Minneapolis API Management
User Group
Aric Day | Principal Consultant | CA API Management
February 2018
[email protected]
1 Introduction / Breakfast
12 Around the Room: Holiday Results
13 GUEST PRESENTATION : TARGET TEAM
Agenda
14 10min Break
15 Shiny New Things
16 Wrap Up : HAPPY VALENTINES DAY!!
2
Copyright © 2018 CA
Around the Room: Discussion
Discuss the Holiday Deployment
• Did you experience predictable volumes?
• What monitoring techniques & tools used?
• Stability issues or outages?
• New enhancements / features used or requested?
• Plans to upgrade this year? Which products?
Discuss Current Automation Maturity
• Using automated server builds?
• Using automated service migration / deployment?
• Which CI/CD tools are in your toolbox?
© 2018 CA. Confidential. All rights reserved.
Target Presentation: Use Case and Roadmap
© 2018 CA. Confidential. All rights reserved.
© 2018 CA. Confidential. All rights reserved.
The Modern Application Architecture Model
Manage Monitor
Orchestrate and Optimize API and app
manage API performance with
operations at scale analytics
Secure Consume
Protect APIs from Enable secure,
threats and scalable use of
vulnerabilities APIs in apps
API Providers API Consumers
Test | Publish Develop
Test and publish Accelerate
APIs to target development with
environments tools and SDKs
Create Plan Discover
Build APIs and Strategize, design Help developers
microservices with fast, and prototype APIs find and integrate
automated tools and microservices APIs easily
Full Lifecycle API Management
© 2018 CA. Confidential. All rights reserved.
© 2018 CA. Confidential. All rights reserved.
Latest Innovations in CA API Management
Manage Monitor
New Precision API
CA Microgateway
Monitoring
Secure Consume
New Rapid App
Security API Providers API Consumers RAS Universal
SDK
Test | Publish Develop
New Service New API Developer
Create Plan Discover
Virtualization Portal
Solutions
New Assertion
Capabilities
© 2018 CA. Confidential. All rights reserved.
Microgateway – Key Characteristics
Capabilities and Patterns: Deployment: Interaction:
Service Discovery and Route via Lightweight, containerized gateway Developer-friendly policy
integration with service registries templates provided for easy
Easily accessible from common
Access Token for last mile security design-time config
developer platforms
Rate Limiting and policy Extend and enhance templates
Deploy and manage using Docker
enforcement to provide custom/new policies
Incorporate into industry-standard
Licensed and priced to scale within Bake new templates into reusable
DevOps processes
highly decentralized environments containers for future
Support for PaaS environments with
Lightweight Orchestration allows OpenShift as first target
for decoupling of backend services
front frontend capabilities
Circuit Breaker to protect from the https://github.com/CAAPIM/Microgateway
propagation of failures
© 2018 CA. Confidential. All rights reserved.
Demo Architecture
CA Live API Creator
lac.docker.local:80
Service Registry networks: microservice Consumers
consul.docker.local:8500
Beers
Rules
mysql_beers Data API
:3306 internal
CA Mobile API Gateway
Beer_Comments mas.docker.local:8443
beer_comments Rules
Data API
:3306 internal CA Microgateway
msgw.docker.local:9443
admin
CA Developer Console
mas.docker.local:443
lac_mysql Data API Rules
:3306 internal
lac_cluster Developers
OAuth HUB
https://github.com/aricday/apimanagement/tree/master/mpls_ms_demo
10 © 2018 CA. ALL RIGHTS RESERVED.
Latest Innovations in CA API Management
Manage Monitor
New Precision API
CA Microgateway
Monitoring
Secure Consume
New Rapid App
Security API Providers API Consumers RAS Universal
SDK
Test | Publish Develop
New Service Create Plan Discover New API Developer
Virtualization Solutions Portal
New Assertion
Capabilities
11 © 2018 CA. ALL RIGHTS RESERVED.
Rapid App Security Technical Overview
Components for addressing authentication challenges
• Components
– CA Advanced Authentication
• Provides a cost-effective and user-convenient way to protect mobile
apps with 2FA credentials and contextual risk-based authentication
– CA Mobile API Gateway (OAuth HUB)
• Builds trust relationship between user, app, and device, and secures
communications between device and backend systems
– CA Rapid App Security Mobile SDK
• Simplifies developer experience through a single, unified SDK that
easily embeds security into a mobile app
© 2018 CA. Confidential. All rights reserved.
FIDO® Overview
The FIDO® (Fast IDentity Online) Alliance was established to tackle the issues
related to traditional usernames and passwords.
FIDO empowers secure authentication among devices and online services by
using biometric information.
FIDO is based on public key cryptography where biometric information about the
user is saved only on the device, and not on the server.
As the user credentials are not traversing over the network in FIDO, it is a safer
protocol. Thus, FIDO prevents man-in-the-middle attacks.
Commonly used biometric modalities include fingerprint, face, iris, and voice scan.
© 2018 CA. Confidential. All rights reserved.
FIDO Integration with CA Solutions
Access Gateway Policy Server User Store CA Identity Manager
Universal SDK Secure Proxy CA Directory
API Gateway
(MAG) CA Single Sign-On
Applications
Devices
Copyright ©2017 SAMSUNG SDS. All rights reserved.
Application
Services
Auth and Risk ü Risk Engine
ü Rules & Policies
Services ü Strong Authentication
© 2018 CA. Confidential. All rights reserved.
Universal SDK
© 2018 CA. Confidential. All rights reserved.
Latest Innovations in CA API Management
Manage Monitor
New Precision API
CA Microgateway
Monitoring
Secure Consume
New Rapid App
Security API Providers API Consumers RAS Universal
SDK
Test | Publish Develop
New Service New API Developer
Create Plan Discover
Virtualization Portal
Solutions
New Assertion
Capabilities
© 2018 CA. Confidential. All rights reserved.
New Assertions:
• JavaScript Execution Assertion (ALPHA)
• AWS Integration Assertion (BETA)
• Circuit Breaker Assertion (GA)
• Write LDAP Assertion (GA)
https://validate.ca.com/welcome/
© 2018 CA. Confidential. All rights reserved.
Latest Innovations in CA API Management
Manage Monitor
New Precision API
CA Microgateway
Monitoring
Secure Consume
New Rapid App
Security API Providers API Consumers RAS Universal
SDK
Test | Publish Develop
New Service New API Developer
Create Plan Discover
Virtualization Portal
Solutions
New Assertion
Capabilities
© 2018 CA. Confidential. All rights reserved.
CA Precision API Monitoring: End-to-End Visibility
End Users CA API CA APM
Management
Synthet
ic Mobile Network Load Back-end /
API App
Device Balancer Database /
Gateway Server/
Middleware Mainframe
Ø Visibility into API performance
Back-end /
Ø Understand which back-end systems App Server/
Database /
support business services Precision API
Middleware
Mainframe
Monitoring
Ø Determine End-User experience
Ø Rapidly triage performance issues
App Server/ Back-end /
Middleware Database /
Mainframe
© 2018 CA. Confidential. All rights reserved.
Manage & Monitor API and Gateway Metrics
Customized type views for
Services and API Gateway
metrics
Metric visibility: per service
latency, successes, failures,
and violations
Gateway OS vitals
monitoring including CPU,
memory, and MySQL
database
Automatic alerting on API
performance anomalies
© 2018 CA. Confidential. All rights reserved.
Topology Map and Transaction Tracing
Team Center exposes front-end
APIs grouped by gateways
& clusters with back-ends
Experience Views summarize
key API metrics in a simple
interface
Detailed API transaction tracing
allows quick triage
Correlation of API traces to
backend APM monitored
systems show entire transaction
from customer perspective
© 2018 CA. Confidential. All rights reserved.
Latest Innovations in CA API Management
Manage Monitor
New Precision API
CA Microgateway
Monitoring
Secure Consume
New Rapid App
Security API Providers API Consumers RAS Universal
SDK
Test | Publish Develop
New Service New API Developer
Create Plan Discover
Virtualization Portal
Solutions
New Assertion
Capabilities
© 2018 CA. Confidential. All rights reserved.
CA API Developer Portal Timeline
CA API Developer Portal CA API Developer Portal CA API Developer Portal
(Classic) (SaaS) (On-Prem or Enhanced Experience)
SaaS version of the CA API SaaS version of the CA API Management suite with a brand new portal
This is the latest version of the called
Management suite with a brand new and enhanced features
“classic” portal portal and enhanced features
v. 3.5 v. 4.0.0 v. 4.0 v. 4.1 v. 4.1.7 v. 4.2
DEC JAN JUN NOV DEC
2012 2014 2017 2017 2017 2017
© 2018 CA. Confidential. All rights reserved.
Improved On-Premises Deployment Process
© 2018 CA. Confidential. All rights reserved.
New decoupled API Publishing (Federated Deployment)
APJ EMEA NA
API Owner
Automatic
Deployment Dev
On-demand
Deployment UAT
Admin
Scripted
Deployment
Prod
CICD + custom script
© 2018 CA. Confidential. All rights reserved.
New decoupled API Publishing (Federated Deployment)
Developers
Load balancer
Admins
API Owners
PRODUCTION
NA EMEA APJ
TEST
NA EMEA APJ
api1 DEV
NA EMEA APJ
api2
api3
© 2018 CA. Confidential. All rights reserved.