Minneapolis API Management

User Group

Aric Day | Principal Consultant | CA API Management

February 2018

[email protected]
 1 Introduction / Breakfast

12 Around the Room: Holiday Results

13 GUEST PRESENTATION : TARGET TEAM

Agenda
14 10min Break

15 Shiny New Things

16 Wrap Up : HAPPY VALENTINES DAY!!

2
Copyright © 2018 CA
Around the Room: Discussion
Discuss the Holiday Deployment
• Did you experience predictable volumes?
• What monitoring techniques & tools used?
• Stability issues or outages?
• New enhancements / features used or requested?
• Plans to upgrade this year? Which products?

Discuss Current Automation Maturity

• Using automated server builds?
• Using automated service migration / deployment?
• Which CI/CD tools are in your toolbox?

© 2018 CA. Confidential. All rights reserved.

Target Presentation: Use Case and Roadmap

© 2018 CA. Confidential. All rights reserved.

© 2018 CA. Confidential. All rights reserved.
The Modern Application Architecture Model
Manage Monitor
Orchestrate and Optimize API and app
manage API performance with
operations at scale analytics

Secure Consume
Protect APIs from Enable secure,
threats and scalable use of
vulnerabilities APIs in apps

API Providers API Consumers

Test | Publish Develop

Test and publish Accelerate
APIs to target development with
environments tools and SDKs

Create Plan Discover

Build APIs and Strategize, design Help developers
microservices with fast, and prototype APIs find and integrate
automated tools and microservices APIs easily

Full Lifecycle API Management

© 2018 CA. Confidential. All rights reserved.

© 2018 CA. Confidential. All rights reserved.
 Latest Innovations in CA API Management

Manage Monitor
New Precision API
CA Microgateway
Monitoring
Secure Consume

New Rapid App

Security API Providers API Consumers RAS Universal
SDK
Test | Publish Develop

New Service New API Developer

Create Plan Discover
Virtualization Portal
Solutions

New Assertion
Capabilities

© 2018 CA. Confidential. All rights reserved.

 Microgateway – Key Characteristics
Capabilities and Patterns:
Service Discovery and Route via
integration with service registries
Access Token for last mile security
Rate Limiting and policy
enforcement
Licensed and priced to scale within
highly decentralized environments
Lightweight Orchestration allows
for decoupling of backend services
front frontend capabilities
Circuit Breaker to protect from the
propagation of failures
Deployment: Interaction:
Lightweight, containerized gateway Developer-friendly policy
templates provided for easy
Easily accessible from common
design-time config
developer platforms
Extend and enhance templates
Deploy and manage using Docker
to provide custom/new policies
Incorporate into industry-standard
Bake new templates into reusable
DevOps processes
containers for future
Support for PaaS environments with
OpenShift as first target
https://github.com/CAAPIM/Microgateway
© 2018 CA. Confidential. All rights reserved.
 Demo Architecture
CA Live API Creator
lac.docker.local:80
Service Registry networks: microservice Consumers
consul.docker.local:8500
Beers

Rules
mysql_beers Data API
:3306 internal
CA Mobile API Gateway
Beer_Comments mas.docker.local:8443

beer_comments Rules
Data API
:3306 internal CA Microgateway
msgw.docker.local:9443
admin

CA Developer Console
mas.docker.local:443
lac_mysql Data API Rules
:3306 internal

lac_cluster Developers
OAuth HUB

https://github.com/aricday/apimanagement/tree/master/mpls_ms_demo
10 © 2018 CA. ALL RIGHTS RESERVED.
 Latest Innovations in CA API Management

Manage Monitor
New Precision API
CA Microgateway
Monitoring
Secure Consume

New Rapid App

Security API Providers API Consumers RAS Universal
SDK
Test | Publish Develop

New Service Create Plan Discover New API Developer

Virtualization Solutions Portal

New Assertion
Capabilities

11 © 2018 CA. ALL RIGHTS RESERVED.

Rapid App Security Technical Overview
Components for addressing authentication challenges
• Components
– CA Advanced Authentication
• Provides a cost-effective and user-convenient way to protect mobile
apps with 2FA credentials and contextual risk-based authentication
– CA Mobile API Gateway (OAuth HUB)
• Builds trust relationship between user, app, and device, and secures
communications between device and backend systems
– CA Rapid App Security Mobile SDK
• Simplifies developer experience through a single, unified SDK that
easily embeds security into a mobile app
© 2018 CA. Confidential. All rights reserved.
FIDO® Overview
The FIDO® (Fast IDentity Online) Alliance was established to tackle the issues
related to traditional usernames and passwords.

FIDO empowers secure authentication among devices and online services by

using biometric information.

FIDO is based on public key cryptography where biometric information about the
user is saved only on the device, and not on the server.

As the user credentials are not traversing over the network in FIDO, it is a safer
protocol. Thus, FIDO prevents man-in-the-middle attacks.

Commonly used biometric modalities include fingerprint, face, iris, and voice scan.

© 2018 CA. Confidential. All rights reserved.

 FIDO Integration with CA Solutions

Access Gateway Policy Server User Store CA Identity Manager

Universal SDK Secure Proxy CA Directory
API Gateway
(MAG) CA Single Sign-On

Applications

Devices

Copyright ©2017 SAMSUNG SDS. All rights reserved.

Application
Services
Auth and Risk ü Risk Engine
ü Rules & Policies
Services ü Strong Authentication

© 2018 CA. Confidential. All rights reserved.

Universal SDK

© 2018 CA. Confidential. All rights reserved.

 Latest Innovations in CA API Management

Manage Monitor
New Precision API
CA Microgateway
Monitoring
Secure Consume

New Rapid App

Security API Providers API Consumers RAS Universal
SDK
Test | Publish Develop

New Service New API Developer

Create Plan Discover
Virtualization Portal
Solutions

New Assertion
Capabilities

© 2018 CA. Confidential. All rights reserved.

New Assertions:

• JavaScript Execution Assertion (ALPHA)

• AWS Integration Assertion (BETA)

• Circuit Breaker Assertion (GA)

• Write LDAP Assertion (GA)

https://validate.ca.com/welcome/
© 2018 CA. Confidential. All rights reserved.
 Latest Innovations in CA API Management

Manage Monitor
New Precision API
CA Microgateway
Monitoring
Secure Consume

New Rapid App

Security API Providers API Consumers RAS Universal
SDK
Test | Publish Develop

New Service New API Developer

Create Plan Discover
Virtualization Portal
Solutions

New Assertion
Capabilities

© 2018 CA. Confidential. All rights reserved.

 CA Precision API Monitoring: End-to-End Visibility
End Users CA API CA APM
Management

Synthet
ic Mobile Network Load Back-end /
API App
Device Balancer Database /
Gateway Server/
Middleware Mainframe

Ø Visibility into API performance

Back-end /
Ø Understand which back-end systems App Server/
Database /
support business services Precision API
Middleware
Mainframe

Monitoring
Ø Determine End-User experience

Ø Rapidly triage performance issues

App Server/ Back-end /
Middleware Database /
Mainframe

© 2018 CA. Confidential. All rights reserved.

Manage & Monitor API and Gateway Metrics
Customized type views for
Services and API Gateway
metrics

Metric visibility: per service

latency, successes, failures,
and violations

Gateway OS vitals
monitoring including CPU,
memory, and MySQL
database

Automatic alerting on API

performance anomalies
© 2018 CA. Confidential. All rights reserved.
 Topology Map and Transaction Tracing
Team Center exposes front-end
APIs grouped by gateways
& clusters with back-ends

Experience Views summarize

key API metrics in a simple
interface

Detailed API transaction tracing

allows quick triage

Correlation of API traces to

backend APM monitored
systems show entire transaction
from customer perspective
© 2018 CA. Confidential. All rights reserved.
 Latest Innovations in CA API Management

Manage Monitor
New Precision API
CA Microgateway
Monitoring
Secure Consume

New Rapid App

Security API Providers API Consumers RAS Universal
SDK
Test | Publish Develop

New Service New API Developer

Create Plan Discover
Virtualization Portal
Solutions

New Assertion
Capabilities

© 2018 CA. Confidential. All rights reserved.

 CA API Developer Portal Timeline
CA API Developer Portal CA API Developer Portal CA API Developer Portal
(Classic) (SaaS) (On-Prem or Enhanced Experience)

SaaS version of the CA API SaaS version of the CA API Management suite with a brand new portal
This is the latest version of the called
Management suite with a brand new and enhanced features
“classic” portal portal and enhanced features

v. 3.5 v. 4.0.0 v. 4.0 v. 4.1 v. 4.1.7 v. 4.2

DEC JAN JUN NOV DEC

2012 2014 2017 2017 2017 2017

© 2018 CA. Confidential. All rights reserved.

Improved On-Premises Deployment Process

© 2018 CA. Confidential. All rights reserved.

New decoupled API Publishing (Federated Deployment)

APJ EMEA NA
API Owner

Automatic
Deployment Dev

On-demand
Deployment UAT
Admin

Scripted
Deployment
Prod
CICD + custom script

© 2018 CA. Confidential. All rights reserved.

New decoupled API Publishing (Federated Deployment)

Developers

Load balancer

Admins
API Owners
PRODUCTION
NA EMEA APJ

TEST
NA EMEA APJ

api1 DEV
NA EMEA APJ
api2
api3

© 2018 CA. Confidential. All rights reserved.