4. Objectives
Resource
pooling
•Multi-tenancy
•Resource utilization
•Shared, virtual infrastructure
•Interoperability
On-
demand
self-service
•Fine-graded metering
•Billing & reporting
•Flexibility workload assignment
•Standard service offerings
•Quick deployment and automation
Rapid
Elasticity
•Stateless services
•Rapid provisioning
•Flexible topology
•High Quality of Service
SaaS delivery model
(pay per use)
5. Traditional vs. New SOA Model
Cloud
Centric
Accountability
[Contracts/SLAs]
Visibility
[Analytics]
Control
[Governance]
Agility
[Self-Service
provides
Operational
Efficiency & Agility]
6. Driving Force behind API Management
SaaS-style delivery model for API Services
•AaaS: Providing API’s as a Service
•Access services on any device from anywhere at any time
•Self-Service shifts IT centric model to a delegated administration methodology
•Monetization – usage based chargebacks
•Multi-tenancy for Service Layer – Prevent single tenant monopolizing resources
•Analytics-as-a-Service: To offer Next-generation analytics/Big Data as API
•Low TCO and high ROI
Cloud Service Brokerage(CSB) Infrastructure for Healthcare Integration
•Essential for Health Information Exchange(HIE), EMR/EHR projects to facilitate secure
information exchange between disparate organizations across boundaries.
•API Marketplace to browse API Catalog, subscribe APIs, establish contracts(SLA)
•Customization – Implementing unique services or capabilities beyond the original
services
•To apply cross-cutting concerns like security, privacy, QoS, policies and mediations
without impacting upstream and downstream systems.
7. Driving Force behind API Mgt (Cont’d)
Consumerization & Mobile Enablement
•To support Bring Your Own Device (BYOD) programs and Mobile Device
Management(MDM)
•To modernize services for mobile consumption [Cache, Compress, Pagination,
Pre‐fetch content, WAN optimization - chatty to chunky interfaces]
•To secure REST APIs: Map Web SSO and SAML to mobile‐friendly OAuth, OpenID
Connect and JSON Web tokens
•To adapt Mobile App Paradigm by leveraging existing Enterprise Assets
Increase Operational Efficiency
•Fully integrated API Mgt Suite (Turnkey solution that includes
Development, Runtime and Operational governance capabilities)
•Reduce IT burden – Delegated, role-based administration via 24/7 self-service
portals vs., dependency on limited IT resources
•High visibility with real-time dashboards for Root Cause Analysis
•Impact Analysis for Change Management
•Elastic Scalability – Scale-out / Auto-Scale all components
9. how API Management relates to SOA
Governance?
Gartner’s : Application Services Governance
10. Gateway
Service Virtualization for exposing on-premise and external APIs as services
Authentication and Access Control, enforcing OAuth or API key access on inbound RESTful requests and
proxy these to internal services, Credential Mapping, Identity Propagation
Data Format Mediation, with support for conversion of unstructured, semi-structured and structured
XML data into RESTful API responses
Protocol Mediation across a wide range of protocols including SOAP, JMS, MQ, FTP(S), Raw TCP, and
custom protocols
Content Attack Prevention, including support for XML and HTTP level content threats, denial of service
support and policy-based input validation.
SLA Management and Rate Limiting, including support for identity based metering of API calls and
externalized policies that enforce a consistent quota across a cluster of gateways
Policy Engine, with support for service composition, orchestration - conditionals and looping, response
caching, pagination expressed as policy, not code
11. API Gateway
Greater flexibility for changing policy requirements
Consistent processing across multiple services
On-demand API customizations for individual client needs
12. API Management
API Product Management, API packaging of existing services as products
Developer on-boarding and registration
Portal administration and content management system
Reporting and analytics for API usage and latency
Developer facing services catalog
Developer enablement tools, such as IO docs, which provide mock-responses for
testing APIs
Admin tools, to allow administrators access to developer approvals
Community tools, such as forums, blogs and application galleries
17. DevOps- Service Lifecycle Management
Project and Team
Management
Software
Development
Workflow
Governance and
Compliance
Development Tools
Issue Tracking
Source ControlContinuous Build
Continuous
Integration
Test Harness
Continuous Delivery
(Configuration Mgt)
Continuous
Performance
Management
Metadat
a
Reposit
ory
dPaaS/DevOps - development Platform as a Service
21. Operational Management
Capacity and Availability Management – Plan and manage throughput and
availability to ensure that you deliver the performance and service levels your
customers expect without risking internal system overload.
Root cause Analysis – Track transactions from the API where they enter your business
to the back end services and applications that process them so you can quickly find
and fix problems.
Impact Analysis – Understand the relationships between your business systems and
applications, SOA assets and services, APIs and your customers and partners. This
way you will know the potential impact of any changes you plan to make before you
make them.
End-to-end Security – Use the appropriate security models and standards for services
and APIs even if they are different. Use the SOA Software product set to enable end-
to-end security mediation and integration with enterprise security systems.
22. App
Developer
Service
Developer
Internal RESTful
Services
SOAP Web
Services
Legacy Services
(AS400, Mainframe )
Data Access
Services
Internal PaaS
APIs
External SaaS
APIs
Service Virtualization
Authentication and
Access Control
Data Format Mediation
Protocol Mediation
Content Attack Prevention
SLA Management, Rate Limiting
Lightweight ESB: Service
Orchestration and Composition
API Product Management
Developer On-boarding
Portal Administration
Reporting and Analytics
API Monetization
Developer Facing Service Catalog
Developer Enablement Tools
Admin Tools & Community Tools
On-Demand Self-Service: API Key Mgt…
Centralized Management
[Cluster-wide Configuration]
Root-Cause Analysis
[Exception Management]
Transaction Tracking
[Operational Responsiveness]
Business Activity Monitoring
[real-time business visibility]
SLA Management [SLA Monitoring and Alerts]
Lifecycle Manager
[Service & Policy assets]
Development Governance
[SDLC & Versioning]
DevOps Forge - Test Harness, Git…
Change Governance
[Compliance & Approvals]
Relationship Tracking [Impact Analysis ]
Metadata [Federated Repository & Registry]
Service
Administrator
Identity & Access Management
IT Command
Center
Service #1
Service #2
Service #3
Consumers
REST
OAuth
Facade
SOAP
SOAP,JMS,FTP
WS-Trust
Enterprise Departments
WebApps
23. API and SOA Deployment Architecture
API Consuming application
API Interface exposed by API Gateway
Service virtualization, composition and
orchestration hosted by Enterprise Service Bus
Atomic Business Services hosted by
application server, business process server
25. Evolve to Cloud Services Brokerage (CSB)
Cloud Service Brokerage (Healthcare Service Hub)
Enterprise Service Brokerage
Enterprise API Management
APIGateway
APIBroker
Aggregate–Integrate–Customize
Partner
Developer
Portal
Internal
Developer
Portal
API
Provider
Portal
API
Broker
Portal
OwnAPIs
3
rd
-Party
APIs
Editor's Notes
by 2015, APIs will become primary delivery channel for business services to mobile devices, appliances and partner applications.
PaaS = Environment for building and Deployment Apps + Cloud Characteristics
Accountability ability to define contracts as policies and enforce them in runtime and ability to monitor transitions and generate reports for audit, improves accountability. Self-Service contract establishment. Design time Impact Analysis for change management. Visibility End-to-End visibility, transaction tracking and root-cause analysis. Monitoring, Metering and Metrics. Runtime Impact Analysis Control Policy/contract driven access control. Governance policies for change management and life-cycle managementRole based delegation and self-service brings operational efficiency without losing control. Agility – [Self-Service providesOperational Efficiency & Agility]Delegated and role based administration enable distributed management across a large enterprise.Delegated authority and multiple roles involvement vs. dependency on sing role for day-to-day operational activities. Increased Organizational Agility and Reduced IT Burden.Seamless integration between design-time and runtime aspects deliver automation with minimal manual intervention.Change management - Make sure that agility doesn’t come at the cost of stability by effectively managing change across SOA assets and services and APIs.Cloud Centric (Native) What is Cloud Native Platform means? Distributed/Dynamically Wired – find services even when they move, self-recovery from service disruption. Elastically Scalable – scale up and down as needed. Multi-tenant -Vertical isolated, controlled resource sharing governed by a contract. For maximizing resource sharing. 1st Gen: Machine per Tenant 2nd Gen: VM per Tenant 3rd Gen: Tenant sharing same Container(PaaS) with a (service)contract driven resource allocation. Self-Service – full-service self-service model. De-centralized creation and management of tenants. Automated governance with delegation and role-based administration. Lower the operational cost and time to deliver new applications.Monetization – Metered and billed granularly. Pay of just what you use.
Consumerization & Mobile EnablementLeverage Existing Enterprise Resources for APIs - Build your APIs using existing enterprise services and assets to bring APIs to market more quickly and cost effectively.Increase Operational EfficiencyCapacity and Availability Management - Plan and manage throughput and availability to ensure that you deliver the performance and service levels your customers expect without risking internal system overload.Root cause Analysis - Track transactions from the API where they enter your business to the back end services and applications that process them so you can quickly find and fix problems.Impact Analysis - Understand the relationships between your business systems and applications, SOA assets and services, APIs and your customers and partners. This way you will know the potential impact of any changes you plan to make before you make them.End-to-end Security - Use the appropriate security models and standards for services and APIs even if they are different. Use the SOA Software product set to enable end-to-end security mediation and integration with enterprise security systems.Agility Change management - Make sure that agility doesn’t come at the cost of stability by effectively managing change across SOA assets and services and APIs.
According to Gartner API Management and SOA Governance are converging into a consolidated space called Application Services Governance.The diagram above shows how API Management relates to SOA Governance. As you can see SOA Governance includes lifecycle governance and run-time management, API Management adds community management and leverages a lot of the run-time capabilities and some of the lifecycle capabilities of SOA Governance.Leverage SOA as the foundation for Enterprise APIs. Application Service Governance : Integrate, Mediate, Govern and Publish Integrate and mediate legacy applications that were written for different protocols and data formats Govern services with throttling, message level security, tokenization, content attack prevention, and authentication, authorization and audit controls Publish APIs and manage internal or external developers
throttling of API calls based on identities, location and service level
APIs have their own lifecycle, independently from the back-end service they rely on
The life cycle of a service comprises of the following two phases:Design phase: The service architecture team identifies an organization's business needs and models a number of services and application interfaces to support those needsRun-time phase: The services modeled using the catalog of business needs are used as a roadmap for service creation and exposed as run-time offerings within the organization.
A successful API ecosystem has several key players, scenarios, and outcomes - API creators create an API, Publishers prepare it for community usage, Application Developers/Partners discover APIs, subscribe, and start using them in their applications. Once these applications are installed for end users, usage of those applications invoke APIs underneath. This brings about the opportunity to collect statistics on API usage. These statistics make up the dashboard of your business through APIs. For example tracking for higher usage numbers would be a reason to starting thinking about scaling. Depending on the business value delivered, authentication needs of an API can vary as well.Over time APIs will evolve from creating newer, better versions to finally reaching end of life. Similar to how a product is managed, APIs once published should be carefully managed and monitored. Integrated API Management is designed to fully support such an ecosystem and is constantly evolving to serve more niche endpoints
SLM is similar to ALM dPaaS (development Platform as a Service) : Agile DevOps -(e.g., CloudForge/TeamForge from CollabNet, IBM Jazz, Test Harness, Maven, Chef and Puppet etc) ALM to DevOps: Orchestrate and govern the entire software delivery process; collaborate across the enterprise.What is DevOps?DevOps = Dev + Ops : The integration of software development with operations to enable the rapid delivery of new capabilities
Visibility and Traceabilityend-to-end Transaction Monitoring—plus AlertingTo provide business transaction assuranceSOA Monitoring and Alerting from Progress Actional http://www.progress.com/en/Product-Capabilities/transaction-monitoring-alerting.html
API Management PlatformGatewaythrottling of API calls based on identities, location and service level aPaaS e.g., Cloud Foundry iPaaS e.g., WSO2dPaaS (development Platform as a Service)Agile DevOps -Test Harness, Maven, Chef and Puppet
Complex mediation is often not applied within the API gateway. SOA infrastructure often already includes an Enterprise Service Bus that can effectively apply message transformation, protocol switching, credential mediation, and content routing. By decoupling complex mediation from the gateway, teams can readily scale the infrastructure and independently and separately evolve a standard, simple API from complex, back-end implementation services. An API and SOA deployment architecture may mirror the figure above.