API Management for Enterprise Mobile Access a How-to guide

API Management for Enterprise Mobile Access
A Layer 7 Technologies Solution
 Matt McLarty, VP, Client Solutions, Layer 7 Technologies

Housekeeping
 Questions
- Chat any questions you have and we’ll answer them at the end of this call

 Twitter facebook.com/layer7

- Today’s event hashtag:
layer7.com/linkedin
- #L7webinar
layer7.com/blogs
- Follow us on Twitter as well:
- @layer7

Agenda

• BYOD and the App Explosion
“Bring Your • Innovation through Consumerization
Own Device”

• Enterprise Mobility and the Mobile App Paradigm
Enterprise
Mobile • Leveraging Enterprise Services and Assets
Integration

• API Publication, Security and Monetization
Enterprise API • Solutions and Case Studies from Layer 7 Technologies
Management

BYOD: Bring Your Own Device

Courtesy of Click Software

BYOD: iPad @ Work – from IDG Connect “iPad for Business Survey 2012”

The App Explosion

Courtesy of zendesk Courtesy of [x]cube Labs

Pillars of an Enterprise Mobility Strategy*
 “By exposing
Business Drivers access … through
Hardware Ownership & Support a standardized
mobile-friendly
Deployment, Provisioning & Management enterprise
Enterprise Services Platform
services layer,
the cost of
Application Portfolio & Roadmap innovation can
be dramatically
Corporate Governance & Processes
reduced.”
Security Standards & Audit Processes
* From “iPad in the
Enterprise”, N.
Clevenger, Wiley 2011

Mobile App-to-Enterprise Service Integration
• Existing enterprise • Re-use of API and
services can create shared services
and increase infrastructure
revenue

Increase Cost
Revenue Reduction

Quality of
Compliance
Service

• Leverages proven • Uses existing
systems with security policies
enterprise SLA’s and technologies

Mobile App-to-Enterprise Service Integration Challenges

Mobile Devices
Enterprise Services
Data Services
Network

Proliferation of mobile Composite services Service API’s
Data privacy and
devices increases need API’s from unavailable in mobile-
integrity must be
message volumes multiple providers, friendly formats &
preserved end-to-end
exponentially requiring federation protocols (REST, JSON)

BYOD approach mixes API’s must be reusable How to access
personal and business across multiple mobile business intelligence
use, blurring the and non-mobile and Big Data in real-
security perimeter platforms time

Enterprise Service Platform Evolution
 Web Apps and Web Services (2001-2010)

Thin & Thick
Client
Web Proxy App Server DB Server

 Mobile Apps and API’s (2011 and beyond)

Mobile On-
Apps Prem

Cloud
Mobile Access Gateway API Server Data Services
(Hadoop, RDBMS)

The Mobile Access Gateway

Mobile Devices
Enterprise Services
Real-time bridging from
SOAP, XML and legacy
s Data Services JSON
formats to REST,
Network mobile protocols
Optimized high scale
engine for compute- Single logical gateway
intensive integration cluster configurable to
functions handle mobile, web and
B2B traffic
Proliferation of mobile Composite services
App- and API-specific Service API’s
Data privacy and
Existing enterprise
devices increases need API’s from
security handling— unavailable in mobile-
message volumes multiple providers, friendly formats & access control andbe
integrity must
including Oauth— preserved end-to-end
crypto extended to App-
exponentially requiring federation
adapts the perimeter protocols (REST, JSON)
API through Gateway

BYOD approach mixesFederated security for reusable
API’s must be How to accessEvent-aware integration
3rd party API’s, multiple mobile
personal and business across data capability for real-time
business intelligence
use, blurring the aggregation for
and non-mobile analytic data synthesis
and Big Data in real-
composite API mashups
security perimeter platforms time and integration

The Mobile Access Gateway

Mobile Devices
Mobile Access Enterprise Services
Service API’s Real-time bridging from
unavailable in mobile- SOAP, XML and legacy
Gateway friendly formats & Data Services JSON
formats to REST,
protocols (REST, JSON) mobile protocols
Proliferation of mobile Optimized high scale
devices increases engine for compute- API’s must be reusable Single logical gateway
message volumes intensive integration across multiple mobile cluster configurable to
exponentially functions and non-mobile handle mobile, web and
platforms B2B traffic

BYOD approach mixes App- and API-specific Existing enterprise
personal and business security handling— Data privacy and access control and
use, blurring the including Oauth— integrity must be crypto extended to App-
security perimeter adapts the perimeter preserved end-to-end API through Gateway

Composite services Federated security for How to access Event-aware integration
need API’s from 3rd party API’s, data business intelligence capability for real-time
multiple providers, aggregation for and Big Data in real- analytic data synthesis
requiring federation composite API mashups time and integration

Mobile App-to-Enterprise Integration Stakeholders

App Who is allowed to API
Developer use my API’s? Are Owner
What API’s are they being used?
available and how
can I use them?

Mobile On-
Apps Prem

Cloud
Mobile Access Gateway API Server Data Services
(Hadoop, RDBMS)

IT Info
How is our data Security
Operator being protected and
What is changing? access controlled?
Is everything
running smoothly?

Layer 7 API Management Suite
 API Proxy
- Enterprise-grade Mobile Access Gateway

 API Portal
- Developer on-boarding, support and resources
- API metrics and reporting

 Enterprise Service Manager (ESM)
- API migration, management and dashboarding

 Secure OAuth Toolkit
- Support for 2 and 3-legged OAuth

API Management – How it All Works
Enterprise APIs

1. Publish & Secure APIs 2. Onboard Developers

Developer

Security Architect

4. Close the Loop

3. Monetize your APIs

IT Operator

Business Manager/
API Owner

Mobile Access Gateway – API Proxy
Enterprise APIs

Feature/Function API Proxy
Credentialing Y
Custom Assertion SDK Y
JDBC support Y
SAML support Full
Convert SOAP<->REST Y
WS* support Y
XACML support Y
1. Publish & Secure APIs MTOM support Y
Transports supported JMS, MQ, FTP(s), HTTP(s), raw TCP

Concurrent Assertion support Y
OAuth support 1.0 and 2.0, HMAC, RSA
Rate Limiting Y
Multiple Form Factors Hardware, Software, VMware, AMI

Mobile Access Gateway – OAuth
• Plug in your ID providers, IAM, CA Siteminder,
OAM, …
• Plug in any developer portal, api key
management system
Layer 7 implements OAuth
Layer 7 implements OAuth Resource Server for your REST
Authorization Server services, APIs

Client application
(REST client) API Dev Portal or Client API Key store
1. Handshake
2. Service call

Handshake only
(optional)
Resource owner
(subscriber) ID Provider
For resource owner authentication

API Portal – Onboard and Manage Developers
Enterprise APIs

2. Onboard Developers

Feature/Function API Portal
Developer Registration Y
API Key Management Y
API Explorer Y
API Rate Limiting Y
API Reporting Y
Developer Support Y
Fully-branded CMS Y
Account Management Y

ESM – API Migration and Lifecycle Management
 Automated dependency resolution when migrating policies between environments

cloud01LDAP
prod01LDAP

Development Test (Enterprise) Production (Cloud)
dev01LDAP

3. Monetize your API’s

Example Scenario – Web Application Security

Thin & Thick
Client

Policy Server Directory
(e.g. SiteMinder) (e.g. AD)

Monitoring & Logging

Example Scenario – Web Services Security

Thin & Thick
Client

B2B
Clients


Mobile Access Gateway
(L7 SecureSpan Gateway)
L7 Enterprise
Service Manager Monitoring & Logging

Example Scenario – API Management

Thin & Thick
Client

B2B L7 API Portal
Clients

Mobile
Apps

Mobile Access Gateway
(L7 SecureSpan Gateway)
L7 Enterprise
Service Manager Monitoring & Logging

Case Study: API-Enabling Health Care
 Challenge: Reduce cost and delay in processing Medicaid member information by bringing
the process online
 Solution: Mobile Access Gateway allows iPad application to securely connect to existing
backend APIs; data routing, strict authN & authZ, comprehensive threat protection

 Results: Improved the provider’s health care coverage and member services, while
increasing the effectiveness and efficiency of its Medicaid program

Case Study: Mobile-Enable Airline Services
 Challenge: Securely expose existing services to third party developers in order to expand
their market reach
 Solution: The Layer 7 API Proxy allows the airline to securely expose and manage their APIs,
while caching Sabre requests

 Results: Significantly grew market reach, while controlling costs associated with constantly
pulling data from Sabre to service Developer requests

Case Study: Smart Grid Gateway
 Challenge: Migrate energy services to Smart Grid technology, leveraging the new capabilities
offered by additional data and communication
 Solution: SOA, Web and API Security Gateway enables high volume meter data collection,
assisted service and upcoming mobile self-service for enhanced client experience

 Results: Cost avoidance for higher volume meter traffic, improved customer service through
real-time channels, improved service availability through proactive system monitoring

Conclusions

Employees are …and IT groups must
bringing mobile accommodate them
devices to work en without compromising
masse… security and SLA’s

Mobile Apps are …existing enterprise
being built to services can be used to
improve productivity quickly and reliably
and reduce cost… enable these apps

Enterprise API
Management …through a Secure
Mobile Access Gateway,
integrates Mobile an API Portal, and open
Apps and Enterprise standards
Services…

API Management for Enterprise Mobile Access a How-to guide

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (10)

More from CA API Management

More from CA API Management (20)

Recently uploaded

Recently uploaded (20)

API Management for Enterprise Mobile Access a How-to guide

Editor's Notes