SlideShare a Scribd company logo
1 of 25
1
Modernizing an Existing SOA-based Architecture
with APIs
Robert C. Broeckelmann
Jr.
Principal Consultant
RCBJ Consulting, LLC
©2015 Apigee. All Rights Reserved.
Modernizing an Existing SOA-
Based Architecture with APIs
Robert C. Broeckelmann Jr.
Principal Consultant
RCBJ Consulting, LLC
2
About Me
• Founder and a Principal Consultant at RCBJ Consulting,
LLC.
• RCBJ Consulting, LLC is a small consulting firm
specializing in SOA, API Management, Performance
Tuning, and Security started in 2011.
• Masters degree in Computer Science from Washington
University in Saint Louis.
• Started working with APIgee Edge Server in 2014.
• Worked with WebSphere DataPower since 2010.
3
Disclaimers, Warnings, Health Hazards
• What we present here is one of numerous possible ways to use
APIgee technology. Your situation and requirements will probably
differ.
• As always, test things in a non-production environment prior to
using anything in production.
• We are not responsible for spontaneous combustion of the
known universe or any other undesirable outcomes associated
with using what is discussed here.
• This presentation describes a large organization's journey from
an existing SOA & Integration Platform (including DataPower) to
API Management. Unfortunately, the organization will remain
nameless.
4©2015 Apigee. All Rights Reserved.
Agenda
5
1. Business & Technology Drivers
2. Current Infrastructure, SOA, and Integration
Capabilities
3. Gaps
4. Considerations & Requirements
5. Lessons Learned & End-State Architecture
©2015 Apigee. All Rights Reserved.
What are the Drivers?
• Business
– Mobile
– B2B Integration (partners, vendors, suppliers)
– SaaS Solution Integration (to realize benefits of SaaS solutions in a large
organization)
– Facilitate wider adoption & increase business opportunities
• Technology
– Direction industry is going
– APIs easier to develop with than predecessor standards (SOAP, CORBA, EJB, etc)
– Maturing standards
• Security (Authentication & Authorization): OAuth 2.0 [5],OpenID Connect 1.0 [6],JWT 1.0
[7]
• Interface definitions: Swagger 2.0 [8]
• JSON Schema: [4] [14]
6©2015 Apigee. All Rights Reserved.
Existing SOA/Integration Capabilities
• Our starting point...
• SOA Capabilities
– SOA Governance/Service Life-Cycle Management
– Service meta-data Registry/Repository
• Service Versioning/Routing/SecurityPolicy
– Security Model
– Standard Messaging Models
– Enterprise Service standards
– Standard error handling, reporting, and logging. Statistics Logging.
• Integration Capabilities
– Integrating dozens of on-premise Commercial Off-The-Shelf (COTS)
applications/some third-party systems
– SOAP over HTTPS and XML over WebSphere MQ, primarily. Some REST. Some
binary data formats & SAP IDOCs.
– Data transformations/Protocol Transformations/Security Integration
7©2015 Apigee. All Rights Reserved.
Existing SOA/Integration Capabilities(cont.)
• Use the IBM Integration Stack
– WebSphere Message Broker/IIB [10]
– WebSphere DataPower [9]
– WebSphere Services Registry & Repository [11]
– WebSphere MQ [12]
– WebSphere Transformation Extender(WTX) [13]
– Focusing on WebSphere DataPower (lots of information about
other products available on the Internet or the Reference
Section)
• Relevant Patterns
– Enterprise Service Bus (ESB) [1],[2]
– Service Gateway
8©2015 Apigee. All Rights Reserved.
Enterprise Service Bus
9©2015 Apigee. All Rights Reserved.
Service Gateway
10©2015 Apigee. All Rights Reserved.
Current Infrastructure: Gaps
• Legacy baggage
– Primarily created by organization, not the technology
– Creates complications and obstacles that must be deal with
• Existing integration stack products not built with
REST/APIs & JSON in mind.
– Added as afterthought
• Missing Developer Portal
– One stop, self-service, shop for developers throughout the
development life-cycle
– Ties into DevOps plans for the organization
11©2015 Apigee. All Rights Reserved.
Current Infrastructure: Gaps (cont.)
• Cannot perform JSON Schema Validation and request
validation based upon Swagger 2.0 data definitions
• Limited support for APIs and Swagger 2.0 in existing
Service Registry
• No support for a standards-based API Security Model
– OAuth 2.0, OpenID Connect 1.0, and JWT 1.0
• Current infrastructure is all on-premise
– Limited to single part of the country
– No Geo-Location Based Routing of API requests.
12©2015 Apigee. All Rights Reserved.
Why Modernize? Why Use APIs?
• APIs have become the industry standard for system
interfaces of all kinds.
• Hide complexity; expose existing functionality
• Use APIs as the basis for porting systems/functionality
into the cloud
• Make it easier for other business units and business
partners to access systems and data, but maintain
security
• Next step in evolution of SOA/Integration platforms
• Want to have benefits of APIs
13©2015 Apigee. All Rights Reserved.
Requirements
• Want to use
– API-First Design methodology for APIs
– Swagger 2.0 as the Interface definition language
• Ties together security model, standard data/messaging models, API standards,
and internal SDLC.
• Also, provides a testing mechanism for APIs
• Developer Portal that serves as a one-stop, self-service shop for
developer access to
– Developer Registration
– Application Registration
– Subscribe to APIs
– API documentation
– Security registration (users, groups, authorization policy)
– Self Service
14©2015 Apigee. All Rights Reserved.
Requirements (cont.)
• Same Service-Lifecycle used with SOAP Web Services
applies to API Lifecycle
– do not want to lose structure and discipline of SOA Governance and
Service Life-Cycle Management
– Let's call this API Governance and API Life-Cycle Management
• Continue to realize ROI in the IBM Integration Stack
– Includes DataPower
• Supported Use Cases
– Single Page responsive Web Applications
– B2B Integration
– Mobile
– System-to-System(SaaS/Third-arty hosted) communication
• Want to leverage organization's existing programming
skill sets: Java & Javascript
15©2015 Apigee. All Rights Reserved.
Requirements (cont.)
• SAML 2.0/WS-Trust 1.3/WS-Security 1.0 Security Model used
with SOAP Web Services serves as a model for OAuth
2.0/OpenID Connect 1.0/JWT 1.0 security model for APIs.
– Standards-based approach to security(makes interoperability between N
vendors much easier)
• PCI Compliance could be a requirement in the future
• Cloud-based solution
– Extend on-premise Integration Stack capabilities into the cloud
– Going forward, many SaaS(or cloud-hosted) API Providers and API
consumers versus on-premise deployments
– Do not want to be limited to a single cloud provider
– All the other benefits of cloud-based infrastructure
16©2015 Apigee. All Rights Reserved.
This Brings Us To API Management
• What is API Management?
– The process of publishing, promoting, and overseeing APIs in a secure, scalable
environment
– Ensures that developers and partners are productive
– Manages, secures, and mediates your API traffic
– Allows an organization to grow their API program to meet increasing demands
– API Management is about monitizing APIs
– API Management is about Technology, Business, Organization, and Integration.
– Need to know more? Go to the sessions:)
• Three components
– Management Portal
– Developer Portal
– Runtime Gateway(API Gateway)
• Why is this necessary?
– Desire to modernize.
– Begin using APIs as described previously
– Easier to on-board new projects, business partners, vendors, suppliers, developers
17©2015 Apigee. All Rights Reserved.
Lessons Learned
• Used DataPower on-premise for ESB Gateway and DMZ Gateway; used
APIgee Edge Server in the cloud. Allowed ROI of the original IBM Integration
stack deployment to continue to be realized.
• Avoid Cloud-based API Gateway run-time dependencies (IAM, logging—
Splunk, API meta-data repository, etc) that tie back to your data center—
potentially creating a single point of failure.
• Using SaaS Middleware solutions allows organizations to focus on mission-
critical, business-oriented problems.
• There will be a mix of SOAP & REST/APIs for the foreseeable future.
• API/REST related specs (Swagger 2.0, OAuth/OpenID Connect/JWT) are
evolving, but still young compared to WS-* specs.
• Existing organization of infrastructure and middleware administrators,
developers, and SOA Governance group were able to adapt to manage and
utilize APIs
18©2015 Apigee. All Rights Reserved.
End-State Architecture
19©2015 Apigee. All Rights Reserved.
Thank you
20©2015 Apigee. All Rights Reserved.
Appendix
21©2015 Apigee. All Rights Reserved.
What is DataPower?

History
− DataPower Corporation started in 1999 in Cambridge, Massachusetts by a group of MIT alumni.
− Bought by IBM in 2005.

Description
− Purpose-built hardware.
− Network router with middleware firmware
− XML parsing hardware & crypto acceleration hardware(hardware appliances)
− Numerous supported integration scenarios
− Focus on SOAP & XML
− Acts as a Service Gateway.

Can act as an ESB on its own (not marketed this way anymore).

Commonly used as a DMZ Servicee Gateway or ESB Gateway (front door to ESB)
22©2015 Apigee. All Rights Reserved.
What is DataPower? (cont.)

Supported protocols(HTTP, HTTPS, MQ client, WebSphere JMS, SFTP, FTPS, FTP, TCP, NFS,
TIBCO, ICAP, SQL, SSL/TLS, others)
− Not all protocols supported by every model

Supported data formats(XML—reason for its existence, JSON, arbitrary binary formats—WTX
or DataGlue, various industry specs—XB62-B2B Appliance, COBOL CopyBook, flat files,
others)
− Not all data formats supported by every model

Supported languages(XSLT with Extension Functions & Elements—always supported,
Gateway Script—Javascript engine since 7.0, JSONiq since v5.x)

DataPower has several form factors
− Virtual Edition
− Physical Appliances

XA35—Original XML Processing appliance (not sold for a while now)

XI50/XI52—ESB appliance(full integration capabilities)

XS40/XG45—Security Gateway appliances

XB60/XB62—B2B Appliance

XC10—Caching Appliance
23©2015 Apigee. All Rights Reserved.
Other DataPower Use Cases(encountered in industry)--a Side Note

DataPower deployed in front of a mainframe converting XML/SOAP to COBOL
Copybook data structures and placing messages onto WebSphere MQ Queues.
− Not really an Edge Server target use case.

Security Gateway(offload SSL/TLS, WS-Security, WS-SecurityPolicy, WS-Trust,
authentication, authorization, etc)
− Edge Server could do this.

DataPower in front of SOAP Service Provider(s) to perform efficient schema validation
− Edge Server could do this, but unlikely Edge Server could do it as efficiently as DataPower

DataPower as part of the IBM API Management product.
− Direct competitor to Edge Server in this use case. Edge Server could obviously satisfy this use case.
24©2015 Apigee. All Rights Reserved.
Reference
1. http://www-07.ibm.com/events/au/soainaction/download/Demystifying_ESB_patterns.pdf
2. http://www.ibm.com/developerworks/websphere/library/techarticles/0712_grund/0712_grund.html
3. https://tools.ietf.org/html/draft-zyp-json-schema-03
4. http://json-schema.org/latest/json-schema-core.html
5. https://tools.ietf.org/html/rfc6749
6. http://openid.net/specs/openid-connect-core-1_0.html
7. https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32
8. http://swagger.io/specification/
9. http://www-01.ibm.com/support/knowledgecenter/SS9H2Y/welcome
10. http://www-01.ibm.com/software/integration/ibm-integration-bus/library/message-broker/
11. http://www-01.ibm.com/software/integration/wsrr/library/
12. http://www-01.ibm.com/software/integration/wmq/library/
13. http://www-01.ibm.com/software/integration/wdatastagetx/library/
14. http://tools.ietf.org/html/draft-zyp-json-schema-04
25©2015 Apigee. All Rights Reserved.

More Related Content

What's hot

IT Service Management Tutorial | What Is ITSM? | ITIL Foundation Training | S...
IT Service Management Tutorial | What Is ITSM? | ITIL Foundation Training | S...IT Service Management Tutorial | What Is ITSM? | ITIL Foundation Training | S...
IT Service Management Tutorial | What Is ITSM? | ITIL Foundation Training | S...
Simplilearn
 

What's hot (20)

RPA Developer Career Path
RPA Developer Career Path RPA Developer Career Path
RPA Developer Career Path
 
IT Service Management Overview
IT Service Management OverviewIT Service Management Overview
IT Service Management Overview
 
IT Service Management Tutorial | What Is ITSM? | ITIL Foundation Training | S...
IT Service Management Tutorial | What Is ITSM? | ITIL Foundation Training | S...IT Service Management Tutorial | What Is ITSM? | ITIL Foundation Training | S...
IT Service Management Tutorial | What Is ITSM? | ITIL Foundation Training | S...
 
Elastic Security Brochure
Elastic Security BrochureElastic Security Brochure
Elastic Security Brochure
 
Gaining Valuable Business Insight Through a Customer Advisory Board
Gaining Valuable Business Insight Through a Customer Advisory BoardGaining Valuable Business Insight Through a Customer Advisory Board
Gaining Valuable Business Insight Through a Customer Advisory Board
 
Managed IT Services vs. Break-Fix [Infographic]
Managed IT Services vs. Break-Fix [Infographic]Managed IT Services vs. Break-Fix [Infographic]
Managed IT Services vs. Break-Fix [Infographic]
 
Why Is ITIL So Successful
Why Is ITIL So SuccessfulWhy Is ITIL So Successful
Why Is ITIL So Successful
 
Payment Gateway
Payment GatewayPayment Gateway
Payment Gateway
 
eZ Publish Workflows and Payment Gateways
eZ Publish Workflows and Payment GatewayseZ Publish Workflows and Payment Gateways
eZ Publish Workflows and Payment Gateways
 
Business analysis compass mapping to the iiba babok v2
Business analysis compass mapping to the iiba babok v2Business analysis compass mapping to the iiba babok v2
Business analysis compass mapping to the iiba babok v2
 
Global Payment Reference Architecture
Global Payment Reference ArchitectureGlobal Payment Reference Architecture
Global Payment Reference Architecture
 
ITIL 4 Verses ITIL v3
ITIL 4 Verses ITIL v3ITIL 4 Verses ITIL v3
ITIL 4 Verses ITIL v3
 
SOA Principles : 6. service composibility
SOA Principles : 6. service composibilitySOA Principles : 6. service composibility
SOA Principles : 6. service composibility
 
Bonitasoft BPMN Presentation
Bonitasoft BPMN PresentationBonitasoft BPMN Presentation
Bonitasoft BPMN Presentation
 
Boost your ITSM maturity with a service catalog
Boost your ITSM maturity with a service catalogBoost your ITSM maturity with a service catalog
Boost your ITSM maturity with a service catalog
 
Service Transition Overview
Service Transition  OverviewService Transition  Overview
Service Transition Overview
 
SAP Cloud for Retail
SAP Cloud for RetailSAP Cloud for Retail
SAP Cloud for Retail
 
Asus router support
Asus router supportAsus router support
Asus router support
 
electronic payment system
electronic payment systemelectronic payment system
electronic payment system
 
Itil & Process Concepts Awareness Tadawul 5 Of March 2007
Itil & Process Concepts Awareness Tadawul 5 Of March 2007Itil & Process Concepts Awareness Tadawul 5 Of March 2007
Itil & Process Concepts Awareness Tadawul 5 Of March 2007
 

Viewers also liked

Module 10 - Session 2 ICTs and environmental observation 20110223
Module 10 - Session 2 ICTs and environmental observation 20110223Module 10 - Session 2 ICTs and environmental observation 20110223
Module 10 - Session 2 ICTs and environmental observation 20110223
Richard Labelle
 
AE Foyer: Soa Integration Architecture and Api Management
AE Foyer: Soa Integration Architecture and Api ManagementAE Foyer: Soa Integration Architecture and Api Management
AE Foyer: Soa Integration Architecture and Api Management
AE - architects for business and ict
 
Are APIs and SOA Converging?
Are APIs and SOA Converging?Are APIs and SOA Converging?
Are APIs and SOA Converging?
Akana
 

Viewers also liked (20)

Transforming Your Business Through APIs
Transforming Your Business Through APIsTransforming Your Business Through APIs
Transforming Your Business Through APIs
 
Modernize Service-Oriented Architecture with APIs
Modernize Service-Oriented Architecture with APIsModernize Service-Oriented Architecture with APIs
Modernize Service-Oriented Architecture with APIs
 
The Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the EnterpriseThe Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the Enterprise
 
Architecting an Enterprise API Management Strategy
Architecting an Enterprise API Management StrategyArchitecting an Enterprise API Management Strategy
Architecting an Enterprise API Management Strategy
 
API First: Going Beyond SOA, ESBs, and Integration
API First: Going Beyond SOA, ESBs, and Integration API First: Going Beyond SOA, ESBs, and Integration
API First: Going Beyond SOA, ESBs, and Integration
 
Smartone v1.0
Smartone v1.0Smartone v1.0
Smartone v1.0
 
BOOK - IBM Sterling B2B Integration and Managed File Transfer Solutions
BOOK - IBM Sterling B2B Integration and Managed File Transfer SolutionsBOOK - IBM Sterling B2B Integration and Managed File Transfer Solutions
BOOK - IBM Sterling B2B Integration and Managed File Transfer Solutions
 
Clean Architecture
Clean ArchitectureClean Architecture
Clean Architecture
 
API Governance
API Governance API Governance
API Governance
 
Lamdba micro service using Amazon Api Gateway
Lamdba micro service using Amazon Api GatewayLamdba micro service using Amazon Api Gateway
Lamdba micro service using Amazon Api Gateway
 
IBM Connectivity and Integration
IBM Connectivity and IntegrationIBM Connectivity and Integration
IBM Connectivity and Integration
 
Module 10 - Session 2 ICTs and environmental observation 20110223
Module 10 - Session 2 ICTs and environmental observation 20110223Module 10 - Session 2 ICTs and environmental observation 20110223
Module 10 - Session 2 ICTs and environmental observation 20110223
 
Delivering on Personalization with the Power of APIs
Delivering on Personalization with the Power of APIsDelivering on Personalization with the Power of APIs
Delivering on Personalization with the Power of APIs
 
AE Foyer: Soa Integration Architecture and Api Management
AE Foyer: Soa Integration Architecture and Api ManagementAE Foyer: Soa Integration Architecture and Api Management
AE Foyer: Soa Integration Architecture and Api Management
 
Are APIs and SOA Converging?
Are APIs and SOA Converging?Are APIs and SOA Converging?
Are APIs and SOA Converging?
 
Is it time for a Connector-less Approach to Cloud Integration?
Is it time for a Connector-less Approach to Cloud Integration? Is it time for a Connector-less Approach to Cloud Integration?
Is it time for a Connector-less Approach to Cloud Integration?
 
Best Practices: The Role of API Management
Best Practices: The Role of API ManagementBest Practices: The Role of API Management
Best Practices: The Role of API Management
 
Platform for Secure Digital Business
Platform for Secure Digital BusinessPlatform for Secure Digital Business
Platform for Secure Digital Business
 
Realizing SOA and API Convergence
Realizing SOA and API ConvergenceRealizing SOA and API Convergence
Realizing SOA and API Convergence
 
Powering Internal API Communities
Powering Internal API CommunitiesPowering Internal API Communities
Powering Internal API Communities
 

Similar to Modernizing an Existing SOA-based Architecture with APIs

API and SOA: Two sides of the same coin
API and SOA: Two sides of the same coinAPI and SOA: Two sides of the same coin
API and SOA: Two sides of the same coin
Sachin Agarwal
 
APIs and SOA: Two Sides of the Same Coin?
APIs and SOA: Two Sides of the Same Coin?APIs and SOA: Two Sides of the Same Coin?
APIs and SOA: Two Sides of the Same Coin?
Akana
 
Using APIs
Using APIsUsing APIs
Using APIs
Akana
 
The Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the EnterpriseThe Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the Enterprise
Akana
 
Understanding the WSO2 Platform and Technology
Understanding the WSO2 Platform and TechnologyUnderstanding the WSO2 Platform and Technology
Understanding the WSO2 Platform and Technology
WSO2
 
Are APIs and SOA Converging
Are APIs and SOA ConvergingAre APIs and SOA Converging
Are APIs and SOA Converging
Sachin Agarwal
 
Are APIs and SOA Converging?
Are APIs and SOA Converging?Are APIs and SOA Converging?
Are APIs and SOA Converging?
Akana
 

Similar to Modernizing an Existing SOA-based Architecture with APIs (20)

SOACS-Overview.pdf
SOACS-Overview.pdfSOACS-Overview.pdf
SOACS-Overview.pdf
 
OData External Data Integration Strategies for SaaS
OData External Data Integration Strategies for SaaSOData External Data Integration Strategies for SaaS
OData External Data Integration Strategies for SaaS
 
Embracing SOA and the Cloud
Embracing SOA and the CloudEmbracing SOA and the Cloud
Embracing SOA and the Cloud
 
API and SOA: Two Sides of the Same Coin?
API and SOA: Two Sides of the Same Coin?API and SOA: Two Sides of the Same Coin?
API and SOA: Two Sides of the Same Coin?
 
API and SOA: Two sides of the same coin
API and SOA: Two sides of the same coinAPI and SOA: Two sides of the same coin
API and SOA: Two sides of the same coin
 
MuleSoft Surat Virtual Meetup#25 - Anypoint Platform Features and Capabilitie...
MuleSoft Surat Virtual Meetup#25 - Anypoint Platform Features and Capabilitie...MuleSoft Surat Virtual Meetup#25 - Anypoint Platform Features and Capabilitie...
MuleSoft Surat Virtual Meetup#25 - Anypoint Platform Features and Capabilitie...
 
APIs and SOA: Two Sides of the Same Coin?
APIs and SOA: Two Sides of the Same Coin?APIs and SOA: Two Sides of the Same Coin?
APIs and SOA: Two Sides of the Same Coin?
 
Extend soa with api management spoug- Madrid
Extend soa with api management   spoug- MadridExtend soa with api management   spoug- Madrid
Extend soa with api management spoug- Madrid
 
Oracle API Platform Cloud Service Best Practices & Lessons Learnt
Oracle API Platform Cloud Service Best Practices & Lessons LearntOracle API Platform Cloud Service Best Practices & Lessons Learnt
Oracle API Platform Cloud Service Best Practices & Lessons Learnt
 
Exposing Business Functionalities with SOA, Integration and API Management
Exposing Business Functionalities with SOA, Integration and API ManagementExposing Business Functionalities with SOA, Integration and API Management
Exposing Business Functionalities with SOA, Integration and API Management
 
Using APIs
Using APIsUsing APIs
Using APIs
 
Top 7 wrong common beliefs about Enterprise API implementation
Top 7 wrong common beliefs about Enterprise API implementationTop 7 wrong common beliefs about Enterprise API implementation
Top 7 wrong common beliefs about Enterprise API implementation
 
Octo API-days 2015
Octo API-days 2015Octo API-days 2015
Octo API-days 2015
 
The Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the EnterpriseThe Business Value for Internal APIs in the Enterprise
The Business Value for Internal APIs in the Enterprise
 
Mule : Building Blocks for Microservices
Mule : Building Blocks for MicroservicesMule : Building Blocks for Microservices
Mule : Building Blocks for Microservices
 
#dbhouseparty - Should I be building Microservices?
#dbhouseparty - Should I be building Microservices?#dbhouseparty - Should I be building Microservices?
#dbhouseparty - Should I be building Microservices?
 
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
[2015-11월 정기 세미나] Cloud Native Platform - Pivotal
 
Understanding the WSO2 Platform and Technology
Understanding the WSO2 Platform and TechnologyUnderstanding the WSO2 Platform and Technology
Understanding the WSO2 Platform and Technology
 
Are APIs and SOA Converging
Are APIs and SOA ConvergingAre APIs and SOA Converging
Are APIs and SOA Converging
 
Are APIs and SOA Converging?
Are APIs and SOA Converging?Are APIs and SOA Converging?
Are APIs and SOA Converging?
 

More from Apigee | Google Cloud

More from Apigee | Google Cloud (20)

How Secure Are Your APIs?
How Secure Are Your APIs?How Secure Are Your APIs?
How Secure Are Your APIs?
 
Magazine Luiza at a glance (1)
Magazine Luiza at a glance (1)Magazine Luiza at a glance (1)
Magazine Luiza at a glance (1)
 
Monetization: Unlock More Value from Your APIs
Monetization: Unlock More Value from Your APIs Monetization: Unlock More Value from Your APIs
Monetization: Unlock More Value from Your APIs
 
Apigee Demo: API Platform Overview
Apigee Demo: API Platform OverviewApigee Demo: API Platform Overview
Apigee Demo: API Platform Overview
 
Ticketmaster at a glance
Ticketmaster at a glanceTicketmaster at a glance
Ticketmaster at a glance
 
AccuWeather: Recasting API Experiences in a Developer-First World
AccuWeather: Recasting API Experiences in a Developer-First WorldAccuWeather: Recasting API Experiences in a Developer-First World
AccuWeather: Recasting API Experiences in a Developer-First World
 
Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?
 
Apigee Product Roadmap Part 2
Apigee Product Roadmap Part 2Apigee Product Roadmap Part 2
Apigee Product Roadmap Part 2
 
The Four Transformative Forces of the API Management Market
The Four Transformative Forces of the API Management MarketThe Four Transformative Forces of the API Management Market
The Four Transformative Forces of the API Management Market
 
Walgreens at a glance
Walgreens at a glanceWalgreens at a glance
Walgreens at a glance
 
Apigee Edge: Intro to Microgateway
Apigee Edge: Intro to MicrogatewayApigee Edge: Intro to Microgateway
Apigee Edge: Intro to Microgateway
 
Managing the Complexity of Microservices Deployments
Managing the Complexity of Microservices DeploymentsManaging the Complexity of Microservices Deployments
Managing the Complexity of Microservices Deployments
 
Pitney Bowes at a glance
Pitney Bowes at a glancePitney Bowes at a glance
Pitney Bowes at a glance
 
Microservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices SuccessMicroservices Done Right: Key Ingredients for Microservices Success
Microservices Done Right: Key Ingredients for Microservices Success
 
Adapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Opening Keynote with Chet KapoorAdapt or Die: Opening Keynote with Chet Kapoor
Adapt or Die: Opening Keynote with Chet Kapoor
 
Adapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Greg BrailAdapt or Die: Keynote with Greg Brail
Adapt or Die: Keynote with Greg Brail
 
Adapt or Die: Keynote with Anant Jhingran
Adapt or Die: Keynote with Anant JhingranAdapt or Die: Keynote with Anant Jhingran
Adapt or Die: Keynote with Anant Jhingran
 
London Adapt or Die: Opening Keynot
London Adapt or Die: Opening KeynotLondon Adapt or Die: Opening Keynot
London Adapt or Die: Opening Keynot
 
London Adapt or Die: Lunch keynote
London Adapt or Die: Lunch keynoteLondon Adapt or Die: Lunch keynote
London Adapt or Die: Lunch keynote
 
London Adapt or Die: Closing Keynote — Adapt Now!
London Adapt or Die: Closing Keynote — Adapt Now!London Adapt or Die: Closing Keynote — Adapt Now!
London Adapt or Die: Closing Keynote — Adapt Now!
 

Recently uploaded

%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
masabamasaba
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
chiefasafspells
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
 

Recently uploaded (20)

%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?WSO2CON 2024 - Does Open Source Still Matter?
WSO2CON 2024 - Does Open Source Still Matter?
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 

Modernizing an Existing SOA-based Architecture with APIs

  • 1. 1 Modernizing an Existing SOA-based Architecture with APIs Robert C. Broeckelmann Jr. Principal Consultant RCBJ Consulting, LLC
  • 2. ©2015 Apigee. All Rights Reserved. Modernizing an Existing SOA- Based Architecture with APIs Robert C. Broeckelmann Jr. Principal Consultant RCBJ Consulting, LLC 2
  • 3. About Me • Founder and a Principal Consultant at RCBJ Consulting, LLC. • RCBJ Consulting, LLC is a small consulting firm specializing in SOA, API Management, Performance Tuning, and Security started in 2011. • Masters degree in Computer Science from Washington University in Saint Louis. • Started working with APIgee Edge Server in 2014. • Worked with WebSphere DataPower since 2010. 3
  • 4. Disclaimers, Warnings, Health Hazards • What we present here is one of numerous possible ways to use APIgee technology. Your situation and requirements will probably differ. • As always, test things in a non-production environment prior to using anything in production. • We are not responsible for spontaneous combustion of the known universe or any other undesirable outcomes associated with using what is discussed here. • This presentation describes a large organization's journey from an existing SOA & Integration Platform (including DataPower) to API Management. Unfortunately, the organization will remain nameless. 4©2015 Apigee. All Rights Reserved.
  • 5. Agenda 5 1. Business & Technology Drivers 2. Current Infrastructure, SOA, and Integration Capabilities 3. Gaps 4. Considerations & Requirements 5. Lessons Learned & End-State Architecture ©2015 Apigee. All Rights Reserved.
  • 6. What are the Drivers? • Business – Mobile – B2B Integration (partners, vendors, suppliers) – SaaS Solution Integration (to realize benefits of SaaS solutions in a large organization) – Facilitate wider adoption & increase business opportunities • Technology – Direction industry is going – APIs easier to develop with than predecessor standards (SOAP, CORBA, EJB, etc) – Maturing standards • Security (Authentication & Authorization): OAuth 2.0 [5],OpenID Connect 1.0 [6],JWT 1.0 [7] • Interface definitions: Swagger 2.0 [8] • JSON Schema: [4] [14] 6©2015 Apigee. All Rights Reserved.
  • 7. Existing SOA/Integration Capabilities • Our starting point... • SOA Capabilities – SOA Governance/Service Life-Cycle Management – Service meta-data Registry/Repository • Service Versioning/Routing/SecurityPolicy – Security Model – Standard Messaging Models – Enterprise Service standards – Standard error handling, reporting, and logging. Statistics Logging. • Integration Capabilities – Integrating dozens of on-premise Commercial Off-The-Shelf (COTS) applications/some third-party systems – SOAP over HTTPS and XML over WebSphere MQ, primarily. Some REST. Some binary data formats & SAP IDOCs. – Data transformations/Protocol Transformations/Security Integration 7©2015 Apigee. All Rights Reserved.
  • 8. Existing SOA/Integration Capabilities(cont.) • Use the IBM Integration Stack – WebSphere Message Broker/IIB [10] – WebSphere DataPower [9] – WebSphere Services Registry & Repository [11] – WebSphere MQ [12] – WebSphere Transformation Extender(WTX) [13] – Focusing on WebSphere DataPower (lots of information about other products available on the Internet or the Reference Section) • Relevant Patterns – Enterprise Service Bus (ESB) [1],[2] – Service Gateway 8©2015 Apigee. All Rights Reserved.
  • 9. Enterprise Service Bus 9©2015 Apigee. All Rights Reserved.
  • 10. Service Gateway 10©2015 Apigee. All Rights Reserved.
  • 11. Current Infrastructure: Gaps • Legacy baggage – Primarily created by organization, not the technology – Creates complications and obstacles that must be deal with • Existing integration stack products not built with REST/APIs & JSON in mind. – Added as afterthought • Missing Developer Portal – One stop, self-service, shop for developers throughout the development life-cycle – Ties into DevOps plans for the organization 11©2015 Apigee. All Rights Reserved.
  • 12. Current Infrastructure: Gaps (cont.) • Cannot perform JSON Schema Validation and request validation based upon Swagger 2.0 data definitions • Limited support for APIs and Swagger 2.0 in existing Service Registry • No support for a standards-based API Security Model – OAuth 2.0, OpenID Connect 1.0, and JWT 1.0 • Current infrastructure is all on-premise – Limited to single part of the country – No Geo-Location Based Routing of API requests. 12©2015 Apigee. All Rights Reserved.
  • 13. Why Modernize? Why Use APIs? • APIs have become the industry standard for system interfaces of all kinds. • Hide complexity; expose existing functionality • Use APIs as the basis for porting systems/functionality into the cloud • Make it easier for other business units and business partners to access systems and data, but maintain security • Next step in evolution of SOA/Integration platforms • Want to have benefits of APIs 13©2015 Apigee. All Rights Reserved.
  • 14. Requirements • Want to use – API-First Design methodology for APIs – Swagger 2.0 as the Interface definition language • Ties together security model, standard data/messaging models, API standards, and internal SDLC. • Also, provides a testing mechanism for APIs • Developer Portal that serves as a one-stop, self-service shop for developer access to – Developer Registration – Application Registration – Subscribe to APIs – API documentation – Security registration (users, groups, authorization policy) – Self Service 14©2015 Apigee. All Rights Reserved.
  • 15. Requirements (cont.) • Same Service-Lifecycle used with SOAP Web Services applies to API Lifecycle – do not want to lose structure and discipline of SOA Governance and Service Life-Cycle Management – Let's call this API Governance and API Life-Cycle Management • Continue to realize ROI in the IBM Integration Stack – Includes DataPower • Supported Use Cases – Single Page responsive Web Applications – B2B Integration – Mobile – System-to-System(SaaS/Third-arty hosted) communication • Want to leverage organization's existing programming skill sets: Java & Javascript 15©2015 Apigee. All Rights Reserved.
  • 16. Requirements (cont.) • SAML 2.0/WS-Trust 1.3/WS-Security 1.0 Security Model used with SOAP Web Services serves as a model for OAuth 2.0/OpenID Connect 1.0/JWT 1.0 security model for APIs. – Standards-based approach to security(makes interoperability between N vendors much easier) • PCI Compliance could be a requirement in the future • Cloud-based solution – Extend on-premise Integration Stack capabilities into the cloud – Going forward, many SaaS(or cloud-hosted) API Providers and API consumers versus on-premise deployments – Do not want to be limited to a single cloud provider – All the other benefits of cloud-based infrastructure 16©2015 Apigee. All Rights Reserved.
  • 17. This Brings Us To API Management • What is API Management? – The process of publishing, promoting, and overseeing APIs in a secure, scalable environment – Ensures that developers and partners are productive – Manages, secures, and mediates your API traffic – Allows an organization to grow their API program to meet increasing demands – API Management is about monitizing APIs – API Management is about Technology, Business, Organization, and Integration. – Need to know more? Go to the sessions:) • Three components – Management Portal – Developer Portal – Runtime Gateway(API Gateway) • Why is this necessary? – Desire to modernize. – Begin using APIs as described previously – Easier to on-board new projects, business partners, vendors, suppliers, developers 17©2015 Apigee. All Rights Reserved.
  • 18. Lessons Learned • Used DataPower on-premise for ESB Gateway and DMZ Gateway; used APIgee Edge Server in the cloud. Allowed ROI of the original IBM Integration stack deployment to continue to be realized. • Avoid Cloud-based API Gateway run-time dependencies (IAM, logging— Splunk, API meta-data repository, etc) that tie back to your data center— potentially creating a single point of failure. • Using SaaS Middleware solutions allows organizations to focus on mission- critical, business-oriented problems. • There will be a mix of SOAP & REST/APIs for the foreseeable future. • API/REST related specs (Swagger 2.0, OAuth/OpenID Connect/JWT) are evolving, but still young compared to WS-* specs. • Existing organization of infrastructure and middleware administrators, developers, and SOA Governance group were able to adapt to manage and utilize APIs 18©2015 Apigee. All Rights Reserved.
  • 20. Thank you 20©2015 Apigee. All Rights Reserved.
  • 21. Appendix 21©2015 Apigee. All Rights Reserved.
  • 22. What is DataPower?  History − DataPower Corporation started in 1999 in Cambridge, Massachusetts by a group of MIT alumni. − Bought by IBM in 2005.  Description − Purpose-built hardware. − Network router with middleware firmware − XML parsing hardware & crypto acceleration hardware(hardware appliances) − Numerous supported integration scenarios − Focus on SOAP & XML − Acts as a Service Gateway.  Can act as an ESB on its own (not marketed this way anymore).  Commonly used as a DMZ Servicee Gateway or ESB Gateway (front door to ESB) 22©2015 Apigee. All Rights Reserved.
  • 23. What is DataPower? (cont.)  Supported protocols(HTTP, HTTPS, MQ client, WebSphere JMS, SFTP, FTPS, FTP, TCP, NFS, TIBCO, ICAP, SQL, SSL/TLS, others) − Not all protocols supported by every model  Supported data formats(XML—reason for its existence, JSON, arbitrary binary formats—WTX or DataGlue, various industry specs—XB62-B2B Appliance, COBOL CopyBook, flat files, others) − Not all data formats supported by every model  Supported languages(XSLT with Extension Functions & Elements—always supported, Gateway Script—Javascript engine since 7.0, JSONiq since v5.x)  DataPower has several form factors − Virtual Edition − Physical Appliances  XA35—Original XML Processing appliance (not sold for a while now)  XI50/XI52—ESB appliance(full integration capabilities)  XS40/XG45—Security Gateway appliances  XB60/XB62—B2B Appliance  XC10—Caching Appliance 23©2015 Apigee. All Rights Reserved.
  • 24. Other DataPower Use Cases(encountered in industry)--a Side Note  DataPower deployed in front of a mainframe converting XML/SOAP to COBOL Copybook data structures and placing messages onto WebSphere MQ Queues. − Not really an Edge Server target use case.  Security Gateway(offload SSL/TLS, WS-Security, WS-SecurityPolicy, WS-Trust, authentication, authorization, etc) − Edge Server could do this.  DataPower in front of SOAP Service Provider(s) to perform efficient schema validation − Edge Server could do this, but unlikely Edge Server could do it as efficiently as DataPower  DataPower as part of the IBM API Management product. − Direct competitor to Edge Server in this use case. Edge Server could obviously satisfy this use case. 24©2015 Apigee. All Rights Reserved.
  • 25. Reference 1. http://www-07.ibm.com/events/au/soainaction/download/Demystifying_ESB_patterns.pdf 2. http://www.ibm.com/developerworks/websphere/library/techarticles/0712_grund/0712_grund.html 3. https://tools.ietf.org/html/draft-zyp-json-schema-03 4. http://json-schema.org/latest/json-schema-core.html 5. https://tools.ietf.org/html/rfc6749 6. http://openid.net/specs/openid-connect-core-1_0.html 7. https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32 8. http://swagger.io/specification/ 9. http://www-01.ibm.com/support/knowledgecenter/SS9H2Y/welcome 10. http://www-01.ibm.com/software/integration/ibm-integration-bus/library/message-broker/ 11. http://www-01.ibm.com/software/integration/wsrr/library/ 12. http://www-01.ibm.com/software/integration/wmq/library/ 13. http://www-01.ibm.com/software/integration/wdatastagetx/library/ 14. http://tools.ietf.org/html/draft-zyp-json-schema-04 25©2015 Apigee. All Rights Reserved.