[WSO2Con EU 2018] Implementing a Zero Downtime WSO2 API Manager with an API Community to Match

Platform Architect Data & Application Integration
NN Group
Implementing a Zero Downtime WSO2
API Manager with an API Community to
Match
Kees van der Vlis

The API Journey of NN Group
Like many other companies like it, NN Group is undertaking a digital transformation.
APIs are the key enabler of this digital transformation. In 2017 we commenced the
implementation of the API management solution using WSO2 software. We have
engineered the WSO2 components in such a way that we have created an API
Management infrastructure that is fully automated, both in provisioning, and
operational management. WSO2 is now being used for managing external APIs. We
are now expanding its use to internal API management. The presentation will focus on
the way we have engineered our external API management solution on the AWS
cloud, how we implemented several CI/CD patterns to achieve zero down-time, and
how we set up our API community.

NN Group History
&
Strategy
● NN Group has a long history
spanning almost 2 centuries
● For NN, “Digital” is a hot topic
which features in the strategy, as
is the case for many companies

4
• NN’s roots lie in the 19th- century the Netherlands
• Strong business positions; market positions built organically
• Unified international culture with shared best practices
• 17 million customers (excl. NN IP)1
• More than 15,000 employees 1
• Successful IPO on 2 July 2014
• Businesses rebranded to “NN” in 2015
• ING’s divestment of NN Group completed in April 2016
• Tender offer for Delta Lloyd successfully completed in April 2017
• Shareholders’ equity of EUR 22 bn at 16 November 20171
• Credit ratings2: A/stable (S&P), A+/stable (Fitch)
Leading Dutch insurer with strong businesses in
European insurance, asset management and Japan
Some facts and figures Our brand promise ‘You matter’
1. On 16 November NN Group reported its second fully consolidated set of quarterly results for NN Group and Delta Lloyd
2. Financial Strength Ratings

Over 170 years of rich entrepreneurship
5

NN’s Digital Transformation
6
1970s-2000s1845
2014
1940s 1990s-2010s
2016 and
beyond
Innovation
to operate
in a
saturated
market
First Pre-paid car insurance in The
Netherlands

NN Group’s WSO2
environment
Topics:
● Where did the journey start?
● Think Big, Start Small, Scale Fast
● Public vs. Private APIs

NN’s API Journey Is Linked To Our Cloud Journey
The Landscape 3 years ago:
● On-Premises,
● SOA Based application
integration,
● Applications in one place,
● Under control of NN
● Provider Centric
The Target Landscape:
● Public Cloud,
● Multiple Cloud providers,
● API based Integration, both
public and private
● Consumer Centric
Cloud Provider B
Cloud provider C Cloud provider D
Cloud Provider ACloud Provider X
Services Group 2
Domain Services
Services Group 3
Domain Services
Services Group 1
Domain Services
provider
Gateway
Services Group 6
Domain Services
Services Group 7
Domain Services
Services Group 5
Domain Services
Services Group 4
Domain Services
External facing NN
services
External Gateway
Consumer
Gateway
provider
Gateway
Consumer
Gateway
provider
Gateway
Consumer
Gateway
provider
Gateway
Consumer
Gateway
provider
Gateway
Consumer
Gateway
provider
Gateway
Consumer
Gateway
provider
Gateway
Consumer
Gateway

● March 2017: Approval of the management
board – “WSO2 is the Standard for API
management”.
● The Startech squad started with these
principles in mind: “Think Big, Start Small,
Scale Fast”.
● The squad took an agile approach and
defined a number of milestones.
● Mission: Deliver the WSO2 API
management infrastructure.
Start & Background: The Star Tech Squad

Start Small
Scale Fast
Think Big
Topics:
● Sandbox Environment
● Immutable Infrastructure
● Zero Downtime

● Delivered to Business
units in 3 sprints
● Fully functional WSO2
Environment
● Get quick feedback
● Early Adopters
Sandbox Environment: Start Small

Creating the Immutable Infrastructure: Scale Fast
Changes as they happen Automated weekly feature updates released through the pipeline
new features
bug fixes
updates
DevEng Test Acc Prd
Powered by

Continuous Testing
● All objects are created, modified & destroyed automatically during test cycles.
● Repeated for every change in D -> T -> A -> P
● Automated through a CI/CD pipeline
● Using Newman to run Postman collections
Automated
Testing
Authorize
Create API
Generate
API Keys
Subscribe
API
Read API
Invoke
API
Update
API
Block /
Unblock
Workflows
Mediation
Policies
Tiers

● The simple answer: Blue-Green Deployment
How do we achieve zero downtime?
Runtime (Gateway/Key Manager)
Ama zonEC 2
Ama zonEC 2
Ama zonEC 2
Design Time (Publisher/Store)
Ama zonEC 2
0: status quo
Ama zonEC 2
Ama zonEC 2
Ama zonEC 2
Ama zonEC 2
1: Create Green Environment 3: Destroy Green Environment
Ama zonEC 2
Ama zonEC 2
Ama zonEC 2
Ama zonEC 2
● …. If and only if all tests were successful
4: Create Green Environment
Create new Live
environment
Ama zonEC 2
Ama zonEC 2
Ama zonEC 2
Ama zonEC 2
5: “Paint it Blue”
Make the new environment
active
6: Decommision Old
Starve old environment, but
make it available for rollback
Ama zonEC 2
Ama zonEC 2
Ama zonEC 2
Ama zonEC 2
Note:
- No zero downtime
for Analytics & Traffic
manager (yet)
- No zero downtime
for major upgrades
and changes in
architecture
2: Run tests

Our WSO2 environment on AWS: The Target
Noteworthy
Components in the
landscape:
1) Akamai
2) Autoscaling
gateway
3) AWS/EFS and
RDS

Auto Scaling
CPU/Memory metrics are constantly sent from ELB and EC2
instances to CloudWatch
If metric is above the threshold an alarm is triggered by
CloudWatch
CoudWatch Alarm triggers an Auto Scaling Policy
Auto Scaling Policy launches new instance
ELB performs health check on the newly created instance
After the instance passes the health check it is added behind
the ELB
courtesy: Steffen Opel (infoq.com)
Schedule-based events are used
for Dev/Test environments to
reduce costs (availability Mon-Fri
7am – 7pm)

AWS/EFS and AWS/RDS Databases
● AWS Elastic File System and AWS RDS databases are used to persist WSO2 registry
configuration, API/tenants definitions, tokens etc.
● Both RDS and EFS have built-in high availability and durability through multiple AZ
implementation.
● We provide our own backup and restore process on top of this.
EFS backup (RDS backup is managed by AWS) Synced EFS/RDS restore via the pipeline

● Current environment for public APIs has
been in production since april 2018.
Public vs. Private APIs: Next steps in the Journey
● The major next step will be to start
developing the infrastructure for private
APIs. Added difficulty will be the multi-
cloud environment, with gateways in at
least 3 cloud environments.
AWS Azure
Bluemix

NN Group’s API Board
Questions:
● How do we create traction in our
API journey?
● How do we bring all business units
into the fold?
● How do we deal with different
expectations and levels of
experience?
● How do we ensure steady
contributions from each and
every business unit?

● Practical approach: Both Delivery and Taking decision, mainly on a functional
level
● Representation from all business units of NN – architects, as well as engineers.
• Varying levels of experience and questions: “What is an API?” to “How do we design our API for
PSD2?”
• First months were spent in establishing the role of the board
• Fortnightly meetings where everyone contributes
● Advantages of this approach:
• We all learn from each other – every business unit benefits
• We establish a close relationship between board, developers and
Star Tech team
API Board: A Community For The Business Units
Api Board
Star Tech
team
API
Developers

● 4 Key players from the API Board
● Used as a rapid response team to help business units with the
setup of the corporate object model for external APIs
● Approach:
○ Initial Workshop with one business unit team (2 hours),
○ Business Unit brings an example that they want to implement,
○ Aim is to have a first API defined at the end of the workshop,
○ Business Unit Team will implement the API
Data “Dictators”

1. Outside in, NOT inside out
● Objects are created and named as known by external parties:
○ E.g. SAP BP knows the object Business Partners, external parties see this object as Customers
● We adhere to standards in the market or standards from specific business partners (e.g. Independer)
2. One view for the whole of NN Group
● The use of the objects in this document are mandatory, NN has only 1 view for the whole of NN Group
● E.g. the object Contract is defined as a generic agreement, Pensions can not have its own definition for this object
● The details of a pensions contract can be retrieved by https://.../{context}/pensions/v1/{contract_id}
3. API’s are the windows of our company
● External API’s are services towards customers and suppliers. They expect high service levels. We need to comply to
these expectations. Therefore API’s need to be: 24x7, 99.998%, < 200 ms, …
4. Once an API, always an API
● Once an API is published and consumed it is very hard to change the API. Consumer apps (and their users) depend on
our published API’s. Changing the API will impact our customers and partners. Controlling a change is virtually
impossible with independent partners.
Data “Dictators”: Principles

● Virtual meeting place for all API
developers in NN Group.
● One-stop shop for all things API.
● Extensive API documentation, FAQ and
usage patterns
API Community & Documentation

● The latest addition: Live meet ups for all API Developers.
API Meet Ups

[WSO2Con EU 2018] Implementing a Zero Downtime WSO2 API Manager with an API Community to Match

More Related Content

What's hot

Similar to [WSO2Con EU 2018] Implementing a Zero Downtime WSO2 API Manager with an API Community to Match

More from WSO2

Recently uploaded

[WSO2Con EU 2018] Implementing a Zero Downtime WSO2 API Manager with an API Community to Match