SlideShare a Scribd company logo

We Built This City - Apigee Edge Architecture

Download as PPTX, PDF
Apigee | Google Cloud
Apigee | Google Cloud

Building Apigee Edge - I Love APIs 2015

Software
1 of 19
1 We Built This City Greg Brail, Apigee Sridhar Ragagopalan, Apigee Chris Vogel, Apigee
The State of the API Today • Every API call counts – No one wants to see timeouts, 500s, stack traces, etc. • APIs are 24x7 – Even more than the web, API users expect that there is no downtime • APIs are global – Clients and users expect low latency, around the world • Threats are global – Every API may be under attack, in some way, at any point
What does that Mean for Us? • Global distribution • Upgrades without scheduled downtime • Rigorous monitoring • Attention to detail 3©2015 Apigee. All Rights Reserved.
Our Challenge • What our customers expect: – >99.99% availability as defined by the number of transactions that complete successfully – Geographically distributed across data centers – In the Apigee Cloud or their own data centers – No maintenance windows – No regressions – Acceptable latency – All the features we have plus just one more ;-) 4
Our Basic Approach 5
Apigee Edge Approach 6
A More Jaded View 7 Clients on the Internet Apigee Our customers’ systems Inspired by Kyle Kingsbury: https://aphyr.com/
What do we Deal With? • Insecure APIs • Attacks on security • Intentional API attacks • Accidental denial of service • Buggy clients • Buggy servers • Disagreement about what HTTP means • Hard to use APIs • Slow customer systems • Lousy customer data centers • Confused developers • Plenty of our own issues 8
What Does it Look Like? 9 Clients (Apps, etc) Customers’ APIs Routing Message Processing Runtime Data Analytics Data Management
Technical Challenges 10
Types of Data At Apigee Type How Many Records? How Often do we Write? Storage System configuration 1000s 10s / minute Zookeeper Customer Proxy Deployments 100,000s 10s / minute Zookeeper / C* API Publishing Data (developers, apps, keys) Millions 10s / second C* OAuth Tokens & metadata Tens of millions 10,000s / second C* Counters / Quotas Millions 10,000s / second C* Distributed Cache Tens of millions 10,000s / second C* API Analytics Data Billions 10,000s / second Postgres / RedShift / S3 11
Challenge #1: Availability 12
Challenge #1: Counting* • What we need: • Application X is allowed to make 10,000 API calls per hour for free – Across geographies – Less than a 0.01% error rate – Minimal latency • Application Y is allowed to make 1,000,000 API calls per hour because they paid – Warn them before they reach a million – Cut them off if they exceed it – Charge them accurately for each API call • Control the tradeoff between accuracy and latency – We’d love to be able to talk rationally about this with customers 13 * That was a joke
Counting in Distributed Systems • What we can do: • Central system that holds all counters – Would be perfectly accurate, but obviously no • Distributed consensus protocol across all servers – Too slow especially across geographies • Eventually consistent counters – Yes! But how? • Cassandra counters – Write availability in the presence of network partitions – Still too slow • Cassandra counters plus local caching – Best we can do right now 14
Challenge #3: Detecting Abuse • APIs are nice and open and easy to program • That makes them easy to exploit – Travel APIs – Retail APIs – Other open APIs • 80% of traffic on one retail customer’s retail API was from “bots” – Scraping prices, availability, etc. • 56% of all web site traffic purportedly comes from bots 15
Detecting Bad Traffic • Long-term batch analytics processing – Machine learning + data + heuristics • For instance – U.S. Retailers don’t have many customers in Romania – iPads tend not to reside inside Amazon Web Services data centers – Real people tend not to query product SKUs starting at “000000” and proceeding to “999999” – Real people don’t check on100 rooms at the same hotel and never book • Solution includes: – Batch processing to update bot scoring – Bloom filters at router layer – Lookup table and other processing for other traffic 16
Challenge #4: Management • We are largely a management system – 1000s of new API proxies deployed per day to our cloud – Each one includes customer-specific processing rules, policies and code – API calls coming in for analytics queries, to change rate limits, set up developers, etc. • Systems architects tend to give management short shrift – “It’s OK if the management system fails as long as the API calls keep working” • Need to architect management for the same SLA as everything else – So we use Cassandra and Zookeeper here too 17
Finally: Lessons from the Cloud • Hardware fails. So what? • Network fails. Bad but expected. • Management layer fails. Big problem. – See history of AWS outages 18
Thank you ©2015 Apigee. All Rights Reserved.

Recommended

Apigee Products Overview
Apigee Products OverviewApigee Products Overview
Apigee Products Overview
Apigee | Google Cloud
 
What is APIGEE? What are the benefits of APIGEE?
What is APIGEE? What are the benefits of APIGEE?What is APIGEE? What are the benefits of APIGEE?
What is APIGEE? What are the benefits of APIGEE?
IQ Online Training
 
API Management in Digital Transformation
API Management in Digital TransformationAPI Management in Digital Transformation
API Management in Digital Transformation
Aditya Thatte
 
Apigee Edge Overview and Roadmap
Apigee Edge Overview and RoadmapApigee Edge Overview and Roadmap
Apigee Edge Overview and Roadmap
Apigee | Google Cloud
 
Apigee Edge Product Demo
Apigee Edge Product DemoApigee Edge Product Demo
Apigee Edge Product Demo
Apigee | Google Cloud
 
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
Apigee | Google Cloud
 
API Governance in the Enterprise
API Governance in the EnterpriseAPI Governance in the Enterprise
API Governance in the Enterprise
Apigee | Google Cloud
 
Apigee Demo: API Platform Overview
Apigee Demo: API Platform OverviewApigee Demo: API Platform Overview
Apigee Demo: API Platform Overview
Apigee | Google Cloud
 

Recommended

Apigee Products Overview
Apigee Products OverviewApigee Products Overview
Apigee Products Overview
Apigee | Google Cloud
 
What is APIGEE? What are the benefits of APIGEE?
What is APIGEE? What are the benefits of APIGEE?What is APIGEE? What are the benefits of APIGEE?
What is APIGEE? What are the benefits of APIGEE?
IQ Online Training
 
API Management in Digital Transformation
API Management in Digital TransformationAPI Management in Digital Transformation
API Management in Digital Transformation
Aditya Thatte
 
Apigee Edge Overview and Roadmap
Apigee Edge Overview and RoadmapApigee Edge Overview and Roadmap
Apigee Edge Overview and Roadmap
Apigee | Google Cloud
 
Apigee Edge Product Demo
Apigee Edge Product DemoApigee Edge Product Demo
Apigee Edge Product Demo
Apigee | Google Cloud
 
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
I Love APIs 2015: Advanced Crash Course in Apigee Edge Workshop
Apigee | Google Cloud
 
API Governance in the Enterprise
API Governance in the EnterpriseAPI Governance in the Enterprise
API Governance in the Enterprise
Apigee | Google Cloud
 
Apigee Demo: API Platform Overview
Apigee Demo: API Platform OverviewApigee Demo: API Platform Overview
Apigee Demo: API Platform Overview
Apigee | Google Cloud
 
API Management
API ManagementAPI Management
API Management
Prolifics
 
How Secure Are Your APIs?
How Secure Are Your APIs?How Secure Are Your APIs?
How Secure Are Your APIs?
Apigee | Google Cloud
 
API Best Practices Webinar: Metrics - What to Measure
API Best Practices Webinar: Metrics - What to MeasureAPI Best Practices Webinar: Metrics - What to Measure
API Best Practices Webinar: Metrics - What to Measure
Apigee | Google Cloud
 
API Management - Why it matters!
API Management - Why it matters!API Management - Why it matters!
API Management - Why it matters!
Sven Bernhardt
 
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge Workshop
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge WorkshopI Love APIs 2015: Crash Course Foundational Topics in Apigee Edge Workshop
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge Workshop
Apigee | Google Cloud
 
Api-First service design
Api-First service designApi-First service design
Api-First service design
Stefaan Ponnet
 
Definitive Guide to API Management
Definitive Guide to API ManagementDefinitive Guide to API Management
Definitive Guide to API Management
Apigee | Google Cloud
 
APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide
Isabelle Mauny
 
API Strategy Introduction
API Strategy IntroductionAPI Strategy Introduction
API Strategy Introduction
Doug Gregory
 
Architecting an Enterprise API Management Strategy
Architecting an Enterprise API Management StrategyArchitecting an Enterprise API Management Strategy
Architecting an Enterprise API Management Strategy
WSO2
 
I Love APIs 2015 : Zero to Thousands TPS Private Cloud Operations Workshop
I Love APIs 2015 : Zero to Thousands TPS Private Cloud Operations WorkshopI Love APIs 2015 : Zero to Thousands TPS Private Cloud Operations Workshop
I Love APIs 2015 : Zero to Thousands TPS Private Cloud Operations Workshop
Apigee | Google Cloud
 
API Management Within a Microservices Architecture
API Management Within a Microservices Architecture API Management Within a Microservices Architecture
API Management Within a Microservices Architecture
Nadeesha Gamage
 
How to Execute a Successful API Strategy
How to Execute a Successful API StrategyHow to Execute a Successful API Strategy
How to Execute a Successful API Strategy
Matt McLarty
 
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Kai Wähner
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API Management
Apigee | Google Cloud
 
API Frenzy: API Strategy 101
API Frenzy: API Strategy 101API Frenzy: API Strategy 101
API Frenzy: API Strategy 101
Akana
 
How API Enablement Drives Legacy Modernization
How API Enablement Drives Legacy ModernizationHow API Enablement Drives Legacy Modernization
How API Enablement Drives Legacy Modernization
MuleSoft
 
Overview of API Management Architectures
Overview of API Management ArchitecturesOverview of API Management Architectures
Overview of API Management Architectures
Nordic APIs
 
Webcast: Deep-Dive Apigee Edge Microgateway
Webcast: Deep-Dive Apigee Edge MicrogatewayWebcast: Deep-Dive Apigee Edge Microgateway
Webcast: Deep-Dive Apigee Edge Microgateway
Apigee | Google Cloud
 
API Security Lifecycle
API Security LifecycleAPI Security Lifecycle
API Security Lifecycle
Apigee | Google Cloud
 
Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?
Apigee | Google Cloud
 
Walgreens at a glance
Walgreens at a glanceWalgreens at a glance
Walgreens at a glance
Apigee | Google Cloud
 

More Related Content

What's hot

API Management - Why it matters!
API Management - Why it matters!API Management - Why it matters!
API Management - Why it matters!
Sven Bernhardt
 
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Kai Wähner
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API Management
Apigee | Google Cloud
 

What's hot (20)

API Management
API ManagementAPI Management
API Management
 
How Secure Are Your APIs?
How Secure Are Your APIs?How Secure Are Your APIs?
How Secure Are Your APIs?
 
API Best Practices Webinar: Metrics - What to Measure
API Best Practices Webinar: Metrics - What to MeasureAPI Best Practices Webinar: Metrics - What to Measure
API Best Practices Webinar: Metrics - What to Measure
 
API Management - Why it matters!
API Management - Why it matters!API Management - Why it matters!
API Management - Why it matters!
 
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge Workshop
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge WorkshopI Love APIs 2015: Crash Course Foundational Topics in Apigee Edge Workshop
I Love APIs 2015: Crash Course Foundational Topics in Apigee Edge Workshop
 
Api-First service design
Api-First service designApi-First service design
Api-First service design
 
Definitive Guide to API Management
Definitive Guide to API ManagementDefinitive Guide to API Management
Definitive Guide to API Management
 
APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide APISecurity_OWASP_MitigationGuide
APISecurity_OWASP_MitigationGuide
 
API Strategy Introduction
API Strategy IntroductionAPI Strategy Introduction
API Strategy Introduction
 
Architecting an Enterprise API Management Strategy
Architecting an Enterprise API Management StrategyArchitecting an Enterprise API Management Strategy
Architecting an Enterprise API Management Strategy
 
I Love APIs 2015 : Zero to Thousands TPS Private Cloud Operations Workshop
I Love APIs 2015 : Zero to Thousands TPS Private Cloud Operations WorkshopI Love APIs 2015 : Zero to Thousands TPS Private Cloud Operations Workshop
I Love APIs 2015 : Zero to Thousands TPS Private Cloud Operations Workshop
 
API Management Within a Microservices Architecture
API Management Within a Microservices Architecture API Management Within a Microservices Architecture
API Management Within a Microservices Architecture
 
How to Execute a Successful API Strategy
How to Execute a Successful API StrategyHow to Execute a Successful API Strategy
How to Execute a Successful API Strategy
 
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API Management
 
API Frenzy: API Strategy 101
API Frenzy: API Strategy 101API Frenzy: API Strategy 101
API Frenzy: API Strategy 101
 
How API Enablement Drives Legacy Modernization
How API Enablement Drives Legacy ModernizationHow API Enablement Drives Legacy Modernization
How API Enablement Drives Legacy Modernization
 
Overview of API Management Architectures
Overview of API Management ArchitecturesOverview of API Management Architectures
Overview of API Management Architectures
 
Webcast: Deep-Dive Apigee Edge Microgateway
Webcast: Deep-Dive Apigee Edge MicrogatewayWebcast: Deep-Dive Apigee Edge Microgateway
Webcast: Deep-Dive Apigee Edge Microgateway
 
API Security Lifecycle
API Security LifecycleAPI Security Lifecycle
API Security Lifecycle
 

Viewers also liked

Viewers also liked (8)

Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?
 
Walgreens at a glance
Walgreens at a glanceWalgreens at a glance
Walgreens at a glance
 
London Adapt or Die: Opening Keynot
London Adapt or Die: Opening KeynotLondon Adapt or Die: Opening Keynot
London Adapt or Die: Opening Keynot
 
Apigee Edge: Intro to Microgateway
Apigee Edge: Intro to MicrogatewayApigee Edge: Intro to Microgateway
Apigee Edge: Intro to Microgateway
 
AccuWeather: Recasting API Experiences in a Developer-First World
AccuWeather: Recasting API Experiences in a Developer-First WorldAccuWeather: Recasting API Experiences in a Developer-First World
AccuWeather: Recasting API Experiences in a Developer-First World
 
Magazine Luiza at a glance (1)
Magazine Luiza at a glance (1)Magazine Luiza at a glance (1)
Magazine Luiza at a glance (1)
 
Managing the Complexity of Microservices Deployments
Managing the Complexity of Microservices DeploymentsManaging the Complexity of Microservices Deployments
Managing the Complexity of Microservices Deployments
 
Apigee Product Roadmap Part 2
Apigee Product Roadmap Part 2Apigee Product Roadmap Part 2
Apigee Product Roadmap Part 2
 

Similar to We Built This City - Apigee Edge Architecture

Adapting to Meet Today’s Trends and Technologies– Compliance vs. Enforcement
Adapting to Meet Today’s Trends and Technologies– Compliance vs. EnforcementAdapting to Meet Today’s Trends and Technologies– Compliance vs. Enforcement
Adapting to Meet Today’s Trends and Technologies– Compliance vs. Enforcement
Flexera
 
Breaking Up the Monolith While Migrating to AWS (GPSTEC320) - AWS re:Invent 2018
Breaking Up the Monolith While Migrating to AWS (GPSTEC320) - AWS re:Invent 2018Breaking Up the Monolith While Migrating to AWS (GPSTEC320) - AWS re:Invent 2018
Breaking Up the Monolith While Migrating to AWS (GPSTEC320) - AWS re:Invent 2018
Amazon Web Services
 
PayU's Digital Transformation: Transparency from Dev to Prod, Monitoring Micr...
PayU's Digital Transformation: Transparency from Dev to Prod, Monitoring Micr...PayU's Digital Transformation: Transparency from Dev to Prod, Monitoring Micr...
PayU's Digital Transformation: Transparency from Dev to Prod, Monitoring Micr...
AppDynamics
 
SRV315 Building Enterprise-Grade Serverless Apps
SRV315 Building Enterprise-Grade Serverless Apps SRV315 Building Enterprise-Grade Serverless Apps
SRV315 Building Enterprise-Grade Serverless Apps
Amazon Web Services
 
API and Big Data Solution Patterns
API and Big Data Solution Patterns API and Big Data Solution Patterns
API and Big Data Solution Patterns
WSO2
 
Achieve Full API Lifecycle Management Using NGINX Controller – EMEA
Achieve Full API Lifecycle Management Using NGINX Controller – EMEAAchieve Full API Lifecycle Management Using NGINX Controller – EMEA
Achieve Full API Lifecycle Management Using NGINX Controller – EMEA
NGINX, Inc.
 

Similar to We Built This City - Apigee Edge Architecture (20)

Adapting to Meet Today’s Trends and Technologies– Compliance vs. Enforcement
Adapting to Meet Today’s Trends and Technologies– Compliance vs. EnforcementAdapting to Meet Today’s Trends and Technologies– Compliance vs. Enforcement
Adapting to Meet Today’s Trends and Technologies– Compliance vs. Enforcement
 
#1922 rest-push2 ap-im-v6
#1922 rest-push2 ap-im-v6#1922 rest-push2 ap-im-v6
#1922 rest-push2 ap-im-v6
 
Secure rest api on microservices vws2016
Secure rest api on microservices vws2016Secure rest api on microservices vws2016
Secure rest api on microservices vws2016
 
Breaking Up the Monolith While Migrating to AWS (GPSTEC320) - AWS re:Invent 2018
Breaking Up the Monolith While Migrating to AWS (GPSTEC320) - AWS re:Invent 2018Breaking Up the Monolith While Migrating to AWS (GPSTEC320) - AWS re:Invent 2018
Breaking Up the Monolith While Migrating to AWS (GPSTEC320) - AWS re:Invent 2018
 
PayU's Digital Transformation: Transparency from Dev to Prod, Monitoring Micr...
PayU's Digital Transformation: Transparency from Dev to Prod, Monitoring Micr...PayU's Digital Transformation: Transparency from Dev to Prod, Monitoring Micr...
PayU's Digital Transformation: Transparency from Dev to Prod, Monitoring Micr...
 
Building A Mobile First API When You're Not Mobile First - Tyler Singletary
Building A Mobile First API When You're Not Mobile First - Tyler SingletaryBuilding A Mobile First API When You're Not Mobile First - Tyler Singletary
Building A Mobile First API When You're Not Mobile First - Tyler Singletary
 
Architectural considerations when building an API
Architectural considerations when building an APIArchitectural considerations when building an API
Architectural considerations when building an API
 
SRV315 Building Enterprise-Grade Serverless Apps
SRV315 Building Enterprise-Grade Serverless Apps SRV315 Building Enterprise-Grade Serverless Apps
SRV315 Building Enterprise-Grade Serverless Apps
 
Monitoring Solutions for APIs
Monitoring Solutions for APIsMonitoring Solutions for APIs
Monitoring Solutions for APIs
 
Digital Transformation Through APIs (SRV323) - AWS re:Invent 2018
Digital Transformation Through APIs (SRV323) - AWS re:Invent 2018Digital Transformation Through APIs (SRV323) - AWS re:Invent 2018
Digital Transformation Through APIs (SRV323) - AWS re:Invent 2018
 
Gcp intro-20160721
Gcp intro-20160721Gcp intro-20160721
Gcp intro-20160721
 
code talks Commerce: The API Economy as an E-Commerce Operating System
code talks Commerce: The API Economy as an E-Commerce Operating Systemcode talks Commerce: The API Economy as an E-Commerce Operating System
code talks Commerce: The API Economy as an E-Commerce Operating System
 
The Business Justification for APM
The Business Justification for APMThe Business Justification for APM
The Business Justification for APM
 
APIdays Singapore 2019 - Business of APIs: From Integration to Monetisation, ...
APIdays Singapore 2019 - Business of APIs: From Integration to Monetisation, ...APIdays Singapore 2019 - Business of APIs: From Integration to Monetisation, ...
APIdays Singapore 2019 - Business of APIs: From Integration to Monetisation, ...
 
API and Big Data Solution Patterns
API and Big Data Solution Patterns API and Big Data Solution Patterns
API and Big Data Solution Patterns
 
Architecture for Scale [AppFirst]
Architecture for Scale [AppFirst]Architecture for Scale [AppFirst]
Architecture for Scale [AppFirst]
 
Dubbo and Weidian's practice on micro-service architecture
Dubbo and Weidian's practice on micro-service architectureDubbo and Weidian's practice on micro-service architecture
Dubbo and Weidian's practice on micro-service architecture
 
Thick client application security assessment
Thick client application security assessmentThick client application security assessment
Thick client application security assessment
 
Smartone v1.0
Smartone v1.0Smartone v1.0
Smartone v1.0
 
Achieve Full API Lifecycle Management Using NGINX Controller – EMEA
Achieve Full API Lifecycle Management Using NGINX Controller – EMEAAchieve Full API Lifecycle Management Using NGINX Controller – EMEA
Achieve Full API Lifecycle Management Using NGINX Controller – EMEA
 

More from Apigee | Google Cloud

More from Apigee | Google Cloud (20)

Monetization: Unlock More Value from Your APIs
Monetization: Unlock More Value from Your APIs Monetization: Unlock More Value from Your APIs
Monetization: Unlock More Value from Your APIs
 
Ticketmaster at a glance
Ticketmaster at a glanceTicketmaster at a glance
Ticketmaster at a glance
 
The Four Transformative Forces of the API Management Market
The Four Transformative Forces of the API Management MarketThe Four Transformative Forces of the API Management Market
The Four Transformative Forces of the API Management Market
 
Pitney Bowes at a glance
Pitney Bowes at a glancePitney Bowes at a glance
Pitney Bowes at a glance
 
Microservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices SuccessMicroservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices Success
 
Adapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Opening Keynote with Chet KapoorAdapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Opening Keynote with Chet Kapoor
 
Adapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Greg BrailAdapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Greg Brail
 
Adapt or Die: Keynote with Anant Jhingran
Adapt or Die: Keynote with Anant JhingranAdapt or Die: Keynote with Anant Jhingran
Adapt or Die: Keynote with Anant Jhingran
 
London Adapt or Die: Lunch keynote
London Adapt or Die: Lunch keynoteLondon Adapt or Die: Lunch keynote
London Adapt or Die: Lunch keynote
 
London Adapt or Die: Closing Keynote — Adapt Now!
London Adapt or Die: Closing Keynote — Adapt Now!London Adapt or Die: Closing Keynote — Adapt Now!
London Adapt or Die: Closing Keynote — Adapt Now!
 
London adapt or-die opening keynote chet kapoor
London adapt or-die opening keynote chet kapoorLondon adapt or-die opening keynote chet kapoor
London adapt or-die opening keynote chet kapoor
 
London Adapt or Die: Opening Keynote with Chet Kapoor
London Adapt or Die: Opening Keynote with Chet KapoorLondon Adapt or Die: Opening Keynote with Chet Kapoor
London Adapt or Die: Opening Keynote with Chet Kapoor
 
London Adapt or Die: Kubernetes, Containers and Cloud - The MoD Story
London Adapt or Die: Kubernetes, Containers and Cloud - The MoD StoryLondon Adapt or Die: Kubernetes, Containers and Cloud - The MoD Story
London Adapt or Die: Kubernetes, Containers and Cloud - The MoD Story
 
London Adapt or Die: Securing your APIs the Right Way!
London Adapt or Die: Securing your APIs the Right Way!London Adapt or Die: Securing your APIs the Right Way!
London Adapt or Die: Securing your APIs the Right Way!
 
London Adapt or Die: Five Things Enterprises Should Know About Serverless
London Adapt or Die: Five Things Enterprises Should Know About ServerlessLondon Adapt or Die: Five Things Enterprises Should Know About Serverless
London Adapt or Die: Five Things Enterprises Should Know About Serverless
 
Adapt or Die Sydney - API Security
Adapt or Die Sydney - API SecurityAdapt or Die Sydney - API Security
Adapt or Die Sydney - API Security
 
Adapt or Die Sydney - 5 Things Developers Should Know About Serverless
Adapt or Die Sydney - 5 Things Developers Should Know About ServerlessAdapt or Die Sydney - 5 Things Developers Should Know About Serverless
Adapt or Die Sydney - 5 Things Developers Should Know About Serverless
 
Adapt or Die: A Microservices Story at Google
Adapt or Die: A Microservices Story at GoogleAdapt or Die: A Microservices Story at Google
Adapt or Die: A Microservices Story at Google
 
Adapt or Die: Serverless Microservices
Adapt or Die: Serverless MicroservicesAdapt or Die: Serverless Microservices
Adapt or Die: Serverless Microservices
 
Platforms, Cloud-Native Architectures, and APIs: Chicago Adapt or Die Keynote
Platforms, Cloud-Native Architectures, and APIs: Chicago Adapt or Die KeynotePlatforms, Cloud-Native Architectures, and APIs: Chicago Adapt or Die Keynote
Platforms, Cloud-Native Architectures, and APIs: Chicago Adapt or Die Keynote
 

Recently uploaded

%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
masabamasaba
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
shinachiaurasa2
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
masabamasaba
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 

Recently uploaded (20)

%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 

We Built This City - Apigee Edge Architecture

  • 1. 1 We Built This City Greg Brail, Apigee Sridhar Ragagopalan, Apigee Chris Vogel, Apigee
  • 2. The State of the API Today • Every API call counts – No one wants to see timeouts, 500s, stack traces, etc. • APIs are 24x7 – Even more than the web, API users expect that there is no downtime • APIs are global – Clients and users expect low latency, around the world • Threats are global – Every API may be under attack, in some way, at any point
  • 3. What does that Mean for Us? • Global distribution • Upgrades without scheduled downtime • Rigorous monitoring • Attention to detail 3©2015 Apigee. All Rights Reserved.
  • 4. Our Challenge • What our customers expect: – >99.99% availability as defined by the number of transactions that complete successfully – Geographically distributed across data centers – In the Apigee Cloud or their own data centers – No maintenance windows – No regressions – Acceptable latency – All the features we have plus just one more ;-) 4
  • 7. A More Jaded View 7 Clients on the Internet Apigee Our customers’ systems Inspired by Kyle Kingsbury: https://aphyr.com/
  • 8. What do we Deal With? • Insecure APIs • Attacks on security • Intentional API attacks • Accidental denial of service • Buggy clients • Buggy servers • Disagreement about what HTTP means • Hard to use APIs • Slow customer systems • Lousy customer data centers • Confused developers • Plenty of our own issues 8
  • 9. What Does it Look Like? 9 Clients (Apps, etc) Customers’ APIs Routing Message Processing Runtime Data Analytics Data Management
  • 11. Types of Data At Apigee Type How Many Records? How Often do we Write? Storage System configuration 1000s 10s / minute Zookeeper Customer Proxy Deployments 100,000s 10s / minute Zookeeper / C* API Publishing Data (developers, apps, keys) Millions 10s / second C* OAuth Tokens & metadata Tens of millions 10,000s / second C* Counters / Quotas Millions 10,000s / second C* Distributed Cache Tens of millions 10,000s / second C* API Analytics Data Billions 10,000s / second Postgres / RedShift / S3 11
  • 13. Challenge #1: Counting* • What we need: • Application X is allowed to make 10,000 API calls per hour for free – Across geographies – Less than a 0.01% error rate – Minimal latency • Application Y is allowed to make 1,000,000 API calls per hour because they paid – Warn them before they reach a million – Cut them off if they exceed it – Charge them accurately for each API call • Control the tradeoff between accuracy and latency – We’d love to be able to talk rationally about this with customers 13 * That was a joke
  • 14. Counting in Distributed Systems • What we can do: • Central system that holds all counters – Would be perfectly accurate, but obviously no • Distributed consensus protocol across all servers – Too slow especially across geographies • Eventually consistent counters – Yes! But how? • Cassandra counters – Write availability in the presence of network partitions – Still too slow • Cassandra counters plus local caching – Best we can do right now 14
  • 15. Challenge #3: Detecting Abuse • APIs are nice and open and easy to program • That makes them easy to exploit – Travel APIs – Retail APIs – Other open APIs • 80% of traffic on one retail customer’s retail API was from “bots” – Scraping prices, availability, etc. • 56% of all web site traffic purportedly comes from bots 15
  • 16. Detecting Bad Traffic • Long-term batch analytics processing – Machine learning + data + heuristics • For instance – U.S. Retailers don’t have many customers in Romania – iPads tend not to reside inside Amazon Web Services data centers – Real people tend not to query product SKUs starting at “000000” and proceeding to “999999” – Real people don’t check on100 rooms at the same hotel and never book • Solution includes: – Batch processing to update bot scoring – Bloom filters at router layer – Lookup table and other processing for other traffic 16
  • 17. Challenge #4: Management • We are largely a management system – 1000s of new API proxies deployed per day to our cloud – Each one includes customer-specific processing rules, policies and code – API calls coming in for analytics queries, to change rate limits, set up developers, etc. • Systems architects tend to give management short shrift – “It’s OK if the management system fails as long as the API calls keep working” • Need to architect management for the same SLA as everything else – So we use Cassandra and Zookeeper here too 17
  • 18. Finally: Lessons from the Cloud • Hardware fails. So what? • Network fails. Bad but expected. • Management layer fails. Big problem. – See history of AWS outages 18
  • 19. Thank you ©2015 Apigee. All Rights Reserved.