api management for enterprise mobile access a how-to guide
TRANSCRIPT
API Management for Enterprise Mobile Access
A Layer 7 Technologies Solution
Matt McLarty, VP, Client Solutions, Layer 7 Technologies
Housekeeping
Questions - Chat any questions you have and we’ll answer them at the end of this call
Twitter - Today’s event hashtag:
- #L7webinar
- Follow us on Twitter as well:
- @layer7
facebook.com/layer7
layer7.com/blogs
layer7.com/linkedin
Agenda
“Bring
Your Own Devic
e”
•BYOD and the App Explosion
•Innovation through Consumerization
Enterprise Mobil
e Integration
•Enterprise Mobility and the Mobile App Paradigm
•Leveraging Enterprise Services and Assets
Enterprise API
Manageme
nt
•API Publication, Security and Monetization
•Solutions and Case Studies from Layer 7 Technologies
BYOD: Bring Your Own Device
Courtesy of Click Software
Employees are bringing mobile devices to work en masse…
BYOD: iPad @ Work – from IDG Connect “iPad for Business Survey 2012”
The App Explosion
Courtesy of zendesk Courtesy of [x]cube Labs
Pillars of an Enterprise Mobility Strategy*
“By exposing access … through a standardized mobile-friendly enterprise services layer, the cost of innovation can be dramatically reduced.”
* From “iPad in the Enterprise”, N.
Clevenger, Wiley 2011
Business Drivers
Hardware Ownership & Support
Deployment, Provisioning & Management
Enterprise Services Platform
Application Portfolio & Roadmap
Corporate Governance & Processes
Security Standards & Audit Processes
Enterprise Services Platform
Mobile App-to-Enterprise Service Integration
• Uses existing security policies and technologies
• Leverages proven systems with enterprise SLA’s
• Re-use of API and shared services infrastructure
• Existing enterprise services can create and increase revenue
Increase Revenue
Cost Reduction
ComplianceQuality of Service
Network
Mobile App-to-Enterprise Service Integration Challenges
Enterprise Services
Data Services
Mobile Devices
Proliferation of mobile devices increases message volumes
exponentially
Service API’s unavailable in mobile-
friendly formats & protocols (REST, JSON)
Composite services need API’s from
multiple providers, requiring federation
Data privacy and integrity must be
preserved end-to-end
BYOD approach mixes personal and business
use, blurring the security perimeter
API’s must be reusable across multiple mobile
and non-mobile platforms
How to access business intelligence and Big Data in real-
time
Enterprise Service Platform Evolution
Web Apps and Web Services (2001-2010)
Mobile Apps and API’s (2011 and beyond)
Web Proxy App Server DB Server
API Server Data Services(Hadoop, RDBMS)
Mobile Access Gateway
Thin & ThickClient
MobileApps
On-Prem
Cloud
Enterprise Services
Data Services
Mobile Devices
Network
The Mobile Access Gateway
Enterprise Services
Data Services
Mobile Devices
Proliferation of mobile devices increases message volumes
exponentially
Service API’s unavailable in mobile-
friendly formats & protocols (REST, JSON)
Composite services need API’s from
multiple providers, requiring federation
Data privacy and integrity must be
preserved end-to-end
BYOD approach mixes personal and business
use, blurring the security perimeter
API’s must be reusable across multiple mobile
and non-mobile platforms
How to access business intelligence and Big Data in real-
time
Mobile AccessGateway
Optimized high scale engine for compute-intensive integration
functions
App- and API-specific security handling—including Oauth—
adapts the perimeter
Federated security for 3rd party API’s, data
aggregation for composite API mashups
Real-time bridging from SOAP, XML and legacy formats to REST, JSON
mobile protocols
Single logical gateway cluster configurable to
handle mobile, web and B2B traffic
Existing enterprise access control and
crypto extended to App-API through Gateway
Event-aware integration capability for real-time analytic data synthesis
and integration
Enterprise Services
Data Services
Mobile Devices
The Mobile Access Gateway
Proliferation of mobile devices increases message volumes
exponentially
Service API’s unavailable in mobile-
friendly formats & protocols (REST, JSON)
Composite services need API’s from
multiple providers, requiring federation
Data privacy and integrity must be
preserved end-to-end
BYOD approach mixes personal and business
use, blurring the security perimeter
API’s must be reusable across multiple mobile
and non-mobile platforms
How to access business intelligence and Big Data in real-
time
Mobile AccessGateway
App- and API-specific security handling—including Oauth—
adapts the perimeter
Federated security for 3rd party API’s, data
aggregation for composite API mashups
Real-time bridging from SOAP, XML and legacy formats to REST, JSON
mobile protocols
Single logical gateway cluster configurable to
handle mobile, web and B2B traffic
Existing enterprise access control and
crypto extended to App-API through Gateway
Event-aware integration capability for real-time analytic data synthesis
and integration
Optimized high scale engine for compute-intensive integration
functions
Mobile App-to-Enterprise Integration Stakeholders
API Server Data Services(Hadoop, RDBMS)
Mobile Access Gateway
MobileApps
On-Prem
Cloud
What API’s are available and how
can I use them?
App Developer
IT Operator
Info Security
API Owner
Who is allowed to use my API’s? Are they being used?
What is changing? Is everything
running smoothly?
How is our data being protected and access controlled?
API Proxy
- Enterprise-grade Mobile Access Gateway
API Portal
- Developer on-boarding, support and resources
- API metrics and reporting
Enterprise Service Manager (ESM)
- API migration, management and dashboarding
Secure OAuth Toolkit
- Support for 2 and 3-legged OAuth
Layer 7 API Management Suite
API Management – How it All Works
Enterprise APIs
1. Publish & Secure APIs 2. Onboard Developers
3. Monetize your APIs
Developer
Security Architect
Business Manager/API Owner
4. Close the Loop
IT Operator
Mobile Access Gateway – API Proxy
Enterprise APIs
1. Publish & Secure APIs
Feature/Function API Proxy
Credentialing Y
Custom Assertion SDK Y
JDBC support Y
SAML support Full
Convert SOAP<->REST Y
WS* support Y
XACML support Y
MTOM support Y
Transports supported JMS, MQ, FTP(s), HTTP(s), raw TCP
Concurrent Assertion support Y
OAuth support 1.0 and 2.0, HMAC, RSA
Rate Limiting Y
Multiple Form Factors Hardware, Software, VMware, AMI
Mobile Access Gateway – OAuth
API Dev Portal or Client API Key store
ID ProviderFor resource owner authentication
Resource owner(subscriber)
Client application(REST client)
1. Handshake2. Service call
Handshake only(optional)
• Plug in your ID providers, IAM, CA Siteminder, OAM, …
• Plug in any developer portal, api key management system
Layer 7 implements OAuth Authorization Server
Layer 7 implements OAuth Resource Server for your REST services, APIs
API Portal – Onboard and Manage Developers
2. Onboard Developers
Feature/Function API Portal
Developer Registration Y
API Key Management Y
API Explorer Y
API Rate Limiting Y
API Reporting Y
Developer Support Y
Fully-branded CMS Y
Account Management Y
Enterprise APIs
ESM – API Migration and Lifecycle Management
Automated dependency resolution when migrating policies between environments
Development Test (Enterprise) Production (Cloud)dev01LDAP
prod01LDAP
cloud01LDAP
3. Monetize your API’s
Example Scenario – Web Application Security
Web Proxy App Server DB Server
Thin & ThickClient
Policy Server(e.g. SiteMinder)
Directory(e.g. AD)
Monitoring & Logging
Example Scenario – Web Services Security
Web Proxy App Server DB Server
Mobile Access Gateway(L7 SecureSpan Gateway)
Thin & ThickClient
Policy Server(e.g. SiteMinder)
Directory(e.g. AD)
Monitoring & LoggingL7 Enterprise
Service Manager
B2BClients
Example Scenario – API Management
Web Proxy App Server DB Server
Mobile Access Gateway(L7 SecureSpan Gateway)
Thin & ThickClient
MobileApps
L7 API Portal
Policy Server(e.g. SiteMinder)
Directory(e.g. AD)
Monitoring & LoggingL7 Enterprise
Service Manager
B2BClients
Challenge: Reduce cost and delay in processing Medicaid member information by bringing the process online
Solution: Mobile Access Gateway allows iPad application to securely connect to existing backend APIs; data routing, strict authN & authZ, comprehensive threat protection
Results: Improved the provider’s health care coverage and member services, while increasing the effectiveness and efficiency of its Medicaid program
Case Study: API-Enabling Health Care
Case Study: Mobile-Enable Airline Services
Challenge: Securely expose existing services to third party developers in order to expand their market reach
Solution: The Layer 7 API Proxy allows the airline to securely expose and manage their APIs, while caching Sabre requests
Results: Significantly grew market reach, while controlling costs associated with constantly pulling data from Sabre to service Developer requests
Case Study: Smart Grid Gateway
Challenge: Migrate energy services to Smart Grid technology, leveraging the new capabilities offered by additional data and communication
Solution: SOA, Web and API Security Gateway enables high volume meter data collection, assisted service and upcoming mobile self-service for enhanced client experience
Results: Cost avoidance for higher volume meter traffic, improved customer service through real-time channels, improved service availability through proactive system monitoring
Conclusions
Employees are bringing mobile
devices to work en masse…
…and IT groups must accommodate them
without compromising security and SLA’s
Mobile Apps are being built to
improve productivity and reduce cost…
…existing enterprise services can be used to
quickly and reliably enable these apps
Enterprise API Management
integrates Mobile Apps and Enterprise
Services…
…through a Secure Mobile Access Gateway, an API Portal, and open
standards