pre-con ed: ca api gateway: how to deploy your gateway across multiple environments and...

World®’16

GatewayDeploymentScenariosandBestPracticesJamieWilliamsSeniorSoftwareEngineerCATechnologies

DO3X48E

DEVOPS

2 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD

©2016CA.Allrightsreserved.Alltrademarksreferencedhereinbelongtotheirrespectivecompanies.

Thecontentprovidedinthis CAWorld2016presentationisintendedforinformationalpurposesonlyanddoesnotformanytypeofwarranty. The informationprovidedbyaCApartnerand/orCAcustomerhasnotbeenreviewedforaccuracybyCA.

ForInformationalPurposesOnlyTermsofthisPresentation


Abstract

Inthissession,wewilllookatenterprisescenariosofdeployingyourCAAPIGateway.Wewillcoveron-premises,publiccloud,andPaaS/privateclouddeployment,andthedifferentformfactorsavailableforeach.

Thecomparisonofthevariousmodelsanddiscussionofrealworldexampleswillhelptheattendeeunderstandtheprosandconsofeach.Wewillalsolearnsomebestpracticesinimplementingsuchmodels.

JamieWilliamsCATechnologiesSeniorSoftwareEngineer


Agenda

INTRODUCTIONTOTHECAAPIGATEWAY

GATEWAYDEPLOYMENTSCENARIOS

CHOOSINGAMODEL

1

2

3

REALWORLDEXAMPLES4

BESTPRACTICES5


CAAPIGateway

§ EnablesenterprisestosecurelyexposeservicestoexternalclientapplicationsasAPIs.

§ Providesruntimecontroloverservice-levelauthentication,authorization,keymanagement,credentialing,integrity,confidentiality,schemavalidation,contentinspection,datatransformation,threatprotection,routing,protocolswitching,SLAenforcement,logging,andotherfunctions.

§ ActsasanintegrationpointforextendingexistingsecurityandmessageinfrastructuretoAPIs.


CAAPIGateway

CAAPIGateway

EnterpriseDirectory

APIServer

SecurityBoundary


GatewayDeploymentScenarios

§ On-Premises

§ PublicCloud

§ PaaS/PrivateCloud

§ Hybrid


On-PremisesDeployment

§ HardwareAppliance

§ VirtualAppliance

§ DockerContainer

§ Software


On-PremisesDeployment

VirtualorHardwareAppliance


FormFactorOptionsforOn-PremisesDeployment

FORM FACTOR PROS CONS

Hardware • Best performance• Bestphysicalsecurity• Purposebuiltappliance• ThalesnCipher HSM

• Requiresrackspace• No hardwaremigration• Disasterrecovery

VirtualAppliance • Mobility• Scalability• Easeofdeployment• Disasterrecovery• Monitoringandmanagementtooling

• Reducedperformanceduetooverhead• Potentialresourcecontention• ESXhostmaintenance

Docker • Mobility• Scalability• Ease ofdeployment• Disasterrecovery• Simpleupgradestory

• Migration, monitoringandmanagementtooling/UI notasdevelopedasVMware

• Emergenttechnology


PublicCloudDeployment

§ AMI

§ Azure

§ Otherhosting



APIs

AMI,Azure,Docker,etc.


FormFactorOptionsforPublicCloudDeployment

FORM FACTOR PROS CONS

AMI • ManyGateway-friendlyservices• Goodmonitoring• Auto-scaling• RDS

• Matureplatform

• Expensive

Azure • Cheaper thanAMI• Goodmonitoring• Auto-scaling

• Relativelyfewservices• Windows-centric


PaaS/PrivateCloudDeployment

§ CloudFoundry

§ OpenShift

§ OtherPaaS


PaaS/PrivateCloudDeployment

DockerContainer


ProsandConsofPaaS/PrivateCloud

PROS CONS

• Mobility• Scalability• Easeofdeployment• Disasterrecovery• Auto-scaling• Simpleautomatedupgradestory• Somehavegooddeployment,managementtooling

• Canbeveryopinionated/presecriptive• Often minimal ornoservices• Canhaveexpensivelicensesandsupportcontracts• Somehavelimitedorunfriendlytooling


HybridDeployment

§ Combinationofotherscenarios


HybridDeploymentExampleOn-premiseshardwarewithAmazonWebServices

AMI

HardwareAppliance


ChoosingaModel

§ Performance

§ Latency

§ Uptime

§ Governance

§ TimetoMarket

Whatareyournon-functionalrequirements?


ChoosingaModel

§ Sizeofdatacentre

§ Budget,capitalvsoperational

§ Departmentalsilos

§ Willyourcorporatelimitationsbechangingsoon?

§ Mightyouchangeyourmindaboutwhereaserviceisdeployed?

Whatareyourcorporatelimitations?


RealWorldExamples

§ On-premiseshardwareforTLS,AWSfornon-TLS(HTTP)traffic

§ On-premisesVMware,auto-scalinginAWSforpeaktraffic

§ FederatedGatewayclustersinseparateITinfrastructures

§ AzureforMicrosoftecosystemsupport

CAcustomers’Gatewaydeploymentscenarios


BestPractices

§ LoadBalancing

§ VMwarebestpractice

§ Performancetesting


LoadBalancing

§ Failover

§ Highavailability

§ Balanceload

§ Reduceoverloadingofindividualnodes

Whyimplementloadbalancing?


LoadBalancing

§ ChooseAffinityandBalancingalgorithmsappropriatetotheusercase

§ ConfiguretimeoutsforbothLoadBalancerandGatewayroutingappropriatetosystembehaviouratbusinesslevel

§ ConsiderSSLTermination

Realworldguidance


VMwareBestPractices

§ EnsureGatewayVMshavereservedmemoryandprocessors

§ DisableDRSorconfigureNodeAffinityforGatewayVMsonhypervisorclusters

§ DonotrunGatewayVMsonanovercommittedhost

§ Donotconfusehyperthreaded coresforphysicalcoreswhenallocatingprocessors

§ SizeGatewayVMssuitablyfortheusercase

Consistentperformancerequiresconsistentresources


PerformanceTesting

§ Networksubsystemsandback-endlatency

§ ConnectiontimeoutvsResponsetimeout

§ Concurrency&Keepalive

§ Synchronizationoftesting

§ LonglivedvsShortlivedrequests

§ Loadbalancing,errorcases,andlongerlastingeffects

Confoundingfactorstobemindfulof


RecommendedSessions

SESSION# TITLE DATE/TIME

DO3X47EVCAAPIGateway:DevelopingCustomPoliciestoSecureYourEnterpriseAPIs

11/14/2016at10:00am

DO3X49ECAAPIGateway:ManagingandmigratingGatewaypolicieswiththeGatewayMigrationUtility

11/14/2016at11:00am

DO3X52ECAMobileAppServices:BuildthePowerfulMobileAppEveryEnterpriseNeedsinUnderanHour

11/14/2016at1:00pm


Questions?


Thankyou.

Stayconnectedatcommunities.ca.com

@CAWORLD#CAWORLD ©2016CA.AllRIGHTSRESERVED.31 @CAWORLD#CAWORLD

DevOps– APIManagementandApplicationDevelopment

FormoreinformationonDevOps– APIManagementandApplicationDevelopment,pleasevisit:http://cainc.to/DL8ozQ

pre-con ed: ca api gateway: how to deploy your gateway across multiple environments and...

Technology