Hewlett Packard Enterprise View on Going Big with API Management - Application Transformation, Hybrid Infrastructure and Secure Access at an Enterprise Scale
3 likes4,616 views
The document discusses Hewlett Packard Enterprise's (HPE) perspective on API management and application transformation, emphasizing the need for organizations to adapt to rapid technological change and competitive demands. It outlines the role of APIs in facilitating communication between systems, as well as the challenges and strategies involved in modernizing legacy applications and adopting cloud-based solutions. Key considerations for API design, governance, and management practices are also highlighted to support the transition towards a digital-first business model.
Hewlett Packard Enterprise View on Going Big with API Management - Application Transformation, Hybrid Infrastructure and Secure Access at an Enterprise Scale
- 1. Hewlett Packard Enterprise View on Going Big with API Management - Application Transformation, Hybrid Infrastructure and Secure Access at an Enterprise Scale Terry White DevOps: API Management and Application Development Hewlett Packard Enterprise Fellow and Chief Technologist, Enterprise Services ABS DO3T11S @twhiteindtw #CAWorld
- 2. It’s about what you don’t see Terry White November 2015
- 3. | Agenda 3 MARKET AND CLIENT TRENDS APPLICATION TRANSFORMATION CONSIDERATIONS FOR CREATION AND USE APPLICATION PROGRAMMING INTERFACE (API) API MANAGEMENT & GATEWAY API DESIGN, GOVERNANCE AND EXAMPLE FOR HPE 1 2 3 4 5 6 WHAT’S NEXT, WHAT’S NOW? MICROSERVICES7
- 4. | Organizations are part of a dynamic ecosystem Demands and pace of change are increasing Suppliers Information sources Communities Your Organization Employees PartnersDevices Customers & Citizens • Everything and everyone’s connected • Anywhere, any time, any access • Immersive experiences, unhindered commerce, instant gratification • More market opportunities; more disruptive competition • Business and IT strategies converging Regulators Your Competitors 4
- 5. | Disrupting innovation is accelerating Mainframe Client/server Internet Mobile, social, big data, cloud 600,000+ tweets 2.2M Google searches 168 million+ emails sent And every 60 seconds: 217 new mobile web users • 2/3 of IT decision makers spending less on traditional services as a result of moving to the cloud • Average cost of a security breach $8.6M USD • Volume of data by 2020: 40+ Zettabytes 5
- 6. | The Internet Client/Server Mobile, Social, Big Data & The Cloud Mainframe Database ERP CRM SCM HCM HCM PLM MRM Amazon Web Services OpSource IBM GoGrid Rackspace Joyent Hosting.com Tata Communications Datapipe PPM Alterian Hyland LimeLight NetDocuments NetReach OpenText PaperHost Xerox Google HP Microsoft SLI Systems EMC IntraLinks Jive Software Qvidian Sage salesforce.com SugarCRM Volusion Xactly Zoho Adobe Avid Corel Microsoft Paint.NET Serif Yahoo CyberShift Saba Softscape Sonar6 Ariba Yahoo! Quadrem Elemica Kinaxis CCC DCC SCM Cost Management Order Entry Product Configurator Bills of Material Engineering Claim Processing Inventory Manufacturing Projects Quality Control Business Education Entertainment Games Lifestyle Music Navigation News Photo & Video Productivity Reference Social Networking Sport Travel Utilities Unisys Burroughs Hitachi NEC Bull Fijitsu ADP VirtualEdge Cornerstone onDemand CyberShift Workbrain Kenexa Saba Softscape Sonar6 SuccessFactors Taleo Workday Workscape Exact Online FinancialForce.com Intacct NetSuite SAP NetSuite Plex Systems Cash Management Accounts Receivable Fixed AssetsCosting Billing Time and Expense Activity Managemen t Payroll Training Time & Attendance Rostering Sales tracking & Marketing Commissions Service Data Warehousing Finance box.net Facebook LinkedIn TripIt Pinterest Zynga Zynga Baidu Twitter Twitter Yammer Atlassian Atlassian MobilieIron SmugMug SmugMug Atlassian Amazon Amazon iHandy PingMe PingMe Associatedcontent Flickr Snapfish YouTube Answers.com Tumblr. Urban Scribd. Pandora MobileFrame.com Mixi CYworld Qzone Renren Xing Yandex Yandex Heroku RightScale New Relic AppFog Bromium Splunk CloudSigma cloudability kaggle nebula Parse ScaleXtreme SolidFire Zillabyte dotCloud BeyondCore Mozy Viber Fring Toggl MailChimp Quickbooks Hootsuite Foursquare buzzd Dragon Diction eBay SuperCam UPS Mobile Fed Ex Mobile Scanner Pro DocuSign HP ePrint iSchedule Khan Academy BrainPOP myHomework Cookie Doodle Ah! Fasion Girl Disruptive innovation is accelerating Docker Cloud Foundry OpenShift OpenStack Azure The waves are getting bigger and coming faster 6
- 7. | Applications and enterprise organization structure – Aligned to organizational boundaries/budgets – Functionally aligned – Designed to assist with department & organizational tasks – Automate and Optimize – Often sub-optimize – Secured within the boundaries – Sharing across boundaries through data – Investment ROI Enterprise Legal HR Finance R&D DevelopmentMarketing Manufacturing Sales Distribution 7
- 8. | Infrastructure Data User Interface Applic. Interface Application Functions Business Rules Business Process Controls Legacy Application Architecture Infrastructure Data User Interface Applic. Interface Application Functions Business Rules Business Process Controls Infrastructure Data User Interface Applic. Interface Application Functions Business Rules Business Process Controls Application A Program Y 8 Program X Application XYZ • Dozens and dozens of programs • 100’s or 1000’s of Batch • Files & databases Data Stores Data Access Business Presentation Infrastructure Modernize Technology New Legacy
- 9. | Application Transformation – Pain Points Inflexibility — Current applications don’t provide the services, access to business tasks, and information required to truly deliver valuable customer- and employee-experience applications and services. This makes it difficult for the business to be IT-enabled. Cost — IT resources not directed where they’re needed, with traditional IT (legacy infrastructure and applications) consuming most of the IT resources. Risk — Legacy applications are increasingly reliant upon scarce (and disappearing) technology skills and aging infrastructure (e.g., mainframes). This increases both operational and business risks over time Speed —Today’s applications are hard to change, improve, and adapt to offer new capabilities. Businesses need to move faster than ever to take advantage of business opportunities and/or meet regulatory requirements. 9 “The speed of business has changed immensely. The demand for speed is constant and disruptive.” — Lee Kedrie, HPE Cloud Advisor
- 10. | Cloud native SaaS package adoption Binary only Application Transformation Scenarios Re-host Re-installation Re-host Recompile Re-host Source code mod. Re-factor Source Code upgrade Re-Architect Forward & Reverse Engineer Business Logic Re-host Image Migration Retire Archive Uninstall Replace COTS upgrade Dynamic Application P2V Containerize Upgrade to latest runtime version Eg: Unix to Linux Mainframe Cobol to Linux/Microsoft Take advantage of cloud automation Service – enable Core Apps COTS or in- house application Apps Integration 2 Cloud (AI2C)Data Migration 4 Cloud (DM4C) Re-host Binary Migration Upgrade COTS & Custom Adopt latest and standard COTS Package New Service & API Introduction Cloud Hosted Cloud NativeCloud Aware Static Application 10
- 11. | Transformation to cloud is a journey with different on-ramps Enterprises will start with different use cases and create unique paths to cloud enable their business Standardize, Consolidate, Virtualize, Automate Build Cloud Build Cloud Packaged Applications Dev/Test Cloud Packaged Applications Build Cloud Application Transformation SaaS Applications Dev/Test Cloud Dev/Test Cloud Application Transformation API enabled hybrid infrastructure Private cloud Public cloudManaged cloud Traditional “The API is everything for cloud computing” - David Linthicum11
- 12. | The Digitally-Enabled Business Just as every business has a website to expose data or services for people, soon application programming interfaces (APIs) will be used to expose such assets in a machine-processable way. Gartner predicts that by 2016, 75% of the Fortune 1000 will offer public web APIs and 50% of business to business collaboration will take place through web APIs. 12
- 13. | Its an ______ Economy – fill in the blank What’s your strategy? Mobile First? API first? 13 Self-Service Ease of use Location aware Notification (Attention) Brand engagement New revenue Great Idea! PrivatePublic Traditional IT
- 14. | Application Programming Interface (API) 1) What is an API? –API is a contract. A promise to perform described services when asked in specific ways. 2) How is it used? –According to the rules specified in the contract. The whole point of an API is to define how it's used. 3) When and where is it used? –It's used when 2 or more separate systems need to work together to achieve something they can't do alone. An application programming interface (API) is a particular set of rules ('code') and specifications that software programs can follow to communicate with each other. It serves as an interface between different software programs and facilitates their interaction, similar to the way the user interface facilitates interaction between humans and computers. 14
- 15. | Evolution of APIs Source: Deloitte University Press, API economy from systems to business services, accessed October 7, 2015 15 October 28, 2015 14,187 APIs 17% increase since January
- 16. | Critical Requirements • Support - Support for your team’s interface becomes critical • Security - Every team’s interface becomes a potential Denial-of-Service attacker requiring service levels, quotas and throttling • Monitoring / QA - Monitoring and QA are interconnected, you will need smart tools for not just telling if something is up and running, but actually delivering the expected results • Discovery - Service discovery becomes important. You will need to know what APIs there are, if they are available and where to find them • Testing - Sandbox and debugging is essential for all APIs 16
- 17. | API Management Services API Publisher: enables API providers to easily publish their APIs, share documentation, provision API keys, and gather feedback on an API’s features, quality and usage API Store: provides a space for consumers to discover API functionality, subscribe to APIs, evaluate them and interact with API publishers API Gateway: enables you to secure, protect, manage, and scale API access 17 MonitoringandAnalytics ConsumersProducers Collaboration API GatewayAPI Calls Runtime Existing Services & APIs API Publisher Tooling API Store Tooling Publish DevelopMonitor Manage Find EvaluateSubscribe Explore APIAPI API+V1 Published Rated Governance
- 18. | Seven Habits of Effective Service and API Management Habit 1 Apply an API-First design approach Habit 2 Choose a solid API runtime Habit 3 Create a central service repository Habit 4 Manage services through versions, policies and contracts Habit 5 Promote and socialize your APIs Habit 6 Monitor and assess API usage Habit 7 Continually improve - refactor constantly to improve the API 18 Source: Mulesoft, Seven Habits of Highly Effective Service and API Management, August 13, 2013
- 19. | API Design Domain Driven Design - Business Context CRM SCM F&A HR Travel Health Retail Finance Agriculture Construction Manuf. Comm. Business Domains Cross Industry Domains Vertical Industry Domains Supply Chain Management (SCM) Based on Supply Chain Operations Reference (SCOR) model, Supply Chain Council Plan Source Make Deliver Return Build to Stock Build to Order Engineer to Order Schedule Issue Product Produce & Test Package Stage Release to Deliver Decompose and Create Abstractions Capacity Inventory ConstraintsDemand Simulate Count ModelAggregate AnalyzeLocate 19
- 20. | API Design Power of API’s for every domain 20 Network StorageCompute Cloud OS PaaSSaaSIaaS OSS/BSM/ITSM API abstraction at each domain and within the domain Portal/API Applications / Services Developer/Middleware/Run Time CRM SCM F&A HR Travel Health Retail Finance Agriculture Construction Manuf. Comm. API enabled business domain Apps & Services Orchestration/ Automation ----------- Configure/ Provision
- 21. | API Governance The Set of APIs and their scope – service oriented API governance Administration of APIs – lifecycle management; versioning Quality of the API – implementation, documentation - complete package to release API Policies – security access (what/whom/where), constraints, transformations, and extensions 21 API Governance/Development API Consumption Ex. HP Systinet, CA API Portal Ex. CA API Gateway Design Time Run Time • Design • Lifecycle • Policies • Standards • Resilience • Quality • Security • Implementation • Configuration • Availability • Throttling • Monitoring • Security
- 22. | Secrets of a Great API Secret #1: Design for great user experience Secret #2: Optimize for use case Secret #3: Provide easy access Secret #4: Build a community APIs are becoming ubiquitous as their potential to transform business is becoming widely recognized. But delivering a successful API program that achieves defined business objectives requires a systematic approach to designing and managing APIs. Great APIs aren’t difficult to develop if you design for your users and the business processes the API will support, if you make it easy for developers to find and consume your API, and you actively manage your API developer community as an extension of your business. 22
- 23. | API Gateway example at Hewlett Packard Enterprise Problem Statement 23 Secure API Gateway Mobile SSO Unified Authentication & Authorization Protect Backend HPE Mobile B2E & Partners • Converge efforts across corporation • Enable many and different devices Flexibility to rapidly: • Integrate new B2E/B/C Use cases • Integrate new requirements HPE B2B • Externalize large classic IT Apps • Enable integration with enterprise SaaS Apps
- 24. | Backend APIs Authorization Server Enterprise IdPs Database (tokens, services, tenant, analytics) Token Service Mobility SSO Authorization engine Service registry IdPs manager Tenants manager Analytics API Tenant Provisioning API Service Provisioning API Core API Engine SaaS providers Identity Providers DMZ Enterprise Intranet Internet HPE security Gateway Solution architecture (functional) • Central Token - Security segregation and bridging to integrate the different backend security models • SSO module for corporate mobile Apps • Service Registry • Tenant Management • Authorization enforcement - Interface with the HP Authorization server • Management console - to ease the deployment, configuration and monitoring of the platform • Analytics data - fine grained visibility on API traffic Audit-log Mobile devices 24
- 25. | Enterprise Applications handle enterprise scale but are … 25 Not the fansBuilt for the players…
- 26. | Additional Considerations when creating and using APIs – Security – Scale – Service Level – Support Level – Monitoring / logging – Versioning – Resilience / failures – Dependencies – Transaction Management – Vocabulary – Timeliness of information – DevOps – API development for new style of IT both requires DevOps and supports DevOps 26
- 27. | Going API First - It’s important to have management support At Amazon, Jeff Bezos issued a mandate sometime back around 2002: All teams will henceforth expose their data and functionality through service interfaces. Teams must communicate with each other through these interfaces. There will be no other form of inter-process communication allowed: no direct linking, no direct reads of another team’s data store, no shared-memory model, no back-doors whatsoever. The only communication allowed is via service interface calls over the network. It doesn’t matter what technology they use. All service interfaces, without exception, must be designed from the ground up to be externalizable. That is to say, the team must plan and design to be able to expose the interface to developers in the outside world. No exceptions. The mandate closed with: Anyone who doesn’t do this will be fired. Thank you; have a nice day! 27
- 28. | Hybrid IT for Applications supported by APIs ...We’re Stuck with it! API Management SaaS/ PaaS Private Cloud Mainframe Client- Server Web Apps Policies Security Public Cloud Mobile 28
- 29. | What’s next, what’s now? Microservices “Loosely coupled service oriented architecture with bounded context” - Adrian Cockcroft “What are they? – Fined grained SOA – think of a service per data table (e.g. deconstruct the database) – Language agnostic integration – Independently updated/deployed – Self-contained, bounded context (e.g. clear module boundaries based on domain context) – Require very little knowledge to use a Microservice API – Flexible versioning; ability to run multiple versions simultaneously Developing Microservices – Requires a culture and thought shift from traditional ways – From project focus to product focus – Thrives on DevOps / Automation – Build to log & monitor everything – Build to survive – Requires effective domain thinking and foresight Challenges – Inexperience – Inter team communication overhead – Domain modeling – Achieving execution speed – Synchronous vs. Asynchronous decisions – Robust frameworks and patterns (emerging) – Managing multiple versions – Managing/understanding dependencies – Multiple technology stacks Benefits – Autonomous teams – Composability of business services – Phased obsolescence – Scale – Resilience – Speed How to get started – Get management support – Implement a API proxy – Implement DevOps (Agile + Automaton) – Read the books 29 Infrastructure Data API Function Infrastructure Data API Function Infrastructure Data API Function DevOps
- 30. | Digital everything . . . Everywhere, everyday, everyone connected1 Every business is a digital business Disrupting every industry In the idea economy, anyone can change the world 30 Source: 1: IP & Science business of Thomson Reuters – The world in 2025 – 10 predictions in innovation, 2014
- 31. | 31
- 32. | © 2015 CA. All rights reserved. All trademarks referenced herein belong to their respective companies. The content provided in this CA World 2015 presentation is intended for informational purposes only and does not form any type of warranty. The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA. For Informational Purposes Only Terms of this Presentation
- 33. | For More Information To learn more, please visit: http://cainc.to/Nv2VOe CA World ’15