Transcription
API Management Comparison – Our PoVNov 18th , 20201Copyright 2019 HCL Technologies www.hcltech.comCopyright 2016 HCLTechnologiesLimitedLimited www.hcltech.com
AgendaAPI Management Key Parameters Product Comparison (Azure APIM vs other products) Solution POVSecrets Management On Premise Options Azure Key Vault AKV ArchitectureNext Steps Next Steps2Copyright 2016 HCL Technologies Limited www.hcltech.com
Comparison of Azure, Mule & Dell BoomiAPI Management Perspective3Copyright 2016 HCL Technologies Limited www.hcltech.com
CONSENT ON COMPARISON“The comparison & recommendations provided against each of the API Products arebased on our own assessment & implementation experience on various capabilities.This does not stand as the thumb rule against the products and this recommendationsare only to set basic guideline for product selection”Strictly for Internal Use by the Business & Partner4Copyright 2016 HCL Technologies Limited www.hcltech.com
API Management – Solution CapabilitiesLifecycle Management - Create, test and Publish APIsAPI Gateway to enforce policiesSupport for on premise and cloudLow latency solutionDeveloper portalProductized offeringAPI security5Copyright 2016 HCL Technologies Limited www.hcltech.com
API Management – Deployment ModelsOn Premise6On CloudHybridPaaSSaaSCopyright 2016 HCL Technologies Limited www.hcltech.com
Azure vs Mule vs. Dell Boomi Scope of our comparison is mainly on API Management capability only. Each of these Enterprise products have diversified capabilities along with API Management Capability.Our main focus areas of comparison are on: SecurityAPI Life CycleAPI OrchestrationTraffic Mediation & RoutingDeveloper and App onboarding Cloud Integration7 Availability Monetization Documentation &Productivity Operational Aspects Cost Vendor SupportCopyright 2016 HCL Technologies Limited www.hcltech.com
API Security & IdentityFeatureAPI KeysExcellent. Multi level Subscription keysExcellent. User Specific, Key specific callsrestrictions are providedAdequateIdentityManagementExcellent. Integration with Multiple AD domainsExcellent. Provides sandbox environments,Audit log etc.Excellent. Nano level services control overidentity verification could be providedThreatProtectionExcellent. Rate Limit, DoS attacks, IP filters, JWTtoken validation. Customizable threatprotection policies to create complex rules.Excellent. Protection at multiple layers.Policies for XML & JSON threat protection,Rate limiting for DoS attacks, Oath, CORSExcellent. Provides atmospheric APIs toprovide threat protectionSchemaValidationExcellentExcellent. Validation component for XML &JSON schema validation is available.Excellent. Provides cleaning shape processAPIs to validate document field values repair or reject the document beforeprocessingEncryption /maskingExcellent. Encryption of data in motion and atrest.Excellent. Encryption module that allows forencryption of data in motion and at rest.Masking of desired PII data can be achieved.Excellent. Base 64 encode/decodefunctionality through data process shape.PGP Encryption/Decryption functionalitythrough data process shape.TokenManagement,OAUTH, SAMLExcellentExcellent. Federated access and protocolconversion is supportedAdequateSSL & PKISignaturesExcellentAdequateAdequate8Copyright 2016 HCL Technologies Limited www.hcltech.com
API Lifecycle GovernanceFeatureVersioningAdequate. Supports multiple active versions,supports routing based on consumer throughAzure GatewayExcellent. Provides shared API Portal forversioning, deletion and deprecation ofdeleted APIs – no further access by newconsumers, multiple active versions,automated routing based on clientsExcellent. Provides life cycle process forAPI Versioning, support for multiple activeversionsDeploymentExcellent. Azure DevOps CI/CD pipeline helps inautomating the whole deployment process. Canbe deployed to multi-regions in few clicks.Excellent. API promotion and environment canbe managed separately from APIimplementation. Same implementation can berun in Mule IPaaS, on-prem or otherpublic/private clouds.Adequate. Deployment function is inbuiltinto the platform. Atomsphere API's arealso available which could be used tointegrate deployments through externalCI-CD tools.Life CycleExcellent. Design and implement reusable APIswith complete CI/CD – integration with 3rd partytesting / defect tracking / mgmt. tools. Manage,orchestrate, monitor, analyze usage of APIs.Supports highly scalable and multi-regionenvironment.Excellent. Reusable APIs, Automated CI/CDprocess, manage APIs, orchestrate, monitor,analyze, and facilitate reuse to increase APIconsumption.Excellent. Provides unified platform forlife cycle managementPublishing toMultipleExternal StoresAverageExcellent. OAS API prepared can be sharedwith external stores.Adequate. While Atomsphere APIManagement Platform is one, butunderlying Atoms in private mode couldbe deployed to multiple regions, nodes9Copyright 2016 HCL Technologies Limited www.hcltech.com
API OrchestrationFeatureWorkflowExcellent. LogicApps to integrate with businessapplications and define workflows on Azure –with 100s of in-built connectors, Customworkflows through Azure Service Bus, customLogic ConnectorsExcellent. Provisions to integrate with externalworkflow engines. MuleSoft provides manyOOTB routing components to implementcomplex orchestrations scatter-gather,aggregation, splitter/for-each , etc.Excellent. Provides low code developmentplatform for workflow management.Boomi Flow could be leveraged foradvanced workflow features, ComplexOrchestrations involving multiple systemscould be achieved in Boomi throughdifferent Logic/Connect/Execute ShapesServiceConsolidationExcellent. Extensive set of policies for serviceconsolidation. Unified API endpoint to exposeinternal and external APIs injecting commonauthentication making it transparent to endusers.Excellent. Provides rich set of consolidationrules. Routing of multiple services usingvarious process API can be aggregated toachieve API consolidationAdequate. Provides design time tools forAPI Management. A Single API withmultiple operations on different HTTPMethods and multiple underlyingImplementation processes could beachieve in Dell BoomiBranchingPoliciesExcellent. Provides support for variousbranching policies through Azure Repos/DevOps Server 2019 / TFS 2018.Excellent. Mule Anypoint platform providesIDE for branching policy creationExcellent. Provide visual design tools forcreating branching policies. Support isavailable to drive multiple Code branchesfor different requirements .10Copyright 2016 HCL Technologies Limited www.hcltech.com
Traffic MediationFeatureData FormatTransformationExcellent. Provides Extensive set oftransformation rulesExcellent. Has powerful transformation engineDataweave to transform data.Adequate. Provides map componentfunctions for data transformationProtocolConversionfrom SOAP toRESTExcellent. Possible through SOAP Pass through.This could also be customized using . Possible through Azure Service BusAdequateExcellent. Provides enormous set ofintegration components11Copyright 2016 HCL Technologies Limited www.hcltech.com
Developer & Application On boardingFeatureClient ID & AppKey Gen.AdequateAdequateAdequateInteractive APIConsoleExcellent. Extensive provision to publish &explore services. Auto-generated API catalog,Manage developers’ access and usage from oneplace. Provide API usage reports and aninteractive console for API testing.Excellent. API console gets auto generated atdesign time using the specification itself. APImocking is OOTBSufficient access to manage certain aspects oflook & feel of the Dev Portal is possible.Average. API console is a bit lagging inDell Boomi API Management module.Only a swagger visualization portal isavailable to help developers.Boomi is expected to release enhancefeatures in this aspect in next few monthsCatalogueAdequateAdequateAdequateSearch &ProvisioningExcellent. Extensive provision to search throughthe product catalogueExcellent. It has rich search capability.Adequate. Provides multiple searchoptions12Copyright 2016 HCL Technologies Limited www.hcltech.com
Traffic Mediation & RoutingFeatureData FormatTransformationExcellent. Extensive policies could becustomized as per the transformation needExcellent. Advanced dataweave feature can beused to transform various data formats.Exellent. Dell Boomi Visual Mappersupports formats like JSON, XML, CSV, EDIetcOOTB Functions like Lookup, ConnectorCall, scripting etc make complextransformations possible to do in Boomi.ProtocolConversionfrom SOAP toRESTAdequate. OOTB capability to convert a SOAPAPI to RESTAdequate. Protocol conversion can beachieved using transformation.AdequateLegacyIntegrationExcellent. Possible through Azure Service BusExcellent. Platform enables legacy system likeDB, JMS, MQ, File integration with help ofnearly 140 connectors. Custom connector canalso be build using SDK kit.Excellent. Boomi supports AS 400integration. Custom groovy scriptingleverages external libraries. Customconnectors with inbuilt technologyconnectors can also be leveraged.Rate LimitationExcellent. Rate Limit policies can be defined.Multiple level of throttling setup i.e., user,location, key, geography etc.Excellent. Various policies like rate limitationon API usage with SLA tier can be applied inAPI ManagerExcellent. Restrict number of incomingrequests for a specified time period perAtom or per Environment is possible.CachingExcellent. Radis Cache for custom cachingmodules – can be used as an in-memory datastructure store, a distributed non-relationaldatabase, and a message broker.Excellent. Mule Object Store is used forcaching the response. Integration withExternal Caching Provider supported.Adequate. Inbuilt Document Cachingmechanism.13Copyright 2016 HCL Technologies Limited www.hcltech.com
Analytics & Traffic MonitoringFeatureTrafficMonitoringExcellent. OOTB Azure Monitor. Azure EventHub Plugins and extensive support to integratewith various monitoring 3rd party tools.Excellent. Customized dashboard for APImonitoring and provision to setup the custom& trigger notifications.Excellent. Provides dashboard to performreal time monitoringAnalytics onTrafficAdequate. Azure Monitor -Metrics, DiagnosticLogs and Alert rules, Analytics, Integrationthrough LogicApps to alert stakeholder, takenecessary action based on analyticsAdequate – AnyPoint visualizer, AnyPointMonitoring ComponentAdequate. OOTB Dashboards available toview statistics like API Usage History, APIUsage Trends and Average ResponseTimes. This can be filtered out to thelevels of different environment types aswell as Day/Week/Month/Year Basis14Copyright 2016 HCL Technologies Limited www.hcltech.com
Cloud IntegrationFeatureSSO to SaaSProvidersExcellent. Default and external token issuancesystems could be configured. Azure domainstore could host number of AUTH providersExcellent. All SAML2.0 based configured SAMLidentity provider (ID) are supportedAdequate.IaaS IntegrationExcellent, Express Route provisions theintegration facilityExcellent. VMs can be configured to run Muleruntime to run applicationsAdequate. Dell Boomi Atoms aresupported on various IaaS clouds.SaaS DataConnectorsExcellent, through Azure Service Bus providesvariety of connectorsExcellent. Platform provides various OOTBconnector support like Salesforce, MongoDB,Workday, SAP Hybris, Amazon S3, etc.Excellent. It provides various connectorsto integrates your on-premise and cloudbased applications. Connectors to allleading SaaS providers are available inBoomi (150 Connectors are available)15Copyright 2016 HCL Technologies Limited www.hcltech.com
Operational IntegrationFeatureSystemMonitoringExcellent. Azure Monitor - provide near realtime alerting in public preview for platformmetrics from Azure services such as VirtualMachines, Networking, ServiceBus, EventHubs,etc. Surfaces metrics and logs from manyservices such as, Networking, Storage, TrafficManager, Network Interfaces, Express Routes,Load Balancers, Data Lake Store, Data LakeAnalytics, etc. ,Excellent. Monitors the performance acrossservers and apps. Platform provide OOTB APIand Runtime monitoring supports eventdriven alerts, logging support, monitoringdashboards for managing the applicationhealthAdequate. Monitoring Options areavailable for "Shared Web Server", "Atom,Molecule & Atom Clouds".System monitoring with JMX and DiskSpace monitoring options are alsoavailable.Clustering &ScalabilityExcellent. API could be hosted in Multi RegionHigh availability zones.OOTB capabilities - Azure Service Fabric Cluster,Azure Service Mesh. OOTB capability to scaleup/down, upgrade/downgrade to any of the 4tiers (Dev/Basic/Std./Premium), supportsscaling to multi-region/geo.Adequate. It has limitation to have maximumof eight nodes in a cluster. Clustering issupported on on-prem. On cloud auto-HAdeployment & LB features are used. Horizontalscalability feature is supported for alldeployed application based on eventsconfigured.Excellent. Atmosphere is multi-tenantplatform. Both Horizontal and Verticalscaling is possible.Features like Atom Workers, Moleculescan also aid in scaling up the APIImplementations.Clustering of Atoms to form a molecule(HA and LB) is supported OOTB for privateAtoms.16Copyright 2016 HCL Technologies Limited www.hcltech.com
AvailabilityFeatureAuto healingExcellentExcellent. Cloudhub monitors and provide selfhealing mechanism.AdequateAuto scoveryExcellentAdequateAdequateDynamic SupportExcellentAdequateAdequateMulti TenancyExcellentExcellentAdequateMulti ght 2016 HCL Technologies Limited www.hcltech.com
MonetizationFeatureUsage PlansExcellent. You can create stripe plans for yourproductsAdequateAdequateBilling EngineIntegrationExcellent. Payment provider could be integratedfor collecting paymentsAdequateAdequateRate PlanAdequateAdequateAdequate18Copyright 2016 HCL Technologies Limited www.hcltech.com
Documentation & Developer entExcellent. They have different flavours ofsupport namely standard, premium &premium plus.Learning CurveExcellentExcellentExcellent. Provides good trainings andmanual for learning the Dell Boomi.Ease ofDevelopmentExcellentExcellentAdequate19Copyright 2016 HCL Technologies Limited www.hcltech.com
CostFeaturePricing20Cost Effective compared to AWS. Priced atdifferent Tiers based on SLA. Pay as you gomodel.Pricing is high compared to other API tools.MuleSoft supports annual subscription-basedmodel.Many customers feedback is that pricing is notthat cheap, but value for money at enterpriselevel.Considering one needs to purchase thePlatform even if they want only 1 core, itmakes sense only at enterprise level.Expensive comparing to APIGEE. 1. Boomifollows connection-based subscriptionpricing model.If an enterprise plans to use more than20 connectors, Boomi offers attractivepricing that can be negotiated.Copyright 2016 HCL Technologies Limited www.hcltech.com
Final Chart of Comparison – Qualitative Benefits1. API Security & Identity1. API Life Cycle Governance2. API Orchestration2. API Orchestration3. Traffic Mediation3. Analytics & Traffic Monitoring4. Developer & Application Onboarding4. Cloud Integration1. Operational Integration5. Routing6. Cloud Integration7. Operational Integration8. Availability9. Monetization10.Documentation & DeveloperProductivity21Copyright 2016 HCL Technologies Limited www.hcltech.com
Secret Management – Product Options22FeaturesAKVHashicorp VaultLicense typePaaS (standard and premium Tier)Open Source (for Enterprise setup license required– very high cost)Operational EffortNo / minimal operations effortNeeds setup and maintenance effort additionallySecurity CertificationFIPS 140-2 Level 2 (Leve 3 – AKV Managed HSM)FIPS 140-2Keys protectionEncrypted through Software keys(HSM protected keys-Premium Tier)HSM KeysScalabilityCan scale up through simple UI configurationTo be constantly managed and monitoredAvailabilityWell Managed through Azure – high availabilityachieved through simple stepsTo be self managedReplicationEasy replication of key Vault across regionsSupported only in Enterprise versionBackup Key VaultYesYesImport Keys (BYOK)Can import keys securely from on-premScripts need to be written/ customizedCopyright 2016 HCL Technologies Limited www.hcltech.com
Secret Management – Product Options23FeaturesAKVHashicorp VaultSupports on-premCan act as an on-prem setup through Azure StackYesAccess ControlYesYesDynamic SecretsNoYesSeal Vault in case ofcompromiseNoYesCertificate Mgmt.YesYesData EncryptionYesYesKey rotationYesYesStream to an Event HubYesNeed separate implementationIntegrate with AzureMonitor LogsYesNeed separate implementationIntegrate with variety ofDBs and toolsNoYesNeed in-house knowledgeof HSMNoYesCopyright 2016 HCL Technologies Limited www.hcltech.com
Azure Key Vault – Reference ArchitectureBest Practices1. Control Access to Key Vault2. Limit Access to Key vault data3. Limit number of users withcontributor access4. Use separate Key Vault perapplication per environment5. Backup Key Vault on eachchange6. Turn On logging and setupalerts7. Restrict access to Key Vault logs8. Limit network exposure9. Turn on Soft recovery options2424Copyright2016HCLTechnologiesLimited www.hcltech.comCopyright 2020HCLTechnologiesLimited www.hcltech.com
Recommendation“We have detailed out the qualitative benefits of using the said products & detailed portfolio analysiscould help arrive at the best-fit product”25Copyright 2016 HCL Technologies Limited www.hcltech.com
7 BILLION ENTERPRISE 110,000 IDEAPRENEURS 31 COUNTRIESContent ContributorsSubramanian VeerappanEnterprise ArchitectEPS – Azure Development & DevOps CoE26Prabhu RamaswamyLead Solutions ArchitectModern AD – API & Micro Services CoE.Rajinder GuptaSenior Solutions ArchitectBusiness Productivity Services CoESarika SehraTechnical ArchitectBusiness Productivity Service CoECopyright 2016 HCL Technologies Limited www.hcltech.com
IaaS Integration Excellent, Express Route provisions the integration facility Excellent. VMs can be configured to run Mule runtime to run applications Adequate. Dell Boomi Atoms are supported on various IaaS clouds. SaaS Data Connectors Excellent, through Azure Service Bus provides variety of connectors Excellent. Platform provides various OOTB
