Application Services Governance
Version History .............................................................................................................................. 1
Drivers ............................................................................................................................................... 2
Findings ............................................................................................................................................. 2
Recommendations ........................................................................................................................ 2
What is Application Services Governance? ......................................................................... 2
Why is it important? ..................................................................................................................... 2
What is SDAS (Software-Defined Architecture for Application Services) design
pattern? ............................................................................................................................................. 2
API Management Platform Capability Template ............................................................... 3
Overlap between SOA Governance and API Management ............................................ 5
Glossary ............................................................................................................................................. 9
References ........................................................................................................................................ 9
Case Studies ..................................................................................................................................... 9
Figure 1 A Service Control Gateway Controls Access to Multiple Inner APIs ................. 3
Figure 2 API Management Platform Capability Template ...................................................... 4
Figure 3 SOA Governance & API Management overlap ............................................................ 5
Figure 4 ESB Deployment Plaforms ................................................................................................. 6
Figure 5 Use Case, Interaction diagram of API Management, ESB Platforms and
Cloud Platforms.............................................................................................................................. 7
Figure 6 Gartner’s Magic Quadrant 2015 ...................................................................................... 8
Version History
Initial Draft
Document1
V0.01
Lakshmi Dasari,
IT Services UCLA
1
Drivers
1. Packaged application vendors and SaaS providers publish functionality as Web
APIs
2. Mobile applications use private and public APIs to access enterprise systems of
record that necessitate governance and oversight
3. API usage is multiplying by growing population of mobile devices and computing
platforms (web, tablets, smartphones, TVs, “things” in the Internet of Things
[IoT]
Findings
SOA Governance and API Management are not two separate markets, but one.
Despite this convergence, there are two distinct architectures for delivering ASG
capabilities.
Recommendations
1. Govern Services and Manage APIs with Application Services Governance
2. Central Application Services Governance tool provides support infrastructure
that furthers API management, reuse, adoption
What is Application Services Governance?
“API management capabilities enable the successful delivery, promotion, operation,
measurement and continuous improvement of APIs. Although focused primarily on
REST-based Web APIs, API management capabilities are applicable to a variety of
service APIs, including messaging APIs, SOAP-based APIs (which may or may not
use HTTP as a transport) and custom APIs. Gartner uses the term "application
services governance" to describe the emerging discipline of end-to-end
governance for all types of network services”
“Application Services Governance goes beyond API Management. It is about Planning, design, Implementation, Publication, Operation, Consumption,
Maintenance and Retirement of APIs and Services”
Why is it important?
“API management platform capabilities enable API providers to successfully deploy,
maintain, promote and sustain an API strategy. If you intend to be an API provider,
you need some or most of the capabilities discussed in this template. Consequences
of not having them include lack of API developer traction and adoption, production
problems brought about by poorly thought out versioning and deployment, security
breaches thanks to improperly designed access control or encryption
implementations, and a lack of provable ROI for the whole API program. “
What is SDAS (Software-Defined Architecture for Application Services) design pattern?
“SDAS is a design pattern in which access to the functionality and data provided
over an organization's service network is enabled using managed virtual APIs (i.e.,
Document1
2
the "outer APIs" in Figure 1). These outer APIs serve as the entry point to the
multiple back-end systems, content and data sources that are needed to implement
systems of differentiation and systems of innovation. Accessed via an SDAS service
control gateway, outer APIs are designed to best meet consumer requirements and
are decoupled from the "inner APIs" (i.e., the APIs that are implemented inside an
organization's back-end applications), which are optimized for service design,
development and deployment as well as runtime efficiency (see Figure 1).”
Figure 1 A Service Control Gateway Controls Access to Multiple Inner APIs
Source : Gartner (September 2014) - Evaluate Gateway Capabilities Required to Deploy
Software-Defined Architecture for Application Services
API Management Platform Capability Template
Supports 4 important Use cases –
1. Enable Developers to use APIs
2. Manage API Life Cycle
3. Communicate Securely, Reliably and Flexibly
4. Measure and Improve Business Value
Document1
3
Figure 2 API Management Platform Capability Template
Source: Gartner (October 2013)
SOA Governance vs API Management
Table 1. Two Worlds (Seemingly) Apart
SOA (Governance) World
API Management World
Mainly is about services
Mainly is about APIs
You must govern services
throughout their life cycle to get
value out of SOA
You expose APIs to the Web and you need to manage them to
prevent chaos in their usage and make the new channel work
Unlimited faith in Java and WS
Unlimited faith in REST
The more services you have, the
better (wrong)
Generally exposes one to two APIs, then drives as much usage as
possible before introducing new ones
Technology typically on-premises
Mainly delivered as cloud services
Services typically used within a
company's firewall
API used typically across the Web by external entities and mobile
programmers
Document1
4
Table 1. Two Worlds (Seemingly) Apart
SOA (Governance) World
API Management World
People feel the need for governance
The entity exposing APIs typically needs management; the users of
the API, especially mobile programmers, would steer clear of
anything that has a "governance" tag
Wants to open up, embrace, and
eventually swallow API
management
Sees SOA as a dinosaur of the past and wants nothing to do with it
Generally governs with a "stick"
approach (see Note 1)
Generally governs with a "carrot" approach
Source: Gartner (November 2012)
Overlap between SOA Governance and API Management
Figure 3 SOA Governance & API Management overlap
Source: Gartner (November 2012)
ESB/iPaaS Deployment models @ UC
Document1
5
Figure 4 ESB Deployment Plaforms
Source: UC ITAG Wiki – ESB Deployment models
Notable Usages –
UCB - Fuse ESB, API Management based on 3Scale & Possibly API Gateway from CA
UCSD – WS02 as ESB platform and WS02 API Manager for API Management
UCOP – Mulesoft’s CloudHub – iPaaS solution
UCSF – Mulesoft – See Mulesoft ESB evaluation and Q&A on ITAG webinars
Document1
6
Figure 5 Use Case, Interaction diagram of API Management, ESB Platforms and Cloud Platforms
HigherEd Requirements/Use cases for API Management Solution
1. Support multiple locations (Multi-tenancy)
2. Support for various application integration platforms on-prem and in the
cloud (ESBs, application servers, Paas, iPaaS, IaaS)
3. Support multiple authentication mechanisms
a. Recognized API authentication mechanisms
i. oAuth, OpenID Connect, Json Tokens
4. Todo
Document1
7
Magic Quadrant for Application Services Governance
Figure 6 Gartner’s Magic Quadrant 2015
Source: Gartner (April 2015)
Apigee – Comprises of Apigee Edge, Apigee Insights, API Exchange. Apigee-127 open
sourced microservice-oriented version. Cloud or on-premise installations.
Axway – Comprises of Gateway, Manager, Portal, Analytics, Application Studio,
Sentinel. Relatively little experience with Subscription-based Cloud computing.
CA Technologies - Acquired Layer 7. Complete offering. Very much on-premise
offering, not suitable for cloud gateways.
Mashery – Acquired by Intel. Cloud-centric offering.
Mulesoft – API platform called Anypoint Platform which is open-source. Brought
RAML to the forefront. Has commercial and open-source (controlled by Mulesoft)
offerings.
3Scale – Distributed Architecture, on-premise agents and policy management in the
cloud.
WS02 – WS02 API manager is free/open source for on premise, hosted instance via
WS02 cloud.
Document1
8
Glossary
1
2
3
4
5
6
7
API
SOA
API Manager
API Gateway
API Portal
API Analytics
iPaaS
Service Oriented Architecture
Integration Platform as a Service (iPaaS) is a suite of cloud
services enabling development, execution and governance
of integration flows connecting any combination of on
premises and cloud-based processes, services,
applications and data within individual or across multiple
organizations.
References
1. Gartner – Basic API Management Will Grow Into Application Services
Governance (10/2014 – Archive)
2. Gartner – Govern Your Services and Manage Your APIs With Application Services
Governance (11/2012)
3. Gartner - Magic Quadrant for Application Services Governance (04/2015)
4. Gartner – Run and Evolve a Great Web API With API Management Capabilities
(10/2013)
5. Gartner – Evaluate Gateway Capabilities Required to Deploy Software-Defined
Architecture for Application Services (09/2014)
6. SOA Governance – UC ITAG – Enterprise Service Bus Deployment Patterns
7. Gartner IT Glossary
Case Studies
https://www.mulesoft.com/case-studies/soa/deakin
https://www.mulesoft.com/case-studies/saas/ucsf
Document1
9