Your SlideShare is downloading. ×
API First Mobile Strategy
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

API First Mobile Strategy

618

Published on

Why do YOU need a mobile application strategy aligned to API management?

Why do YOU need a mobile application strategy aligned to API management?

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
618
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
25
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Over the next five years, the total market for wearable wireless devices in sports and healthcare will grow to 169.5 million devices in 2017, up from 20.77 million in 2011, a CAGR of 41%.
  • Welcome everyone. Thanks so much for taking time today to join us and learn more about the mobile industry and our recent announcements around our IBM MobileFirst portfolio. I’m thrilled at the lineup of speakers we have for you today, including a distinguished customer, business partner and analyst. First though, I want to briefly paint a picture for you on the state of mobile.
     
    What a truly exciting time it is. We’re entering a new era in the core model of computing… following two prior generations. The first started in the late 19th century with the theory of basic tabulation seen in payroll or inventory information such as the census. Machines automated accounting and the back office began to transform. The second generation, starting in the 1950s brought about programmable computers. Machines that could be told what to do where they could perform multiple tasks, see relationships in data, and support transaction processing such as banking, airline reservations, ATMs and everything we know today as Enterprise Resource Planning. And while the form factors underwent radical changes … from mainframes to PCs to tablets … game devices … smart phones … they were all continuations of programmable computing. Coming next, and some argue has already arrived, are computing systems that go beyond what they are programmed to do. Systems that truly enable us to transact in motion.
     
  • In addition to the SoE discussion we’ve had today, it’s important to note that SoR will continue to be important for many applications. Our goal is to continue to provide the middleware that supports reliable Systems of Record, to build a platform for rapidly building Systems of Engagement, and to provide tools that integrate the two environments. This is where products like WMB, DataPower, WAS and MQ will continue to provide value for our customers.
  • Transcript

    • 1. © 2014 IBM Corporation 3236: API First Mobile Strategy Nitin Gaur, Senior MobileFirst Solution Architect Ozair Sheikh, Product Manager – DataPower Gateway Appliances Matt Kelm, Product Manager, API Management
    • 2. Please Note IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.
    • 3. Designing for a robust Digital Strategy? • IT strategies treat technology in isolation. • Silo’ed Approach — on a cloud strategy, social strategy, or mobile strategy. • Meaningful solutions - seek pervasive digital connections in which the individual technologies (cloud, near field communications, mobile, big data, etc.) • Aim - to deliver an experience that looks and feels an awful lot like our natural behavior. • Rich Interactions - more connections between people, places, information, and things (aka digital density), the more customers can interact with companies and each other in a seamless and satisfying way. • Is your Enterprise Design ready for This? IT strategy does not equate to a digital strategy. Why?
    • 4. Why do YOU need a mobile application strategy aligned to API management? Why API Management • API Management provides companies with the tools for creating, proxying, assembling, securing, scaling and socializing web APIs. Mobile Platform • Cross-platform mobile application development, based on open standards • Rich application functionality to access full device capabilities and facilitate key business capabilities such as secured data access, offline working, and geo-location services • End to end integrated security lifecycle from device, over the wire, to the data centre with user, application and device authenticity testing • Cross-platform automated functional testing • Application center app store for application distribution to the enterprise and partners
    • 5. Agenda Explosion in Mobile Adoption Drivers – API Economy API First Mobile Strategy Design for Digital Strategy
    • 6. Mobile Adoption Continues to Explode 1 Trillion Connected Devices 2013 2014 2015 5.6 Billion Personal Devices Sold 41% CAGR Wearable Wireless Devices
    • 7. Organizations must restlessly re-invent… … and customer experience must be personal and immediate • Outpace existing – and emerging – competitors • Deliver ever more engaging customer experience • Continuously learn how to improve and anticipate shifts • Re-invent and enhance experience
    • 8. A new Mobile Era, We Have Moved From… Reactive security Rigid infrastructure to Structured data to Millions of PCs to billions of mobile devices massive amounts of unstructured data Intelligent, proactive protection an elastic cloud infrastructure Single transactions to personalized engagement Static applications to dynamic compos-able services
    • 9. So what is changing the Landscape? New business models and paradigms Drivers Social Media goes mainstream • Everyone wants to be on Facebook/linkedin etc • Every solution is compared to scalability and availability like social networks • Capitalize on ‘perceived’ new markets on social network. Emerging Channels of commerce • New breed of personal devices • Speed of commerce • Low tolerance for ‘slow’ experience Proliferation of ‘smart’ phones - Mobility • Defining new engagement Models • Exponential growth of Mobile Devices • New System of Engagements • Emerging markets – New Platforms Globalization!! • Single market for everything • Everything is linked
    • 10. The Goal: Becoming a Composable Business • Dynamic, flexible, responsive, agile • Built on blocks of capability that can be rapidly changed • Driven by analytics of real-time data
    • 11. The Business of APIs Grow revenues…Grow revenues… …… While reducing overheadWhile reducing overhead “$7bn worth of items on eBay through APIs” Mark Carges (Ebay CTO) The API which has easily 10 times more traffic then the website, has been really very important to us.” Biz Stone (Co-founder, Twitter) “The adoption of Amazon’s Web services is currently driving more network activity then everything Amazon does through their traditional web sites.” Jeff Bar (Amazon evangelist) / Dion Hinchcliffe (Journalist) stores (800) ###s web sites Not having an API today is like notNot having an API today is like not having a website in the 1990s…having a website in the 1990s… 11
    • 12. Business Design is an end-to-end Endeavor 12
    • 13. What is a Business API?  A Business API is a public persona for an enterprise; exposing defined assets, data or services for public consumption  A Business API is simple for app developers to use, access and understand  A Business API can be easily invoked via a browser, mobile device, etc. What Value Does a Business API Provide?  Extends an enterprise and opens new markets by allowing external app developers to easily leverage, publicize and/or aggregate a company’s assets for broad-based consumption What “assets, data or services” are exposed via a Business API?:  Product catalogs  Store listings  Order status  Inventory  Social interaction Business API = Productized Service App Developer 13
    • 14. Example: APIs creation extends services 14 “Better Bank’s” comprehensive API strategy reaches customers through new channels External Developers • Lending Rates API • Deposit Rates API • Neighborhood Data API • Demographics API Local Real Estate Aggregator App
    • 15. Example: APIs consumption powers high-value applications 15 “Better Bank’s” comprehensive API improves employee productivity Internal Developers • Customer Profile API • Risk Score API • Valuation API • Property Details API • Mortgage API Loan Origination / Processing Application • Credit Pre-qualification API • Application Submission API
    • 16. Mobile applications use APIs from developer portals Explore API documentation Interactively exercise APIs
    • 17. Spectrum of mobile app development approaches Web-native continuumWeb-native continuum • HTML5, JS, and CSS3 (full site or m.site) • Quicker and cheaper way to mobile • Sub-optimal experience • HTML5, JS, and CSS • Usually leverages Cordova • Downloadable, app store presence, push capabilities • Can use native APIs • As previous • + more responsive, available offline • Web + native code • Optimized user experience with native screens, controls, and navigation • App fully adjusted to OS • Some screens are multi- platform when makes sense • App fully adjusted to OS • Best attainable user experience • Unique development effort per OS, costly to maintain HybridPure web Pure native Mobile web site (browser access) Mobile web site (browser access) Native shell enclosing external m.site Native shell enclosing external m.site Pre- package d HTML5 resources Pre- package d HTML5 resources HTML5 + native UI HTML5 + native UI Mostly native, some HTML5 screens Mostly native, some HTML5 screens Pure native Pure native
    • 18. Connecting APIs to Mobile Devices (1 of 2) API services based upon HTTP/REST/JSON provide lightweight, standard approach to integrate with backend services Mobile application frameworks provide frameworks to invoke API services • IOS: NSURLConnection • Android: HttpURLConnection • Javascript: dojo.xhr/jquery.ajax API API API Jane SDKs
    • 19. Connecting APIs to Mobile Devices (2 of 2) Mobile applications invoke API services asynchronously Mobile application frameworks provide ‘callbacks’ to trigger logic once a certain action is performed • Does not block the user from performing other actions Mobile applications must be design to handle cases where API services are slow to respond • Multiple API calls may be triggered concurrently
    • 20. What about security and integration? Connecting Mobile applications to API services is easy with the right framework … but there are several other considerations Security • How do I access a protected API service securely and manage session information • How can I ensure an API service conforms to a “contract” Integration • Mobile application logic requires transformation/filtering logic • Connect to non-HTTP protocols such as MQ securely
    • 21. Cannot always trust your APIs! API responses may not define an explicit schema • Developer portals provide sample responses but no “contract” to guarantee structure and data types • Ensure responses do contain malicious data that allows sensitive information to be comprimised Mobile client authentication • Leverage external security service to authenticate and authorize user credentials • Do no hardcode any security credentials Trusting enterprise mobile application • Use Mobile device management solution (Worklight) to ensure application is trusted when connecting to enterprise API services
    • 22. Secure Mobile applications DataPower deployed in the DMZ is the first level of security for access control, threat protection, and data validation Increased awareness of mobile security • Mobile traffic enters corporate network through the DMZ from the Internet • Security teams have less control over devices accessing the corporate network Security is about defense-in-depth • Several levels of defense required to provide a security solution Identity & Access Management Threat Protection Data Security
    • 23. Integration Mobile applications to existing infrastructure Mobile applications still require access to existing enterprise services that are not based upon REST/JSON/HTTP standards Avoid client-side ‘integration’ logic • Example: message transformation/filtering, non-HTTP interaction, etc.. HTTP(s) FTP(s) SFTP WebSphere MQ, MQ FTE WebSphere JMS Database DB2, SQL Server, Oracle, Sybase, TIBCO EMS IMS NFS
    • 24. Mobile security and integration gateway - Optimize and Control Mobile gateway provides security and integration capabilities combined that optimize and control mobile traffic Optimize – Decrease response time and intelligently distribute load? • Intelligent load balance to Worklight server deployed on WebSphere Application Server ND • Decreased response time provides better user experience and interaction with application conserving battery power and enabling data access in bandwidth sensitive locations Shape mobile traffic based on service level agreements, and route based on message content • Manage traffic from Mobile applications, providing different QoS to protect your services and applications from over-utilization and enforce quota Control Optimize
    • 25. Mobile integration using IBM API Management • DataPower is a component of the IBM Web API solution providing runtime access to Web API from Mobile applications − DataPower intelligently routes traffic to either the Worklight server or Web API service provider − IBM API Manager provides central point for exposing and documenting the available APIs − Analytics Module provides storage for system-wide API metrics Web API Traffic (REST) JSON or XML / HTTP(s) Mobile Consumer IBM DataPower Gateway DMZ Secure Web API Service Provider API Developer Management Node Hypervisor Security Gateway Analytics Hypervisor WL App Analytics traffic Web APIIBM API Manager
    • 26. Questions?
    • 27. Thank You
    • 28. API Management Resources Product Page • ibm.com/apimanagement API developer community • developer.ibm.com/apimanagement Twitter • @ibmapimgt YouTube Channel • youtube.com/ibmapimanagement Slideshare • slideshare.net/ibmapimgmt Speaker Deck • speakerdeck.com/ibmapimgmt 28
    • 29. Pitney Bowes, a global leader in software innovations, and mailing and shipping solutions, powers billions of transactions in modern commerce “Pitney Bowes location-based services on IBM BlueMix will allow innovators and developers to seamlessly extend their products and services to the cloud and mobile devices.” -Roger Pilc, Chief Innovation Officer, Pitney Bowes ..
    • 30. Codename: BlueMix Delivering a Composable Services development environment Run Your Apps The developer can chose any language runtime or bring their own. Just upload your code and go. DevOps Development, monitoring, deployment and logging tools allow the developer to run the entire application APIs and Services A catalog of open source, IBM and third party APIs services allow a developer to stitch together an application in minutes. Cloud Integration Build hybrid environments. Connect to on- premises systems of record plus other public and private clouds. Expose your own APIs to your developers. Built on IBM SoftLayer Runs automatically on top of IBM’s leading infrastructure as a service. No need to worry about provisioning or managing infrastructure.
    • 31. Api mgmt– Generic APIsApi mgmt– Generic APIs WL App-specific APIs WL App-specific APIs AdapterAdapter MgmtMgmt Backend Service Backend Service App1App1 App2App2 App nApp nPartnersPartners 3rd Party 3rd Party ADAD Worklight server responsibility 1.Security lifecycle • App authentication • Multi-factor auth • Device SSO and secured access • Offline auth 2.Simplified data access API manages • Connectivity • Data transformation (REST) • Offline working with optional synchronisation • Security integration • Mobile service layer owned and shaped by app dev team 3.Application management (does not require footprint on device) • App Center application distribution • Direct app update • Remote app disable 4.Operational control • Application analytics • Consolidated logging API mgmt responsibility (in mobile context) 1.Stable API layer – Governance owned by central architecture 2.Multi-channel access 3.Mediation to data sources 4.Security? Architecture Option 1 – Use Worklight for app management and data access
    • 32. Api mgmt– Generic and App-specific APIs Api mgmt– Generic and App-specific APIs WLWL MgmtMgmt Backend Service Backend Service App1App1 App2App2 App nApp nPartnersPartners 3rd Party 3rd Party ADAD Worklight server responsibility 1.Security lifecycle • App authentication • Multi-factor auth • Device SSO and secured access • Offline auth 2.Simplified data access API manages • Connectivity • Data transformation (REST) • Offline working with optional synchronisation • Security integration • Mobile service layer owned and shaped by app dev team 3.Application management does not require footprint on device • App Center application distribution • Direct app update • Remote app disable 4.Operational control • Application analytics • Consolidated logging API mgmt responsibility (in mobile context) 1.Stable API layer and App-specific requirements 2.Multi-channel access 3.Mediation to data sources 4.Secured data access Architecture Option 2 – Use Worklight for app management
    • 33. Architecture Option 1 – Use Worklight for app management and data access Pros ApiMgmt API layer can focus on providing generic APIs with well-defined and stable lifecycle WL developers can provide their own integration to meet their app-specific requirements and iterate as required for app improvements. All data requests still ultimately go through single API layer WL infrastructure can manage full security lifecycle Make full use of WL developer APIs for improved productivity Option for app developer to make use of server-side processing Cons Extra hop in network (can be mitigated by reduced data and calls) WL is additional component that needs to be sized and managed for throughput – option for managed service?
    • 34. Architecture Option 2 – Use Worklight for app management Pros All data access goes directly through ApiMgmt API layer Reduction in network hops Cons Developer needs bespoke app-side development to handle • Integration with API mgmt security lifecycle • Connectivity • Any data transformation needed If any app-specific APIs are being provisioned on ApiMgmt, needs to be done by different team and iterative development needs to match that of mobile application
    • 35. Legal Disclaimer • © IBM Corporation 2014. All Rights Reserved. • The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. • References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. • If the text contains performance statistics or references to benchmarks, insert the following language; otherwise delete: Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. • If the text includes any customer examples, please confirm we have prior written approval from such customer and insert the following language; otherwise delete: All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. • Please review text for proper trademark attribution of IBM products. At first use, each product name must be the full name and include appropriate trademark symbols (e.g., IBM Lotus® Sametime® Unyte™). Subsequent references can drop “IBM” but should include the proper branding (e.g., Lotus Sametime Gateway, or WebSphere Application Server). Please refer to http://www.ibm.com/legal/copytrade.shtml for guidance on which trademarks require the ® or ™ symbol. Do not use abbreviations for IBM product names in your presentation. All product names must be used as adjectives rather than nouns. Please list all of the trademarks that you use in your presentation as follows; delete any not included in your presentation. IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of International Business Machines Corporation in the United States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other countries, or both. • If you reference Adobe® in the text, please mark the first use and include the following; otherwise delete: Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. • If you reference Java™ in the text, please mark the first use and include the following; otherwise delete: Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. • If you reference Microsoft® and/or Windows® in the text, please mark the first use and include the following, as applicable; otherwise delete: Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. • If you reference Intel® and/or any of the following Intel products in the text, please mark the first use and include those that you use as follows; otherwise delete: Intel, Intel Centrino, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. • If you reference UNIX® in the text, please mark the first use and include the following; otherwise delete: UNIX is a registered trademark of The Open Group in the United States and other countries. • If you reference Linux® in your presentation, please mark the first use and include the following; otherwise delete: Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others. • If the text/graphics include screenshots, no actual IBM employee names may be used (even your own), if your screenshots include fictitious company names (e.g., Renovations, Zeta Bank, Acme) please update and insert the following; otherwise delete: All references to [insert fictitious company name] refer to a fictitious company and are used for illustration purposes only.

    ×