What is our primary use case?
The solution secures your API/Service/Application in a matter of minutes. It also provides the capability for translating services from one format to another (SOAP to REST, REST to SOAP, GraphQL - API, and vice versa). Broadcom API Gateway would provide you 1000+ out-of-the-box assertions and certain custom assertions to meet your development and integration requirements. Rather than building an application in hours through coding the Drag and Drop capability, allows you to create APIs in minutes. The runtime setup allows coding and testing at a faster pace without the need to deploy and redeploy applications for every version build published. Failure if any the code could be rolled back in a matter of seconds and activated. So it provides a good framework that is tried and tested over the years and provided a Robust OOB Security and Implementation interfaces.
How has it helped my organization?
I have mainly implemented using Layer 7 API Management. Some of the major challenges we were able to meet with a quick release to market methodology.
Some of the tasks which we achieved for our customers were:
1. Translation service from SOAP to REST and vice versa.
2. API service to DB (Oracle, MySQL, MSSQL, Snowflake, SAP HANA) -- Created Swagger APIs that were able to perform CRUD operation to the backend API mentioned above and provided routes to query and get data.
3. Integration with Payment gateway service providers to perform (transaction on behalf of the customer with third-party payment gateway service providers white labeled with our APIs ) -- Followed TMF standards for payment gateway integration with the Telcom world.
4. Orchestration of the API. Build multiple microservers and provided orchestration based on route, path, and data in the request and perform actions that would be communicated with multiple APIs and provide a single consolidated response.
5. Provided API-driven security (Oauth 2.0, JWT, SAML, Basic, and a variety of means) to access the API giving the developer the freedom to concentrate only on application/service/microservice and let the gateway handle the threat.
6. Seamless Mutual Authentication allowed good segregation between APIs in the DMZ and internal network.
What is most valuable?
This product has great drag-and-drop features and it requires minimal coding.
What needs improvement?
The thick client interface is one thing that needs to move on. The as well should provide a better Web Based UI for policy management.
I would also like to see more streamlining between Gateway and integration with the Portal for Collaboration.
For how long have I used the solution?
I've been using this solution for eight years.
What do I think about the stability of the solution?
I have worked with these tools for eight years there has never been an issue that has brought the system down and unrecoverable. Patch release is every quarter which include OS, applicate patches for form factor appliances and test builds for containers [Containers have now been in the build form the last three years releases i.e from version 9.x to the latest].
What do I think about the scalability of the solution?
Adding a cluster is as simple as adding a form factor of the gateway to the existing node.
Form factors could be Appliance, Docker container, or Kube Pod.
The former would take five to ten min to be part of the cluster while the latter would take one to two min to be part of the cluster.
Because of the drive to move containerization, it makes it easy to upscale or downscale the gateway based on your requirements.
The catch with containers is one license of the appliance and is equivalent to three containers which means with one license I could have 3three gateways of form factor containers giving our clients more value for their purchases and moving from a container to an appliance and vice versa could be done with either (DB backup - configuration backup or via migration utility tools - GMU, Graphman, Restman) allowing the capability to script your entire process including DR.
How are customer service and support?
We provide tech support in South Africa. But globally, there is the tech support that follows the sun. We usually use tech support when we have to deal with upgrades and we get Hot Standby Privileges.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
How was the initial setup?
Options available:
1. Scripted
2. via Migration Utility
3. Headless deployment
All of the above are easy to configure and deploy.
What's my experience with pricing, setup cost, and licensing?
It is an enterprise solution so it is expensive with licensing costs but the goodies in the new SKUs compensate for the high cost.
Goodies include:
1. APM Precision Monitoring
2. API Developer Portal
3. Integration with Mobile (MAG, MQTT, Mobile SDK, and Mobile Application Service)
4. Support (International and local support)
5. Capability to Burst on High load requirement
6. Options in form factors (Appliance, Docker, OpenShift Kubernetes)
What other advice do I have?
Broadcom API Gateway has always been a stable product for Security, Development, and Integration services.
With the help of assertion, you can build a service that could communicate with backends - DB, GraphQL Server, Rest Server, Soap Server, and a variety of backend applications.
It provides a tool for the consolidation and orchestration of your API and APPLICATION.
It provides means to access the API with key and secret providing an interface for Developer and API Owner to Collaborate and Share knowledge in the wide community.
With top-down rule-driven policies, it becomes easy to write business logic to meet your Application data extraction and deployment needs.
There are many places where API Gateway will be a good/excellent fit for your requirement and some places where it may not be a right fit.
A dispersed environment needs consolidation. This gateway is your solution but APIs that will have a high query (database activity, extensive translation, and more logic) are possible to achieve but may require planning (e.g. splitting the task between gateways for high processing vs high-security requirements). These activities should also be clustered to get the best performance of the application so this consideration would need to be made when building Complex API with API Gateway.
The idea here or approach would be to think big but also ensure it can be sustained with your resources.
API Gateway with minimum configuration OOB could provide an awesome TPS for your API and transaction needs, which is one of the reasons why banks, Retailers and other customers prefer this tool over the others.
Which deployment model are you using for this solution?
Hybrid Cloud
*Disclosure: My company has a business relationship with this vendor other than being a customer: Partner