Welcome!

Java Authors: Sematext Blog , Gilad Parann-Nissany, Noel Wurst, Michael Bushong, Elizabeth White

Blog Feed Post

Instant API Management with Intel and Amazon

Instant API Management with Intel and Amazon

Instant API Management with Intel and Amazon

Did you know you can get started with Intel Expressway API Manager on AWS Marketplace today with only a few clicks? You can have instant API Management and enhanced EC2 security for applications and services exposed from public or hybrid cloud environments.

The offering is available from Amazon to anyone with a valid Amazon account. If you haven’t tried Amazon’s AWS marketplace, you can have an instance of the gateway up and running in a few minutes.

Are you looking to mobile enable an Enterprise application need to expose an API? Are you looking to try a flexible DevOps model for cloud bursting? Are you looking to provide a centralized API governance, security and throttling layer for Enterprise applications? If so, Expressway can help.

Here are four things you can do today with Intel Expressway on Amazon AWS Marketplace:

1. Publish a Mobile Ready API

Here is the scenario – you have data you want to make available to an HTML5 mobile application, but it’s split up among different application services in your Enterprise environment. Each service sends its reply with different data formats, some are XML, some are JSON, and some are text, and becasue these services weren’t designed with mobile in mind, they send too much information. What you want is a mashed-up, filtered subset. Worse, authentication for this data is also based on different types of credentials, such as a username/password or Kerberos ticket.

You’ve considered custom development work to bring together these services to expose an API, and you’ve also considered trying to parse, transform and filter the data on the client, but you feel the app experience would be negatively impacted due to client performance. Each alternative is wrought with development costs. What to do? Expose the API through a gateway.

Mobile-Enable-Enterprise-Application-Small

Expressway API Manager can easily expose a mobile ready API from existing middleware and services

To test it out, you can load sample responses from your services directly into Expressway, and design a proof-of-concept in the cloud. When you are read to move to production you can either migrate your applications to the public cloud or stand-up a gateway in your internal network. To facilitate testing, you can also rely on mock-up services such as mocky.

2. API Data Protection & Compliance

Here is the scenario: Suppose you are using Amazon’s DynamoDB, a standard SQL database or another cloud-hosted Big Data solution. Your application collects personally identifiable information (PII) or PCI information for CRM or lead management and communicates using APIs.

You you want to ensure this data remains protected in the cloud, and more importantly, when it is made available to API clients, such as a smartphone or partner web service, the caller should only be able to view protected information if they have the proper authorization.

You need a way to enforce fine-grained compliance on API content. Worse, you want to enforce security in the same way, no matter what persistence technology you may switch to in the future. It’s SQL today, but it could be NoSQL tomorrow. What to do? Protect API content using a gateway.

API Management and Compliance with DynamoDB

API Management and Compliance with DynamoDB

In the previous example sensitive information such as a social security number, driver’s license, credit card, or bank account information can  be encrypted and protected before it is stored in the cloud. Data protection is enabled by a pii protection policy in Expressway and inserted directly to the persistence layer using RESTful APIs or through the use of the Expressway Java extensibility framework.

Protection here means format preserving encryption which preserves the data type and output length of the original plain-text, minimizing application changes compared to traditional symmetric encryption which operates on padded octets.

Further, data can only be decrypted by the gateway layer and access is enforced using strong identity management, OAuth 2, X.509 certificates or 2-factor authentication, adding an additional layer of compliance to API content.

3. Extend Your ‘API Network’

Here is the scenario: You want to enforce API governance but don’t want to migrate all of your back-end applications to the public cloud. Or perhaps you want to migrate some back-end services, but not all. On top of this, you have to consider an efficient network architecture, which means network latency is an important factor. What to do?

Given Amazon’s ability to handle multi-homed EC2 instances as well as Amazon’s VPC feature, you can create a hybrid API architecture with improved network latency and improved time to market.

API Management-Amazon-VPC

In the previous diagram, the network design allows the Enterprise to immediately expose APIs with minimal application changes. The gateway is deployed in a VPC in a multi-homed configuration with a public IP address and an IP address in a private subnet connected through a hardware VPN. This means services can stay where they are.

The gateway acts as the enforcement and API exposure point (see the first use case), receiving API requests from mobile devices on the Internet that eventually route to services in the Enterprise Datacenter or in the Amazon Virtual Private Cloud (VPC).

This network architecture also provides improved client latency compared to a pure on-premise approach as additional network hops can be skipped compared to a case where the Enterprise has to expose an APIs through its DMZ.

4. Design an API Governance Layer

Here is the scenario: Suppose you have exposed a few APIs to support your mobile and partner strategy with some success. Perhaps you’ve exposed APIs directly by the smart use of open source frameworks such as Jersey, Microsoft, Node.js, RESTlet, or Ruby on Rails.

You’ve been successful with a handful of developers and have implemented security, throttling, authentication and API design with careful and deliberate project management. Now you need to scale from a handful of APIs to hundreds or even more. You need a consistent way to expose APIs with policies, not code. You need screaming performance and scale with built-in perimeter defense and application level denial of service protection.

Also, you need to ensure your APIs are available to the right developers at the right time to drive value throughout your organization. You also need API sharing. What to do? Design a scalable API Governance layer.

API Governance Layer

Here you can use the gateway and the examples described above as a design pattern for an API governance layer, which can be scaled in the Amazon cloud or in a hybrid architecture.

This means the API definitions, associated policies and the sharing of API definitions to developers is all handled at the gateway layer. You design your API interfaces independent of how the APIs are implemented. Today it could be a Microsoft .NET web service and tomorrow it could be Node.js. All of the security policies, API plans, authentication, data mediation and API sharing options are managed at the gateway. The gateway layer becomes the API consolidation point.

Intel provides both on-premise, partner and SaaS based API sharing options depending on your level of scale, control and security. The API sharing layer is available as an add-on component to the gateway, please contact us for more information.

How to Get Started

Want to see more? We’ve got a technical tutorial video here, the AWS API Tech Tutorial that runs through the sample application provided with the gateway and the offering is available from the link Intel Expressway API Manager link on AWS Marketplace.

It should be noted that some of the features above are enabled through the use of our visual policy editor, which is available at no cost to marketplace subscribers while others use the built-in policy editor available on the web interface.

Features that require the editor include Websockets, OAuth enablement, advanced protocol and data format mediation, database support & enterprise identity management. Please contact support to request the policy editor which is available at no extra charge to valid subscribers.

 

The post Instant API Management with Intel and Amazon appeared first on Application Security.

Read the original blog entry...

More Stories By Application Security

This blog references our expert posts on application and web services security.

@ThingsExpo Stories
The BPM world is going through some evolution or changes where traditional business process management solutions really have nowhere to go in terms of development of the road map. In this demo at 15th Cloud Expo, Kyle Hansen, Director of Professional Services at AgilePoint, shows AgilePoint’s unique approach to dealing with this market circumstance by developing a rapid application composition or development framework.

ARMONK, N.Y., Nov. 20, 2014 /PRNewswire/ --  IBM (NYSE: IBM) today announced that it is bringing a greater level of control, security and flexibility to cloud-based application development and delivery with a single-tenant version of Bluemix, IBM's platform-as-a-service. The new platform enables developers to build ap...

"BSQUARE is in the business of selling software solutions for smart connected devices. It's obvious that IoT has moved from being a technology to being a fundamental part of business, and in the last 18 months people have said let's figure out how to do it and let's put some focus on it, " explained Dave Wagstaff, VP & Chief Architect, at BSQUARE Corporation, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
The major cloud platforms defy a simple, side-by-side analysis. Each of the major IaaS public-cloud platforms offers their own unique strengths and functionality. Options for on-site private cloud are diverse as well, and must be designed and deployed while taking existing legacy architecture and infrastructure into account. Then the reality is that most enterprises are embarking on a hybrid cloud strategy and programs. In this Power Panel at 15th Cloud Expo (http://www.CloudComputingExpo.com), moderated by Ashar Baig, Research Director, Cloud, at Gigaom Research, Nate Gordon, Director of T...
The Internet of Things is not new. Historically, smart businesses have used its basic concept of leveraging data to drive better decision making and have capitalized on those insights to realize additional revenue opportunities. So, what has changed to make the Internet of Things one of the hottest topics in tech? In his session at @ThingsExpo, Chris Gray, Director, Embedded and Internet of Things, discussed the underlying factors that are driving the economics of intelligent systems. Discover how hardware commoditization, the ubiquitous nature of connectivity, and the emergence of Big Data a...
SYS-CON Events announced today that Windstream, a leading provider of advanced network and cloud communications, has been named “Silver Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York, NY. Windstream (Nasdaq: WIN), a FORTUNE 500 and S&P 500 company, is a leading provider of advanced network communications, including cloud computing and managed services, to businesses nationwide. The company also offers broadband, phone and digital TV services to consumers primarily in rural areas.
“In the past year we've seen a lot of stabilization of WebRTC. You can now use it in production with a far greater degree of certainty. A lot of the real developments in the past year have been in things like the data channel, which will enable a whole new type of application," explained Peter Dunkley, Technical Director at Acision, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
SYS-CON Events announced today that IDenticard will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. IDenticard™ is the security division of Brady Corp (NYSE: BRC), a $1.5 billion manufacturer of identification products. We have small-company values with the strength and stability of a major corporation. IDenticard offers local sales, support and service to our customers across the United States and Canada. Our partner network encompasses some 300 of the world's leading systems integrators and security s...
DevOps Summit 2015 New York, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that it is now accepting Keynote Proposals. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that produce software that is obsolete at launch. DevOps may be disruptive, but it is essential.
"People are a lot more knowledgeable about APIs now. There are two types of people who work with APIs - IT people who want to use APIs for something internal and the product managers who want to do something outside APIs for people to connect to them," explained Roberto Medrano, Executive Vice President at SOA Software, in this SYS-CON.tv interview at Cloud Expo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
Nigeria has the largest economy in Africa, at more than US$500 billion, and ranks 23rd in the world. A recent re-evaluation of Nigeria's true economic size doubled the previous estimate, and brought it well ahead of South Africa, which is a member (unlike Nigeria) of the G20 club for political as well as economic reasons. Nigeria's economy can be said to be quite diverse from one point of view, but heavily dependent on oil and gas at the same time. Oil and natural gas account for about 15% of Nigera's overall economy, but traditionally represent more than 90% of the country's exports and as...
The Internet of Things is a misnomer. That implies that everything is on the Internet, and that simply should not be - especially for things that are blurring the line between medical devices that stimulate like a pacemaker and quantified self-sensors like a pedometer or pulse tracker. The mesh of things that we manage must be segmented into zones of trust for sensing data, transmitting data, receiving command and control administrative changes, and peer-to-peer mesh messaging. In his session at @ThingsExpo, Ryan Bagnulo, Solution Architect / Software Engineer at SOA Software, focused on desi...
"At our booth we are showing how to provide trust in the Internet of Things. Trust is where everything starts to become secure and trustworthy. Now with the scaling of the Internet of Things it becomes an interesting question – I've heard numbers from 200 billion devices next year up to a trillion in the next 10 to 15 years," explained Johannes Lintzen, Vice President of Sales at Utimaco, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
"For over 25 years we have been working with a lot of enterprise customers and we have seen how companies create applications. And now that we have moved to cloud computing, mobile, social and the Internet of Things, we see that the market needs a new way of creating applications," stated Jesse Shiah, CEO, President and Co-Founder of AgilePoint Inc., in this SYS-CON.tv interview at 15th Cloud Expo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
SYS-CON Events announced today that Gridstore™, the leader in hyper-converged infrastructure purpose-built to optimize Microsoft workloads, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Gridstore™ is the leader in hyper-converged infrastructure purpose-built for Microsoft workloads and designed to accelerate applications in virtualized environments. Gridstore’s hyper-converged infrastructure is the industry’s first all flash version of HyperConverged Appliances that include both compute and storag...
Today’s enterprise is being driven by disruptive competitive and human capital requirements to provide enterprise application access through not only desktops, but also mobile devices. To retrofit existing programs across all these devices using traditional programming methods is very costly and time consuming – often prohibitively so. In his session at @ThingsExpo, Jesse Shiah, CEO, President, and Co-Founder of AgilePoint Inc., discussed how you can create applications that run on all mobile devices as well as laptops and desktops using a visual drag-and-drop application – and eForms-buildi...
We certainly live in interesting technological times. And no more interesting than the current competing IoT standards for connectivity. Various standards bodies, approaches, and ecosystems are vying for mindshare and positioning for a competitive edge. It is clear that when the dust settles, we will have new protocols, evolved protocols, that will change the way we interact with devices and infrastructure. We will also have evolved web protocols, like HTTP/2, that will be changing the very core of our infrastructures. At the same time, we have old approaches made new again like micro-services...
Code Halos - aka "digital fingerprints" - are the key organizing principle to understand a) how dumb things become smart and b) how to monetize this dynamic. In his session at @ThingsExpo, Robert Brown, AVP, Center for the Future of Work at Cognizant Technology Solutions, outlined research, analysis and recommendations from his recently published book on this phenomena on the way leading edge organizations like GE and Disney are unlocking the Internet of Things opportunity and what steps your organization should be taking to position itself for the next platform of digital competition.
The 3rd International Internet of @ThingsExpo, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that its Call for Papers is now open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
As the Internet of Things unfolds, mobile and wearable devices are blurring the line between physical and digital, integrating ever more closely with our interests, our routines, our daily lives. Contextual computing and smart, sensor-equipped spaces bring the potential to walk through a world that recognizes us and responds accordingly. We become continuous transmitters and receivers of data. In his session at @ThingsExpo, Andrew Bolwell, Director of Innovation for HP's Printing and Personal Systems Group, discussed how key attributes of mobile technology – touch input, sensors, social, and ...