June 24, 2011
It seems like every week I spend time talking to one or another of the many API management vendors that seem to be popping up with great regularity. In the last couple of months alone I’ve moderated a great focus.com roundtable that had me talking with Mike Maney from Alcatel Lucent, Sam Ramji from Apigee and Delyn Simons from Mashery. Then earlier this month I moderated a panel at Gluecon with another bunch of protagonists – this time Steve Willmott from 3Scale, William Oellermann from OpusGrid and Jeff Hoffman from enStratus.This along with several API specific blog posts has seen me take up a real API theme.
Maybe this makes sense – at Gluecon, Programmable Web founder John Musser gave a keynote detailing the state of the API market (see slideshare below) and in it he detailed the incredible growth that everything API has enjoyed of late.
Continuing this theme I spent some time recently talking with Alistair Farquharson from SOA. SOA is a company with a (not surprisingly given the name) host of products for SOA Governance Automation. Building on top of that they’re now introducing the Atmosphere API Management Solutions that they’re touting as “the Industry’s First Enterprise-Ready API Management Solution”. I’m not sure about that lofty claim but nonetheless it is worth looking at what SOA are doing.
According to the blurb, Atmosphere provides a secure, robust platform that companies can use to share their APIs with the growing developer community. Atmosphere manages, monitors and secures APIs ensuring that companies’ APIs deliver the level of service customers and partners require; the security of corporate and customer information and assets; and the integrity of the corporate brand.
Specific functionality includes;
- API definition, content, policy and lifecycle management
- Intermediation to simplify the creation of RESTful APIs with both XML and JSON content
- Security capabilities to help protect the APIs from abuse
- QoS management (SLAs and quotas) to protect internal applications from overload at the API and to provide customers with service-level guarantee
- Consumer contract monitoring and management of traffic from individual apps
Nothing much in there that is significantly different from the incumbents but where SOA is placing its bets is on what they call “hybrid deployment”. First a little clarification here – there are two main approaches to providing third party API management services – proxy services and proxy-less services. Over on Kin Lane’s blog, there is a great post detailing the difference between the two approaches and utilizing some great diagrams.
Firstly the Proxy approach taken by vendors like Mashery and Apigee;
Secondly the proxy-less approach taken by 3Scale;
Farquharson goes into more detail in his blog post but the SOA approach is to marry the benefits of a proxy-less API service (SOA calls them agents), with the benefits of proxies. As Farquharson says;
What if you could take advantage of the benefits of both approaches? Put half of the solution on premise, and half in cloud – a hybrid deployment approach. This allows a local proxy to be deployed on premise, but put the administrative console and API management activities in the cloud. This allows API providers to find their ‘balance point’, between what they deploy on premise and in the cloud, and to adjust it as technical considerations – and financial considerations – change.
With this approach SOA enables solutions to be deployed either on-premise or in the cloud – giving what they believe is a more flexible, compliant and enterprise-ready solution.
The API space is moving really fast and is also home to quite a lot of marketing speak that does little more than confuse customers – with this uber-flexible approach SOA believe they have a unique proposition for enterprise customers – watch this space.