CA API Management: A DevOps Enabler

CA API Management: A DevOps Enabler
Rajat Vijayvargiya
Sr. Principal Consultant, PreSales CA APIM
June 2015

2 © 2014 CA. ALL RIGHTS RESERVED.
Welcome to the Age of the CUSTOMER

4 Business Drivers identified for an Enterprise to be successful in the Age of the Customer
They are also referred to as drivers of Business Digital Transformation and have given rise to the APP ECONOMY

Mobile Apps
IoT / Big Data
Developer Community
Cloud ServicesPartners/Divisions
Social Registration
APIs are the BUILDING BLOCKS of this APP ECONOMY…
API
API
API
API
API
API

…and are CORE to addressing the Enterprise APP GAP and creating EXPERIENCES such as TripCase
Mobile Apps
IoT / Big Data
Developer Community
Cloud Services
Social Registration
Partners/Divisions
API
API
API
API
API
API
API

Seamless Yet Secure UXIntegrate everything
Time to Market
Orchestration
New API Composition
Interface & Data Security
SSO/ Identity Integration
& Federation
Caching & Optimization
Transform
anything to anything
Legacy Data Connectors
Availability & SLA
Process AutomationArchitecture Discovery Lifecycle Management
Enterprise Initiatives involving APIs

DevOps transforms People, Process and Technology

What about the 3rd C?

Continuous
Delivery
Continuous
Feedback
Continuous
Integration
A successful DevOps Strategy consists of 3 Cs and…
…requires an API Strategy and Architecture that can adapt to Continuous Change and improve Time to Market

A Layered API Architecture is an Agile Architecture approach that enables Adaptability and Extendibility
Decoupled layers can be abstracted to:
- Design APIs without increasing Complexity, Technical Debt and
Increasing ROI
- Enable Flexibility and fast Adoption of
disruptive changes (like MicroServices and Containerization)
- Centralize Governance by aligning the A’s
(Architecture, Application Development, Audit) without
compromising developer flexibility

Business
case
Design
and publish
Health
monitoring
Performance
analytics
Version
control
Manage APIs like products: API design, publishing,
versioning, usage and performance
Manage developers like customers: marketing, onboarding,
collaboration and testing
What you need to do
Registration
Onboarding
Enablement
Testing
Support and
Collaboration
Discovery
Drive business forward and improve business growth
Improve developer acquisition and relationship
development
Value to your business
API
Decoupling also allows Managing API and Developer Lifecycles efficiently

Dev in DevOps: The outcome is a well designed API and API Architecture
- Security: Protect against attack and misuse
- Usability: Easy for developers for effectively leverage
- Scalability: Able to handle rapid spikes in traffic
- Testability: Designed to help devs experiment with
functionality
- Reliability: Robust enough to minimize downtime
A well designed API can enable you to create Seamless and Intuitive User Experiences…

…Doesn’t matter if its for Employees or Customers…Its all about the User Experience (UX)!!
Creating these Experiences requires an Enterprise to…

Create agile API platforms
Adapt existing services into modern APIs
Optimize large volumes of transactions
Differentiate business with new consumer apps
Accelerate app release cycles and time to market
Deliver the UX consumers and employees expect
What you need to do Value to your business
API
…Seamlessly Connect Key Apps to Enterprise Data

Web
Web API
Information
Presentation, interface
{ “min”: “23C”,
“max”: “11C”…}
Presentation,
interface
Information
API
Remove data/web calls from the app(s)
Focus on the presentation interface to maximize the
user experience (UX)
Increased device efficiencies
Bridge legacy with new/emerging technologies
Better UX
…Decouple business logic from the ‘Look and Feel’

Determine the platforms that you’ll support
Determine the standards you need to support
Determine your developer team coding languages
Protocol orchestration translates between legacy and new
Interactive code generation removes a burden from the
developer team
End result – a GREAT UX
Legacy
Web Apps
Mixed Mobile
Devices
…Protocol Smorgasbord

Embrace mobile and the IoT
Enable single sign-on across apps & services
Use emerging APIs to cross devices
Convenience and improved lifestyle
Efficiencies, etc
Leverage existing technologies to embrace IoT
…Be Ready to Connect Anything to Anything

Control access to APIs based on user, app and device
Protect exposed APIs from external threats such as SQL
injections and x-site scripting attacks
Use security standards such as OAuth to provide SSO
Apply appropriate risk based controls based on context
of the situation
Protect sensitive assets from compromise reducing
impact to brand and regulatory compliance
Fine-grained API
Access Control
Threat Protection
Enterprise SSO
API
…Provide end-to-end security from the client to the backend API

Simplify registration/login/profile mgmt.
Provide a convenient, consistent experience
Enable single sign-on across apps & services
Improved customer experience/loyalty
Coordinated security across Web, mobile, APIs
Accelerated delivery of new apps
On device
From the Cloud
On-premise
Web Apps
Mobile Apps
APIs/Web Services Customers
…Securely and Conveniently Enable Omni-channel Access

…
Mobile Developers
Mobile Apps
CA API Developer Portal
CA API Gateway
> Runtime >
< Design Time <
API Management (APIM) is key to a successful API Strategy and Architecture

Outside Partners / Divisions
External Developers
Mobile Apps Cloud Services Internet of Things
APIs/Web Services
…
Mainframe/Data
Identities
CA APIM Simplifies, Integrates & Protects to connect MOBILE, MAINFRAME and EVERYTHING IN BETWEEN !!

CA-APIM is an agile API platform that aligns DEV with DevOps by using the Layered API architecture
approach
Dev Ops
People: Discovery Collaboration Reuse
Process: Lifecycle: API/DEV Routing & Traffic
Monitoring &
Analytics
Technology: API Design Security Scale & Performance

24 © 2014 CA. ALL RIGHTS RESERVED.Manage the Developer Community
Health Tracking
Workflow
Performance Global Staging Developer
Enrollment
API Docs
Forums
API Explorer
RankingsQuotas
Plans
AnalyticsReporting
Config Migration
Patch Management Policy Migration
Manage the API Lifecycle
Throttling Prioritization Caching
Routing Traffic ControlTransformation
Security
API – Enable the Data and Services
Composition
Authentication Social SSOAPI KeysEntitlements
OAuth 1.x OAuth 2.0 OpenIDConnect
Secure Access to the API
Token Service
CA APIM Management Suite

Security Breadth
Web / Cloud / Social
Federation
Web &
Mobile SSO
Mobile App Security
Advanced
Authentication
API / WAF
Enterprise GoalEnterprise Goal
Protect Data & Applications Against Attack
Ensure Integrity of APIs & Services
Unified Security Across Web & Mobile & IoT
Advanced Security Like Step-up Authentication, Stream
Security
CA APIM Solution CapabilitiesCA APIM Solution Capabilities
API Security & Management
Mobile Access & SSO
Developer Access
Enhanced Cloud & Mobile Orchestration
Broadened Federation & STS
PKI Integration & Key
Distribution
XMPP / Sockets
Security Step-up
Auth
Cloud SSO & Provisioning
Developer Access
Control
RBAC API & Policy Controls
STS & Attribute
Based Entitlements
Pen Tested, CC Hardened OS
Geo-fencing
Policy Based OAuth
Security Breadth

Customize APIs to each client
Iterate new services fast
Simplify reuse
Integrate with everything
Policy based API adaptation
SDK customization
Out of box integrations with everything
Flexible Platform via SDK and APIs

Fast authentications
Streamlined API message processing
Low latency apps
Fail over
We can cache authentications
Rapid XML / JSON parsing
API Adapters make building cloud connectors easy
Produce rich APIs so you can do most anything headless
Speed and Scale

Diverse Backend Data Connectors
Data Filtering & Processing
API Composition from Data Sources
Custom API Security for Each Consumer
Heterogenous and
Distributed data storage
(RDS, NoSQL, Hadoop, etc)
Customer
(Data Owner)
Customer via
Marketplace
Data Access Management
Internal Use
Management Portal
Service Provider
Customer 3rd Parties
Provider
Defined
Data Lens
Customer
Defined
Data Lenses
Service Provider
(Data Curator)
Customer
Data
Direct Partner /
Customer
Data
Marketplace
Data-centric API Generation Customer Self-Service
Aggregate Data Silos
RESTful Connectors for Hana
Data Lens into Hadoop Archive
Monetize Data in IoT & M2M
Data Oriented Integration
Make Big Data more Consumable, Sharable and Monetizable

Have Integrated SOA & API Solution
Replace Components with Unified Solutions
Provide Backend Integration with Mobile & Cloud
SOA to API Translation & Orchestration
CA API Gateway Solution CapabilitiesCA API Gateway Solution Capabilities
Can Replace UDDI with Portal
Can Replace ESB / DP Gateway with Gateway
Can Replace SOA Management
Can Map Legacy to Modern
Extend existing SOA/ESB architectures to make them API Capable

Mobile Access Security for Datacenter
Simplify Mobile SSO
Create Unique MDM / MAM Offer
MBaaS
Mobile Identity & Security in MAG
Create Mobile APIs
Mobile Optimization
Mobile Features like Notifications
Identity
Security
Adaptation
Optimization
Cloud
Orchestration
Mobile Backend complement to MDM/MAM

Accelerate App Development
Foster Developer Communities
Innovate Through Hackathons
UDDI Reg Replacement
SOAP & REST Capable API Portal
API Discovery & Exploration
API Virtualization, Test & Release via CA Service Virtualization
Mobile Features like Notifications
Mobile single sign-on and advanced
authentication
Role based access
Content-aware data protection
API DoS
Proactive API performance optimization
Real-time API monitoring & analytics
API Metering & SLA conformance
Contextual routing
CA Cloud Service Management & Wily
PO & CA APM
API Transformation and
Composition
API QA Testing & Sandbox
API Documentation
API Explorer
Leverage MDM app store
Leverage Nolio Release Management
Can Deploy to Internal and AWS
CA Service
Virtualization
360° story for turning APIs into Apps spanning Discover, Develop, Test, Deploy

ENABLE APP
DEVELOPERS
Accelerate application delivery
by providing flexible access
Provide ‘speed tracks with guard
rails’ – embed security into
mobile app APIs
Deliver portal to to define and
easily expose a set of APIs for
development, testing,
deployment, security runtime,
hosting and delivery
PROTECT APPs &
APPLICATIONS
Enforce authentication, access
controls and authorization
policies for APIs
Secure API inputs and API
outputs and provide
application security, eg XSS
and schema validation
Simplify SSO and federation to
apps and services through API
brokering
INTEGRATE
EVERYTHING
Streamline integration of
cloud, on-premise and PaaS
services
Comprehensive, extensive
mapping and protocol
transformations – anything
to anything
Flexible deployment models
– cloud portal and on-prem
gateway
MONETIZION & THE
BUSINESS OF APIS
Easy-to-use and flexible way
to generate revenue for the
use of APIs
Provide analytics and
reporting on API activity
Deliver billing system
integration to facilitate a
single view into APIs and
billing
Summary: CA Addresses Critical API & Application Economy Needs

4. Internal Security
5. Integration (ESB-lite)
6. Management (SLA)
1. Partner/Dev Access
2. Mobile/BYOD
3. SaaS/Cloud Integration
DMZ Trusted Zone
Consumers / BYOD
SaaS
CA API Developer Portal
CA APIM High Level Use Cases

DMZ
Trusted
Zone
Consumers / BYOD
SaaS
Developer Portal
MAG
Siteminder
DMZ
DMZ
MAG
Siteminder
SV Server / APM
ESB
CA APIM Deployment Example

API Management Category
Latest Analyst Report
Forrester Wave Report
API Management Solutions (v2)
September 29, 2014

API Design Best Practices
API Architecture
API Business Casing
API Security & Management Expertise
API Promotion & Hackathon Services
API Design Training & Courseware
Internal API Education Workshops
Online Materials
Support for API Promotion
Expert API Security Guidance
Client App
Developers
Business
API Owners
Backend
API Devs
Enterprise
Architects
Operations
API Academy Workshop
API Academy Education

Legal Notice
Copyright © 2014 CA. All rights reserved. Office 365 is either a registered trademark or trademark of Microsoft Corporation in the United States and/or
other countries. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies. No unauthorized use,
copying or distribution permitted.
THIS PRESENTATION IS FOR YOUR INFORMATIONAL PURPOSES ONLY. CA assumes no responsibility for the accuracy or completeness of the information. TO
THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENT “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING, WITHOUT
LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. In no event will CA be
liable for any loss or damage, direct or indirect, in connection with this presentation, including, without limitation, lost profits, lost investment, business
interruption, goodwill, or lost data, even if CA is expressly advised of the possibility of such damages.
Certain information in this presentation may outline CA’s general product direction. This presentation shall not serve to (i) affect the rights and/or
obligations of CA or its licensees under any existing or future written license agreement or services agreement relating to any CA software product; or (ii)
amend any product documentation or specifications for any CA software product. The development, release and timing of any features or functionality
described in this presentation remain at CA’s sole discretion.
Notwithstanding anything in this presentation to the contrary, upon the general availability of any future CA product release referenced in this
presentation, CA may make such release available (i) for sale to new licensees of such product; and (ii) in the form of a regularly scheduled major product
release. Such releases may be made available to current licensees of such product who are current subscribers to CA maintenance and support on a when
and if-available basis.
The information and results illustrated here are based upon each identified customer’s unique experiences with the referenced software product in a
variety of environments, which may include production and non-production environments. Past performance of the software products in such
environments is not necessarily indicative of the future performance of such software products in identical, similar or different environments.

Sr. Principal Consultant, PreSales CA APIM
rajat.vijayvargiya@ca.com
@cainc
slideshare.net/CAinc
linkedin.com/company/ca-technologies
ca.com
Rajat Vijayvargiya

CA API Management: A DevOps Enabler

Related slideshows

More Related Content

CA API Management: A DevOps Enabler