Layer7 API Management

 View Only

 No maker/checker functionality in Gateway application for UAM activities.

Kuldeep H's profile image
Kuldeep H posted Jul 23, 2024 08:07 AM

API Gateway is a key component in system design, particularly as a centralized entry point for managing and routing requests from clients to the appropriate microservices or backend services within a system. All the APIs over APIGateway are developed by developers by using multi layer security features for numerous applications where multi level checkpoints are mandatory to validate to mitigate the errors and risk levels. Lack of maker/checker functionality can also cause a risk factor where unwanted changes can be implemented by mistake even in production live environment. 

Here my point is to indicate that maker/checker functionally can be a key factor to implement in gateway application for such UAM and change/release management activities. This will also help for developers and scrum masters to implement changes during agile methodology. For reference, currently we are using Gateway version 11 in work environment.

Please put your views on this topic and this would be great if OEM could provide any response to implement this functionality in their upcoming releases.

Regards,

Kuldeep 

Joseph Fry's profile image
Broadcom Employee Joseph Fry

Kuldeep,

I am not on the API Gateway product team, so I cannot comment on the roadmap.  However, if you have been following the development of the API Gateway over the last few years, you would see a trend toward Kubernetes.  A huge part of this movement was recently introduced, called the Layer7 Operator

One of the super-powers of the operator is to make the gateways completely ephemeral and leverage a GIT or artifact repository for all of your gateway policy and configuration; and of course GIT has excellent controls for change/release management, far beyond anything that could be added to the product.

If container gateways with the Operator are not of interest to you, there are ways to implement similar controls off-box using the RestMan and/or GraphMan API's.  For example, you could have a Jenkins workflow that, after approval, applies an uploaded bundle to the production gateway.

I guess what I am saying, is that I doubt we will see any major effort to build change/release management workflow into the product.  That would create a lot of code to maintain for a feature that doesn't contribute to the core functionality of the product and will never be as good as existing 3rd party solutions.

Kuldeep H's profile image
Kuldeep H

Agreed Joseph,

We are not planning to move on container gateways for now, but will surely evaluate them in the near future.

As you mentioned correctly, Git/Jenkins would certainly help here but we wanted to check whether Broadcom has planned any upcoming releases which will have such controls internally.

Ben Urbanski's profile image
Broadcom Employee Ben Urbanski

Hello Kuldeep,

We're beginning a new project focused on a new gateway management user experience. There are many things we want to accomplish with this project, and it's likely that it will lead to many releases over a long period of time. However, maker/checker functionality to help many the change lifecycle of gateway configuration, including but not limited to service definitions and policies, will be a part of that project.

In the meantime, as Joseph pointed out, customers use various existing capabilities together with their own tools and processes to accomplish something similar today. Managing gateway configuration as code in the form of Restman, or more recently Graphman, bundles exported to git or other source repositories is often a part of that. That can be done across gateway form factors, and without the Layer7 Operator for container gateway. However, the Layer7 Operator is uniquely capable for doing that dynamically for container gateways, and otherwise provides the automation for doing it that customers would have to come up with on their own using Restman or Graphman.

Kuldeep H's profile image
Kuldeep H

Hi Ben,

Any update on the project focused on new gateway management experience.

Regards,

Kuldeep

Ben Urbanski's profile image
Broadcom Employee Ben Urbanski

Hello, @Kuldeep H. Regarding the new Policy Manager replacement project, we plan an update on its progress in an upcoming monthly Office Hours. That might be as soon as March or April. They're normally announced in the community portal.

Kuldeep H's profile image
Kuldeep H

Hi Ben/Team,

Please let me know whether any update here.

Ben Urbanski's profile image
Broadcom Employee Ben Urbanski

No change from before. We did provide a preview of the Policy Manager replacement project in yesterday's May Office Hours which should be posted to the community soon.

Kuldeep H's profile image
Kuldeep H

Team, please confirm whether received any update so far.