Layer7 API Management Reviews

The most valuable feature is the basic authentication.

Some areas for improvement would be the security the product provides and the response time when a client is making a call with their payload. 

I've been working with this solution for three years.

There are some issues from the front and backend, but none relating to the API portal.

The scalability depends on configuration, but if that is correct, then the scalability is good.

The tech support is fast and responsive.

The deployment was pretty straightforward.

I would rate this solution as nine out of ten.

API security, API management, OAuth security, microservices, mobile app security.

Secure API exposure and driving Innovation through microservices.

Security, out-of-the-box policies.

Cloud-native architecture of the product.

We haven't encountered any issues with stability. The hardware and virtual appliance-based form factor are solid. It's a stable product.

The product does not scale the way cloud-native architecture does.

Technical support is good.

The initial setup was moderately complex, due to various deployment models and integration with its own components.

It is in the lowest price range for such products but the pricing model needs to be changed.

I have experimented with all of the APIM solutions. Each one is fit for different situations but, overall, CA API Management is the best product for the expected functionality.

I have evaluated Apigee, Mulesoft, SoftwareAG, Akana, Kong, and IBM API Connect.

If you are truly looking for API management features, CA API Management is the best solution. It might be a bit old in terms of cloud-native architecture but they are moving towards that.

From our perspective, the most important aspect is the ability to scale without compromising performance as well as security. That’s the most important aspect, and that’s one of the reasons why we chose the CA product, because it does scale for our needs to grow without compromising performance.

Also, security is very key. We are in a marketplace that companies are being hacked, so we didn’t really want to compromise in any of the security aspects of it.

Good performance and ability to scale not only for now but also in the near future as we organically grow the company.

When we thought about the API platform as a whole, our intention was to provide the solution both for our internal customer as well as for our external customers. What we mean by that is we are a very geo-spread company and there are internal folks who also leverage the same services which are currently consumed by our external customers. So the intention when we thought about this whole solution and the future perspective was to have a single platform that caters the niche for both, without trying to deploy them in a very indifferent way. We have seen in other places and even in the past that you have a solution and deployment that provision for internal users and separately for external users. That was too much cost: maintenance and redundancy. We wanted to bring them together as a whole and that’s the aspect which we like the most using the proxy aspects of it and the ability to configure the different end-points. We point out based on the user base which end-point we hit on without a compromise in any of the scalability, performance and security aspects but at the same time using a single platform per se.

The additional features are to keep up with the security aspects. That’s one aspect, the market is changing. As we started several years back and where we are today, the technology and the security aspects have pretty much changed starting in the good old days with the PKI, SSL, now with the OR, etc.

One thing that I would really look up to is keeping up with all of the evolution and security aspects of it as new features that can be added. The second one is provisioning the users. Right now we do not have a user friendly provisioning utility per se, so we have to do it behind the scenes. Having such a feature would certainly help in the long run, because it could do a lot of internal effort that we have to do in terms of development and maintenance aspects of it if we were using something out of the box.

We are pretty happy with the stability. We had our challenges from the beginning, that’s part of the learning curve that we go through no matter what product we choose. But as we learned a little bit more about the product, and as we started leveraging the key features and the functionality of what it can bring to the table, I think we are pretty happy.

We are able to scale both horizontal and vertically, so we have an internal user base as well as external user base and we are able to provision both for those user needs. We are able to even segment it. One of the features that we like the most is the ability to have a form of servers which provide that scalability and un-scalability at the same time we being able to curve out a part of it exclusively for internal users as well as for external users, but if time demands we can bring that together to scale it. That’s the part which really added a lot more value to the business.

They’re pretty handy and they’re very knowledgeable folks from our experience perspective. In the initial days when we ventured into this product, they said we were in the learning aspects of it so we didn’t know all aspects of every feature and functionality. We did follow up many times. They were patient, they were trying to provide reasonable answers and guide us to the right path and where we could go to look for more information, so it was very helpful.

We were using an in-house built solution which used Tomcat servers and were quite complex. We wanted speed which is the key for success in the current marketplace, so CA did deliver that. We wanted that speed. We were able to really get up and running fairly quickly because it is mostly configuration driven as opposed to doing things from scratch.

Every project starts with something small but in our case we also started small, but eventually it grown into a big elephant in the room, so that’s how we got into. Right now we realize we can be small at the same time as we can be a big elephant in the room. We try to find that medium aspects of it where rubber meets the road and what we really need. It’s not too complex at this point of time. We are scaled down to accommodate what we want to begin with.

The stability of the company and the customer base are the two most important aspect because we want to make sure the company is going to be around for years to come.

Also, who is there customer base at the moment. We want to make sure and learn from their experiences. We don’t want to be a guinea pig to begin with.

Rating: I would say CA is around a nine plus. I would strongly recommend them. The first think I’ll tell anyone is to do your homework because wherever you venture into a new product, there are lots of unknowns and those unknowns are what makes people feel, “Well, this is humongous. It’s too complex.” I would say to first learn the product and what the product has to offer and see how does that benefit your business needs. Then go for it, but with the product suite that we are current using, I would strongly recommend them because it did deliver what we want and we are very happy with it.

We use CA API Management to publish APIs for secure and fast integration with customers and partners.

It helps to improve customer satisfaction. When customers need to integrate with our platform, they are able to self-serve by using the online documentation and tool and then test their integration independently in a sandbox environment. Once the testing is complete they can request the switch to production.

It provides us with a resilient solution and robust policy configuration. It is able to withstand the number of API calls and handle different API requirements to secure, transform, log, and track API usage patterns.

They should incorporate deeper monitoring features into the solution to make the offering more complete. Doing so would help to showcase traffic patterns and usage to better engage customers and partners proactively. It would also help with API management and capacity planning.

It is a very resilient solution.

No issues.

Technical support is very knowledgeable and helpful.

The initial setup was somewhere between straightforward and complex, requiring an intermediate level of effort on our part due to our particular requirements. Otherwise, the solution is relatively straightforward to set up.

Subscription licensing and pricing are competitive with other solutions.

Axway API Management Plus and Apigee.

Familiarise yourself with its policy management to match your requirements for API management and governance.

Security. We have a lot of APIs, a lot of web services inside Motorola, and we wanted to have a solution which can secure all our APIs.

So far it has been doing well. But we are looking towards microservices technology. And we heard here, at this CA World conference, that they are coming up with a microservices API gateway. That is something that we would be interested in looking into. 

But as far as far as the classic API gateway goes, I think it is definitely doing well. We were bought by Lenovo, and eventually Lenovo, which did not have this solution, has also been convinced to use it. So overall, as one company, both Lenovo and Mortola will be using this product.

It can be scaled, especially the current version. It can be scaled as we need. And it can be used in different regions. We have different data centers in the U.S. and Beijing. We use it on-premise, on-cloud, and it can be hosted and used at any place and scaled across the regions. That's the primary benefit we have seen; other than providing security and the performance.

What we had before, Forum, obviously was not reaching our performance requirements. This really helped us, because every API that we get from external or from internal goes through this layer first, and it should not be a bottleneck. That was the problem we had before. Now it's no longer a bottleneck. It's more like a throughput, this process is less than 10 milliseconds for any particular API. 

So the number of transactions that we are able to process per second and the number of instances that we can use are benefits. 

Even before microservices API gateway came into the picture, two years back, CA really worked with us and helped us to get hourly pricing, so that we could spin up, spin down instances as we need, like during Thanksgiving or Christmas. So the product, by itself, is great, and the flexibility that CA has given us out of this product is really great.

From the security point of view it provides lot of features, as well as performance. I think it's 4000 transactions per seconds, per node, is what the performance is. So those two are major features that we have been looking for. It does both in a great way.

Microservices gateway is one thing in which we thought would be really good. It has come up, we just have to see how it's going to play out. Obviously, it's not going to replace the classic gateway, although we want to see that something in the microservices gateway that can actually replace classic gateway. That would be really nice. Right now, I don't think it's completely replaceable. It's just a part of it, but eventually they're saying that it will replace. So one day, where we can have a microservices gateway and we will not need the classic gateway at all, that is what we want to see.

We have never had any issues, to be frank. From the time that we had it installed we have never had any issues, whether in the non-prod or in production. So I would give it top rating from the stability point of view.

As mentioned, that's one of the great features, the scalability. We were able to scale up in incidences as needed, and scale down. So again, completely flexible. Top-rate, from the scalability point of view.

We use technical support only when we do the upgrades. My team, we always try to be at the latest and greatest version. Whenever they release, the next week we are already there, both in test and production. So when there's a new release, obviously there are some important technical features of which we are not aware. To learn about them we use the technical team. 

But other than that, from our point of view, as I mentioned, it has been pretty straightforward and pretty stable. We don't have a need to reach out to them, except when there are new features and we are migrating.

They're good. They have been really helping us. As I mentioned, CA as a whole has been a great partner for us and has been helping as we need. Whenever we need their support, they are there. Whenever we need information, they are there.

We were using Forum before, but we wanted a much more flexible solution that scales and has better performance. That's why we chose CA's API Gateway, to resolve our security, and provide the best performance for all the APIs that we have.

It wasn't really all that complex. What we had before was really pretty complex. When compared to that, what we have with CA is not.

We evaluated Forum, obviously. Layer 7 is one we looked into. Axway. IBM, because we use it a lot for e-commerce, so that is an API gateway we have been looking into.

Among most important criteria when selecting a vendor, the first thing is pricing. After that features, obviously, and then the performance and stability.

We would definitely recommend implementing Layer 7. The only reason you might not implement it is if you are looking at open source, but open source comes with its own issues and cons. But if the cost is not an issue, Layer 7 is the top and I would definitely recommend it to anybody.

It has built-in identity management so that when someone logs into the UI, it can confirm their identity and give them access to what they need to see.

Overall, it's a great tool and they keep building in more and more capabilities.

It provides us a needed level of security in restricting access for the user. It’s able to make multiple API calls while looking like it’s just making one.

I was hoping that there would be some deeper dive Gateway training than their two day workshop and the self-paced study provided. The only course that focused on the Gateway was a Sales Certification course, for which I never did get my certificate, and it was only a short intro to the Gateway and the Portal. There was nothing that I could find that was more in depth than that.

Some of the speakers at CA World spoke about how they used the Gateway, but mostly it was mentioned that partners were using it. So it would be good if there could be more deeper dive Gateway training during the Pre-Conference training sessions.

We've had no issues with deployment.

We've had no issues with stability.

We' have no issues with scalability.

They are great, very helpful, and they make sure that you know that they are there to support you. They're responses and have always provided us with solutions.

The initial setup was very straightforward.

I believe that they evaluated several different products and this was the best to fit our needs.

Definitely do your research and, if possible, take the two day workshop to show you how to use the tool.

Also, get recommendations from people and get their feedback.

Web services authentication. 

So far so good, in terms of performance.

Quick response to the setup authentication for web services. That's important to us because we generally don't have a lot of time.

It's separating web services versus web applications, single sign-on. I would say that is the main benefit.

• More throughput
• More scalability
• Better built-in monitoring

So far stability is pretty good. We haven't experienced lag time or crashes.

Scalability is very good.

I think we have used tech support but the response has been so-so. They need more knowledgeable people.

We didn't have a previous solution.

When selecting a vendor the most important factors for us are 

• cost
• validity of the product
• stable product

It's a very good product to use to initially set up single sign-on for web services authentication.

Our primary use case is to enable our customers who are on the Internet. We want them to access our protective web series behind a corporate firewall. To do that, we like to use the OAuth ToolKit within the CA API. It can minimize the password exposure by generating a token using the ToolKit, then use the token to make the web services calls to our protected back-end services.

• The ToolKit with OAuth Manager
• The Policy Manager
• The Gateway Migration Utility (GMU) is a pretty good tool to use.

We are still evaluating it, so I cannot comment much on this. 

I would like to see more documentation. The current documentation is there, but we do not find it very useful. For example, we wanted to integrate with PingFederate TV provider and there was not enough information to customize the way we wanted. It took a lot of effort and we had to reach out to the Gateway folks to help us out on how to do that customization. Thus, it is not easy to integrate with other solutions.

It is pretty stable. We have not seen any issues, anywhere, where we need to restart.

We are still doing a PSA, so we will have to see how it scales once we ramp up volume and we roll out to the production with real life traffic.

We engaged an architect from CA. They were pretty good.