Copyright © 2013 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies.

Layer 7 API Management for AWS

Secure & Manage APIs Hosted in Amazon EC2 for Simplified Integration with Partners, Federation with Enterprises, Cloud Bursting & External Developer Engagement

Layer 7’s API Management for AWS EC2 solution allows you to:

Manage AWS-Hosted APIs Control API security, SLAs and availability for EC2 applications

Extend Enterprise Identity

Federate enterprise identities with EC2 applications, for simplified access management

Open APIs to Partners Enable API-based integration with key partners

Simplify Cloud Bursting

Enable cloud mirroring and off-peak traffic bursts

Engage Developers Build developer communities and enable developer self-service

Learn More About Layer 7’s Solutions for Cloud API Phone

+1-800-681-9377 (toll free within North America) or +1-604-681-9377

Email info@layer7.com

Web www.layer7.com

Facebook www.facebook.com/layer7

Twitter @layer7

Open up AWS-Hosted Apps to the Enterprise, Partners & Developers

Hybrid enterprise applications often require communication of data and functionality between Amazon Web Services EC2 and the enterprise datacenter. Sometimes they also need to be integrated with partners or even other cloud services. Many operators of Web and mobile applications on Amazon Web Services (AWS) also want to open up their applications to external developer communities. All these scenarios require that APIs be exposed to systems and developers outside the enterprise. Layer 7’s SecureSpan API Proxy allows AWS customers to do this in a secure and managed way while addressing critical identity, performance, integration and elasticity requirements.

Enterprises exposing APIs from Amazon EC2 want to:

Manage access to APIs, based on federated identities Protect cloud-hosted APIs against attack Optimize API performance Enforce SLA policies for APIs Track API usage Insulate developers from API changes Ensure data privacy and integrity to and from AWS Mediate and translate API requests Dynamically expand capacity to accommodate seasonal/unexpected demand

To address these API security and management requirements in Amazon EC2, Layer 7 offers API publishers the option of deploying an API Proxy and API Portal in the same EC2 environment as their APIs.

The Role of an API Management Solution for APIs in the Cloud

The SecureSpan API Proxy can secure, meter, adapt and abstract REST, OData, SOAP and JSON service interfaces and can provide a secure communication and orchestration channel between hybrid applications residing in both the enterprise and the cloud. Mobile-specific proxy features optimize for mobile app performance and integration to mobile devices.

The Layer 7 API Portal makes it simple to onboard internal and third‐party developers and provides self-registration tools for API usage, management and subscription, with built-in workflow operations for approval of developers and applications. Analytics are provided, allowing developers and publishers to evaluate API effectiveness.

Fully Integrated into the Amazon EC2 Infrastructure

Layer 7’s API Management for AWS Solution provides out-of-the-box integration with Amazon EC2 infrastructure, for performance and scalability. Clusters of SecureSpan API Proxies use centralized RDS stores for policy management and logging, and support failover and disaster recovery scenarios across multiple environments. Integration with CloudWatch and Amazon Auto Scaling provides intelligent distribution of API requests to dynamic backend infrastructure, using built-in load balancing algorithms or Amazon Elastic Load Balancing. The API Proxy cluster can also scale as necessary, based on demand – throughput increases linearly with each new Gateway added to the cluster.

Copyright © 2013 CA. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies.

Figure 1: Layer 7 API Management for Amazon

Web Services EC2 (Basic Architecture)

Use Case 1 – API Management

Layer 7’s SecureSpan API Proxy can be configured in Amazon EC2 with security policies for APIs being exposed from the cloud. The Layer 7 API Portal allows developer onboarding, provides documentation and grants access to the APIs.

Use Case 2 – Federated Identity

The SecureSpan API Proxy can be placed within the enterprise to generate a federated identity token (SAML, for instance) containing important user attributes (group membership, rank etc). Alternatively, this API Gateway can serve as an OAuth authorization server and OpenID provider endpoint, to generate an access token. The API Gateway in Amazon EC2 will validate incoming SAML or OAuth tokens, without requiring actual user credentials.

Use Case 3 – Dynamic Scaling

The API Proxy can integrate with EC2 Auto Scaling to load balance to new API endpoints created due to high seasonal or intermittent load. If necessary, additional Proxies can also be automatically added to Gateway clusters in order to scale the management infrastructure.

Key Features

API Identity & Security

API Security API threat protection and data validation

End-to-end data and protocol security

JSON/XML content filtering

Advanced cryptography

Identity Brokering Identity-based access to services/operations

SSO to API publisher and third-party SaaS

Full support for OAuth integrations

Support for SAML, X.509 certs, custom tokens

Integration with leading identity, access, SSO and federation systems

API Mediation & Translation

API Adaptation & Orchestration

API and data remapping New API composition

Policy-based workflow allows orchestration of multiple backend API calls exposed as a single virtual API tailored to the device or platform of the caller

API Management & Visibility

SLA Enforcement Define rate limiting policies, based on endpoint or

requestor identity

Prioritize traffic requests

Optimize routing, based on latency

API Optimization Cache responses

Compress data

Aggregate message responses for mobile devices

Version Management Support multiple API versions Manage API lifecycle across dev, test

and production

API Metrics Usage metrics by user, developer, application Real-time visibility into API health

Developer Onboarding & Management

Developer API Keys Issue API Keys Allow self-service enrollment

API Discovery & Docs Publish API documentation Explore and test API functionality

Social Tools Create forums Enable rankings

To learn more about Layer 7, call us today at +1-800-681-9377 (toll free within North America) or +1-604-681-9377. You can also: email us at info@layer7.com; friend us on Facebook at facebook.com/layer7; visit us at layer7.com; follow us on Twitter (@layer7).