More Related Content Similar to One Gateway to Rule them All: Building a Federated API Management Platform (20) More from Sven Bernhardt (13) One Gateway to Rule them All: Building a Federated API Management Platform1. © OPITZ CONSULTING 2023 / Öffentlich
One Gateway to rule them all 1
Building a Federated API
Management Platform
Nuremberg, 2023-11-22
Sven Bernhardt
ONE GATEWAY TO RULE THEM ALL
2. © OPITZ CONSULTING 2023 / Öffentlich
THAT‘S ME
One Gateway to rule them all 2
Sven Bernhardt
Cloud-Native enthusiast, API & integration geek. Always curious how new
technologies and concepts can help to make things more valuable and efficient.
@sbernhardt
https://svenbernhardt.wordpress.com/
Chief Architect / Integration Evangelist
OPITZ CONSULTING Deutschland
GmbH
3. © OPITZ CONSULTING 2023 / Öffentlich
One Gateway to rule them all 3
WHERE WE ARE
01
APIS & GATEWAYS
02
CONCLUSION
04
API PLATFORMS
03
5. © OPITZ CONSULTING 2023 / Öffentlich
THE WORLD IS CLOUD-NATIVE …
One Gateway to rule them all 5
¢ Characteristics of Cloud-native apps:
¢ Loose coupling
¢ Resilient and fault-tolerant
¢ Scalable
¢ Manageable
¢ Observable
“… loosely coupled systems that are resilient,
manageable, and observable. Combined with robust
automation, they allow engineers to make high-impact
changes frequently and predictably with minimal toil.”
(CNCF definition Cloud-native)
Cloud-native
Microservices & APIs
CI / CD
DevOps
Containers
6. © OPITZ CONSULTING 2023 / Öffentlich
… AND OFTEN AT LEAST HYBRID
OR HYBRID, MULTI-CLOUD
One Gateway to rule them all 6
¢ Shift to the Cloud continues
¢ Trend leads toward using multiple Clouds
(Best-of-breed approach)
¢ On-prem systems are replaced or
complemented by SaaS offerings
7. © OPITZ CONSULTING 2023 / Öffentlich
MOVE TO THE CLOUD AND CLOUD-NATIVE PRINCIPLES FURTHERS
TREND TO DECENTRALIZATION
One Gateway to rule them all 7
Centralized
STATIC
ON-PREM
MONOLITH
VIRTUAL MACHINES
MANUAL CHANGE PROCESS
Decentralized
DYNAMIC
CLOUD / MULTI-CLOUD
MICROSERVICES / SERVERLESS
CONTAINERS, KUBERNETES
AUTOMATED CI/CD TOOL CHAIN
# Services & APIs
CONTROL AND VISIBILITY
8. © OPITZ CONSULTING 2023 / Öffentlich
One Gateway to rule them all
Gen 0
ESB
Gen 1
XML Appliances
Gen 2
REST & API Gateways
Gen 3
µGateways
Timeline
2006 2011 2014
API GATEWAY EVOLUTION: FROM SIMPLE REVERSE PROXIES TO
MICROGATEWAYS
8
9. © OPITZ CONSULTING 2023 / Öffentlich
WE’RE FACING A MAJOR TECHNOLOGY TRANSITION THAT WE
SHOULD ACTIVELY SHAPE
One Gateway to rule them all 9
Source: https://www.youtube.com/watch?v=D41cLljxZ-U&list=PLg_AhYkg50vi_DVrEqKPX11blSwom6YUr&index=4
10. © OPITZ CONSULTING 2023 / Öffentlich
HAVING AN API VISION THAT DEFINES THE WHY, HOW AND WHAT
IS IMPORTANT TO SUCCEED!
One Gateway to rule them all 10
¢ When thinking about APIs, it should have a
business impact
¢ APIs are digital products and should be
handled as such
¢ Product orientation mainly impacts people
and the organization
¢ Technology is a vehicle that enables
sustainable Product management
¢ API Vision needs to ensure that change
happens in a balanced way
People
Organization
Technologies
11. © OPITZ CONSULTING 2023 / Öffentlich
One Gateway to rule them all 11
APIS & GATEWAYS
02
12. © OPITZ CONSULTING 2023 / Öffentlich
API-PRODUCTS ARE USED TO COMPREHENSIBLE INTERACT WITH THE
OPERATIONAL DATA WITHIN A DOMAIN
One Gateway to rule them all
¢ Characteristics of an API product:
¢ User experience (UX)
¢ Reliability
¢ API products are consumer-centric
¢ API products may have different In-
/Output Ports:
¢ Sync for User-centric interactions
¢ Async for System-centric interactions (e.g.
Cross-Domain interactions)
API Contract
(e.g. Open API)
12
13. © OPITZ CONSULTING 2023 / Öffentlich
REALIZE THAT APIS ARE SUBJECT
TO A LIFECYCLE
One Gateway to rule them all 13
¢ A stable API lifecycle is an essential part of an
effective API governance strategy
¢ API lifecycle
¢ Reaches from idea to „ready to use API“
¢ Supports fast innovation lifecycles
¢ Helps to implement API-first strategy
¢ There are different lifecycles for producers &
consumers – but related
¢ Benefits
¢ Increased productivity
¢ Greater visibility
¢ Organizational alignment
Design
Review & build
Deploy
Promote,
deprecate, retire
Operate &
observe
Learn & evolve
API ideation &
planning
Back to design due to
consumer feedback
during development
14. © OPITZ CONSULTING 2023 / Öffentlich
API CONTRACTS NEED TO DELIVER A GREAT USER EXPERIENCE (UX)
One Gateway to rule them all
¢ Focus on potential consumers
¢ How will a consumer use my API?
¢ What kind of resources and operations are
needed by the consumers?
¢ APIs should be consumer-centric and thus
be consumable
¢ Well-designed, secured and compliant
¢ Documented, discoverable and accessible
¢ Performant, reliable and scalable
Source: https://konghq.com/blog/what-is-apiops/
Compliant
Functional Findable
The intersection of the three
characteristics defines
consumable APIs!
When we talk about APIs, we don't necessarily
mean REST APIs!
14
15. © OPITZ CONSULTING 2023 / Öffentlich
ESTABLISH API GATEWAY AS A SINGLE ENTRY POINT TO AN
ENTERPRISES BACKEND SERVICES
One Gateway to rule them all 15
¢ Cares about APIs at runtime
¢ Allow for consistent Governance
¢ Increase transparency
¢ API usage
¢ APIs available
¢ Conform with security standards
¢ Increase Developer Productivity
Managing APIs means more than just having an
API Gateway in place! Things (mostly) automated
API lifecycle as well as community management.
16. © OPITZ CONSULTING 2023 / Öffentlich
API GATEWAY AS A SHARED POLICY LAYER
One Gateway to rule them all 16
Business
Logic (B)
Policy (P)
OTHER
MONOLITH
Routing
Load Balancing
Authentication
Authorization
Logs & Metrics
Rate Limiting
Caching
Validation
Transformation
MICROSERVICES
MULTI-CLOUD & KUBERNETES
ON-PREMISE
HOSTING
B
Shared Policy Layer (API Gateway)
B B B B B B
B B B
Serverless
(e.g. AWS
Lambda)
More applications and services
More languages and protocols
REST}
{
More deployment types
3RD-PARTY
17. © OPITZ CONSULTING 2023 / Öffentlich
One Gateway to rule them all 17
CHALLENGE: BALANCE BETWEEN SPEED AND CONSISTENCE
https://opitzcloud.canto.global/b/I3FO4
18. © OPITZ CONSULTING 2023 / Öffentlich
DECENTRALISED API MANAGEMENT: FOCUS ON SPEED
One Gateway to rule them all 18
API Platform
Dev
Team 1
Dev
Team 2
Dev
Team n
API Standard 1
API Standard 2
API Standard n
Decreasing
consistency
19. © OPITZ CONSULTING 2023 / Öffentlich
CENTRALISED API MANAGEMENT: FOCUS ON CONSISTENCE
One Gateway to rule them all 19
API Platform
Dev
Team 1
Dev
Team 2
Dev
Team n
API
Platform
Team
Review loop
Review loop
Review loop
API
Guidelines
API
Guidelines
API
Guidelines
Decreased
speed
20. © OPITZ CONSULTING 2023 / Öffentlich
One Gateway to rule them all 20
AUTOMATION TO BALANCE SPEED AND CONSISTENCE
https://opitzcloud.canto.global/b/OQR0O
21. © OPITZ CONSULTING 2023 / Öffentlich
APIOPS APPROACH: FOCUS ON SPEED AND CONSISTENCE
One Gateway to rule them all 21
API Platform
Dev
Team 1
Dev
Team 2
Dev
Team n
API
Platform
Team
API
Guidelines
API
Guidelines
API
Guidelines
Automated deployment
Governance layer
Defines
Guidelines, Rules
& Restrictions
Automated, direct
feedback
Automated, direct
feedback
Automated, direct
feedback
23. © OPITZ CONSULTING 2023 / Öffentlich
One Gateway to rule them all 23
CHARACTERISTICS OF A MODERN
API PLATFORM
Modern Tooling: Use modern engineering tools and
techniques, infrastructure as code and automation
Easy Onboarding: Low ramp for new internal teams to
onboard to the platform
Minimize cognitive load: Empower developers to foucs
on delivering core business value
Continually evolve: The Platform should be flexible
enough to support new use cases (Desing4Change)
01
02
03
04
24. © OPITZ CONSULTING 2023 / Öffentlich
WHEN TALKING ABOUT PLATFORMS WE NEED TO TALK ABOUT
PLATFORM ENGINEERING
One Gateway to rule them all 24
What is Platform Engineering?
“Platform engineering is an emerging
technology (concept) that can accelerate the
delivery of applications and the pace at which
they produce business value.”
Gartner
25. © OPITZ CONSULTING 2023 / Öffentlich
A MODERN API PLATFORM NEEDS TO BE READY TO ADDRESS CHALLENGES IN
MORE AND MORE DISTRIBUTED WORLD
One Gateway to rule them all
¢ Postulate: Modern architectures are at least hybrid and may
be hybrid, multi-cloud
¢ Ideally, a distributed API platform is unified
¢ Increases efficiency in operating
¢ Allow to easily evolve the platform
¢ Different models to organize an API Platform
¢ Siloed
¢ Centralized
¢ Federated
25
26. © OPITZ CONSULTING 2023 / Öffentlich
SILOED MODEL
One Gateway to rule them all 26
¢ Deployment blueprints (IaC) provided by
Platform team
¢ Fully isolated platform for each Product /
Domain team
¢ No dependency on the central team
¢ Maintenance, Updating / Patching
¢ Security, Hardening
¢ Product / Domain teams are not bound to
central governance processes
¢ Reusage and sharing between teams is
limited
27. © OPITZ CONSULTING 2023 / Öffentlich
CENTRALIZED MODEL
One Gateway to rule them all 27
¢ The platform team is responsible for the API
platform
¢ Maintenance, Updating / Patching
¢ Security, Hardening
¢ Scaling
¢ Deployed API gateways are shared between
teams
¢ A shared Platform team can become a
bottleneck
¢ Limited ability to implement strict isolation
between different business units
28. © OPITZ CONSULTING 2023 / Öffentlich
WHAT DOES “FEDERATION” MEAN?
One Gateway to rule them all 28
¢ Characteristics
¢ Central federal governance unit
¢ Defines guidelines
¢ Defines binding rules
¢ Self-governing sub-units
¢ Using guidelines, but are free to implement
¢ Internal autonomy
¢ Clear delineation of responsibilities
¢ Shared
¢ Exclusive (executed by central unit)
¢ Decisions made by sub-units cannot be
overruled by the central unit
“A federation (a federal state) is a political entity characterized
by a union of partially self-governing provinces, states, or other
regions under a central federal government (federalism).
Alternatively, a federation is a form of government in which
sovereign power is formally divided between a central
authority and several constituent regions so that each region
retains some degree of control over its internal affairs.”
(Def. Federation (political), Source: Wikipedia)
29. © OPITZ CONSULTING 2023 / Öffentlich
FEDERATED MODEL
One Gateway to rule them all 29
¢ One centralized Control plane run by a
Platform team
¢ Used by all teams within an organization
¢ Multi-tenancy
¢ Multiple API gateways (Data planes)
¢ Managed by Product / Domain teams
¢ Helps teams become more independent
¢ Configuration managed within the teams
¢ Golden images provided by a Platform team
¢ Updates / Security (Hardening) managed centrally
¢ Automated provisioning (IaC)
Source: https://konghq.com/blog/enterprise/federated-api-management
30. © OPITZ CONSULTING 2023 / Öffentlich
CHALLENGES FOR FEDERATED MODELS IN HETEROGENEOUS ARCHITECTURES
One Gateway to rule them all 30
¢ Some API vendors offer federated API
platforms for heterogeneous architectures
¢ Heterogeneous approach
¢ Different Gateways from different vendors
¢ No standard for communication between
CP and DPs
¢ Limited feature support (e.g. just syncing
API contracts, not configuration)
31. © OPITZ CONSULTING 2023 / Öffentlich
WHAT IS KONG?
One Gateway to rule them all 31
¢ Lightweight, fast, and flexible cloud native API gateway
¢ Facts:
¢ 400B+ API Calls
¢ 312M+ Downloads
¢ 35K+ GitHub stars
¢ Characteristics:
¢ Fully automated (APIOps)
¢ Deployment agnostic
¢ Highly extensible
32. © OPITZ CONSULTING 2023 / Öffentlich
FEDERATED API MANAGEMENT WITH KONG
One Gateway to rule them all 32
34. © OPITZ CONSULTING 2023 / Öffentlich
DEMO SETUP
One Gateway to rule them all 34
¢ Hybrid and Multi-Cloud architecture
¢ Data Planes distributed over
¢ Oracle Cloud (Compute)
¢ AWS (EC2)
¢ On-prem (Dockerized deployment)
¢ K8s example Kong Ingress Controller
¢ Oracle Container Engine For Kubernetes (OKE)
¢ All managed through Kong Konnect
35. © OPITZ CONSULTING 2023 / Öffentlich
DEMO OVERVIEW
One Gateway to rule them all 35
OCI
AWS
Kong Konnect
On-Premises
Cloud
Kong Ingress
Controller
(KIC)
manages
manages
manages
Management Plane
37. © OPITZ CONSULTING 2023 / Öffentlich
KEY TAKEAWAYS
One Gateway to rule them all 37
¢ APIs need to be managed
¢ Collaboration is key for good API products
¢ It’s all about community
¢ To be able to efficiently manage your APIs
a platform is needed
¢ Focus on Developer Experience (DX)
¢ Focus on Automation
¢ Focus on Standardization
¢ The federated model provides flexibility,
but also requires buy-in from Product
teams
39. © OPITZ CONSULTING 2023 / Öffentlich
INTEGRATION IS THE FOUNDATION FOR IT-MODERNIZATION
One Gateway to rule them all
Sven Bernhardt
Chief Architect
sven.bernhardt@opitz-
consulting.com
www.opitz-consulting.com
Thanks for your attention!
Questions left? Contact me!
39