esb vs api management
TRANSCRIPT
Enterprise Service Bus vs API Management gateway
@asankha
Asankha [email protected]
Founder and CTO of AdroitLogicMember Apache Software Foundation, VP HTTP components
PastArchitect + Lead Contributor (>70%), Apache Synapse ESBOriginal Architect + Product Manager, WSO2 ESB
Founded in January '10
Open Sourced UltraESB in August '10
AS2 & File Exchange Gateways released '12
API Director released in '15
Focused on ESB++
Enhanced by real customer needs
About AdroitLogic
...Objective!
build the fastest ESB
make it Simple to use and extend
emphasis on Quality
ESB within an Organization
ESB as a Gateway
HTTP/SAS2S/FTPEmail
Service Registries
Registry and a Repository
Version and Revision management
Governance & Policy enforcement
Service life-cycle management
Analytics
API Management
Exposing internal services
For access by external partners
Usually REST based SOAP/POX etc also possible
Common Concerns
Could this request be an attack?
Is a client identified, authenticated & authorized?
Is the request exceeding the allowed rate limit
Is the quota (long term) being exceeded
Is the request acceptable?
Should any routing be performed
Who is calling, what services logging, auditing etc
Whats the overall health, performance/metrics
Key Functions
On boarding Services and ConsumersCredential Management
Mediation, Logging, Auditing
Rate limiting, Metering & Billing
Performance and SLA
Management / Analytics / Alerts
Administration / Developer Portals & Tools
SecurityClient ID, Basic/Digest/OAuth, WS-Sec..
AuthN Headers, IP address, LDAP..
Protection - SSL, message encryption
Validation Schema based, XSS scanning..
Deliberate attacksSlow clients
MediationRouting, transformations, caching, etc
PoliciesURL/Header/Payload sizes, HTTP methods
Response time
Throttling / Rate limiting
Quota (more long term)
Attack detection (Content Type, Payload etc)
Developer Portal / ToolsRegistry, Documentation, Sample usage
Test endpoints, utilities, service meta data
Consumer and Service On-boarding
Metrics, Alerts and Reporting
UltraESB as an ESB
One of the youngest, since Jan 2010Based on a lot of previous experience and knowledge with ESBs
But a completely clean & new implementation
Knew what worked, what didn't and what should be done better
Technical innovationsFocus on performance and quality from the start
Java or JSR 223 scripts dynamically compiled for mediation
SimplicityBased on Spring framework and a few very stable libraries
Ease of management / monitoring based on ZooKeeper & JMX
Solutions based on the ESB
AS2 GatewayUtilizes AS2 based B2B trading support of the UltraESB
AS2 trading station as a servicehttp://as2gateway.org
Supports Invoicing
Based on requirements from two leading retailers in Europe
On-Premise deployments for enterprise customers
API DirectorAPI Management solution
Integrated ESB service management capabilities
Solution Overview
AS2 Gateway
File Exchange Gateway
ISuite Framework
API Director
API Director Deployment
Proxy Services
Transports & Message formats
Non-Blocking HTTP/S with Zero-Copy
JMS, AMQP, Email, File, S/FTP/FTPS/Samba, Timer (Quartz), TCP/S, MLLP/S
ProtocolsREST, SOAP, Hessian, Protocol Buffers, Fast Infoset, AS2, Binary/Custom TCP etc
PayloadsXML, JSON, Text, Binary, CSV, Fixed Width, EDI
Sequences, Interceptors & Mediation
msg mediation logger
Fragment, Class, Spring bean..
Native byte code execution
Use try-catch-finally
Javadoc for API
Endpoints
Achieving Performance
Zero-Copy Proxying + Non-Blocking IORAM disk / VTD XMLend-to-end principle
Zero-Copy Proxying
Non-Blocking IO
Core Architecture
RAM disk based file cacheSpeed of RAM with ease of Files
Better utilization of memory with smaller heap and low GC overhead
Use of Zero-Copy / sendfile with DMA
JMX for management of nodes/clusters
Separate Coordination & Control from State replication
No SPF, support HA and FO of services on nodes
No canonical payload format
Allow dynamic, yet atomic updates
Cluster Management
Continuous Benchmarking
Since 2005, comparing against Mule, BEA, ServiceMix, WSO2, Talend, Jboss, Petals and Fuse
ESB Performance Benchmarkhttp://esbperformance.org
All resources, scripts and instructions openly published
Ready-to-run EC2 image used for results shared
Direct proxy, CBR (Transport/Message Header & Content), Transformation, WS-Security
Community based improvements to the tests and resourcesFrom Talend, Mule and ServiceMix/Camel
All found issues with their ESBs by using the benchmark and fixed them
Independently validated the results seen
Last Round 6
Focus on Quality & Ease of Use
Close to 50% code coverage
Public API as separate Maven artifact shields customers' custom code binding into ESB internals
Start / Debug / Profile / Unit test / Load test all within the IDE
Many things based on few stable libraries such as Spring
No OSGi or classloader complexities simple to extend
Questions?
http://adroitlogic.org http://docs.adroitlogic.org
http://esbperformance.org
http://as2gateway.org