API Management for Enterprise Mobile Access a How-to Guide


Published on

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Technical/security architects work with the Layer 7 Gateway to create policy that secures their enterprise APIsWeb administrators work with the Layer 7 API Portal to customize the look and feel; create API documentation and resources; etc, enabling developers to quickly understand how to work with the APIs and build out an applicationBusiness Managers and API Owners tasked with monetizing their APIs (or expand their market reach) create business rules around who can use which APIs in what waysThose business rules created on the API Portal are written down to the Layer 7 Gateway and enforced at runtime to ensure proper API interaction
  • Enterprise Service Manager also provides operational reporting and dashboarding
  • API Management for Enterprise Mobile Access a How-to Guide

    1. 1. API Management for Enterprise Mobile AccessA Layer 7 Technologies Solution Matt McLarty, VP, Client Solutions, Layer 7 Technologies
    2. 2. Housekeeping Questions - Chat any questions you have and we’ll answer them at the end of this call Twitter facebook.com/layer7 - Today’s event hashtag: layer7.com/linkedin - #L7webinar layer7.com/blogs - Follow us on Twitter as well: - @layer7
    3. 3. Agenda • BYOD and the App Explosion “Bring Your • Innovation through ConsumerizationOwn Device” • Enterprise Mobility and the Mobile App Paradigm Enterprise Mobile • Leveraging Enterprise Services and Assets Integration • API Publication, Security and MonetizationEnterprise API • Solutions and Case Studies from Layer 7 TechnologiesManagement
    4. 4. BYOD: Bring Your Own Device Courtesy of Click Software
    5. 5. BYOD: iPad @ Work – from IDG Connect “iPad for Business Survey 2012”
    6. 6. The App ExplosionCourtesy of zendesk Courtesy of [x]cube Labs
    7. 7. Pillars of an Enterprise Mobility Strategy*  “By exposingBusiness Drivers access … throughHardware Ownership & Support a standardized mobile-friendlyDeployment, Provisioning & Management enterpriseEnterprise Services Platform services layer, the cost ofApplication Portfolio & Roadmap innovation can be dramaticallyCorporate Governance & Processes reduced.”Security Standards & Audit Processes * From “iPad in the Enterprise”, N. Clevenger, Wiley 2011
    8. 8. Mobile App-to-Enterprise Service Integration • Existing enterprise • Re-use of API and services can create shared services and increase infrastructure revenue Increase Cost Revenue Reduction Quality of Compliance Service • Leverages proven • Uses existing systems with security policies enterprise SLA’s and technologies
    9. 9. Mobile App-to-Enterprise Service Integration Challenges Mobile Devices Enterprise Services Data Services Network Composite services Proliferation of mobile Service API’s need API’s from Data privacy and devices increases unavailable in mobile- multiple integrity must be message volumes friendly formats & providers, requiring preserved end-to-end exponentially protocols (REST, JSON) federation BYOD approach mixes API’s must be reusable How to access personal and business across multiple mobile business intelligence use, blurring the and non-mobile and Big Data in real- security perimeter platforms time
    10. 10. Enterprise Service Platform Evolution Web Apps and Web Services (2001-2010) Thin & Thick Client Web Proxy App Server DB Server Mobile Apps and API’s (2011 and beyond) Mobile On- Apps Prem Cloud Mobile Access Gateway API Server Data Services (Hadoop, RDBMS)
    11. 11. The Mobile Access Gateway Mobile Devices Enterprise Services Real-time bridging from SOAP, XML and legacys Data Services JSON formats to REST, Network mobile protocols Optimized high scale engine for compute- Single logical gateway intensive integration cluster configurable to functions handle mobile, web and B2B traffic Proliferation of mobile Composite services App- and API-specific Service API’s Data privacy and Existing enterprise devices increases need API’s from security handling— unavailable in mobile- message volumes multiple providers, friendly formats & access control andbe integrity must including Oauth— preserved end-to-end crypto extended to App- exponentially requiring federation adapts the perimeter protocols (REST, JSON) API through Gateway BYOD approach mixesFederated security for reusable API’s must be How to accessEvent-aware integration 3rd party API’s, multiple mobile personal and business across data capability for real-time business intelligence use, blurring the aggregation for and non-mobile analytic data synthesis and Big Data in real- composite API mashups security perimeter platforms time and integration
    12. 12. The Mobile Access Gateway Mobile Devices Mobile Access Enterprise Services Service API’s Real-time bridging from unavailable in mobile- SOAP, XML and legacy Gateway friendly formats & Data Services JSON formats to REST, protocols (REST, JSON) mobile protocols Proliferation of mobile Optimized high scale devices increases engine for compute- API’s must be reusable Single logical gateway message volumes intensive integration across multiple mobile cluster configurable to exponentially functions and non-mobile handle mobile, web and platforms B2B traffic BYOD approach mixes App- and API-specific Existing enterprise personal and business security handling— Data privacy and access control and use, blurring the including Oauth— integrity must be crypto extended to App- security perimeter adapts the perimeter preserved end-to-end API through Gateway Composite services Federated security for How to access Event-aware integration need API’s from 3rd party API’s, data business intelligence capability for real-time multiple providers, aggregation for and Big Data in real- analytic data synthesis requiring federation composite API mashups time and integration
    13. 13. Mobile App-to-Enterprise Integration Stakeholders App Who is allowed to API Developer use my API’s? Are Owner What API’s are they being used? available and how can I use them? Mobile On- Apps Prem Cloud Mobile Access Gateway API Server Data Services (Hadoop, RDBMS) IT Info How is our data Security Operator being protected and What is changing? access controlled? Is everything running smoothly?
    14. 14. Layer 7 API Management Suite API Proxy - Enterprise-grade Mobile Access Gateway API Portal - Developer on-boarding, support and resources - API metrics and reporting Enterprise Service Manager (ESM) - API migration, management and dashboarding Secure OAuth Toolkit - Support for 2 and 3-legged OAuth
    15. 15. API Management – How it All Works Enterprise APIs 1. Publish & Secure APIs 2. Onboard Developers Developer Security Architect 4. Close the Loop 3. Monetize your APIs IT Operator Business Manager/ API Owner
    16. 16. Mobile Access Gateway – API Proxy Enterprise APIs Feature/Function API Proxy Credentialing Y Custom Assertion SDK Y JDBC support Y SAML support Full Convert SOAP<->REST Y WS* support Y XACML support Y 1. Publish & Secure APIs MTOM support Y Transports supported JMS, MQ, FTP(s), HTTP(s), raw TCP Concurrent Assertion support Y OAuth support 1.0 and 2.0, HMAC, RSA Rate Limiting Y Multiple Form Factors Hardware, Software, VMware, AMI
    17. 17. Mobile Access Gateway – OAuth• Plug in your ID providers, IAM, CA Siteminder, OAM, …• Plug in any developer portal, api key management system Layer 7 implements OAuth Layer 7 implements OAuth Resource Server for your REST Authorization Server services, APIsClient application (REST client) API Dev Portal or Client API Key store 1. Handshake 2. Service call Handshake only (optional) Resource owner (subscriber) ID Provider For resource owner authentication
    18. 18. API Portal – Onboard and Manage Developers Enterprise APIs 2. Onboard Developers Feature/Function API Portal Developer Registration Y API Key Management Y API Explorer Y API Rate Limiting Y API Reporting Y Developer Support Y Fully-branded CMS Y Account Management Y
    19. 19. ESM – API Migration and Lifecycle Management Automated dependency resolution when migrating policies between environments cloud01LDAP prod01LDAP Development Test (Enterprise) Production (Cloud) dev01LDAP 3. Monetize your API’s
    20. 20. Example Scenario – Web Application Security Thin & Thick Client Web Proxy App Server DB Server Policy Server Directory (e.g. SiteMinder) (e.g. AD) Monitoring & Logging
    21. 21. Example Scenario – Web Services Security Thin & Thick Client Web Proxy App Server DB Server B2B Clients Policy Server Directory (e.g. SiteMinder) (e.g. AD) Mobile Access Gateway (L7 SecureSpan Gateway) L7 Enterprise Service Manager Monitoring & Logging
    22. 22. Example Scenario – API Management Thin & Thick Client Web Proxy App Server DB Server B2B L7 API Portal Clients Policy Server Directory (e.g. SiteMinder) (e.g. AD) Mobile Apps Mobile Access Gateway (L7 SecureSpan Gateway) L7 Enterprise Service Manager Monitoring & Logging
    23. 23. Case Study: API-Enabling Health Care Challenge: Reduce cost and delay in processing Medicaid member information by bringing the process online Solution: Mobile Access Gateway allows iPad application to securely connect to existing backend APIs; data routing, strict authN & authZ, comprehensive threat protection Results: Improved the provider’s health care coverage and member services, while increasing the effectiveness and efficiency of its Medicaid program
    24. 24. Case Study: Mobile-Enable Airline Services Challenge: Securely expose existing services to third party developers in order to expand their market reach Solution: The Layer 7 API Proxy allows the airline to securely expose and manage their APIs, while caching Sabre requests Results: Significantly grew market reach, while controlling costs associated with constantly pulling data from Sabre to service Developer requests
    25. 25. Case Study: Smart Grid Gateway Challenge: Migrate energy services to Smart Grid technology, leveraging the new capabilities offered by additional data and communication Solution: SOA, Web and API Security Gateway enables high volume meter data collection, assisted service and upcoming mobile self-service for enhanced client experience Results: Cost avoidance for higher volume meter traffic, improved customer service through real-time channels, improved service availability through proactive system monitoring
    26. 26. Conclusions Employees are …and IT groups must bringing mobile accommodate them devices to work en without compromising masse… security and SLA’s Mobile Apps are …existing enterprise being built to services can be used to improve productivity quickly and reliably and reduce cost… enable these apps Enterprise API Management …through a Secure Mobile Access Gateway, integrates Mobile an API Portal, and open Apps and Enterprise standards Services…