Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building Blocks for APIs, Mobile-Ready

Building Blocks for APIs, Mobile-Ready

by Andy Thurai @ Apistrat NYC (Feb. 2013)

More Decks by API Strategy & Practice Conference

Other Decks in Technology

Transcript

  1. 1 1 Building Blocks for API, Mobile-Ready Andy Thurai, Group

    CTO ASIP, Big Data group Data Center Software Division Service/API Gateway > > Data Center Apps API @AndyThurai Thurai.net/securityblog
  2. 2 API Management • Enterprise extending reach through APIs •

    API traffic overtaking web traffic • Control point to enforce security & build composite apps Mobile First Strategy • Rise of internal business productivity apps • Build performant, contextual, multi-device experience • Simplified REST, JSON, OAuth communication/AuthN ? 60% of all logins to the popular Salesforce.com platform are through RESTful APIs, and 40% are through traditional browsers. Two Red Hot Trends - How do they Intersect?
  3. 3 API Growth Continues to Accelerate in 2012 API Calls

    are in the Billions/Day – Large Enterprises following suit API Shift – It’s Here Sales force – API traffic overtakes Web traffic in June 2012 API Management Mobile First Strategy ? API = Overloaded term to describe capabilities exposed over HTTP. Could be REST/XML/JSON or SOAP In fact, a lot of people still use SOAP in the Enterprise
  4. 4 Native vs. Web Mobile Apps Native/Browser Native Web App

    Type Runs on phone operating system directly). Faster UI performance. Controls download at installation Runs in browser or O/S container. Slower UI downloaded on- demand; code written in abstraction layer of web technologies (Javascript, CSS, HTML5). Portability Low; app ported across languages. Cross platform dev tools needed High; depends on JavaScript support vulnerable to HTML 5 fragmentation App Characteristics Monolithic-distributed via app store. Logic & persistence mgd with interwoven components. Best for offline features, native data storage & push Web-oriented via url. Logic pushed from server in JavaScript, HTML5/CSS, easily updated. Network I/O Synchronous HTTP on separate thread, Over the Air OTA updates, persistent socket connections Synchronous HTTP or HTML 5 Websockets API Calls Native HTTP library or raw TCP AJAX cells, JSONP required for cross domain API calls Security Posture Phone access to file system for read/write. Security beyond https requires custom code. Susceptible to malware Basic security confined to https. Protocols such as OAuth require toolkit. Browser wrapper provides sandbox Server Arch Mix of custom middleware & software often needs own ESB Similar to web server/app server model with content optimization So… what’s the answer? Who wins? Answer #1: Both Answer #2: Native will always have the edge due to handset differentiation, despite advancing standards
  5. 5 Enterprises Have Unique Requirements for Mobile Enablement Are you

    trying to get a mobile project going at your Enterprise? Does this look familiar? •Disparate middleware and database technologies •Disparate identity management silos •Disparate programming languages •Current architecture optimized for web browsers •Vertical integration prohibits cloud outsourcing •Inconsistent security model across domains On top of this you want: •BYOD with enterprise native mobile applications •Low development costs •Fast time to market •Robust security for Enterprise data
  6. 6 The Enterprise Backend Challenge SOAP XML-RPC REST SQL MQ

    Systems Of Record Integration/ Data Transformation Layer REST JSON OAUTH Mobile Channel LOB Apps Directory CMS CRM ? ? ? ? ? ?
  7. 7 Web server Web server Asset server App server App

    server App server App server Database Master Database slave 1 Database slave N Load Balancer Load Balancer Load Balancer Presentation Tier Logic (application) Tier Persistence Tier App-Optimized Architecture 2-Tier API-optimized architecture • Emerging standard for app enablement • Traditional app server thins as more logic is pushed to the device • Delivery tier focuses on data delivery, mediation, and security instead Delivery Tier Represent native apps, not browsers Asset server API / Mobile Enabler
  8. 10 Mobile Middleware White Paper www.cloudsecurity.intel.com API Portal Demo Joint

    Solution Brief View API Management & Mobile Solutions