Layer7 API Management

  • Private Community
 View Only

  • 1.  Recommendation for internet facing ApiGW server

    Posted Aug 06, 2019 09:00 PM

    We are setting up internet facing ApiGW instance and looking for recommendation/guide. I couldn't find a guide anywhere on internet/CA docops so, posting my query here for your recommendations.

    We are planning on implementing following assertions. Would you be able to recommend the optimal configuration or share the recommended link if you may have?

    https://docops.ca.com/ca-api-gateway/9-4/en/policy-assertions/assertion-palette/threat-protection-assertions

    https://docops.ca.com/ca-api-gateway/9-2/en/policy-assertions/assertion-palette/threat-protection-assertions/limit-message-size-assertion

    https://docops.ca.com/ca-api-gateway/9-2/en/policy-assertions/assertion-palette/service-availability-assertions/resolve-service-assertion

    https://docops.ca.com/ca-api-gateway/9-2/en/policy-assertions/assertion-palette/service-availability-assertions/apply-rate-limit-assertion/

    (currently, setting maximum limit of 100 requests per second, over 5 seconds, the bucket can hold up to 500 tokens) – what you would have set?

     

    Appreciate your response & view on this.



    ------------------------------
    Thanks,
    Shashi
    ------------------------------


  • 2.  RE: Recommendation for internet facing ApiGW server
    Best Answer

    Posted Aug 07, 2019 01:25 PM
    Hi.

    It really depends on service usage.

    You need to consider various aspects on a service execution (e.g.: payload size, simultaneous requests, available resources to gateway, capacity of backend)  to determine a starting point. From there it is a work of observation and fine tunning as needed.


    ------------------------------
    Sr. Consultant Services
    HCL Enterprise Studio
    ------------------------------

    Original Message


  • 3.  RE: Recommendation for internet facing ApiGW server

    Posted Aug 07, 2019 06:27 PM
    Edited by Shashi Ranjan Aug 07, 2019 06:28 PM
    There will be good load on this env/service because it will be exposed to internet and all the traffic for back-end resources will be routed by this setup. Roughly 1000+hits/minute. 

    I am looking for what is optimal config recommendation for setting up ApiGateway in DMZ/internet facing env and general security recommendations i.e. (make sure you have threat protection, checking the size of the request, logging the incoming traffic, have session checks, apply/tune rate limit).

    From your points: What I should be checking for -
     available resources to gateway - you mean hardware resources here?
     capacity of backend - mysql instance of ApiGW?
    Original Message