api management and integrated soa governance
DESCRIPTION
API Management how it extends Integrated SOA GovernanceTRANSCRIPT
Integrated SOA Governance
Why API Management matters?
Strategic enterprise benefits with API Management
HTML5, Proxy and APIs -The New Three Tier Architecture
Objectives
Resource pooling
•Multi-tenancy•Resource utilization •Shared, virtual infrastructure • Interoperability
On-demand
self-service •Fine-graded metering•Billing & reporting•Flexibility workload assignment •Standard service offerings •Quick deployment and automation
Rapid Elasticity
•Stateless services •Rapid provisioning•Flexible topology•High Quality of Service
SaaS delivery model (pay per use)
Traditional vs. New SOA Model
Cloud Centric
Accountability [Contracts/SLAs]
Visibility [Analytics]
Control [Governance]
Agility [Self-Service
provides Operational
Efficiency & Agility]
Driving Force behind API Management
SaaS-style delivery model for API Services• AaaS: Providing API’s as a Service• Access services on any device from anywhere at any time • Self-Service shifts IT centric model to a delegated administration methodology • Monetization – usage based chargebacks • Multi-tenancy for Service Layer – Prevent single tenant monopolizing resources • Analytics-as-a-Service: To offer Next-generation analytics/Big Data as API • Low TCO and high ROI
Cloud Service Brokerage(CSB) Infrastructure for Healthcare Integration • Essential for Health Information Exchange(HIE), EMR/EHR projects to facilitate secure
information exchange between disparate organizations across boundaries.• API Marketplace to browse API Catalog, subscribe APIs, establish contracts(SLA)• Customization – Implementing unique services or capabilities beyond the original
services• To apply cross-cutting concerns like security, privacy, QoS, policies and mediations
without impacting upstream and downstream systems.
Driving Force behind API Mgt (Cont’d)
Consumerization & Mobile Enablement• To support Bring Your Own Device (BYOD) programs and Mobile Device
Management(MDM)• To modernize services for mobile consumption [Cache, Compress, Pagination,
Pre fetch content, WAN optimization - chatty to chunky interfaces]‐• To secure REST APIs: Map Web SSO and SAML to mobile friendly OAuth, ‐
OpenID Connect and JSON Web tokens• To adapt Mobile App Paradigm by leveraging existing Enterprise Assets
Increase Operational Efficiency• Fully integrated API Mgt Suite (Turnkey solution that includes Development,
Runtime and Operational governance capabilities) • Reduce IT burden – Delegated, role-based administration via 24/7 self-service
portals vs., dependency on limited IT resources • High visibility with real-time dashboards for Root Cause Analysis • Impact Analysis for Change Management • Elastic Scalability – Scale-out / Auto-Scale all components
Integrated SOA Governance• Policy Enforcement
[Contracts/SLAs]• Mediations [Protocol,
Identity , Format]• Access Control [ACL,
OAuth, API Keys]• Metering [audit, usage
tracking ]
Gateway
OperationalManagement
Lifecycle Management
APIManagement
Service Virtualization [customizations]• Life-cycle Management [service & policy assets]• Governance [Compliance & Approvals ]• Metadata[repository & registry]
• Transaction Tracking [ Operational Responsiveness]• Root-cause Analysis
[Exception Management ]• Centralized Management [Cluster-wide Configuration ]• Business Activity Monitoring
[real-time business visibility]
• API Catalog [Discover APIs]
• Reports [Analytics]
• Contracts [SLAs]
• Self-Service [Developer On-boarding, Key delivery , Approvals & API Access Provisioning]
Traffic-shaping
how API Management relates to SOA Governance?
Gartner’s : Application Services Governance
Gateway
Service Virtualization for exposing on-premise and external APIs as services
Authentication and Access Control, enforcing OAuth or API key access on inbound RESTful requests and proxy these to internal services, Credential Mapping, Identity Propagation
Data Format Mediation, with support for conversion of unstructured, semi-structured and structured XML data into RESTful API responses
Protocol Mediation across a wide range of protocols including SOAP, JMS, MQ, FTP(S), Raw TCP, and custom protocols
Content Attack Prevention, including support for XML and HTTP level content threats, denial of service support and policy-based input validation.
SLA Management and Rate Limiting, including support for identity based metering of API calls and externalized policies that enforce a consistent quota across a cluster of gateways
Policy Engine, with support for service composition, orchestration - conditionals and looping, response caching, pagination expressed as policy, not code
API Gateway
Greater flexibility for changing policy requirementsConsistent processing across multiple servicesOn-demand API customizations for individual client needs
API Management
API Product Management, API packaging of existing services as products
Developer on-boarding and registration
Portal administration and content management system
Reporting and analytics for API usage and latency
Developer facing services catalog
Developer enablement tools, such as IO docs, which provide mock-responses for testing APIs
Admin tools, to allow administrators access to developer approvals
Community tools, such as forums, blogs and application galleries
Collaboration between Roles
Service Lifecycle Management(SLM)
Lifecycle Manager• [Service & Policy assets, Service Level Agreements (SLAs)]
Development Governance• [SDLC - DevOps, Versioning and Change Management ]
DevOps Forge• [Test Harness, Self-Service, Continues Integration , Configuration and deployment automation …]
Change Governance & Release Management • [Compliance & Quality Management , Approval Workflow and Notifications]
Relationship Tracking• [Design Time Impact Analysis]
Metadata• [Federated Repository & Smart End-Point Registry]
SLM - 3 Rings Of Functionality
SOA SLM• Life-cycle management• Control–Approval Workflow• Governance policy
SOA repository• Asset metadata• Asset storage and reference• Service version
management
Service registry• Runtime service lookup• Runtime policy lookup• UDDI interface
Service vs. API Lifecycle
DevOps- Service Lifecycle Management
Project and Team Management
Software Development
Workflow
Governance and Compliance
Development Tools
Issue Tracking
Source Control Continuous Build
Continuous Integration
Test Harness
Continuous Delivery (Configuration Mgt)
Continuous Performance Management
Metadata
Repository
dPaaS/DevOps - development Platform as a Service
DevOps: Test-Driven Development + Continues Integration + CPM
Operational Management
Transaction Tracking [Operational Responsiveness]
Root-cause Analysis [Exception Management ]
Centralized Management [Cluster-wide Configuration ]
Business Activity Monitoring [real-time business visibility]
Operational Management
Operational Management
Capacity and Availability Management – Plan and manage throughput and availability to ensure that you deliver the performance and service levels your customers expect without risking internal system overload.
Root cause Analysis – Track transactions from the API where they enter your business to the back end services and applications that process them so you can quickly find and fix problems.
Impact Analysis – Understand the relationships between your business systems and applications, SOA assets and services, APIs and your customers and partners. This way you will know the potential impact of any changes you plan to make before you make them.
End-to-end Security – Use the appropriate security models and standards for services and APIs even if they are different. Use the SOA Software product set to enable end-to-end security mediation and integration with enterprise security systems.
App Developer
Service Developer
Internal RESTful Services
SOAP Web Services
Legacy Services(AS400, Mainframe )
Data Access Services
Internal PaaS APIs
External SaaS APIs
Service Virtualization Authentication and Access ControlData Format MediationProtocol MediationContent Attack PreventionSLA Management, Rate LimitingLightweight ESB: Service
Orchestration and Composition
API Product ManagementDeveloper On-boardingPortal AdministrationReporting and AnalyticsAPI MonetizationDeveloper Facing Service CatalogDeveloper Enablement ToolsAdmin Tools & Community Tools On-Demand Self-Service: API Key Mgt…
Centralized Management [Cluster-wide Configuration]Root-Cause Analysis [Exception Management]Transaction Tracking [Operational Responsiveness]Business Activity Monitoring [real-time business visibility]SLA Management [SLA Monitoring and Alerts]
Lifecycle Manager [Service & Policy assets]Development Governance [SDLC & Versioning]DevOps Forge - Test Harness, Git…Change Governance [Compliance & Approvals]Relationship Tracking [Impact Analysis ]Metadata [Federated Repository & Registry]
Service Administrator
Identity & Access Management
IT Command Center
Service #1
Service #2
Service #3
Consumers
RESTOAuth
Faca
de
SO
APSOAP,JMS,FTP
WS-Trust
Enterprise Departments
WebApps
API and SOA Deployment ArchitectureAPI Consuming application
API Interface exposed by API Gateway
Service virtualization, composition and orchestration hosted by Enterprise Service Bus
Atomic Business Services hosted by application server, business process server
API Best Particles
Evolve to Cloud Services Brokerage (CSB)Cloud Service Brokerage (Healthcare Service Hub)
Enterprise Service Brokerage
Enterprise API Management
API Gateway
API Broker
Aggregate – Integrate – Customize
Par
tner
D
evel
oper
P
orta
l
Inte
rnal
D
evel
oper
P
orta
l
AP
I P
rovi
der
Por
tal
AP
I B
roke
r P
orta
l
Own APIs
3rd-Party
APIs