Layer 7 API Management

Expand all | Collapse all

Recommendation for internet facing ApiGW server

  • 1.  Recommendation for internet facing ApiGW server

    Posted 16 days ago

    We are setting up internet facing ApiGW instance and looking for recommendation/guide. I couldn't find a guide anywhere on internet/CA docops so, posting my query here for your recommendations.

    We are planning on implementing following assertions. Would you be able to recommend the optimal configuration or share the recommended link if you may have?

    https://docops.ca.com/ca-api-gateway/9-4/en/policy-assertions/assertion-palette/threat-protection-assertions

    https://docops.ca.com/ca-api-gateway/9-2/en/policy-assertions/assertion-palette/threat-protection-assertions/limit-message-size-assertion

    https://docops.ca.com/ca-api-gateway/9-2/en/policy-assertions/assertion-palette/service-availability-assertions/resolve-service-assertion

    https://docops.ca.com/ca-api-gateway/9-2/en/policy-assertions/assertion-palette/service-availability-assertions/apply-rate-limit-assertion/

    (currently, setting maximum limit of 100 requests per second, over 5 seconds, the bucket can hold up to 500 tokens) – what you would have set?

     

    Appreciate your response & view on this.



    ------------------------------
    Thanks,
    Shashi
    ------------------------------


  • 2.  RE: Recommendation for internet facing ApiGW server

    Posted 15 days ago
    Hi.

    It really depends on service usage.

    You need to consider various aspects on a service execution (e.g.: payload size, simultaneous requests, available resources to gateway, capacity of backend)  to determine a starting point. From there it is a work of observation and fine tunning as needed.


    ------------------------------
    Sr. Consultant Services
    HCL Enterprise Studio
    ------------------------------



  • 3.  RE: Recommendation for internet facing ApiGW server

    Posted 15 days ago
    Edited by Shashi Ranjan 15 days ago
    There will be good load on this env/service because it will be exposed to internet and all the traffic for back-end resources will be routed by this setup. Roughly 1000+hits/minute. 

    I am looking for what is optimal config recommendation for setting up ApiGateway in DMZ/internet facing env and general security recommendations i.e. (make sure you have threat protection, checking the size of the request, logging the incoming traffic, have session checks, apply/tune rate limit).

    From your points: What I should be checking for -
     available resources to gateway - you mean hardware resources here?
     capacity of backend - mysql instance of ApiGW?