apiGrove

COPYRIGHT © 2012 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

apiGroveAn Open Source API Management EnginePresented by Greg Thompson (@gmthomps), Head of Architecture, Applications Enablement Solutions

Alcatel-Lucent

October 2012


2

WHY OPEN SOURCE?


3

• Open source software powers the core of cloud and web services

• Drives standardization and allows the industry to contribute in the development process

• Allows apiGrove roadmap to go in directions ALU alone may not have taken it

• Developers are free to participate in helping set the future direction of the software and optimize it to meet their specific business needs and timelines.

• Alcatel-Lucent will continue to be a lead contributor to the apiGrove open source initiative as API management remains a key tenet of the company’s Open API Platform. Alcatel-Lucent will continue to make new capabilities available as part of its commercial API offer and at the same time, actively leverage the efforts of open source software developers worldwide.

apiGroveWhy Open Source?


4

apiGrove INTRODUCTION


5

apiGroveHigh-Level Features & Architecture

SCALE Multiple deployment models

Load balancing

High availability

Caching

METER API caller authorization

API usage quotas & rate limits

Transaction data records

PROTECTHTTPS termination (1-way / 2-way)Authentication

Threat protection

MANAGE API onboarding / routes definitionRESTful APIs for every feature

apiGroveTDRsRESTfu

l API

REST, SOAP, HTTP(S)

Clients

(browser, mobile app, backend

server)

Your provisioning frontend

(Sample Drupal modules

available)

Targets

(e.g. your internal

API / app server)

REST, SOAP, HTTP

Your analytics system

(or Alcatel-Lucent’s

commercial Reporting &

Analytics solution)


6

• Code on github

• 100% Java

• Relies on open source middleware

• Fuse ESB (Apache ServiceMix, Apache Camel, Apache CXF, Apache Karaf)

• Jetty

• Hazelcast

• Tested on Red Hat Enterprise Linux 5.8, but also known to work on other Linux distributions (e.g. CentOS)

apiGroveShow Me the Code


7

apiGroveFreemium Business Model

• apiGrove = Open Source version• Licensed under Apache v2 terms

• Project to be publicly announced in September

• Premium API Management Engine = Commercial version• Same code base as apiGrove

• Additional features: Security (XML/WSDL validation), Rate limit accuracy in cluster (Speaker Manager), SNMP

• Support and professional services by Alcatel-Lucent (bug fixes, custom integration)

• Optionally integrated within Alcatel-Lucent’s Open API Platform :

• Service Composition Framework (orchestration framework and value-added services: SMS, Location, Device Capabilities, and more)

• Reporting and Analytics (data mining on API usage)

• Business Management Suite (monetization model for APIs and associated workflow)

• Provisioning and management system (web frontend, management interface, directory)


8

apiGrove Release v1Free v. Premium Features Comparison

apiGrove Premium API Management Engine

SCALEAPIs to 1000s TPS

• Clustering with load balancing• Caching of policy data• Dual-site operation

• Heartbeat mechanism with southbound services

• Integration with Alcatel-Lucent’s Service Composition Framework

METERAPI usage for monetization

• Flexible model for quotas/rate limits (per API, per App, per Group)

• API usage TDRs • Thresholds & warning TDRs• Custom TDR fields

• Quotas/rate limits sync in cluster (speaker manager)

• Integration with Alcatel-Lucent’s reporting & analytics

PROTECTAPIs from threats

• HTTPS (1-way / 2-way TLS)• AuthN: IP whitelist, AuthKey, HTTP Basic,

WSSE username profile• REST methods filtering

• XML / SOAP Validation• WSDL or XSD Validation• Integration with Alcatel-Lucent’s Authorization

Server for oAuth 2.0

MANAGESystem and APIs

• Provisioning and admin through RESTful API

• Sample web UI for standalone deployment• Basic header transformations

(add/remove)• Software install verified on RHEL5.8

• SNMP KPI reporting • Provisioning through Alcatel-Lucent’s OAP


9

apiGroveTimeline for contributions

Q3’12

Q4’12

Q1’13

Q2’13

Sept’12apiGrove

initial release

Community contributions(enter into Apache incubation)

Dec’12Premium AME(commercial)

v5.0

Apr’13Premium AME(commercial)

v6.0

Goal is to integrate external

contributions in monthly sprint

drops


10

apiGroveFeatures Backlog

SCALEAPIs to 1000s TPS

• More characterization tests• Performance optimizations

METERAPI usage for control and monetization

• ASN.1 format for TDRs• Calendar-based quotas and rate limits

PROTECTAPIs from threats

• HTTP Digest authentication• WSSE X509 authentication• OpenStack ID authentication• HTTPS support southbound• Support 3rd-party oAuth Authorization

Server• JSON payload validation• WADL validation• Header injection protection

MANAGESystem and APIs

• Installers for other OSes (e.g. CentOS)• Forward Proxy mode support• SOAP/JSON Exceptions• More logs• Encrypted logs• Plugin modules for transforms• Web UI themes (drupal)• Web UI improvements (e.g.

internationalization)• Cluster management UI• Elastic scaling recipes

We welcome contributions for these and more


11

DEMO


12

• apiGrove Home Site http://apigrove.net

• Forums, information

• apiGrove GitHub http://github.com/apigrove/apigrove

• Source code and binary downloads

• Follow @apiGrove on Twitter

• This slide deck http://www.slideshare.net/gmthomps/apiGrove

apiGroveKey Links

http://apigrove.net/

http://apigrove.net/

http://github.com/apigrove/apigrove



http://www.slideshare.net/gmthomps/apiGrove




13

THANK YOU ! … Q&As


14

apiGrove

Technology

Transcript of apiGrove