Hewlett Packard Enterprise View on Going Big with API Management - Application Transformation, Hybrid Infrastructure and Secure Access at an Enterprise Scale
Terry White
DevOps: API Management and Application Development
Hewlett Packard Enterprise
Fellow and Chief Technologist, Enterprise Services ABS
DO3T11S
@twhiteindtw
#CAWorld
It’s about what you don’t seeTerry White
November 2015
|
Agenda
3
MARKET AND CLIENT TRENDS
APPLICATION TRANSFORMATION
CONSIDERATIONS FOR CREATION AND USE
APPLICATION PROGRAMMING INTERFACE (API)
API MANAGEMENT & GATEWAY
API DESIGN, GOVERNANCE AND EXAMPLE FOR HPE
1
2
3
4
5
6
WHAT’S NEXT, WHAT’S NOW? MICROSERVICES7
|
Organizations are part of a dynamic ecosystem
Demands and pace of change are increasing
Suppliers
Information
sources
Communities
Your
OrganizationEmployees
PartnersDevices
Customers &
Citizens
• Everything and everyone’s
connected
• Anywhere, any time, any
access
• Immersive experiences,
unhindered commerce,
instant gratification
• More market
opportunities; more
disruptive competition
• Business and IT strategies
converging
Regulators
Your
Competitors
4
|
Disrupting innovation is accelerating
Mainframe Client/server Internet Mobile, social,big data, cloud
600,000+ tweets
2.2M Google searches
168 million+ emails sent
And every 60 seconds:
217 new mobile web users
• 2/3 of IT decision makers spending
less on traditional services as a result of
moving to the cloud
• Average cost of a security breach
$8.6M USD
• Volume of data by 2020: 40+ Zettabytes
5
|
The Internet
Client/Server
Mobile, Social, Big Data & The Cloud
Mainframe
Database
ERP
CRM
SCM
HCM
HCM
PLM
MRM
Amazon Web Services
OpSource
IBM
GoGrid
Rackspace
Joyent
Hosting.comTata Communications
Datapipe
PPM
Alterian
HylandLimeLight
NetDocuments
NetReach
OpenText
PaperHostXerox
HP
MicrosoftSLI Systems
EMC
IntraLinks
Jive Software
Qvidian
Sage
salesforce.com
SugarCRM
Volusion
Xactly
Zoho
Adobe
Avid
Corel
Microsoft
Paint.NET
Serif
Yahoo
CyberShift
Saba
Softscape
Sonar6
Ariba
Yahoo!
Quadrem
Elemica
Kinaxis
CCC
DCC
SCM
Cost Management
Order Entry
Product
Configurator
Bills of MaterialEngineering
Claim
Processing
Inventory
Manufacturing Projects
Quality Control
Business
Education
Entertainment
Games
Lifestyle
Music
Navigation
News
Photo & Video
Productivity
Reference
Social Networking
Sport
Travel
Utilities
Unisys
Burroughs
Hitachi
NEC
Bull
Fijitsu
ADP VirtualEdge
Cornerstone onDemand
CyberShift
Workbrain
KenexaSaba
Softscape
Sonar6
SuccessFactors
Taleo
Workday
Workscape
Exact Online
FinancialForce.com
IntacctNetSuite
SAP
NetSuite
Plex Systems
Cash Management
Accounts
Receivable
Fixed AssetsCosting
Billing
Time and Expense
Activity
Managemen
t
Payroll
Training
Time &
Attendance
RosteringSales tracking &
Marketing
CommissionsService
Data Warehousing
Finance
box.net
TripIt
Zynga
Zynga
Baidu
TwitterYammer
Atlassian
Atlassian
MobilieIron
SmugMug
SmugMug
Atlassian
Amazon
Amazon
iHandy
PingMe
PingMe
Associatedcontent
Flickr
Snapfish
YouTube
Answers.com
Tumblr.
Urban
Scribd.
Pandora
MobileFrame.com
Mixi
CYworld
Qzone
Renren
Yandex
Yandex
Heroku
RightScale
New Relic
AppFog
Bromium
Splunk
CloudSigma
cloudability
kaggle
nebula
Parse
ScaleXtreme
SolidFire
Zillabyte
dotCloud
BeyondCore
Mozy
Viber
Fring Toggl
MailChimp
Quickbooks
Hootsuite
Foursquare
buzzd
Dragon Diction
eBaySuperCam
UPS Mobile
Fed Ex Mobile
Scanner Pro
DocuSign
HP ePrint
iSchedule
Khan Academy
BrainPOP
myHomework
Cookie Doodle
Ah! Fasion Girl
Disruptive innovation is accelerating
Docker
Cloud Foundry
OpenShift
OpenStack
Azure
The waves
are getting
bigger and
coming
faster
6
|
Applications and enterprise organization structure
– Aligned to organizational boundaries/budgets
– Functionally aligned
– Designed to assist with department & organizational tasks
– Automate and Optimize
– Often sub-optimize
– Secured within the boundaries
– Sharing across boundaries through data
– Investment ROI
Enterprise
Legal HR
Finance
R&D DevelopmentMarketing
Manufacturing Sales Distribution
7
|
Infrastructure
Data
User
InterfaceApplic.
Interface
ApplicationFunctions
Business Rules
Business ProcessControls
Legacy Application Architecture
Infrastructure
Data
User
Interface
Applic.
Interface
ApplicationFunctions
Business Rules
Business ProcessControls
Infrastructure
Data
User
Interface
Applic.
Interface
Application
Functions
Business Rules
Business Process
Controls
Application A Program Y
8
Program X
Application XYZ
• Dozens and dozens of programs• 100’s or 1000’s of Batch• Files & databases
Data Stores
Data Access
Business
Presentation
Infrastructure
ModernizeTechnology
New Legacy
|
Application Transformation – Pain Points
Inflexibility — Current applications don’t provide the services, access to business tasks, and information required to truly deliver valuable customer- and employee-experience applications and services. This makes it difficult for the business to be IT-enabled.
Cost — IT resources not directed where they’re needed, with traditional IT (legacy infrastructure and applications) consuming most of the IT resources.
Risk — Legacy applications are increasingly reliant upon scarce (and disappearing) technology skills and aging infrastructure (e.g., mainframes). This increases both operational and business risks over time
Speed —Today’s applications are hard to change, improve, and adapt to offer new capabilities. Businesses need to move faster than ever to take advantage of business opportunities and/or meet regulatory requirements.
9
“The speed of business has changed immensely. The demand for speed is constant and disruptive.”
— Lee Kedrie, HPE Cloud Advisor
|
Cloud native
SaaS package
adoption
Binary only
Application Transformation Scenarios
Re-hostRe-installation
Re-hostRecompile
Re-hostSource code
mod.
Re-factorSource Code
upgrade
Re-Architect
Forward & Reverse
Engineer Business
Logic
Re-hostImage
Migration
RetireArchive
Uninstall
ReplaceCOTS upgrade
Dynamic Application
P2V
Containerize
Upgrade to
latest runtime
version
Eg: Unix to Linux
Mainframe
Cobol to
Linux/Microsoft
Take
advantage of
cloud
automation
Service –
enable Core
AppsCOTS or in-
house
application
Apps Integration 2 Cloud (AI2C)Data Migration 4 Cloud (DM4C)
Re-hostBinary
Migration
UpgradeCOTS & Custom
Adopt latest
and standard
COTS
Package
New Service & API Introduction
Cloud Hosted Cloud NativeCloud Aware
Static Application
10
|
Transformation to cloud is a journey with different on-ramps
Enterprises will start with different use cases and create unique paths to cloud enable their business
Standardize, Consolidate,
Virtualize, Automate
Build CloudBuildCloud
Packaged Applications
Dev/Test Cloud
Packaged Applications
Build CloudApplication
TransformationSaaS
ApplicationsDev/Test
CloudDev/Test
CloudApplication
Transformation
API enabled hybrid
infrastructure
Private cloud Public cloudManaged
cloudTraditional
“The API is everything for cloud computing”- David Linthicum
11
|
The Digitally-Enabled Business
Just as every business has a website to expose data or services for people, soon application programming interfaces (APIs) will be used to expose such assets in a machine-processable way.
Gartner predicts that by 2016, 75% of the Fortune 1000 will offer public web APIs and 50% of business to business collaboration will take place through web APIs.
12
|
Its an ______ Economy – fill in the blank
What’s your strategy?
Mobile First? API first?
13
Self-Service
Ease of use
Location aware
Notification (Attention)
Brand engagement
New revenue
Great Idea!
PrivatePublic
Traditional IT
|
Application Programming Interface (API)
1) What is an API?–API is a contract. A promise to perform described services when asked in specific ways.
2) How is it used?–According to the rules specified in the contract. The whole point of an API is to define how it's used.
3) When and where is it used?– It's used when 2 or more separate systems need to work together to achieve something they can't do alone.
An application programming interface (API) is a particular set of rules
('code') and specifications that software programs can follow to
communicate with each other. It serves as an interface between
different software programs and facilitates their interaction, similar to
the way the user interface facilitates interaction between humans and
computers.
14
|
Evolution of APIs
Source: Deloitte University Press, API economy from systems to business services, accessed October 7, 201515
October 28, 2015
14,187 APIs
17% increase since January
|
Critical Requirements
• Support - Support for your team’s interface becomes critical
• Security - Every team’s interface becomes a potential Denial-of-Service attacker requiring service levels, quotas and throttling
• Monitoring / QA - Monitoring and QA are interconnected, you will need smart tools for not just telling if something is up and running, but actually delivering the expected results
• Discovery - Service discovery becomes important. You will need to know what APIs there are, if they are available and where to find them
• Testing - Sandbox and debugging is essential for all APIs
16
|
API Management Services
API Publisher: enables API providers to easily publish their APIs, share documentation, provision API keys, and gather feedback on an API’s features, quality and usage
API Store: provides a space for consumers to discover API functionality, subscribe to APIs, evaluate them and interact with API publishers
API Gateway: enables you to secure, protect, manage, and scale API access
17
Monito
ring a
nd A
naly
tics
ConsumersProducers
Collaboration
API GatewayAPI Calls
Runtime
Existing Services & APIs
API Publisher Tooling API Store Tooling
Publish
DevelopMonitor
Manage Find
EvaluateSubscribe
Explore
APIAPI
API+V1Published
Rated
Govern
ance
|
Seven Habits of Effective Service and API Management
Habit 1 Apply an API-First design approach
Habit 2 Choose a solid API runtime
Habit 3 Create a central service repository
Habit 4 Manage services through versions, policies and contracts
Habit 5 Promote and socialize your APIs
Habit 6 Monitor and assess API usage
Habit 7 Continually improve - refactor constantly to improve the API
18
Source: Mulesoft, Seven Habits of Highly Effective Service and API Management, August 13, 2013
|
API DesignDomain Driven Design - Business Context
CRM
SCM
F&A
HR
Tra
vel
Health
Reta
il
Fin
ance
Agri
culture
Constr
uction
Manuf.
Com
m.
Business Domains
Cross IndustryDomains
VerticalIndustryDomains
Supply Chain Management (SCM)
Based on Supply Chain Operations Reference (SCOR) model, Supply Chain Council
Plan
Source Make Deliver
Return
Build to Stock
Build to Order
Engineer to Order
ScheduleIssue
ProductProduce & Test
Package StageRelease to Deliver
Decompose and
Create Abstractions
Capacity Inventory ConstraintsDemand Simulate
Count ModelAggregate AnalyzeLocate
19
|
API DesignPower of API’s for every domain
20
Network
StorageCompute
Cloud OS
PaaSSaaSIaaS
OSS/BSM/ITSMAPI
abstraction at each domain
and within the domain
Portal/API Applications / Services Developer/Middleware/Run Time
CRM
SCM
F&A
HR
Tra
vel
Health
Reta
il
Fin
ance
Agri
culture
Co
nstr
uctio
n
Man
uf.
Com
m.API enabled
business domain Apps & Services
Orchestration/Automation
-----------Configure/Provision
|
API Governance
The Set of APIs and their scope
– service oriented API governance
Administration of APIs
– lifecycle management; versioning
Quality of the API
– implementation, documentation -complete package to release
API Policies
– security access (what/whom/where), constraints, transformations, and extensions
21
API Governance/Development API Consumption
Ex. HP Systinet, CA API Portal Ex. CA API Gateway
Design Time Run Time
• Design
• Lifecycle
• Policies
• Standards
• Resilience
• Quality
• Security
• Implementation
• Configuration
• Availability
• Throttling
• Monitoring
• Security
|
Secrets of a Great API
Secret #1: Design for great user experience
Secret #2: Optimize for use case
Secret #3: Provide easy access
Secret #4: Build a community
APIs are becoming ubiquitous as their potential to transform business is becoming widely recognized. But delivering a successful API program that achieves defined business objectives requires a systematic approach to designing and managing APIs. Great APIs aren’t difficult to develop if you design for your users and the business processes the API will support, if you make it easy for developers to find and consume your API, and you actively manage your API developer community as an extension of your business.
22
|
API Gateway example at Hewlett Packard EnterpriseProblem Statement
23
Secure API Gateway
Mobile SSO
UnifiedAuthentication
& Authorization
Protect Backend
HPE Mobile B2E & Partners
• Converge efforts across corporation
• Enable many and different devices
Flexibility to rapidly:
• Integrate new B2E/B/C Use cases
• Integrate new requirements
HPE B2B
• Externalize large classic IT Apps
• Enable integration with enterprise SaaS Apps
|
Backend APIs
Authorization Server Enterprise IdPs
Database
(tokens, services, tenant, analytics)
Token Service
Mobility SSO
Authorization engine
Service registry
IdPsmanager
Tenants manager
Analytics API
Tenant Provisioning API
Service Provisioning API
Core API Engine
SaaS providers Identity Providers
DMZ
Enterprise
Intranet
Internet
HPE security Gateway
Solution architecture (functional)• Central Token - Security segregation and
bridging to integrate the different backend
security models
• SSO module for corporate mobile Apps
• Service Registry
• Tenant Management
• Authorization enforcement - Interface with
the HP Authorization server
• Management console - to ease the
deployment, configuration and monitoring of the
platform
• Analytics data - fine grained visibility on API
traffic
Audit-log
Mobile devices
24
|
Enterprise Applications handle enterprise scale but are …
25
Not the fansBuilt for the players…
|
Additional Considerations when creating and using APIs
– Security
– Scale
– Service Level
– Support Level
– Monitoring / logging
– Versioning
– Resilience / failures
– Dependencies
– Transaction Management
– Vocabulary
– Timeliness of information
– DevOps – API development for new style of IT both requires DevOps and supports DevOps
26
|
Going API First - It’s important to have management support
At Amazon, Jeff Bezos issued a mandate sometime back around 2002:
All teams will henceforth expose their data and functionality through service interfaces.
Teams must communicate with each other through these interfaces.
There will be no other form of inter-process communication allowed: no direct linking, no direct reads of another team’s data store, no shared-memory model, no back-doors whatsoever. The only communication allowed is via service interface calls over the network.
It doesn’t matter what technology they use.
All service interfaces, without exception, must be designed from the ground up to be externalizable. That is to say, the team must plan and design to be able to expose the interface to developers in the outside world. No exceptions.
The mandate closed with:
Anyone who doesn’t do this will be fired. Thank you; have a nice day!
27
|
Hybrid IT for Applications supported by APIs
...We’re Stuck with it!
API Management
SaaS/PaaS
PrivateCloud
Mainframe
Client-Server
Web Apps
Policies
Security
PublicCloud
Mobile
28
|
What’s next, what’s now? Microservices“Loosely coupled service oriented architecture with bounded context” - Adrian Cockcroft
“What are they?
– Fined grained SOA – think of a service per data table (e.g. deconstruct the database)
– Language agnostic integration
– Independently updated/deployed
– Self-contained, bounded context (e.g. clear module boundaries based on domain context)
– Require very little knowledge to use a Microservice API
– Flexible versioning; ability to run multiple versions simultaneously
Developing Microservices
– Requires a culture and thought shift from traditional ways
– From project focus to product focus
– Thrives on DevOps / Automation
– Build to log & monitor everything
– Build to survive
– Requires effective domain thinking and foresight
Challenges
– Inexperience
– Inter team communication overhead
– Domain modeling
– Achieving execution speed
– Synchronous vs. Asynchronous decisions
– Robust frameworks and patterns (emerging)
– Managing multiple versions
– Managing/understanding dependencies
– Multiple technology stacks
Benefits
– Autonomous teams
– Composability of business services
– Phased obsolescence
– Scale
– Resilience
– Speed
How to get started
– Get management support
– Implement a API proxy
– Implement DevOps (Agile + Automaton)
– Read the books29
Infrastructure
Data
API
Function
Infrastructure
Data
API
Function
Infrastructure
Data
API
Function
DevOps
|
Digital everything . . . Everywhere,
everyday, everyone connected1
Every business is adigital business
Disrupting every industry
In the idea economy, anyone can change the world
30
Source: 1: IP & Science business of Thomson Reuters – The world in 2025 – 10 predictions in innovation, 2014
| 31
|
© 2015 CA. All rights reserved. All trademarks referenced herein belong to their respective companies.
The content provided in this CA World 2015 presentation is intended for informational purposes only and does not form
any type of warranty. The information provided by a CA partner and/or CA customer has not been reviewed for accuracy
by CA.
For Informational Purposes Only Terms of this Presentation
|
For More Information
To learn more, please visit:
http://cainc.to/Nv2VOe
CA World ’15