Containers & Cloud Native

RoadShow
API Management
Juan Carlos Cepeda Valero
Solutions Architect
April / 2019
[email protected]
https://www.linkedin.com/in/juank1400/
1
BACKGROUND
 NEW PATTERNS FOR DEVELOPMENT
Service Endpoints Architecture Development Process Deployment Infrastructure

Webservices Monolith Waterfall Server/VM Data Center

APIs Microservices CI/CD Container Cloud

Speed Agility Control

 WHAT IS AN API?
APIs 101

Application
Programming
Interface
4
 WHAT IS AN API?

“An interface to a software component that

can be invoked at a distance over a
communications network using standards
based technologies.”

APIs are essentially a technical construct, but they can be understood as

the defining interfaces through which business is done.

5 https://www.redhat.com/en/resources/3scale-winning-api-economy-ebook
API Management
 Why? -- Four Typical Business Benefits of APIs

Agility Innovation Ecosystems Revenue

7
WHY

1. To enable mobile as an additional

channel
2. To grow ecosystems: customer
(B2C) or partner ecosystems
(B2B)
3. To develop massive reach, for
transaction or content distribution
4. To power new business models
5. To drive internal innovation
The Platform Vision of API Giants – Kin Lane
 How?
FULL API LIFECYCLE MANAGEMENT
7. Secure 8. Manage 13. Monetize

6. Deploy 12. Monitor

5. Implement 11. Consume

1. Strategy

4. Test 3. Mock 2. Design 9. Discover 10. Develop

9
Introducing the
API Model Canvas

Analogy: Business
Model Canvas

API Model Canvas

WHAT
Best practices of successful API teams
bit.ly/APIManual
RED HAT AGILE INTEGRATION
RED HAT APPLICATION INTEGRATION

SECURE
M
AN E
AG TIZ
NE

OY
MO
E MO NI

PL
TO

DE
R

CONSUME
IMPLEMENT

STRATEGY
API Model Canvas

TE DIS OP
GN CO EL
ST SI VE DE
V
DE R
MOCK

Microcks
 RED HAT APPLICATION INTEGRATION
RUNTIMES INTEGRATION AUTOMATION

DATA GRID

AMQ BROKER

COMPOSE AND INTEGRATE

COMPREHENSIVE TOOLS TO BUILD AUTOMATE AND OPTIMIZE
MICROSERVICES ACROSS AN
& MIGRATE APPS BUSINESS PROCESSES
ENTERPRISE SERVICE NETWORK

Develop, Deploy and Manage Across Cloud and On Premise

Integration with RH Developer, CI/CD tools & Security Services

Optimized for OpenShift & Kubernetes Services
RED HAT APPLICATION SERVICES
DISTRIBUTED
CONTAINERS APIs
INTEGRATION

LIGHTWEIGHT CLOUD-NATIVE SOLUTIONS WELL-DEFINED, REUSABLE, &

WELL-MANAGED
PATTERN BASED LEAN ARTIFACTS, INDIVIDUALLY
ENDPOINTS
DEPLOYABLE
EVENT-ORIENTED
ECOSYSTEM LEVERAGE
CONTAINER-BASED SCALING &
COMMUNITY-SOURCED
HIGH AVAILABILITY

RED HAT RED HAT RED HAT 3SCALE

API SERVICES
FUSE AMQ API MANAGEMENT

SECURITY, AUTHENTICATION, AUDIT (RH-SSO)

 AGILE INTEGRATION ARCHITECTURE
External Applications

VMs
Container Orchestration (OpenShift)

Application Network Layer

Security Services (RH SSO)

API Management (3scale)

Data Services (Data Grid)

Policies Access Control Proxy Routing
Containers

Composite
Layer Enterprise Integration Patterns Service Interactions Anti
Corruption
Service Composition Events Mesh Layer

Core Layer

Cloud Native Cloud Native Containerized App Traditional

App (Runtime 1) App (Runtime 2) (Lift and Shift EAP) App (EAP)

DevOps Automation / Continuous Integration / Continuous Delivery (Ansible)

17
TAKE CONTROL OF YOUR APIS
Creating & Exposing APIs is just the start

HTTP REST
Endpoints
Security & Access Control
Authentication
Lifecycle
Version Control Management

Documentation Monitoring

Portal Provisioning

Scalability Alerts

Reliability Metering & Billing

Policies Testing
 API CENTRIC
MANAGEMENT AND LIFECYCLE

LIFECYCLE

➔ Testing
➔ Release
➔ Versions
➔ Deployment
MANAGEMENT ➔ SLA

CONTROL VISIBILITY

➔ Security ➔ Analytics
➔ Key management ➔ App tracking
➔ Rate limiting ➔ User tracking
➔ Policy enforcement ➔ Traffic alerts
➔ User management ➔ Engagement
➔ Provisioning ➔ Developer support
AUTHENTICATION
Ensure every client application is uniquely identified and can prove its identity

API Key: a shared secret used to authenticate a client application.

Cannot easily be renewed.

API Key Pair: an identifier + a shared secret used to

authenticate a client application. The identifier remains the
same during the whole lifetime of the application, the secret
can easily be renewed to ensure higher security.

OpenID Connect: a standard protocol to authenticate the client

application and the end-user connected on this application. Currently
the highest level of security.
ACCESS CONTROL
Two types of Access Control: Application Access Control and User Access Control.

Application Access Control strives answering the following question:

“Is this client application allowed to call this API or subset of this API ?”

User Access Control strives answering the following question:

“Is this end-user allowed to call this API or subset of this API ?”
ADVANCED SECURITY
A Web Application Firewall can be used to enhance the security of your APIs.

API Request Authorized API Request Authorized API Request

Web Application
Developer Apps API Gateway API Backend
Firewall

Mod_security and Apache are shipped and supported as part of any RHEL subscription.
Other WAFs can be used to protect the API Backend against: data exfiltration, SQL injection,
etc.
 API CONTRACTS, THROTTLING & LIMITS
Package your APIs. Crete access tiers. Set rate limits.

API services
Package #1 Internal
- Endpoint A Teams
Allow/restrict access - Endpoint t B

to your API endpoints Rate limits Package #2 Strategic

Partners
along with rate limits - X Calls / Minute
- Y Calls / Day
Package #3 Developers
Monetization
- Free
- $X per Month
- $Y per Call
DASHBOARD FOR THE API BUSINESS
TEAM
Gain and share API insights

Dashboard shows a high level view of the API Management platform :

• Data & Trends about Signups
and Hits
• Alerts about Developers
reaching limits of their API Plan
• Top performing applications
• Alerts upon Integration issues
ANALYTICS
Measure the success of your APIs. Take actions based on numbers.

Analyze API traffic by account, application or service and much more :

• Define and present tailored
metrics
• Drill down up to the API
Method level
• Implement business metrics
• Export data in CSV format
DEVELOPER & PARTNER PORTAL
Your brand. Your developer experience. Your user interface

Ensure the success of your APIs by providing an amazing developer

experience.
• Developer Onboarding
• Application & API Keys creation
• Usage tracking
• Interactive API Documentation
• EULA Management
• Fully customizable CMS
DEVELOPER & PARTNER PORTAL
Some public developer portals built on our solution.
MONETIZATION
Billing and payments management. Setup pricing rules. Invoice every month

Many of our customers choose to

monetize access to their APIs,
and 3scale makes that very
simple.
We offer key payment solution
integrations with Stripe,
Braintree, or Adyen which all
allow easy end to end billing
between the API consumer and
API provider.
MULTITENANT
Logically separate environments using shared resources

Master Account
Master Admin
Tenant Account 1
- Manage Tenants
- Impersonate Tenants
Developer Traffic Mgmt /
Admin Portal
Portal API Gateway
Tenant Admin
- Manage tenant admins / users
Tenant Account 2 - Access APIs and Admin Portal
Member
Developer Traffic Mgmt /
Admin Portal
Portal API Gateway
- Access given services / sections
THANK YOU
plus.google.com/+RedHat facebook.com/redhatinc

linkedin.com/company/red-hat twitter.com/RedHatNews

youtube.com/user/RedHatVideos
1

3
 1 GATEWAY LAYER

API Manager

Separation-of-Concerns !!
1. Access control
2. Transformation
 2 COMPOSITE LAYER

Composition of microservices to provide business functions

⇒ Aggregations, splits, content transformation, events, caching, pattern-based
integration, etc.
 3 BASE LAYER

The microservices themselves

Organised into application domains (based on bounded context)
 4 BASE LAYER + LEGACY INTEGRATION
Connect into the rest of the architecture where needed

Anti-corruption Layer
Legacy interface, transformations, “protection wall” to decouple domain models and
enforce bounded contexts