2. 1
Welcome to the Training Session
Day 1 – Introduction, Architecture, Components and Concepts
Day 2 – Lab install, Setup, virtualize API, Hello API
Day 3 – Policy Studio in depth with Lab
Day 4 – Advanced filters and Security
Day 5 – Administration and Advanced setup
Agenda for the Week
3. 2
Welcome To Training Session
Introduction to API Management
Architecture
Components and Concepts
Deployment
Use Cases
New Features 7.5.3
Installation of Gateway and Manager
Agenda for Day 1
4. 3
Platform of Innovation
* Courtesy IDC
Platform Evolution Platform of Innovation
There are multiple products that can form the platform of Innovation but the most important one that glues everything together and provides
the FOUNDATION for it is API Management, as it not only enables the enterprise to do innovation but also provides a wrapper for the
1st and 2nd generation platforms so that you can leverage the functionality provided by those platforms in a modern way.
5. 4
Axway API Management
Cross Platform
Development
Full Stack
JavaScript
Configure &
Code
Node.js
Runtime
MBaaS
API Lifecycle Management
Unified App Development
Developer
Portal
API First
Approach
Catalog Management &
API Stages
DevOpsOrchestration
Visual
Mapper
Secure Integration Foundation
Integration
Policy filters
Identity &
Data Security
Connectors &
Adapters
REST enabled
MFT/B2B/EDI
Microservices
Analytics&Monitoring
OpsAppDevPredictive
Enterprise
Services
Channel
Delivery
HybridCloud On Premises
13. 12
Group Architecture
External firewall
Internal firewall
Load Balancer
API-Portal
Phy./Virt. 3
Application
Developers
Clients
API instance/group 1
Admin Node Manager
Physical/Virtual machine 1
API instance/group 2
API instance/group n
API instance/group 1
Node Manager
Physical/Virtual machine 2
API instance/group n
API instance/group 1
Node Manager
Physical/Virtual machine n
API instance/group 2
API instance/group n
15. 14
API Gateway
• Security and Service Enablement at the Edge for API, SOA and XML Traffic
Identities TokensRepositories Authorization
API Security
API Transformation
Configurable Policies
200+ Pre-built Operations, 50+ Pre-built Connectors
Cache
Alert
Log
AuthN
AuthZ
OAuth
Transform
Block / Route
Filtering
Inspect
Verify
Enrich
Redact
Encrypt
Signing
API Monitor and Govern
Operational
Monitoring
Analytics
& Reporting
Meter
& Control
Dynamic
Policy Management
16. 15
API Gateway Development Studio
Configure, do not Code
Graphical policy
development based
on Eclipse
Flow-chart style
visualization of
policies
Configure not Code
Drag filters onto the
policy flow chart, link
and configure
18. 17
• Real time visibility to topology status
and API activity tracking
• Drill down from metric into transaction
details and message payloads
• Report on API usage over time
• Provide an Audit Trail of API usage
Axway API Gateway Real-time Monitoring
Real-time view on current Traffic and easy Drill Down
19. 18
API Manager
Enable API Administrators to create and manage APIs
• API Registration Lifecycle
• Register and virtualize API
• Manage lifecycle thru to retirement
• API Catalog
• Browseable API documentation
• Partner & Policy Administration
• Onboard and manage partners, developers and applications
• Configure policies managing API consumption
• Monitor and report API usage
20. 19
Runs on Joomla CMS Platform
• Fully customizable to give unique branded experience
• Separate web tier independent from API Gateway + Manager
API Portal
• Engage internal and 3rd party developers to use APIs
• Build partner and developer community around APIs
• New channel to market brand
Enable self-service API consumption by client application developers
API Portal Joomla Application
• Self-register and profile management
• Manage applications credentials
• Browse APIs and documentation
• Test APIs
• Monitor application usage of APIs
3rd Party Joomla Plug-ins
• Content management
• Wikis
• Blogs
• Forums
• …
21. 20
Long Term Reporting and Analytics
• Answers to following questions:
• What APIs are being used and what time day of day
• How much are the APIs used?
• When are the APIs used?
• Where is the API traffic coming from?
• Who is using the APIs?
• Provides information across all instances:
• Auditing and logging
• Monitoring
• Analysis
• Sheduled Reports
• PDF or CSV Export
API Analytics
22. 21
API Tester
• A graphical tool to test API performance,
scalability, and security
• Can test APIs deployed on any accessible
system of API and Service providers
• With the API Tester you can:
• Profile API capabilities
• Perform load and performance
testing
• Simulate attacks to identify API
vulnerabilities
• You can use API Tester to send an example
request message to a specific API service,
and view the associated response
23. 22
Configuration Studio
• A graphical tool that enables you to
promote API Gateway configurations
from development environments to
upstream environments (testing,
production)
• Configurations are exported from the
Policy Studio and stored into archives
• The archives are imported into the
Configuration Studio and the
Configurations are customized for the
target environment
• Designed for the skills of upstream
administrators, does not assume expertise
in policy development
24. 23
Arrow Builder
• Visual API definition UI
• Object Relationship model for API Endpoint
definitions
• Use simple or composite models
• Select which REST methods need to be exposed
(GET, PUT, POST, DELETE)… all without
writing a line of code!
• API definition format can be exported as
swagger.json, or using app SDKs for iOS and
Android apps
• Easy extensibility of request / response
processing using pre- and post- “blocks”
• Industry leading node.js middleware, built to
scale using traffic sensitive node.js container
manager.
Build APIs quickly in a matter of minutes
25. 24
An API is only as good as its documentation.
Self documenting APIs
Arrow allows developers
to create self-
documented APIs
Included isTitanium,
Node.JS andWeb code
to invoke each API and
test its output
Included cURL syntax
allows command line
invocation of API as well
26. 25
VISIT Marketplace.appcelerator.com Data-as-a-service (DaaS)
• Ships with a variety of connectors out of the
box, for quick connectivity to popular data
sources.
• Connectors can be extended if customers need to
integrate additional capabilities from the
backend vs the default.
• Connectors feed data into their own model,
which can be reduced or “joint” to another
model to create composite models.
Prebuilt connectors
30. 29
A Distributed Architecture
• A distributed architecture based on Groups of API Gateways in an Administrative
Domain
Machine 1
Admin Node
Manager
Instance 1-1
Instance 2-1
Machine 2
Node
Manager
Instance 1-2
Instance 2-2
Machine 3
Node
Manager
Instance 1-3
Instance 2-3
Administrative Domain
Group 1
Group 2
31. 30
A Group-Based Architecture
• A group consists of one or more API Gateway instances that are managed as a unit
• All instances in a group hosts the same configuration and set of Policies
• The configuration is distributed across hosts for scalability and availability
API GATEWAY INSTANCE 1 API GATEWAY INSTANCE 3STOCK CONTROL
APIs GROUP
API GATEWAY INSTANCE 2 API GATEWAY INSTANCE 4PAYMENT APIs
GROUP
PHYSICAL / VIRTUAL MACHINE 1 PHYSICAL / VIRTUAL MACHINE 2
DOMAIN
ADMIN NODE MANAGER NODE MANAGER
ADMINISTRATION
INTERFACE
POLICY
STUDIO
M
A
N
A
G
E
S
M
A
N
A
G
E
S
32. 31
Administrative Domains
• A domain is a distinct administrative entity that consists of multiple groups spanning multiple host machines
• Scoped on the boundaries of administrative control, which may be organizational or geographical
• Multiple domains are possible based on different boundaries of administrative control (R&D/Prod or per business
entities)
• Domains are managed with Admin Node Managers and Node Managers
• Node Managers are servers which execute management instructions
• One of the Node Managers, the Admin Node Manager, is the central administration server, that forwards the instructions
to the other Node Managers
33. 32
Example
• A single Node Manager (NM) on each machine manages all the local
API Gateways on that machine
• The ANM manages the instances on its host, and forwards
management operations to the NMs across the domain
• Role-Based Access Control for administrative users across the domain
• A single API Gateway Analytics database in a domain
• A single Admin Node Manager
(ANM) in the domain is the
central administration server for
the entire domain, and is
responsible for performing all
management operations across
the domain
35. 34
Solution Partitioning
• APIs and Policies can be partitioned by
solution type
• They are implemented in separate
configurations, which are deployed in
separate groups
36. 35
Environment Partitioning
• Separate domains for each environment
• Promotion refers to moving API Gateway configuration between environments and ensuring that environment-specific
settings are properly configured
• Deployment refers to the act of pushing configuration to an API Gateway instance
37. 36
Availability, Load Balancing, and Scalability
• Availability and horizontal scalability is achieved by deploying multiple instances on multiple hosts and load
balancing across them
• No special requirements on load balancers
• Instances must run the same configuration to virtualize the same APIs and execute the same policies
40. 39
Use Cases
• Customer Experience - Anywhere, Anytime, AnyData
§ Mobile Apps using SDK
§ Digital Content
§ Shopping Cart
§ Social
• Partner Collaboration - B2B
• Cloud Integration - A2A - Any to Any process, application and persona
• Connecting Things - IoT
• Innovation - Innovate internally with your Data, Process and People and collaborate better.
41. 40
Realtime B2B Integration via REST / SOAP
Securely expose internal services to Partners
Central Onboarding of Partners
Easy Setup of Multiple Formats and Channels
External Partners Enterprise Service
Solution
Identity Management
API Management
42. 41
IoT with API Management
• IoT device enablement – API Manager can be used for registering the device and
associating the APIs to it.
• Real Time monitoring and event processing – Axway analytics helps in monitoring the
real-time flows and manages events based on the business rules.
• Long Term Data Analytics – IoT devices generate a lot of useful data - It’s important to
have predictive information out of it over the time to avoid failures. Axway analytics helps
in that and can also feed the EDW of an enterprise for historical data analysis.
IoT Components and enablement with API management
43. 42
API Management for any App
mobile, portal etc.
Expose Service to different Devices, different Data Formats, nearly anywhere
Enable Self Service to Partners and Developers
Solution
Mobile
Enterprise Service
API Portal
Social
Web
Things
API Management
API Administrator
Partner /
Developer
44. 43
Cloud to Ground App Integration
An “ inbound and outbound Gateway” to Cloud Services
Leverage Solutions regardless of their location
Solution
Enterprise Service
Clients
Mobile
API ManagementCloud App
Cloud IAM
Social Login
Cloud App
45. 44
Identity Mediation and SSO
Single Sign-On from different IAM Systems to Backends to overcome Silos
Mediation between different Standards like HTTP Header/ API Key to SAML
Support latest Standards like OAuth 2.0 and OpenID Connect
Solution
API ManagementLogin
Browser Request
with IAM Identity
Login
to Backend
Convert from IAM to Backend login
Enterprise Service
46. 45
Lightweight ESB / API Centric App Integration
Protocol and message mediation for internal applications
Support for multiple standards plus Standard Connectors (SAP, Office356,..)
Easy Orchestration and Sophisticated “Workflow” capabilities
Lightweight Governance for internal Message Flows
Solution
API Management
HTTP
JMS
FTP
Email
JMS
Email
FTP
JMS
Enterprise ServiceEnterprise Service
47. 46
Data as a Service / Microservices
• DaaS = expose APIs to access data easily
• Microservice development (= technical APIs)
• “Plus all the other use cases related to API Management.”
• Security
• Catalog
• Organizations
49. 48
New Features 7.5.3
• Embedded Analytics
• No down-time deployments
• Enterprise Readiness: Multi-Data Center
• New log format: Open Logging
• Full Docker Support
• Platform New UI Style
• API Builder: new UI, orchestration, new connectors
• …
51. 50
Supported platform versions
Platform Supported versions Hardware prerequisites
Linux
•CentOS 6.x, 7.x
•Oracle Linux 6.x, 7.x
•Red Hat Enterprise Linux 6.x, 7.x
•SUSE Linux Enterprise Server 11.x, 12.x
•
API Gateway might not run on systems that do not
meet these requirements (see Note below).
•Supports 64-bit Linux running on 64-bit hardware
•Intel Core or AMD Opteron at 2Ghz with Dual Core or faster
Windows
•Windows Server 2012 R2
•Windows Server 2012
•Windows 10
•Windows 8.1
Windows Server 2012 R2 is recommended in a
production environment.
•Supports 32-bit Windows on both 32-bit hardware and 64-bit
hardware
•Intel Core or AMD Opteron at 2Ghz with Dual Core or faster
52. 51
Where do you deploy an API Gateway?
• Depending on requirements, API Gateways can be deployed:
• in a Demilitarized Zone (DMZ), if you are processing only traffic from external
sources
• in the Local Area Network (LAN), if the API Gateway is processing internal
traffic
• If you are processing traffic internally and externally, a combination of
API Gateways is considered best practice
• Both internal and external traffic should be checked for threats and to
make sure that they contain the correct parameters for REST API
requests, or correspond to Web service definitions
54. 53
Where do you deploy API Gateway Analytics?
• It is good practice to install API Gateway Analytics on a separate host from API Gateway installations
• API Gateway Analytics deploys on any supported host platform
• It is not advised to install the database used for API Gateway Analytics in the DMZ
• The connection to the API Gateway Analytics database can be secured by dedicating it to one IP address
55. 54
Secure the Last Mile
• Securing the last mile refers to preventing internal users from directly accessing services without
going through the API Gateway.
• Controlling traffic at the network level: Services can only be accessed if the traffic is coming from
pre-approved IP addresses (simplest, secure, performant)
• Establishing a mutual SSL connection between API Gateways and services (secure, less simple,
incidence on performances)
• Passing authentication tokens (WS-Security, SAML) from API Gateways to back-end services
(secure, requires some development, efficient)
56. 55
Installation and Setup
• Install API Gateway using a single installer application
• You can install API Gateway in GUI mode or in unattended command-line mode
• The API Gateway installer enables you to install the following API Gateway components:
• API Gateway Server
• QuickStart Tutorial
• API Manager
• API Gateway Analytics
• Policy Studio
• Configuration Studio
• API Tester
• License required for unrestricted functionality
70. 69
Start Node Manager & Instance
• At the end of the Standard Setup, the Cassandra database, the Admin Node Manager
& Quickstart Instance will start
73. 72
Install Checklist
1. Installation complete
2. Admin Node Manager installed
3. QuickStart Group created in API topology
4. QuickStart Instance created in API topology
5. Admin Node Manager started
6. QuickStart Instance started
7. QuickStart Introduction page opened in browser
8. Policy Studio opened
74. 73
API Gateway Installation Directory
ANM
Configuration
QuickStart Group
Configuration
Binaries
REMEMBER
These are the files where the runtime configuration is stored
75. 74
Installing API Management on Linux
./APIGateway_7.4.1_Install_linux-x86-32_BN20150730.run
Change your directory to where the API Gateway installation file is located and run it
./APIGateway_7.5.1_Install_linux-x86-32_BN20150730.run