Upload
tranquynh
View
219
Download
0
Embed Size (px)
Citation preview
Driving Digital to Systematics Using APIs to Enable Digital Agility
April, 2017 Gautam Bhan, Services Practice Executive
Session Highlights
• Creating the “Digital” experience
• Core architecture evolution and integration challenges
• Mediated APIs as an abstraction pattern that enables digital agility
• Integrating to Systematics using APIs
• API design and development
• Security use cases
• API demonstration
• Key takeaways, Q&A, wrap up
2
The Digital Experience – an Evolution of the Customer Interaction Model
Evolution of the Customer Interaction Model
Creating a Seamless, Rich User Experience
Traditional Branch
• Full service
• Banker’s hours
• Fixed location
• No device constraints
• Some fulfillment may lag
ATM
• Partial service
• 24/7 for some functions
• Additional locations
• No device constraints
• Some fulfillment may lag
IVR/Call Center
• Full service
• 24/7
• No geo constraints
• Telephone needed
• Some services may lag
Online Banking
• Partial services
• 24/7 for some functions
• Limited to PC locations
• Access to PC needed
• Some services may lag
Mobile Banking
• Partial services
• 24/7
• No geo constraints
• Personal mobile device needed
• Some services may lag
Target Digital Experience
• Everything
• Anytime
• Anywhere
• On anything (IoT)
• Fulfill now
4
Barriers to Achieving Target Digital State
• IT and Digital Business run at different speeds
• Integration and core changes can be the long pole and slow agile innovation
Agility and Time to Market
Cost and Time to Change
Area of
maximum
friction
5
Driving Digital Access to Core Assets
Benefits
Evolution of the Core
Monolithic Architecture
• All-in-one
Modular Architecture
• Multiple modules with logical aggregation of business functionality
Component Architecture
• Best of breed components
• Incremental transformation
• Abstraction of Core assets
Microservices Architecture
• Decomposed, containerized, individually scalable functionality
• Integrated Development and Operations
Screen/transactions
SOA Services
APIs
Microservices
6
Digitally Enable Core Core Currency - Opening Integration – API Enablement
Extend Business Capabilities with Enterprise Business Components across all FI Cores
Enable Customer Relationship Centricity
Enable Customer Active Analytics Digital Banking Integration
Improve Operational Model & Process Rationalization
Systematics Modernization Focus Areas Each bank will modernize and evolve their banking capabilities with a sequence and timeframe aligned to their business and technology drivers and their capacity to absorb and implement change into their environment
Banking
Modernization
1
2
3
4
5
Mediated APIs Enable Digital Innovation
APIs are foundational for any digital business.
They enable the API economy, multichannel
applications, pervasive integration and other
digital business scenarios. Application
architecture leaders should strategically adopt
the mediated APIs model to enable and
protect their APIs.
Reference: “Mediated APIs: An Essential Application Architecture for Digital Business” -- Gartner, 26 August 2016
9
APIs Defined
• Application Programming Interface (API) is a term used to describe interfaces for software to
invoke other reusable software functionality
• APIs have been around for many years in different forms on different technology platforms
• APIs can invoke reusable software in-process or remotely (i.e. located on a different computer)
• APIs represent the façade of the interface, various providers implement the APIs
• For the purposes of this discussion the following context is assumed:
– APIs are invoked using the Representational State Transfer (REST) communication protocol
– HTTP is used as the underlying protocol (specifically the use of the HTTP 1.1 verbs GET, POST, PUT, and DELETE)
– API call request and response payloads are transmitted using JavaScript Object Notation (JSON) format
– “Swagger” is used as the framework for designing, documenting and invoking RESTful APIs
– The terms “Business APIs”, “Web APIs” or “APIs” are used interchangeably to refer to outwards facing (via the web) easy-to-use interfaces for common business assets (e.g. Account, Customer, etc.)
10
APIs and Application Architecture
• “Services” are an essential element of a Services Oriented Architecture (SOA)
• In recent years SOA has been a dominant enterprise architecture pattern for implementing IT
solutions
• SOA relies predominately on “macro” services, often using XML and SOAP
• SOA services have had challenges, among which are:
– Complicated SOAP interface with large payloads that are not easy to consume
– Services taxonomy primarily oriented around System of Record (SOR) view rather than end consumer
• Future application architectures are trending towards a “mesh” approach
– Distributed, loosely coupled autonomous components
– Technology and platform agnostic, event-driven, auto scaling back-end services
– Composed, loose mesh of apps and “microservices” invoked via APIs
11
Microservices Concepts
• An architecture pattern in which applications
are composed by employing smaller services
that execute autonomously
• Microservices run inside “containers”, which can house services built using a variety of
technologies, and can run on various
technology infrastructures
• Containers can be made to auto scale
depending on demand, using workload
management solutions
• Microservices communicate with each other,
usually employing an asynchronous event
mechanism
• Microservices may or may not be directly
associated with presentation (UI)
• Microservices maintain their own persistent
data
• Stateless
• Individual smaller function, organized around
very specific business functionality
• Communicates via REST/HTTP
• Could be deployed in a hybrid model, on
premise for predictable load, in the cloud for
higher load
Commonly Understood Characteristics
12
Virtualized Microservices
• Systematics microservices implementations are “virtualized” interfaces
• Mediations built on top of existing HTTP interfaces to the core as well as “true” microservices (cloud or on premise)
– Capability to abstract and aggregate across Systematics and other components
– Translation between semantics, protocols, security mechanism, etc.
– Enables low-impact incremental evolution of back end components
• Organized and designed around meeting specific business needs
– Driven by front-end requirements, rather than being transaction or screen centric
– Granular, easy to use -- hides complexity of back-end interfaces
• Scaling characteristics determined by implementation
– Back-end SOAP/REST services scale traditionally
– Aggregated cloud-based containerized microservices scale and recover dynamically
13
The mediated APIs
architectural model is a
solution for enriching and
protecting interactions
between distributed
components. Reference: “Use Mediated APIs to Connect Your Legacy and Packaged Systems With Modern Applications” – Gartner, 26 August 2016
14
Abstraction Through Mediated APIs
15
Systematics Integration -- Today
• Systematics Web Services
• Systematics REST Services
• Screen-oriented
– 3270 “Green Screen”
– Browser Based Interface (BBI)
– “Screen Scraping”
• Canonical model based
– Xpress (IFX)
• Other – MQ, etc.
16
End to End Integration with APIs
• Core “system” microservices virtualize
existing integration
• Business-driven design
• These services can
aggregate or orchestrate
other cloud-based
microservices that are
containerized, auto-
scalable, etc.
• Enable front-end
innovation to run faster
17
Designing and Building APIs
API Implementation Approach
• Establish standards for exposing APIs through an API management solution
– “Outside facing” APIs abstract the domain model and provide a mapping between semantics, protocols, security mechanisms, etc.
– Drive API design from the outside in, rather than inside out -- existing integration typically tends to reflect the domain model
– Use API management as a pass-through proxy for existing business-oriented fine grained back-end services
– Mediate granular APIs focused on business needs to coarse services as appropriate
• Design business APIs based on real consumer needs
– Without concern for technology platform and core capabilities
– Abstract complex message-centric processing
– Should be concise and simple to consume
• Establish API governance and lifecycle management strategies
• Respect the interface and refactor implementations as technologies and back-end topologies evolve
19
Partial List of Prototype Operations
API Starter Kit -- Systematics
GET /customer/{customerId}/accountlist
GET /account/{acctId}/recxfer/inq?type={val1}&ctl1={val2}
POST /account/{acctId}/histinq
POST /account/{acctId}/recxfer/add
POST /account/{acctId}/recxfer/upd
POST /account/{acctId}/recxfer/del
GET /account/{acctId}/deposit?type={val1}&ctl1={val2}
GET /account/{acctId}/loan
GET /customer/{customerId}/profile
GET /account/{acctId}/loan/payoff/{payoffAsOfDate}
POST /customer/{customerId}/address
POST /customer/{customerId}/accountrelation/add
POST /customer/{customerId}/accountrelation/del
POST /transferfunds
20
Partial List of Prototype Operations
API Starter Kit – Enterprise Customer
GET /banks/{bankId}/customers/{customerId}/preferences
POST /banks/{bankId}/customers/{customerId}/preferences
GET /banks/{bankId}/customers/{customerId}/extattributes
POST /banks/{bankId}/customers/{customerId}/extattributes
GET /banks/{bankId}/extattributes
POST /banks/{bankId}/extattributes
POST /banks/{bankId}/customers
GET /banks/{bankId}/customers/{customerId}/profile
GET /banks/{bankId}/customers/{customerId}/retrieveip
21
Partial List of Prototype Operations
API Starter Kit -- Profile
GET /public/accountList/{custNumber}
GET /public/customerInformation/{custNumber}
GET /public/emailAddress/{custNumber}
22
API Security
Security Use Cases
• Bank employee accessing internal application
– Call center or teller application
• Bank customer accessing internal application
– Online banking or mobile application
• Bank customer accessing 3rd party application
– Personal finance manager or peer-to-peer payment application
24
API Security Concepts
• API authentication through industry standards such as OAuth 2.0
• Use of Transport Level Security (TLS) to provide security of data in transit
• Key Manager component of API Manager software handles all security and key-related
operations
• Allows for use of an external Authorization Server, which works as an intermediary between the
client and resource owner
• Access Token passed as an HTTP header of a request and used to authenticate API users and
applications
• JSON Web Token (JWT) used to represent claims that are transferred between two parties, such
as the end user and backend systems
25
In House Security Model Example
• Access Token: used by
the API Gateway to
validate that the digital
application is
authorized to access a
service
• JSON Web Token (JWT):
passed to the endpoint
for fine-grained
authorization
26
API Demonstration
Demonstration Use Cases
• Aggregated Customer Inquiry across multiple systems of record
– Secondary CIS system for additional attributes
– Data mart for profitability score
– Dynamic extension of customer data
• Deposits APIs
– Balance Inquiry
– Funds Transfer
– Granular services mapped to existing integration (virtualized)
• Lending APIs
– Consumer lending
– Auto Finance
28
Aggregation Use Case
• APIs allow abstracted access to core
data and functionality
• Allows transparent access to
heterogeneous mix of components
• Shields front-end systems from
incremental transformation of back-
end systems from monolithic to
component-based
29
Virtualized Microservices Use Case
• Virtualized microservices allow agile
development of business-specific
APIs for use by rapid front-end
development
• One specific business function per
service
• Virtualizes existing integration to
provide a lightweight granular
interface for rapid consumption
• Can be aggregated with other cloud-
based containerized microservices
30
Key Takeaways
• Mediated APIs are a go-forward Systematics integration mechanism and allow for Digital
innovation
• Create mediation layer as first step to establish abstraction
• Follow with targeted mediations targeted towards business API needs
• API design requires careful consideration with regards to insulating business needs from back-
end characteristics
– Drive API requirements from the “outside” and map to “inside” interfaces
– Implement API governance at the onset to establish processes and avoid API proliferation
– Implement API management capabilities on the onset
• Establish API lifecycle policies, including deprecation approach
• Iterate through back-end model as transformation occurs incrementally
31
References
The following research was used in this presentation:
1. “Use Mediated APIs to Connect Your Legacy and Packaged Systems With Modern Applications” -- Gartner, 26 August 2016
2. “Mediated APIs: An Essential Application Architecture for Digital Business” – Gartner, 26 August 2016
3. “The Programmable Bank: How Banks Can Deploy and Monetize Open APIs” – Aite Group,
November 2016
32
Thank You Gautam Bhan
Douglas Atkinson