Beyond ESB Architecture with APIs

Similar documents
Table of Contents. Abstract. Cloud computing basics. The app economy. The API platform for the app economy

Apigee Edge API Services Manage, scale, secure, and build APIs and apps

Is Liferay Right for Your Organization? Seven Things to Consider When Choosing a Portal Platform

API Management Introduction and Principles

A Comprehensive Solution for API Management

Optimizing Service Levels in Public Cloud Deployments

WHITE PAPER. Written by: Michael Azoff. Published Mar, 2015, Ovum

APIs The Next Hacker Target Or a Business and Security Opportunity?

ORACLE MOBILE SUITE. Complete Mobile Development Solution. Cross Device Solution. Shared Services Infrastructure for Mobility

API Architecture. for the Data Interoperability at OSU initiative

Corporate Bill Analyzer

JOURNAL OF OBJECT TECHNOLOGY

Sentinet for BizTalk Server SENTINET

Mobile Application Platform

Ensuring High Service Levels for Public Cloud Deployments Keys to Effective Service Management

Integrating Mobile apps with your Enterprise

ebay : How is it a hit

Cisco Enterprise Mobility Services Platform

HARVARD BUSINESS PUBLISHING BENEFITS FROM CRAFTER SOFTWARE

Layering Mobile APIs for Profit and Business Agility

Inside the Digital Commerce Engine. The architecture and deployment of the Elastic Path Digital Commerce Engine

Using Cloud Services for Building Next Generation Mobile Apps

White Paper: Security and Agility in the API Economy. Optimizing and securing your APIs with ViewDS Identity Solutions and Layer 7

The bridge to delivering digital applications across cloud, mobile and partner channels

Accelerating Business Value by

Service-Oriented Architecture and Software Engineering

API Management: Powered by SOA Software Dedicated Cloud

INTEGRATING ESB / BPM / SOA / AJAX TECHNOLOGIES

Mobile-First Strategy. CIO Executive Interview

SOA REFERENCE ARCHITECTURE: WEB TIER

Introduction to IBM Worklight Mobile Platform

Build Your Mobile Strategy Not Just Your Mobile Apps

SDC The Service Delivery Controller FACT SHEET

Monitoring the Real End User Experience

MOBILE ARCHITECTURE BEST PRACTICES: BEST PRACTICES FOR MOBILE APPLICATION DESIGN AND DEVELOPMENT. by John Sprunger

Mitra Innovation Leverages WSO2's Open Source Middleware to Build BIM Exchange Platform

Welcome to the Force.com Developer Day

Sentinet for BizTalk Server SENTINET 3.1

IBM Customer Experience Suite and Electronic Forms

Service Oriented Architecture (SOA) Architecture, Governance, Standards and Technologies

Oracle Service Bus: - When to use, where to use and when not to use

Extending Your SOA in the API Economy

Reaching Customers Across Multiple Channels

How To Build A Financial Messaging And Enterprise Service Bus (Esb)

Smartphone Enterprise Application Integration

SOFTWARE-DEFINED ARCHITECTURE

Delivering a platform-independent based ESB for universal connectivity and transformation in heterogeneous IT environments.

Middleware- Driven Mobile Applications

Enterpise Mobility Lexicon & Terminology

Introduction to TIBCO MDM

Enterprise Service Bus 101

Federal Enterprise Architecture and Service-Oriented Architecture

Sophisticated Common Data Environment (CDE) with BIMaaS Platform

How your business can successfully monetize API enablement. An illustrative case study

Improve business agility with WebSphere Message Broker

Zend and IBM: Bringing the power of PHP applications to the enterprise

perspective Microservices A New Application Paradigm Abstract

SAP API Management Power Digital Acceleration with APIs. Saad Syed

Riverbed SteelCentral. Product Family Brochure

Accenture Public Service Platform Taking SOA from the Whiteboard to the Data Center and Beyond

THE M A SHERY SOLUTION

Reference Model for Cloud Applications CONSIDERATIONS FOR SW VENDORS BUILDING A SAAS SOLUTION

Service Mediation. The Role of an Enterprise Service Bus in an SOA

SaaS or On-Premise? How to Select the Right Paths for Your Enterprise. David Linthicum

Achieving business agility and cost optimization by reducing IT complexity. The value of adding ESB enrichment to your existing messaging solution

Riverbed SteelCentral. Product Family Brochure

Sentinet for Windows Azure SENTINET

The Liaison ALLOY Platform

Data Virtualization Usage Patterns for Business Intelligence/ Data Warehouse Architectures

E-Business Suite Oracle SOA Suite Integration Options

How Oracle MAF & Oracle Mobile Cloud can Accelerate Mobile App Development

Combining Service-Oriented Architecture and Event-Driven Architecture using an Enterprise Service Bus

MarkLogic 8: Samplestack

Mobile Identity and Edge Security Forum Sentry Security Gateway. Jason Macy CTO, Forum Systems

Logentries Insights: The State of Log Management & Analytics for AWS

Intelligent, Scalable Web Security

Content Delivery Service (CDS)

MOBILIZING ORACLE APPLICATIONS ERP. An Approach for Building Scalable Mobility Solutions. A RapidValue Solutions Whitepaper

Chapter. Solve Performance Problems with FastSOA Patterns. The previous chapters described the FastSOA patterns at an architectural

JOURNAL OF OBJECT TECHNOLOGY

Achieving Business Agility Through An Agile Data Center

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

THE ENSIGHTEN PROMISE. The Power to Collect, Own and Activate Omni-Channel Data

Unleash your intuition

How AWS Pricing Works

WebSphere Integration Solutions. IBM Day Minsk Anton Litvinov WebSphere Connectivity Professional Central Eastern Europe

Contents. Overview 1 SENTINET

ORACLE MOBILE APPLICATION FRAMEWORK DATA SHEET

MOVING TO THE NEXT-GENERATION MEDICAL INFORMATION CALL CENTER

Transcription:

ebook How APIs displace ESBs and SOA in the Enterprise By Ed Anuff Hex #FC4C02 Hex #54585A

Table of Contents Introduction 1 ESBs and App Servers Are the Problem 2-3 Modern apps and ESBs: an impedance mismatch The Case for the API Tier 4-7 Mobile apps: a new generation of apps A qualitative and quantitative shift in the nature of data Managing complexity and mass customization Beyond operational metrics: building a data-driven business Summary 8

Introduction Powering interactions via apps requires a new architecture. Companies today seek to leverage the latest forms of mobile and rich-client engagement to build new experiences that can drive revenues or increase productivity. In recent years, apps have transformed from the means of content access and data entry to being the primary channels of interaction between a company and its customers and employees. This transformation has significant implications for enterprise architecture, which now must move from delivering web applications as the primary interaction channel to powering interactions in a secure, performant, and data-leveraged way across multiple interactive touch points, of which the web is just one. How API-first architecture displaces ESBs and SOA in the enterprise 1

ESBs and App Servers Are the Problem The predominant web architecture in the enterprise is the application server. Whether WebSphere, Tomcat, or.net, these were built to solve the problem of efficiently coupling dynamic web page generation with business logic in a monolithic stack for maximum performance. Most early web applications integrated with enterprise resources via the database tier, and, later, via transaction processing capabilities and integration via an enterprise service bus (ESB) to the company s service oriented architecture (SOA). When web services in the form of SOAP and other standards emerged, they were initially implemented in the application server tier, partly because of the expectation that they would be accessed externally. Because the primary consumers of these web services proved to be internal systems, many architects came to view serving web services directly out of the ESB as a reasonable and efficient practice. elastic cloud capabilities. At a high level, it s essentially a case of impedance mismatch. ESBs are not designed for high concurrency, and modern mobile clients poll the servers more than traditional systems. The ESB exists to shuttle non-optimized data on fast internal networks with largely coarse-grained security and little requirement for deep traffic analysis, other than for reasons of business activity monitoring of the health of the system. The predominant client of an ESB is a server-side application on the company s internal network, which has its access to other systems scoped to whatever level the developers of the connected applications and systems agree upon. The data is typically in large XML payloads that have low impact on latency in these fast internal networks; the powerful servers running the serviceconsuming applications can easily parse this data. Modern apps and ESBs: an impedance mismatch The challenge with coupling applications directly to the ESB is that there is a completely different set of assumptions for internal clients of the ESB that do not fit with the preferred architecture of modern mobile and HTML5 client apps or with highly scalable web tiers using How API-first architecture displaces ESBs and SOA in the enterprise 2

ESBs and App Servers Are the Problem When external clients are added to the ESB, it s often under fairly controlled circumstances in the company s supply chain or other direct partners with both legal and programmatic contracts clearly defining rules for data usage and access patterns. In practice, most organizations opt for putting an application server with significant mediation logic between external clients and their ESB. The best practice to enable external access by your modern mobile and HTML5 client apps is to build an API tier, either from scratch, or with the help of a vendor like Apigee, rather than trying to adapt the ill-suited ESB tier for this purpose. How API-first architecture displaces ESBs and SOA in the enterprise 3

The Case for the API Tier Monilithic Web App API-Adapted Web App API-Adapted ESB App Interaction Channel API Web Web Other Web Other Mobile All Web Social App Server App Server API App Server Backend Services Backend Services ESB API Edge Persistence Dynamic API Logic Total Interaction Analytics App Servers ESB Background Services Internal Services Toward a unified app interaction channel Moving past app server and ESB-centric architectures for total interaction insights The goal of an API tier is to enable a large number of apps, from your partner channels or new app development teams, to access content and data from internal systems in a way that: Grants individual users appropriate levels of access control. Shapes data to exactly the size and format necessary for ease of app development. Enables deep analytics to measure developer productivity and app and API usage growth as well as derive business-level insights by examining the interactions described within the contents of the API traffic. Mashes up data from external systems like social or map or location for more user-friendly behavior. Caches frequently accessed data thereby mitigating downstream processing needs. Validates or processes data with lightweight logic and combines it with or distributes it to multiple sources and services as necessary. How API-first architecture displaces ESBs and SOA in the enterprise 4

The Case for the API Tier Mobile apps: a new generation of apps APIs are different because the new generation of apps is different in several ways. Consider the humble email app and the frequency at which we check email on mobile devices compared to our behavior on older non-mobile email apps. This frequent access has significant impact on back-end systems. Many new apps are running on mobile devices or in the browser within HTML/JavaScript-powered single page applications (SPAs). Even traditional model-viewcontroller (MVC) style server-side web applications are now different the apps are running on elastically scaled app servers such as Amazon s Elastic Beanstalk, have little or no local state, and virtually every significant user interaction is backed by an API request. In most cases, these apps run outside of the company s security perimeter. Because they must be considered compromised from the start, access to the company s digital assets often are secured with fine-grained access control based on the user s verified identity, rather than on the presumed identity of the application developer or the security of the application s execution environment. Because of this, OAuth has become the preferred mechanism of securing API access, since it is issued against the identity of the end user after an authentication flow. Because it s end-user secured, access is based on the consideration of what actions the end user is allowed to perform, rather than the assumption that the application can be granted a wider scope of A qualitative and quantitative shift in the nature of data There are significant differences in the data that is accepted from or delivered to today s applications. Considering again the scope of security, it becomes evident that the data payloads transmitted on ESBs are often a mix of data that can be allowed outside the security perimeter as well as information that is for internal use only and should not be exposed. Today s apps are often on remote and likely slow networks. The size of the data payloads being delivered is an important consideration to minimize the effects of network latency; the size and format of these payloads must be dynamically selectable by each different app at runtime. are often running in environments, such as memoryconstrained mobile devices or in the JavaScript runtimes of browsers, where parsing large XML payloads will incur a significant performance hit. For these reasons, most application teams strongly desire that the data be shaped for their purposes. At a minimum, concise JSON communications is often preferred. Further, valued marketing partners often use APIs to power business partnerships that involve expanding distribution and broadening market reach. Because these partnerships require reducing the time-to-market of the partner s app team to a matter of days rather than weeks, it s often important to quickly deliver a tailored payload in order to speed the application team s agility in delivering their apps. access than it exposes to the end user. From a security perspective, the app and the user are one and the same. How API-first architecture displaces ESBs and SOA in the enterprise 5

The Case for the API Tier Managing complexity and mass customization The preponderance of such architectures inside an organization is a clear signal to the astute architect that an API tier, separate and distinct from the app server tier and ESB, is called for to manage the complexity and change requirements that will come from any serious level of API access via these mechanisms. Modern API platforms and management solutions provide mechanisms for dynamically managing multiple versions While ESB products often boast graphical configuration tools, they don t enable the mass customization of these transformations in order to easily provide tailored API endpoints to large numbers of partners or disparate app teams. Beyond operational metrics: building a data-driven business The last missing ingredient in an ESB is analytics. This is often thought to mean just the operational analytics used by an IT team to ensure the health of the system or to The preponderance of such architectures inside an organization is a clear signal to the astute architect that an API tier, separate and distinct from the app server tier and ESB, is called for to manage the complexity and change requirements that will come from any serious level of API access via these mechanisms. audit its usage. However, once we get to the API tier and start to deal with greatly expanded usage, we realize that there is a much larger set of things to measure. There are at least two important dimensions: the first is determining the success of the API program in terms of on-boarding developers and partners, driving usage, and delivering a rich set of innovative applications in an agile fashion; the second involves scrutinizing the API data itself to derive the business insights that can only be gained from a unified view of all the interaction traffic in the organization. An API platform must provide the foundation of operational analytics if it s going to be suitable for use within enterprise IT architectures. However, many enterprises have multiple mechanisms for assessing system performance and health and having this level of analytics in the API tier is sometimes erroneously viewed as being redundant. of APIs, mass customized to meet business demands, in a high-performance runtime environment. These runtime environments provide configuration-based tools for performing data-shaping mediation and transformation activities as well as lightweight programmatic capabilities via the dynamic languages that have gained favor in recent years, including node.js as well as the enterpriseproven Java language. How API-first architecture displaces ESBs and SOA in the enterprise 6

The Case for the API Tier However, a good API platform provides a robust set of capabilities for measuring the key API operational analytics not available elsewhere including access token failure rates, API-specific security threats, and performance gaps caused by the logic and systems behind the API tier. Because many capabilities, such as access tokens, are terminated at the API layer, often key ESB and, while they can be bolted on as an afterthought, they re typically not front-and-center for the managers of an ESB effort. Implementing a web site or a commerce site today without deep analytics would be unthinkable. The same is true for APIs. The API is the application interaction data are not even available for analysis outside the API layer. Such an API platform easily integrates and feeds into An API program is not an integration strategy, it s a channel strategy. enterprise-wide systems. Because the ESB does not provide such information, often obtaining these data requires more custom logic in the code sitting in front of the ESB, and further dispels the notion that direct API access to the ESB tier is viable. Understanding the channel Completely missed by most ESB analytics is the fact that an API program is not just an integration strategy: it s a channel strategy, and measuring the success of the API program requires a unique set of metrics based on developer success. The metrics studied to determine API effectiveness include the number of developers or partners registering to use an API, which applications are driving the most usage, and which API endpoints are receiving the most traffic; the list goes on. Access to such analytics cannot be limited to the API provider; they must be viewable by the application developer. These are concepts that are not native to the channel representing interactions and, therefore, deep business-level insights. As a consequence, every user interaction performed on an app results (often in a oneto-one mapping) in an API request whose payload is the rich user activity data. For any type of application, being able to collect and analyze this data in a single place at any level of scale is an incredibly powerful capability. For customer-facing applications, this is game-changing. When implemented correctly, all customer interactions, whether via web, social, or mobile mechanisms, will pass through the API tier. This provides the single point of access where insights into customer activity across all touch points can be measured. On the other hand, by the time such data is split and stored in the various systems of record on the ESB, large swaths of actionable intelligence have been discarded and the data itself no longer resembles the original user interaction in any sort of useful way. How API-first architecture displaces ESBs and SOA in the enterprise 7

Summary Although the ESB plays a critical role in the enterprise architecture, it is designed for a completely different set of concerns than are present at the API tier. It can be easy to confuse these concerns; they can appear similar in concept, though radically different in scale and granularity. Attempting to overuse the ESB tier to perform double-duty as an API tier results in the unintended consequence of increased reliance on ad-hoc app servers and custom code, as a rudimentary API tier is jury-rigged from custom logic. In this scenario, needs such as mass-customizable security, mediation, and transformation for any number of distinct partners or apps are not met. This, at best, stifles the ability for application developers to execute in an agile fashion, and, at worst, opens up the ESB to additional vulnerabilities and Internet-scale performance demands for which it was not designed. Lastly, an ESB solution completely misses the tremendous opportunity that comes from being able to derive deep customer insights from a single channel for application interaction across all user touch points. This ebook hopefully highlights for the thoughtful architect the challenges and false savings incurred by short-circuiting the separation of concerns between these two very different parts of the enterprise architecture. How API-first architecture displaces ESBs and SOA in the enterprise 8

About Apigee Apigee is a leading platform for digital acceleration. Apigee empowers enterprises to gain the speed, scale, insight, and agility required to become a digital business. Through Apigee Edge API platform and Apigee Insights predictive big data analytics, Apigee helps businesses move at the new pace and scale of digital, while predicting and continuously adapting to change. Used together, APIs and predictive analytics create a powerful adaptive cycle of continuous improvement and the faster an enterprise goes through this cycle, the faster it accelerates to become a digital business. About the Author Ed Anuff is a leader in product and technology strategy at Apigee with direct responsibility for mobile and developer products. A respected technologist, a proven innovator, and an experienced entrepreneur, Ed has designed and created innovative consumer and enterprise products, defined product strategy at early-stage and publiclytraded companies, and founded and sold several technology companies. Many of the world s leading businesses, including 20 percent of the Fortune 100, use Apigee for digital acceleration. Apigee customers include global enterprises such as Walgreens, ebay, Shell, Live Nation, Kaiser Permanente, and Sears. For more information, visit apigee.com. Share this ebook How API-first architecture displaces ESBs and SOA in the enterprise 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information