Fidelity Brokerage Technology (FBT)

- a Technology Division of Fidelity Investments

Transforming API Delivery Systems using WSO2 APIM

and ESB Technology

David P. Bonaccorsi Sr. John Marcotte Director, Architecture Director, Architecture

Fidelity Brokerage Technology Fidelity Brokerage Technology

Agenda

• Who is Fidelity • Our values, business units and history of technology innovation

• Leading Brokerage Transformation towards the new API Economy

• Evolving to BaaS - to an API Strategy with WSO2 technology

• Integrating WSO2 Components into Fidelity’s API solution

• Benefits and lessons learned

Who is Fidelity?

• One of the most diversified financial services companies in the world• A full range of products and solutions for individual investors, employers,

institutions and intermediaries• $4.3 trillion in assets under administration• Our clients:

– 20 million individuals and institutions– 5,000+ financial intermediary firms

• Over 42,000 employees: – Technology staff in Boston, Raleigh, Dallas, NH, RI, NJ

The Fidelity Organization

History of Innovation

Fidelity installs a mainframe computer—one of the first investment companies to do so

1965

Fidelity is the first to sell funds directly to individual investors over the phone

1974

Fidelity launches the first voice-activated computer response system for price and yield quotes 24 hours a day

1979 Fidelity is the first mutual fund company to launch a public website

1995

Fidelity Labs creates the first investing app for a smartwatch

2014

VR

Block Chain Digital $

Fin-TechRobo-Advisors

Fidelity’s API Evolution1999-today

Plain Old XML to/from Cobol

Mapping Engine

Internal Only

First External Gateway POX

2004

2009

External SOAP with 2nd Gen API Gateway

External REST API

Enterprise Governance Registry

Internet-facing API Store

API Ecosystem

• Build• Govern• Publish

• Discover• Examine• Prototype

• Consume

• Evaluate• Manage

• Run• Report• React

Registry: SOA Meta-Data Repository

Governance Registry Artifact Types

Allows Customer Feedback on APIs

▪ “APIs are inconsistent”

▪ “Need Improved Documentation”

Build Govern Publish

• Business & Utility Contracts• Service/API Change Notifications • Lifecycle Management• Policy descriptions• Quality/Consistency scans

Conceptual Service Inventory

Service Life Cycle

Business Driven Service Contracts✓ Business Capabilities✓ Negotiation ✓ Context Levels✓ Policy Definitions✓ Business Architects✓ Service Analysts

Service Registry•Business Capability Inventory•Brokerage Web Services Inventory •Services linked to capabilities & components•Reporting by components – track usage & legacy transition•Service code quality via Sonar integration •Service discovery APIs

Service Governance

✓ Service Contract Reviews✓ Service Architecture Reviews ✓ Service Inventory ✓ SOA driven design✓ Version Control✓ SOA Governance Board

Evolve Components

✓ Evolve legacy functions ✓ Improve SLAs✓ Improve TCO✓ Measure reuse✓ Measure quality✓ Integrate into culture

Enterprise Publisher – Supports all Environments

1. API artifact published/copied from Enterprise Publisher to Team-managed environment (“push” model)

2. Environment can be on premise or cloud hosted

3. API Store per environment to manage app provisioning and API Subscriptions

4. Dedicated Gateway instances with SVN deploy synchronization that can be scaled independently

5. Dedicated Key Manager instances for token handling that can be scaled independently

6. Dedicated database to store API policy, subscription, and permission metadata

Enterprise Store

LocalConfig

Enterprise Publisher

APIGWIDServer

APIGWIDServer

DEV

UAT , SIT , Perf

APIGWIDServer PRODAPIPUB

APIPUB

APIPUB

https://a

pipub :94 43 /services

https ://apipub :9443 /services

ht tps:// apipu b:9 443 /serv ices

APIStore

APIStore

APIStore

Internal

External

https://apipub :9443 /services

APIGWIDServerAPIPUB APIStore

SVN

SVN

SVN

SVN

APIGW

APIGW

APIGW

APIGW

LocalConfig

LocalConfig

LocalConfig

LocalConfig

Cloud

APIGWIDServerAPIPUB APIStore

LocalConfig

https://apipub :9443 /services

*

* 1 Per ENV

Ext UAT

API Store

Internet-Facing Web API Catalog for Developers who work for our business clients

Ex. Customer Management• Account Setup & Maintenance• User Management• Account Maintenance

ContractSwaggerWSDLPolicy

API Store → ‘Brokerage as a Service’

Discover Examine Prototype

Search by Filters and Tags

Solution Context Diagram (details to follow)

GW

IDS

ESBOAuthToken

BaaS Client

SSLD

MZ

Gat

eway

Publisher

Internal-facing Store

DAS

Services

SSL

Internet-facing Store

Client Tech Users

API Gateway = Traffic Manager for APIs

• Traffic Shaping from Analytics / Policy• Security• Mediation (e.g. SOAP to REST)• Consistency• Analytics Source

API Gateway→ Runtime Management

Consume

Evaluate

Manage

API Gateway / Identity Server – Overview

Ex. Token67befe161d98ca2cfd991f481ac18289

API Store

SSL

OAuthToken WSO2 Creates OAuth Token for

interactive testing in Store

Client Engineer deploys Key + Secret from Store UI to Servers

Internal or External User

BaasClient

SSL

DM

Z G

atew

ay

API Gateway / Throttle Weight

SSL

67befe161d98ca2cfd991f481ac1828

OAuthToken D

MZ

Gat

eway

BaaSClient

API Gateway / End Point Abstraction

SSL

67befe161d98ca2cfd991f481ac1828

OauthToken

DM

Z G

atew

ay

BaaSClient

https://host.intranet.com:9999/common/BrokerageAcctBal/2017/02

ESB Mediation Tier (ESB) - Transformation

2waySSLREST2SOAP

Co

re

“1234567890”

123456789

ESB Mediation Patterns – Transform / Augment

Data Analytics Server (DAS)

THIFT

API Publisher visibility

Data Analytics Server (DAS) Capabilities

A rich set of OOTB Analytics captures Operational and Historical Information using Hbase / Hadoop and Spark technologies

DAS - Throttle and Response Time

Data Analytics Server (DAS) – Usage by API

How WSO2 is helping Fidelity

•Buy (Licensing) vs. Build

•Thought Leadership

•Open Source

•Container / Cloud ready

•Expert Support and Consulting

Tips• Automate early to limit time on

environment engineering

• Think through the needs of different groups and roles needed

• Explore and understand the subscription process for internal and external applications

Thank You!