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.8 Metadata What is a Service?What is an API!? Terminology, style, and reach Policies Artifacts Artifacts Metadata Policies
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.9 Metadata What is a Service?What is an API, Service? Terminology, style, and reach Policies Artifacts Artifacts Metadata Policies
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.10 Metadata What is a Service?What is an API, Service? API!? Terminology, style, and reach Policies Artifacts Artifacts Metadata Policies
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.11 –  Streamlined Operations and Maintenance –  Empower the Mobile Workforce –  Improved Employee Productivity –  Enable Better Customer Service –  Enable better responsiveness –  Capture New Revenue Opportunities Business Drivers for “API” Exposure Current Trends: Organizations Are Rapidly Leveraging REST-based APIs Security and Lifecycle Management are the primary barriers to adoption
    • Copyright © 2013, Oracle and/or its affiliates. All rights reserved.12 • Coordinate lifecycle setup across the infrastructure • Restrict, throttle and manage Web services and REST APIs • Coordinate on-boarding of developers • Extend common Access and Authorization policies to all systems • Connect mobile devices to existing enterprise systems • Communicate, communicate, communicate… The Enterprise Architect’s Challenge
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.13 Comparing API Management & SOA Governance
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.14 Quick Review SOA Governance and Lifecycle Management Artifacts Metadata Policies Architects Business Owners IT Operations Release Management Designers Developers & Integrators Security Engineers Consumer Provisioning Definition Business/IT Alignment Creation Efficiency, Reuse & Consolidation Monitoring & Management Production Assurance for SLAs Security Systematic Enforcement of Policy
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.15 Quick Review SOA Governance and Lifecycle Management Artifacts Metadata Policies Architects Business Owners IT Operations Release Management Designers Developers & Integrators Security Engineers Consumer Provisioning Definition Business/IT Alignment Creation Efficiency, Reuse & Consolidation Monitoring & Management Production Assurance for SLAs Security Systematic Enforcement of Policy & LEADING 3RD PARTY
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.16 Comparing API Management & SOA Governance Terminology & Perspectives Platform External Internal Lifecycle Security Monitoring § SOA Governance § Catalog of available assets, services, artifacts § Automation to support creation process § Transaction-level drill-down and issue triage § Organization dictates technology options & alternatives § API Management § Catalog of available APIs § Automation to support consumption by developer § Developer specific usage reporting § Limited “infliction” of technology on consumers
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.17 What is the core issue? API Management and SOA Governance share the same goal Communication Engagement Examples Social MediaForums Doc. BlogsSupport On-boarding Terms of Service Access Mgmt Error Handling Version Mgmt Pricing Events Developer Community Management
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.18 Learning from the Past
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.19 Why invest in a catalog? We only have one API! Developer Community Management
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.20 Does this sound familiar? Early Adoption of APIs eerily similar to Web services Lack of documentation Exposure of underlying data model Inconsistency of rules & behavior Security complexity Current API Adoption Challenges
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.21 What we have today in Oracle Fusion Middleware 11g •  Support for RESTful services in Service Bus •  Mediate security and other protocol differences between mobile client and target services (e.g. expose SOAP web service via RESTful interface) •  Result caching of (read-mostly) target service invocations •  Throttling of traffic to target services •  Lifecycle Management and coordination across various infrastructure teams through Enterprise Repository •  Consumption reports available through EM Cloud Control API Management Reference Architecture SOAP/REST and Legacy Web Services API Clients Developers Protocols HTTP,  SOAP, REST, XML JMS FTP REST JWT OAM, SM Basic Auth, X.509 Security WS-Security, Basic Auth, Digest, X509, UNT, SAML, Kerberos Sign & Encrypt
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.22 API Reference Architecture Design-time Activities of Provider SOAP/REST and Legacy Web Services API Clients Developers Protocols HTTP,  SOAP, REST, XML JMS FTP REST JWT OAM, SM Basic Auth, X.509 Security WS-Security, Basic Auth, Digest, X509, UNT, SAML, Kerberos Sign & Encrypt SOAP/REST and Legacy Web ServicesService Bus Enterprise Repository Developers 1 Automated Harvesting of SOA Composites, Services, etc. created 2 Architect requests creation of REST-based proxy Protocols HTTP,  SOAP, REST, XML JMS FTP 3 Automated Harvesting of REST-based proxy Architect adds terms of service, along with any additional documentation and metadata for REST- based API. API now ready for consumption! 4
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.23 API Reference Architecture Developer: Design-time Activities SOAP/REST and Legacy Web Services API Clients Developers Protocols HTTP,  SOAP, REST, XML JMS FTP REST JWT OAM, SM Basic Auth, X.509 Security WS-Security, Basic Auth, Digest, X509, UNT, SAML, Kerberos Sign & Encrypt SOAP/REST and Legacy Web ServicesService Bus Enterprise Repository Developers Protocols HTTP,  SOAP, REST, XML JMS FTP API Portal1 Developer browses the catalog and requests access to an API 2 Optional: Provider reviews & approves request for access 3 Access Token Returned to Developer
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.24 API Reference Architecture Questions at the edge SOAP/REST and Legacy Web Services API Clients Developers Protocols HTTP,  SOAP, REST, XML JMS FTP REST JWT OAM, SM Basic Auth, X.509 Security WS-Security, Basic Auth, Digest, X509, UNT, SAML, Kerberos Sign & Encrypt Protocols HTTP,  SOAP, REST, XML JMS FTP Developer Portal API Gateway
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.25 API Reference Architecture Developer Portal Protocols HTTP,  SOAP, REST, XML JMS FTP Enterprise Repository Service Bus SOAP/REST and Legacy Web Services API Clients Developers Protocols HTTP,  SOAP, REST, XML JMS FTP REST JWT OAM, SM Basic Auth, X.509 Security WS-Security, Basic Auth, Digest, X509, UNT, SAML, Kerberos Sign & Encrypt API Gateway Custom API Portal Custom Portal invokes exposed APIs for: Developer Facing Content, User Registration, Application Registration, custom workflows 1
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.26 API Reference Architecture Extended Solution with Oracle API Gateway SOAP/REST and Legacy Web Services API Clients Developers Protocols HTTP,  SOAP, REST, XML JMS FTP REST JWT OAM, SM Basic Auth, X.509 Security WS-Security, Basic Auth, Digest, X509, UNT, SAML, Kerberos Sign & Encrypt Protocols HTTP,  SOAP, REST, XML JMS FTP Enterprise Repository Service Bus API Portal Oracle API Gateway
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.27 API Reference Architecture Runtime Activities SOAP/REST and Legacy Web Services API Clients Developers Protocols HTTP,  SOAP, REST, XML JMS FTP REST JWT OAM, SM Basic Auth, X.509 Protocols HTTP,  SOAP, REST, XML JMS FTP 2 User interacts with mobile app Usage Reports 1 Developer builds & publishes Mobile App 3 Usage reports can be accessed & reviewed
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.28 API Management Within RTM OSB WLS (Business Services) WLS (Integration Services) OWSM Coherence Caching BPEL OrchestrationsOAG WebLogic / WC Portal Shared Policies OER Developers Developer Portal Register, Look up services RTM / MSP Invoke services OEM (manage API’s) LDAP or OAM Data Power Harvest
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.29 API Management Within RTM – what’s new OSB OWSM Coherence Caching BPEL OrchestrationsOAG WebLogic / WC Portal Shared Policies OER Developers Developer Portal Register, Look up services RTM / MSP Invoke services OEM (manage API’s) Data Power Harvest = New WLS (Business Services) WLS (Integration Services) LDAP or OAM = Assemble
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.30 API Management Reference Architecture SOAP/REST and Legacy Web ServicesService Bus API Gateway API Portal API Clients Developers 4 2 Protocols HTTP,  SOAP, REST, XML JMS FTP REST JWT OAM, SM Basic Auth, X.509 1 Oracle Service Bus Directly accessed by internal clients, provides: •  Access enforcement •  Routing, mediation, service throttling, response caching, versioning - abstracts backend services •  Rich connectivity •  Heavy duty payload transformations •  API virtualization, protocol & security translation for internal apps 2 Oracle API Gateway Exposes API’s to the external world, provides: •  API Key generation/validation •  Access enforcement •  Rate Limiting / Client Throttling •  Response caching •  API virtualization in the DMZ •  Security token & protocol mediation •  Firewalling, method/parameter whitelisting •  API aggregation & mash-up •  API usage measurement & reporting 3 Oracle Enterprise Repository Provides: •  Back-office API catalog, content prep environment •  API-Service dependency analysis •  API lifecycle management 4 API Portal External developer portal, sits on top of API repository & API gateway - provides: •  Self service registration, onboarding •  “API market place” •  API documentation, forums, blogs, support •  API Key delivery •  API testing tools •  Visualization of runtime usage metrics / monitoring •  Bill presentment Security WS-Security, Basic Auth, Digest, X509, UNT, SAML, Kerberos Sign & Encrypt Repository31
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.31
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.32
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.33 Transformation API Control & Governance API Management & Monitoring Threat Protection Client Throttling Secure REST API’s AccessManagement Extend Access Management to REST API’s •  Context Aware •  Authentication •  Authorization •  Fraud Detection •  Security Tokens •  Data Redaction •  Audit Secure API’s Enable Mobile Transactions and Access to Corporate Data
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.34 API Management §  Design-time support for –  Developer-facing catalog of available APIs –  Automate access provisioning for developers §  Runtime support for –  Mobile app consumption of RESTful API –  Providing reports of API usage by consumer Core Use Cases
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.35 Oracle API Gateway §  XML/API Threat Protection §  Client-based throttling §  REST API security (JSON schema validations, OAuth 2.0 Authorization server and client etc.) §  API Key Management §  Access control for heterogeneous deployment environments (.NET, Microsoft AD, Kerberos to SAML scenarios etc.) §  Native and out-of-box integration with Oracle Access Management (OAM 11gR2 / OES 11gR2 etc.) and non-Oracle Access Management solutions (CA, IBM, RSA, Entrust, Microsoft etc.) §  Support for Multiple Protocols (FTP/SFTP/JMS etc.) Key Capabilities
    • Copyright © 2012, Oracle and/or its affiliates. All rights reserved.36 Oracle API Management Solution Overview •  “Living” Repository to Capture, Share, Control & Change Manage API & underlying SOAArtifacts Through the Lifecycle •  Coordinate the setup and exposure of APIs across infrastructure components •  Consumer Contracts, Provisioning, and Identity Management •  Policy Management to Define & Manage Security & QoS Policies on Services •  Reporting with break-down by consumer •  Business Transaction Management for end-to-end control and visibility •  API Management to Provision, Monitor and Manage SLAs for Services and Composites in Production •  API Gateway at DMZ for API exposure/consumption, security A Comprehensive Suite for End-to-End API Management Oracle API Gateway Oracle EM SOA Management Pack EE with SOA Suite Oracle Enterprise Repository