Más contenido relacionado La actualidad más candente (18) Similar a API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration Services, Adobe - Layer 7 User Conference Palo Alto (20) Más de CA API Management (20) API Roles In Cloud and Mobile Security - Greg Olsen, IT Manager, Integration Services, Adobe - Layer 7 User Conference Palo Alto1. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
1 Copyright © 2013 CA. All rights reserved.
API Roles in Cloud and Mobile Security
Greg Olsen, IT Manager, Integration Services
2. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
2 Copyright © 2013 CA. All rights reserved.
Problem Statement
Service Gateway
API Portal
Current Condition
Q&A
Agenda
3. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
3 Copyright © 2013 CA. All rights reserved.
Problems
Getting on the same page
4. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
4 Copyright © 2013 CA. All rights reserved.
Problem Statement 1: Insufficient capabilities allowing for service
exposure and integration with customers, partners, external service
providers, and applications residing outside our internal security
domain (e.g., Amazon). Missing capabilities include consistent
application of security policy, SLA management and
enforcement, and easily usable administration interfaces.
Problem Statement 2: Need a central discovery method for all
enterprise APIs. Missing capabilities include metrics and
documentation.
Problem Statments
5. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
5 Copyright © 2013 CA. All rights reserved.
The project which drove the Service Gateway Project: Manager’s Hub
1200 managers within Adobe
Need to approve invoices/sick leave/sabbatical forms/offer letters/etc. from
internal applications (SAP) to SaaS services
The Manager’s Hub allows approvals to be done via smart phones, tablets
and desktops – a mobile strategy
Second driver: SAP Hana Project
Implement 16 new services within Adobe and with select external vendors
Roll out on June 22, 2012
Deployed Development, Non-prod and Production in May 2012
Deployed first set of services into Production in June 2012
Problem 1 Solution: Service Gateway
November 2011 until June 2012
6. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
6 Copyright © 2013 CA. All rights reserved.
Service Gateway: Business Capabilities &
Benefits
Capability Area Capability Description Business Benefits
Policy • Consistent service based policies across
the enterprise
• Ability to customize policies to meet
changing or unique requirements
• Creation, deployment and enforcement
Ability to provide a more
predictable and reliable level of
service for key business functions
Service Level • Service Performance
• Throughput, Availability and Utilization
Tracked over Time
• Enforce established SLAs
• Rate limiting to protect backend services
Visibility to service performance
measures allowing the business
to track how well SLAs are being
met
Security • Authentication and Authorization (OAuth,
SAML)
• Denial of Service Detection
• Encryption
• XML attack and intrusion prevention (i.e.,
nesting, injection)
Protection of key resources
through the use of state of the art
security mechanisms
Deployment • Virtual appliance (VMware, Amazon AMI,
etc.)
• Hardware based appliance
• Relevant to our current environments
Leverages existing investments
and allows for expansion into
new environments where
services are being developed
7. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
7 Copyright © 2013 CA. All rights reserved.
Integration Principles, Technologies, Services and Tools
REST, JSON, oAuth, SAML, X.509 Certs, PKCS, PCI-DSS, TLS, EDIINT (AS2), EDIFACT, ANSI
X.12, SFTP, HTTP/HTTPS, XML, Xpath, XML Schema, XSLT, SOAP, WS-Security, WS-
Trust, WSDL, WS-Policy, JMS
TIBCO BW TIBCO EMS
web
Methods
Informatica
SAP PI
Tumble
weed
Corticon
PGP
Apache CXF
7
Support
Forum
Self-Service
Portal
Online
Training
Virtual Dev
Lab
Service
Composition
Advanced
Messaging
Database
Integration
Event
Processing
Distributed
Cache
Managed File
Transfer
Service
Access &
Governance
B2B
Integration
Business
Rules Mgmt
Loose Coupling, Simplicity, Service Orientation, Global Access, Cloud
Capable, Reusability, Reliability, Transparency
Enabling
Standards and
Technologies
Products
iPaaS Services
iPaaS Tools
(Self Service)
Architecture
Principles
Layer 7
Gateway
Layer 7
API Portal
8. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
8 Copyright © 2013 CA. All rights reserved.
Service Gateway Use Cases: Priorities
Use Case Use Case Use Case
* REST to SOAP
Mediation
Apply Policies Based on
Message Data
* Resiliency
Cross-Domain Service
Mediation
Dynamic Endpoint Lookup * Scalability
* Authentication and
Authorization
Distributing Policies to
Service Gateway
Load Balancing
* Logging and Auditing Service Level
Management
SSL Offload
* Unexpected Velocity of
Transactions
Monitoring Health of the
Service Gateway
* Required – all else is a must have but can initially live without
9. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
9 Copyright © 2013 CA. All rights reserved.
The Gateway is faster at processing than the software in the
backend – be prepared to throttle back the velocity of data!
Some authentication models may not be approved for use by your
security teams
Today, we use IMS or SSO tokens and validate against IMS or OpenAM
server
Originally, we wanted to use oAuth
Speed of adaption
Originally we thought we’d have at least one year to ramp up
Once it went live, EVERYONE wanted to use it
Our current volume is higher than we thought we’d be after one year –
plan for rapid adaption
Concerns and Caveats
Service Gateway
10. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
10 Copyright © 2013 CA. All rights reserved.
Require a single location to find all the APIs flowing through the Service
Gateway
Track usage of the APIs
Discovery of reusable APIs
Documentation
Sample code
Problem 2 Solution: API Portal
From April 2012 to August 2012
11. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
11 Copyright © 2013 CA. All rights reserved.
API Portal
12. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
12 Copyright © 2013 CA. All rights reserved.
Enterprise APIs
1. Publish & Secure APIs 2. Onboard Developers
3. Monetize your APIs Developer
Technical/Security Architect
Web Administrator
Business Manager
4. Close the Loop
API Portal
API Portal: Part of Layer 7’s Turnkey Solution
13. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
13 Copyright © 2013 CA. All rights reserved.
All want the benefits of the portal but not the work
Documentation needs to be completed according to templates we’ve
shared
Most teams do not want “another set of templates” even though the value
is clear
Adaption is slower than anticipated
Reticence by some of our business units to use an IT-owned and
operated application
Concerns and Caveats
API Portal
14. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
14 Copyright © 2013 CA. All rights reserved.
Developers look to off-load security work to the Service Gateway for
all their APIs – can’t keep up with demand!
InfoSec looks to the Service Gateway to ensure data is compliant
with internal policies
Network Security looks to the Service Gateway to monitor attacks
from the outside (we get scanned for vulnerabilities about once
every 3 days)
Statistics after one year (ahead of forecast):
Today
Ave. Calls Per
Minute/Hour
95/5700
Max Calls Per Minute/Hour 907/54,420
Total Number of APIs 29
Number of BUs 7
15. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
15 Copyright © 2013 CA. All rights reserved.
Had two problems to solve: a central gateway for all services and
APIs and a central registry for all those services and documentation
Caveats
Agreements by all (security and application owners) prior to production
roll-out
General agreements by all developers to use API Portal
Summary: A Few Words to Remember
16. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
16 Copyright © 2013 CA. All rights reserved.
Q&A