Enterprise Service Bus vs API Management gateway

@asankha

Asankha Pereraasankha@adroitlogic.com

Founder and CTO of AdroitLogicMember Apache Software Foundation, VP HTTP components

PastArchitect + Lead Contributor (>70%), Apache Synapse ESBOriginal Architect + Product Manager, WSO2 ESB

Founded in January '10

Open Sourced UltraESB in August '10

AS2 & File Exchange Gateways released '12

API Director released in '15

Focused on ESB++

Enhanced by real customer needs

About AdroitLogic

...Objective!

build the fastest ESB

make it Simple to use and extend

emphasis on Quality

ESB within an Organization

ESB as a Gateway

HTTP/SAS2S/FTPEmail

Service Registries

Registry and a Repository

Version and Revision management

Governance & Policy enforcement

Service life-cycle management

Analytics

API Management

Exposing internal services

For access by external partners

Usually REST based SOAP/POX etc also possible

Common Concerns

Could this request be an attack?

Is a client identified, authenticated & authorized?

Is the request exceeding the allowed rate limit

Is the quota (long term) being exceeded

Is the request acceptable?

Should any routing be performed

Who is calling, what services logging, auditing etc

Whats the overall health, performance/metrics

Key Functions

On boarding Services and ConsumersCredential Management

Mediation, Logging, Auditing

Rate limiting, Metering & Billing

Performance and SLA

Management / Analytics / Alerts

Administration / Developer Portals & Tools

SecurityClient ID, Basic/Digest/OAuth, WS-Sec..

AuthN Headers, IP address, LDAP..

Protection - SSL, message encryption

Validation Schema based, XSS scanning..

Deliberate attacksSlow clients

MediationRouting, transformations, caching, etc

PoliciesURL/Header/Payload sizes, HTTP methods

Response time

Throttling / Rate limiting

Quota (more long term)

Attack detection (Content Type, Payload etc)

Developer Portal / ToolsRegistry, Documentation, Sample usage

Test endpoints, utilities, service meta data

Consumer and Service On-boarding

Metrics, Alerts and Reporting

UltraESB as an ESB

One of the youngest, since Jan 2010Based on a lot of previous experience and knowledge with ESBs

But a completely clean & new implementation

Knew what worked, what didn't and what should be done better

Technical innovationsFocus on performance and quality from the start

Java or JSR 223 scripts dynamically compiled for mediation

SimplicityBased on Spring framework and a few very stable libraries

Ease of management / monitoring based on ZooKeeper & JMX

Solutions based on the ESB

AS2 GatewayUtilizes AS2 based B2B trading support of the UltraESB

AS2 trading station as a servicehttp://as2gateway.org

Supports Invoicing

Based on requirements from two leading retailers in Europe

On-Premise deployments for enterprise customers

API DirectorAPI Management solution

Integrated ESB service management capabilities

Solution Overview

AS2 Gateway

File Exchange Gateway

ISuite Framework

API Director

API Director Deployment

Proxy Services

Transports & Message formats

Non-Blocking HTTP/S with Zero-Copy

JMS, AMQP, Email, File, S/FTP/FTPS/Samba, Timer (Quartz), TCP/S, MLLP/S

ProtocolsREST, SOAP, Hessian, Protocol Buffers, Fast Infoset, AS2, Binary/Custom TCP etc

PayloadsXML, JSON, Text, Binary, CSV, Fixed Width, EDI

Sequences, Interceptors & Mediation

msg mediation logger

Fragment, Class, Spring bean..

Native byte code execution

Use try-catch-finally

Javadoc for API

Endpoints

Achieving Performance

Zero-Copy Proxying + Non-Blocking IORAM disk / VTD XMLend-to-end principle

Zero-Copy Proxying

Non-Blocking IO

Core Architecture

RAM disk based file cacheSpeed of RAM with ease of Files

Better utilization of memory with smaller heap and low GC overhead

Use of Zero-Copy / sendfile with DMA

JMX for management of nodes/clusters

Separate Coordination & Control from State replication

No SPF, support HA and FO of services on nodes

No canonical payload format

Allow dynamic, yet atomic updates

Cluster Management

Continuous Benchmarking

Since 2005, comparing against Mule, BEA, ServiceMix, WSO2, Talend, Jboss, Petals and Fuse

ESB Performance Benchmarkhttp://esbperformance.org

All resources, scripts and instructions openly published

Ready-to-run EC2 image used for results shared

Direct proxy, CBR (Transport/Message Header & Content), Transformation, WS-Security

Community based improvements to the tests and resourcesFrom Talend, Mule and ServiceMix/Camel

All found issues with their ESBs by using the benchmark and fixed them

Independently validated the results seen

Last Round 6

Focus on Quality & Ease of Use

Close to 50% code coverage

Public API as separate Maven artifact shields customers' custom code binding into ESB internals

Start / Debug / Profile / Unit test / Load test all within the IDE

Many things based on few stable libraries such as Spring

No OSGi or classloader complexities simple to extend

Questions?

http://adroitlogic.org http://docs.adroitlogic.org

http://esbperformance.org

http://as2gateway.org