NI
Uploaded byNGINX, Inc.
PPTX, PDF273 views

Deployment Patterns for API gateways

The document focuses on different API management and gateway deployment patterns, exploring the contrasts between traditional approaches and modern solutions like NGINX. It emphasizes the importance of scalability, flexibility, and efficient management within application architectures, particularly in the context of growing API traffic. Key functions and architectural considerations of API gateways, such as authentication, request routing, and load balancing, are also discussed with specific deployment scenarios.

Embed presentation

Downloaded 32 times
Gartner AADI Summit 2019 Deployment Patterns for API Gateways Sean Maritz July 2019
3 1. API management vs API gateway 2. API gateway deployment patterns 3. Selecting the right deployment pattern for my application Agenda Sean Maritz Technical Solutions Architect s.maritz@f5.com is now a part of
Application Components
Monolithic Application Architecture • Feature sets coded into the application. • Adapters complicated to interact with. • Rest API available but is an application in itself. • Complicated change management. • Broken code = Broken Application.
Modernised Application Architecture 6 • Reference the best in class of code. • Feature Rich or Light Weight. • Interchangeable vendors. • Scalable. • Flexible. • Resilient
API App Development 7 api.shoppincart.com api.shipping.com api.inventory.com api.recommendations.com api.orders.com api.reviews.com api.catalog.com api.myapplication.com
API Management 8 Dev & Product Security (App, Net & Ops) Network / DevOPS Operations, Support, Networks, DevOPS, DEVops Product, Billing Marketing, DevOps, Product. Sales.
API Management • Policy management • Analytics & monitoring • Developer documentation API Gateway • Authenticator • Request router • Rate limiter • Exception handler
439 million Total sites running on NGINX Source: Netcraft June 2019 Web Server Survey
83% 40%of all hits are classified as API traffic (JSON/XML) of NGINX deployments are as an API gateway Source: Akamai State of the Internet Feb-2019 Source: NGINX User survey 2017, 2018
Why care? 16 • Latency & response time • Indiscriminate network hops • Expensive layer 7 payload inspection • Enforced scaling dimensions
Traditional v NGINX API Management What makes NGINX unique. 17
Data Plane Control Plane <scripts> <API’s> Request Response Data Plane Control Plane Request Response Manages and Monitors all of your API’s Routes Incoming API Calls Traditional API Management NGINX API Management Manages and Monitors all of your API’s Routes Incoming API Calls A B C
NGINX Controller High Level Architecture API Definition API Deliver y Policy API DefinitionAPI Definition Backend A Backend B Backend C NGINX Plus Backend A Backend B Backend C Backend D API Management (control plane) API Gateway (data plane)
API Gateway Essential Functions 21 TLS termination Client authentication Fine-grained access control Request routing Rate limiting Load balancing Service discovery of backends Request/response manipulation
API A API B API C API A API B API C Edge Gateway 22 API A API B API C • TLS termination • Client authentication • Authorization • Request routing • Rate limiting • Load balancing • Request/response manipulation
Edge Gateway 23 API A API B API C D E F G H • TLS termination • Client authentication • Authorization • Request routing • Rate limiting • Load balancing • Request/response manipulation • Façade routing
Two-Tier Gateway 24 API A API B API C D E F G HSecurity Gateway • TLS termination • Client authentication • Centralized logging • Tracing injection Routing Gateway • Authorization • Service discovery • Load balancing • Rate Limiting
Microgateway 25 E E F G F H D D D E F DevOps Team- owned • Load balancing • Service Discovery • Authentication per API • TLS Termination • Routing • Rate limiting
F E Microgateway 27 E E F F D D D • Service discovery integration • Obtain authentication credentials • Everything else!
F E Sidecar Gateway 28 E E F F D D D • Outbound load balancing • Service discovery integration • Authentication • Authorization? Edge / Security Gateway • TLS termination • Client authentication • Centralized logging • Tracing injection
Kubernetes Cluster F E Service Mesh 29 E E F F D D D Service Mesh Control Plane Ingress / Edge Gateway All DevOps teams
Traditional API Management 30 Control Data Control Data Control Data A A A B B B C C C • Complex • Slow • Expensive
Nginx API Management 31 Data Data Data A A A B B B C C C Control Config Analytics Config Analytics Config Analytics • Simple • Fast • Cost Effective • Resilliant
Deployment Pattern Options Edge Gateway + Monoliths with centralized governance - Frequent changes, DevOps team-owned microservices Two-Tier Gateway + Flexibility, independent scaling of functions - Distributed control Microgateway + DevOps teams, high-frequency updates - Hard to achieve consistency, authorization minefield Sidecar Gateway + Policy-based E/W, strict authentication requirements - Control plane complexity
sean.maritz@nginx.com

More Related Content

PDF
Scalable Deployment Patterns in WSO2 API Manager
byWSO2
 
PPTX
A Tour of Different API Management Architectures
byNordic APIs
 
PDF
API Gateway Deployment Patterns
byJay Desai
 
PDF
APIs: Intelligent Routing, Security, & Management
byNGINX, Inc.
 
PDF
Achieve Full API Lifecycle Management Using NGINX Controller – EMEA
byNGINX, Inc.
 
PPTX
Overview of API Management Architectures
byNordic APIs
 
PPTX
Achieve Full API Lifecycle Management Using NGINX Controller
byNGINX, Inc.
 
PDF
nginxcontrollerapimanagementwebinar-190123215258.pdf
byAndri Wahyudi
 
Scalable Deployment Patterns in WSO2 API Manager
byWSO2
 
A Tour of Different API Management Architectures
byNordic APIs
 
API Gateway Deployment Patterns
byJay Desai
 
APIs: Intelligent Routing, Security, & Management
byNGINX, Inc.
 
Achieve Full API Lifecycle Management Using NGINX Controller – EMEA
byNGINX, Inc.
 
Overview of API Management Architectures
byNordic APIs
 
Achieve Full API Lifecycle Management Using NGINX Controller
byNGINX, Inc.
 
nginxcontrollerapimanagementwebinar-190123215258.pdf
byAndri Wahyudi
 

Similar to Deployment Patterns for API gateways

PDF
Deploy and Secure Your API Gateway with NGINX: From Zero to Hero
byNGINX, Inc.
 
PDF
Deploy and Secure Your API Gateway with NGINX: From Zero to Hero – APCJ
byNGINX, Inc.
 
PPTX
API Gateway: Nginx way
byinovia
 
PPTX
Controller and Coffee: Deliver APIs in Real Time with API Management
byNGINX, Inc.
 
PDF
Driving success in the cloud with NGINX
byNGINX, Inc.
 
PDF
Api Management and Demo
byDevOps Indonesia
 
PDF
AllTheTalks 2020: "The Past, Present, and Future of Cloud Native API Gateways"
byDaniel Bryant
 
PDF
API Gateway report
byGleicon Moraes
 
PDF
CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"
byDaniel Bryant
 
PPTX
WSO2Con 2025 - Unified Management of Ingress and Egress Across Multiple API G...
byWSO2
 
PDF
SoftwareCircus 2020 "The Past, Present, and Future of Cloud Native API Gateways"
byDaniel Bryant
 
PDF
GOTOpia 2020: "The Past, Present, and Future of Cloud Native API Gateways"
byDaniel Bryant
 
PDF
ADDO 2020: "The past, present, and future of cloud native API gateways"
byDaniel Bryant
 
PDF
API Gateway How-To: The Many Ways to Apply the Gateway Pattern
byVMware Tanzu
 
PPTX
API Best Practices
bySai Koppala
 
PDF
APIdays Paris 2019 - Delivering the Modern API: Know What it Takes by Nuwan D...
byapidays
 
PPTX
Using an API Gateway for Microservices
byNGINX, Inc.
 
PDF
Delivering the Modern API: Know what it takes
byNuwan Dias
 
PDF
NGINX Controller: faster deployments, fewer headaches
byKangaroot
 
PPTX
WSO2Con 2025 - AI-Driven API Design, Development, and Consumption with Enhanc...
byWSO2
 
Deploy and Secure Your API Gateway with NGINX: From Zero to Hero
byNGINX, Inc.
 
Deploy and Secure Your API Gateway with NGINX: From Zero to Hero – APCJ
byNGINX, Inc.
 
API Gateway: Nginx way
byinovia
 
Controller and Coffee: Deliver APIs in Real Time with API Management
byNGINX, Inc.
 
Driving success in the cloud with NGINX
byNGINX, Inc.
 
Api Management and Demo
byDevOps Indonesia
 
AllTheTalks 2020: "The Past, Present, and Future of Cloud Native API Gateways"
byDaniel Bryant
 
API Gateway report
byGleicon Moraes
 
CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"
byDaniel Bryant
 
WSO2Con 2025 - Unified Management of Ingress and Egress Across Multiple API G...
byWSO2
 
SoftwareCircus 2020 "The Past, Present, and Future of Cloud Native API Gateways"
byDaniel Bryant
 
GOTOpia 2020: "The Past, Present, and Future of Cloud Native API Gateways"
byDaniel Bryant
 
ADDO 2020: "The past, present, and future of cloud native API gateways"
byDaniel Bryant
 
API Gateway How-To: The Many Ways to Apply the Gateway Pattern
byVMware Tanzu
 
API Best Practices
bySai Koppala
 
APIdays Paris 2019 - Delivering the Modern API: Know What it Takes by Nuwan D...
byapidays
 
Using an API Gateway for Microservices
byNGINX, Inc.
 
Delivering the Modern API: Know what it takes
byNuwan Dias
 
NGINX Controller: faster deployments, fewer headaches
byKangaroot
 
WSO2Con 2025 - AI-Driven API Design, Development, and Consumption with Enhanc...
byWSO2
 

More from NGINX, Inc.

PDF
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
byNGINX, Inc.
 
PDF
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
byNGINX, Inc.
 
PDF
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
byNGINX, Inc.
 
PPTX
Get Hands-On with NGINX and QUIC+HTTP/3
byNGINX, Inc.
 
PPTX
Managing Kubernetes Cost and Performance with NGINX & Kubecost
byNGINX, Inc.
 
PDF
Manage Microservices Chaos and Complexity with Observability
byNGINX, Inc.
 
PDF
Accelerate Microservices Deployments with Automation
byNGINX, Inc.
 
PDF
Unit 2: Microservices Secrets Management 101
byNGINX, Inc.
 
PDF
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
byNGINX, Inc.
 
PDF
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
byNGINX, Inc.
 
PDF
Easily View, Manage, and Scale Your App Security with F5 NGINX
byNGINX, Inc.
 
PDF
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
byNGINX, Inc.
 
PDF
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
byNGINX, Inc.
 
PPTX
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
byNGINX, Inc.
 
PPTX
Protecting Apps from Hacks in Kubernetes with NGINX
byNGINX, Inc.
 
PPTX
NGINX Kubernetes API
byNGINX, Inc.
 
PPTX
Successfully Implement Your API Strategy with NGINX
byNGINX, Inc.
 
PPTX
Installing and Configuring NGINX Open Source
byNGINX, Inc.
 
PPTX
Shift Left for More Secure Apps with F5 NGINX
byNGINX, Inc.
 
PPTX
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
byNGINX, Inc.
 
【NGINXセミナー】 Ingressを使ってマイクロサービスの運用を楽にする方法
byNGINX, Inc.
 
【NGINXセミナー】 NGINXのWAFとは?その使い方と設定方法 解説セミナー
byNGINX, Inc.
 
【NGINXセミナー】API ゲートウェイとしてのNGINX Plus活用方法
byNGINX, Inc.
 
Get Hands-On with NGINX and QUIC+HTTP/3
byNGINX, Inc.
 
Managing Kubernetes Cost and Performance with NGINX & Kubecost
byNGINX, Inc.
 
Manage Microservices Chaos and Complexity with Observability
byNGINX, Inc.
 
Accelerate Microservices Deployments with Automation
byNGINX, Inc.
 
Unit 2: Microservices Secrets Management 101
byNGINX, Inc.
 
Unit 1: Apply the Twelve-Factor App to Microservices Architectures
byNGINX, Inc.
 
NGINX基本セミナー(セキュリティ編)~NGINXでセキュアなプラットフォームを実現する方法!
byNGINX, Inc.
 
Easily View, Manage, and Scale Your App Security with F5 NGINX
byNGINX, Inc.
 
NGINXセミナー(基本編)~いまさら聞けないNGINXコンフィグなど基本がわかる!
byNGINX, Inc.
 
Keep Ahead of Evolving Cyberattacks with OPSWAT and F5 NGINX
byNGINX, Inc.
 
Install and Configure NGINX Unit, the Universal Application, Web, and Proxy S...
byNGINX, Inc.
 
Protecting Apps from Hacks in Kubernetes with NGINX
byNGINX, Inc.
 
NGINX Kubernetes API
byNGINX, Inc.
 
Successfully Implement Your API Strategy with NGINX
byNGINX, Inc.
 
Installing and Configuring NGINX Open Source
byNGINX, Inc.
 
Shift Left for More Secure Apps with F5 NGINX
byNGINX, Inc.
 
How to Avoid the Top 5 NGINX Configuration Mistakes.pptx
byNGINX, Inc.
 

Recently uploaded

PDF
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
PDF
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
PDF
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
PDF
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PDF
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
PPTX
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
PDF
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
PDF
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PDF
apidays Paris 2025 | Zero Trust By Design
byapidays
 
PDF
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
PPTX
PPTX game guess the logo with a twistppt
byAdrianAnig
 
PDF
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
PPTX
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
PDF
apidays New York 2025 | AI in Application Security
byapidays
 
PDF
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
apidays Paris 2025 | Zero Trust By Design
byapidays
 
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
PPTX game guess the logo with a twistppt
byAdrianAnig
 
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
apidays New York 2025 | AI in Application Security
byapidays
 
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 

Deployment Patterns for API gateways

Editor's Notes

  • #4 As well as Internet history, I'll be talking about …
  • #6 Here is an example of what a Ride Share or Taxi App may have have looked like in a monolithic type of application. Components braking each other Heavily dependant on the entire ecosystem being available in one Application Server with components from external providers being built into the code base.
  • #7 Today we don’t manage our applications in a single location, we rely in specialist apps that are purpose built for a specific function and we connect these into our application. Industry leading CRM apps connected with industry leading billing app connected to notification app or Mapping application and GPS app’s which are brought together to make a mashup of apps to build your own solution. There’s a whole array of benefits to build applications like this including the removal of Vendor Lock in making it a far easier exercise to make the components of your application interchangeable. Google & Maps (Uber EG) Business Functions
  • #8 Developing with API’s in a single frame requires multiple domains to be trusted and with the rapid growth of CDN’s and the requirement to increase security concerns when consuming CDN traffic, the need to whitelist a list of 10 domains became an absolute nightmare to manage. Even Alias Domains increased the number of domains and SSL certificates that needed to be managed. I Checked a well known remote management tool & they still have 73 Domain Whitelisting recommendations for firewall configs, some of which are root CDN domains. Security impact is massive. Tracking application behaviours is simplified. CLICK By introducing an API gateway we now have a single domain name and 1 SSL termination to manage.
  • #9 Before we get into the guts of the content, there is a clear destiction we need to make between API Management and API gateway. API Management includes these overall concepts which individually have their own standards and rules that individually tend to be a separation of concerns for different personas in the API management lifecycle.
  • #10  How many of you already use NGINX as an API gateway?
  • #12 Source: https://news.netcraft.com/archives/category/web-server-survey/ From there NGINX grew rapidly and now is used by over 439million websites world wide, including Uber, Netflix, Airbnb, Twitch, Stripe and other innovative companies. NOTE: In “Misc. Extras” section, there is a slide of relevant OSS users.
  • #13 This is the result Not to mention how often NGINX underpins the API gateway of commercial vendors. Akamai sources: https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/state-of-the-internet-security-retail-attacks-and-api-traffic-report-2019.pdf https://threatpost.com/fighting-fire-with-fire-api-automation-risks/141163/ (guest post by Tony Lauro, Director, security technology and strategy, Akami)
  • #14 But API traffic is just like web traffic, right? It’s all HTTP after all… Well, yes and no.
  • #15 Here’s a conventional API call Kinda indistinguishable from any web request Superficially at least. Web=RO, API=RW Using http for exposing data sets and business logic is much more dangerous than publishing applications that expose a narrow, bounded scope over that data set.
  • #16 This one is a little more exotic Same URI But now we care about: Whether this client is permitted to change the price of items? That the payload is JSON That there is a price and currency That someone else isn’t also trying to change the price of this item right now You need to decide how much of that you want to handle at the application, versus how much you want the API gateway to discard invalid requests
  • #17 Delivering API traffic puts pressure on your application delivery infrastructure Cannot be accelerated in the traditional way. Caching is partially effective Security needs are different
  • #20 Components
  • #21 Look at the most common API gateway deployment patterns Starting with … the Edge Gateway
  • #22 So first, just as a level-setting exercise Let's cover the 8 essential functions of an API gateway
  • #23 Here we have our perfectly polished APIs – A, B and C Follows the classic Application Delivery Controller architecture Clients talk to the API gateway, deployed at the edge of the application infrastructure The API gateway does things As we scale the APIs the API gateway also load balances traffic intelligently across the available instances of each API, and
  • #24 It’s the traditional pattern, and it works very well for monoliths What happens when you start decomposing those monoliths? OR introducing microservices Façade routing allows us to publish a single API that is comprised of multiple backend services. It’s fine if we just want to expose more APIs directly, for example service E But when API-A needs to make an API call to service D … We have no security controls, no authentication, no traffic management, no load balancing
  • #25 Another common pattern is to use a 2-tier gateway pattern. Security+Routing Now when API A calls service D, it goes through the routing gateway Here we have a nice separation of concerns – independently scaled Notice how the security gateway doesn’t do much in the way of, what you would call, API gateway work. Compatible with existing application delivery controllers, or simple cloud platform load balancers As you get deeper into microservices deployments – when these things are in containers, deployed through automated CI/CD pipelines, and owned by multiple DevOps teams the centralized gateway (1-tier or 2-tier) can become an administrative bottleneck. Typically, these centralized gateways are owned by a different team, whose change control processes are incompatible with DevOps-style, high-frequency, automated deployments.
  • #26 Works well with cloud deployments because you can utilize the simple, native load balancer E consumes F in the same way as an external client Particularly good for widely distributed deployments where service E and service F are deployed far away from one another Be careful with authN per API – because you’ll end up with at least as many authN methods as you have APIs
  • #27 But there’s one more thing to consider Our application is part of a wider ecosystem - a wider economy - that requires East/West traffic to be successful. Notice that with microservices we expect a lot more service-to-service communication That's simply a function of their size As components get smaller they necessarily depend on other components
  • #28 The microgateway pattern is an effective approach for service-to-service traffic but it has some drawbacks: Service E needs to be written or configured to know that service F is available through migrogateway F – and that changes for each deployment environment Also needs to be configured with or dynamically obtain authentication credentials And what if each service implements a different authentication scheme?! Difficult to reliably determine whether service E is allowed to call service F – who owns the policy for that If the microgateway is now responsible for all of the essential functions of an API gateway then it’s not really “micro” any more. Beware of Microgateway solutions that do not deliver the complete feature set.
  • #29 To address this we can look at the sidecar pattern Whereby we co-locate the microgateway alongside each service - you can imagine these in a single container. Outbound load balancing is interesting What load balancing algorithm do you use for outbound load balancing? How can you be sure that each sidecar for service E has exactly the same configuration Where do you put the configuration for who can talk to who? Does the sidecar gateway co-located with service E know which other services it may request? Or does the sidecar co-located with service F know which other services may make requests? Or both? That’s a lot to keep track of!
  • #30 Now all your essential API gw functions no longer have to fit in a Microgateway have to fit in each service container. All of the DevOps teams share that control plane, using RBAC to avoid making changes to someone else’s application. So you are delegating the sidecar gateway configuration to the control plane.
  • #33 So what have we learnt? Each approach has merits…