Next Generation API Management & Microservices Service Mesh

Nov 6, 2019Download as pptx, pdf0 likes237 views

Learn how to combine API Management and microservice mesh governance to streamline how you build, manage, analyze, and extend digital services.

API &
Microservices
Governance
Andy Smith
Axway Presales
© 2019 Axway

What will we talk about?
What a traditional API governance deployment looks like and
why this isn’t necessarily a good fit for managing
microservices.
What is a service mesh and how does it help?
We’ll create a "Hello World" service, deploy it in a service
mesh, create a proxy for it and then publish it in a catalogue.
© 2019 Axway

Microservices with a traditional API Gateway
All of your governed
traffic passes
through here. Even if
this is a cluster, it
still represents a
single point of
failure.
This undermines the
benefits a resilient
microservices
architecture is
meant to deliver.
© 2019 Axway

Microservices with microgateways
A Service Mesh
assigns a gateway to
each service, which
means that your
governed traffic is
just as distributed as
your services.
© 2019 Axway

Agile deployment with an API Gateway?
Company Networks
Resource
API
Gateways
Docker Registry
Policy Definition
Proxy Definition
Resource
API
Gateways
Resource
API
Gateways
Resource
API
Gateways
Resource
API
Gateways
Resource
API
Gateways
Resource
API
Gateways
Resource
API
Gateways
Resource
API
Gateways
Resource
API
Gateways
Resource
API
Gateways
Resource
API
Gateways
Resource
API
Gateways
Resource
API
Gateways
Resource
API
Gateways
Resource
API
Gateways
Even when
your dev
teams are
delivering
services
continuously,
they have to
depend on an
external team
to deploy
proxy
definitions.
© 2019 Axway

Agile deployment with micro gateways
Company Networks
Edge API Gateways
Docker Registry
Control
Plane
In a Service Mesh
architecture, the gateway is
deployed as part of the CI/CD
process. Your governance
deployment grows and
shrinks alongside your
services.
© 2019 Axway

Using AMPLIFY Central to Govern Your Microservices
© 2019 Axway

Demo - create a “Hello World” microservice
© 2019 Axway

Build our docker image and push it to a repository
© 2019 Axway

In AMPLIFY Central, we can now see the service…
© 2019 Axway

…and create a proxy from it.
© 2019 Axway

What have we just done?
Edge
API
Gateways
Data Plane
Control Plane
Policy Library Catalogue Users/Teams Client Registry
Policies, Routing Rules, Ingress/Egress
API Proxy Configuration
Credentials/Tokens
New service here
A callable proxy at
the edge of the mesh
© 2019 Axway

We’d love you to try this yourself
platform.axway.com
© 2019 Axway

This document discusses the importance of API security testing. It notes that 56% of webinar attendees felt API security was very important to their organization, but only 12% were doing extensive security testing. It highlights some examples of security breaches caused by insecure APIs and recommends implementing API management solutions to protect against threats like unauthorized access, data exposure, and denial of service attacks. The document demonstrates how an API gateway can detect and block a SQL injection attack on a banking API. It emphasizes the importance of putting security protections in place for APIs and including testing in the development process.

apidays LIVE Paris - Driving innovation through External APIs without putting...apidays

External APIs are driving unprecedented innovation across industries like e-commerce and fintech by automating processes, improving customer experiences, and enabling new business models. However, using third-party APIs also carries risks around security, compliance, and business continuity if not properly governed. The concept of "shadow APIs" - APIs used without an organization's knowledge - exacerbates these risks. To mitigate risks, organizations should detect all API dependencies, build an API knowledge base, integrate governance into development processes, and map all API data flows. Proper API governance is crucial, especially for external APIs over which organizations have less control.

Managing Sensitive Information in an API and Microservices WorldApigee | Google Cloud

London Adapt or Die: Opening KeynotApigee | Google Cloud

Google has invested $27 billion in data centers worldwide since 2014 to build the world's fastest and most powerful cloud infrastructure. In 2016, Google Cloud Platform experienced 36% year-over-year growth in bookings, a 50% increase in net customer count, and over 90 new features shipped. Google processes over 1 billion API calls per day and saw 58% year-over-year growth in Black Friday traffic.

API Management Workshop (at Startupbootcamp Berlin)3scale

These are the slides from the API Management Workshop, held at the Startupbootcamp Berlin on October 17. We covered benefits of APIs for an organisation (regardless of size, sector, stage or purpose) and gave examples of successful deployment of APIs. We then described the typical API lifecycle: plan/design > build/integrate > operate/manage > share/engage. We covered many best practices and tools for each stage and gave practical demos about how to secure and manage APIs.

London Adapt or Die: Securing your APIs the Right Way!Apigee | Google Cloud

The document discusses securing APIs and presents examples of security issues with Snapchat, Nissan Leaf, and other APIs. It outlines approaches to API security used by large enterprises, distinguishing between internal and external APIs. The presentation emphasizes establishing security at multiple layers, with a focus on the API management layer. It provides examples of security measures like mutual TLS, rate limiting, input validation, OAuth 2.0, and monitoring for anomalies. Governance techniques like flow hooks are also presented. Live demos illustrate bot detection, proof of work, and extending OAuth with techniques like token binding and proof of key for JWTs.

apidays LIVE Hong Kong 2021 - Event-driven APIs & Schema governance for Apach...apidays

apidays LIVE Hong Kong 2021 - API Ecosystem & Data Interchange August 25 & 26, 2021 Event-driven APIs & Schema governance for Apache Kafka Hugo Guerrero, APIs & Messaging Developer Advocate at Red Hat ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Open API and API Management - Introduction and Comparison of Products: TIBCO ...Kai Wähner

In October 2014, I had a talk at Jazoon in Zurich, Switzerland: "A New Front for SOA: Open API and API Management as Game Changer" Open API represent the leading edge of a new business model, providing innovative ways for companies to expand brand value and routes to market, and create new value chains for intellectual property. In the past, SOA strategies mostly targeted internal users. Open APIs target mostly external partners. This session introduces the concepts of Open API, its challenges and opportunities. API Management will become important in many areas, no matter if business-to-business (B2B) or business-to-customer (B2C) communication. Several real world use cases will discuss how to gain leverage due to API Management. The end of the session shows and compares API management products from different vendors such as TIBCO API Exchange, IBM, Apigee, 3scale, WSO2, MuleSoft, Mashery, Layer 7, Vordel

Apigee and Accenture Webcast - Accenture Technology Vision 2013 - An API Cent...Apigee | Google Cloud

The document summarizes Accenture's Technology Vision for 2013, which identifies eight technology trends and discusses each trend from an API-centric perspective. The eight trends are relationships at scale, design for analytics, data velocity, seamless collaboration, software-defined networking, active defense, and beyond the cloud. For each trend, the document outlines the role and importance of APIs, such as how APIs power the app economy and unlock agility in virtualization. The vision is that every business will become a digital business where the API is the central product.

APIs for... Your MomCarlo Longino

Pitney Bowes at a glanceApigee | Google Cloud

apidays LIVE New York 2021 - API design is where culture and tech meet each o...apidays

apidays LIVE Paris - Drawing the right lines: DDD, APIs and Microservices by ...apidays

Adapt or Die Sydney - API SecurityApigee | Google Cloud

apidays LIVE Paris - The State of SaaS Integration by Gertjan De Wildeapidays

The document discusses trends in SaaS integration and API standardization. It notes that the number of SaaS apps used by companies is growing significantly each year, driving demand for easier integration. API standards like OpenAPI are gaining adoption and helping improve integration. It recommends companies adopt a hybrid integration strategy using both native and third-party integrations. Focusing on the developer experience through SDKs, documentation, and events can help attract more developers to an API. The document predicts continued growth in areas like no-code/low-code platforms, embedded workflows, and compliance-focused APIs.

Managing Sensitive Information in an API and Microservices WorldApigee | Google Cloud

5 Tips for Scaling API GovernanceJohn Phenix

John Phenix proposes automating API governance at HSBC to improve the developer experience and ensure consistency. He outlines five tips: 1) Govern only real risks, not preferences; 2) Ensure governance scales with development; 3) Shift governance left to catch issues earlier; 4) Transition from reviewing correctness to reviewing appropriateness; 5) Automate as much as possible while still involving people. Phenix advocates a hybrid centralized-federated model and using tools to automate reviews, integrate with CI/CD, and provide dashboards. Example rules cover security, operations, and style standards.

apidays LIVE Australia 2021 - Leveraging Async APIs to deliver Cross Domain A...apidays

[WSO2 API Day Toronto 2019] Extending Service Mesh with API ManagementWSO2

Is Your API Being Abused – And Would You Even Notice If It Was?Nordic APIs

APIs are a wonderful thing and bring many benefits, but by their very nature they are also a window into how your business operates. If someone can exploit your system for gain, they will. This presentation will give multiple real examples of API abuse in the wild, via methods such as data scraping, service misuse/cheating, unauthorized aggregation and fake account creation. How is it done, how are existing API controls bypassed, and what are the business implications? The audience will learn that API abusers are inventive and they use smart tools. The audience will also learn who some of these API abusers are, and may be surprised by the result. (Spoiler: they can be your customers!) Finally, some guidance will be given around what additional access controls can be put in place to ensure API based businesses continue to prosper.

Confronting API Security in the Brave New Open Banking EraAkana

apidays LIVE Australia 2021 - How to Achieve Zero-Trust Security With Kuma Se...apidays

Api architectures for the modern enterpriseCA API Management

Extend your legacy SOA/ESB infrastructure to Mobile & IoT This webinar recording provides a use-case driven discussion around appropriate use of existing middleware infrastructure as well as its shortcomings. It dives deep into how APIs can not only complement an ESB or SOA infrastructure but also fill existing gaps. Watch this webinar recording to learn about: - Strengths and weaknesses of your existing ESB/SOA infrastructure - Architecture strategy: extend and add value to legacy middleware with APIs - Integration / API use cases in Retail, Manufacturing and Telecom - The API360 approach to digital strategy

apidays LIVE Australia 2020 - Starting and Growing an API security company by...apidays

The Four Transformative Forces of the API Management MarketApigee | Google Cloud

Gartner AADI Learning Lab - Microservices and API ManagementColin McGovern

미니세션 | 리테일 기업을 위한 AWS 블록체인 기술 접근 방향 - 박혜영, AWS 솔루션즈 아키텍트Amazon Web Services Korea

More Related Content

What's hot (20)