A Distributed - Akamai · A Distributed Gateway at the Edge Unlock an API First Strategy with...
Transcript of A Distributed - Akamai · A Distributed Gateway at the Edge Unlock an API First Strategy with...
A Distributed Gateway at the EdgeUnlock an API First Strategy with Akamai’s distributed Gateway
About MeProduct Manager focused on Developer Experiences
APIs are Building Blocks for Modern Apps
And a critical component of distributed infrastructure needs
The way you deliver your API should be as decentralized as the way you build them
APIs Have Broad Challenges
Business
• Speed of innovation
• Service stability and performance
• Infrastructure costs
Developer
• Consistency of implementation
• Service boundaries
• Code bloat
• Deployment velocity
Architect
• Complexity and latency
• Scaling
• Service “stampede”
• Exponential endpoint growth and attack surface
Challenge with Traditional Gateways
LATENCYMANY HOPS
ORIGIN COSTS‘JUST A ROUTER’
SCALETRAFFIC OVERLOAD
DUPLICATE EFFORTSREGION BASED ZONES
INSTANT SCALE AT LOW COST
ONE GLOBALLY DISTRIBUTED ZONE
PROTECTION DEVELOPER PRODUCTIVITY
What makes Akamai’s distributed gateway unique?
NO SERVER OVERPROVISIONING
NOT JUST AN OVERLAY TO CLOUD ORIGIN
USAGE BASED SCALING
REDUCE LATENCY DUE TO CLIENT PROXIMITY
AVOID SINGLE POINT OF FAILURE
NO ADD-ON REGIONAL COSTS / EFFORTS
AUTHENTICATE, AUTHORIZE, THROTTLE
ENFORCE CONSUMPTION CONTRACTS
ENFORCE RULES AT EDGE
AUTOMATE API DEFINITION UPDATES
API/CLI PLUGS INTO CI/CD PIPELINE
An In-CDN API GW combines the best of both worlds
Protection from DDoS attacks, bots, and malicious traffic
GovernanceAPI GatewayEnsuring APIs are built for scale and consistency
Scalability you won’t outgrow
SecurityKSD & Bot Manager Protect the enterprise from attacks prior
to invoking anything in a trusted zone.
Enforce runtime policies to drive consumption of business assets securely and easily.
APIs drive – and are the weakest link in – critical business transactions. A distributed gateway is key to unlocking potential without compromise
DeliveryIon Provide consistency of experience to
more users with less infrastructure
API GW is a critical component of Akamai’s API Platform
Five scenarios where the API Gateway is really powerful
1. API Protection2. Scaling Microservices3. Scaling for Peak Consumption4. Integrating with Partners5. Data regulations and Compliance
1. API Protection - The Challenge
“My API AuthN and AuthZ policies often kick in too late, after my origin is already overwhelmed”
DDoSProtection
Authentication& authorization
SCALEPROTECT GOVERN
BotServerApp AttackerBrowser
Edge platform
1
Service Service
Data center Cloud data center
Service
JSON/XML
GraphQL/REST
Data aggregation& analysis
API Query Constraints
Reputation Control
WAF Rule Inspection
Edge caching
SIEM Connector
2 3 4 7 8
SSL/TLS encryption
6
Legitimate Traffic Malicious Traffic
5 9
Use Case 1:API Protection
Check Out
API Keys
JWT
OAuth
2. Scaling Microservices - The Challenge
“My API resources look like they are developed by 20 different companies, but consistency comes at the expense of speed and catering to unique needs”
SCALEGOVERN
Resource levelCaching
Developer Agility
Resource specificthrottling & quota
AuthN & AuthZ
DDoS& WAF
PROTECT
JSON/XML
GraphQL/REST
BotServerApp AttackerBrowser
Edge platform
2 3
ServiceServerless
Service
Data center Cloud data center
Managed Cluster
41
Load balancing
6 7
App LayerProtection
5
Route optimization
Use Case 2:Scaling Microservices
Check Out
Swagger/RAML Definition imports
CLI/API
Resource Level Caching
3. Scaling for Peak Consumption - The Challenge
“Peak traffic periods give me nightmares –that’s when the stakes are the highest. Low performing APIs can lead to downtime, loss of revenue, and damage my brand value ”
DDoS& WAF
Authentication& Authorization
Edge caching
JSON/XML
SCALEPROTECT
GraphQL/REST
GOVERN
BotServerApp AttackerBrowser
Edge platform
2
3
Route optimization
Bot management
Performance load testing
Service Service
Data center Cloud data center
Service
4
Throttling & quotas
5
Real-time dashboards
Data aggregation& analysis
1
APIprioritization
8
Layer 7 routing & balancing
6 7
Use Case 3:Scaling for PeakAPI Consumption
Check Out
Resource & key level Throttling
Real Time Dashboards
GraphQL Caching
4. Integrating with Partners – The Challenge
“APIs drive huge business value through my many partnerships. But ensuring partners stay within their specific contracted limits is critical to ensure stability for all consumers”
DDoS& WAF
AuthN & AuthZ
Edge caching
JSON/XML
SCALEPROTECT
GraphQL/REST
GOVERN
BotServerApp AttackerBrowser
Edge platform
2 3
Service Service
Data center Cloud data center
Service
Partner specificThrottling & quota
Real-time log delivery
Data aggregation& analysis
1
SSL/TLSencryption
5
Network layer security
Application layer security
4
Use Case 4:Integrating with Partners
Check Out
Resource level Quotas
5. Data Regulations and Compliance - The Challenge
“Regulations such as PSD2 foster innovation but require exposing sensitive data to external entities. Adhering to these without compromising speed or security is scary”
DDoSProtection
Authorization(OAuth/OIDC, JWT, Keys)
SCALE
PROTECT
GOVERN
BotServerPartner Client API
AttackerBrowser
Edge platform
Service Service
Data center Cloud data center
Service
JSON/XML
GraphQL/REST
Data aggregation& analysis
Network LayerProtection
App LayerProtection
Edge caching
Real-time data logs
2
5 6
SSL/TLS encryption
4
Legitimate Traffic Malicious Traffic
1
Secure App Access
3Identity Cloud DB
AUTHN AUTHZ
Use Case 5:Data Regulations& Compliance(Open Banking, PSD2)
Check Out
OIDC / Interopertaibility with Akamai Identity Cloud
TLS encrypted network
Try it Out for Free or Learn More!