modernize service-oriented architecture with apis
TRANSCRIPT
©2016 Apigee Corp. All Rights Reserved.
Robert Broeckelmann
RCBJ Consulting
Dino Chiesa
Apigee
Today’s presenters
Slideshare slideshare.com/apigee
Apigee Community https://community.apigee.com
YouTube"youtube.com/apigee
Modernizing Service Oriented Architecture with APIs!
ABOUT ME !
• Founder and Principal Consultant at RCBJ Consulting, LLC.• Being bought by Levvel, LLC
• Now, Principal Consultant at Levvel, LLC• Levvel, LLC is a fast-growing IT consulting firm that combines the
innovative DNA of a startup with the wisdom, scalability, and process rigor of a Fortune 100 company.• Offers technical and strategic advisory services including DevOps,
Cloud, Mobile, UX/UI, Big Data, Analytics, Payment Strategy, and more
• Masters degree in Computer Science from Washington University in Saint Louis
• Started working with Apigee Edge Server in 2014• Worked with WebSphere DataPower since 2010
DISCLAIMERS, WARNINGS, HEALTH HAZARDS !
• What we present here is one of numerous possible ways to use Apigee technology. Your situation and requirements will probably differ.
• As always, test things in a non-production environment prior to using anything in production.
• We are not responsible for spontaneous combustion of the known universe or any other undesirable outcomes associated with using what is discussed here.
• This presentation describes a large organization’s journey from an existing SOA & Integration platform to API Management.
• Unfortunately, the organization will remain nameless
AGENDA !
1. Business & Technology Drivers
2. Current Infrastructure, SOA & Integration Capabilities
3. Gaps
4. Considerations & Requirements
5. Lessons Learned & End-State Architecture
WHAT ARE THE DRIVERS? !
• Business• Mobile• B2B Integration• SaaS Solution Integration• Facilitate wider adoption• Increase Business opportunities
• Technology• Direction Industry is going• APIs easier to develop with than predecessor standards• Maturing standards
• Security: Authentication & Authorization (OAuth 2.0, OpenID Connect 1.0, and JWT)
• Interface Definition: Swagger 2.0• JSON Schema
EXISTING SOA/INTEGRATION CAPABILITIES !
• SOA Capabilities• SOA governance/service life-cycle management• Service meta-data registry/repository
• Service versioning/routing/security policy• Security model• Standard messaging models• Enterprise service standards• Standard error handling, reporting, and statistics logging
• Integration Capabilities• Integrating dozens of on-premise Commercial Off-The-Shelf
(COTS) apps/third-party systems• SOAP over HTTPS and XML over Websphere MQ• Data transformations/protocol transformations/security integration
EXISTING SOA/INTEGRATION CAPABILITIES !
• Use the IBM Integration Stack• WebSphere Message Broker/IIB• WebSphere DataPower• WebSphere Services Registry & Repository• WebSphere MQ• WebSphere Transformation Extender(WTX)• Focusing on WebSphere DataPower
• Relevant Patterns• Enterprise Service Bus (ESB)• Service Gateway
ENTERPRISE SERVICE BUS !
• These products make up the IBM Integration and SOA Stack
• Service Consumers and Service Providers are combination of SOAP web services, MQ Message Consumers and Message Producers, XML/JSON REST Services, and APIs
• DataPower is the front door to the ESB (for services and API traffic) – standard IBM pattern
SERVICE GATEWAY !
• All traffic is encrypted via TLS or VPN• Ingress and Egress scenarios use the
same physical appliances – different Application Domains.
• Single Ingress/Egress point for SOAP Services/APIs traffic involving internet
• DataPower protects SOAP and API endpoints at the edge of the network
• IdP/STS/IAM systems not shown• Load Balancers and other systems
that do not contribute to this pattern are not shown
CURRENT INFRASTRUCTURE: GAPS !
• Legacy Baggage• Primarily created by organization, not the technology• Creates complications and obstacles that must be dealt with
• Existing integration stack products not built with REST/APIs & JSON in mind• Added as afterthought
• Missing developer portal• One stop, self-service shop for developers throughout the
development lifecycle• Ties into DevOps plans for the organization
CURRENT INFRASTRUCTURE: GAPS !
• Information, current as of Q4, 2014.• All products mentioned under ongoing active development.
• Cannot perform JSON schema validation and API request/response validation based upon Swagger 2.0 data definitions
• Limited support for APIs and Swagger 2.0 in existing service registry• No support for a standards-based API security model
• OAuth 2.0, Open ID Connect 1.0, and JWT 1.0• Current infrastructure is all on-premise
• Limited to single part of the country• No geo-location based routing of API requests.
WHY MODERNIZE? WHY USE APIS? !
• APIs have become the industry standard for system interfaces of all kinds
• Hide complexity; expose existing functionality• Use APIs as the basis for porting systems/functionality
into the cloud• Make it easier for other business units and business
partners to access systems and data, but maintain security
• Next step in evolution of SOA/Integration platforms
REQUIREMENTS !
• Want to use• API-First Design methodology for APIs• Swagger 2.0 as the interface definition language
• Ties together security model, standard data/messaging models, API standards, and internal SDLC
• Also provides a testing mechanism for APIs• Developer portal that serves as a one-stop, self-service shop for
developer access to• Developer registration• Application registration• API documentation• Security registration• Self service
REQUIREMENTS !
• Same Service-Lifecycle used with SOAP Web Services applies to API Lifecycle• Do not want to lose structure and discipline of SOA Governance
and service life-cycle management• Let’s call this API Governance and API Life-Cycle Management
• Continue to realize ROI in the IBM Integration Stack• Includes DataPower
• Supported Use Cases• Single Page Web Applications• B2B integration• System-to-System communication
• Want to leverage organization’s existing programming skill sets• Java & Javascript
REQUIREMENTS !
• SAML 2.0/WS-Trust 1.3/WS-Security 1.0 Security Model used with SOAP Web Services as a model for OAuth 2.0/OpenID Connect 1.0/JWT 1.0 Security Model for APIs• Standards-based approach to security
• PCI Compliance could be a requirement in the future• Cloud-based solution
• Extend on-premise integration stack capabilities into the cloud• Going forward, many SaaS API Providers and API Consumers
versus on-premise deployments• Do not want to be limited to a single cloud provider• All the other benefits of a cloud-based infrastructure
API MANAGEMENT !
• What is API Management?• The process of publishing, promoting, and overseeing APIs in a
secure, scalable environment• Ensures that developers and partners are productive• Manages, secures, and mediates your API traffic• Allows an organization to grow their API program to meet
increasing demands• Three components
• Management Portal• Developer Portal• Runtime Gateway
LESSONS LEARNED !
• Used DataPower on-premise for ESB Gateway and DMZ Gateway; used Apigee Edge Server in the cloud. Allowed ROI of the original IBM Integration Stack deployment to continue to be realized
• Avoid cloud-based API Gateway run-time dependencies that tie back to your data center – potentially creating a single point of failure
• Using SaaS middleware solutions allows organizations to focus on mission-critical, business-oriented problems
• There will be a mix of SOAP & REST/APIs for the foreseeable future• API/REST related specs are evolving, but still young compared to WS-* specs.• Existing organization of infrastructure and middleware administrators, developers,
and SOA Governance group were able to adapt to manage and utilize APIs
END-STATE ARCHITECTURE !
• Apigee Edge Server extends Integration Stack capabilities into the cloud• Handles Internet-facing API
Providers• Primary API endpoint
• Cloud-based B2B Integration• APIs & SOAP WebServices
• Developer Portal• Key component of mobile platform
©2016 Apigee. All Rights Reserved.
Thank you! Continue the conversation at "https://community.apigee.com