Kristen Malzone (CA) :
Alright! Let's get started!
Kristen Malzone (CA) :
If you have a question for the API Management product team, please enter it here in the chat window.
Kristen Malzone (CA) :
Product experts are standing by to answer your questions about CA API Gateway, CA API Developer Portal, and CA Mobile API Gateway in real-time!
Atul Raut :
I will start first.. My questions are primarily to understand the best practices for API Managament and API Gateway products.
Atul Raut :
When a new user signs up on the portal, he becomes to the organization admin. This OrgAdmin then invites the rest of the developers. How is the specific roles (API Owner, cmsuser) assigned to the invited developers? OrgAdmin doesn't have access to the /admin page. Role change can happen only the /admin page.
Atul Raut :
let me know if any of my questions are more appropriate to be posted on the CA Communities instead of being posted on this office hours..
Atul Raut :
I have few more questions pertaining to API Mgmt and Gateway.. let me know if you want me to post all questions together
Kristen Malzone (CA) :
@Atul - Great questions!
Kristen Malzone (CA) :
@Atul - We'll get an answer to you shortly
Pawel :
What is the SDK generation feature? How does it work?
Kristen Malzone (CA) :
@Pawel - For which product?
Pawel :
For the portal.
Dustin Dauncey (CA) :
@Atul - I will test this right now to confirm. Please standby.
Atul Raut :
@Dustin.. thanks..
Atul Raut :
Here are my remaining questions related to Developer Portal -
Atul Raut :
2) What is the best practice in setting up Developer Portal environments? If the gateway has Dev, Stage and Prod environments then does the portal also have Dev, Stage and Prod env?
3) Where is Developer Portal mostly located? In DMZ or Internal network? My assumption is that if only Internal developers need to access the developer portal then it should be hosted in Internal network and if we have external developers also accessing then the same should be hosted in DMZ. Let me know if this assumption is correct.
Atul Raut :
Here are my questions related to CA API Gateway -
Atul Raut :
1) How is XML VPN Client used? Are we still using it?
2) Are we still using Enterprise Service Manager?
3) What is the use of Manage HTTP Options ?
4) Do we have any repository of policies with the industry best practice considerations for standard usecases? For eg. Policies for SAML Web SSO for both IDP and SP
Alejandro Calbazana :
Hello, does anyone have any best practices for source control?
Aaron Flint :
@Atul, I'll try to answer some of your questions
Alejandro Calbazana :
I also have that question about ESM
Philip Walston :
Regarding Portal question #3, the Portal is usually located in the internal netowrk by most of our customers, even those with external customers. Obvioulsy they must tunnel/proxy traffic through the firewall accordingly.
Aaron Flint :
1) The XML VPN Client can still be used to provide tightly coupled security between a client and Gateway, and there are no current plans to end that model in the forseeable future. There are some clients that are using it, but it depends on individual customer use cases as to when and how it is used.
Aaron Flint :
2) ESM: We still support the ESM for monitoring and reporting use cases. However, for migration, we now have the Gateway Migration Utility (GMU) that was released with the 8.2 version of the Gateway.
Stephen Mak :
Question Atul: When a new user signs up on the portal, he becomes to the organization admin. This OrgAdmin then invites the rest of the developers. How is the specific roles (API Owner, cmsuser) assigned to the invited developers? OrgAdmin doesn't have access to the /admin page. Role change can happen only the /admin page.
Response Portal team: this is on-prem portal. in general you would not want your External users (Org Admins, Developers) to have roles such as API Owner and CMS user. API Owner and CMS user roles allow the user to publish APIs and documentation and such.
Atul Raut :
@Philips, @Aaron, @Stephen Thanks for the responses
Philip Walston :
Regarding respository of polices, we don't have cut and paste templates for most of this but the Communities site has some examples and Support and oru Pro Serv organization may have a few as well. We are working on writing some more of this up in resources for the Communities site, so I will add your examples to the hopper for consdieration.
Dustin Dauncey (CA) :
@Atul - In regards to the new user sign-ups & roles question... When testing, I found that the first user gets the organizationAdmin role and the registeredUser role. However, each user invited then receives only the registeredUser role.
Atul Raut :
@Philip.. thanks.. @Dustin ...ok thanks
Aaron Flint :
@Atul, 3) the manage HTTP options dialog will allow you to manage various outbound HTTP options, that would otherwise be outside of the regular options provided in the HTTP Routing assertion. For example, this dialog would allow you to configure an HTTP proxy server that the Gateway would use for outbound HTTP connections
Atul Raut :
@Aaron...ok HTTP Proxy is good use case... How is the Add option used on the Manage Http options dialog?
Dustin Dauncey (CA) :
@Atul - In regards to the best practices for setting up Portal environments for staging and dev and production... typically our users set these up uniquely (so one Portal takes on the role of Production, and another Portal takes on the role of Development, etc.), and whenever something comes out of one environment and should be added to an upper environment like Production, users take advantage of the patching process. That process is detailed this page and the pages beneath it: https://wiki.ca.com/display/APIDP31/Migrate+Content+Between+API+Portals
Atul Raut :
@Dustin.. thanks
Aaron Flint :
@Atul - the Add option will allow you to add an HTTP rule to apply to a URL. The types of rules that can be applied are varied, but in general, you would add a rule, and then use that rule to apply to a URL in another assertion
Aaron Flint :
for example, our Gateway HTTP routing assertion uses a set of default HTTP rules around timeouts. You can use this dialog to configure a set of custom timeouts, and then apply those custom settings to a specific URL that you are using in another assertion
Aaron Flint :
which would then override the defaults on the Gateway
Stephen Mak :
@Alejandro - re: best practices for source control. there is a similar question posted in the communities page, and we will respond to that question with references to content in the policy migration guide. Look for the response there in next day, or so
Alejandro Calbazana :
thanks
Atul Raut :
@Aaron.. so if we create an entry for host https://dev.abc.com and set the connection timeout value to 60seconds, then in all the policies on this gateway which has route assertion pointing to host https://dev.abc.com will pick up the connection timeout of 60secs the Manage HTTP options section?
Aaron Flint :
@Atul, I believe that is the case. In the case of the HTTP routing assertion, these values are already configurable at the assertion level as well. I need to find out for sure whether or not this dialog allows you to globally set HTTP routing options for this assertion
Atul Raut :
@Aaron.. thanks..
Pawel :
Any chance to get answer for my question during this chat?
Aaron Flint :
@Pawel, I'm trying to track someone down that can help with the answer
Pawel :
ok. Thank you.
Gary Ellwood (CA) :
@Pawel: I'm not sure what the "SDK generation feature" "For the Portal" is. Can you give us more info about this, such as where you found it or learned about it?
Kristen Malzone (CA) :
Just over 10 minutes left! Get your last questions in now!~
Gary Ellwood (CA) :
@Pawel: We do have an SDK for the MAG (Mobile API Gateway), but I haven't heard of an SDK for the API Developer Portal.
Pawel :
Thanks for reply.
Kristen Malzone (CA) :
Thanks for joining this month's session of CA API Management Office Hours!