API Management for Enterprise Mobile Access a How-to Guide
Download as PPTX, PDF1 like743 views
The document discusses enterprise API management for mobile access. It describes how a mobile access gateway can bridge legacy enterprise services and data to modern mobile-friendly formats and protocols. The gateway provides a single integration point that handles security, access controls, and real-time event processing to enable reuse of APIs across multiple mobile and non-mobile platforms while preserving data privacy and integrity.
![The App Explosion
Courtesy of zendesk Courtesy of [x]cube Labs](https://image.slidesharecdn.com/apimanagementforenterprisemobileaccess-ahow-toguide-120223181508-phpapp01/85/API-Management-for-Enterprise-Mobile-Access-a-How-to-Guide-6-320.jpg)
API Management for Enterprise Mobile Access a How-to Guide
- 1. API Management for Enterprise Mobile Access A Layer 7 Technologies Solution Matt McLarty, VP, Client Solutions, Layer 7 Technologies
- 2. Housekeeping Questions - Chat any questions you have and we’ll answer them at the end of this call Twitter facebook.com/layer7 - Today’s event hashtag: layer7.com/linkedin - #L7webinar layer7.com/blogs - Follow us on Twitter as well: - @layer7
- 3. Agenda • BYOD and the App Explosion “Bring Your • Innovation through Consumerization Own Device” • Enterprise Mobility and the Mobile App Paradigm Enterprise Mobile • Leveraging Enterprise Services and Assets Integration • API Publication, Security and Monetization Enterprise API • Solutions and Case Studies from Layer 7 Technologies Management
- 4. BYOD: Bring Your Own Device Courtesy of Click Software
- 5. BYOD: iPad @ Work – from IDG Connect “iPad for Business Survey 2012”
- 6. The App Explosion Courtesy of zendesk Courtesy of [x]cube Labs
- 7. Pillars of an Enterprise Mobility Strategy* “By exposing Business Drivers access … through Hardware Ownership & Support a standardized mobile-friendly Deployment, Provisioning & Management enterprise Enterprise Services Platform services layer, the cost of Application Portfolio & Roadmap innovation can be dramatically Corporate Governance & Processes reduced.” Security Standards & Audit Processes * From “iPad in the Enterprise”, N. Clevenger, Wiley 2011
- 8. Mobile App-to-Enterprise Service Integration • Existing enterprise • Re-use of API and services can create shared services and increase infrastructure revenue Increase Cost Revenue Reduction Quality of Compliance Service • Leverages proven • Uses existing systems with security policies enterprise SLA’s and technologies
- 9. Mobile App-to-Enterprise Service Integration Challenges Mobile Devices Enterprise Services Data Services Network Composite services Proliferation of mobile Service API’s need API’s from Data privacy and devices increases unavailable in mobile- multiple integrity must be message volumes friendly formats & providers, requiring preserved end-to-end exponentially protocols (REST, JSON) federation BYOD approach mixes API’s must be reusable How to access personal and business across multiple mobile business intelligence use, blurring the and non-mobile and Big Data in real- security perimeter platforms time
- 10. Enterprise Service Platform Evolution Web Apps and Web Services (2001-2010) Thin & Thick Client Web Proxy App Server DB Server Mobile Apps and API’s (2011 and beyond) Mobile On- Apps Prem Cloud Mobile Access Gateway API Server Data Services (Hadoop, RDBMS)
- 11. The Mobile Access Gateway Mobile Devices Enterprise Services Real-time bridging from SOAP, XML and legacy s Data Services JSON formats to REST, Network mobile protocols Optimized high scale engine for compute- Single logical gateway intensive integration cluster configurable to functions handle mobile, web and B2B traffic Proliferation of mobile Composite services App- and API-specific Service API’s Data privacy and Existing enterprise devices increases need API’s from security handling— unavailable in mobile- message volumes multiple providers, friendly formats & access control andbe integrity must including Oauth— preserved end-to-end crypto extended to App- exponentially requiring federation adapts the perimeter protocols (REST, JSON) API through Gateway BYOD approach mixesFederated security for reusable API’s must be How to accessEvent-aware integration 3rd party API’s, multiple mobile personal and business across data capability for real-time business intelligence use, blurring the aggregation for and non-mobile analytic data synthesis and Big Data in real- composite API mashups security perimeter platforms time and integration
- 12. The Mobile Access Gateway Mobile Devices Mobile Access Enterprise Services Service API’s Real-time bridging from unavailable in mobile- SOAP, XML and legacy Gateway friendly formats & Data Services JSON formats to REST, protocols (REST, JSON) mobile protocols Proliferation of mobile Optimized high scale devices increases engine for compute- API’s must be reusable Single logical gateway message volumes intensive integration across multiple mobile cluster configurable to exponentially functions and non-mobile handle mobile, web and platforms B2B traffic BYOD approach mixes App- and API-specific Existing enterprise personal and business security handling— Data privacy and access control and use, blurring the including Oauth— integrity must be crypto extended to App- security perimeter adapts the perimeter preserved end-to-end API through Gateway Composite services Federated security for How to access Event-aware integration need API’s from 3rd party API’s, data business intelligence capability for real-time multiple providers, aggregation for and Big Data in real- analytic data synthesis requiring federation composite API mashups time and integration
- 13. Mobile App-to-Enterprise Integration Stakeholders App Who is allowed to API Developer use my API’s? Are Owner What API’s are they being used? available and how can I use them? Mobile On- Apps Prem Cloud Mobile Access Gateway API Server Data Services (Hadoop, RDBMS) IT Info How is our data Security Operator being protected and What is changing? access controlled? Is everything running smoothly?
- 14. Layer 7 API Management Suite API Proxy - Enterprise-grade Mobile Access Gateway API Portal - Developer on-boarding, support and resources - API metrics and reporting Enterprise Service Manager (ESM) - API migration, management and dashboarding Secure OAuth Toolkit - Support for 2 and 3-legged OAuth
- 15. API Management – How it All Works Enterprise APIs 1. Publish & Secure APIs 2. Onboard Developers Developer Security Architect 4. Close the Loop 3. Monetize your APIs IT Operator Business Manager/ API Owner
- 16. Mobile Access Gateway – API Proxy Enterprise APIs Feature/Function API Proxy Credentialing Y Custom Assertion SDK Y JDBC support Y SAML support Full Convert SOAP<->REST Y WS* support Y XACML support Y 1. Publish & Secure APIs MTOM support Y Transports supported JMS, MQ, FTP(s), HTTP(s), raw TCP Concurrent Assertion support Y OAuth support 1.0 and 2.0, HMAC, RSA Rate Limiting Y Multiple Form Factors Hardware, Software, VMware, AMI
- 17. Mobile Access Gateway – OAuth • Plug in your ID providers, IAM, CA Siteminder, OAM, … • Plug in any developer portal, api key management system Layer 7 implements OAuth Layer 7 implements OAuth Resource Server for your REST Authorization Server services, APIs Client application (REST client) API Dev Portal or Client API Key store 1. Handshake 2. Service call Handshake only (optional) Resource owner (subscriber) ID Provider For resource owner authentication
- 18. API Portal – Onboard and Manage Developers Enterprise APIs 2. Onboard Developers Feature/Function API Portal Developer Registration Y API Key Management Y API Explorer Y API Rate Limiting Y API Reporting Y Developer Support Y Fully-branded CMS Y Account Management Y
- 19. ESM – API Migration and Lifecycle Management Automated dependency resolution when migrating policies between environments cloud01LDAP prod01LDAP Development Test (Enterprise) Production (Cloud) dev01LDAP 3. Monetize your API’s
- 20. Example Scenario – Web Application Security Thin & Thick Client Web Proxy App Server DB Server Policy Server Directory (e.g. SiteMinder) (e.g. AD) Monitoring & Logging
- 21. Example Scenario – Web Services Security Thin & Thick Client Web Proxy App Server DB Server B2B Clients Policy Server Directory (e.g. SiteMinder) (e.g. AD) Mobile Access Gateway (L7 SecureSpan Gateway) L7 Enterprise Service Manager Monitoring & Logging
- 22. Example Scenario – API Management Thin & Thick Client Web Proxy App Server DB Server B2B L7 API Portal Clients Policy Server Directory (e.g. SiteMinder) (e.g. AD) Mobile Apps Mobile Access Gateway (L7 SecureSpan Gateway) L7 Enterprise Service Manager Monitoring & Logging
- 23. Case Study: API-Enabling Health Care Challenge: Reduce cost and delay in processing Medicaid member information by bringing the process online Solution: Mobile Access Gateway allows iPad application to securely connect to existing backend APIs; data routing, strict authN & authZ, comprehensive threat protection Results: Improved the provider’s health care coverage and member services, while increasing the effectiveness and efficiency of its Medicaid program
- 24. Case Study: Mobile-Enable Airline Services Challenge: Securely expose existing services to third party developers in order to expand their market reach Solution: The Layer 7 API Proxy allows the airline to securely expose and manage their APIs, while caching Sabre requests Results: Significantly grew market reach, while controlling costs associated with constantly pulling data from Sabre to service Developer requests
- 25. Case Study: Smart Grid Gateway Challenge: Migrate energy services to Smart Grid technology, leveraging the new capabilities offered by additional data and communication Solution: SOA, Web and API Security Gateway enables high volume meter data collection, assisted service and upcoming mobile self-service for enhanced client experience Results: Cost avoidance for higher volume meter traffic, improved customer service through real-time channels, improved service availability through proactive system monitoring
- 26. Conclusions Employees are …and IT groups must bringing mobile accommodate them devices to work en without compromising masse… security and SLA’s Mobile Apps are …existing enterprise being built to services can be used to improve productivity quickly and reliably and reduce cost… enable these apps Enterprise API Management …through a Secure Mobile Access Gateway, integrates Mobile an API Portal, and open Apps and Enterprise standards Services…
Editor's Notes
- #16: Technical/security architects work with the Layer 7 Gateway to create policy that secures their enterprise APIsWeb administrators work with the Layer 7 API Portal to customize the look and feel; create API documentation and resources; etc, enabling developers to quickly understand how to work with the APIs and build out an applicationBusiness Managers and API Owners tasked with monetizing their APIs (or expand their market reach) create business rules around who can use which APIs in what waysThose business rules created on the API Portal are written down to the Layer 7 Gateway and enforced at runtime to ensure proper API interaction
- #20: Enterprise Service Manager also provides operational reporting and dashboarding