Application Services

Governance
Version History.................................................................................1
Drivers.............................................................................................2
Findings............................................................................................2
Recommendations...........................................................................2
What is Application Services Governance?......................................2
Why is it important?.........................................................................2
What is SDAS (Software-Defined Architecture for Application
Services) design pattern?................................................................2
API Management Platform Capability Template...............................3
Overlap between SOA Governance and API Management...............5
Glossary...........................................................................................9
References.......................................................................................9
Case Studies....................................................................................9
Figure 1 A Service Control Gateway Controls Access to Multiple Inner
APIs..................................................................................................3
Figure 2 API Management Platform Capability Template........................4
Figure 3 SOA Governance & API Management overlap...........................5
Figure 4 ESB Deployment Plaforms........................................................6
Figure 5 Use Case, Interaction diagram of API Management, ESB
Platforms and Cloud Platforms.........................................................7
Figure 6 Gartners Magic Quadrant 2015...............................................8

Version History
Initial Draft

V0.01

Lakshmi Dasari,
IT Services UCLA

Drivers
1. Packaged application vendors and SaaS providers publish
functionality as Web APIs
2. Mobile applications use private and public APIs to access enterprise
systems of record that necessitate governance and oversight

321025187

3. API usage is multiplying by growing population of mobile devices

and computing platforms (web, tablets, smartphones, TVs, things
in the Internet of Things [IoT]
Findings
SOA Governance and API Management are not two separate markets,
but one. Despite this convergence, there are two distinct architectures
for delivering ASG capabilities.
Recommendations
1. Govern Services and Manage APIs with Application Services
Governance
2. Central Application Services Governance tool provides support
infrastructure that furthers API management, reuse, adoption
What is Application Services Governance?
API management capabilities enable the successful delivery,
promotion, operation, measurement and continuous improvement of
APIs. Although focused primarily on REST-based Web APIs, API
management capabilities are applicable to a variety of service APIs,
including messaging APIs, SOAP-based APIs (which may or may not use
HTTP as a transport) and custom APIs. Gartner uses the term
"application services governance" to describe the emerging
discipline of end-to-end governance for all types of network services
Application Services Governance goes beyond API Management. It is
about Planning, design, Implementation, Publication, Operation,
Consumption, Maintenance and Retirement of APIs and Services
Why is it important?
API management platform capabilities enable API providers to
successfully deploy, maintain, promote and sustain an API strategy. If
you intend to be an API provider, you need some or most of the
capabilities discussed in this template. Consequences of not having
them include lack of API developer traction and adoption, production
problems brought about by poorly thought out versioning and
deployment, security breaches thanks to improperly designed access
control or encryption implementations, and a lack of provable ROI for
the whole API program.
What is SDAS (Software-Defined Architecture for Application
Services) design pattern?
SDAS is a design pattern in which access to the functionality and data
provided over an organization's service network is enabled using

321025187

managed virtual APIs (i.e., the "outer APIs" in Figure 1). These outer
APIs serve as the entry point to the multiple back-end systems, content
and data sources that are needed to implement systems of
differentiation and systems of innovation. Accessed via an SDAS
service control gateway, outer APIs are designed to best meet
consumer requirements and are decoupled from the "inner APIs" (i.e.,
the APIs that are implemented inside an organization's back-end
applications), which are optimized for service design, development and
deployment as well as runtime efficiency (see Figure 1).

Figure 1 A Service Control Gateway Controls Access to Multiple Inner APIs

Source : Gartner (September 2014) - Evaluate Gateway Capabilities Required to

Deploy Software-Defined Architecture for Application Services

API Management Platform Capability Template

Supports 4 important Use cases
1. Enable Developers to use APIs
2. Manage API Life Cycle
3. Communicate Securely, Reliably and Flexibly
4. Measure and Improve Business Value

321025187

Figure 2 API Management Platform Capability Template

Source: Gartner (October 2013)

SOA Governance vs API Management

Table 1. Two Worlds (Seemingly) Apart

SOA (Governance) World

API Management World

Mainly is about services

Mainly is about APIs

You must govern services

throughout their life cycle to get
value out of SOA

You expose APIs to the Web and you need to manage them to
prevent chaos in their usage and make the new channel work

Unlimited faith in Java and WS

Unlimited faith in REST

The more services you have, the

better (wrong)

Generally exposes one to two APIs, then drives as much usage as

possible before introducing new ones

Technology typically on-premises

Mainly delivered as cloud services

Services typically used within a

company's firewall

API used typically across the Web by external entities and mobile
programmers

People feel the need for governance

The entity exposing APIs typically needs management; the users of

321025187

Table 1. Two Worlds (Seemingly) Apart

SOA (Governance) World

API Management World

the API, especially mobile programmers, would steer clear of
anything that has a "governance" tag

Wants to open up, embrace, and

eventually swallow API
management

Sees SOA as a dinosaur of the past and wants nothing to do with it

Generally governs with a "stick"

approach (see Note 1)

Generally governs with a "carrot" approach

Source: Gartner (November 2012)

Overlap between SOA Governance and API Management

Figure 3 SOA Governance & API Management overlap

Source: Gartner (November 2012)

ESB/iPaaS Deployment models @ UC

321025187

Figure 4 ESB Deployment Plaforms

Source: UC ITAG Wiki ESB Deployment models

Notable Usages
UCB - Fuse ESB, API Management based on 3Scale & Possibly API
Gateway from CA
UCSD WS02 as ESB platform and WS02 API Manager for API
Management
UCOP Mulesofts CloudHub iPaaS solution
UCSF Mulesoft See Mulesoft ESB evaluation and Q&A on ITAG
webinars

321025187

Figure 5 Use Case, Interaction diagram of API Management, ESB Platforms and
Cloud Platforms

HigherEd Requirements/Use cases for API Management

Solution
1. Support multiple locations (Multi-tenancy)
2. Support for various application integration platforms on-prem
and in the cloud (ESBs, application servers, Paas, iPaaS, IaaS)
3. Support multiple authentication mechanisms
a. Recognized API authentication mechanisms
i. oAuth, OpenID Connect, Json Tokens
4. Todo

321025187

Magic Quadrant for Application Services Governance

Figure 6 Gartners Magic Quadrant 2015

Source: Gartner (April 2015)

Apigee Comprises of Apigee Edge, Apigee Insights, API Exchange.

Apigee-127 open sourced microservice-oriented version. Cloud or onpremise installations.
Axway Comprises of Gateway, Manager, Portal, Analytics, Application
Studio, Sentinel. Relatively little experience with Subscription-based
Cloud computing.
CA Technologies - Acquired Layer 7. Complete offering. Very much onpremise offering, not suitable for cloud gateways.
Mashery Acquired by Intel. Cloud-centric offering.
Mulesoft API platform called Anypoint Platform which is open-source.
Brought RAML to the forefront. Has commercial and open-source
(controlled by Mulesoft) offerings.
3Scale Distributed Architecture, on-premise agents and policy
management in the cloud.

321025187

WS02 WS02 API manager is free/open source for on premise, hosted

instance via WS02 cloud.
Glossary
1
2
3
4
5
6
7

API
SOA
Service Oriented Architecture
API Manager
API
Gateway
API Portal
API
Analytics
iPaaS
Integration Platform as a Service (iPaaS) is a
suite of cloud services enabling development,
execution and governance of integration flows
connecting any combination of on premises and
cloud-based processes, services, applications and
data within individual or across multiple
organizations.

References
1. Gartner Basic API Management Will Grow Into Application Services
Governance (10/2014 Archive)
2. Gartner Govern Your Services and Manage Your APIs With
Application Services Governance (11/2012)
3. Gartner - Magic Quadrant for Application Services Governance
(04/2015)
4. Gartner Run and Evolve a Great Web API With API Management
Capabilities (10/2013)
5. Gartner Evaluate Gateway Capabilities Required to Deploy
Software-Defined Architecture for Application Services (09/2014)
6. SOA Governance UC ITAG Enterprise Service Bus Deployment
Patterns
7. Gartner IT Glossary
Case Studies
https://www.mulesoft.com/case-studies/soa/deakin
https://www.mulesoft.com/case-studies/saas/ucsf

321025187