Blog Feed Post

Enterprise Class Multitenant API Management

Here is a free lesson to start-up companies trying to position their products for large scale Enterprises:  plain and simple, your products need to support multitenancy.

The largest enterprises are diversified, and with the increased adoption of APIs, multiple departments will want to own and control their own API definitions, life-cycle management and API policies  – for both production and development.

This assumes an “on-premise” or “owned” model where the Enterprise owns and manages the infrastructure to expose the API themselves.  I’ve talked before about the blind faith we sometimes put into SaaS; it’s the religion of our time.  For those that want a more quantitative view, this simple TCO calculator can do wonders. Before you place your banner down on one side of the argument, look at the numbers for yourself and actually calculate which is better for your organization.

For Enterprise API Management, a mid-sized organization might address these concerns by deploying a number of independent clusters of virtual API Gateways (software or appliances) to ensure isolation for security and availability. While this model works, it is not efficient as the Enterprise may buy more licenses than are justified by throughput alone, not to mention the operational overhead of managing each API gateway itself.

Even if a mid-sized Enterprise can get away with it, a large service provider that needs to worry about driving costs out of its IT budget cannot as the savings multiply per instance.

Single Tenant API Management Platform

Single Tenant API Management Platform

For example, take the first diagram as an example case study. Here a customer uses API gateways to surface APIs, with projects originating in different departments, each with its own audience. Here we have three tenants or business groups:  sales & marketing, the CIO Team, and the cloud service architects. The sales and marketing team has a new content-rich tablet application that accesses relevant partner and social feeds exposed by the Enterprise, the CIO Team has opened internal APIs for integration and mobile employee productivity apps, and the cloud architects have exposed APIs for external B2B and partner access.

In each case gateways are provisioned as a set of units specific for these tenants. In this environment there is a tendency to over-provision, no matter how accurate you think your sizing will be in terms of number of API calls and data throughput. Based on actual throughput, each department is likely replicating costs & resources for  fail-over, high availability and operational maintenance.

If we take this example and extrapolate to to a larger Enterprise, the repeated costs can really add up. This is where a true multitenant API Management platform helps.

Multitenant API Management adds the correct measure of control & resource allocation to drive costs out of the system. In the multitenant case, we’ve reduced the number of licenses (including gateway, O/S, and other software licenses) by nearly 40%. Rather than maintain three distinct clusters, the same separation of concerns, manageability and policy separation, as well as fail-over and throughput is being handled by 10 gateways. Multitenancy brings consolidation and efficiencies for API management.

Multi-Tenant API Management

Multitenant API Management

While all of this is conceptually simple, actually building the feature in a production product is difficult and takes careful engineering to ensure the system is resilient to tenant changes yet remains stable in the face of potentially millions of API requests. This is exactly what we’ve done in Expressway for API Management over the last 8-10 years working with the Fortune 50. Despite claims made by others, your product probably doesn’t support true multitenancy that scales to production use cases unless you are an Expressway customer.

Many of the products in the market go only ‘halfway’, supporting a set of views or domains, but never support a true separation of statistics, logs, roles. and insulated policy changes for production environments. Halfway doesn’t cut it when there are trillion devices out there looking to access your API.

Expressway Multitenant API Management Capabilities:

  1. Insulated tenants – Application data is protected from view from other tenants in the system
  2. Log Separation – Statistics and logs produced by one tenant are only viewable within a tenant context
  3. Distinct Roles – Tenants have unique administrative roles that are separated from system management
  4. Policy Lifecycle Separation – APIs and their associated policies can be updated and changed independent of other tenants’ administrative operation and runtime processing
  5. Scriptable Configuration – Expressway multi-tenancy is controllable by scripting languages from the command line such as Python and Perl to automate API deployment into an Enterprises API layer
  6. Global Manager Control – The entire tenancy system is controlled by a global manager role used to manage tenants, provide a consolidated view and manage clustering, all with the Fortune 50 CIO in mind.

Got APIs? Got Multitenancy Requirements? Expressway can help.

Expressway API Manager

Expressway API Manager


The post Enterprise Class Multitenant API Management appeared first on Application Security.

Read the original blog entry...

More Stories By Application Security

This blog references our expert posts on application and web services security.

Latest Stories
The dynamic nature of the cloud means that change is a constant when it comes to modern cloud-based infrastructure. Delivering modern applications to end users, therefore, is a constantly shifting challenge. Delivery automation helps IT Ops teams ensure that apps are providing an optimal end user experience over hybrid-cloud and multi-cloud environments, no matter what the current state of the infrastructure is. To employ a delivery automation strategy that reflects your business rules, making r...
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is foundational - something customers routinely cite as a top pain point. In his session at @DevOpsSummit at 21st Cloud Expo, Bill Borsari, Head of Systems Engineering at Datera, explored how organizations can reap the bene...
Kubernetes is an open source system for automating deployment, scaling, and management of containerized applications. Kubernetes was originally built by Google, leveraging years of experience with managing container workloads, and is now a Cloud Native Compute Foundation (CNCF) project. Kubernetes has been widely adopted by the community, supported on all major public and private cloud providers, and is gaining rapid adoption in enterprises. However, Kubernetes may seem intimidating and complex ...
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). According to the survey, a quarter of the respondents have already deployed Docker containers and nearly as many (23 percent) are employing the AWS Lambda serverless computing framework. It’s clear: serverless is here to stay. The adoption does come with some needed changes, within both application development and operations. Tha...
In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Services at NetApp, described how NetApp designed a three-year program of work to migrate 25PB of a major telco's enterprise data to a new STaaS platform, and then secured a long-term contract to manage and operate the platform. This significant program blended the best of NetApp’s solutions and services capabilities to enable this telco’s successful adoption of private cloud storage and launching ...
In his general session at 21st Cloud Expo, Greg Dumas, Calligo’s Vice President and G.M. of US operations, discussed the new Global Data Protection Regulation and how Calligo can help business stay compliant in digitally globalized world. Greg Dumas is Calligo's Vice President and G.M. of US operations. Calligo is an established service provider that provides an innovative platform for trusted cloud solutions. Calligo’s customers are typically most concerned about GDPR compliance, application p...
The past few years have brought a sea change in the way applications are architected, developed, and consumed—increasing both the complexity of testing and the business impact of software failures. How can software testing professionals keep pace with modern application delivery, given the trends that impact both architectures (cloud, microservices, and APIs) and processes (DevOps, agile, and continuous delivery)? This is where continuous testing comes in. D
The 22nd International Cloud Expo | 1st DXWorld Expo has announced that its Call for Papers is open. Cloud Expo | DXWorld Expo, to be held June 5-7, 2018, at the Javits Center in New York, NY, brings together Cloud Computing, Digital Transformation, Big Data, Internet of Things, DevOps, Machine Learning and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding busin...
Smart cities have the potential to change our lives at so many levels for citizens: less pollution, reduced parking obstacles, better health, education and more energy savings. Real-time data streaming and the Internet of Things (IoT) possess the power to turn this vision into a reality. However, most organizations today are building their data infrastructure to focus solely on addressing immediate business needs vs. a platform capable of quickly adapting emerging technologies to address future ...
SYS-CON Events announced today that Synametrics Technologies will exhibit at SYS-CON's 22nd International Cloud Expo®, which will take place on June 5-7, 2018, at the Javits Center in New York, NY. Synametrics Technologies is a privately held company based in Plainsboro, New Jersey that has been providing solutions for the developer community since 1997. Based on the success of its initial product offerings such as WinSQL, Xeams, SynaMan and Syncrify, Synametrics continues to create and hone in...
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know that not all workloads are suitable for cloud. You know that you want the kind of ease of use and scalability that you get with public cloud, but your applications are architected in a way that makes the public cloud a non-starter. You’re looking at private cloud solutions based on hyperconverged infrastructure, but you’re concerned with the limits inherent in those technologies.
Nordstrom is transforming the way that they do business and the cloud is the key to enabling speed and hyper personalized customer experiences. In his session at 21st Cloud Expo, Ken Schow, VP of Engineering at Nordstrom, discussed some of the key learnings and common pitfalls of large enterprises moving to the cloud. This includes strategies around choosing a cloud provider(s), architecture, and lessons learned. In addition, he covered some of the best practices for structured team migration an...
No hype cycles or predictions of a gazillion things here. IoT is here. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, an Associate Partner of Analytics, IoT & Cybersecurity at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He also discussed the evaluation of communication standards and IoT messaging protocols, data...
With tough new regulations coming to Europe on data privacy in May 2018, Calligo will explain why in reality the effect is global and transforms how you consider critical data. EU GDPR fundamentally rewrites the rules for cloud, Big Data and IoT. In his session at 21st Cloud Expo, Adam Ryan, Vice President and General Manager EMEA at Calligo, examined the regulations and provided insight on how it affects technology, challenges the established rules and will usher in new levels of diligence arou...
Most technology leaders, contemporary and from the hardware era, are reshaping their businesses to do software. They hope to capture value from emerging technologies such as IoT, SDN, and AI. Ultimately, irrespective of the vertical, it is about deriving value from independent software applications participating in an ecosystem as one comprehensive solution. In his session at @ThingsExpo, Kausik Sridhar, founder and CTO of Pulzze Systems, discussed how given the magnitude of today's application ...