Service Oriented Architecture (SOA) has become the industry standard for on-premises IT and integrations that cross the enterprise firewall. In a SOA-based infrastructure, applications and databases are opened up as Web services using XML, SOAP interfaces and–increasingly–RESTful APIs. These services can then be repurposed in a range of new applications.
Exposing application functionality and data as reusable Web services makes it quicker and easier for enterprise architects and developers to repurpose and get maximum value from their existing IT investments. It also enables connectivity across the enterprise and out to external departments, partners and customers.
However, exposing IT assets in this way creates a range of security and management challenges, particularly in scenarios where enterprise architectures cross organizational boundaries to connect with external departments, partners, customers, cloud services and the public Web. Therefore, organizations need ways to secure and manage the performance of their services.
Publishing Web services creates new attack vectors, increasing the threat that hackers will find ways to access and misuse enterprise systems. Furthermore, reusing services in new, more widely-distributed applications creates the danger of scaling issues and performance bottlenecks—new applications and a growing user base inevitably put increased pressure on IT resources.
Placing SOA-ready gateway appliances at the edge of the architecture simplifies the process of composing, securing and managing Web services. The most advanced available SOA gateways can be customized to meet highly-specific enterprise requirements and address the most cutting-edge use cases for internal, external and machine-to-machine integration.
CA API Gateway is built on the foundation of the award-winning Layer 7 SecureSpan SOA Gateway. CA API Gateway technology retains and expands upon the SOA governance functionality associated with Layer 7’s classic technology, covering use cases that range from traditional XML and SOAP integrations to cutting-edge Web and mobile deployments.
Because applying IT rules to individual services is inefficient and unsustainable, most organizations adopt a centralized, policy-driven SOA governance model. However, in complex integrations involving multiple stakeholders plus a wide variety of applications and databases, it is often difficult to ensure consistent enforcement of security, business and regulatory policies.
CA API Gateway addresses this challenge by making it simple to control and audit how policy gets deployed and enforced at runtime. CA API Gateway acts as a central point where policies can be efficiently composed, managed and enforced. It includes a simple policy composition interface, which makes it easy to create and reuse policies across services and locations.
To enable the enforcement of these policies, the Gateway delivers functionality for: