Category Archives: News

WSO2 API Microgateway 3.0 is Released

The WSO2 API Manager team recently released version 3.0 of its WSO2 API Microgateway. This blog takes a closer look at the key attributes of a microgateway, changes in the new release, new features available, use cases of microgateway, and what to expect in the future from WSO2 API Microgateway.

Key Attributes

Cloud native

  • Comes as lightweight containers (fast boot-up times, low memory footprint, and low distribution size
  • Designed in a stateless manner
  • Isolated from underlying system/OS
  • Can be deployed on self-service, elastic, and cloud infrastructure
  • Agile DevOps and CI/CD
  • Automated capabilities for deployment
  • Developed with frameworks suited for cloud (based on Ballerina)

Developer-centric and enables the following:

  • Creation of microservices
  • Define the open API definition for microservices
  • Initiate the microgateway project from the open API definition
  • Build the microgateway project
  • Locally test the service exposed via microgateway

Decentralized

  • Decentralized per API gateway, with a dedicated gateway for each service
  • Contains a private jet gateway, with a dedicated gateway for clusters of same microservices
  • Contains sidecar gateways, gateways that are deployed in the same node with microservices
  • A gateway for subset of APIs only, to expose several services/APIs using a single API

Immutability

  • Rebuild required if API changes, new resource added
  • Finalize open API definitions prior to deploying
  • Immutable containers
  • Immutable runtime artifacts for non containerized runtimes

Scalability

  • Serves traffic independently (acts without key manager with self contained tokens, local rate limiting capabilities, and stores analytics data)
  • Independent scaling sans the need to scale other components
  • Can be scaled with microservices when used as private jet or side car mode
  • Inbuilt support for container orchestration tools to manage scaling

What Has Changed in the New Release?

1. Introduction of a developer-first approach

The 2.x series of WSO2 API Microgateway depended on the WSO2 API Manager publisher portal when designing APIs to be exposed via the microgateway. WSO2 API Microgateway 3.0 takes a developer-first approach. The API developer who is designing APIs and defining the interfaces of the APIs is now able to develop a microgateway based on the interface of his/her APIs.

In this new version, the microgateway toolkit will accept a valid open API definition of developer services or microservices, with WSO2 specific open API extensions. Then the toolkit will translate this open API definition into an executable format which is accepted by the microgateway runtime component. Once the API developer adds WSO2 specific open API extensions to the open API definition of the microservices, microgateway will add QoS like authentication, authorization, rate limiting, transformations, analytics, etc.

2. Separation of toolkit and runtime into two distributions

The 2.x series of WSO2 API Microgateway had a single distribution where both toolkit and runtime resided. The toolkit created runtime distribution for the user, containing all the APIs which the user had to add to the project. This has changed in WSO2 API Microgateway 3.0, which has two separate distributions, one for the toolkit and the other for the runtime. I’ve explained this in detail in the section below.

  • Microgateway toolkit

Microgateway toolkit is a command line tool designed for API developers to create micro gateway projects by adding open API definitions. This cli creates a project structure for the API developer once the project is initiated. If the API developer has a single open API definition or multiple open API definitions, these can be copied to this newly created project. Once the project is finalized, the cli can be used to build this project which will create an executable file that is accepted by the microgateway runtime.

  • Microgateway runtime

This is the component which actually serves the API requests. Runtime component cannot be run without providing the output created by the toolkit. The runtime component can be dowloaded as a zip file or as a docker image. When using a zip file, the executable file created by this toolkit should be provided as an input argument for the startup scripts of the runtime. When using the docker image, the executable file should be mounted into the docker container.

You can refer to the quick start guide to expose your first API with microgateway in a few steps here:

New Features

Define per resource endpoints

In the microservices world, developers might want to expose their microservices as APIs to the outside world. The API developer will define an interface of these services using open API definitions. Several microservices will be contained in a single open API definition which defines a single API for a particular use case (for example, online store). So when defining the microservices in the open API definition as REST resources, users should be able to define different back ends based on the resource.

Open API extension (“x-wso2-production-endpoints”, “x-wso2-sandbox-endpoints”) introduced by WSO2 enables users to define back end services at the resource level. This way, users can logically collect his microservices into a single API and these can be exposed via the microgateway. Refer to the documentation here.

HTTP2 support

WSO2 API Microgateway is upgraded to support HTTP/2 together with HTTP/1.1 as the incoming and outgoing transport protocol. WSO2 API Microgateway is able to process requests faster and simpler with HTTP/2 enablement. For more information on HTTP/2 and its benefits, refer to the HTTP/2 homepage. It supports both client -> gateway and gateway -> back end communication using http2. Refer to the documentation here.

Mutual SSL based authentication

Microgateway is enabled to serve requests from trusted clients without providing OAuth2 tokens. After sharing the certificates of the trusted client partners are, requests from these trusted certificates will be served. Microgateway can impose the mutual ssl as required or as optional. If required, then requests from only trusted clients will be served, and if it is optional, the trusted client will be served without OAuth2 tokens and untrusted clients (the client who has not shared their public certificates) will need a valid OAuth2 token.

Config based basic authentication support

Microgateway allows users to invoke APIs using their basic authentication credentials, apart from OAuth2 tokens as well. The basic authentication support can be defined per API using the open API definition. Microgateway supports the open API security schemes in order to define the basic authentication for the APIs. Refer to the documentation here.

Response and request schema validation

Microgateway can intercept responses and requests, and validate these against the models defined in the open API definition. Microgateway stores the open API definitions added to the microgateway project and cross check the request and response payloads against the schema models defined in the open API definitions. Refer to the documentation here.

Service discovery with ETCD

One challenge we face with microservices architecture is that the services are dynamic. Services do not have a fixed connection url, it changes with time, and are mostly maintained in a ETCD server as a key value pair. Since microgateway is immutable, it should be able to route traffic to these dynamics endpoints without having to rebuild. Connecting with the ETCD server and resolving dynamic micro services urls in real time are both supported by the microgateway. Refer to the documentation here.

Global throttling

Up to date, the microgateway was able to perform the rate limiting locally using memory. Each gateway maintained its own set of counters and throttling decision were taken in an independent manner. With this new release, the microgateway enables the publication of throttle events to the WSO2 API Manager traffic manager component, and take decisions based on traffic manger subscriptions.

Integration with third party key managers

By default all the APIs in the microgateway are OAuth2 protected. Hence API consumers require a valid OAuth2 token in order to invoke the APIs. Microgateway supports self contained jwt OAuth2 access tokens from any trusted key manager. In order to validate the jwt token sent by the key manager, microgateway requires the public certificate of the key manager in its trust store.

Request and response transformations

Microgateway now has the first class support to plugin external functions written in Ballerina, as interceptors during the request in-flow and the response out-flow. API developers can manipulate request/response headers, body, etc. prior to sending to the back end or responding to the client.

API/Resource level throttling

Earlier versions of microgateway only supported application and subscription level throttling. With this new version onwards, API developers can define new policies in the policy.yaml file of their project and attach them to the APIs using the open API extensions.

JWT revocation

Microgateway self validates the jwt tokens issued by the trusted key manager. It validates the JWT tokens signature using the public certificate of the key manager which signed the JWT. Due to this self validation mechanism microgateway will accept revoked tokens until they are get expired. So there should be a mechanism to notify microgateway about revoked jwt tokens. There are two mechanisms supported by microgateway:

  • Persistant notification via ETCD server

Microgateway can connect an ETCD server during startup and fetch all revoked tokens from the ETCD server. In the key manager component which issues and revokes tokens, there should be an extension point to add the revoked token into an ETCD server. When revoked tokens are added with their validity period, the ETCD server automatically removes them upon the expiration, hence mitigating the aggregation of revoked tokens on the ETCD server.

  • Real time notification via JMS

Microgateway can be configured to subscribe to a JMS topic to fetch details about tokens that are revoked during the runtime. This way, microgateway is notified about the tokens that get revoked after the server startup. In the key manager component, there should be an extension point to add the revoked token to the JMS topic.

Microgateway Deployment Use Cases

1.Monolithic centralized deployments

2.Use in microservices architecture as a private jet or sidecar gateway

3.Exposure point for the microservices as APIs in service mesh

What to Expect in the Near Future

  • GRPC support
  • Observability with Prometheus and Grafana
  • Cookie based authentication for SPAs
  • CI/CD with APIM import export tool and publish to WSO2 API Manager
  • Improved toolkit to fetch open API definitions from any URL
  • K8s CRDs with enhanced dev focussed design

Learn more about WSO2 API Microgateway here.

We have also organized a webinar which will explore in detail the architectural changes, new features and use cases, deployment patterns, and demonstrate the capabilities of WSO2 API Microgateway 3.0. Plus, screencasts that will be shown during this webinar will be published on our blog – so do keep a lookout for them.

AI-Powered Cyber-Attack Protection for APIs with WSO2 and PingIntelligence

The exponential increase in API adoption has made it a prime target for hackers who are hijacking tokens, cookies and keys, as well as targeting weaknesses in individual APIs. Because of the complexity of these attacks and the different access patterns and users of an API, static security controls alone cannot prevent a breach. That’s why we partnered with Ping Identity to protect APIs against cyber-attacks by combining the artificial intelligence (AI) powered API cybersecurity of PingIntelligence for APIs with the robust policy-based controls in the open source WSO2 API Manager.

WSO2 API Manager is a unique open source approach to addressing the full API lifecycle. It offers various static policy-based options for security and access control. These include:

  • OAuth 2.0 authentication and authorization for API access
  • Request and response validation against the most common request based attacks such as SQL injection, parsing attacks, and schema poisoning
  • API policy creation and enforcement based on specific parser properties and regular expressions
  • Support for many types of rate limiting capabilities including rate limits by request counts and network bandwidth usage
  • The ability to assign quotas to users, applications, IP addresses, devices, and regions among other things

PingIntelligence for APIs is the leading solution for AI-powered API cybersecurity. They help enterprises augment their static controls and extend their security capabilities with continuous, proactive API threat monitoring and detecting that automatically discovers anomalous API traffic behavior. Because bad actors are well versed in circumventing static security policies, PingIntelligence for APIs was purpose-built to recognize and respond to attacks which fly under the radar of foundational API security measures, and target API vulnerabilities—without policies, rules or code. These include:

  • Credential stuffing and brute-force attacks on login systems
  • Layer 7 DDoS attacks that scrape data and disrupt API services
  • Taking over accounts using stolen cookies, tokens or API keys
  • Rogue insiders exfiltrating data in small amounts over extended periods of time

WSO2 has developed an open source extension to communicate with the PingIntelligence API Security Enforcer (ASE), which can be deployed in the WSO2 API Gateway. This means that WSO2 API Manager users can apply AI-based security analysis for their APIs along with static policy-based security controls. Meanwhile, PingIntelligence users can utilize AI-based analytics when they externally expose their services as APIs.

To learn more about how the extension works and what attacks it can detect, read WSO2 Associate Director and Architect Sanjeewa Malalgoda’s article or register for our webinar. Download the extension for WSO2 API Manager here.

Enterprise Integrator 6.5.0 Focuses on Integration Developer Productivity

We are pleased to announce the release of WSO2 Enterprise Integrator 6.5.0. Our latest release includes unified integration and a data integration runtime (Integrator) as well as a micro integration runtime (Micro Integrator) and a comprehensive tooling distribution (Integration Studio) to support both runtimes.

This release aims at addressing developer productivity and cloud native integration requirements more comprehensively than ever. This has been one of the most anticipated WSO2 Enterprise Integrator releases, as it brings new product components and features specifically targeted at improving integration developers’ productivity as well as helping developers easily build and deploy container-native integration solutions. Following are the major highlights.

WSO2 Integration Studio

The integration team invested significant time and effort with the objective of improving the user experience and developer productivity of WSO2 Enterprise Integrator tooling. Some implementation targets for the new tooling included adding runtime validation of code, improving the look and feel of the tool palette and development canvas, improving the utilization of screen space, providing selection options for every possible configuration option, reducing the clicks and configuration steps, and adding Docker and WSO2 Integration Cloud support. In addition to the Integration Studio, we have improved the integration and micro integrator runtime with feature additions as well.

Some major capability enhancements are listed below:

  • New design for a superior graphical developer experience
  • Built-in micro runtime to support improved testing and debugging of integration artifacts
  • Capability to build Docker images from the development tool itself using runtime artifacts
  • Seamless experience to deploy integration artifacts into WSO2 Integration Cloud
  • Built-in project templates for faster initiation of new integration projects and artifacts
  • Artifact validation and error detection during the development stage of integration projects

WSO2 Micro Integrator

WSO2 Micro Integrator runtime is a lightweight product based on the same technology as that of WSO2 Integrator. Hence, artifacts developed for WSO2 Integrator (ESB) are fully compatible with WSO2 Micro Integrator. The reduced size and rapid startup time make this the ideal solution for enterprises that are planning to move into microservices and container deployable solutions. WSO2 Micro Integrator has been streamlined for developing composite microservices by orchestrating several services within a microservice implementation.

Key capabilities of WSO2 Micro Integrator runtime include:

  • Reduced startup time (< 5s)
  • Seamless deployment of integration artifacts from WSO2 Integration Studio
  • Reduced distribution size (< 150 MB)
  • Ability to generate micro integrator Docker images from WSO2 Integration Studio with integration artifacts
  • REST API to monitor and manage micro integrator runtime
  • CLI tool to inspect artifacts of micro integrator
  • Built-in monitoring capabilities with Prometheus, ELK, and WSO2 Integration Analytics

WSO2 Integrator Runtime

WSO2 Integrator runtime is the most common deployment environment used by a majority of WSO2 Integration platform customers. In this new release, we are introducing the following key capabilities to enhance integration development.

  • A new mediator named Property Group that enhances the usability by providing the ability to configure multiple properties inside a single mediator
  • Native JSON support for Iterate, Aggregate, and Enrich mediators
  • Message Processor improvements to handle poison messages
  • Enhanced REST support for Data Service JSON payloads
  • OData Support for MongoDB
  • Support to monitor statistics with Prometheus
  • Security fixes and bug fixes implemented since the previous release

Other Runtimes Packaged with WSO2 Enterprise Integrator

Bug fixes and security fixes that were done since the previous WSO2 Enterprise Integrator release are incorporated into WSO2 Business Process and WSO2 Message Broker runtimes.

Furthermore, in this release, we are announcing the deprecation of WSO2 Microservices for Java (MSF4J) runtime packaged within WSO2 Enterprise Integrator. The compelling reason for this is because we see more value added to users from the WSO2 MSF4J GitHub project and its artifacts since many microservice developers will use it as a dependency rather than a server runtime. Hence, we believe MSF4J is more useful for developers in its GitHub-based release cycle, so it won’t be packaged with WSO2 Enterprise Integrator in future releases.

To learn more about the latest release, features, and what it means for your experience, join our webinar on June 6, 2019.

We have also organized a webinar series with comprehensive discussions on WSO2 Integration Studio and how it can be used for integration efforts in your enterprise.

WSO2 Identity Server 5.8.0 is Here!

WSO2 Identity Server 5.8.0 is the latest success story of our Identity and Access Management team. After a marathon effort, we are glad to release v5.8.0 with new features, major improvements, and bug fixes.

New Features

OpenID Connect Back Channel Logout

So far WSO2 Identity Server has supported OIDC Session Management as the OIDC logout mechanism. From v5.8.0 onwards, it provides support for OIDC Backchannel logout as well. OpenID Connect Backchannel logout is a mechanism by which Relying Party (RP) applications are logged out with logout requests communicated directly between RPs and OpenID Providers (OP) bypassing the User Agent. The main advantage of this method is the ability to skip obtaining the support of user agents, hence this logout mechanism is less fragile.

SAML Front Channel Logout

WSO2 Identity Server 5.8.0 onwards provides supports for SAML Front Channel Logout. In SAML Front Channel Logout, session participants can use asynchronous binding such as:

  • HTTP Redirect Binding
  • HTTP POST Binding
  • Artifact Binding

Use this logout mechanism when the involvement of the browser agent is necessary.

Improvements

Product Observability

Product observability enables rapid debugging of product issues. By using this improvement, it is easy to narrow down issues in a production system by tracking the time of the major flows of the system. This helps to identify issues in production systems such as slow performance. There can be several reasons for the drop in performance. Examples include database bottlenecks, LDAP bottlenecks, or multiple JDBC queries. The observability feature helps you to identify the exact bottleneck that is slowing down performance.

SCIM2 Improvements for Filtering and Pagination

One of the main targets of this release is to stabilize SCIM filtering and pagination. We have mainly addressed some existing inconsistencies and spec compliance issues.

Configuring X509 Authentication with SSL Termination

This is supported by passing the client certificate in the request header from the proxy over SSL tunneling.

Other improvements include:

  • Support for issuing access tokens per token request
  • Support for configuring a JWKS endpoint for OAuth or OIDC based service provider
  • Support for configuring SAML metadata validity period for the resident identity provider
  • Inclusion of OAuth transaction logs for token generation and introspection
  • Supports reCAPTCHA for password recovery and username recovery

Performance Improvements

Compared to previous versions, performance of the major flows of Identity Server have been increased. The following diagram shows the average response times taken for some major flows in v5.8.0 compared to v5.7.0

Seamless Migration WSO2 Identity Server 5.7.0

With few configurations changes, a user can seamlessly migrate from v5.7.0 to v5.8.0. To enable the new features introduced in v5.8.0, the schema changes are necessary. However without those schema changes, the system will not break, so existing customers can simply point to the existing database which they have used v5.7.0 for the v5.8.0 and consume the existing features. A few default configuration changes done with v5.8.0 may cause some behavioral changes and these configurations can be referred to here.

You can learn more about WSO2 Identity Server 5.8.0 from this screencast.

WSO2 Update: Goodbye Tyler, Hello Vinny!

Its time to update on some management changes in WSO2. Tyler became CEO of WSO2 in September 2017 and has decided to move on from WSO2 to pursue an opportunity in the investor side of the equation. Sometimes you do get opportunities you can’t say no to!

Before updating on what comes next, let me take this opportunity to thank Tyler for the hard work he did as CEO. When Tyler joined and I stepped down, I wrote a blog introducing him – so I won’t repeat that info here.

Thank you Tyler!

I’ve been around quite a few years now but I don’t think I’ve ever seen anyone work so hard! Tyler epitomizes 24x7x365 and brought an amazing amount of energy and passion to everything he did during his tenure as CEO. In particular, Tyler brought a strong business focus to the company as previously we were much more tech focused. He helped re-organize our sales system in a more componentized way to help it scale better. He did numerous things across the board to keep the company growing – delivering another year of 50% YoY growth while maintaining cash flow positive execution.

Tyler is leaving the company strong and healthy! But he’s not fully leaving us – he will continue to be affiliated to us through the board and will continue to help evolve the company into a bigger and greater organization.

Thank you Tyler.

What’s next?

Hello Vinny!

Image source: https://www.ocregister.com/2013/05/24/smith-moves-on-after-grueling-battle-with-dell/

Vinny Smith is joining the WSO2 board and becoming Executive Chairman! Who’s Vinny?

Vinny is the founder of Toba Capital, an investment firm committed to helping create and build incredible technology companies.

Vinny began his career working for Oracle working in a variety of sales and sales management positions. From 1998 to 2012 he was responsible for leading the strategic direction of Quest Software and served as CEO/Chairman. Under his direction, Quest became a leading enterprise systems management company, scaling from just 25 employees to more than 4,000 employees worldwide and $1B in revenue.

Prior to joining Quest, Vinny cofounded Insight Venture Partners, which remains a leading venture capital firm based in New York. In the early 90’s he cofounded Patrol Software which he financed, managed, and sold in 1994 to BMC Software.

Outside of software, Vinny is an investor in real estate development projects throughout California. His foundation, Teach a Man to Fish, does philanthropic investing focusing on enabling passionate entrepreneurs who are devoted to vital causes. He is an advisor and financial supporter of organizations like Fuel Freedom, Gen Next Foundation, Augies Quest, Cure Duchene, Orphaned Starfish, Orange County High School of the Arts, MiddleBridge High School, and Mount Saint Joseph High School.

Vinny holds a bachelor’s degree in computer science from the University of Delaware.

I first met Vinny a few months after Quest invested in WSO2. Later, after Quest was bought by Dell and Vinny went on to starting Toba Capital, I had the pleasure of working more closely with him.

Over the last several years, with successive investment rounds and with Toba buying Intel Capital’s shares in WSO2, Toba is now the majority share holder in WSO2.

Vinny’s been a passionate supporter of WSO2 and extremely bullish about the potential of the company. He has also been very committed and passionate about building a company that’s heavily based out of Sri Lanka and seeing it become a global player. Just as a reference, in 2018 Gartner, Forrester and KuppingerCole named us market leaders in Integration, API Management and Identity & Access Management, respectively. WSO2 is now an established player in the market and is here to stay!

I have long chatted with Vinny about getting him to join the board and become active in the company. He finally felt this is the right time as we’re now at a meaningful scale and his experience and expertise in building Quest from a small size into a billion dollar revenue business will really help us scale.

So it’s absolutely awesome to have him not only join the board, but also take over as Executive Chairman! Being the Executive Chairman means he’s not just providing strategic guidance as a board member but in fact the executive in charge of the company. I’m utterly excited to have him on board in this way and look forward to a fun ride!

Shevan, Paul, and Shankar

Shevan Goonetilleke, who’s our current Chief Operating Officer, will be promoted to President and COO and will take overall ownership of all business functions. With that he will own sales, marketing, pre-sales, delivery, admin, finance, HR, legal – basically everything that’s key to the company’s success as a business. Congratulations and good luck Shevan!

Paul Fremantle, co-founder and CTO, will also be reporting directly to Vinny. Paul’s CTO office team is now nearly a dozen and they are responsible for long term thinking and big picture aspects of everything we do.

Selvaratnam Uthaiyashankar (Shankar), who heads R&D is now SVP of R&D and will be reporting to Vinny as well. With Vinny coming on board and with additional long term thoughts, we expect to significantly increase our R&D investment over the next several years.

And me…

With Vinny becoming Executive Chairman of the company I will of course be stepping down from the Chairman role. I will however continue to be on the board.

In addition, my work on Ballerina will continue with added gusto. We’re still finalizing details but after close to 3 years of work, Ballerina is nearly ready for prime time! We’re hoping for a summer blockbuster release!

WSO2 will then go all out on Ballerina and do a bunch of stuff. My involvement in product vision, strategy, and architecture will increase with the new structure. I look forward to helping the company reap benefits from the major investments in Ballerina.

Further, I will be part of guiding WSO2’s technical strategy for the long haul. As a tech company, we always have to look 5 – 10 years down the road and build towards that. I enjoy thinking long term and look forward to working closer with the incredible team in WSO2, and Vinny, to build the company to awesome heights!

It’s going to be a great ride.

Ready to be WSO2 Sales Certified?

In Q1 2019, we released the WSO2 Certified Sales Professional certification exclusively for our partners.

What is WSO2 Certified Sales Professional?

A certification for individuals on how to position and sell WSO2 offerings. If you belong to a partner organization and sell WSO2 products, you need to make sure this certification is on your short-term to-do list.

Why do we have a sales certification?

We want to

  • Enable current or potential sellers of WSO2 products to provide the best quality experience
  • Maintain the same sales knowledge and skill level among all those selling WSO2 products
  • Maintain the same standard and quality of sales for customers buying WSO2 products

How do we propose to test this?

We want to ensure that the test covers the theoretical knowledge as well as the practical aspects related to making a sale. In order to do this, the exam will consist of a multiple choice paper and a practical examination.

The multiple choice question paper will cover the following areas:

  • Presenting the WSO2 Story
  • WSO2 Value Proposition
  • Product Overviews
  • Positioning WSO2 Versus Competitors
  • Sales Operations
  • Objection Handling
  • Subscription Structure
  • Deployment Options and Pricing Methods
  • Partner Program

The practical exam will consist of the candidates making a presentation and answering interview questions based on a scenario.

What’s in it for you?

Once certified, you will be able to prove to the world that you are among the best sales personnel for WSO2 products. Just as we’ve listed out at Why become WSO2 Certified?, certification gives you the platform to prove your skills to yourself and others, gives you a chance to learn the best techniques to sell WSO2 products and sharpen your sales skills while preparing for the exam, and gives you a competitive edge, thereby increasing your employability.

How do I prepare for this test?

Log in to the partner portal where we have some learning material from our partner bootcamp.

Already a partner and ready to do the test?

Sign up for the exam on the partner portal today!

Want to check out our other certifications?

Have a look at WSO2 Certification.

Need more information?

Mail us at certification@wso2.com.

The API-driven World: WSO2 Integration Summit is Coming to a City Near You!

Starting in March, the WSO2 team, our partners, and I will be hitting the road for the 2019 WSO2 Integration Summit world tour. The 2018 Summit series was our biggest yet, featuring customer success stories from enterprises that have used our technology to fulfill digital transformation strategies and create innovative experiences for their customers. Refusing to sit back and relax, we’re making the 2019 Summits even better. We will be visiting at least 24 cities in 20 countries and 6 continents to show how you can achieve API-driven integration agility.

We are scaling our efforts by collaborating with our partners on each of our summits. We started this year by inviting all our partners for WSO2 Sales Bootcamp. For the first time ever, we had partners from all around the world participating in the 2019 kickoff alongside our own teams. Insights were gained, strategies were discussed, plans were made, and the summit tour was born. Because of our partners’ global presence, we are able to reach six of the seven continents (the penguins in Antarctica didn’t show much interest in WSO2!).

Group picture from Sales Bootcamp 2019

Summit Theme: The API-driven World

APIs are touching every facet of our society and the underlying trends are going to generate nearly 1 billion APIs in the coming years. All digital transformation depend on APIs and integration technologies underpin their evolution. Each WSO2 Summit will comprise a full day of vision and practical use cases focused on integrating a world of disaggregated APIs, cloud services, and data. We will discuss topics such as transforming integration projects from waterfall to agile, by moving from the centralized model to a decentralized architecture and methodology; combining enterprise integration, API management, and identity solutions; writing microservices that integrate APIs using Ballerina; and using open source technology for greater customization and flexibility. The summits will also feature guest speakers from digital-native organizations who will talk candidly about their API-driven transformations.

We’ll show you how to navigate current trends and use them to deliver innovation and new opportunities. Listen to visionary keynotes by WSO2 senior leadership, meet and network with industry experts and others who are striving to solve similar enterprise problems, and learn how integration agility could help with maximizing revenue and productivity. Join our interactive discussions to empower your team and stay one step ahead of evolving business needs.

While the the underlying themes of each summit remains the same, the agenda differs from location to location. The interactive sessions are tailored to each region, helping you gain relevant information on what matters to you and your enterprise. From open banking to retail and healthcare, our plan is to cover it all.

WSO2 Integration Summit 2019 global locations

If you are a customer or a community user and would like to speak at one of the summits, please let us know, as we have a limited number of spots still available. Get in touch with us at cfp@wso2.com.

I look forward to seeing you soon.

Space is limited, so save your spot today.

Follow @wso2 on Twitter to get the latest updates. We are using the #WSO2Summit hashtag.

WSO2: Our 2018 Results and 2019 Plan

10th straight year of subscription growth!

WSO2 had a stellar 2018 fiscal year. Continuing with the tradition began last year of financial transparency, I am pleased to share WSO2’s 2018 financial achievements and our 2019 plans.

WSO2 is starting our 14th year of operations. As our technology has become accepted as the best for open source integration, our business has started to grow at an increasing rate.

10th straight year of subscription growth; financial sound operations

WSO2 Subscriptions is our primary business. Customers purchase subscriptions to get support with an SLA, patches, security scanning, and developer query time. Subscriptions are purchased annually and are renewable. We use SaaS-style metrics and Annualized Recurring Revenue (ARR) as the benchmark for measuring the scale of our product sales.

In 2018, we exited with $37M in ARR, an expected growth of over 51% year-over-year. We added over 100 new subscription customers. We have more than 525 customers that have purchased a subscription or other professional services from us.

We now have customers in 65 different countries and in 2018, we crossed a milestone where more than 50% of our product sales originate outside North America. By the end of 2019, 65% of our business will reside outside North America making WSO2 a truly international-first business.

Financially, WSO2 is strong. We increased our balance sheet by $3.5M from operating cash flows while substantially increasing our staffing, opening new offices in Berlin, Mexico, and Australia, and continue long-term investments into next generation technologies like Ballerina.

WSO2 flirts around with GAAP profitability. We have profitable quarters, but don’t get there annually. Subscription businesses recognize revenue ratably over a 12 month period causing the revenue benefit from sales to appear delayed. This behavior is why we emphasize cash flow from operations as a better reflection of our business’ financial profitability.

Last year, WSO2 was the 8th largest pure open source software company. Given our growth rate, WSO2 is now the 6th largest open source company and we anticipate growing into the 5th over the next year!

WSO2 in 2019

In 2018, most of the changes that were made to the business were driven by territory expansion, globalizing our sales organization, expanding our field quality initiatives, and revamping our partner programs to capitalize on the dramatic increase in demand that we have seen in emerging markets.

In 2019, we will accelerate these initiatives while introducing a significant evolution of our product and open source initiatives.

We expect to grow 45–65% in 2019, exiting the year with more than 750 customers across 80 countries. We anticipate Latin America, Africa, and APAC to be the highest growth segments.

We’ll hire ~150 people through the year and expect to have close to 700 full time employees by year’s end.

For 2019, all WSO2 employees contributed to our strategic planning, and we have developed the WSO2 2019 vision; a commitment and description of our values, goals and strategies that will be driving our core efforts.

WSO2 2019: Our internal framework that helps us keep our priorities straight

WSO2’s 2019 Strategies and Priorities

When WSO2 was started, it was an experiment of middleware, integration and open source ideas. Those ideas unlocked a form of unanticipated profitability and prosperous employee base. We look back and then ask:

Could openness be a radical, more scalable, more profitable approach to integration software and business? How would WSO2 practice an open integration business alongside our open source licensing?

We use this mindset to collectively identify our strategic priorities for this year. Internally, we describe these efforts as Unifying Integration, Proving Ballerina, Win In Every Country, Open Everything, Agility Thought Leadership, and Culture of Transparency.

From a customer and investor perspective, we will:

  1. Launch New, Community-Driven Open Source Projects. We have written extensively on the evolution of integration; the need for the composable enterprise, standardizing reference architectures for integrations, and how microservices are shifting integration into code-first, instead of config-first capabilities. To further these ideas, we have community-driven efforts underway on new open source efforts including Cellery, Siddhi, a micro ESB, and a micro identity server. We will make public introductions as these efforts are readied for enterprise adoption.
  2. Invest Deeper Into API Management, IAM, and ESB. WSO2 is the industry-recognized leader in open source API management and IAM. We are one of the most widely adopted ESBs and recognized for the 1000s of enterprise integration projects we support. We are significantly expanding our engineering and dedicated support in these domains, effectively doubling our capacity by the end of 2019.
  3. Open WSO2 Hidden IP. We have pockets of intellectual property that is closed because we have the repositories hidden. This includes our cloud operating IP, certain types of configuration, and internal systems. Technically, our marketing, support, and sales content is not open either. We will open source all of this hidden IP.
  4. Open More of our Company Practices. We are expanding our partner network and simplifying how outsiders can participate with WSO2 in development, delivery and sales. We expect to grant 1000 certifications throughout 2019 and double the number of outside contributors to WSO2 projects and contributions made by WSO2 to external open source projects.
  5. Establish WSO2 as Open Source Champions. When outsiders engage in an open process started by someone else, they are joining a community. A community is a collection of people who share similar values. Committing to an open business model, in turn, means that we are advocates for community. We open our doors so that others may walk through. WSO2 will work on programs that make it easier for new developers to become participants in open source, create courses about how to run your own open source projects, and hiring dedicated staff that will be open source community champions within and outside WSO2.

We are working to be the best integration-at-scale provider for layered and cloud native architectures

About Those Lawyers

All this means we can, and will, create a lot more open source that helps IT digitize assets, become increasingly agile, and help turn internal software development into a competitive advantage.

We will be working to turn WSO2 into an IT-household brand, bringing our form of integration into every application and service you are building. If you are new to WSO2 or open source, 2019 will be a great year for you to learn more about how we can help you solve your digitization, integration, identity or API challenges. I’m happy to guide you on your journey and you can get in touch with me directly at tyler@wso2.com.

. . .

Since this blog post includes future operating plans, predictions, estimates, and forecasts, this is a good time to point out that we have lawyers, and that our lawyers want you to know that this information represents our current judgment on what the future holds and it is subject to risks, uncertainties, and other nightmares. In other words, don’t draw conclusions that have undue reliance on this blog post and understand that we may revise anything.

WSO2 Training: What We Offer

In the world of integration where things keep moving at breakneck speed, it can be a little difficult to keep up with the latest. That’s why we offer training at WSO2 to facilitate learning our products.

Currently, we offer three different types of training at WSO2: Self-Paced Learning, Online Instructor-Led Training, and Onsite Instructor-Led Training.

Self-Paced Learning

Self-paced learning is the most common form of training used by our customers. We share all our training material for free at https://wso2.com/training, and you can simply download and work on it at your own pace.

We also provide a learning-management system at http://lms.wso2.com/. This material is similar to what we have on our site but is optimized for self-paced learning.

Pros

  • Free of charge
  • Work on it at your own pace, whenever you have time

Cons

  • Carving out time for this can be a challenge
  • If you run into issues, you need to figure it out yourself
  • Only standard training topics are covered

Online Instructor-led Training

Our trainers can conduct training sessions for you using online meeting software. The trainer will share his/her screen and demonstrate the functionality in webinar style. A training session is typically 3-4 hours, and the number of sessions depends on the topics covered. The trainees can try out the hands-on exercises on their own as homework.

Pros

  • Costs less than onsite training
  • More interactive than self-paced training
  • Get your questions answered in real time
  • You can cover the standard topics as self-paced training and request instructor-led training for selected topics that you find difficult to figure out on your own

Cons

  • Less support for hands-on exercises than onsite training
  • Less individual attention than onsite training, as sharing the trainees’ screen is not recommended because it will disrupt the training
  • Difficult for highly customized topics
  • Connectivity and audio/video issues can cause delays and disruptions

Onsite Instructor-led Training

Onsite instructor-led training can be arranged at your premises as required. This is the most highly effective form of training. Training topics can be fit into 8-hour work days, and the number of days depends on the topics covered.

Pros

  • Face-to-face interaction ensures a better training experience
  • More support for hands-on exercises, as there will be a lab assistant in addition to the main trainer
  • Get questions answered in real time
  • Suitable for highly customized trainings where the trainer is given your use cases in advance. The trainer provides a customized agenda and is prepared to answer questions relevant to your specific use cases.

Cons

  • Costs more than online training

No matter which approach you choose, WSO2 training provides a fast and effective way for you to get up to speed on our products. To learn more, visit us at wso2.com/training.

New WSO2 Fall 2018 Release Helps Enterprises Close Today’s Integration Gap by Becoming Integration Agile

For years, integration has been viewed as the sidekick to application development—important but not the leading player. That has changed with the rise of digital businesses whose success is based on the strength of their interactions across communities—from internal teams to partner ecosystems, customers, industry groups, and government entities, among others.

John Rymer, Forrester Research vice president and principal analyst, captured this new reality in his keynote presentation at WSO2Con US 2018 where he observed, “Modern apps are distributed, meaning integration must now be built in, not bolted on.”

In other words, integration needs to move from being a sidekick to co-starring with app development in driving digital business innovation.

WSO2 Addresses Today’s Integration Gap

The central role of integration in software projects means that integration has to be as agile as app delivery. However, while code development has shifted to agile, the same can’t be said for integration, which is still trapped in a siloed, waterfall mentality. To address this challenge, we are helping enterprises transform into “integration agile” organizations.

Integration agile is an integration practice that favors short, continuous, iterative integration releases—similar in nature to agile code development. The approach is based upon organization, architecture, and methodology that enable multiple DevOps teams to code both applications and their integrations. The result speeds integration releases, minimizes organizational IT silos, and enables enterprises to respond rapidly to changing market and business demands.

The approach is codified in the WSO2 Integration Agile Platform. First introduced in July 2018, it offers a cohesive architecture along with the components and processes needed to help simplify and unify complex integration projects. Architected on a common code base of open source technologies, the cloud native WSO2 Integration Agile Platform features seamlessly integrated functionality for full lifecycle API creation and management, enterprise integration, identity and access management (IAM), and event stream processing.

WSO2 Advances Integration Agile Platform with Fall 2018 Release

We are now advancing the ability of enterprises to become integration agile with the Fall 2018 Release of our WSO2 Integration Agile Platform—addressing people and processes as well as enabling technologies. This newest release of our platform introduces:

  • Unified monitoring and analysis of integration flows via out-of-the-box analytics in WSO2 Stream Processor
  • Adaptive authentication with WSO2 Identity Server to handle integrated apps and services where authentication cannot be predetermined
  • New WSO2 Integration Agile Consulting services and resources for transforming IT organizations’ development and integration silos into fully Integration Agile teams

Unified Analytics: WSO2 Stream Processor is an open source, cloud-native, and lightweight stream processing product that captures, analyzes, processes and acts on events using streaming SQL queries in real time. With the Fall 2018 Release, it adds out-of-the-box analytics for WSO2 Enterprise Integrator, WSO2 API Manager, and WSO2 Identity Server. Now, customers can apply rich analytics and alerting capabilities across the WSO2 products to obtain a holistic view of integration projects with large-scale instance volumes across a range of business use cases. WSO2 Stream Processor also introduces an industry first with the ability to calculate long-running, real-time aggregations with milliseconds accuracy—from seconds up to years—even when events arrive out of order. Users no longer face the complexity of adding specialized storage for big data to obtain this functionality.

Adaptive Authentication: WSO2 Identity Server is a uniquely extensible, open source IAM product featuring adaptive and strong authentication, which helps bridge identity protocols and is optimized for identity federation and single sign-on (SSO) across on-premises and cloud environments. The Fall 2018 Release of WSO2 Identity Server addresses the fact that authentication options available for any given application cannot be predetermined by enabling organizations to dynamically determine authentication at runtime without impacting usability. The new script-based adaptive authentication functionality gives identity administrators the flexibility to control how they authenticate users into their organization’s apps, integrate with external identity providers, and handle token transformation as required by the apps. Other new features include:

  • Basic-level support for User-Managed Access (UMA), an OAuth-based access management protocol, which facilitates integration by letting users register their resources and define policies for accessing them using APIs.
  • Simplified integration with Microsoft Office 365 by letting enterprises rely on WSO2 Identity Server to act as the identity provider and handle synchronization with Microsoft Cloud.

Integration Agile Consulting, Methodology and Architecture: We’ve taken a decade-plus of experience working on integration and digital transformation projects to develop the WSO2 Maturity Model for Agility. With the Fall 2018 Release of the WSO2 Integration Agile Platform, we’re rolling out new WSO2 Integration Agile Consulting services that apply this model to help executives take a pragmatic approach to accelerating their IT organizations’ journey toward integration agility. These include a range of assessment, planning and implementation services that are tailored to each customer’s current state, goals and desired outcomes. The services are complemented by two new reference documents available for download:

  • WSO2 Methodology for Agility is a prescriptive approach to assist digitally driven organizations in becoming integration agile by focusing on their people, processes and technology.
  • WSO2 Reference Architecture for Agility provides a five-stage evolutionary approach, technical guidance, and best practices for digital-native organizations that are implementing integration agile projects.

Many enterprises are now moving to agile digital business models that connect people, processes, and information to deliver new products and services. With our expanded WSO2 Integration Agile Platform, we are empowering these organizations to transform their teams, architectures and methodologies to speed their integration releases—and make integration and code development co-stars in accelerating innovation.