The session will enable you to understand what roles APIs play in any move to the cloud or for mobility. The presentation is NOT about technology but focuses on the decisions and considerations necessary to develop these APIs. You will also learn about some of the security “got ya’s” which you should avoid! Learn about decisions which were necessary for my company to pursue an API strategy through the Service Gateway – learn from our mistakes and come up with solid decisions for your implementation.

1. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
1 Copyright © 2013 CA. All rights reserved.
API Roles in Cloud and Mobile Security
Greg Olsen, IT Manager, Integration Services

2. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
2 Copyright © 2013 CA. All rights reserved.
 Problem Statement
 Service Gateway
 API Portal
 Current Condition
 Q&A
Agenda

3. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
3 Copyright © 2013 CA. All rights reserved.
Problems
Getting on the same page

4. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
4 Copyright © 2013 CA. All rights reserved.
 Problem Statement 1: Insufficient capabilities allowing for service
exposure and integration with customers, partners, external service
providers, and applications residing outside our internal security
domain (e.g., Amazon). Missing capabilities include consistent
application of security policy, SLA management and
enforcement, and easily usable administration interfaces.
 Problem Statement 2: Need a central discovery method for all
enterprise APIs. Missing capabilities include metrics and
documentation.
Problem Statments

5. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
5 Copyright © 2013 CA. All rights reserved.
 The project which drove the Service Gateway Project: Manager’s Hub
 1200 managers within Adobe
 Need to approve invoices/sick leave/sabbatical forms/offer letters/etc. from
internal applications (SAP) to SaaS services
 The Manager’s Hub allows approvals to be done via smart phones, tablets
and desktops – a mobile strategy
 Second driver: SAP Hana Project
 Implement 16 new services within Adobe and with select external vendors
 Roll out on June 22, 2012
 Deployed Development, Non-prod and Production in May 2012
 Deployed first set of services into Production in June 2012
Problem 1 Solution: Service Gateway
November 2011 until June 2012

6. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
6 Copyright © 2013 CA. All rights reserved.
Service Gateway: Business Capabilities &
Benefits
Capability Area Capability Description Business Benefits
Policy • Consistent service based policies across
the enterprise
• Ability to customize policies to meet
changing or unique requirements
• Creation, deployment and enforcement
Ability to provide a more
predictable and reliable level of
service for key business functions
Service Level • Service Performance
• Throughput, Availability and Utilization
Tracked over Time
• Enforce established SLAs
• Rate limiting to protect backend services
Visibility to service performance
measures allowing the business
to track how well SLAs are being
met
Security • Authentication and Authorization (OAuth,
SAML)
• Denial of Service Detection
• Encryption
• XML attack and intrusion prevention (i.e.,
nesting, injection)
Protection of key resources
through the use of state of the art
security mechanisms
Deployment • Virtual appliance (VMware, Amazon AMI,
etc.)
• Hardware based appliance
• Relevant to our current environments
Leverages existing investments
and allows for expansion into
new environments where
services are being developed

7. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
7 Copyright © 2013 CA. All rights reserved.
Integration Principles, Technologies, Services and Tools
REST, JSON, oAuth, SAML, X.509 Certs, PKCS, PCI-DSS, TLS, EDIINT (AS2), EDIFACT, ANSI
X.12, SFTP, HTTP/HTTPS, XML, Xpath, XML Schema, XSLT, SOAP, WS-Security, WS-
Trust, WSDL, WS-Policy, JMS
TIBCO BW TIBCO EMS
web
Methods
Informatica
SAP PI
Tumble
weed
Corticon
PGP
Apache CXF
7
Support
Forum
Self-Service
Portal
Online
Training
Virtual Dev
Lab
Service
Composition
Advanced
Messaging
Database
Integration
Event
Processing
Distributed
Cache
Managed File
Transfer
Service
Access &
Governance
B2B
Integration
Business
Rules Mgmt
Loose Coupling, Simplicity, Service Orientation, Global Access, Cloud
Capable, Reusability, Reliability, Transparency
Enabling
Standards and
Technologies
Products
iPaaS Services
iPaaS Tools
(Self Service)
Architecture
Principles
Layer 7
Gateway
Layer 7
API Portal

8. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
8 Copyright © 2013 CA. All rights reserved.
Service Gateway Use Cases: Priorities
Use Case Use Case Use Case
* REST to SOAP
Mediation
Apply Policies Based on
Message Data
* Resiliency
Cross-Domain Service
Mediation
Dynamic Endpoint Lookup * Scalability
* Authentication and
Authorization
Distributing Policies to
Service Gateway
Load Balancing
* Logging and Auditing Service Level
Management
SSL Offload
* Unexpected Velocity of
Transactions
Monitoring Health of the
Service Gateway
* Required – all else is a must have but can initially live without

9. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
9 Copyright © 2013 CA. All rights reserved.
 The Gateway is faster at processing than the software in the
backend – be prepared to throttle back the velocity of data!
 Some authentication models may not be approved for use by your
security teams
 Today, we use IMS or SSO tokens and validate against IMS or OpenAM
server
 Originally, we wanted to use oAuth
 Speed of adaption
 Originally we thought we’d have at least one year to ramp up
 Once it went live, EVERYONE wanted to use it
 Our current volume is higher than we thought we’d be after one year –
plan for rapid adaption
Concerns and Caveats
Service Gateway

10. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
10 Copyright © 2013 CA. All rights reserved.
 Require a single location to find all the APIs flowing through the Service
Gateway
 Track usage of the APIs
 Discovery of reusable APIs
 Documentation
 Sample code
Problem 2 Solution: API Portal
From April 2012 to August 2012

11. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
11 Copyright © 2013 CA. All rights reserved.
API Portal

12. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
12 Copyright © 2013 CA. All rights reserved.
Enterprise APIs
1. Publish & Secure APIs 2. Onboard Developers
3. Monetize your APIs Developer
Technical/Security Architect
Web Administrator
Business Manager
4. Close the Loop
API Portal
API Portal: Part of Layer 7’s Turnkey Solution

13. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
13 Copyright © 2013 CA. All rights reserved.
 All want the benefits of the portal but not the work
 Documentation needs to be completed according to templates we’ve
shared
 Most teams do not want “another set of templates” even though the value
is clear
 Adaption is slower than anticipated
 Reticence by some of our business units to use an IT-owned and
operated application
Concerns and Caveats
API Portal

14. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
14 Copyright © 2013 CA. All rights reserved.
 Developers look to off-load security work to the Service Gateway for
all their APIs – can’t keep up with demand!
 InfoSec looks to the Service Gateway to ensure data is compliant
with internal policies
 Network Security looks to the Service Gateway to monitor attacks
from the outside (we get scanned for vulnerabilities about once
every 3 days)
 Statistics after one year (ahead of forecast):
Today
Ave. Calls Per
Minute/Hour
95/5700
Max Calls Per Minute/Hour 907/54,420
Total Number of APIs 29
Number of BUs 7

15. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
15 Copyright © 2013 CA. All rights reserved.
 Had two problems to solve: a central gateway for all services and
APIs and a central registry for all those services and documentation
 Caveats
 Agreements by all (security and application owners) prior to production
roll-out
 General agreements by all developers to use API Portal
Summary: A Few Words to Remember

16. © 2013 Adobe Systems Incorporated. All Rights Reserved. Adobe Confidential.
16 Copyright © 2013 CA. All rights reserved.
Q&A