2. Please Note
IBM’s statements regarding its plans, directions, and intent are subject to change
or withdrawal without notice at IBM’s sole discretion.
Information regarding potential future products is intended to outline our general
product direction and it should not be relied on in making a purchasing decision.
The information mentioned regarding potential future products is not a
commitment, promise, or legal obligation to deliver any material, code or
functionality. Information about potential future products may not be incorporated
into any contract. The development, release, and timing of any future features or
functionality described for our products remains at our sole discretion.
Performance is based on measurements and projections using standard IBM
benchmarks in a controlled environment. The actual throughput or performance
that any user will experience will vary depending upon many factors, including
considerations such as the amount of multiprogramming in the user’s job stream,
the I/O configuration, the storage configuration, and the workload processed.
Therefore, no assurance can be given that an individual user will achieve results
similar to those stated here.
3. Designing for a robust Digital Strategy?
• IT strategies treat technology in
isolation.
• Silo’ed Approach — on a cloud strategy,
social strategy, or mobile strategy.
• Meaningful solutions - seek pervasive
digital connections in which the
individual technologies (cloud, near
field communications, mobile, big data,
etc.)
• Aim - to deliver an experience that looks
and feels an awful lot like our natural
behavior.
• Rich Interactions - more connections
between people, places, information,
and things (aka digital density), the
more customers can interact with
companies and each other in a seamless
and satisfying way.
• Is your Enterprise Design ready for
This?
IT strategy does
not equate to a
digital strategy.
Why?
4. Why do YOU need a mobile application strategy aligned to
API management?
Why API Management
• API Management provides companies with the tools for creating,
proxying, assembling, securing, scaling and socializing web APIs.
Mobile Platform
• Cross-platform mobile application development, based on open
standards
• Rich application functionality to access full device capabilities and
facilitate key business capabilities such as secured data access, offline
working, and geo-location services
• End to end integrated security lifecycle from device, over the wire, to
the data centre with user, application and device authenticity testing
• Cross-platform automated functional testing
• Application center app store for application distribution to the enterprise
and partners
5. Agenda
Explosion in Mobile Adoption
Drivers – API Economy
API First Mobile Strategy
Design for Digital Strategy
6. Mobile Adoption Continues to
Explode
1 Trillion
Connected
Devices
2013 2014 2015
5.6
Billion
Personal
Devices
Sold
41% CAGR
Wearable
Wireless
Devices
7. Organizations must restlessly re-invent…
… and customer experience must be personal and
immediate
• Outpace existing – and emerging – competitors
• Deliver ever more engaging customer experience
• Continuously learn how to improve and anticipate shifts
• Re-invent and enhance experience
8. A new Mobile Era, We Have Moved From…
Reactive security
Rigid infrastructure to
Structured data to
Millions of PCs to billions of mobile devices
massive amounts of unstructured data
Intelligent, proactive protection
an elastic cloud infrastructure
Single transactions to personalized engagement
Static applications to dynamic compos-able services
9. So what is changing the Landscape?
New business models and paradigms
Drivers
Social Media goes
mainstream
• Everyone wants to be on
Facebook/linkedin etc
• Every solution is
compared to scalability
and availability like social
networks
• Capitalize on ‘perceived’
new markets on social
network.
Emerging
Channels of
commerce
• New breed of personal
devices
• Speed of commerce
• Low tolerance for ‘slow’
experience
Proliferation of ‘smart’
phones - Mobility
• Defining new engagement
Models
• Exponential growth of
Mobile Devices
• New System of
Engagements
• Emerging markets – New
Platforms
Globalization!!
• Single market for
everything
• Everything is linked
10. The Goal: Becoming a Composable Business
• Dynamic, flexible, responsive, agile
• Built on blocks of capability that can be rapidly changed
• Driven by analytics of real-time data
11. The Business of APIs
Grow revenues…Grow revenues…
…… While reducing overheadWhile reducing overhead
“$7bn worth of items on eBay through APIs”
Mark Carges (Ebay CTO)
The API which has easily 10 times more traffic then the
website, has been really very important to us.”
Biz Stone (Co-founder, Twitter)
“The adoption of Amazon’s Web services is
currently driving more network activity then
everything Amazon does through their
traditional web sites.”
Jeff Bar (Amazon evangelist) / Dion Hinchcliffe
(Journalist)
stores (800) ###s web sites
Not having an API today is like notNot having an API today is like not
having a website in the 1990s…having a website in the 1990s…
11
13. What is a Business API?
A Business API is a public persona for an enterprise; exposing defined assets,
data or services for public consumption
A Business API is simple for app developers to use, access and understand
A Business API can be easily invoked via a browser, mobile device, etc.
What Value Does a Business API Provide?
Extends an enterprise and opens new markets by allowing external app
developers to easily leverage, publicize and/or aggregate a company’s
assets for broad-based consumption
What “assets, data or services”
are exposed via a Business API?:
Product catalogs
Store listings
Order status
Inventory
Social interaction
Business API = Productized Service
App Developer
13
14. Example: APIs creation extends services
14
“Better Bank’s” comprehensive API strategy reaches customers
through new channels
External Developers
• Lending Rates API
• Deposit Rates API
• Neighborhood Data API
• Demographics API
Local Real Estate
Aggregator App
15. Example: APIs consumption powers high-value
applications
15
“Better Bank’s” comprehensive API improves employee
productivity
Internal Developers
• Customer Profile API
• Risk Score API
• Valuation API
• Property Details API
• Mortgage API
Loan Origination /
Processing Application
• Credit Pre-qualification API
• Application Submission API
16. Mobile applications use APIs from developer portals
Explore API documentation
Interactively exercise APIs
17. Spectrum of mobile app development approaches
Web-native continuumWeb-native continuum
• HTML5, JS, and
CSS3 (full site or
m.site)
• Quicker and
cheaper way to
mobile
• Sub-optimal
experience
• HTML5, JS, and
CSS
• Usually
leverages
Cordova
• Downloadable,
app store
presence, push
capabilities
• Can use native
APIs
• As previous
• + more
responsive,
available offline
• Web + native
code
• Optimized user
experience with
native screens,
controls, and
navigation
• App fully
adjusted to OS
• Some screens
are multi-
platform when
makes sense
• App fully
adjusted to OS
• Best attainable
user experience
• Unique
development
effort per OS,
costly to
maintain
HybridPure web Pure native
Mobile
web
site
(browser
access)
Mobile
web
site
(browser
access)
Native
shell
enclosing
external
m.site
Native
shell
enclosing
external
m.site
Pre-
package
d HTML5
resources
Pre-
package
d HTML5
resources
HTML5
+ native
UI
HTML5
+ native
UI
Mostly
native,
some
HTML5
screens
Mostly
native,
some
HTML5
screens
Pure
native
Pure
native
18. Connecting APIs to Mobile Devices (1 of 2)
API services based upon HTTP/REST/JSON provide lightweight, standard
approach to integrate with backend services
Mobile application frameworks provide frameworks to invoke API services
• IOS: NSURLConnection
• Android: HttpURLConnection
• Javascript: dojo.xhr/jquery.ajax
API
API
API
Jane
SDKs
19. Connecting APIs to Mobile Devices (2 of 2)
Mobile applications invoke API services asynchronously
Mobile application frameworks provide ‘callbacks’ to trigger logic once
a certain action is performed
• Does not block the user from performing other actions
Mobile applications must be design to handle cases where API
services are slow to respond
• Multiple API calls may be triggered concurrently
20. What about security and integration?
Connecting Mobile applications to API services is easy with the right
framework … but there are several other considerations
Security
• How do I access a protected API service securely and manage
session information
• How can I ensure an API service conforms to a “contract”
Integration
• Mobile application logic requires transformation/filtering logic
• Connect to non-HTTP protocols such as MQ securely
21. Cannot always trust your APIs!
API responses may not define an explicit schema
• Developer portals provide sample responses but no “contract”
to guarantee structure and data types
• Ensure responses do contain malicious data that allows
sensitive information to be comprimised
Mobile client authentication
• Leverage external security service to authenticate and
authorize user credentials
• Do no hardcode any security credentials
Trusting enterprise mobile application
• Use Mobile device management solution (Worklight) to ensure
application is trusted when connecting to enterprise API
services
22. Secure Mobile applications
DataPower deployed in the DMZ is the first level of security for
access control, threat protection, and data validation
Increased awareness of mobile security
• Mobile traffic enters corporate network through the DMZ from
the Internet
• Security teams have less control over devices accessing the
corporate network
Security is about defense-in-depth
• Several levels of defense required to provide a security
solution
Identity & Access
Management
Threat
Protection
Data Security
23. Integration Mobile applications to existing infrastructure
Mobile applications still require access to existing enterprise
services that are not based upon REST/JSON/HTTP standards
Avoid client-side ‘integration’ logic
• Example: message transformation/filtering, non-HTTP
interaction, etc..
HTTP(s)
FTP(s)
SFTP
WebSphere
MQ, MQ FTE
WebSphere
JMS
Database
DB2, SQL Server,
Oracle, Sybase,
TIBCO
EMS
IMS NFS
24. Mobile security and integration gateway - Optimize
and Control
Mobile gateway provides security and integration
capabilities combined that optimize and control
mobile traffic
Optimize – Decrease response time and
intelligently distribute load?
• Intelligent load balance to Worklight server
deployed on WebSphere Application Server ND
• Decreased response time provides better user
experience and interaction with application
conserving battery power and enabling data
access in bandwidth sensitive locations
Shape mobile traffic based on service level
agreements, and route based on message content
• Manage traffic from Mobile applications, providing
different QoS to protect your services and
applications from over-utilization and enforce
quota
Control
Optimize
25. Mobile integration using IBM API Management
• DataPower is a component of the IBM Web API solution providing runtime
access to Web API from Mobile applications
− DataPower intelligently routes traffic to either the Worklight server or Web API
service provider
− IBM API Manager provides central point for exposing and documenting the
available APIs
− Analytics Module provides storage for system-wide API metrics
Web API Traffic (REST)
JSON or XML / HTTP(s)
Mobile Consumer
IBM DataPower Gateway
DMZ Secure
Web API Service
Provider
API Developer
Management Node Hypervisor
Security Gateway
Analytics Hypervisor
WL App
Analytics traffic
Web APIIBM API Manager
28. API Management Resources
Product Page
• ibm.com/apimanagement
API developer community
• developer.ibm.com/apimanagement
Twitter
• @ibmapimgt
YouTube Channel
• youtube.com/ibmapimanagement
Slideshare
• slideshare.net/ibmapimgmt
Speaker Deck
• speakerdeck.com/ibmapimgmt
28
29. Pitney Bowes, a global leader in software innovations,
and mailing and shipping solutions, powers billions of
transactions in modern commerce
“Pitney Bowes location-based
services on IBM BlueMix will allow
innovators and developers to
seamlessly extend their products
and services to the cloud and mobile
devices.”
-Roger Pilc, Chief Innovation Officer,
Pitney Bowes ..
30. Codename: BlueMix
Delivering a Composable Services development environment
Run Your Apps
The developer can chose any language runtime or
bring their own. Just upload your code and go.
DevOps
Development, monitoring, deployment and
logging tools allow the developer to run the
entire application
APIs and Services
A catalog of open source, IBM and third party
APIs services allow a developer to stitch
together an application in minutes.
Cloud Integration
Build hybrid environments. Connect to on-
premises systems of record plus other public and
private clouds. Expose your own APIs to your
developers.
Built on IBM SoftLayer
Runs automatically on top of IBM’s leading
infrastructure as a service. No need to worry
about provisioning or managing infrastructure.
31. Api mgmt– Generic APIsApi mgmt– Generic APIs
WL
App-specific APIs
WL
App-specific APIs
AdapterAdapter MgmtMgmt
Backend
Service
Backend
Service
App1App1 App2App2 App nApp nPartnersPartners
3rd
Party
3rd
Party
ADAD
Worklight server responsibility
1.Security lifecycle
• App authentication
• Multi-factor auth
• Device SSO and secured access
• Offline auth
2.Simplified data access API manages
• Connectivity
• Data transformation (REST)
• Offline working with optional
synchronisation
• Security integration
• Mobile service layer owned and shaped
by app dev team
3.Application management (does not
require footprint on device)
• App Center application distribution
• Direct app update
• Remote app disable
4.Operational control
• Application analytics
• Consolidated logging
API mgmt responsibility (in mobile context)
1.Stable API layer – Governance owned by central
architecture
2.Multi-channel access
3.Mediation to data sources
4.Security?
Architecture Option 1 – Use Worklight for app management
and data access
32. Api mgmt– Generic and App-specific
APIs
Api mgmt– Generic and App-specific
APIs WLWL MgmtMgmt
Backend
Service
Backend
Service
App1App1 App2App2 App nApp nPartnersPartners
3rd
Party
3rd
Party
ADAD
Worklight server responsibility
1.Security lifecycle
• App authentication
• Multi-factor auth
• Device SSO and secured access
• Offline auth
2.Simplified data access API manages
• Connectivity
• Data transformation (REST)
• Offline working with optional
synchronisation
• Security integration
• Mobile service layer owned and shaped
by app dev team
3.Application management does not
require footprint on device
• App Center application distribution
• Direct app update
• Remote app disable
4.Operational control
• Application analytics
• Consolidated logging
API mgmt responsibility (in mobile context)
1.Stable API layer and App-specific requirements
2.Multi-channel access
3.Mediation to data sources
4.Secured data access
Architecture Option 2 – Use Worklight for app management
33. Architecture Option 1 – Use Worklight for app management and data
access
Pros
ApiMgmt API layer can focus on
providing generic APIs with well-defined
and stable lifecycle
WL developers can provide their own
integration to meet their app-specific
requirements and iterate as required for
app improvements. All data requests
still ultimately go through single API
layer
WL infrastructure can manage full
security lifecycle
Make full use of WL developer APIs
for improved productivity
Option for app developer to make
use of server-side processing
Cons
Extra hop in network (can be
mitigated by reduced data and calls)
WL is additional component that
needs to be sized and managed for
throughput – option for managed
service?
34. Architecture Option 2 – Use Worklight for app management
Pros
All data access goes directly through
ApiMgmt API layer
Reduction in network hops
Cons
Developer needs bespoke app-side
development to handle
• Integration with API mgmt security
lifecycle
• Connectivity
• Any data transformation needed
If any app-specific APIs are being
provisioned on ApiMgmt, needs to be
done by different team and iterative
development needs to match that of
mobile application
Over the next five years, the total market for wearable wireless devices in sports and healthcare will grow to 169.5 million devices in 2017, up from 20.77 million in 2011, a CAGR of 41%.
Welcome everyone. Thanks so much for taking time today to join us and learn more about the mobile industry and our recent announcements around our IBM MobileFirst portfolio. I’m thrilled at the lineup of speakers we have for you today, including a distinguished customer, business partner and analyst. First though, I want to briefly paint a picture for you on the state of mobile.
What a truly exciting time it is. We’re entering a new era in the core model of computing… following two prior generations. The first started in the late 19th century with the theory of basic tabulation seen in payroll or inventory information such as the census. Machines automated accounting and the back office began to transform. The second generation, starting in the 1950s brought about programmable computers. Machines that could be told what to do where they could perform multiple tasks, see relationships in data, and support transaction processing such as banking, airline reservations, ATMs and everything we know today as Enterprise Resource Planning. And while the form factors underwent radical changes … from mainframes to PCs to tablets … game devices … smart phones … they were all continuations of programmable computing. Coming next, and some argue has already arrived, are computing systems that go beyond what they are programmed to do. Systems that truly enable us to transact in motion.
In addition to the SoE discussion we’ve had today, it’s important to note that SoR will continue to be important for many applications. Our goal is to continue to provide the middleware that supports reliable Systems of Record, to build a platform for rapidly building Systems of Engagement, and to provide tools that integrate the two environments. This is where products like WMB, DataPower, WAS and MQ will continue to provide value for our customers.