Kevin Jones, Global Consulting Engineer from NGINX San Francisco, preseentation about how to accelerate your journey to microservices with a modernised full API lifecycle management solution. Learn how to cut costs, improve performance, and reduce load on API endpoints. This presentation, covers:
All elements of full lifecycle management including API creation, securing your backend infrastructure, managing traffic, and ongoing monitoring.
Innovative architecture that doesn't involve additional microgateways to process API calls
Differentiated pricing model that does not penalize API adoption
4. Introduction to NGINX and the Application Platform
Why use an API Gateway?
What roles should an API Gateway play and how can NGINX help?
Introducing the API Management Module for NGINX Controller
1
2
3
4
Agenda
Live Demo5
6. “... when I started NGINX,
I focused on a very specific
problem – how to handle more
customers per a single
server.”
- Igor Sysoev, NGINX creator and founder
7. 450 million
Total sites running on NGINX and counting…
Source: Netcraft March 2018 Web Server Survey
8. 56%
of the Top 100,000 most popular websites
Source: : W3Techs Web Technology Survey137
10. #nginx #nginxconf10
Core NGINX (F/OSS)
HTTP2
JSON Logging
Stream Module (TCP… UDP)
Multi Datagram UDP Support
Thread Pools
Dynamic Modules
JavaScript Module for NGINX
ECC Certificate Support
Linux Enhancements
The Developmental Pillars
Continued commitment to Community and Enterprise…
NGINX Plus
All of Core Plus:
DNS SRV Record Support
JWT Support (Auth)
ModSecurity 3.0 WAF
Application Health Checks
High Availability Support
Configuration Sync
Dynamic Reconfiguration (API)
Key Value Store (API)
Live Activity Monitoring (API)
Cache Management (API)
11. Flawless Application Delivery for the Modern Web
Load Balancer Content Cache WebServer Monitoring &
Management
Security
Controls
12. About NGINX, Inc.
• Founded in 2011, NGINX Plus first released in
2013
• VC-backed by enterprise software industry
leaders
• Offices in SF, London, Cork, Japan,
Singapore, Sydney, and Moscow
• 1,600+ commercial customers
• 200+ employees
19. Building a great application
is only half the battle,
delivering the application
is the other half.
135
20. 20
Today API Requirements are changing…
• APIs are getting smaller and more
distributed, resulting in more
connections
• Security requirements are getting
much higher
• Monitoring, routing and scaleability
of you APIs is very crucial to the
architecture
• Performance and uptime is critical to
your APIs reputation
21. 21
Thus the API Gateway is born!
• Single Point of Entry (REST, gRPC and TCP)
• Reverse Proxy and Routing
• Edge Security
• Dynamic Routing and Versioning (Blue/Green,
Failover)
• Optimization (TCP and SSL)
• Adds Scalability
• Monitoring
• Overall Control
22. 22
There are things to consider…
• Your architecture will require more orchestration and management
• Con"guration and routing logic must be managed in the con"guration
during deployment
• An API gateway can become a limiting factor and even a single point of
failure, therefore HA is key
24. 24
What should I look for in an API Gateway?
• Secure (Authentication and
Authorization)
• Request Routing
• Performance
• Extendable / Customizable
• Flexible
• Reliable
• Dynamic (Orchestration and Scale)
• Highly Available
• Give Insight
26. Programmability
Dynamically create custom configs:
• JavaScript-based scripting
language Module
• Lua scripting language
• Ansible, Chef, and Puppet
integration
• NGINX Plus API for managing
upstream servers, key‑value
stores, and real‑time metrics
27. Dynamic Modules
Dynamically plug in additional features:
• Single sign‑on : ForgeRock, IDF Connect, Ping
Identity
• Device detection: WURFL, DeviceAtlas,
51Degrees
• Security: Stealth, Wallarm, NGINX WAF
• Scripting: NGINX JavaScript module, Lua
• GeoIP: Locate users by IP address (requires
MaxMind GeoIP db)
• Build tool for compiling your own custom modules
29. Effective Security Controls
Protect your APIs:
• Request Rate limiting
• Connection limiting
• IP access control list (ACL)
• Dual stack RSA/ECC SSL offloading
• JWT authentication for APIs and
OpenID Connect single sign‑on (SSO)
• Layer 7 WAF
30. Cache Critical API Endpoints
The cache that powers the largest CDNs:
• Cache static and dynamic content
• Improve dynamic content performance
with microcaching
• Serve "stale" content while revalidating
in background for better performance
• Override or set Cache‑Control headers
• Manage the cache easily with the
cache‑purging API
31. 31
API Routing
• NGINX use PCRE based regular
expression matching to route
traffic
• Information in the request
available as NGINX variables
• Health checks help create a
Circuit Breaker pattern to
failover traffic to backup
endpoints
32. Best-in-Class Support from NGINX
Engineers
9.5/10 27 min
Average Customer
Satisfaction Rating
Average Initial
Response Time
37. Reduce Complexity with NGINX
37
Data plane (NGINX API GW) does not require runtime
connectivity to control plane (NGINX Controller)
• High Performance
• Same high performance regardless of where API GW is deployed
(whether to handle N/S traffic or E/W traffic)
• No need for additional software components such as microgateways
• Small API GW footprint
• Easy to deploy
Confidential – Do Not Distribute