How to Architect Your Application Infrastructure for ... · communication amongst microservices....

How to Architect Your Application

Infrastructure for Effective API Delivery

Kevin Jones Global Solutions

Architect, NGINX BU @

F5 Networks

Why APIs and Why Manage Them?

Common API Gateway Deployment Patterns.

A Look at API Gateways in East-West Traffic Patterns.

Recap of Patterns.

Agenda

How can NGINX Help?

Confidential – Do Not Distribute

Why APIs and Why Manage

Them?

• Break down siloes and unlock data (within and among organizations)

• Increase collaboration amongst developers

Unlock data

• Primary interface for communication amongst microservices.

Create a foundation

• Generate revenue and build partnerships with third-party developers and ecosystem of suppliers, distributors, resellers, and even customers

• Expose APIs via Dev Portal

• “Digital marketplace” for an enterprise

Find new digital revenue stream

Why Develop APIs?

4 External APIs Internal APIs

Source: https://www.programmableweb.com/news/research-shows-interest-providing-apis-still-high/research/2018/02/23

API as a source of revenue

6

Source: 2014 Search Security article:

https://searchsecurity.techtarget.com/news/2240222882/API-gateways-emerge-to-address-growing-security-demands

50% of Salesforce’s

revenues come from APIs

90% of Expedia's

revenues come from APIs

40% of all NGINX Plus instances are deployed as an API

gateway

Source: NGINX User survey

API Management

• Define Policy

• Pushing Configurations

• APM and Consumption Visualization

• Developer Portal

API Gateway

• Lightweight

• Easily Distributed

• Easily Scaled

• Heavy Lifting…

• Request Processing

9

API Definition & Publication

Monitoring and Analytics

Onboarding and Documentation

(Developer Portal)

Customizable Dashboards

Alerting Extract Insights

(REST API + Logging) Multi- Cloud Support

Protect Authentication &

Authorization

Characteristics to look out for…

API Management API Gateway

Common API Gateway

Deployment Patterns

API

A

API

B

API

C

API

A

API

B

API

C

Edge Gateway

API

A

API

B

API

C

• TLS termination

• Client authentication

• Authorization

• Request routing

• Rate limiting

• Load balancing

• Request/response manipulation

Edge Gateway

API

A

API

B

API

C

D

E

F

G

H

• TLS termination

• Client authentication

• Authorization

• Request routing

• Rate limiting

• Load balancing

• Request/response manipulation

• Façade routing

Two-Tier Gateway

API

A

API

B API

C

D

E

F G

H Security Gateway

• TLS termination

• Client authentication

• Centralized logging

• Tracing injection

Routing Gateway

• Authorization

• Service discovery

• Load balancing

Microgateway

E

E

F

G

F

H

D

D

D

E

F

DevOps

Team-

owned

• Load balancing

• Service Discovery

• Authentication per API

• TLS Termination

• Routing

• Rate limiting

But what about East-West

traffic?

F

E

Microgateway

E

E

F

F

D

D

D

• Service discovery integration

• Obtain authentication credentials

• Everything else!

F

E

Sidecar Gateway

E

E

F

F

D

D

D

• Outbound load balancing

• Service discovery integration

• Authentication

• Authorization?

Edge / Security Gateway

• TLS termination

• Client authentication

• Centralized logging

• Tracing injection

Kubernetes Cluster

F

E

Service Mesh

E

E

F

F

D

D

D

Service Mesh Control Plane

Ingress / Edge

Gateway

All DevOps

teams

F

E

Two-Tier Gateway

E

E

F F

D

D D

F

E

E

E

F F

D

D D

Bottleneck?

F

E

Bottleneck?

E

E

F F

D

D D

F

E

E

E

F

F

D

D

D

Recap of Patterns

In Recap…

Edge Gateway

+ Monoliths with centralized governance

- Frequent changes, DevOps team-owned microservices

Two-Tier Gateway

+ Flexibility, independent scaling of functions

- Distributed control

Microgateway + DevOps teams, high-frequency updates

- Hard to achieve consistency, no central security control

Sidecar Gateway

+ Policy-based E/W, strict authentication requirements

- Control plane complexity

How can NGINX Help?

NGINX at the Core (API Gateway)

24

• Both Open Source and Enterprise

• Compact and High-Performing

• Provides L7 Data Plane

• Connection Handling

• Scalability (API or DNS)

• Authentication / Authorization (JSON Web Tokens + Auth_request)

• DDoS Protection / Request Rate Limiting (limit_conn / limit_req)

• Provides Insight (API + Logging)

• Linux Based

Many API Gateways Solutions are Built on NGINX

Google Cloud

Endpoints Axway

IBM DataPower

Kong Red Hat 3scale

Torry Harris

Reduce Complexity with NGINX

26

Data plane (NGINX API GW) does not require runtime

connectivity to control plane (NGINX Controller)

• High Performance

• Same high performance regardless of where API GW is deployed

(whether to handle N/S traffic or E/W traffic)

• No need for additional software components

• Small API GW footprint

• Easy to deploy anywhere (Docker)

API Management

Definition & Publication

Security Policy

Traffic Mgmt. (API GW)

Ongoing Monitoring & Maintenance

Analytics to Assess API

Value

Dev Portal

• Create and publish APIs

• Define policy for those APIs

• Quickly and easily publish

configurations (best practices)

• Provides visibility into API health

with performance monitoring

• Real-Time alerting

NGINX Controller for API Management

API Management

Definition & Publication

Security Policy

Traffic Mgmt. (API GW)

Ongoing Monitoring & Maintenance

Analytics to Assess API

Value

Dev Portal

Coming soon…

• Dev Portal for onboarding and

documenting APIs

• Increased Analytics to assess API

value and consumption

NGINX Controller for API Management

Kevin Jones

kevin@nginx.com

Thank you! Questions?