SlideShare a Scribd company logo

API Management and Integrated SOA Governance

Download as PPTX, PDF
Sumanth Chinthagunta
Sumanth Chinthagunta

API Management how it extends Integrated SOA Governance

TechnologyBusiness
1 of 25
Integrated SOA Governance
Why API Management matters? Strategic enterprise benefits with API Management
HTML5, Proxy and APIs -The New Three Tier Architecture
Objectives Resource pooling •Multi-tenancy •Resource utilization •Shared, virtual infrastructure •Interoperability On- demand self-service •Fine-graded metering •Billing & reporting •Flexibility workload assignment •Standard service offerings •Quick deployment and automation Rapid Elasticity •Stateless services •Rapid provisioning •Flexible topology •High Quality of Service SaaS delivery model (pay per use)
Traditional vs. New SOA Model Cloud Centric Accountability [Contracts/SLAs] Visibility [Analytics] Control [Governance] Agility [Self-Service provides Operational Efficiency & Agility]
Driving Force behind API Management SaaS-style delivery model for API Services •AaaS: Providing API’s as a Service •Access services on any device from anywhere at any time •Self-Service shifts IT centric model to a delegated administration methodology •Monetization – usage based chargebacks •Multi-tenancy for Service Layer – Prevent single tenant monopolizing resources •Analytics-as-a-Service: To offer Next-generation analytics/Big Data as API •Low TCO and high ROI Cloud Service Brokerage(CSB) Infrastructure for Healthcare Integration •Essential for Health Information Exchange(HIE), EMR/EHR projects to facilitate secure information exchange between disparate organizations across boundaries. •API Marketplace to browse API Catalog, subscribe APIs, establish contracts(SLA) •Customization – Implementing unique services or capabilities beyond the original services •To apply cross-cutting concerns like security, privacy, QoS, policies and mediations without impacting upstream and downstream systems.
Driving Force behind API Mgt (Cont’d) Consumerization & Mobile Enablement •To support Bring Your Own Device (BYOD) programs and Mobile Device Management(MDM) •To modernize services for mobile consumption [Cache, Compress, Pagination, Pre‐fetch content, WAN optimization - chatty to chunky interfaces] •To secure REST APIs: Map Web SSO and SAML to mobile‐friendly OAuth, OpenID Connect and JSON Web tokens •To adapt Mobile App Paradigm by leveraging existing Enterprise Assets Increase Operational Efficiency •Fully integrated API Mgt Suite (Turnkey solution that includes Development, Runtime and Operational governance capabilities) •Reduce IT burden – Delegated, role-based administration via 24/7 self-service portals vs., dependency on limited IT resources •High visibility with real-time dashboards for Root Cause Analysis •Impact Analysis for Change Management •Elastic Scalability – Scale-out / Auto-Scale all components
Integrated SOA Governance • Policy Enforcement [Contracts/SLAs] • Mediations [Protocol, Identity , Format] • Access Control [ACL, OAuth, API Keys] • Metering [audit, usage tracking ] Gateway Operational Management Lifecycle Management API Management Service Virtualization [customizations] • Life-cycle Management [service & policy assets] • Governance [Compliance & Approvals ] • Metadata[repository & registry] • Transaction Tracking [ Operational Responsiveness] • Root-cause Analysis [Exception Management ] • Centralized Management [Cluster-wide Configuration ] • Business Activity Monitoring [real-time business visibility] • API Catalog [Discover APIs] • Reports [Analytics] • Contracts [SLAs] • Self-Service [Developer On- boarding, Key delivery , Approvals & API Access Provisioning] Traffic-shaping
how API Management relates to SOA Governance? Gartner’s : Application Services Governance
Gateway Service Virtualization for exposing on-premise and external APIs as services Authentication and Access Control, enforcing OAuth or API key access on inbound RESTful requests and proxy these to internal services, Credential Mapping, Identity Propagation Data Format Mediation, with support for conversion of unstructured, semi-structured and structured XML data into RESTful API responses Protocol Mediation across a wide range of protocols including SOAP, JMS, MQ, FTP(S), Raw TCP, and custom protocols Content Attack Prevention, including support for XML and HTTP level content threats, denial of service support and policy-based input validation. SLA Management and Rate Limiting, including support for identity based metering of API calls and externalized policies that enforce a consistent quota across a cluster of gateways Policy Engine, with support for service composition, orchestration - conditionals and looping, response caching, pagination expressed as policy, not code
API Gateway Greater flexibility for changing policy requirements Consistent processing across multiple services On-demand API customizations for individual client needs
API Management API Product Management, API packaging of existing services as products Developer on-boarding and registration Portal administration and content management system Reporting and analytics for API usage and latency Developer facing services catalog Developer enablement tools, such as IO docs, which provide mock-responses for testing APIs Admin tools, to allow administrators access to developer approvals Community tools, such as forums, blogs and application galleries
Collaboration between Roles
Service Lifecycle Management(SLM) Lifecycle Manager •[Service & Policy assets, Service Level Agreements (SLAs)] Development Governance •[SDLC - DevOps, Versioning and Change Management ] DevOps Forge •[Test Harness, Self-Service, Continues Integration , Configuration and deployment automation …] Change Governance & Release Management •[Compliance & Quality Management , Approval Workflow and Notifications] Relationship Tracking •[Design Time Impact Analysis] Metadata •[Federated Repository & Smart End-Point Registry]
SLM - 3 Rings Of Functionality SOA SLM • Life-cycle management • Control–Approval Workflow • Governance policy SOA repository • Asset metadata • Asset storage and reference • Service version management Service registry • Runtime service lookup • Runtime policy lookup • UDDI interface
Service vs. API Lifecycle
DevOps- Service Lifecycle Management Project and Team Management Software Development Workflow Governance and Compliance Development Tools Issue Tracking Source ControlContinuous Build Continuous Integration Test Harness Continuous Delivery (Configuration Mgt) Continuous Performance Management Metadat a Reposit ory dPaaS/DevOps - development Platform as a Service
DevOps: Test-Driven Development + Continues Integration + CPM
Operational Management Transaction Tracking [Operational Responsiveness] Root-cause Analysis [Exception Management ] Centralized Management [Cluster-wide Configuration ] Business Activity Monitoring [real-time business visibility]
Operational Management
Operational Management Capacity and Availability Management – Plan and manage throughput and availability to ensure that you deliver the performance and service levels your customers expect without risking internal system overload. Root cause Analysis – Track transactions from the API where they enter your business to the back end services and applications that process them so you can quickly find and fix problems. Impact Analysis – Understand the relationships between your business systems and applications, SOA assets and services, APIs and your customers and partners. This way you will know the potential impact of any changes you plan to make before you make them. End-to-end Security – Use the appropriate security models and standards for services and APIs even if they are different. Use the SOA Software product set to enable end- to-end security mediation and integration with enterprise security systems.
App Developer Service Developer Internal RESTful Services SOAP Web Services Legacy Services (AS400, Mainframe ) Data Access Services Internal PaaS APIs External SaaS APIs Service Virtualization Authentication and Access Control Data Format Mediation Protocol Mediation Content Attack Prevention SLA Management, Rate Limiting Lightweight ESB: Service Orchestration and Composition API Product Management Developer On-boarding Portal Administration Reporting and Analytics API Monetization Developer Facing Service Catalog Developer Enablement Tools Admin Tools & Community Tools  On-Demand Self-Service: API Key Mgt… Centralized Management [Cluster-wide Configuration] Root-Cause Analysis [Exception Management] Transaction Tracking [Operational Responsiveness] Business Activity Monitoring [real-time business visibility] SLA Management [SLA Monitoring and Alerts] Lifecycle Manager [Service & Policy assets] Development Governance [SDLC & Versioning] DevOps Forge - Test Harness, Git… Change Governance [Compliance & Approvals] Relationship Tracking [Impact Analysis ] Metadata [Federated Repository & Registry] Service Administrator Identity & Access Management IT Command Center Service #1 Service #2 Service #3 Consumers REST OAuth Facade SOAP SOAP,JMS,FTP WS-Trust Enterprise Departments WebApps
API and SOA Deployment Architecture API Consuming application API Interface exposed by API Gateway Service virtualization, composition and orchestration hosted by Enterprise Service Bus Atomic Business Services hosted by application server, business process server
API Best Particles
Evolve to Cloud Services Brokerage (CSB) Cloud Service Brokerage (Healthcare Service Hub) Enterprise Service Brokerage Enterprise API Management APIGateway APIBroker Aggregate–Integrate–Customize Partner Developer Portal Internal Developer Portal API Provider Portal API Broker Portal OwnAPIs 3 rd -Party APIs

Recommended

API Management Demystified
API Management DemystifiedAPI Management Demystified
API Management DemystifiedManmohan Gupta
 
API and SOA: Two Sides of the Same Coin?
API and SOA: Two Sides of the Same Coin?API and SOA: Two Sides of the Same Coin?
API and SOA: Two Sides of the Same Coin?Akana
 
How does an API management strategy support your digital transformation?
How does an API management strategy support your digital transformation?How does an API management strategy support your digital transformation?
How does an API management strategy support your digital transformation?SmartWave
 
API Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API ManagementAPI Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API ManagementBizTalk360
 
API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)3scale
 
Realizing SOA and API Convergence
Realizing SOA and API ConvergenceRealizing SOA and API Convergence
Realizing SOA and API ConvergenceAkana
 
How to Manage APIs in your Enterprise for Maximum Reusability and Governance
How to Manage APIs in your Enterprise for Maximum Reusability and GovernanceHow to Manage APIs in your Enterprise for Maximum Reusability and Governance
How to Manage APIs in your Enterprise for Maximum Reusability and GovernanceHARMAN Services
 
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Kai Wähner
 

Recommended

API Management Demystified
API Management DemystifiedAPI Management Demystified
API Management DemystifiedManmohan Gupta
 
API and SOA: Two Sides of the Same Coin?
API and SOA: Two Sides of the Same Coin?API and SOA: Two Sides of the Same Coin?
API and SOA: Two Sides of the Same Coin?Akana
 
How does an API management strategy support your digital transformation?
How does an API management strategy support your digital transformation?How does an API management strategy support your digital transformation?
How does an API management strategy support your digital transformation?SmartWave
 
API Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API ManagementAPI Management Part 1 - An Introduction to Azure API Management
API Management Part 1 - An Introduction to Azure API ManagementBizTalk360
 
API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)3scale
 
Realizing SOA and API Convergence
Realizing SOA and API ConvergenceRealizing SOA and API Convergence
Realizing SOA and API ConvergenceAkana
 
How to Manage APIs in your Enterprise for Maximum Reusability and Governance
How to Manage APIs in your Enterprise for Maximum Reusability and GovernanceHow to Manage APIs in your Enterprise for Maximum Reusability and Governance
How to Manage APIs in your Enterprise for Maximum Reusability and GovernanceHARMAN Services
 
Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Open API and API Management - Introduction and Comparison of Products: TIBCO ...
Open API and API Management - Introduction and Comparison of Products: TIBCO ...Kai Wähner
 
API Management Microservices beyond HIP
API Management Microservices beyond HIPAPI Management Microservices beyond HIP
API Management Microservices beyond HIPSmartWave
 
Modernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIsModernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIsApigee | Google Cloud
 
Microservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices SuccessMicroservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices SuccessApigee | Google Cloud
 
API Governance in the Enterprise
API Governance in the EnterpriseAPI Governance in the Enterprise
API Governance in the EnterpriseApigee | Google Cloud
 
Customer testimonal API Program Lessons learned
Customer testimonal API Program Lessons learnedCustomer testimonal API Program Lessons learned
Customer testimonal API Program Lessons learnedSmartWave
 
Platform for Secure Digital Business
Platform for Secure Digital BusinessPlatform for Secure Digital Business
Platform for Secure Digital BusinessAkana
 
Application Programming Interfaces Overview Powerpoint Presentation Slides
Application Programming Interfaces Overview Powerpoint Presentation SlidesApplication Programming Interfaces Overview Powerpoint Presentation Slides
Application Programming Interfaces Overview Powerpoint Presentation SlidesSlideTeam
 
Redefine Omni-Channel Retailing - Harness the Power of APIs
Redefine Omni-Channel Retailing - Harness the Power of APIs Redefine Omni-Channel Retailing - Harness the Power of APIs
Redefine Omni-Channel Retailing - Harness the Power of APIsApigee | Google Cloud
 
Lean Method for Building Good APIs for Business – APIOps Cycles
Lean Method for Building Good APIs for Business – APIOps CyclesLean Method for Building Good APIs for Business – APIOps Cycles
Lean Method for Building Good APIs for Business – APIOps CyclesNordic APIs
 
We Built This City - Apigee Edge Architecture
We Built This City - Apigee Edge ArchitectureWe Built This City - Apigee Edge Architecture
We Built This City - Apigee Edge ArchitectureApigee | Google Cloud
 
Is it time for a Connector-less Approach to Cloud Integration?
Is it time for a Connector-less Approach to Cloud Integration? Is it time for a Connector-less Approach to Cloud Integration?
Is it time for a Connector-less Approach to Cloud Integration? Akana
 
Cross Platform Mobile Apps with APIs from Qcon San Francisco
Cross Platform Mobile Apps with APIs from Qcon San FranciscoCross Platform Mobile Apps with APIs from Qcon San Francisco
Cross Platform Mobile Apps with APIs from Qcon San FranciscoCA API Management
 
Manage Your Mesh
Manage Your MeshManage Your Mesh
Manage Your MeshAkana
 
Why APIs are not SOA++
Why APIs are not SOA++Why APIs are not SOA++
Why APIs are not SOA++Apigee | Google Cloud
 
Lifecycle Manager and the Lifecycle API
Lifecycle Manager and the Lifecycle APILifecycle Manager and the Lifecycle API
Lifecycle Manager and the Lifecycle APIAkana
 
Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Apigee | Google Cloud
 
Driving Digital Innovation with a Layered API Design Approach
Driving Digital Innovation with a Layered API Design ApproachDriving Digital Innovation with a Layered API Design Approach
Driving Digital Innovation with a Layered API Design ApproachAkana
 
Delivering on Personalization with the Power of APIs
Delivering on Personalization with the Power of APIsDelivering on Personalization with the Power of APIs
Delivering on Personalization with the Power of APIsAkana
 
Smartone v1.0
Smartone v1.0Smartone v1.0
Smartone v1.0Jinyean Tan
 
The Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the EnterpriseThe Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the EnterpriseAkana
 
Introduction to PaaS
Introduction to PaaSIntroduction to PaaS
Introduction to PaaSChris Haddad
 
Malta soa infrastructure
Malta soa infrastructureMalta soa infrastructure
Malta soa infrastructureAngel Knight
 

More Related Content

What's hot

API Management Microservices beyond HIP
API Management Microservices beyond HIPAPI Management Microservices beyond HIP
API Management Microservices beyond HIPSmartWave
 
Modernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIsModernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIsApigee | Google Cloud
 
Microservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices SuccessMicroservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices SuccessApigee | Google Cloud
 
Customer testimonal API Program Lessons learned
Customer testimonal API Program Lessons learnedCustomer testimonal API Program Lessons learned
Customer testimonal API Program Lessons learnedSmartWave
 
Platform for Secure Digital Business
Platform for Secure Digital BusinessPlatform for Secure Digital Business
Platform for Secure Digital BusinessAkana
 
Application Programming Interfaces Overview Powerpoint Presentation Slides
Application Programming Interfaces Overview Powerpoint Presentation SlidesApplication Programming Interfaces Overview Powerpoint Presentation Slides
Application Programming Interfaces Overview Powerpoint Presentation SlidesSlideTeam
 
Redefine Omni-Channel Retailing - Harness the Power of APIs
Redefine Omni-Channel Retailing - Harness the Power of APIs Redefine Omni-Channel Retailing - Harness the Power of APIs
Redefine Omni-Channel Retailing - Harness the Power of APIsApigee | Google Cloud
 
Lean Method for Building Good APIs for Business – APIOps Cycles
Lean Method for Building Good APIs for Business – APIOps CyclesLean Method for Building Good APIs for Business – APIOps Cycles
Lean Method for Building Good APIs for Business – APIOps CyclesNordic APIs
 
We Built This City - Apigee Edge Architecture
We Built This City - Apigee Edge ArchitectureWe Built This City - Apigee Edge Architecture
We Built This City - Apigee Edge ArchitectureApigee | Google Cloud
 
Is it time for a Connector-less Approach to Cloud Integration?
Is it time for a Connector-less Approach to Cloud Integration? Is it time for a Connector-less Approach to Cloud Integration?
Is it time for a Connector-less Approach to Cloud Integration? Akana
 
Cross Platform Mobile Apps with APIs from Qcon San Francisco
Cross Platform Mobile Apps with APIs from Qcon San FranciscoCross Platform Mobile Apps with APIs from Qcon San Francisco
Cross Platform Mobile Apps with APIs from Qcon San FranciscoCA API Management
 
Manage Your Mesh
Manage Your MeshManage Your Mesh
Manage Your MeshAkana
 
Lifecycle Manager and the Lifecycle API
Lifecycle Manager and the Lifecycle APILifecycle Manager and the Lifecycle API
Lifecycle Manager and the Lifecycle APIAkana
 
Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Apigee | Google Cloud
 
Driving Digital Innovation with a Layered API Design Approach
Driving Digital Innovation with a Layered API Design ApproachDriving Digital Innovation with a Layered API Design Approach
Driving Digital Innovation with a Layered API Design ApproachAkana
 
Delivering on Personalization with the Power of APIs
Delivering on Personalization with the Power of APIsDelivering on Personalization with the Power of APIs
Delivering on Personalization with the Power of APIsAkana
 
The Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the EnterpriseThe Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the EnterpriseAkana
 

What's hot (20)

API Management Microservices beyond HIP
API Management Microservices beyond HIPAPI Management Microservices beyond HIP
API Management Microservices beyond HIP
 
Modernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIsModernizing an Existing SOA-based Architecture with APIs
Modernizing an Existing SOA-based Architecture with APIs
 
Microservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices SuccessMicroservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices Success
 
API Governance in the Enterprise
API Governance in the EnterpriseAPI Governance in the Enterprise
API Governance in the Enterprise
 
Customer testimonal API Program Lessons learned
Customer testimonal API Program Lessons learnedCustomer testimonal API Program Lessons learned
Customer testimonal API Program Lessons learned
 
Platform for Secure Digital Business
Platform for Secure Digital BusinessPlatform for Secure Digital Business
Platform for Secure Digital Business
 
Application Programming Interfaces Overview Powerpoint Presentation Slides
Application Programming Interfaces Overview Powerpoint Presentation SlidesApplication Programming Interfaces Overview Powerpoint Presentation Slides
Application Programming Interfaces Overview Powerpoint Presentation Slides
 
Redefine Omni-Channel Retailing - Harness the Power of APIs
Redefine Omni-Channel Retailing - Harness the Power of APIs Redefine Omni-Channel Retailing - Harness the Power of APIs
Redefine Omni-Channel Retailing - Harness the Power of APIs
 
Lean Method for Building Good APIs for Business – APIOps Cycles
Lean Method for Building Good APIs for Business – APIOps CyclesLean Method for Building Good APIs for Business – APIOps Cycles
Lean Method for Building Good APIs for Business – APIOps Cycles
 
We Built This City - Apigee Edge Architecture
We Built This City - Apigee Edge ArchitectureWe Built This City - Apigee Edge Architecture
We Built This City - Apigee Edge Architecture
 
Is it time for a Connector-less Approach to Cloud Integration?
Is it time for a Connector-less Approach to Cloud Integration? Is it time for a Connector-less Approach to Cloud Integration?
Is it time for a Connector-less Approach to Cloud Integration?
 
Cross Platform Mobile Apps with APIs from Qcon San Francisco
Cross Platform Mobile Apps with APIs from Qcon San FranciscoCross Platform Mobile Apps with APIs from Qcon San Francisco
Cross Platform Mobile Apps with APIs from Qcon San Francisco
 
Manage Your Mesh
Manage Your MeshManage Your Mesh
Manage Your Mesh
 
Why APIs are not SOA++
Why APIs are not SOA++Why APIs are not SOA++
Why APIs are not SOA++
 
Lifecycle Manager and the Lifecycle API
Lifecycle Manager and the Lifecycle APILifecycle Manager and the Lifecycle API
Lifecycle Manager and the Lifecycle API
 
Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?
 
Driving Digital Innovation with a Layered API Design Approach
Driving Digital Innovation with a Layered API Design ApproachDriving Digital Innovation with a Layered API Design Approach
Driving Digital Innovation with a Layered API Design Approach
 
Delivering on Personalization with the Power of APIs
Delivering on Personalization with the Power of APIsDelivering on Personalization with the Power of APIs
Delivering on Personalization with the Power of APIs
 
Smartone v1.0
Smartone v1.0Smartone v1.0
Smartone v1.0
 
The Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the EnterpriseThe Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the Enterprise
 

Similar to API Management and Integrated SOA Governance

Introduction to PaaS
Introduction to PaaSIntroduction to PaaS
Introduction to PaaSChris Haddad
 
Malta soa infrastructure
Malta soa infrastructureMalta soa infrastructure
Malta soa infrastructureAngel Knight
 
Lifecycle Manager and the Lifecycle API
Lifecycle Manager and the Lifecycle APILifecycle Manager and the Lifecycle API
Lifecycle Manager and the Lifecycle APIAkana
 
Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...
Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...
Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...Stefan Bergstein
 
Practical soa for business and researchers
Practical soa for business and researchersPractical soa for business and researchers
Practical soa for business and researchersMustafa Gamal
 
Take Control of your APIs in a Microservice Architecture
Take Control of your APIs in a Microservice ArchitectureTake Control of your APIs in a Microservice Architecture
Take Control of your APIs in a Microservice Architecture3scale
 
WSO2Con USA 2017: Brokerage as a Service (BaaS), Transforming Fidelity Broker...
WSO2Con USA 2017: Brokerage as a Service (BaaS), Transforming Fidelity Broker...WSO2Con USA 2017: Brokerage as a Service (BaaS), Transforming Fidelity Broker...
WSO2Con USA 2017: Brokerage as a Service (BaaS), Transforming Fidelity Broker...WSO2
 
Saas challenges and solutions
Saas challenges and solutionsSaas challenges and solutions
Saas challenges and solutionskanimozhin
 
Paul Butterworth S O A Runtime Governance Practices
Paul Butterworth S O A Runtime Governance PracticesPaul Butterworth S O A Runtime Governance Practices
Paul Butterworth S O A Runtime Governance PracticesSOA Symposium
 
The State of Log Management & Analytics for AWS
The State of Log Management & Analytics for AWSThe State of Log Management & Analytics for AWS
The State of Log Management & Analytics for AWSTrevor Parsons
 
Saas Challenges and Solutions
Saas Challenges and SolutionsSaas Challenges and Solutions
Saas Challenges and SolutionsTechcello
 
Reference Architecture for Shared Services Hosting_SunilBabu_V2.0
Reference Architecture for Shared Services Hosting_SunilBabu_V2.0Reference Architecture for Shared Services Hosting_SunilBabu_V2.0
Reference Architecture for Shared Services Hosting_SunilBabu_V2.0Sunil Babu
 
AWS Managed Services and SaaS Partner Programs
AWS Managed Services and SaaS Partner ProgramsAWS Managed Services and SaaS Partner Programs
AWS Managed Services and SaaS Partner ProgramsAmazon Web Services
 
Soa Runtime Governance Practices
Soa Runtime Governance PracticesSoa Runtime Governance Practices
Soa Runtime Governance PracticesMichiel.Kemperman
 
(ISM206) Modern IT Governance Through Transparency and Automation
(ISM206) Modern IT Governance Through Transparency and Automation(ISM206) Modern IT Governance Through Transparency and Automation
(ISM206) Modern IT Governance Through Transparency and AutomationAmazon Web Services
 
Service Delivery & Automation Configure & Deploy
Service Delivery & Automation Configure & DeployService Delivery & Automation Configure & Deploy
Service Delivery & Automation Configure & DeployRonnie Isherwood
 

Similar to API Management and Integrated SOA Governance (20)

Introduction to PaaS
Introduction to PaaSIntroduction to PaaS
Introduction to PaaS
 
Malta soa infrastructure
Malta soa infrastructureMalta soa infrastructure
Malta soa infrastructure
 
Lifecycle Manager and the Lifecycle API
Lifecycle Manager and the Lifecycle APILifecycle Manager and the Lifecycle API
Lifecycle Manager and the Lifecycle API
 
Application Migrations
Application MigrationsApplication Migrations
Application Migrations
 
Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...
Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...
Service Oriented Architectures (SOA) Monitoring and Management with HP OpenVi...
 
Practical soa for business and researchers
Practical soa for business and researchersPractical soa for business and researchers
Practical soa for business and researchers
 
Take Control of your APIs in a Microservice Architecture
Take Control of your APIs in a Microservice ArchitectureTake Control of your APIs in a Microservice Architecture
Take Control of your APIs in a Microservice Architecture
 
WSO2Con USA 2017: Brokerage as a Service (BaaS), Transforming Fidelity Broker...
WSO2Con USA 2017: Brokerage as a Service (BaaS), Transforming Fidelity Broker...WSO2Con USA 2017: Brokerage as a Service (BaaS), Transforming Fidelity Broker...
WSO2Con USA 2017: Brokerage as a Service (BaaS), Transforming Fidelity Broker...
 
Saas challenges and solutions
Saas challenges and solutionsSaas challenges and solutions
Saas challenges and solutions
 
Paul Butterworth S O A Runtime Governance Practices
Paul Butterworth S O A Runtime Governance PracticesPaul Butterworth S O A Runtime Governance Practices
Paul Butterworth S O A Runtime Governance Practices
 
The State of Log Management & Analytics for AWS
The State of Log Management & Analytics for AWSThe State of Log Management & Analytics for AWS
The State of Log Management & Analytics for AWS
 
Saas Challenges and Solutions
Saas Challenges and SolutionsSaas Challenges and Solutions
Saas Challenges and Solutions
 
Reference Architecture for Shared Services Hosting_SunilBabu_V2.0
Reference Architecture for Shared Services Hosting_SunilBabu_V2.0Reference Architecture for Shared Services Hosting_SunilBabu_V2.0
Reference Architecture for Shared Services Hosting_SunilBabu_V2.0
 
AWS Managed Services and SaaS Partner Programs
AWS Managed Services and SaaS Partner ProgramsAWS Managed Services and SaaS Partner Programs
AWS Managed Services and SaaS Partner Programs
 
Oow2016 review--paas-microservices-
Oow2016 review--paas-microservices-Oow2016 review--paas-microservices-
Oow2016 review--paas-microservices-
 
SOA governance
SOA governanceSOA governance
SOA governance
 
Benefits of Cloud Computing
Benefits of Cloud ComputingBenefits of Cloud Computing
Benefits of Cloud Computing
 
Soa Runtime Governance Practices
Soa Runtime Governance PracticesSoa Runtime Governance Practices
Soa Runtime Governance Practices
 
(ISM206) Modern IT Governance Through Transparency and Automation
(ISM206) Modern IT Governance Through Transparency and Automation(ISM206) Modern IT Governance Through Transparency and Automation
(ISM206) Modern IT Governance Through Transparency and Automation
 
Service Delivery & Automation Configure & Deploy
Service Delivery & Automation Configure & DeployService Delivery & Automation Configure & Deploy
Service Delivery & Automation Configure & Deploy
 

Recently uploaded

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 

Recently uploaded (20)

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 

API Management and Integrated SOA Governance

  • 2. Why API Management matters? Strategic enterprise benefits with API Management
  • 3. HTML5, Proxy and APIs -The New Three Tier Architecture
  • 4. Objectives Resource pooling •Multi-tenancy •Resource utilization •Shared, virtual infrastructure •Interoperability On- demand self-service •Fine-graded metering •Billing & reporting •Flexibility workload assignment •Standard service offerings •Quick deployment and automation Rapid Elasticity •Stateless services •Rapid provisioning •Flexible topology •High Quality of Service SaaS delivery model (pay per use)
  • 5. Traditional vs. New SOA Model Cloud Centric Accountability [Contracts/SLAs] Visibility [Analytics] Control [Governance] Agility [Self-Service provides Operational Efficiency & Agility]
  • 6. Driving Force behind API Management SaaS-style delivery model for API Services •AaaS: Providing API’s as a Service •Access services on any device from anywhere at any time •Self-Service shifts IT centric model to a delegated administration methodology •Monetization – usage based chargebacks •Multi-tenancy for Service Layer – Prevent single tenant monopolizing resources •Analytics-as-a-Service: To offer Next-generation analytics/Big Data as API •Low TCO and high ROI Cloud Service Brokerage(CSB) Infrastructure for Healthcare Integration •Essential for Health Information Exchange(HIE), EMR/EHR projects to facilitate secure information exchange between disparate organizations across boundaries. •API Marketplace to browse API Catalog, subscribe APIs, establish contracts(SLA) •Customization – Implementing unique services or capabilities beyond the original services •To apply cross-cutting concerns like security, privacy, QoS, policies and mediations without impacting upstream and downstream systems.
  • 7. Driving Force behind API Mgt (Cont’d) Consumerization & Mobile Enablement •To support Bring Your Own Device (BYOD) programs and Mobile Device Management(MDM) •To modernize services for mobile consumption [Cache, Compress, Pagination, Pre‐fetch content, WAN optimization - chatty to chunky interfaces] •To secure REST APIs: Map Web SSO and SAML to mobile‐friendly OAuth, OpenID Connect and JSON Web tokens •To adapt Mobile App Paradigm by leveraging existing Enterprise Assets Increase Operational Efficiency •Fully integrated API Mgt Suite (Turnkey solution that includes Development, Runtime and Operational governance capabilities) •Reduce IT burden – Delegated, role-based administration via 24/7 self-service portals vs., dependency on limited IT resources •High visibility with real-time dashboards for Root Cause Analysis •Impact Analysis for Change Management •Elastic Scalability – Scale-out / Auto-Scale all components
  • 8. Integrated SOA Governance • Policy Enforcement [Contracts/SLAs] • Mediations [Protocol, Identity , Format] • Access Control [ACL, OAuth, API Keys] • Metering [audit, usage tracking ] Gateway Operational Management Lifecycle Management API Management Service Virtualization [customizations] • Life-cycle Management [service & policy assets] • Governance [Compliance & Approvals ] • Metadata[repository & registry] • Transaction Tracking [ Operational Responsiveness] • Root-cause Analysis [Exception Management ] • Centralized Management [Cluster-wide Configuration ] • Business Activity Monitoring [real-time business visibility] • API Catalog [Discover APIs] • Reports [Analytics] • Contracts [SLAs] • Self-Service [Developer On- boarding, Key delivery , Approvals & API Access Provisioning] Traffic-shaping
  • 9. how API Management relates to SOA Governance? Gartner’s : Application Services Governance
  • 10. Gateway Service Virtualization for exposing on-premise and external APIs as services Authentication and Access Control, enforcing OAuth or API key access on inbound RESTful requests and proxy these to internal services, Credential Mapping, Identity Propagation Data Format Mediation, with support for conversion of unstructured, semi-structured and structured XML data into RESTful API responses Protocol Mediation across a wide range of protocols including SOAP, JMS, MQ, FTP(S), Raw TCP, and custom protocols Content Attack Prevention, including support for XML and HTTP level content threats, denial of service support and policy-based input validation. SLA Management and Rate Limiting, including support for identity based metering of API calls and externalized policies that enforce a consistent quota across a cluster of gateways Policy Engine, with support for service composition, orchestration - conditionals and looping, response caching, pagination expressed as policy, not code
  • 11. API Gateway Greater flexibility for changing policy requirements Consistent processing across multiple services On-demand API customizations for individual client needs
  • 12. API Management API Product Management, API packaging of existing services as products Developer on-boarding and registration Portal administration and content management system Reporting and analytics for API usage and latency Developer facing services catalog Developer enablement tools, such as IO docs, which provide mock-responses for testing APIs Admin tools, to allow administrators access to developer approvals Community tools, such as forums, blogs and application galleries
  • 14. Service Lifecycle Management(SLM) Lifecycle Manager •[Service & Policy assets, Service Level Agreements (SLAs)] Development Governance •[SDLC - DevOps, Versioning and Change Management ] DevOps Forge •[Test Harness, Self-Service, Continues Integration , Configuration and deployment automation …] Change Governance & Release Management •[Compliance & Quality Management , Approval Workflow and Notifications] Relationship Tracking •[Design Time Impact Analysis] Metadata •[Federated Repository & Smart End-Point Registry]
  • 15. SLM - 3 Rings Of Functionality SOA SLM • Life-cycle management • Control–Approval Workflow • Governance policy SOA repository • Asset metadata • Asset storage and reference • Service version management Service registry • Runtime service lookup • Runtime policy lookup • UDDI interface
  • 16. Service vs. API Lifecycle
  • 17. DevOps- Service Lifecycle Management Project and Team Management Software Development Workflow Governance and Compliance Development Tools Issue Tracking Source ControlContinuous Build Continuous Integration Test Harness Continuous Delivery (Configuration Mgt) Continuous Performance Management Metadat a Reposit ory dPaaS/DevOps - development Platform as a Service
  • 18. DevOps: Test-Driven Development + Continues Integration + CPM
  • 19. Operational Management Transaction Tracking [Operational Responsiveness] Root-cause Analysis [Exception Management ] Centralized Management [Cluster-wide Configuration ] Business Activity Monitoring [real-time business visibility]
  • 21. Operational Management Capacity and Availability Management – Plan and manage throughput and availability to ensure that you deliver the performance and service levels your customers expect without risking internal system overload. Root cause Analysis – Track transactions from the API where they enter your business to the back end services and applications that process them so you can quickly find and fix problems. Impact Analysis – Understand the relationships between your business systems and applications, SOA assets and services, APIs and your customers and partners. This way you will know the potential impact of any changes you plan to make before you make them. End-to-end Security – Use the appropriate security models and standards for services and APIs even if they are different. Use the SOA Software product set to enable end- to-end security mediation and integration with enterprise security systems.
  • 22. App Developer Service Developer Internal RESTful Services SOAP Web Services Legacy Services (AS400, Mainframe ) Data Access Services Internal PaaS APIs External SaaS APIs Service Virtualization Authentication and Access Control Data Format Mediation Protocol Mediation Content Attack Prevention SLA Management, Rate Limiting Lightweight ESB: Service Orchestration and Composition API Product Management Developer On-boarding Portal Administration Reporting and Analytics API Monetization Developer Facing Service Catalog Developer Enablement Tools Admin Tools & Community Tools  On-Demand Self-Service: API Key Mgt… Centralized Management [Cluster-wide Configuration] Root-Cause Analysis [Exception Management] Transaction Tracking [Operational Responsiveness] Business Activity Monitoring [real-time business visibility] SLA Management [SLA Monitoring and Alerts] Lifecycle Manager [Service & Policy assets] Development Governance [SDLC & Versioning] DevOps Forge - Test Harness, Git… Change Governance [Compliance & Approvals] Relationship Tracking [Impact Analysis ] Metadata [Federated Repository & Registry] Service Administrator Identity & Access Management IT Command Center Service #1 Service #2 Service #3 Consumers REST OAuth Facade SOAP SOAP,JMS,FTP WS-Trust Enterprise Departments WebApps
  • 23. API and SOA Deployment Architecture API Consuming application API Interface exposed by API Gateway Service virtualization, composition and orchestration hosted by Enterprise Service Bus Atomic Business Services hosted by application server, business process server
  • 25. Evolve to Cloud Services Brokerage (CSB) Cloud Service Brokerage (Healthcare Service Hub) Enterprise Service Brokerage Enterprise API Management APIGateway APIBroker Aggregate–Integrate–Customize Partner Developer Portal Internal Developer Portal API Provider Portal API Broker Portal OwnAPIs 3 rd -Party APIs

Editor's Notes

  1. by 2015, APIs will become primary delivery channel for business services to mobile devices, appliances and partner applications.
  2. PaaS = Environment for building and Deployment Apps + Cloud Characteristics
  3. Accountability ability to define contracts as policies  and enforce them in runtime and ability to monitor transitions  and generate reports for audit,  improves accountability. Self-Service contract establishment. Design time Impact Analysis for change management.  Visibility End-to-End visibility, transaction tracking and root-cause analysis. Monitoring, Metering and Metrics. Runtime Impact Analysis  Control Policy/contract driven access control. Governance policies for change management and life-cycle managementRole based delegation and self-service brings operational efficiency without losing control. Agility – [Self-Service providesOperational Efficiency & Agility]Delegated and role based administration enable distributed management across a large enterprise.Delegated authority and multiple roles involvement vs. dependency on sing role for day-to-day operational activities. Increased Organizational Agility and Reduced IT Burden.Seamless integration between design-time and runtime aspects deliver automation with minimal manual intervention.Change management - Make sure that agility doesn’t come at the cost of stability by effectively managing change across SOA assets and services and APIs.Cloud Centric (Native) What is Cloud Native Platform means? Distributed/Dynamically Wired – find services even when they move, self-recovery from service disruption. Elastically Scalable – scale up and down as needed. Multi-tenant -Vertical isolated, controlled resource sharing governed by a contract. For maximizing resource sharing. 1st Gen: Machine per Tenant  2nd Gen: VM per Tenant  3rd Gen: Tenant sharing same Container(PaaS) with a (service)contract driven resource allocation. Self-Service – full-service  self-service model. De-centralized creation and management of tenants. Automated governance with delegation and role-based administration. Lower the operational cost and time to deliver new applications.Monetization – Metered and billed granularly. Pay of just what you use.
  4. Consumerization & Mobile EnablementLeverage Existing Enterprise Resources for APIs - Build your APIs using existing enterprise services and assets to bring APIs to market more quickly and cost effectively.Increase Operational EfficiencyCapacity and Availability Management - Plan and manage throughput and availability to ensure that you deliver the performance and service levels your customers expect without risking internal system overload.Root cause Analysis - Track transactions from the API where they enter your business to the back end services and applications that process them so you can quickly find and fix problems.Impact Analysis - Understand the relationships between your business systems and applications, SOA assets and services, APIs and your customers and partners.  This way you will know the potential impact of any changes you plan to make before you make them.End-to-end Security - Use the appropriate security models and standards for services and APIs even if they are different.  Use the SOA Software product set to enable end-to-end security mediation and integration with enterprise security systems.Agility Change management - Make sure that agility doesn’t come at the cost of stability by effectively managing change across SOA assets and services and APIs.
  5. According to Gartner API Management and SOA Governance are converging into a consolidated space called Application Services Governance.The diagram above shows how API Management relates to SOA Governance.  As you can see SOA Governance includes lifecycle governance and run-time management, API Management adds community management and leverages a lot of the run-time capabilities and some of the lifecycle capabilities of SOA Governance.Leverage SOA as the foundation for Enterprise APIs. Application Service Governance : Integrate, Mediate, Govern and Publish Integrate and mediate legacy applications that were written for different protocols and data formats Govern services with throttling, message level security, tokenization, content attack prevention, and authentication, authorization and audit controls Publish APIs and manage internal or external developers
  6. throttling of API calls based on identities, location and service level
  7. APIs have their own lifecycle, independently from the back-end service they rely on
  8. The life cycle of a service comprises of the following two phases:Design phase: The service architecture team identifies an organization's business needs and models a number of services and application interfaces to support those needsRun-time phase: The services modeled using the catalog of business needs are used as a roadmap for service creation and exposed as run-time offerings within the organization.
  9. A successful API ecosystem has several key players, scenarios, and outcomes - API creators create an API, Publishers prepare it for community usage, Application Developers/Partners discover APIs, subscribe, and start using them in their applications. Once these applications are installed for end users, usage of those applications invoke APIs underneath. This brings about the opportunity to collect statistics on API usage. These statistics make up the dashboard of your business through APIs. For example tracking for higher usage numbers would be a reason to starting thinking about scaling. Depending on the business value delivered, authentication needs of an API can vary as well.Over time APIs will evolve from creating newer, better versions to finally reaching end of life. Similar to how a product is managed, APIs once published should be carefully managed and monitored. Integrated API Management is designed to fully support such an ecosystem and is constantly evolving to serve more niche endpoints
  10. SLM is similar to ALM dPaaS (development Platform as a Service) : Agile DevOps -(e.g., CloudForge/TeamForge from CollabNet, IBM Jazz, Test Harness, Maven, Chef and Puppet etc)  ALM to DevOps: Orchestrate and govern the entire software delivery process; collaborate across the enterprise.What is DevOps?DevOps = Dev + Ops : The integration of software development with operations to enable the rapid delivery of new capabilities
  11. Visibility and Traceabilityend-to-end Transaction Monitoring—plus AlertingTo provide business transaction assuranceSOA Monitoring and Alerting from Progress Actional http://www.progress.com/en/Product-Capabilities/transaction-monitoring-alerting.html
  12. API Management PlatformGatewaythrottling of API calls based on identities, location and service level aPaaS e.g., Cloud Foundry iPaaS e.g., WSO2dPaaS (development Platform as a Service)Agile DevOps -Test Harness, Maven, Chef and Puppet
  13. Complex mediation is often not applied within the API gateway. SOA infrastructure often already includes an Enterprise Service Bus that can effectively apply message transformation, protocol switching, credential mediation, and content routing. By decoupling complex mediation from the gateway, teams can readily scale the infrastructure and independently and separately evolve a standard, simple API from complex, back-end implementation services. An API and SOA deployment architecture may mirror the figure above.