Click here to close now.

Welcome!

Java Authors: Yeshim Deniz, AppDynamics Blog, Liz McMillan, Carmen Gonzalez, Elizabeth White

Blog Feed Post

Instant API Management with Intel and Amazon

Instant API Management with Intel and Amazon

Instant API Management with Intel and Amazon

Did you know you can get started with Intel Expressway API Manager on AWS Marketplace today with only a few clicks? You can have instant API Management and enhanced EC2 security for applications and services exposed from public or hybrid cloud environments.

The offering is available from Amazon to anyone with a valid Amazon account. If you haven’t tried Amazon’s AWS marketplace, you can have an instance of the gateway up and running in a few minutes.

Are you looking to mobile enable an Enterprise application need to expose an API? Are you looking to try a flexible DevOps model for cloud bursting? Are you looking to provide a centralized API governance, security and throttling layer for Enterprise applications? If so, Expressway can help.

Here are four things you can do today with Intel Expressway on Amazon AWS Marketplace:

1. Publish a Mobile Ready API

Here is the scenario – you have data you want to make available to an HTML5 mobile application, but it’s split up among different application services in your Enterprise environment. Each service sends its reply with different data formats, some are XML, some are JSON, and some are text, and becasue these services weren’t designed with mobile in mind, they send too much information. What you want is a mashed-up, filtered subset. Worse, authentication for this data is also based on different types of credentials, such as a username/password or Kerberos ticket.

You’ve considered custom development work to bring together these services to expose an API, and you’ve also considered trying to parse, transform and filter the data on the client, but you feel the app experience would be negatively impacted due to client performance. Each alternative is wrought with development costs. What to do? Expose the API through a gateway.

Mobile-Enable-Enterprise-Application-Small

Expressway API Manager can easily expose a mobile ready API from existing middleware and services

To test it out, you can load sample responses from your services directly into Expressway, and design a proof-of-concept in the cloud. When you are read to move to production you can either migrate your applications to the public cloud or stand-up a gateway in your internal network. To facilitate testing, you can also rely on mock-up services such as mocky.

2. API Data Protection & Compliance

Here is the scenario: Suppose you are using Amazon’s DynamoDB, a standard SQL database or another cloud-hosted Big Data solution. Your application collects personally identifiable information (PII) or PCI information for CRM or lead management and communicates using APIs.

You you want to ensure this data remains protected in the cloud, and more importantly, when it is made available to API clients, such as a smartphone or partner web service, the caller should only be able to view protected information if they have the proper authorization.

You need a way to enforce fine-grained compliance on API content. Worse, you want to enforce security in the same way, no matter what persistence technology you may switch to in the future. It’s SQL today, but it could be NoSQL tomorrow. What to do? Protect API content using a gateway.

API Management and Compliance with DynamoDB

API Management and Compliance with DynamoDB

In the previous example sensitive information such as a social security number, driver’s license, credit card, or bank account information can  be encrypted and protected before it is stored in the cloud. Data protection is enabled by a pii protection policy in Expressway and inserted directly to the persistence layer using RESTful APIs or through the use of the Expressway Java extensibility framework.

Protection here means format preserving encryption which preserves the data type and output length of the original plain-text, minimizing application changes compared to traditional symmetric encryption which operates on padded octets.

Further, data can only be decrypted by the gateway layer and access is enforced using strong identity management, OAuth 2, X.509 certificates or 2-factor authentication, adding an additional layer of compliance to API content.

3. Extend Your ‘API Network’

Here is the scenario: You want to enforce API governance but don’t want to migrate all of your back-end applications to the public cloud. Or perhaps you want to migrate some back-end services, but not all. On top of this, you have to consider an efficient network architecture, which means network latency is an important factor. What to do?

Given Amazon’s ability to handle multi-homed EC2 instances as well as Amazon’s VPC feature, you can create a hybrid API architecture with improved network latency and improved time to market.

API Management-Amazon-VPC

In the previous diagram, the network design allows the Enterprise to immediately expose APIs with minimal application changes. The gateway is deployed in a VPC in a multi-homed configuration with a public IP address and an IP address in a private subnet connected through a hardware VPN. This means services can stay where they are.

The gateway acts as the enforcement and API exposure point (see the first use case), receiving API requests from mobile devices on the Internet that eventually route to services in the Enterprise Datacenter or in the Amazon Virtual Private Cloud (VPC).

This network architecture also provides improved client latency compared to a pure on-premise approach as additional network hops can be skipped compared to a case where the Enterprise has to expose an APIs through its DMZ.

4. Design an API Governance Layer

Here is the scenario: Suppose you have exposed a few APIs to support your mobile and partner strategy with some success. Perhaps you’ve exposed APIs directly by the smart use of open source frameworks such as Jersey, Microsoft, Node.js, RESTlet, or Ruby on Rails.

You’ve been successful with a handful of developers and have implemented security, throttling, authentication and API design with careful and deliberate project management. Now you need to scale from a handful of APIs to hundreds or even more. You need a consistent way to expose APIs with policies, not code. You need screaming performance and scale with built-in perimeter defense and application level denial of service protection.

Also, you need to ensure your APIs are available to the right developers at the right time to drive value throughout your organization. You also need API sharing. What to do? Design a scalable API Governance layer.

API Governance Layer

Here you can use the gateway and the examples described above as a design pattern for an API governance layer, which can be scaled in the Amazon cloud or in a hybrid architecture.

This means the API definitions, associated policies and the sharing of API definitions to developers is all handled at the gateway layer. You design your API interfaces independent of how the APIs are implemented. Today it could be a Microsoft .NET web service and tomorrow it could be Node.js. All of the security policies, API plans, authentication, data mediation and API sharing options are managed at the gateway. The gateway layer becomes the API consolidation point.

Intel provides both on-premise, partner and SaaS based API sharing options depending on your level of scale, control and security. The API sharing layer is available as an add-on component to the gateway, please contact us for more information.

How to Get Started

Want to see more? We’ve got a technical tutorial video here, the AWS API Tech Tutorial that runs through the sample application provided with the gateway and the offering is available from the link Intel Expressway API Manager link on AWS Marketplace.

It should be noted that some of the features above are enabled through the use of our visual policy editor, which is available at no cost to marketplace subscribers while others use the built-in policy editor available on the web interface.

Features that require the editor include Websockets, OAuth enablement, advanced protocol and data format mediation, database support & enterprise identity management. Please contact support to request the policy editor which is available at no extra charge to valid subscribers.

 

The post Instant API Management with Intel and Amazon appeared first on Application Security.

Read the original blog entry...

More Stories By Application Security

This blog references our expert posts on application and web services security.

@ThingsExpo Stories
Chuck Piluso will present a study of cloud adoption trends and the power and flexibility of IBM Power and Pureflex cloud solutions. Speaker Bio: Prior to Data Storage Corporation (DSC), Mr. Piluso founded North American Telecommunication Corporation, a facilities-based Competitive Local Exchange Carrier licensed by the Public Service Commission in 10 states, serving as the company's chairman and president from 1997 to 2000. Between 1990 and 1997, Mr. Piluso served as chairman & founder of International Telecommunications Corporation, a facilities-based international carrier licensed by t...
There are lots of challenges in IoT around secure, scalable and business friendly infrastructure for enterprises. For large corporations, IoT implementations are one of the top priorities of the decade. All industries are seeing a competitive need to sustain by investing in IoT initiatives. The value addition comes from improved customer service, innovative product and additional revenue streams. The data from these IP-connected devices can be leveraged for a variety of business applications as well as responsive action controls. The various architectural building blocks of an IoT ...
“In the past year we've seen a lot of stabilization of WebRTC. You can now use it in production with a far greater degree of certainty. A lot of the real developments in the past year have been in things like the data channel, which will enable a whole new type of application," explained Peter Dunkley, Technical Director at Acision, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
WebRTC is an up-and-coming standard that enables real-time voice and video to be directly embedded into browsers making the browser a primary user interface for communications and collaboration. WebRTC runs in a number of browsers today and is currently supported in over a billion installed browsers globally, across a range of platform OS and devices. Today, organizations that choose to deploy WebRTC applications and use a host machine that supports audio through USB or Bluetooth can use Plantronics products to connect and transit or receive the audio associated with the WebRTC session.
The best mobile applications are augmented by dedicated servers, the Internet and Cloud services. Mobile developers should focus on one thing: writing the next socially disruptive viral app. Thanks to the cloud, they can focus on the overall solution, not the underlying plumbing. From iOS to Android and Windows, developers can leverage cloud services to create a common cross-platform backend to persist user settings, app data, broadcast notifications, run jobs, etc. This session provides a high level technical overview of many cloud services available to mobile app developers, includi...
SYS-CON Media announced today that @WebRTCSummit Blog, the largest WebRTC resource in the world, has been launched. @WebRTCSummit Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. @WebRTCSummit Blog can be bookmarked ▸ Here @WebRTCSummit conference site can be bookmarked ▸ Here
SYS-CON Events announced today that Ciqada will exhibit at SYS-CON's @ThingsExpo, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Ciqada™ makes it easy to connect your products to the Internet. By integrating key components - hardware, servers, dashboards, and mobile apps - into an easy-to-use, configurable system, your products can quickly and securely join the internet of things. With remote monitoring, control, and alert messaging capability, you will meet your customers' needs of tomorrow - today! Ciqada. Let your products take flight. For more inform...
Health care systems across the globe are under enormous strain, as facilities reach capacity and costs continue to rise. M2M and the Internet of Things have the potential to transform the industry through connected health solutions that can make care more efficient while reducing costs. In fact, Vodafone's annual M2M Barometer Report forecasts M2M applications rising to 57 percent in health care and life sciences by 2016. Lively is one of Vodafone's health care partners, whose solutions enable older adults to live independent lives while staying connected to loved ones. M2M will continue to gr...
Dave will share his insights on how Internet of Things for Enterprises are transforming and making more productive and efficient operations and maintenance (O&M) procedures in the cleantech industry and beyond. Speaker Bio: Dave Landa is chief operating officer of Cybozu Corp (kintone US). Based in the San Francisco Bay Area, Dave has been on the forefront of the Cloud revolution driving strategic business development on the executive teams of multiple leading Software as a Services (SaaS) application providers dating back to 2004. Cybozu's kintone.com is a leading global BYOA (Build Your O...
As enterprises move to all-IP networks and cloud-based applications, communications service providers (CSPs) – facing increased competition from over-the-top providers delivering content via the Internet and independently of CSPs – must be able to offer seamless cloud-based communication and collaboration solutions that can scale for small, midsize, and large enterprises, as well as public sector organizations, in order to keep and grow market share. The latest version of Oracle Communications Unified Communications Suite gives CSPs the capability to do just that. In addition, its integration ...
The 17th International Cloud Expo has announced that its Call for Papers is open. 17th International Cloud Expo, to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, APM, APIs, Microservices, Security, Big Data, Internet of Things, DevOps and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal today!
While not quite mainstream yet, WebRTC is starting to gain ground with Carriers, Enterprises and Independent Software Vendors (ISV’s) alike. WebRTC makes it easy for developers to add audio and video communications into their applications by using Web browsers as their platform. But like any market, every customer engagement has unique requirements, as well as constraints. And of course, one size does not fit all. In her session at WebRTC Summit, Dr. Natasha Tamaskar, Vice President, Head of Cloud and Mobile Strategy at GENBAND, will explore what is needed to take a real time communications ...
The IoT Bootcamp is coming to Cloud Expo | @ThingsExpo on June 9-10 at the Javits Center in New York. Instructor. Registration is now available at http://iotbootcamp.sys-con.com/ Instructor Janakiram MSV previously taught the famously successful Multi-Cloud Bootcamp at Cloud Expo | @ThingsExpo in November in Santa Clara. Now he is expanding the focus to Janakiram is the founder and CTO of Get Cloud Ready Consulting, a niche Cloud Migration and Cloud Operations firm that recently got acquired by Aditi Technologies. He is a Microsoft Regional Director for Hyderabad, India, and one of the f...
In 2015, 4.9 billion connected "things" will be in use. By 2020, Gartner forecasts this amount to be 25 billion, a 410 percent increase in just five years. How will businesses handle this rapid growth of data? Hadoop will continue to improve its technology to meet business demands, by enabling businesses to access/analyze data in real time, when and where they need it. Cloudera's Chief Technologist, Eli Collins, will discuss how Big Data is keeping up with today's data demands and how in the future, data and analytics will be pervasive, embedded into every workflow, application and infra...
From telemedicine to smart cars, digital homes and industrial monitoring, the explosive growth of IoT has created exciting new business opportunities for real time calls and messaging. In his session at @ThingsExpo, Ivelin Ivanov, CEO and Co-Founder of Telestax, shared some of the new revenue sources that IoT created for Restcomm – the open source telephony platform from Telestax. Ivelin Ivanov is a technology entrepreneur who founded Mobicents, an Open Source VoIP Platform, to help create, deploy, and manage applications integrating voice, video and data. He is the co-founder of TeleStax, a...
As Marc Andreessen says software is eating the world. Everything is rapidly moving toward being software-defined – from our phones and cars through our washing machines to the datacenter. However, there are larger challenges when implementing software defined on a larger scale - when building software defined infrastructure. In his session at 16th Cloud Expo, Boyan Ivanov, CEO of StorPool, will provide some practical insights on what, how and why when implementing "software-defined" in the datacenter.
How is unified communications transforming the way businesses operate? In his session at WebRTC Summit, Arvind Rangarajan, Director of Product Marketing at BroadSoft, will discuss how to extend unified communications experience outside the enterprise through WebRTC. He will also review use cases across different industry verticals. Arvind Rangarajan is Director, Product Marketing at BroadSoft. He has over 19 years of experience in the telecommunications industry in various roles such as Software Development, Product Management and Product Marketing, applied across Wireless, Unified Communic...
SYS-CON Events announced today that MangoApps will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY., and the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. MangoApps provides private all-in-one social intranets allowing workers to securely collaborate from anywhere in the world and from any device. Social, mobile, and easy to use. MangoApps has been named a "Market Leader" by Ovum Research and a "Cool Vendor" by Gartner...
SYS-CON Media announced today that @ThingsExpo Blog launched with 7,788 original stories. @ThingsExpo Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. @ThingsExpo Blog can be bookmarked. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago.
The world's leading Cloud event, Cloud Expo has launched Microservices Journal on the SYS-CON.com portal, featuring over 19,000 original articles, news stories, features, and blog entries. DevOps Journal is focused on this critical enterprise IT topic in the world of cloud computing. Microservices Journal offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. Follow new article posts on Twitter at @MicroservicesE