Enterprise solution for API Management

Hybrid, multi-cloud management platform for APIs across all environments. Nowadays, enterprises are API producer and they expose their services to their customers via APIs.

With Azure API Management Service enterprises can selectively expose their services to their partners, consumers in a secure manner.

Enterprise level benefits of Azure API Management

  • Exposing the services/APIs in a secure manner.
  • A Framework for API Management can be approved by compliance gate and teams can use it without repeating the same compliance gate process.
  • A list of exposed APIs/Services are always for monitoring available for CTO.

Must haves at enterprise level implementation for Azure API Management :

  • Define a secure framework for API Management
  • On-board teams to be able to use this framework
  • Support and monitor the Teams activities

Enterprise Level limitation

If an enterprise level decides to use the custom role assignment must pay attention to 2000 RBAC assignment per subscription.

Framework for Azure API Management

In the framework document we must define at least two teams and the functional and non-functional requirement must be clarified and explained in great detail.

  • Service Provider Team : is the team who define the framework and perform the compliance gate process for the service, they want to provide
  • Consumer Team : uses the provided service, because
    • They need this service in their solution.
    • They receive an On-Boarding and start technically easier with this service.
    • They can use the support of this service instead of using their resources
    • They don’t need compliance gate process for this service
Functional requirementsNon-functional requirements
By which cloud provider?How teams can request this service?
Is it private or public cloud?How they can get on-boarding?
How can have access to resources?How they can get support?
How to determine the dev/QA/prod environments?How are the SLA?
How team can access his resources?What are the service provider team’s responsibilities?
How they can add/remove/config their resources?What are the consumer team’s responsibilities?
Is their any automated flow? if yes, what are they?
How the automated flow can be considered in CI/CD? (if necessary for consumer team)
What are the secure compliance configurations?

Reference

Multi-cloud solutions

Most organizations choose to work with multiple cloud providers, because it’s a struggle for an enterprise to find only one public cloud infrustructure provider, which meet all their requirements. [refrence]

The following figure demonstrates that the multi-cloud solution is a sub concept for hybrid-cloud computing.

Multi-cloud solutions are sub topic of the hybrid-cloud computing.

AWS API Management

API Management tools on Amazon Wen Services (AWS) are the followings:

  • Amazon API Gateway
  • Serverless Developer Portal

These tools provide the following features for the users:

  • API Access Control
  • API Protection
  • API Creation and design
  • Support for hybrid models
  • High performance
  • Customizable developer portal
Amazon-API-Gateway-How-Works
AWS API Gateway communication flow

The communication is as follows:

  1. Request is sent to API endpoint in API management.
  2. The above request is passed to the Backend API via API management.
  3. The request is processed in the Backend API and if necessary the data layer is used and the result is generated
  4. The response, which contains the result, is sent back to the API management.
  5. The API management sends the response to the caller.

Resources

API Lifecycle

Nowadays, developers, enterprises, and organisations often create open Application Programming Interfaces (APIs) that allow other teams, developers, customers, and services to integrate to their products and services.

The following figure demonstrates the API lifecycle and after the Deploy phase the API can be shared with other API’s consumers in the Share Phase.

Today is usual to share the APIs via API Management and each cloud provider has its own API Management solution for a better API management and API monitoring. more…

API-Management-Workflow
API Lifecycle

In API Management each API has its own endpoint.

API-example-use-cases
Common API Examples
  1. Request is sent to API endpoint in API management.
  2. The above request is passed to the Backend API via API management.
  3. The request is processed in the backend API and if necessary the data layer is used and the result is generated
  4. The response, which contains the result, is sent back to the API management.
  5. The API management sends the response to the caller.

Resources:

API Management in Azre, Aws and GCP

Application Programming Interface Management (API Management), consists of a set of tools and services that enable developers and companies to build, analyse, operate, and scale APIs in secure environment.

AzureAWSGCP
ServiceAPI Management ServiceAmazon API Gateway
– API Gateway
– Developer Portal
– API Access Control
– API Protection
– API Creation and design
– Support for hybrid models
– High performance
– Customizable developer portal
???
API Management tools overview

API Management can be delivered on-premises, through the could, or using a hybrid on-premises – SaaS (Software as a Service) approach.

Resouces

AWS CloudTrail

CloudTrail is a service provider by AWS to help monitor and log activities in AWS accounts.

  1. Monitor Avtivity in AWS Accounts
    CloudTrail records all actions taken when provisioning and modifying resources in AWS accounts.
  2. Store historical logs
    CloudTrail integrates with S3 to store historical data.
    Queries can be run on the data in S3 for audits.
    Retention period is by default 90 days for keeping a longer period it must be stored in S3 bucket.
  3. Integrate with other services (e.g. Event-driven)
    CloudTrail works with other services to raise alarms like AWS CloudWatch, analyze access patterns, and much more.

CloudTrail use case

Compare Migration

For migration from On-Prem to Cloud we have the following possibilities on different platforms.

AzureAWSGCP
Lift and shiftYesYes

Lift and shift
It means a virtual machine is taken from a hyper-visor and migrated to cloud with the same configuration as it had on-prem. An app will be migrated to the cloud without refactoring or changing architecture.

Cloud & Enterprises

Hybrid/Multi-Cloud solutions are in focus and most big enterprises are interested to use it or to be the partner of their vendors. My customers are using Azur/ AWS and GCP.

The interest to be integrated in cloud technologies is one side, and the other side is the secure compliance solutions. The compliance Gate in each enterprise checks the developed products from business and IT perspectives.

Compliance Gate responsibilities in an enterprise

How to make compliance gate process easier?

To make the compliance gate process easier, it’s better to define a framework for some of the cloud services and then perform the compliance gate process for this service and its framework.

Later on, when a team wants to use this service as log as they use the defined framework, their compliance gate process will be easier.

Real Experiences:

References