Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
How to Architect Your Application
Infrastructure for Effective API Delivery
Kevin Jones Global Solutions
Architect, NGINX BU @
F5 Networks
Why APIs and Why Manage Them?
Common API Gateway Deployment Patterns.
A Look at API Gateways in East-West Traffic Patterns.
Recap of Patterns.
Agenda
How can NGINX Help?
Confidential – Do Not Distribute
Why APIs and Why Manage
Them?
• Break down siloes and unlock data (within and among organizations)
• Increase collaboration amongst developers
Unlock data
• Primary interface for communication amongst microservices.
Create a foundation
• Generate revenue and build partnerships with third-party developers and ecosystem of suppliers, distributors, resellers, and even customers
• Expose APIs via Dev Portal
• “Digital marketplace” for an enterprise
Find new digital revenue stream
Why Develop APIs?
4 External APIs Internal APIs
Source: https://www.programmableweb.com/news/research-shows-interest-providing-apis-still-high/research/2018/02/23
API as a source of revenue
6
Source: 2014 Search Security article:
https://searchsecurity.techtarget.com/news/2240222882/API-gateways-emerge-to-address-growing-security-demands
50% of Salesforce’s
revenues come from APIs
90% of Expedia's
revenues come from APIs
40% of all NGINX Plus instances are deployed as an API
gateway
Source: NGINX User survey
API Management
• Define Policy
• Pushing Configurations
• APM and Consumption Visualization
• Developer Portal
API Gateway
• Lightweight
• Easily Distributed
• Easily Scaled
• Heavy Lifting…
• Request Processing
9
API Definition & Publication
Monitoring and Analytics
Onboarding and Documentation
(Developer Portal)
Customizable Dashboards
Alerting Extract Insights
(REST API + Logging) Multi- Cloud Support
Protect Authentication &
Authorization
Characteristics to look out for…
API Management API Gateway
Common API Gateway
Deployment Patterns
API
A
API
B
API
C
API
A
API
B
API
C
Edge Gateway
API
A
API
B
API
C
• TLS termination
• Client authentication
• Authorization
• Request routing
• Rate limiting
• Load balancing
• Request/response manipulation
Edge Gateway
API
A
API
B
API
C
D
E
F
G
H
• TLS termination
• Client authentication
• Authorization
• Request routing
• Rate limiting
• Load balancing
• Request/response manipulation
• Façade routing
Two-Tier Gateway
API
A
API
B API
C
D
E
F G
H Security Gateway
• TLS termination
• Client authentication
• Centralized logging
• Tracing injection
Routing Gateway
• Authorization
• Service discovery
• Load balancing
Microgateway
E
E
F
G
F
H
D
D
D
E
F
DevOps
Team-
owned
• Load balancing
• Service Discovery
• Authentication per API
• TLS Termination
• Routing
• Rate limiting
But what about East-West
traffic?
F
E
Microgateway
E
E
F
F
D
D
D
• Service discovery integration
• Obtain authentication credentials
• Everything else!
F
E
Sidecar Gateway
E
E
F
F
D
D
D
• Outbound load balancing
• Service discovery integration
• Authentication
• Authorization?
Edge / Security Gateway
• TLS termination
• Client authentication
• Centralized logging
• Tracing injection
Kubernetes Cluster
F
E
Service Mesh
E
E
F
F
D
D
D
Service Mesh Control Plane
Ingress / Edge
Gateway
All DevOps
teams
F
E
Two-Tier Gateway
E
E
F F
D
D D
F
E
E
E
F F
D
D D
Bottleneck?
F
E
Bottleneck?
E
E
F F
D
D D
F
E
E
E
F
F
D
D
D
Recap of Patterns
In Recap…
Edge Gateway
+ Monoliths with centralized governance
- Frequent changes, DevOps team-owned microservices
Two-Tier Gateway
+ Flexibility, independent scaling of functions
- Distributed control
Microgateway + DevOps teams, high-frequency updates
- Hard to achieve consistency, no central security control
Sidecar Gateway
+ Policy-based E/W, strict authentication requirements
- Control plane complexity
How can NGINX Help?
NGINX at the Core (API Gateway)
24
• Both Open Source and Enterprise
• Compact and High-Performing
• Provides L7 Data Plane
• Connection Handling
• Scalability (API or DNS)
• Authentication / Authorization (JSON Web Tokens + Auth_request)
• DDoS Protection / Request Rate Limiting (limit_conn / limit_req)
• Provides Insight (API + Logging)
• Linux Based
Many API Gateways Solutions are Built on NGINX
Google Cloud
Endpoints Axway
IBM DataPower
Kong Red Hat 3scale
Torry Harris
Reduce Complexity with NGINX
26
Data plane (NGINX API GW) does not require runtime
connectivity to control plane (NGINX Controller)
• High Performance
• Same high performance regardless of where API GW is deployed
(whether to handle N/S traffic or E/W traffic)
• No need for additional software components
• Small API GW footprint
• Easy to deploy anywhere (Docker)
API Management
Definition & Publication
Security Policy
Traffic Mgmt. (API GW)
Ongoing Monitoring & Maintenance
Analytics to Assess API
Value
Dev Portal
• Create and publish APIs
• Define policy for those APIs
• Quickly and easily publish
configurations (best practices)
• Provides visibility into API health
with performance monitoring
• Real-Time alerting
NGINX Controller for API Management
API Management
Definition & Publication
Security Policy
Traffic Mgmt. (API GW)
Ongoing Monitoring & Maintenance
Analytics to Assess API
Value
Dev Portal
Coming soon…
• Dev Portal for onboarding and
documenting APIs
• Increased Analytics to assess API
value and consumption
NGINX Controller for API Management