API Management and microservices architecture
What are the key benefits of microservices architecture?
How do Axway products simplify and secure microservices architecture?
4. 4
API Management is a pillar in Digital value chain
Explosion of APIsExplosion of API
Consumers Monitoring
Governance
Applications
Ecosystems
Micro-
Services
Ecosystems
Dev
Portal
API
Catalog
API
Enablement
Threat
Protection Security
Micro-
Services
5. Leverage API Gateway to API Management
5
REST
Traditional IT
Services
• Self-service
• Discover & Try
• Support
REST
API Builder
REST
API PublishAPI Disco&Consume
Big
data
social
IOT
• Predictive Insights
• Identitication of abonormal situations
Embedded
Analytics
• Qos
• Security
• Monitoring
• Embedded oAuth
• Lifecycle Mgmt.
• API Catalog
• Partner mgmt.
• Quotas
API Management
Extended IT
MEASURE
API Enablement
API Portal
NATIVE API
• Virtualization
• API Creation
• Model Driven & API FirstAPI Gateway
6. 6
Keys benefits for Axway API Management
Multi form factorsMulti form factorsIndependant Software
vendor with proven tracks
+150Ref. over last 3 years in Europe
Major Top500 Companies
Security PedigreeSecurity Pedigree Full API lifecycle stackFull API lifecycle stack
11. The technology is mature:
containerization enables fined
grained services at the right
scale
IT services sprawl over the
traditional boundaries and
towards cloud
Because they can be deployed
everywhere, services, to be
efficient are requested to be
cloud native driven
Business lines need more and
more agility of their IT to
rapidly adapt to the changes
in their ecosystem
Agility
Why now Microservices?
12. A Microservice is simple as a concept BUT
Microservice architecture is complex!
13. 13
The Challenges for Microservices
DevOps readiness
Monitoring and Governance Distributed, resilient infra for
autonomous Microservices
Microservices Security
17. 17
The vision
“Simplify and accelerate how organizations build, secure, publicize, monitor and scale their APIs and
Microservices to create vibrant ecosystems that deliver new business models”
APIs Everywhere from Edge to Internal
Microservices are Spreading Like a Virus
Across the Enterprise
Security at the endpoint and at each level to
protect vital data
Need for Speed – Continuous Integration,
Continuous Delivery
Need for Automated Self Registration so that
enterprise can fully delegate the deliver
process to teams without compromising
security
Axway API Central vision
18. 18
Axway’sapproach to manage API Traffic with Microservices
Manages
• Modern and robust proxy
• Saas or on premise
• Control plane in the cloud
managed by Axway removing
burden from customer
• Data plane is where customer
wants it to be
• Axway managed
• Customer managed
• K8s, AWS EKS, OpenShift
19. 19
Anatomy of API Central and microservices
API Central provides a central control plane which manages API traffic
management across multiple environments
Axway Public Cloud
SaaS Control Plane
On-premise control plane
Container Orchestration
On-premise data plane
Axway’s Mesh Agents configure Istio and
monitor services and API trafficManages
Service
discovery &
Telemetry
Policies &
rules
Environment 1
Manages
Service
discovery &
Telemetry
Policies &
rules
Environment n…….
Data plane – Proxy (Envoy), mediates
inbound and outbound traffic for all
Istio-managed services. It enforces
access control and usage policies, and
provides rich routing, load balancing,
and protocol conversion.
20. 20
Axway Mesh Agents
Axway Mesh Agents (AMAs) can be deployed to
any Kubernetes cluster and …
• Help us manage Istio control plane in the
customer's environment
• Use a service account in API Central to
authenticate and authorize their functions
AMAs are…
• Written in go
• Provided as docker images
• Packaged in HELM chart
Current AMAs deployed to hybrid environments…
• Service Discovery Agent
• Configuration Synchronization Agent
• Telemetry Agent
Manages
Service
discovery &
Telemetry
Policies &
rules
Environment n
Axway Mesh
Agents
21. 21
Service Discovery Agent
Listens for services information
Configured with a service account to
get/watch/list operations on services
resource
Publishes the following information to
the Service Registry:
1. Service Information
• Service name
• Listening ports
• Labels
• Metadata
2. API definitions (Swagger) if found
in known or configured paths
Manages
Service
information
API
definitions
Environment n
Service
Discovery
Agent
22. 22
Configuration Synchronization Agent
Configures policy enforcement in Envoy
Data by:
• Listening for policy events from API
Central
• Writes policies to Custom Resource
Definitions (CRD) in Kubernetes
• Istio Pilot listens for CRD updates
• Envoy proxy has active connection
to Pilot in order to get policies to
enforce
Manages
Policies &
rules
Environment n
Configuration Synchronization
Agent
23. 23
Telemetry Agent
Recap - Mixer in Istio is responsible
collecting telemetry data from the
Envoy proxy and other services.
The Telemetry Agent combines:
• A Mixer adapter added to forward
logs to the Telemetry agent (TA)
• The TA acts as a log processor and
forwarder
• The TA transforms and sends
securely to SaaS control plane
Logs/metr
ics
Telemetry
Environment n
Telemetry
Agent
27. 27
How Axway resolves Microservices Challenges
Challenges
DevOps: Adoption of
DevOps culture is
mandatory!
Security: isa concern for
inter Microservices
communication!
Distributed: Its hard to
manage distributed
computing
Governance: how to
efficient monitor constant
growth of hundreds of
dynamic located services?
Full integration with
CI/CDs pipelines
Secure, microservices
intercommunication at the
platform level, let
developers focus on
business logic
Provide a robust, resilient,
multi factor platform to
work beyond traditional IT
Provide unified and
centralized governance of
the microservices where
ever they are
Solution Why Axway?
AMPLIFY Central integrates with
CI/CDs (ad hoc and citizen
integrator tools)
AMPLIFY Central secure
microservices where ever they
are deployed (Cloud, on Premise)
based on best in class
technologies (K8s, Envoy, Istio)
AMPLIFY Central is the place to
govern microservices
AMPLIFY Central provide
additional HIP Services such as
iPaas
AMPLIFY Central provide a
unique Catalog of all type of HIP
Services (API, MFT,B2B etc..)