Upload
layer7tech
View
218
Download
0
Embed Size (px)
Citation preview
8/2/2019 Leading Global Publisher - API Orchestration
1/2
This leading global publisher of science and health information provides their
customers and partners with access to scientific publications, medical journals, legal
libraries, newspaper and magazine archives, as well as risk and business information
all presented as independent, subscription-based services.
Core markets include the medical profession, where reference materials, clinical
decision support and professional education are key, but also academia with its huge
appetite for information and need for efficient research. In fact, its growth in scientific
R&D and healthcare that are driving demand for an integrated experience across
whats being researched; whats under development; and whats being practiced. And
with more and more of these third parties wanting to embed the Publishers content
and solutions into their own workflows, there is an opportunity to create new revenue
streams by exposing information services publicly to partners and customers.
API Publication Challenges
But making their application and service APIs available online raised a number of red flags, not only for the
Publishers security officers, but also for their IT group who would bear the brunt of repackaging internal APIs for
third-party consumption. Remapping, recomposing or even reprogramming APIs wholesale in order to create
personalized subsets or filtered views of APIs for each class of customer or partner and then maintaining and
updating them over time can quickly become unmanageable. Additionally, moving APIs between environments
or deploying new versions of APIs can expose hidden dependency issues or break existing integrations, causing
downtime or even SLA violations.
When it came to security, granting direct access to information services that are responsible for a large portion of
their revenues made the Publishers security group nervous. They recognized that with the growing threat of cyberattacks their existing network firewalls were just not good enough. While firewalls can provide protection from
standard, Web-based attacks, they lack the ability to inspect XML-based messages and check for XML-specific
threats. And when APIs get called in combination or sequentially, message integrity and privacy concerns arise.
Conventional network-based VPNs using SSL or IPSec cant provide a message level audit trail or support non-
repudiation across a service transaction.
Enter Layer 7 CloudSpan
While the Publisher examined many different solutions, they settled on Layer 7 CloudSpan CloudControl because it
provided the closest fit to their business requirements in a single product. Previously, customers had to submit
multiple queries to multiple information services and manually aggregate the results. CloudSpans flexible and
extensible policy engine not only allowed the Publisher to create their business logic in policy (rather than code)
simplifying and speeding time to implementation, but also allowed for orchestration and aggregation across
multiple information services, providing customers with rich results from a single query.
Additionally, because CloudSpan features true clustering capabilities, the Publisher was able to implement cluster-
wide rate limiting, allowing them to meter service usage in order to block access to a service if the customers
contractual quota was exceeded. Because the clustered devices maintain and update a shared counter, metering is
always accurate. This capability also allows CloudSpan to provide effective protection against replay attacks.
Leading Global PublisherSecuring, Managing and Orchestrating APIs with CloudSpan
By the Numbers
100,000s of authors
100,000s of reviewers
10,000s of editorial board
members
1,000s of employees
1,000s of journal editors
8/2/2019 Leading Global Publisher - API Orchestration
2/2
Leading Global Publisher Case Study
Copyright 2011 Layer 7 Technologi
trademarks of Layer 7 Technologies I
Finally, CloudSpans ability to translate
back-end information services meant t
Apps/Gadgets) to access information.
The Solution
CloudControl is deployed in the Publis
Publishers services. When a customer
intercepts the incoming query, and call
the user. At this point, CloudControl n
quotas, but is also able to enforce fine-
information services (or individual serv
able to create personalized API views f
Customers can submit sophisticated q
aggregating results. Partners can rema
them to create new service offerings t
integrated into their existing workflow
billing information, validate SLA confor
The Results
Academics are voracious consumers of
them, the Publishers CloudSpan-base
Other customers and partners now hasubscriptions directly within their own
a result, customer satisfaction and ret
For the Publisher, creating and managi
deployment and simplified maintenan
comparable, multi-product solutions.
ies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies de
nc. All other trademarks and copyrights are the property of their respe
between incoming REST-based queries and the Publishe
hat customers and partners could use their preferred cli
ers DMZ, protecting and providing access to virtualized
or partner attempts to gain access to their subscription(
ls out to the Publishers internal access control system in
t only checks to ensure the user has not exceeded their
grained authentication in order to grant the user access
ice operations) they are allowed to access. In this way, t
or each user.
eries that can be orchestrated across multiple services,
p and recompose APIs across the range of information s
at not only better address their requirements, but can a
s. Finally, usage is tracked and metered, allowing the Pu
mance and check usage for capacity planning.
information, limited only by the constraints of their R&
solution was a godsend, providing richer, more comple
e the capabilities they require to better integrate their iorganizations processes, streamlining research and imp
ntion rates are expected to improve.
ng their business logic in policy rather than code resulte
e, all of which has resulted in a lower total cost of owne
sign mark are
ctive owners. 2
rs SOAP-based
nt (Google
instances of the
s), CloudControl
order to authorize
contractual usage
only to those
e Publisher was
automatically
rvices, allowing
lso be more easily
lisher to extract
budgets. For
e results faster.
nformation serviceroving efficiency. As
in faster
rship than