Red Hat partner Imperva recently announced an expanded portfolio of security products targeting protection against account takeover (ATO) and attacks targeted at APIs, as well as a three-second SLA for DDoS attack protection.
These new services provide comprehensive protection against a wide range of cybersecurity threats targeting not just websites, but also business-critical APIs, legacy systems, and other applications.
Read Imperva’s blog where they highlight that while APIs play a critical role in accelerating innovation and business growth in the digital economy, they need to be protected from cybercriminals trying attacks like intrusion attempts.
Also, don’t miss their press release where our director of product management, Mark Cheshire, weighs in on how Imperva’s solutions complement Red Hat 3scale API Management for a better, safer experience.
Red Hat conceived the agile integration concept to help our customers tackle integration challenges more effectively. As we described in an earlier post in detail, agile integration is an architectural approach centered around application programming interfaces (APIs) and API management. At its core, this concept resides on the following three pillars: distributed integration for greater flexibility, containers for the ability to scale better, and managed APIs for re-usability and hence speed.
When we started designing this concept we actually started from two premises:
- Agility today is the most important business capability — especially for incumbents in traditional markets.
- Every organisation has integration problems.
Typically in most companies nowadays the integration function is centralized and hence technically as well as organizationally a bottleneck. Our two premises contradict each other and we set out to design an integration concept that can solve this contradiction.
In order to come up with a solution that really helps our customers solve their integration problems in the best possible way, we first analysed the market to understand what actually are the problems that users are trying to solve. Although there are of course a very wide variety of often very fine-nuanced problems, it turned out that we could classify all the problems into six typical integration challenges. The following diagram summarizes these challenges and we then discuss each of them in more detail.
Continue reading “Six typical integration challenges that agile integration can solve”
In the mid 90s, Bill Gates famously said that “banking is necessary, banks are not.” There is certainly a lot of truth in this statement. We all need banking services in some shape or form. But who delivers these services to us is secondary. In fact, Accenture concluded in a study conducted in 2016 asking over 30,000 people in 18 countries that if the tech titans like Google, Amazon, or Facebook would offer such services, 31% of the respondents would switch to them. This clearly imposes a significant threat on traditional banking institutions.
Another challenge that banks are facing worldwide are the increasing demands for regulatory compliance with respect to openness. Such regulations include, for instance, Payment Services Directive 2 (PSD2) in Europe, the Amendment Bill to Japanese Banking Law in Japan, the National Payments Corporation of India (NPCI) with the Unified Payment Interface, UK’s Open Banking standard by the Competition and Markets Authority (CMA), or the Open Banking Regime by Australia’s Federal Government. Banks approach these regulatory challenges in many different ways. Some see it as a serious business threat and only do the bare minimum for compliance; others see it as an opportunity and with smart investment start building banking platforms for the future.
Our suggestion for building the banking platform of the future resides on the principles of agile integration, which is an architectural approach centered around application programming interfaces (APIs) and API management. At its core, agile integration resides on the three pillars: distributed integration for greater flexibility, containers for the ability to scale better, and managed APIs for re-usability and hence speed. We described the details in an earlier post.
Continue reading “The Role of Agile Integration in Open Banking”
Earlier this months at the Gartner ITxpo event, Massimo Pezzini presented the challenges that must be addressed by a pervasive enterprise integration strategy. In summary there are four types of hybrid challenges (see Massimo’s diagram below).
Continue reading “How to Address the Challenges of a Pervasive Integration Strategy”
Red Hat 3scale API Management Platform simplifies the integration between the APIcast gateway and Red Hat Single Sign-On through OpenID Connect (OIDC) for API authentication. Consequently, the new version enables API provider users to select and configure their API authentication process from the admin portal UI.
Continue reading “Red Hat 3scale API Management Simplifies OpenID Connect Integration”
In Red Hat 3scale API Management, we can manage any HTTP(S)-based APIs – including REST and SOAP. With REST, it is particularly straightforward as individual URL paths usually map quite nicely to operations. By operations, we mean fine-grained tasks and services which providers may wish to a) get visibility into and b) apply control access to.
With SOAP, there is more of a challenge, as it is typical for multiple operations to share the same endpoint. Yet providers may still want to get the same visibility and control they get with SOAP as they get with REST.
Continue reading “Integrating SOAP based Web Services into Red Hat 3scale API Management”
In an earlier blog, we wrote about how very low latencies in Java-based microservices can be achieved through our plug-in wrapper. That solution was general in nature, applicable to any API service.
In this blog, we show that the plug-in wrapper is applicable to a specific microservices framework – the open source microservices framework Light-4-J. In particular, we took an implementation of a microservices chaining tutorial, built upon it, and applied our Java plug-in wrapper API management component to it.
As we stated in our first blog, this approach may be well used for a particular use-case, i.e. internal API traffic, typically microservice to microservice. Services exposed to external parties, outside the DMZ, can continue to use the API gateway deployment for its routing and security capabilities. And indeed this differentiates Red Hat 3scale from other vendors in that both the plug-in deployment and the gateway deployment are feasible.
Figure 1 – Plug-in approach: API Management intelligence and configuration are decoupled from traffic enforcement and reporting
Continue reading “Low Latency API Management for Microservices framework Light-4-J – with Red Hat 3scale”
Today is a special day for the 3scale team at Red Hat. It’s been just 10 short months since the company joined Red Hat in the summer of last year and there has been a buzz of activity for the entire time.
One of the biggest new goals was to add a fully on premise version of the 3scale API Management product to the line up alongside the existing Software as a Service (SaaS) version. Hence the team is very happy to announce the availability of that new version which is now generally available. Get started looking at 3scale’s customer portal page.
Launching the on-premise version is special for two reasons. First, because increasing numbers of customers are now running large numbers of public and private APIs – often deep in their internal infrastructure. Deploying API Management in their own data center or in a cloud environment they own is often a key part of succeeding. Second, it is special because of the way on-premise is being delivered. Specifically the new product is shipping entirely on Red Hat’s powerful container management platform, OpenShift.
Continue reading “Go Anywhere API Management: 3scale API Management adds a Fully Containerized On-Premises Version”
In this article, we provide a solution that enables almost latency free API management for Java-based microservices APIs. We build on Manfred Bortenschlager’s white paper Achieving Enterprise Agility With Microservices And API Management. We provide a practical solution for adding the management layer Manfred outlines to internal microservice-to-microservice API calls.
API Management and Microservices
Figure 1 – a typical microservices architecture with depictions of externally and internally consumable microservices
In the white paper Manfred describes a typical microservices architecture consisting of:
- A perimeter service layer that is typically implemented by an API gateway which manages and secures components that follow the backend for frontend (BFF) pattern. The perimeter service exposes APIs to external consumers.
- Internal microservices that are clustered into functional elements and communicate via APIs.
The most common and most decoupled way to achieve API management is through deployment of API gateways on the API provider’s infrastructure. These gateways act as traffic controllers which authenticate, authorize, and report on API traffic to the 3scale API Management Platform. These extensive management features are achievable with very low latency overhead through our caching and asynchronous architectural features. Additionally the gateways provide excellent routing and security protections such as defense against DDoS attacks and more.
Continue reading “Ultra Low Latency API Management for Microservices with Red Hat 3scale”