World®’16
GatewayDeploymentScenariosandBestPracticesJamieWilliamsSeniorSoftwareEngineerCATechnologies
DO3X48E
DEVOPS
2 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
©2016CA.Allrightsreserved.Alltrademarksreferencedhereinbelongtotheirrespectivecompanies.
Thecontentprovidedinthis CAWorld2016presentationisintendedforinformationalpurposesonlyanddoesnotformanytypeofwarranty. The informationprovidedbyaCApartnerand/orCAcustomerhasnotbeenreviewedforaccuracybyCA.
ForInformationalPurposesOnlyTermsofthisPresentation
3 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Abstract
Inthissession,wewilllookatenterprisescenariosofdeployingyourCAAPIGateway.Wewillcoveron-premises,publiccloud,andPaaS/privateclouddeployment,andthedifferentformfactorsavailableforeach.
Thecomparisonofthevariousmodelsanddiscussionofrealworldexampleswillhelptheattendeeunderstandtheprosandconsofeach.Wewillalsolearnsomebestpracticesinimplementingsuchmodels.
JamieWilliamsCATechnologiesSeniorSoftwareEngineer
4 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Agenda
INTRODUCTIONTOTHECAAPIGATEWAY
GATEWAYDEPLOYMENTSCENARIOS
CHOOSINGAMODEL
1
2
3
REALWORLDEXAMPLES4
BESTPRACTICES5
5 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CAAPIGateway
§ EnablesenterprisestosecurelyexposeservicestoexternalclientapplicationsasAPIs.
§ Providesruntimecontroloverservice-levelauthentication,authorization,keymanagement,credentialing,integrity,confidentiality,schemavalidation,contentinspection,datatransformation,threatprotection,routing,protocolswitching,SLAenforcement,logging,andotherfunctions.
§ ActsasanintegrationpointforextendingexistingsecurityandmessageinfrastructuretoAPIs.
6 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CAAPIGateway
CAAPIGateway
EnterpriseDirectory
APIServer
SecurityBoundary
7 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
GatewayDeploymentScenarios
§ On-Premises
§ PublicCloud
§ PaaS/PrivateCloud
§ Hybrid
8 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
On-PremisesDeployment
§ HardwareAppliance
§ VirtualAppliance
§ DockerContainer
§ Software
9 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
On-PremisesDeployment
VirtualorHardwareAppliance
10 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
FormFactorOptionsforOn-PremisesDeployment
FORM FACTOR PROS CONS
Hardware • Best performance• Bestphysicalsecurity• Purposebuiltappliance• ThalesnCipher HSM
• Requiresrackspace• No hardwaremigration• Disasterrecovery
VirtualAppliance • Mobility• Scalability• Easeofdeployment• Disasterrecovery• Monitoringandmanagementtooling
• Reducedperformanceduetooverhead• Potentialresourcecontention• ESXhostmaintenance
Docker • Mobility• Scalability• Ease ofdeployment• Disasterrecovery• Simpleupgradestory
• Migration, monitoringandmanagementtooling/UI notasdevelopedasVMware
• Emergenttechnology
11 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
PublicCloudDeployment
§ AMI
§ Azure
§ Otherhosting
12 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
PublicCloudDeployment
APIs
AMI,Azure,Docker,etc.
13 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
PublicCloudDeployment
14 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
FormFactorOptionsforPublicCloudDeployment
FORM FACTOR PROS CONS
AMI • ManyGateway-friendlyservices• Goodmonitoring• Auto-scaling• RDS
• Matureplatform
• Expensive
Azure • Cheaper thanAMI• Goodmonitoring• Auto-scaling
• Relativelyfewservices• Windows-centric
15 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
PaaS/PrivateCloudDeployment
§ CloudFoundry
§ OpenShift
§ OtherPaaS
16 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
PaaS/PrivateCloudDeployment
DockerContainer
17 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ProsandConsofPaaS/PrivateCloud
PROS CONS
• Mobility• Scalability• Easeofdeployment• Disasterrecovery• Auto-scaling• Simpleautomatedupgradestory• Somehavegooddeployment,managementtooling
• Canbeveryopinionated/presecriptive• Often minimal ornoservices• Canhaveexpensivelicensesandsupportcontracts• Somehavelimitedorunfriendlytooling
18 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
HybridDeployment
§ Combinationofotherscenarios
19 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
HybridDeploymentExampleOn-premiseshardwarewithAmazonWebServices
AMI
HardwareAppliance
20 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ChoosingaModel
§ Performance
§ Latency
§ Uptime
§ Governance
§ TimetoMarket
Whatareyournon-functionalrequirements?
21 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ChoosingaModel
§ Sizeofdatacentre
§ Budget,capitalvsoperational
§ Departmentalsilos
§ Willyourcorporatelimitationsbechangingsoon?
§ Mightyouchangeyourmindaboutwhereaserviceisdeployed?
Whatareyourcorporatelimitations?
22 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
RealWorldExamples
§ On-premiseshardwareforTLS,AWSfornon-TLS(HTTP)traffic
§ On-premisesVMware,auto-scalinginAWSforpeaktraffic
§ FederatedGatewayclustersinseparateITinfrastructures
§ AzureforMicrosoftecosystemsupport
CAcustomers’Gatewaydeploymentscenarios
23 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
BestPractices
§ LoadBalancing
§ VMwarebestpractice
§ Performancetesting
24 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
LoadBalancing
§ Failover
§ Highavailability
§ Balanceload
§ Reduceoverloadingofindividualnodes
Whyimplementloadbalancing?
25 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
LoadBalancing
§ ChooseAffinityandBalancingalgorithmsappropriatetotheusercase
§ ConfiguretimeoutsforbothLoadBalancerandGatewayroutingappropriatetosystembehaviouratbusinesslevel
§ ConsiderSSLTermination
Realworldguidance
26 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
VMwareBestPractices
§ EnsureGatewayVMshavereservedmemoryandprocessors
§ DisableDRSorconfigureNodeAffinityforGatewayVMsonhypervisorclusters
§ DonotrunGatewayVMsonanovercommittedhost
§ Donotconfusehyperthreaded coresforphysicalcoreswhenallocatingprocessors
§ SizeGatewayVMssuitablyfortheusercase
Consistentperformancerequiresconsistentresources
27 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
PerformanceTesting
§ Networksubsystemsandback-endlatency
§ ConnectiontimeoutvsResponsetimeout
§ Concurrency&Keepalive
§ Synchronizationoftesting
§ LonglivedvsShortlivedrequests
§ Loadbalancing,errorcases,andlongerlastingeffects
Confoundingfactorstobemindfulof
28 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
RecommendedSessions
SESSION# TITLE DATE/TIME
DO3X47EVCAAPIGateway:DevelopingCustomPoliciestoSecureYourEnterpriseAPIs
11/14/2016at10:00am
DO3X49ECAAPIGateway:ManagingandmigratingGatewaypolicieswiththeGatewayMigrationUtility
11/14/2016at11:00am
DO3X52ECAMobileAppServices:BuildthePowerfulMobileAppEveryEnterpriseNeedsinUnderanHour
11/14/2016at1:00pm
29 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Questions?
30 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Thankyou.
Stayconnectedatcommunities.ca.com
@CAWORLD#CAWORLD ©2016CA.AllRIGHTSRESERVED.31 @CAWORLD#CAWORLD
DevOps– APIManagementandApplicationDevelopment
FormoreinformationonDevOps– APIManagementandApplicationDevelopment,pleasevisit:http://cainc.to/DL8ozQ
Top Related