by Cara Hogan

SOA and APIs combine for more agile mobile apps

Published September 18, 2013


Nearly every new mobile app developed today utilizes at least one API, allowing the app to include location data, process payments or recognize speech cues. How can businesses best manage these APIs to ensure the app is secure, agile and interconnected with the business?

Roberto Medrano, Executive Vice President of SOA Software—who specializes in service-oriented architecture (SOA), governance, and compliance—explains how to easily integrate the concepts into your company’s mobile strategy. Rather than simply utilizing ad-hoc  APIs, Medrano shares how to create a secure and SOA-enabled app that grows with your business grows.

WebSphere Insights: What is the main challenge customers have when it comes to mobile application enablement?

Roberto Medrano: For mobile apps, the challenge is really finding the right set of applications that will give you the most revenue, the most channel engagement and partner enablement. Customers want to offer their users a rich, engaging mobile experience, and they can only achieve this when a rich level of enterprise data and applications are available to their users. So finding and then securely exposing this backend data becomes one of the biggest challenges. The data is often owned by different business units, secured using different standards, and built on top of disparate IT products and platforms. Tying all these resources into a single mobile platform can be very challenging.

WI: What is the connection between SOA and mobile app creation?

Medrano: Businesses with SOA principles are better prepared to create mobile apps. SOA is the methodology that enterprises use to simplify their complex backend applications and data so consumers like mobile devices can easily leverage them. Mobile apps are simple and lightweight by definition, and have no knowledge of the complex details of an enterprise IT infrastructure. Without this simplification, mobile developers would be forced to create dull, featureless apps for lack of interesting data to source and consume. When you do mobile, it’s an extension of your enterprise web services applications now moving to a mobile application.

WI: How can companies develop a mobile app strategy to avoid and overcome these challenges, and how do the APIs fit into that organization’s ongoing strategy?

Medrano: The centerpiece of any mobile strategy is service lifecycle management, security, and integration. In other words, the infrastructure to define, secure, and expose backend data as APIs must be in place before a customer can succeed at building a mobile app developer community and foster the creation of rich mobile apps.

The companies that define their mobile strategy usually have a set of requirements. Those requirements are tied into what the apps will do, how they will be used and so on. APIs are revolutionizing the world of IT because it’s making it possible for developers to connect a lot of applications on mobile, cloud and the web, and then connect those apps to the enterprise backend systems with very minimal effort.

From the business perspective, APIs are an amazing source of agility. However the APIs also create a host of new threats related to security and compliance, to development and monitoring. People have to explore those new challenges as well, and prepare with their ongoing strategy and expand their SOA centers into this new API world.

WI: Tell me about your software. How does it work with internal systems and integrate with IBM solutions. And what is the primary benefit?

Medrano: We offer service lifecycle management and API management for the IBM platform. Our solutions let key IBM products like WebSphere DataPower, WebSphere Application Server, and System z mainframe participate in an SOA and API program. Our solutions are unique because our technology works side-by-side with IBM’s platform products, ensuring a set of IBM runtimes whose services perfectly match the requirements and constraints laid out during service design, development, and deployment. For example, if a customer requires that a particularly sensitive service running on DataPower must use a strong form of security, we have the smarts to explicitly instruct DataPower how to secure that service to meet the requirements. This gives customers a very fine level of control over their complex IBM infrastructures. You can see for detailed information.

All of our products are what we call ready-to-use SOA governance automation for the IBM WebSphere platform. We allow automation for all SOA framework—all the way from service conception to service consumption. We ensure that all the application patterns and policies are enforced through the entire IBM software stack. We allowed IBM customers to utilize those web services across multiple platforms, heterogeneous environments, so customers can continue to use WebSphere in a more robust manner.

Our API Management Platform helps people plan what services and APIs they need to create by having a process of approvals. Once the set of APIs and web services are approved, then you can move into the development process. We have the Lifecycle Manager Development Governance product that allows companies to connect web services and APIs to existing source code systems and follow the development process of the company. The company can define how they want developers and designers to use those web services and APIs. Once they are created, they can move to a stage of running or operating, where secure monitoring and Service Level Agreements (SLAs) are very important. The business can govern all the steps. We also provide the Community Manager a way to develop a creative community of developers, to use your APIs and enhance your APIs and create new Apps.

WI: You have specific software that works with IBM WebSphere DataPower. How does it connect backend systems to mobile apps?

Medrano: Our solution for WebSphere DataPower gives DataPower customers all the powerful security and integration functionality that DataPower is famous for, but in a fully automated API form factor. DataPower customers have been using our solution for a long time now to integrate with their IBM backend systems for internal purposes; now they are starting to use those very same techniques for external API and mobile initiatives.

To give an example, a customer might use our solution to expose on DataPower a mainframe application to their internal customer call center, leveraging DataPower’s powerful security and integration features. A new mobile initiative might arise to bring many of those customer call center functions to an iPhone and Android mobile app community. Using our API technology, the DataPower customer would be able to share the same powerful security and integration techniques they used for the call center application with the new API initiative, giving mobile apps seamless mainframe integration. And of course, they would get all the great lifecycle management, DataPower automation, security patterns, monitoring, and other API features that we are famous for with DataPower. The end result is an API solution for DataPower that lets customers continue to leverage the best of DataPower, but in this new API world.

WI: You tout that your software can help customers create more secure mobile applications, but how does it accomplish this?

Medrano: We use the concept of security policy to control the security of APIs. This is a simple, yet powerful way to let security experts define and share particular modes of security. The policy is defined using a combination of simple security building blocks, without requiring staff to know how to actually implement those building blocks. We take care of the implementation by using our expertise to instruct products like WebSphere Application Service and DataPower on how to make that security real on the network. We offer rich support for many types of security, such as Tivoli, OAuth, SAML, and WebSphere MQ security standards. The result is a simple yet powerful method for resolving what is normally a very complex and challenging goal of ensuring all APIs are properly secured according to enterprise standards.

Developers like to create a code and not to be too concerned with all the security aspects of an API and who is authorized to use it. Companies need to ensure authorized access and secure data. The only way to secure it is by using an API gateway from a company like us. It can be integrated with access management providers. We can provide a way for companies to use multiple authentication—a token so that only valid users get access to their APIs. Our API gateway prevents DOS attacks, detects any potential threats from SQL or JavaScript injection attacks and has a simplified policy management.

WI: SOA Software offers automated lifecycle management for their APIs. What does that mean to customers?

Medrano: Imagine somebody building without following a set of processes and policies established by a central governance team. Houses would be differently built, one building would be on top of the sidewalk, fences would be 6 or 8 feet, it would be a set of non-standards. Lifecycle management allows us to set the processes you need to follow to guide your development and set up the policies to guide according to your company standards. It can follow specific process creation of that API and for the development of that API. Eventually those policies will be enforced at the end of the run stage. It’s very important to follow a methodology enforced by governance products. We have the Lifecycle Manager Product to be used for that specific purpose.

WI: Everyone is always looking for the ROI on any product before making the investment. How do customers prove the ROI on this solution?

Medrano: We’ve spent a lot of time with IBM customers understanding their existing infrastructures and understanding what it would take leverage those infrastructures for API and mobile. We tend to see three main areas of ROI in these situations.

The first are the capital costs customers would incur integrating and then exposing their IBM backend systems to cloud and mobile apps. Because our solution comes fully integrated from the start, this cost goes away. Our ability to work out-of-the-box with DataPower, Message Broker, WebSphere MQ, and other IBM backend systems means customers do not need to spend a lot to get up and running with their APIs.

The next are the ongoing operational costs of running an API program without SOA Software. The service lifecycle and the creation of every new service have a high associated cost without our solution in place. Maintenance and the cost of production outages due to runtime API security and integration issues also contribute. So the operational costs can be quite high. Because of the level of service lifecycle and runtime automation we offer, these types of costs are drastically reduced. The customer also realizes a faster time to market and reduced risk of elongated project timelines or mobile projects that fail due to lack of the right management tools to control the API lifecycle.

Finally, the last component of ROI comes from the level of functionality we offer to ensure that customers fully realize their mobile strategy. Our ability to foster a rich community of app developers and API developers results in high productivity in terms of API and mobile app creation, which is the final and most important goal for the customer. Without our rich functionality, many API and app communities fail to grow as expected. This lack of adoption results in mobile initiatives that fail to meet the needs of the business.

WI: Could you give an example of a customer that has successfully used this software and what were a few concrete improvements that they achieved?

Medrano: A large airline wants to re-architect their existing web infrastructure into a cloud operating model with common capabilities across web and mobile apps via APIS. They have SOA and were enabled to be very agile. They need SOA governance and API governance solutions that can go from planning development and operation to creating a developer community. They need a solution that is high performance [and] that can provide the normal components they would expect as a large company.

The SOA software supports the build, plan and development stages, creates SOA and APIs seamlessly, and integrates the solution fairly quickly with the existing applications. This allows them to re-architect their web structure much faster than they would do otherwise, and allow them new methods to make sure the planning and development decisions are enforced at run time. It allowed them to be faster, to use existing data internally and to have more visibility and monitoring of the planning and governance internally. They already have a website, but they’re able to leverage the existing SOA structure with APIs.

WI: What does the future hold for mobile APIs and API management?

Medrano: APIs will grow exponentially over the coming years, and those customers that have the right API solutions in place will account for the largest component of that growth. The IBM platform has an ideal set of products to help drive that growth. The DataPower appliance, for example, is ready-built to offer the right level of security and integration functionality to securely expose an IBM backend to mobile apps. With the right level of service lifecycle management and runtime automation layered on top of the IBM platform, customers will remain on the leading edge of this next wave of innovation.

WI: Congratulations on being chosen as a “Leader” in the 2013 Application Services Governance Gartner Magic Quadrant. How did SOA Software achieve this type of success?

Medrano: Gartner acknowledges in their analysis that API and SOA is deeply interconnected. We’ve helped IBM customers successfully roll out their SOA initiatives, so we know a lot about how to make platforms like WebSphere MQ and System z mainframe play well in an SOA. Now we are helping IBM customers realize their API and mobile goals, using their past SOA successes as a foundation. We are leveraging products like DataPower to securely expose backend data to mobile apps in a fully lifecycle managed environment. So bringing both SOA and API success to the IBM customer’s infrastructure is our daily bread, and Gartner is acknowledging the success we have found partnering with our customers.



No one has commented on this item.