With the fast-growing popularity of cloud computing, an increasing number of organizations are now moving towards cloud-based solutions. Gartner predicts that1, “by 2020, 90 percent of organizations will adopt hybrid infrastructure management” where some parts of a solution would be in the cloud while other parts would be in traditional on-premises data centers.
With the move towards the digital enterprise where more and more data is exposed via APIs, organizations heavily depend on API management platforms to ease the burden of managing these APIs. Now API management is also moving towards hybrid approaches where some parts of the platform are cloud-based and the rest is based on on-premises data centers. This paper intends to explain why and when you would need a hybrid API management solution. To see a hybrid API management solution in action, refer to this webinar.
2. The Best of Both Worlds - Why You Need Hybrid API Management
2.1 Traditional On-prem - Why it’s Not Suitable for Today's Digital Enterprise
Figure 1: Traditional data center-based API management platform deployment
Traditionally, API management platforms have been deployed and managed internally. An organization would choose an API management platform and deploy it on the organization’s data center by itself. This gives them more control over the platform and also provides a lot of flexibility. Furthermore, since the deployment is within the enterprise network closer to the backend services, the latency is very low. Therefore, integration with the backend becomes a lot easier because there is no need to expose backend services to external networks.
However, maintaining such a deployment is difficult and requires both human and hardware resources. This obviously means a high total cost of ownership, especially in countries where it is costly to employ human resources to maintain and manage such deployments. Furthermore, today, with organizations transforming to digital enterprises that frequently collaborate with external parties, it is quite a challenge to onboard these external parties to the platform. This is mostly due to the security restrictions imposed on the enterprise network and also due to security compliance in the onboarding process. Introducing external parties to internal systems would mean being exposed to an increasing number of security risks.
2.2 Traditional Pure Cloud - The Concerns of Security and Ever-changing Compliance
Figure 2: Traditional Cloud-based API management platform
With the growth of cloud infrastructure, organizations are increasingly adopting cloud-based API management solutions, which resolves the issues of maintenance difficulty and high cost of on-premises deployments.With cloud-based solutions, the difficulty of managing infrastructure has significantly reduced. Furthermore, Software as a Service (SaaS) API management platforms that provide full lifecycle API management are offered at a relatively low cost, where all the maintenance and availability concerns are also handled by the provider. An organization would only have to focus on the business logic to improve their agility and rapid development model.
However, depending on certain business requirements, the cloud might not be the best solution for an organization, for example:
If most of the APIs are consumed within the organization itself, and API backends are internal, the additional hops introduced would mean a lot of inefficiencies.
- If the backends are internal, they either need to be exposed to the Internet, or costly VPN solutions should be used to connect the cloud API gateways to the backend services.
- If the organization belongs to a regulated industry such as healthcare, it would become a compliance or security concern if all API data has to go through the cloud.
2.3 Hybrid Gateways - The Best of Both Worlds
Figure 3: Hybrid API management platform
On-premises only and cloud-only API management have their own pros and cons. The cloud provides a rapid deployment model and low total cost of ownership, while on-premises solutions provide better performance, security, and compliance. To get the benefits of a SaaS environment together with the greater control provided via on-premises API management, cloud and on-premises should be combined when designing solutions.
With hybrid API management, most of the API management infrastructure including management user interfaces, the developer portal, and analytics are in the cloud, hence they are always accessible to API publishers and subscribers. Organizations do not need to worry about the availability, uptime, and maintenance of these components since that will be handled by the vendor. This ensures the rapid deployment model and low total cost of ownership.
The API gateway (i.e Microgateway) can be run anywhere on-premises or in the cloud. Running it on-premises cuts down the network overhead ensures security and compliance, and also removes the need for VPNs or any other network connectivity solution. The ability to run the gateway via any cloud infrastructure provider helps to avoid vendor lock-in. Furthermore, running the gateway in constrained environments such as Docker containers and Kubernetes clusters ensures high availability, auto-scaling, and efficient infrastructure usage.
3. Gain Freedom and Agility Along With Security and Fast Responses - Go for Hybrid API Management
It is now clear why organizations need a hybrid API management strategy, but when should an organization invest in one?
Organizations are moving towards digital transformation and microservices adoption is exponentially growing. This makes it essential to have a centralized API management platform where APIs can be shared via an API marketplace and API analytics enables decision-makers to arrive at meaningful business insights. This API management platform should also support a decentralized approach to API ownership to leverage Agile development practices. This is where hybrid API management fits in. The centralized API management platform can either be in the cloud or provided by a SaaS API management platform where each team gets its own isolated tenant. The API gateway can be run and maintained by the teams themselves, which would give them full control over their APIs. Furthermore, this can cut down the costs and human resource requirements because each team would not have to maintain their own complete API management platform.
With the growth of mega-cloud vendors, organizations tend to get locked into one of these vendors for all of their digital solutions. This makes it really hard for organizations to expand their digital enterprises because some of their end users or backends are on different vendors or in on-premises data centers. The integration of such systems can be challenging and will require VPN solutions and compliance with security standards. Hybrid API management overcomes this issue with the multi-cloud integration capability where a central API management platform can be in one of the larger vendors or a SaaS platform, while self-contained API gateways (i.e micro gateways) can be run in any other cloud vendor.
Some SMEs in regulated industries such as healthcare and finance opt for SaaS platforms to reduce the total cost of ownership. But, as mentioned before, regulatory compliance and security concerns arise when sensitive API data goes through the cloud. Hybrid API management is the perfect solution for this because the API gateway can be deployed anywhere and configured so that the sensitive data would only flow through it and the organization would have full control over the gateway.
Also, if most of the APIs are being used internally, the ideal solution is to have the gateways closer to them so that the latencies are at a minimum. This again fits into the hybrid API management model where the API gateway can be deployed anywhere closer to the backend to reduce the latency.
4. Challenges in Adopting a Hybrid API Management Platform - Are You Ready to Go Hybrid
Adopting a hybrid API management platform has its own challenges. Configuring and running a separate on-premises gateway might not be easy unless the configurations are minimal. Moreover, if it takes a considerable amount of time to get it up and running, the efficiency of developers will reduce, which in turn will affect the agility of the organization.
In a hybrid approach, it is a must to avoid any cloud to on-premises communication because this would require certain security mechanisms such as protection through credentials, IP whitelisting or VPNs. These security mechanisms are generally costly and difficult to maintain. Furthermore, the operations team of an organization may need to follow different approaches and protocols to maintain and monitor the cloud components and on-premises components.
Therefore, it is important to carefully weigh the pros and cons before deciding to go for a hybrid API management platform. Following are a few important characteristics to look for when selecting a hybrid API management platform:
- Easy to quickly configure and run anywhere
- Can run in a Kubernetes or Docker environment to get the benefits of emerging cloud technologies
- Avoids cloud to on-premises communication. This eliminates the need to expose on-premises components to the cloud.
- Can leverage a SaaS solution for the cloud components rather than maintaining some of the components in the cloud by the organization itself.
- Ability to route non-sensitive data through the cloud and route sensitive data through on-premises components.
If you look at the current market, finding a hybrid API management platform that satisfies all the above characteristics can be difficult.
5. Going Hybrid with WSO2 API Cloud - How to Implement Hybrid API Management
Figure 4: WSO2 hybrid API management platform
Almost all API management platform vendors, whether it be a regular platform or a SaaS one, have their own hybrid API management solution. WSO2 API Cloud is one such SaaS provider that supports a complete hybrid API management solution. It is powered by WSO2 API Manager, which was named a leader in The Forrester Wave™: API Management Solutions, Q4 2018 report. In WSO2 API Cloud, API publishing, subscribing, key management and analytics are done through the public cloud whereas API runtime traffic can run through WSO2 Hybrid API Gateway.
What is unique about the WSO2 Hybrid API Management Platform is that it supports all the important characteristics that an organization would look for when selecting a hybrid API management platform.
WSO2 Hybrid API Gateway can be easily run anywhere including on Docker and Kubernetes. Furthermore, it has all the features similar to the cloud gateway and would work in the same way as in the cloud but with more control. Since it is a fully fledged API gateway, the performance would also be the same as the standard WSO2 API Manager.
WSO2 Hybrid API Gateway does not need any database access and is configurable at deployment time with minimum configurations. This has improved the total startup time of the gateway. Now the gateway startup takes less than five minutes from the moment it is downloaded to the point where it is functioning. This makes it easily deployable and configurable by developers at design time, which aligns well with today's agile development practices. Furthermore, with the help of WSO2 API Cloud’s REST API, this can be easily integrated with DevOps and CI/CD tools to provide a fully automated API lifecycle management solution.
In today’s digital world where an increasing amount of data is exposed via APIs, organizations heavily depend on API management platforms to ease the burden of managing APIs. With ever-changing security and compliance requirements, organizations are looking for solutions that solve these concerns while providing agility, low total cost of ownership, and low latencies for their APIs. Hybrid API management provides the perfect solution for all such requirements by leveraging the benefits of both cloud and on-premises solutions.
With WSO2 Hybrid API Management, organizations can leverage their potential to build a feasible, reliable and most importantly, agile solution to address their business requirements.