What is API First?
advertisement
Microservices under the
microscope
QCon – São Paulo
#APIFirst
@rdmeyersf #API @axway
March 24, 2015
1
“To Improve Is to
Change; To Be Perfect Is
to Change Often”
Sir Winston Churchill
© 2015 Axway
|
Confidential
2
Digital Business Changes Everything
3
Digital Business has no Border
• Architecting for
Mobile isn’t enough
• Omni-channel
experiences require
a new approach
• Digital products are
King
4
Digital Business has no Speed Limit
5
BMW i Remote App
•
•
•
•
•
•
Status of car
Charging status
Doors, windows…
Inspection due
Range
Route to car /
to public
transportation
6
Single Customer Experience
7
Netflix has shown the way…
Reactions Adrian Cockcroft received.
“You guys are
crazy! Can’t
believe it”
“What Netflix is doing
won’t work”
-2009
-2010
“It only works for
Unicorns like Netflix”
-2011
“We’d like to do
that, but can’t”
-2012
8
Enterprise IT Adoption Cycle
http://blog.gardeviance.org/2012/07/adoption-cycles.html - Simon Wardley
9
A mandate for change!
10
Digital Business in API Terminology
A Simple, Stateless Message
• {“API”:“First”}
• {“API”:”Microservices”}
• {“Microservices”:“Change”}
11
Digital Business in API Terminology
A Simple, Stateless Message
• {“API”:“First”}
• {“API”:”Microservices”}
• {“Microservices”:“Change”}
12
APIs Must be Useful
"The value of a well-designed
object is when it has such a rich
set of affordances that the people
who use it can do things with it
that the designer never
imagined.”
Donald Norman
13
What is API First?
• Involved in most new projects
–
–
–
–
–
–
B2B
Mobile
Cloud
IoT
Social
Big Data
• Lead with APIs by default
14
What is API First?
The API
is the
Contract
The API
is the
Product
API
First!
15
Making API First Work
16
Digital Business in API Terminology
A Simple, Stateless Message
• {“API”:“First”}
• {“API”:”Microservices”}
• {“Microservices”:“Change”}
17
Introducing Microservices
“…the microservice architectural style.. ..is an
approach to developing a single application as a suite
of small services, each running in its own process and
communicating with lightweight mechanisms, often an
HTTP resource API. …”
Martin Fowler
http://martinfowler.com/articles/microservices.html
18
API First vs SOA
APIs
…And the
product
“This is
what I
need…”
API Management
The API is
the
contract
SOA/ESB
“Here is
what I
have to
offer…”
WSDL is
the
Contract
Backend
App is the
Product
19
From SOA to API First
20
Digital Business in API Terminology
A Simple, Stateless Message
• {“API”:“First”}
• {“API”:”Microservices”}
• {“Microservices”:“Change”}
21
Public APIs:
Better Customer
Experience
The API is
the
contract
…And the
product
“This is
what I
need…”
API Management
Microservices Focus on Change
SOA:
Better Apps +
Integration
“Here is
what I
have to
offer…”
WSDL is
the
Contract
Backend
App is the
Product
Microservices:
Improved Developer
Experience
22
Legacy Enterprise Applications
Web
Client
Data
Storage
Backend Server
Mobile
Client
Other
Other
Clients
Clients
23
The Backend Was Still Monolithic
• Tightly coupled
• Monolithic scaling
Backend Server
24
SOA brought separation, but little
empowerment
• Course grained, reusable, more scalable services
• Coupled through orchestration
• Still common servers, DBs, data
Service
Service
Service
Service
Backend Server
25
Microservices brings developers
• Why SOA?
• Why Microservices?
– Break the monolith
– Integrate legacy apps
– Scale & Reuse
– A platform for the business
– Agility
– Not tied to servers, tools, DBs
Service
Service
Service
Service
Backend
Server
26
Build it, Run it, Own it
• SOA Services are seen as projects
– The team moves on when the scope of that project is
delivered
• Microservices and their APIs must be managed as
products
– Product team owns their service from conception to
retirement
27
Public APIs: True Loose Coupling
“Smart endpoints, dumb pipes”
• Simple and stateless (RESTful)
– Little coupling to a process (unlike Web services)
•
Designed outside-in based on how it’s consumed (product)
• Bullet proof
– Built-in error handling/checking
• Designed from the outside in (product)
– Very slowly changing, insulate from underlying change
• Self described
– Standard web API documentation (e.g. Swagger)
– Easy to use repository (search, etc.)
– Self testing during learning process
• All reuse configured not coded
– Security, identity, composition, policy/SLA, auditing, analytics
28
Microservices (Private APIs): Agility
• Platform agnostic
– Support servers, tools, languages, DBMSs of choice
• Constant change (daily)
–
–
–
–
–
Bounded code/products (microservices and APIs)
Bounded, independent teams owning “products”
Dev Ops approach from development to operations
Lightweight communication across containers
Automated testing, deployment
• Self service (versus governance)
– Self service, delegated ownership
– Governance processes tailored for self service
– Delegated control over “configurable” attributes
29
Design Security Assuming it’s Public
• Threat protection (e.g. OWASP top 10)
• Identity management (AAA, Oauth 2.0, Mediation)
– Don’t assume internal or private access
• Auditability, compliance
The Real Firewall
Microservices
Service
Service
Service
Service
Backend
Server
30
Trust, Visibility
Policies/SLAs
The Real Firewall
Microservices
Service
Service
Service
Service
Backend
Server
31
Key Takeaways
•
•
•
•
{“API”:“First”}
{“API”:”Microservices”}
{“Microservices”:“Change”}
Getting Started
– Security
– Public APIs
– Microservices
32
Q&A
© 2015 Axway
|
Confidential
33
Obrigado!
Microservices under the
microscope
QCon – São Paulo
#APIFirst
@rdmeyersf #API @axway
March 24, 2015
34
