Mais conteúdo relacionado Semelhante a Implementing Enterprise API Management in Oracle Cloud (20) Implementing Enterprise API Management in Oracle Cloud1. Implementing Enterprise API Management
In the Oracle Cloud
Oracle OpenWorld
San Francisco | September 18-22, 2016
Luis Weir
luis.weir@capgemini.com
uk.linkedin.com/in/lweir
@luisw19
soa4u.co.uk/
2. 2Copyright © Capgemini and Sogeti 2016. All Rights Reserved
Oracle OpenWorld | San Francisco | September 18-22, 2016
Table of Contents
Introduction
Context
A step back… redefining types of integrations
The missing pieces:
• An Enterprise API Taxonomy
• API Management Capability Model
• Mapping Oracle Cloud PaaS to APIM Capabilities
Use cases
Wrap-up
4. 4Copyright © Capgemini and Sogeti 2016. All Rights Reserved
Oracle OpenWorld | San Francisco | September 18-22, 2016
Resume
I am very passionate about technology. I have be the lead authored of two books (Oracle SOA Governance 11g Implementation and Oracle API Management 12c
Implementation), I am a regular blogger and speaker in major conferences and events. A well-known industry expert especially when it comes to Oracle middleware
technologies I am also an OTN certified SOA black belt.
Luis Weir
Oracle Ace Director – Cloud Principal at Capgemini UK
I am an Oracle Ace Director, Cloud Principal and a Thought Leader specialised in Oracle Fusion Middleware & Oracle PaaS. With more than 15
years of experience implementing IT solutions across the globe, I have been exposed to a wide wide variety of business problems many of which
I’ve helped solved by adopting SOA architectural styles such as traditional SOA, API management and now Microservices. My current focus is in
assisting organisations define and implement solutions and strategies that can help them realise the benefits that such technologies have to offer.
2nd Place
1st OTN Cloud
Hackathon
June, 2016
Cloud
Contribution Award
SOA Community
March, 2016
Latest Media:
Oracle Magazine May/June 2016
(http://bit.ly/1RTCAU3)
Systematic Approach for Migrating to Oracle
Cloud SaaS (http://bit.ly/1Xr6acs)
Oracle Magazine Jan/Feb 2016 (http://ora.cl/Vhh)
API Management Implementation
(http://ora.cl/Gcw)
A Word About Microservices and SOA
(http://bit.ly/25Dk5go)
6. 6Copyright © Capgemini and Sogeti 2016. All Rights Reserved
Oracle OpenWorld | San Francisco | September 18-22, 2016
The “Digital” dilemma…
7. 7Copyright © Capgemini and Sogeti 2016. All Rights Reserved
Oracle OpenWorld | San Francisco | September 18-22, 2016
Systems of
Differentiator
Systems of
Record
Systems of
Innovation
Bi-modal IT, is it really?
Traditional Mode
(Reliable, delivered in
waterfall, IT centric,
V-model, slow)
Non-linear Mode
(Agile, DevOps,
automation, fast)
Promised in 8
weeks
Promised in 4 Months
What about access to
core data and business
functionality?
+8 Weeks
Ready in 8
Months
Environment created, system
changed, functionality added,
access granted,
Standard interface
delivered
Waiting for changes
Waiting for access
Bi-modal?
8. 8Copyright © Capgemini and Sogeti 2016. All Rights Reserved
Oracle OpenWorld | San Francisco | September 18-22, 2016
A bi-modal analogy
The fast IT organisation can only be as
fast as it is possible to deliver access to
systems of records…
Thus bi-modal IT it’s contraint to the speed
it takes to deliver such access.
9. 9Copyright © Capgemini and Sogeti 2016. All Rights Reserved
Oracle OpenWorld | San Francisco | September 18-22, 2016
Cloud
Rush to the Cloud
Firewall
Social Media
{json}
{json}
{json} {json}
{json}
{json}
<xml>
<xml>
<xml>
Oracle Cloud SaaS
FIN HUBs LEGACYSCM
Other SaaS
Mobility & IoT Solutions
= accidental cloud architecture (cloud spaghetti!)
10. 10Copyright © Capgemini and Sogeti 2016. All Rights Reserved
Oracle OpenWorld | San Francisco | September 18-22, 2016
Breaking the chains
11. 11Copyright © Capgemini and Sogeti 2016. All Rights Reserved
Oracle OpenWorld | San Francisco | September 18-22, 2016
API-led connectivity
Firewall
ERP HCM LEGACYCRM
Mobility & IoT SolutionsOracle Cloud SaaS Social MediaOther SaaS
Cloud
On-Premise APIs
Cloud APIs Hybrid
API
Platform
12. 12Copyright © Capgemini and Sogeti 2016. All Rights Reserved
Oracle OpenWorld | San Francisco | September 18-22, 2016
API growth is exponential
API growth in the enterprise exponential
API accelerated growth will continue:
• Partner integration APIs
• B2C APIs
• Enterprise mobility APIs
• IoT APIs
Growth In Web APIs Since 2005 Programmable Web
1 186 299 438 593 865
1263
1546
2026
2418
3422
5018
7182
9011
10302
0
1500
3000
4500
6000
7500
9000
10500
12000
APICount
Month
Fastest Growing Web API
Categories (6 months)
Programmable Web
Financial, 70
Enterprise, 66
Backend, 52
Messaging, 43
Advertising, 43
Government,
38
Mapping, 35
Science, 31
Social, 28
13. 13Copyright © Capgemini and Sogeti 2016. All Rights Reserved
Oracle OpenWorld | San Francisco | September 18-22, 2016
What is an [Web] API?
Application Programming Interfaces (APIs) are not new. But they have
taken on a new shape. REST (or Web) APIs are doors that give
access to information and functionality in real time.
And just like doors:
They have locks. Only key holders can open them
There are different types for different needs (size, color, locks,
purpose, etc.)
They can be outside facing (anyone can see them i.e. internet) or
internal facing (i.e. only accessible within an area/zone)
They are available only in specific locations – API endpoints
They can be as secured and closely monitored as required (typically
depending on their purpose and information being accessed)
The have an impact on people (customers and employees)
experience. Based on their performance experience can be good or
bad. If bad people will remember!
14. 14Copyright © Capgemini and Sogeti 2016. All Rights Reserved
Oracle OpenWorld | San Francisco | September 18-22, 2016
API Management
Planning
Design
Implementation
Publication
Operation
Consumption
Maintenance
Retirement
API
15. 15Copyright © Capgemini and Sogeti 2016. All Rights Reserved
Oracle OpenWorld | San Francisco | September 18-22, 2016
Drivers for API Management
Enable a digital
strategy by unlocking
access to electronic
business assets
Richer user experience
by delivering
tailored-fit APIs
Quicker, standard and
secure access to
information and
functionality
Discovery and reuse
of APIs
3rd generation API
platform with global
deployment capabilities
(cloud or on-prem)
Robust operations,
analytics and
insights
API as a new source of
revenue. Information
is a valuable asset
16. A step back… redifining types of integration
An overview of vertical and horizontal integrations
17. 17Copyright © Capgemini and Sogeti 2016. All Rights Reserved
Oracle OpenWorld | San Francisco | September 18-22, 2016
SYSTEMS OF ENGAGEMENT
Mobile Apps
Response web
Applications
Devices
Customer
Service
Business
Partners
Vertical vs. Horizontal Integration
Horizontal Integration
Asynchronous in nature. Near-real time or batch. Typical integration styles: as pub/sub, data replications, file transfers
SYSTEMS OF RECORDS
Financials EPM HCM
Order
Management
CRM Data Hubs Legacy
Synchronous/Realtime
VerticalIntegration
Main scope for API Management
Created with Niklas Olsson /
18. 18Copyright © Capgemini and Sogeti 2016. All Rights Reserved
Oracle OpenWorld | San Francisco | September 18-22, 2016
Vertical vs. Horizontal Integration – Characteristics
Vertical
Human behind the trigger
Information requested on-demand (real-time)
Synchronous in nature. A request expects a response
Objective is to deliver functionality and/or information in
support of a user journey
Directly impacts the user experience (regardless of the channel)
Best realised with API management
Horizontal
System behind the trigger
Initiated by a system scheduled or a system event
Asynchronous in nature. No immediate response expected
Objective is to deliver data or messages from a source
system to a target(s) system
No immediate impact to the user (unless a malfunction occurs)
Can be realized in a number of ways
Validate,
Enrich,
Transform
.... .. .
.. .. . .
....... .
.... .. .
.. .. . .
....... .
.... .. .
.. .. . .
....... .
.... .. .
.. .. . .
....... .
Route,
Operate,
Load
Extract,
Capture
ExperienceDelivery
Systems of Engagement
Coworkers Customers
Rapid access, Transform
Enforce, Aggregate, Route
Tailor, Deliver
UX
19. 19Copyright © Capgemini and Sogeti 2016. All Rights Reserved
Oracle OpenWorld | San Francisco | September 18-22, 2016
SOA
What about SOA?
Inspiration from Martin Fowler’s Microservices
presentation at GOTO conference,
Berlin November 2014 (minute 14)
Typically adopted to
deliver horizontal
integrations
Traditional
SOA
(i.e. AIA)
Best for vertical
integrations
Not for
integration.
Best for building
modern systems
API
Management
Microservices
Architecture
21. 21Copyright © Capgemini and Sogeti 2016. All Rights Reserved
Oracle OpenWorld | San Francisco | September 18-22, 2016
Enterprise API Taxonomy
SaaS
API Applications
Finance SCM Legacy, etc CX HCM
[Managed] Business APIs
Single Purpose APIs
Utility APIs
Identity
Logging
Error
Handing
Notifications
Management &
Collaboration
Design &
Development
Portals
Policy
Definition
Lifecycle
Management
Runtime
Analytics
User
Management
SYSTEMS OF ENGAGEMENT
Special Purpose APIs Presentation APIs Partner [B2B] APIsPublic [Consumer] APIs
Microservices
SYSTEMS OF RECORDS SYSTEMS OF INNOVATION
SYSTEMSOFDIFFERENTIATION
$
API
System APIs System APIs System APIs System APIs System APIs
22. 22Copyright © Capgemini and Sogeti 2016. All Rights Reserved
Oracle OpenWorld | San Francisco | September 18-22, 2016
API Management Capability Model
API
Registry
Single Purpose APIs
Business APIs
API Applications
Utility APIsAPI Design &
Development
Portal
API-First Design
Console
ADL Programmatic
Validation
API Approval
Workflow
API Dynamic
Documentation
API Applications &
Keys Generation
Developer On-
boarding
Community
Collaboration
Resource
Registration
Resource
Discovery
K/V Storage
K/V
Replication
Resource
Health
Status
Registry
API
Identity
Federation
Identity
Mappings
Error
Handling
Logging
Alerts &
Nots
Management
APIs
AuthN/AuthZ/API Key
Validation
Policy
Enforcement
HTTP
Routing
Calls
Aggregation
Light
Transformation
Light
Scripting
In-memory
Cache
Rate
Limiting/Throttling
Streaming
REST/SOAP
Conversions
System
AuthN/AuthZ
Connectivity
Adapters
Connection &
Session Management
Transport
Conversions
Protocol
Conversions
Data
Transformation
Complex
Orchestrations
Custom Logic
(Complex Scripting)
Polyglot
Programming
Decentralise
Deployment
Federated
AuthN/AuthZ
API Key
Validation
Call
Aggregation
Tailored
Contracts
Thread
Protection
Thread
Protection
Client Backend
Logic Scripting
Platform/
Backend APIs
Push Nots/
Websockets
Polyglot Consumer
SDKs
API
Management
Console
API Lifecycle
Management
Policy Definition
Runtime Monitoring
Runtime Analytics
API Gateway
Management
Policy Definition
User & Role
Management
Keys Management
Delivery
Version
Control
Deployment
Continuous
Testing
Release
Management
Continuous
Integration
Team
Management
Team
Collaboration
Issue
Tracking
Spring
Boards
RuntimeDev-Ops
API Discovery &
Subscriptions
23. 23Copyright © Capgemini and Sogeti 2016. All Rights Reserved
Oracle OpenWorld | San Francisco | September 18-22, 2016
Oracle PaaS for API Management
RuntimeDev-OpsSuggestionsAPIPCS OOTB InteroperabilityOracle PaaS Cloud Services
API
Registry
Single Purpose APIs
Business APIs
API Applications
Utility APIsAPI
Portal
API
Management
Console
Delivery
Developer Cloud
Eureka
Managem
ent
Cloud
Identity
Cloud
Java CloudSOA Cloud App Container CloudIntegration Cloud
API Platform
Cloud
API Platform Cloud
API Platform
Cloud
Java CloudMobile Cloud App Container CloudAPI Platform Cloud
Public SaaS
API Catalog
24. Patterns & Use Cases
Sample enterprise API management use cases delivered in the
Oracle Cloud PaaS
25. 25Copyright © Capgemini and Sogeti 2016. All Rights Reserved
Oracle OpenWorld | San Francisco | September 18-22, 2016
APIM Designer
Portal
API {First} Design
8) Feedback
13) Evaluates
14) No changes
7) Evaluates
5) Creates API definition
12) Submits final definition
(Github pull request)
9) Updates definition
4) Opens API editor
1) Enters APIM Dev Portal
2) Searches API catalogue
3) No match
11) Thumbs up!
10) Evaluates
Assertions
checks
Assertions
checks
15) Set-up continuous test
6) Creates mockup & shares URL
> Dreed, Circle CI
16) Implements API
17) Requests deploy 18) Gets request
19) Approves
API
Gateway
API Gateway
DMZ
API
Gateway
Management
Console
API Platform Cloud
API Designer
API Developer
API Consumer
Developer
Architects
API Developers
API Gateway
Admin
Developer
Portal
API Platform Cloud
26. 26Copyright © Capgemini and Sogeti 2016. All Rights Reserved
Oracle OpenWorld | San Francisco | September 18-22, 2016
Mobile Application accessing System of Records in Oracle SaaS and SFDC
Cloud PaaS
API Gateway
API Platform
Mobile Backend
Mobile API
ConnectionsMobile Cloud
JSON Object
Tailoring
Auth
Business API
Oracle MAF
Validate
API-Key
Limits &
throttle
User
Authn
Route Respond
Cloud SaaS
ERP Cloud
Integration Flows
Integration Cloud
Enterprise
WSDL
Orchestrate
Connect
Transform
Connect
REST
Auth
Service
2
3
6
5
7
8
9
4
1) Update personal info submitted from app. Call to mobile backend API takes place. Authentication
would’ve already happened in this example. Mobile API Key is validated
2) Backend API code (node.js) transforms object (into enterprise format), injects and calls business API
via the REST connector (in theory connector should inject API key and authentication credentials)
3) Business API receives the calls and enforces policies as specified, ie. key validation, user authN/authZ, rate limits, possibly custom script
and finally routes the request to the backend (system) API (implemented in ICS)
4) An integration flow receives the request (in enterprise format). An orchestration is initiated to: 1) update personal info in SFDC, 2) update
personal info in ERP cloud. It happens as following:
5) The received object is transformed into target system format and included into a request call to SFDC (via enterprise WSDL). ICS takes
care of REST/SOAP conversion and also handles authentication and sessions with SFDC
6) The received object is transformed into target system format and included into a request call to ERP Cloud (via enterprise WSDL). ICS
takes care of REST/SOAP conversion and also handles authentication and sessions with ERP Cloud
7) ICS transforms back the object into the enterprise object format and sends back JSON response to the API gateway
8) API gateway sends back the response to the mobile backend
9) The mobile backend API code transforms object to format expected by the mobile app
{json}
{json}
{json} {json}
<soap>
<soap>
<soap>
<soap>
1
{json}
{json}
{json}
27. 27Copyright © Capgemini and Sogeti 2016. All Rights Reserved
Oracle OpenWorld | San Francisco | September 18-22, 2016
Service Cloud searches on-premises customer master through existing SOAP
web service
API Gateway
Oracle SOA Suite
ACS
Mediator
DB
Adapter
Cloud SaaS
Service Cloud
APIPlatform
Presentation API
Validate
API-Key
Limits &
throttle
User
AuthN
SOAP-
REST
Respond
Management
Console
API Platform
Cloud PaaS
Sends stats
Pulls
deployments
Customer
Data Hub
PLSQL
EBS
{json} {json}
<soap><soap>
0) Customer Service Agent conducts a search in Service Cloud to
service for a specific customer (ie. Based on first and last name)
1
2
4
7
1) Service Cloud triggers a call to an API exposed in a DMZ
(i.e. https://myorg.com/customers?name=luis&lastname=weir)
2) The API gateway receives the request, validates the API key and user credentials
(ie. OAuth 2.0), enforces limit/throttling policies and then converts the payload into
SOAP to invoke the business service exposed by SOA Suite internally
Mediator BPEL
WS
Adapter
6
3
5
sqlnet
DMZ
3) Typically an enterprise business service (EBS) in SOA Suite will just route the
request to the relevant application connector service service also in SOA Suite
4) The ACS will transform the request from a canonical model into the application
format and via the adapter (ie. Database) will connect to the system of record and
conduct the search in any given protocol (ie. SQLNET)
5) The request is converted back into a canonical model and send back to the invoker
service
6) A SOAP response in canonical model is send back to the API Gateway
7) A policy converts back the SOAP payload into JSON (most likely removing fields
that are not required by the consumer system) and sends back the JSON payload
https
29. 29Copyright © Capgemini and Sogeti 2016. All Rights Reserved
Oracle OpenWorld | San Francisco | September 18-22, 2016
Oracle Cloud PaaS – Capability Comparison
Capability API Platform Mobile Cloud SOA Cloud** Integration Cloud Java Cloud** App. Cont. Cloud**
E2E API lifecycle (design, mock, build, test, publish, manage, monitor)
Hybrid deployment (cloud/on-prem) –native (installed via cloud)
Rich API focused ops and analytics
REST/JSON end to end
API policies definition & enforcement
Authentication & Authorization
Identity federation support (ie. OAuth 2.0)
API keys management and enforcement
Backend (platform) APIs (ie. Push nots, storage, data sync, etc)
WebSockets
HTTP Routing (declarative)
Data transformation (declarative)
Protocol conversion (declarative)
Call aggregation (declarative)
Orchestrations (declarative)
Custom scripting
Connectivity to several sources (excluding pure REST/SOAP)
Polyglot programming
Light footprint
Full Mostly Some or Custom (libs &| imperative) No supportPartly
** Only when combined with Developer Cloud
30. The information contained in this presentation is proprietary.
Copyright © 2016 Capgemini and Sogeti. All rights reserved.
Rightshore® is a trademark belonging to Capgemini.
www.capgemini.com
www.sogeti.com
About Capgemini and Sogeti
With more than 180,000 people in over 40 countries, Capgemini is a global leader in
consulting, technology and outsourcing services. The Group reported 2015 global
revenues of EUR 11.9 billion. Together with its clients, Capgemini creates and delivers
business, technology and digital solutions that fit their needs, enabling them to achieve
innovation and competitiveness. A deeply multicultural organization, Capgemini has
developed its own way of working, the Collaborative Business Experience™, and
draws on Rightshore®, its worldwide delivery model.
Learn more about us at www.capgemini.com.
Sogeti is a leading provider of technology and software testing,
specializing in Application, Infrastructure and Engineering Services.
Sogeti offers cutting-edge solutions around Testing, Business
Intelligence & Analytics, Mobile, Cloud and Cyber Security. Sogeti
brings together more than 23,000 professionals in 15 countries and has
a strong local presence in over 100 locations in Europe, USA and India.
Sogeti is a wholly-owned subsidiary of Cap Gemini S.A., listed on the
Paris Stock Exchange.