taking control of your future: own your service platforms
TRANSCRIPT
Service Delivery BrokerTaking Control Of Your Future: Own Your Services Platform
November 2015
António [email protected]
This document is confidential. Unauthorized use or disclosure of the included information is strictly prohibited.
BACKGROUND AND CONTEXT
Project Background
In order to sustain its Web Ads business, PT/SAPO’s network of over
business partners and providersrequired managing and integrating a lot of heterogenous APIs, capabilities and content.
200
API Business Ecosystem
Historically, the front, middle and backoffices of an enterprise were integrated point to point by tight coupling, suitable only for a small number of integrations.
1
Front office
Business ecosystem
EDI
API Business Ecosystem
With SOA, enterprises adopted an architecture using a service bus for integration, creating loose coupling and the potential for reuse and flexibility. The complexity of integration meant use remained largely internal to the enterprise.
2Enterprise
service bus (SOA)
Business ecosystem
EDIEDI
API Business Ecosystem
The new architectural principle and programming model based on RESTful APIs reduces integration cost and complexity, so integrations can scale for many internal as well as external.
Source: PwC Technology Forecast 2012, Issue 2 – The Business Value of APIs
3
Business ecosystem
API
Project Background
The main business drivers were:
Fastertime-to-market
to build and launch innovative services.
Multichannel apps development agility(Mobile, Web, and TV)
Project Background
The main business drivers were:
A standardized catalog, made of agnostic and reusable APIs.
Developers should not have to worry about transversal aspects such as authentication, authorization, access policies, transformations, caching, etc., on every project, over and over again.
SDB Today
Currently delivering:
55million
requests/day
740
catalog
14TB
data traffic/month
23%GROWTH
YoY
APIs
SDB Enabled Faster Apps Development
PT’s Portfolio of Mobile, Web and TV Apps
ARCHITECTURE
Service Orientation is not Optional
SOA drastically reduces complexity associated to multi-platform, multi-vendors, multi-programming environments.
GOING FROM...Similar apps requiring multiple connections to each resource.
Knowledge of the source code for each resource is necessary
Forcing usage of specific programming languages
Consumer applications are coupled with underlying technology ContentIT ResourcesNetwork Resources
SOA drastically reduces complexity associated to multi-platform, multi-vendors, multi-programming environments.
...TOSimilar app interfaces will be developed in specific languages but standard resource interfaces are already available.
Knowledge of underlying resources technology is not necessary
Developers code in their most proficient language against standardized interfaces
Most common infrastructure aspects are abstracted and standardized ContentIT ResourcesNetwork Resources
Enterprise APIs Catalog
Domain APIs
Service Delivery Broker
Service Orientation is not Optional
Users and apps authentication
Resources access authorization
Access policies (e.g. throttling)
Data & format transformations
Content-based routing
Web caching
Load-balancing
API compositions
Stateless workflows
Payment/billing/provisioning integration
Agile Development and Delivery
Most common features are enabled through a configuration.
Solution Logical Architecture
SDB Marketplace
SDB Runtime
Service Enablers
Network Data/IT External
SDB Connect SDB Backoffice
APIs
Identity Gateway Product Lifecycle Management
Token Manager
Application Manager
Apps
Au
then
tica
te
Tran
sfo
rm
Cac
he
Valid
ate
Ro
ute
Thro
ttle
...
SDB Support Services
Catalog Transaction Trade Configuration Metadata Notification Usage Metric Incident Import/Export ...
API Lifecycle Management
Run as a Cloud Service
AND /OR
Run on Premises
Define a Concept Create a Product Ofler In Business
Concept Design Develop Deploy Operate Change
TVWebMobile Others 3rd Parties
TENANT
BTENANT
A
FE
3FE
4
TENANT
CFE
5FE
2FE
1
Multi-Tenancy & Dynamic Load Balancing
# of frontends allocated to each tenant can change in realtime
N entities sharing a database instance
Many entities over a single installation
Shared Databases
APIManagement
Big Data
SDN /NFV
Enterprise APIs Catalog
M2M / Internet of Things
API Management Scenarios
API L IFECYCLE MANAGEMENT
Role-Based Access Control
Granular profilesand access authorizations to all configuration items.
Product Manager
API/App Developer
Transition Manager
Partner
Service Operator
Real-Time End-To-End Tracing
Visibility on what apps Users accessed, what APIs those apps accessed, and what resources those APIs accessed.
APP“VOD App on iOS”
USER“[email protected]”
RESOURCE“Server A on Farm X”
API“SubscriberManagement API”
End-To-End Tracing
LOGICAL
Name of requested API
App that sent the request
Raw response
Detailed message flow
PHYSICAL
User login
Server that answered to the request
End-To-End Tracing
APPs & APIs SECURITY
Old Enterprise
Identity management is centralized and internal
Service provider controls users access to resources
UsersResources
The OAuth Shift
(Hybrid)
New Enterprise
Identity management is decentralized and external
Users control apps access to resources
UsersResources
Apps
One Protocol, Multiple Identity Providers Option
OpenID Connect
SERVICE DELIVERY BROKER BACKENDFRONTEND
Security Model for Apps and APIs
SDB Tenant Administrator
SDB Runtime
SDB
Sup
po
rt
Serv
ice
s
SDBBackoffice
Social Identity AdaptersFacebook, Google, Twitter, LinkedIn, etc...
Web-based App
AppUser
Corporate IdPs WS-Federation Adapter
Token Manager
Identity Gateway
AppsAuth
Config
SDB Connect
APIs
2
3
4
6OAuth 2.0
OpenID Connect
Tokens
5
1
7
CONCLUSIONS
Service Delivery Broker Facets
Service Delivery Broker
ITSMPractices
IAMas a
Service
APIMarketplace
SOAGovernance
Service Delivery BrokerTaking Control Of Your Future: Own Your Services Platform
November 2015
António [email protected]
This document is confidential. Unauthorized use or disclosure of the included information is strictly prohibited.