Hewlett Packard Enterprise View on Going Big with API Management - Application Transformation, Hybrid Infrastructure and Secure Access at an Enterprise Scale

Download Hewlett Packard Enterprise View on Going Big with API Management - Application Transformation, Hybrid Infrastructure and Secure Access at an Enterprise Scale

Post on 22-Jan-2018




0 download

Embed Size (px)


<ol><li> 1. Hewlett Packard Enterprise View on Going Big with API Management - Application Transformation, Hybrid Infrastructure and Secure Access at an Enterprise Scale Terry White DevOps: API Management and Application Development Hewlett Packard Enterprise Fellow and Chief Technologist, Enterprise Services ABS DO3T11S @twhiteindtw #CAWorld </li><li> 2. Its about what you dont see Terry White November 2015 </li><li> 3. | Agenda 3 MARKET AND CLIENT TRENDS APPLICATION TRANSFORMATION CONSIDERATIONS FOR CREATION AND USE APPLICATION PROGRAMMING INTERFACE (API) API MANAGEMENT &amp; GATEWAY API DESIGN, GOVERNANCE AND EXAMPLE FOR HPE 1 2 3 4 5 6 WHATS NEXT, WHATS NOW? MICROSERVICES7 </li><li> 4. | Organizations are part of a dynamic ecosystem Demands and pace of change are increasing Suppliers Information sources Communities Your Organization Employees PartnersDevices Customers &amp; Citizens Everything and everyones connected Anywhere, any time, any access Immersive experiences, unhindered commerce, instant gratification More market opportunities; more disruptive competition Business and IT strategies converging Regulators Your Competitors 4 </li><li> 5. | Disrupting innovation is accelerating Mainframe Client/server Internet Mobile, social, big data, cloud 600,000+ tweets 2.2M Google searches 168 million+ emails sent And every 60 seconds: 217 new mobile web users 2/3 of IT decision makers spending less on traditional services as a result of moving to the cloud Average cost of a security breach $8.6M USD Volume of data by 2020: 40+ Zettabytes 5 </li><li> 6. | The Internet Client/Server Mobile, Social, Big Data &amp; The Cloud Mainframe Database ERP CRM SCM HCM HCM PLM MRM Amazon Web Services OpSource IBM GoGrid Rackspace Joyent Hosting.com Tata Communications Datapipe PPM Alterian Hyland LimeLight NetDocuments NetReach OpenText PaperHost Xerox Google HP Microsoft SLI Systems EMC IntraLinks Jive Software Qvidian Sage salesforce.com SugarCRM Volusion Xactly Zoho Adobe Avid Corel Microsoft Paint.NET Serif Yahoo CyberShift Saba Softscape Sonar6 Ariba Yahoo! Quadrem Elemica Kinaxis CCC DCC SCM Cost Management Order Entry Product Configurator Bills of Material Engineering Claim Processing Inventory Manufacturing Projects Quality Control Business Education Entertainment Games Lifestyle Music Navigation News Photo &amp; Video Productivity Reference Social Networking Sport Travel Utilities Unisys Burroughs Hitachi NEC Bull Fijitsu ADP VirtualEdge Cornerstone onDemand CyberShift Workbrain Kenexa Saba Softscape Sonar6 SuccessFactors Taleo Workday Workscape Exact Online FinancialForce.com Intacct NetSuite SAP NetSuite Plex Systems Cash Management Accounts Receivable Fixed AssetsCosting Billing Time and Expense Activity Managemen t Payroll Training Time &amp; Attendance Rostering Sales tracking &amp; Marketing Commissions Service Data Warehousing Finance box.net Facebook LinkedIn TripIt Pinterest Zynga Zynga Baidu Twitter Twitter Yammer Atlassian Atlassian MobilieIron SmugMug SmugMug Atlassian Amazon Amazon iHandy PingMe PingMe Associatedcontent Flickr Snapfish YouTube Answers.com Tumblr. Urban Scribd. Pandora MobileFrame.com Mixi CYworld Qzone Renren Xing Yandex Yandex Heroku RightScale New Relic AppFog Bromium Splunk CloudSigma cloudability kaggle nebula Parse ScaleXtreme SolidFire Zillabyte dotCloud BeyondCore Mozy Viber Fring Toggl MailChimp Quickbooks Hootsuite Foursquare buzzd Dragon Diction eBay SuperCam UPS Mobile Fed Ex Mobile Scanner Pro DocuSign HP ePrint iSchedule Khan Academy BrainPOP myHomework Cookie Doodle Ah! Fasion Girl Disruptive innovation is accelerating Docker Cloud Foundry OpenShift OpenStack Azure The waves are getting bigger and coming faster 6 </li><li> 7. | Applications and enterprise organization structure Aligned to organizational boundaries/budgets Functionally aligned Designed to assist with department &amp; organizational tasks Automate and Optimize Often sub-optimize Secured within the boundaries Sharing across boundaries through data Investment ROI Enterprise Legal HR Finance R&amp;D DevelopmentMarketing Manufacturing Sales Distribution 7 </li><li> 8. | Infrastructure Data User Interface Applic. Interface Application Functions Business Rules Business Process Controls Legacy Application Architecture Infrastructure Data User Interface Applic. Interface Application Functions Business Rules Business Process Controls Infrastructure Data User Interface Applic. Interface Application Functions Business Rules Business Process Controls Application A Program Y 8 Program X Application XYZ Dozens and dozens of programs 100s or 1000s of Batch Files &amp; databases Data Stores Data Access Business Presentation Infrastructure Modernize Technology New Legacy </li><li> 9. | Application Transformation Pain Points Inflexibility Current applications dont provide the services, access to business tasks, and information required to truly deliver valuable customer- and employee-experience applications and services. This makes it difficult for the business to be IT-enabled. Cost IT resources not directed where theyre needed, with traditional IT (legacy infrastructure and applications) consuming most of the IT resources. Risk Legacy applications are increasingly reliant upon scarce (and disappearing) technology skills and aging infrastructure (e.g., mainframes). This increases both operational and business risks over time Speed Todays applications are hard to change, improve, and adapt to offer new capabilities. Businesses need to move faster than ever to take advantage of business opportunities and/or meet regulatory requirements. 9 The speed of business has changed immensely. The demand for speed is constant and disruptive. Lee Kedrie, HPE Cloud Advisor </li><li> 10. | Cloud native SaaS package adoption Binary only Application Transformation Scenarios Re-host Re-installation Re-host Recompile Re-host Source code mod. Re-factor Source Code upgrade Re-Architect Forward &amp; Reverse Engineer Business Logic Re-host Image Migration Retire Archive Uninstall Replace COTS upgrade Dynamic Application P2V Containerize Upgrade to latest runtime version Eg: Unix to Linux Mainframe Cobol to Linux/Microsoft Take advantage of cloud automation Service enable Core Apps COTS or in- house application Apps Integration 2 Cloud (AI2C)Data Migration 4 Cloud (DM4C) Re-host Binary Migration Upgrade COTS &amp; Custom Adopt latest and standard COTS Package New Service &amp; API Introduction Cloud Hosted Cloud NativeCloud Aware Static Application 10 </li><li> 11. | Transformation to cloud is a journey with different on-ramps Enterprises will start with different use cases and create unique paths to cloud enable their business Standardize, Consolidate, Virtualize, Automate Build Cloud Build Cloud Packaged Applications Dev/Test Cloud Packaged Applications Build Cloud Application Transformation SaaS Applications Dev/Test Cloud Dev/Test Cloud Application Transformation API enabled hybrid infrastructure Private cloud Public cloudManaged cloud Traditional The API is everything for cloud computing - David Linthicum11 </li><li> 12. | The Digitally-Enabled Business Just as every business has a website to expose data or services for people, soon application programming interfaces (APIs) will be used to expose such assets in a machine-processable way. Gartner predicts that by 2016, 75% of the Fortune 1000 will offer public web APIs and 50% of business to business collaboration will take place through web APIs. 12 </li><li> 13. | Its an ______ Economy fill in the blank Whats your strategy? Mobile First? API first? 13 Self-Service Ease of use Location aware Notification (Attention) Brand engagement New revenue Great Idea! PrivatePublic Traditional IT </li><li> 14. | Application Programming Interface (API) 1) What is an API? API is a contract. A promise to perform described services when asked in specific ways. 2) How is it used? According to the rules specified in the contract. The whole point of an API is to define how it's used. 3) When and where is it used? It's used when 2 or more separate systems need to work together to achieve something they can't do alone. An application programming interface (API) is a particular set of rules ('code') and specifications that software programs can follow to communicate with each other. It serves as an interface between different software programs and facilitates their interaction, similar to the way the user interface facilitates interaction between humans and computers. 14 </li><li> 15. | Evolution of APIs Source: Deloitte University Press, API economy from systems to business services, accessed October 7, 2015 15 October 28, 2015 14,187 APIs 17% increase since January </li><li> 16. | Critical Requirements Support - Support for your teams interface becomes critical Security - Every teams interface becomes a potential Denial-of-Service attacker requiring service levels, quotas and throttling Monitoring / QA - Monitoring and QA are interconnected, you will need smart tools for not just telling if something is up and running, but actually delivering the expected results Discovery - Service discovery becomes important. You will need to know what APIs there are, if they are available and where to find them Testing - Sandbox and debugging is essential for all APIs 16 </li><li> 17. | API Management Services API Publisher: enables API providers to easily publish their APIs, share documentation, provision API keys, and gather feedback on an APIs features, quality and usage API Store: provides a space for consumers to discover API functionality, subscribe to APIs, evaluate them and interact with API publishers API Gateway: enables you to secure, protect, manage, and scale API access 17 MonitoringandAnalytics ConsumersProducers Collaboration API GatewayAPI Calls Runtime Existing Services &amp; APIs API Publisher Tooling API Store Tooling Publish DevelopMonitor Manage Find EvaluateSubscribe Explore APIAPI API+V1 Published Rated Governance </li><li> 18. | Seven Habits of Effective Service and API Management Habit 1 Apply an API-First design approach Habit 2 Choose a solid API runtime Habit 3 Create a central service repository Habit 4 Manage services through versions, policies and contracts Habit 5 Promote and socialize your APIs Habit 6 Monitor and assess API usage Habit 7 Continually improve - refactor constantly to improve the API 18 Source: Mulesoft, Seven Habits of Highly Effective Service and API Management, August 13, 2013 </li><li> 19. | API Design Domain Driven Design - Business Context CRM SCM F&amp;A HR Travel Health Retail Finance Agriculture Construction Manuf. Comm. Business Domains Cross Industry Domains Vertical Industry Domains Supply Chain Management (SCM) Based on Supply Chain Operations Reference (SCOR) model, Supply Chain Council Plan Source Make Deliver Return Build to Stock Build to Order Engineer to Order Schedule Issue Product Produce &amp; Test Package Stage Release to Deliver Decompose and Create Abstractions Capacity Inventory ConstraintsDemand Simulate Count ModelAggregate AnalyzeLocate 19 </li><li> 20. | API Design Power of APIs for every domain 20 Network StorageCompute Cloud OS PaaSSaaSIaaS OSS/BSM/ITSM API abstraction at each domain and within the domain Portal/API Applications / Services Developer/Middleware/Run Time CRM SCM F&amp;A HR Travel Health Retail Finance Agriculture Construction Manuf. Comm. API enabled business domain Apps &amp; Services Orchestration/ Automation ----------- Configure/ Provision </li><li> 21. | API Governance The Set of APIs and their scope service oriented API governance Administration of APIs lifecycle management; versioning Quality of the API implementation, documentation - complete package to release API Policies security access (what/whom/where), constraints, transformations, and extensions 21 API Governance/Development API Consumption Ex. HP Systinet, CA API Portal Ex. CA API Gateway Design Time Run Time Design Lifecycle Policies Standards Resilience Quality Security Implementation Configuration Availability Throttling Monitoring Security </li><li> 22. | Secrets of a Great API Secret #1: Design for great user experience Secret #2: Optimize for use case Secret #3: Provide easy access Secret #4: Build a community APIs are becoming ubiquitous as their potential to transform business is becoming widely recognized. But delivering a successful API program that achieves defined business objectives requires a systematic approach to designing and managing APIs. Great APIs arent difficult to develop if you design for your users and the business processes the API will support, if you make it easy for developers to find and consume your API, and you actively manage your API developer community as an extension of your business. 22 </li><li> 23. | API Gateway example at Hewlett Packard Enterprise Problem Statement 23 Secure API Gateway Mobile SSO Unified Authentication &amp; Authorization Protect Backend HPE Mobile B2E &amp; Partners Converge efforts across corporation Enable many and different devices Flexibility to rapidly: Integrate new B2E/B/C Use cases Integrate new requirements HPE B2B Externalize large classic IT Apps Enable integration with enterprise SaaS Apps </li><li> 24. | Backend APIs Authorization Server Enterprise IdPs Database (tokens, services, tenant, analytics) Token Service Mobility SSO Authorization engine Service registry IdPs manager Tenants manager Analytics API Tenant Provisioning API Service Provisioning API Core API Engine SaaS providers Identity Providers DMZ Enterprise Intranet Internet HPE security Gateway Solution architecture (functional) Central Token - Security segregation and bridging to integrate the different backend security models SSO module for corporate mobile Apps Service Registry Tenant Management Authorization enforcement - Interface with the HP Authorization server Management console - to ease the deployment, configuration and monitoring of the platform Analytics data - fine grained visibility on API traffic Audit-log Mobile devices 24 </li><li> 25. | Enterprise Applications handle enterprise scale but are 25 Not the fansBuilt for the players </li><li> 26. | Additional Considerations when creating and using APIs Security Scale Service Level Support Level Monitoring / logging Versioning Resilience / failures Dependencies Transaction Management Vocabulary Timeliness of information DevOps API development for new style of IT both requires DevOps and supports DevOps 26 </li><li> 27. | Going API First - Its important to have management support At Amazon, Jeff Bezos issued a mandate sometime back around 2002: All teams will henceforth expose their data and functionality through service interfaces. Teams must communicate with each other through these interfaces. There will be no other form of inter-process communication allowed: no direct linking, no direct reads of another teams data store, no shared-memory model, no back-doors whatsoever. The only communication allowed is via service interface calls over the network. It doesnt matter what technology they use. All...</li></ol>