Copyright © 2016 HCL Technologies Limited | www.hcltech.com1 Copyright © 2019 HCL Technologies Limited | www.hcltech.com
Nov 18th , 2020
API Management Comparison – Our PoV
Copyright © 2016 HCL Technologies Limited | www.hcltech.com2
Agenda
API Management• Key Parameters
• Product Comparison (Azure APIM vs other products)
• Solution POV
Secrets Management• On Premise Options
• Azure Key Vault
• AKV Architecture
Next Steps• Next Steps
Copyright © 2016 HCL Technologies Limited | www.hcltech.com3
Comparison of Azure, Mule & Dell Boomi
API Management Perspective
Copyright © 2016 HCL Technologies Limited | www.hcltech.com4
CONSENT ON COMPARISON
“The comparison & recommendations provided against each of the API Products are
based on our own assessment & implementation experience on various capabilities.
This does not stand as the thumb rule against the products and this recommendations
are only to set basic guideline for product selection”
Strictly for Internal Use by the Business & Partner
Copyright © 2016 HCL Technologies Limited | www.hcltech.com5
Lifecycle Management - Create, test and Publish APIs
API Gateway to enforce policies
Support for on premise and cloud
Low latency solution
Developer portal
Productized offering
API security
API Management – Solution Capabilities
Copyright © 2016 HCL Technologies Limited | www.hcltech.com6
On Premise On Cloud Hybrid PaaS SaaS
API Management – Deployment Models
Copyright © 2016 HCL Technologies Limited | www.hcltech.com7
▪ Scope of our comparison is mainly on API Management capability only.▪ Each of these Enterprise products have diversified capabilities along with API Management Capability.
▪ Security▪ API Life Cycle▪ API Orchestration▪ Traffic Mediation & Routing▪ Developer and App on-
boarding▪ Cloud Integration
▪ Availability▪ Monetization▪ Documentation &
Productivity▪ Operational Aspects▪ Cost▪ Vendor Support
Our main focus areas of comparison are on:
Azure vs Mule vs. Dell Boomi
Copyright © 2016 HCL Technologies Limited | www.hcltech.com8
Feature
API Keys Excellent. Multi level Subscription keys Excellent. User Specific, Key specific calls restrictions are provided
Adequate
Identity Management
Excellent. Integration with Multiple AD domains Excellent. Provides sandbox environments, Audit log etc.
Excellent. Nano level services control over identity verification could be provided
Threat Protection
Excellent. Rate Limit, DoS attacks, IP filters, JWT token validation. Customizable threat protection policies to create complex rules.
Excellent. Protection at multiple layers. Policies for XML & JSON threat protection, Rate limiting for DoS attacks, Oath, CORS
Excellent. Provides atmospheric APIs to provide threat protection
Schema Validation
Excellent Excellent. Validation component for XML & JSON schema validation is available.
Excellent. Provides cleaning shape process APIs to validate document field values -repair or reject the document before processing
Encryption / masking
Excellent. Encryption of data in motion and at rest.
Excellent. Encryption module that allows for encryption of data in motion and at rest. Masking of desired PII data can be achieved.
Excellent. Base 64 encode/decode functionality through data process shape.PGP Encryption/Decryption functionality through data process shape.
Token Management, OAUTH, SAML
Excellent Excellent. Federated access and protocol conversion is supported
Adequate
SSL & PKI Signatures
Excellent Adequate Adequate
API Security & Identity
Copyright © 2016 HCL Technologies Limited | www.hcltech.com9
Feature
Versioning Adequate. Supports multiple active versions, supports routing based on consumer through Azure Gateway
Excellent. Provides shared API Portal for versioning, deletion and deprecation of deleted APIs – no further access by new consumers, multiple active versions, automated routing based on clients
Excellent. Provides life cycle process for API Versioning, support for multiple active versions
Deployment Excellent. Azure DevOps CI/CD pipeline helps in automating the whole deployment process. Can be deployed to multi-regions in few clicks.
Excellent. API promotion and environment can be managed separately from API implementation. Same implementation can be run in Mule IPaaS, on-prem or other public/private clouds.
Adequate. Deployment function is inbuilt into the platform. Atomsphere API's are also available which could be used to integrate deployments through external CI-CD tools.
Life Cycle Excellent. Design and implement reusable APIs with complete CI/CD – integration with 3rd party testing / defect tracking / mgmt. tools. Manage, orchestrate, monitor, analyze usage of APIs. Supports highly scalable and multi-region environment.
Excellent. Reusable APIs, Automated CI/CD process, manage APIs, orchestrate, monitor, analyze, and facilitate reuse to increase API consumption.
Excellent. Provides unified platform for life cycle management
Publishing to Multiple External Stores
Average Excellent. OAS API prepared can be shared with external stores.
Adequate. While Atomsphere API Management Platform is one, but underlying Atoms in private mode could be deployed to multiple regions, nodes
API Lifecycle Governance
Copyright © 2016 HCL Technologies Limited | www.hcltech.com10
Feature
Workflow Excellent. LogicApps to integrate with business applications and define workflows on Azure –with 100s of in-built connectors, Custom workflows through Azure Service Bus, custom Logic Connectors
Excellent. Provisions to integrate with external workflow engines. MuleSoft provides many OOTB routing components to implement complex orchestrations scatter-gather, aggregation, splitter/for-each , etc.
Excellent. Provides low code development platform for workflow management. Boomi Flow could be leveraged for advanced workflow features, Complex Orchestrations involving multiple systems could be achieved in Boomi through different Logic/Connect/Execute Shapes
Service Consolidation
Excellent. Extensive set of policies for serviceconsolidation. Unified API endpoint to expose internal and external APIs injecting common authentication making it transparent to end users.
Excellent. Provides rich set of consolidation rules. Routing of multiple services using various process API can be aggregated to achieve API consolidation
Adequate. Provides design time tools for API Management. A Single API with multiple operations on different HTTP Methods and multiple underlying Implementation processes could be achieve in Dell Boomi
Branching Policies
Excellent. Provides support for various branching policies through Azure Repos/ DevOps Server 2019 / TFS 2018.
Excellent. Mule Anypoint platform provides IDE for branching policy creation
Excellent. Provide visual design tools for creating branching policies. Support is available to drive multiple Code branches for different requirements .
API Orchestration
Copyright © 2016 HCL Technologies Limited | www.hcltech.com11
Feature
Data Format Transformation
Excellent. Provides Extensive set of transformation rules
Excellent. Has powerful transformation engine Dataweave to transform data.
Adequate. Provides map component functions for data transformation
Protocol Conversion from SOAP to REST
Excellent. Possible through SOAP Pass through. This could also be customized using policies
Adequate Adequate
Legacy Integration
Excellent. Possible through Azure Service Bus Adequate Excellent. Provides enormous set of integration components
Traffic Mediation
Copyright © 2016 HCL Technologies Limited | www.hcltech.com12
Feature
Client ID & App Key Gen.
Adequate Adequate Adequate
Interactive API Console
Excellent. Extensive provision to publish & explore services. Auto-generated API catalog, Manage developers’ access and usage from one place. Provide API usage reports and an interactive console for API testing.
Excellent. API console gets auto generated at design time using the specification itself. API mocking is OOTBSufficient access to manage certain aspects of look & feel of the Dev Portal is possible.
Average. API console is a bit lagging in Dell Boomi API Management module. Only a swagger visualization portal is available to help developers.Boomi is expected to release enhance features in this aspect in next few months
Catalogue Adequate Adequate Adequate
Search & Provisioning
Excellent. Extensive provision to search throughthe product catalogue
Excellent. It has rich search capability. Adequate. Provides multiple search options
Developer & Application On boarding
Copyright © 2016 HCL Technologies Limited | www.hcltech.com13
Feature
Data Format Transformation
Excellent. Extensive policies could be customized as per the transformation need
Excellent. Advanced dataweave feature can be used to transform various data formats.
Exellent. Dell Boomi Visual Mapper supports formats like JSON, XML, CSV, EDI etcOOTB Functions like Lookup, Connector Call, scripting etc make complex transformations possible to do in Boomi.
Protocol Conversion from SOAP to REST
Adequate. OOTB capability to convert a SOAP API to REST
Adequate. Protocol conversion can be achieved using transformation.
Adequate
Legacy Integration
Excellent. Possible through Azure Service Bus Excellent. Platform enables legacy system like DB, JMS, MQ, File integration with help of nearly 140 connectors. Custom connector can also be build using SDK kit.
Excellent. Boomi supports AS 400 integration. Custom groovy scripting leverages external libraries. Custom connectors with inbuilt technology connectors can also be leveraged.
Rate Limitation Excellent. Rate Limit policies can be defined. Multiple level of throttling setup i.e., user, location, key, geography etc.
Excellent. Various policies like rate limitation on API usage with SLA tier can be applied in API Manager
Excellent. Restrict number of incoming requests for a specified time period per Atom or per Environment is possible.
Caching Excellent. Radis Cache for custom caching modules – can be used as an in-memory data structure store, a distributed non-relational database, and a message broker.
Excellent. Mule Object Store is used for caching the response. Integration with External Caching Provider supported.
Adequate. Inbuilt Document Caching mechanism.
Traffic Mediation & Routing
Copyright © 2016 HCL Technologies Limited | www.hcltech.com14
Feature
Traffic Monitoring
Excellent. OOTB Azure Monitor. Azure Event Hub Plugins and extensive support to integrate with various monitoring 3rd party tools.
Excellent. Customized dashboard for API monitoring and provision to setup the custom & trigger notifications.
Excellent. Provides dashboard to perform real time monitoring
Analytics on Traffic
Adequate. Azure Monitor -Metrics, Diagnostic Logs and Alert rules, Analytics, Integration through LogicApps to alert stakeholder, take necessary action based on analytics
Adequate – AnyPoint visualizer, AnyPointMonitoring Component
Adequate. OOTB Dashboards available to view statistics like API Usage History, API Usage Trends and Average Response Times. This can be filtered out to the levels of different environment types as well as Day/Week/Month/Year Basis
Analytics & Traffic Monitoring
Copyright © 2016 HCL Technologies Limited | www.hcltech.com15
Feature
SSO to SaaS Providers
Excellent. Default and external token issuance systems could be configured. Azure domain store could host number of AUTH providers
Excellent. All SAML2.0 based configured SAML identity provider (ID) are supported
Adequate.
IaaS Integration Excellent, Express Route provisions the integration facility
Excellent. VMs can be configured to run Mule runtime to run applications
Adequate. Dell Boomi Atoms are supported on various IaaS clouds.
SaaS Data Connectors
Excellent, through Azure Service Bus provides variety of connectors
Excellent. Platform provides various OOTB connector support like Salesforce, MongoDB, Workday, SAP Hybris, Amazon S3, etc.
Excellent. It provides various connectors to integrates your on-premise and cloud-based applications. Connectors to all leading SaaS providers are available in Boomi (150+ Connectors are available)
Cloud Integration
Copyright © 2016 HCL Technologies Limited | www.hcltech.com16
Feature
System Monitoring
Excellent. Azure Monitor - provide near real-time alerting in public preview for platform metrics from Azure services such as Virtual Machines, Networking, ServiceBus, EventHubs, etc. Surfaces metrics and logs from many services such as, Networking, Storage, Traffic Manager, Network Interfaces, Express Routes, Load Balancers, Data Lake Store, Data Lake Analytics, etc. ,
Excellent. Monitors the performance across servers and apps. Platform provide OOTB API and Runtime monitoring supports event driven alerts, logging support, monitoring dashboards for managing the application health
Adequate. Monitoring Options are available for "Shared Web Server", "Atom, Molecule & Atom Clouds".System monitoring with JMX and Disk Space monitoring options are also available.
Clustering & Scalability
Excellent. API could be hosted in Multi Region High availability zones.OOTB capabilities - Azure Service Fabric Cluster, Azure Service Mesh. OOTB capability to scale up/down, upgrade/downgrade to any of the 4 tiers (Dev/Basic/Std./Premium), supports scaling to multi-region/geo.
Adequate. It has limitation to have maximum of eight nodes in a cluster. Clustering is supported on on-prem. On cloud auto-HA deployment & LB features are used. Horizontal scalability feature is supported for all deployed application based on events configured.
Excellent. Atmosphere is multi-tenant platform. Both Horizontal and Vertical scaling is possible.Features like Atom Workers, Molecules can also aid in scaling up the API Implementations.Clustering of Atoms to form a molecule (HA and LB) is supported OOTB for private Atoms.
Operational Integration
Copyright © 2016 HCL Technologies Limited | www.hcltech.com17
Feature
Auto healing Excellent Excellent. Cloudhub monitors and provide self-healing mechanism.
Adequate
Auto scaling Excellent Adequate Adequate
Automatic Cluster Discovery
Excellent Adequate Adequate
Dynamic Load Balancing
Excellent Adequate Adequate
VM/Container Support
Excellent Adequate Adequate
Multi Tenancy Excellent Excellent Adequate
Multi Region Deployment
Excellent Adequate Excellent
Availability
Copyright © 2016 HCL Technologies Limited | www.hcltech.com18
Feature
Usage Plans Excellent. You can create stripe plans for your products
Adequate Adequate
Billing Engine Integration
Excellent. Payment provider could be integrated for collecting payments
Adequate Adequate
Rate Plan Adequate Adequate Adequate
Monetization
Copyright © 2016 HCL Technologies Limited | www.hcltech.com19
Feature
Technical Support
Excellent Excellent Excellent. They have different flavours of support namely standard, premium & premium plus.
Learning Curve Excellent Excellent Excellent. Provides good trainings and manual for learning the Dell Boomi.
Ease of Development
Excellent Excellent Adequate
Documentation & Developer Productivity
Copyright © 2016 HCL Technologies Limited | www.hcltech.com20
Feature
Pricing Cost Effective compared to AWS. Priced at different Tiers based on SLA. Pay as you go model.
Pricing is high compared to other API tools. MuleSoft supports annual subscription-based model.Many customers feedback is that pricing is not that cheap, but value for money at enterprise level. Considering one needs to purchase the Platform even if they want only 1 core, it makes sense only at enterprise level.
Expensive comparing to APIGEE. 1. Boomifollows connection-based subscription pricing model.If an enterprise plans to use more than 20+ connectors, Boomi offers attractive pricing that can be negotiated.
Cost
Copyright © 2016 HCL Technologies Limited | www.hcltech.com21
1. API Security & Identity
2. API Orchestration
3. Traffic Mediation
4. Developer & Application Onboarding
5. Routing
6. Cloud Integration
7. Operational Integration
8. Availability
9. Monetization
10.Documentation & Developer Productivity
1. API Life Cycle Governance
2. API Orchestration
3. Analytics & Traffic Monitoring
4. Cloud Integration
1. Operational Integration
Final Chart of Comparison – Qualitative Benefits
Copyright © 2016 HCL Technologies Limited | www.hcltech.com22
Features AKV Hashicorp Vault
License type PaaS (standard and premium Tier) Open Source (for Enterprise setup license required – very high cost)
Operational Effort No / minimal operations effort Needs setup and maintenance effort additionally
Security Certification FIPS 140-2 Level 2 (Leve 3 – AKV Managed HSM) FIPS 140-2
Keys protection Encrypted through Software keys(HSM protected keys-Premium Tier)
HSM Keys
Scalability Can scale up through simple UI configuration To be constantly managed and monitored
Availability Well Managed through Azure – high availability achieved through simple steps
To be self managed
Replication Easy replication of key Vault across regions Supported only in Enterprise version
Backup Key Vault Yes Yes
Import Keys (BYOK) Can import keys securely from on-prem Scripts need to be written/ customized
Secret Management – Product Options
Copyright © 2016 HCL Technologies Limited | www.hcltech.com23
Features AKV Hashicorp Vault
Supports on-prem Can act as an on-prem setup through Azure Stack Yes
Access Control Yes Yes
Dynamic Secrets No Yes
Seal Vault in case of compromise
No Yes
Certificate Mgmt. Yes Yes
Data Encryption Yes Yes
Key rotation Yes Yes
Stream to an Event Hub Yes Need separate implementation
Integrate with Azure Monitor Logs
Yes Need separate implementation
Integrate with variety of DBs and tools
No Yes
Need in-house knowledge of HSM
No Yes
Secret Management – Product Options
Copyright © 2016 HCL Technologies Limited | www.hcltech.com24
1. Control Access to Key Vault2. Limit Access to Key vault data3. Limit number of users with
contributor access4. Use separate Key Vault per
application per environment
5. Backup Key Vault on each
change
6. Turn On logging and setup
alerts
7. Restrict access to Key Vault logs
8. Limit network exposure
9. Turn on Soft recovery options
Best Practices
Copyright © 2020 HCL Technologies Limited | www.hcltech.com
Azure Key Vault – Reference Architecture
24
Copyright © 2016 HCL Technologies Limited | www.hcltech.com25
“We have detailed out the qualitative benefits of using the said products & detailed portfolio analysis could help arrive at the best-fit product”
Recommendation
Copyright © 2016 HCL Technologies Limited | www.hcltech.com2626
$7 BILLION ENTERPRISE | 110,000 IDEAPRENEURS | 31 COUNTRIES
Prabhu RamaswamyLead Solutions ArchitectModern AD – API & Micro Services CoE.
Content Contributors
Subramanian VeerappanEnterprise ArchitectEPS – Azure Development & DevOps CoE
Rajinder GuptaSenior Solutions ArchitectBusiness Productivity Services CoE
Sarika SehraTechnical ArchitectBusiness Productivity Service CoE