api platform cloud service best practice - oow17
Post on 23-Jan-2018
687 Views
Preview:
TRANSCRIPT
Oracle Open World 2017Oracle API Platform Best Practices & Lessons LearntSan Francisco, October 2017
Luis Weirluis.weir@capgemini.com
uk.linkedin.com/in/lweir @luisw19
www.soa4u.co.uk /APIPlatform.cloud
Phil WilkinsPhil.Wilkins@capgemini.com uk.linkedin.com/in/philWilkins
@PhilAtCapgemini / @MP3Monster
Oracle-integration.cloud /APIPlatform.cloud /
Blog.mp3monster.org
2Copyright © Capgemini and Sogeti 2017. All Rights Reserved
About us :: Luis
I am very passionate about technology. I have be the lead authored of two books (Oracle SOA Governance 11g Implementation and Oracle API Management 12c
Implementation), I am a regular blogger and speaker in major conferences and events. A well-known industry expert especially when it comes to Oracle middleware
technologies I am also an OTN certified SOA black belt.
Luis Weir
Oracle Ace Director – Chief Architect at Capgemini UK
I am an Oracle Ace Director, Cloud Principal and a Thought Leader specialised in Oracle Fusion Middleware & Oracle PaaS. With more than 15
years of experience implementing IT solutions across the globe, I have been exposed to a wide wide variety of business problems many of which
I’ve helped solved by adopting SOA architectural styles such as traditional SOA, API management and now Microservices. My current focus is in
assisting organisations define and implement solutions and strategies that can help them realise the benefits that such technologies have to offer.
2nd Place
1st OTN Cloud
Hackathon
June, 2016
Cloud
Contribution Award
PaaS Community
March, 2016
Best New UK Speaker
UKOUG
December, 2016
API
Contribution Award
PaaS Community
April, 2017
3Copyright © Capgemini and Sogeti 2017. All Rights Reserved
About us :: Phil
I believe knowledge & experience is only of value when shared. So, I have co-authored a book on iPaaS, along with contributing to the development of more than a
dozen other titles ranging from Apache Camel to Oracle Integration Cloud Service, Cloud Computing Design Patterns to Next Generation SOA. Additionally I am an
active blogger have had a number of articles published in various journals. Additionally I have presented at a number of conferences and events.
Phil Wilkins
Oracle Ace – Senior Consultant at Capgemini UK
I am a Technical Enterprise Architect specializing in integration and cloud technologies. I started out as a developer working on mission critical
real time systems such as Radar and Air Traffic Control before moving into integration solutions (in consultant, software vendor and customer
roles) and using open source technologies such as JBoss app Server, FuseSource (now JBoss Fuse) among others. I have been working with
Oracle middleware tech-stack for the last 8 years both for on-premises solutions, hybrid and pure cloud scenarios. I’m a great believer in the right
tool for the right job and using technology to solve a problem.
Supported the
development of a
variety of books
Packt – Erl et al
Articles published in a
range of Journals
Published 1st Oracle
iPaaS Book
Implementing ICS
PaaS Community
Jan, 2017
TOGAF 9 Certified
2013
4Copyright © Capgemini and Sogeti 2017. All Rights Reserved
API Platform Book
Goes to Print Q1 2018
… Available as Alpha (download chapters as we
finish them)
Order from …
• http://bit.ly/APIP-CS
• http://bit.ly/APIP-CS-Amazon
http://APIPlatform.cloud
5Copyright © Capgemini and Sogeti 2017. All Rights Reserved
3 Membership Tiers
• Oracle ACE Director
• Oracle ACE
• Oracle ACE Associate
bit.ly/OracleACEProgram
500+ Technical
Experts Helping
Peers Globally
Connect:
Nominate yourself or someone you know: acenomination.oracle.com
@oracleace
Facebook.com/oracleaces
oracle-ace_ww@oracle.com
6Copyright © Capgemini and Sogeti 2017. All Rights Reserved
API Platform Cloud Service *new cloud service (not the previous solution)Cloud and on-premise API creation, publishing and management
Key Features• API visibility in the cloud: API Platform provides visibility to APIs
through a cloud-based portal
• Protects backend services : API Gateways deployed on-prem or on any cloud protects backend systems and services by providing a robust security layer
• Supports on-premise and cloud-based services : APIs can virtualise both cloud and on-premise services
Benefits• Easily expose APIs to internal and external consumers
• Provides security to protect backend systems
• Rapid and fully automated provisioning
• Secure, highly available with clustering
API Platform
7Copyright © Capgemini and Sogeti 2017. All Rights Reserved
Steps to success!
1) Discover2) Architecture &
Lifecycle3) Installation & Configuration
4) Conclusions
8Copyright © Capgemini and Sogeti 2017. All Rights Reserved
API Platform Component Architecture
Gateway – Deployable almost anywhere:
• On-Premises
• Oracle Cloud
• 3rd party clouds including AWS, Azure,
IBM
API-P Management –
runs in Oracle Cloud
9Copyright © Capgemini and Sogeti 2017. All Rights Reserved
Steps to success
Discovery: identify the needs and drivers for API management. Conduct discovery workshops with
business t& IT. Idea is to create a backlog of needs and identify existing assets1
1 2 3 4
10Copyright © Capgemini and Sogeti 2017. All Rights Reserved
Discovery workshops and outcomes
Business Stakeholders
• Identify key stake holders (i.e. Finance, HR, etc)
• Prepare questions to understand their needs i.e.
• Need to access up to date data in real time?
• Mobile apps or web-apps need access to backend data?
• Need to understand who access the data?
• Partners need access to data (i.e. product info?)
• Volumes (from business point of view)
IT Stakeholders
• Understand what related infrastructure is available (i.e. SOA Suite, OSB, etc)
• Identify what APIs (SOAP or REST) exists and their usage
• Understand connectivity challenges specially around access to data from different places (i.e. cloud to on-premises)
• Understand non-functional requirements
Outcomes
• Gather all needs and classify them –basically a backlog
• Create a catalogue of existing APIs (spreadsheet nothing fancy) if not already available
• Expected business value of APIs. This should be used as a success factor of the initiative
1 2 3 4
11Copyright © Capgemini and Sogeti 2017. All Rights Reserved
Steps to success
Discovery: identify the needs and drivers for API management. Conduct discovery workshops with
business t& IT. Idea is to create a backlog of needs and identify existing assets
Architecture and SDLC: Create a reference architecture (conceptual, logical, physical) and define your
environment strategy as well. Also define your SDLC (process / tools / roles)
1
2
1 2 3 4
12Copyright © Capgemini and Sogeti 2017. All Rights Reserved
Clo
ud
On-premises
Oracle APIPCS Implementation Architecture
External Firewall
Internal Firewall
External API
Gateway
Internal API
Gateway
Internet ProxyExternal API
Gateway
Internal API
Gateway
Existing SOA
Infrastructure
API Applications &
Microservices
External Load Balancer
External Load Balancer
Registry
Register, de-
register, health
check, etc
Get endpoints
IP
i.e.
ADFS/LDAP
IP
i.e.
ADFS/LDAP
Pa
aS
DB
aa
S
iPa
aS
Exte
rna
l AP
I
Ga
tew
ay
Exte
rna
l AP
I
Ga
tew
ay
Load B
ala
ncer
Identity as a Service
Sa
aS
Clo
ud
Fire
wall
External Load Balancer
LG
Clo
ud
AP
I Applic
atio
ns &
Mic
roserv
ices
Sends stats
Pulls deployments
Cloud PaaS
Management
ConsoleDeveloper Portal
API Platform
Discover, Try,
Use
Application
Developers
API Platform
Admins
Install,
manage
gateways,
manage
users &
grants
API Designers &
Developers
Publish &
discover,
manage,
monitor
APIs
LG = Logical gateway
SP = Single purpose
IP = Identity provider
Mobile BackendMobile (SP)
API
Business
API
Business
API
Mobile
App
LG Ext.
LG Int.
1 2 3 4
13Copyright © Capgemini and Sogeti 2017. All Rights Reserved
Clo
ud
CDN (i.e. AKAMI)
On-premises
Oracle APIPCS Implementation Architecture
External Firewall
Internal Firewall
External API
Gateway
Internal API
Gateway
Cloud PaaS
Management
Console
Internet ProxyExternal API
Gateway
Internal API
Gateway
Existing SOA
Infrastructure
API Applications &
Microservices
External Load Balancer
External Load Balancer
Registry
Register, de-
register, health
check, etc
Get endpoints
IP
i.e.
ADFS/LDAP
IP
i.e.
ADFS/LDAP
Pa
aS
DB
aa
S
Exte
rna
l AP
I
Ga
tew
ay
Exte
rna
l AP
I
Ga
tew
ay
Load B
ala
ncer
Identity as a Service
Sa
aS
Clo
ud
Fire
wall
External Load Balancer
LG Ext.
LG Int.
LG
Clo
ud
AP
I Applic
atio
ns &
Mic
roserv
ices
Developer Portal
API Platform
Sends stats
Pulls deployments
Discover, Try,
Use
Application
Developers
LG = Logical gateway
SP = Single purpose
IP = Identity provider
Business
Partners
Public (SP)
API
iPa
aS
Community
Apps
Partner (SP)
API
API Platform
Admins
Install,
manage
gateways,
manage
users &
grants
API Designers &
Developers
Publish &
discover,
manage,
monitor
APIs
1 2 3 4
14Copyright © Capgemini and Sogeti 2017. All Rights Reserved
Deployment Framework
Environment Strategy & Deployment Process
Tools
Dreed,
Circle CI,
API Foretress
Development/Test
Management
ConsoleDeveloper Portal
API Platform Instance 1 (non-prod)
Platform APIs
Development Logical
gatewaysTest Logical gateways
Management
ConsoleDeveloper Portal
API Platform Instance 1 (pre-prod)
Platform APIs
Pre-production
Pre-production
Logical gateways
Management
ConsoleDeveloper Portal
API Platform Instance 1 (prod)
Platform APIs
Production
Production Logical
gateways
Retrieve API details Version Control API Check outDeploy (create new
API)
Change properties
(ie. Endpoints)Test
1 2 3 4
15Copyright © Capgemini and Sogeti 2017. All Rights Reserved
Steps to success
Discovery: identify the needs and drivers for API management. Conduct discovery workshops with
business t& IT. Idea is to create a backlog of needs and identify existing assets
Architecture and SDLC: Create a reference architecture (conceptual, logical, physical) and define your
environment strategy as well. Also define your SDLC (process / tools / roles)
1
2
Installation/configuration tips: recommendations based on lessons learnt3
1 2 3 4
16Copyright © Capgemini and Sogeti 2017. All Rights Reserved
Installation Steps
Purchase/Create APIPCS and
Apiary instances
Create your user accounts
Download gateway binaries
Install/configure the gateways
Post-configuration in management
service
1 2 3 4
17Copyright © Capgemini and Sogeti 2017. All Rights Reserved
Step 3: Instantiate
API-Platform
Servers
Installation Tip 1: When setting up the cloud – ensure DB sized
for requirement
The management cloud requires you to go
through the steps of:
• Creating Oracle Storage,
• Creating the Database as a Service – using the storage
created,
• Instantiate API-P Platform.
This does mean you need to determine the size
of database needed:
• Development environments can be small,
• Production sizing will depend on your API volumes
(number of APIs and API invocations) and analytical
needs.
Can expect this process to be simplified in the
future
Compute NodeCompute Node
REST APIs
Management Services
WebLogic Managed Server
Management Portal
Developer Portal
Public Cloud- API Platform Cloud Service
WebLogic Managed Server
Management Portal
Developer Portal
WLS Cluster
Compute Node
DatabaseCloud
REST APIs
Management Services
Management Portal
Developer Portal
Load Balancer
Ora
cle
Iden
tity
C
lou
d S
ervi
ce
IaaS Storage
Step 1: Create
Storage
Step 2: Create
DB on storage
1 2 3 4
18Copyright © Capgemini and Sogeti 2017. All Rights Reserved
Installation Tip 2: Ensure you have permissions & storage
In production environments OS can be locked down ensure you have
suitable permissions in advance
• Deployment if Gateway a little different to traditional WLS
If you wish to use Port 80 & 443 for API traffic then permissions will need
to be setup on Linux
• API Platform does not support port mapping
Ensure you have plenty of storage – recommend min 5GB
• Each part of the tree suggested should have 1GB, plus allow additional 1GB for log files
• Provides space to unpack deployment
• Structure suggested means ability to rollback
You will want to link the Gateway start-up to the OS start-up for
production
1 2 3 4
19Copyright © Capgemini and Sogeti 2017. All Rights Reserved
Installation Tip 3: Simplify download of the gateway
Gateways are likely to be installed on Servers without a Graphical UI – makes the retrieval of the Gateway
binary more fiddly as you need to have intermediary step(s) OR script …
wget --keep-session-cookies --save-cookies cookies.txt --post-
data='j_username=######&j_password=########' --no-check-certificate
https://1.2.3.4/apiplatform/public/j_security_check
Get cookie session first…
wget --load-cookies cookies.txt --no-check-certificate
https://1.2.3.4/apiplatform/downloads/ApicsGatewayInstaller.zip
Get zip file passing session cookie …
1 2 3 4
This does take advantage of how API Platform is built – a change could disrupt this
20Copyright © Capgemini and Sogeti 2017. All Rights Reserved
Installation Tip 4: Installations takes too long and times out
This is usually caused because there isn’t enough entropy
(randomness) in the operating systems to complete the WebLogic
domain creation/configuration. To fix this:
I. Check entropy level with command:
tail -f /proc/sys/kernel/random/entropy_avail
II. If result is low(i.e. <100) then there isn’t enough randomness
hence why it’s taking low. To fix this you can run following
command:
export CONFIG_JVM_ARGS=-Djava.security.egd=file:/dev/./random
NOTE: This shouldn’t be done in production environments. So if your production
instances have low entropy levels contact your OS admins so issue can be
resolved. Good article below on how this issue can be resolved (thanks to Martien
van den)
1 2 3 4
https://www.certdepot.net/rhel7-get-started-random-number-generator/
21Copyright © Capgemini and Sogeti 2017. All Rights Reserved
Installation Tip 7: Get the gateway-props.json values right
Getting the value settings of gateway-props.json wrong can result in a number of issues (i.e. wrong ports
being used, wrong IPs, etc)
Most importantly, there are several properties that can be entered in gateway-props.json. Try and include the
minimum as required as any value entered will override the default values available in gateway-master.json
which can result in conflicts later on.
Below a sample that worked for us:
{
"gatewayInstallDir" : "/opt/oracle/gateway>",
"logicalGateway" : “<logical gateway name“,
"gatewayNodeName" : “<physical gateway name> ”,
"managementServerHost" : "http://<management portal host name>",
"managementServerPort" : "<management portal port>",
"proxyHost" : "<proxy host>" ,
"proxyPort" : "<proxy port>" ,
"nonProxyHosts" : "localhost",
"oauthProfileLocation" : "<oauth profil file name location>",
"listenIpAddress" : "<listen ip address>",
"publishAddress" : "<publish ip address>",
"phoneHomeProxy":["http://<proxy host>:<proxy port>","https://<proxy
host>:<proxy port>"],
"nodeProxy" : ["http://<proxy host>:<proxy port>","https://<porxy
host>:<proxy port>"],
"analyticsManagementUrl" : "http://<analytics host>:<port>",
"registryManagementUrl" : "http://<registry host>:<port>",
"gatewayExecutionMode": "Development",
"loadBalancerUrl": ["<lburl1>","<lburl2>"]
}
1 2 3 4
22Copyright © Capgemini and Sogeti 2017. All Rights Reserved
Installation Tip 8: Create all gateway admin users prior installing
and have credentials at hand!
Be aware of the users required during installation:
• Weblogic user (for local gateway -not management service) : the WebLogic administrator user of the gateway node.
This user is created when you run this action. The user is stored in the gateway domain’s local LDAP. When running
other actions on this node, you must supply these credentials
• Gateway manager (in management service): the Gateway Manager user that is responsible for managing this
gateway. This user must already exist on the Management Portal. This user is issued the Manage Gateway grant when
the gateway is created
• Gateway runtime user (in management service): the Gateway Runtime user that is used to download configuration
from and upload statistics to the gateway. This user must already exist on the Management Portal. This user is issued
the Node Service Account grant when the gateway is created
1 2 3 4
Create the gateway manager and gateway runtime
users before starting installation
23Copyright © Capgemini and Sogeti 2017. All Rights Reserved
Installation Tip 9: Start with step by step installation and then
automate
It is possible to do a full installation of a gateway by simply running the command:
./APIGateway -f gateway-props.json -a install-configure-start-create-join
However doing so will prevent you from fully understanding the installation process and trouble shoot
effectively if you run into issues. Better to execute the commands in the following order:
I. Install gateway binaries: ./APIGateway -f gateway-props.json -a install
II. Configure gateway Weblogic domain: ./APIGateway -f gateway-props.json -a configure
III. Start the gateway: ./APIGateway -f gateway-props.json -a start
IV. Create a new logical gateway in the management service: ./APIGateway -f gateway-props.json -a create
V. Join a logical gateway in the management service: ./APIGateway -f gateway-props.json -a join
If you are joining an existing Logical Gateway make sure you have the right Id in the config file
1 2 3 4
24Copyright © Capgemini and Sogeti 2017. All Rights Reserved
Installation Tip 10: Join won’t happy due to certificate issues
This can happen if the certificate used by the management service is not trusted by your local keystore (i.e. in
a BETA version our management service URL was an IP and not a standard cloud URI)
This issue can be resolved by manually downloading the certificate of the management service and then
adding it to the local keystore (in our case we added it to the main JRE keystore but there might be a better
way)
We did this as following:
To obtain the server certificate:
openssl s_client -connect <URL to API platform management service> -showcerts > api.cert
To add the certificate into the keystore:
keytool -keystore </path to JRE keystore> -import -file ./api.cert
Then restart the gateway and try to join again
1 2 3 4
25Copyright © Capgemini and Sogeti 2017. All Rights Reserved
Installation Tip 11: Don’t lockdown the gateway unless you’re sure is
right!
Once the lockdown command is executed (below) there is no straight forward way to
unlock
./APIGateway -f gateway-props.json -a lockdown
For development and test instances perhaps best not to lockdown
1 2 3 4
26Copyright © Capgemini and Sogeti 2017. All Rights Reserved
Gateway Node
API Gateway
WebLogic Managed Server
Derby DB
Bundled Software
Installation Tip 12: Monitoring & API logging policies
We expect the Gateway to run without issue,
but it isn’t a perfect world, when things go wrong
you need to know what is happening
Gateways will generate log files for…
• Log Policies (separated for different API Apps)
• Gateway component
• WebLogic Managed Server
• Deployment Logs
• Platform Logs
If you have multiple gateways, with multiple API
calls in a client App transaction – no guarantee
going thru same gateway
When building APIs consider applying tracking
Ids are used, in the same way as SOA Suite &
Insights tools do with eCID or Kabana does with
X-B3-TraceId header attributes
1 2 3 4
Gateway Node
API Gateway
WebLogic Managed Server
Derby DB
Bundled Software
API Consumers
API Consumers
API Consumers
Service Endpoint
Service Endpoint
Service Endpoint
API calls Service calls
http(s)
http(s)
http(s)
http(s)
http(s)
http(s)
28Copyright © Capgemini and Sogeti 2017. All Rights Reserved
Steps to success
Conclusions4
Discovery: identify the needs and drivers for API management. Conduct discovery workshops with
business t& IT. Idea is to create a backlog of needs and identify existing assets
Architecture and SDLC: Create a reference architecture (conceptual, logical, physical) and define your
environment strategy as well. Also define your SDLC (process / tools / roles)
1
2
Installation/configuration tips: recommendations based on lessons learnt3
1 2 3 4
29Copyright © Capgemini and Sogeti 2017. All Rights Reserved
Define the right architecture for your requirements
Get inspiration from other architectures (OMESA), but one size doesn’t fit all. Define an architecture right for your needs
Define your environment strategy suitable for your landscape including process/tools to promote APIs
Define a clear SDLC –APIfirst based
Size You Requirement
You need to ensure your cloud management database has the necessary storage and capacity
Your gateway needs space to manage archiving & patching of the gateway along with logging API logging
Tune the gateway to make most of memory
Don’t Forget To Make Operations Easy
If you have a central monitoring tool, hook up all the gateway component logs
Make API Policy logs easy to see
Consider adding into header Trace Ids to allow invocation tracing end to end
Conclusions
1 2 3 4
30Copyright © Capgemini and Sogeti 2017. All Rights Reserved
Thank you!! … and remember:
“With great APIs
comes great
responsibility”
1 2 3 4 5
31Copyright © Capgemini and Sogeti 2017. All Rights Reserved
API Platform Book
Goes to Print Q1 2018
… Available as Alpha (download chapters as we
finish them)
Order from …
• http://bit.ly/APIP-CS
• http://bit.ly/APIP-CS-Amazon
http://APIPlatform.cloud
The information contained in this presentation is proprietary.
Copyright © 2016 Capgemini and Sogeti. All rights reserved.
Rightshore® is a trademark belonging to Capgemini.
www.capgemini.com
www.sogeti.com
About Capgemini and Sogeti
With more than 180,000 people in over 40 countries, Capgemini is a global leader in
consulting, technology and outsourcing services. The Group reported 2015 global
revenues of EUR 11.9 billion. Together with its clients, Capgemini creates and delivers
business, technology and digital solutions that fit their needs, enabling them to achieve
innovation and competitiveness. A deeply multicultural organization, Capgemini has
developed its own way of working, the Collaborative Business Experience™, and
draws on Rightshore®, its worldwide delivery model.
Learn more about us at www.capgemini.com.
Sogeti is a leading provider of technology and software testing,
specializing in Application, Infrastructure and Engineering Services.
Sogeti offers cutting-edge solutions around Testing, Business
Intelligence & Analytics, Mobile, Cloud and Cyber Security. Sogeti
brings together more than 23,000 professionals in 15 countries and has
a strong local presence in over 100 locations in Europe, USA and India.
Sogeti is a wholly-owned subsidiary of Cap Gemini S.A., listed on the
Paris Stock Exchange.
top related