Try our new research platform with insights from 80,000+ expert users
it_user353421 - PeerSpot reviewer
IT Analyst at a retailer with 1,001-5,000 employees
Vendor
It will fill a lot of the gaps where we are developing in new spaces, especially in mobile spaces, and I predict it's going to be adopted globally in the near future.

What is most valuable?

Considering the various features of the API Management suite, the most obvious useful feature that we value the most is that it gives us more security, control and visibility over how our APIs are being used throughout our company and how our users are using it. It gives us more data and information so that we can target where to concentrate our resources a lot better.

The other thing is also it's in the right place at the right time. APIs are a huge thing right now especially with the mobile economy growing as rapidly as it is. The API gateway could not have come at a better time for us.

The UI on it is actually better than SiteMinder. It has a much more IDE type of feel to it.

How has it helped my organization?

The API Management suite for us is still fairly new as it's not as expanded as SiteMinder is. However, the potential for it to expand is still there. As an organization we can see that this is another one of those products that will be ubiquitous in the near future, just as SiteMinder is.

Organizationally speaking, it will fill a lot of the gaps where we are developing in new spaces, especially in mobile spaces, and it's going to be adopted globally in the near future in my prediction.

What needs improvement?

I don't have enough experience to say what I would like to see improved because I'm still building it into my repertoire right now.

I wouldn't say, however, that the setup is simple. It's mildly complex, but given the documentation and the linearity of it, it was fairly straightforward.

What was my experience with deployment of the solution?

It deployed just fine.

Buyer's Guide
Layer7 API Management
December 2024
Learn what your peers think about Layer7 API Management. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.

What do I think about the stability of the solution?

It's stable, lightweight, works as expected and we don't see any problems with it.

What do I think about the scalability of the solution?

We can see that it will scale very easily as well. It handles traffic efficiently, no hiccups there, and we're happy with it.

How are customer service and support?

No experience of technical support on API Management so far. However, if I may also add that the support team on it in terms of sales and product management from CA is excellent.

How was the initial setup?

API Management setup was very straightforward. I was involved with that, and the documentation was helpful.

What other advice do I have?

The problem with API Management is it's solving a problem that not many people understand. If you look at the options in the market, there's not much. I would a to a it only advise to get it because it's actually very friendly in what it's trying to do in terms of UI. The learning curve is very short and it's something that you can rely on to work properly.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user898710 - PeerSpot reviewer
Software Engineer at a tech vendor with 501-1,000 employees
Real User
APIs can be developed to provide security and we can show everything in a single pane of glass
Pros and Cons
  • "As an organization grow, you can use CA API Management for authentication purposes through the CA API Gateway. It allows for multiple identity providers with different Active Directories."
  • "They need a workflow for the API Developer Portal, where the process only allows requests to go to the correct person."

What is our primary use case?

Previously, we don't have a security for our web or mobile applications. In a scenario where I have an application that gives APIs to everyone in the world, they can directly access that particular application. However, this allows for different types of attacks on that particular application too. This becomes a problem if a number of users access it, whether they are valid or invalid users, they will see performance issues. If a number of attacks are happening on a particular application, it goes down. So, from a security perspective, CA API Management acts like a reserve proxy.

It makes the end user feel like it is a real system. It does not show the back-end and what the API tool does. CA API management will not let people know that there is an original server running behind the tool. That is the security point of it. 

For use cases, there are databases that some people have to query on. With the help of CA API Management tool, we can give APIs to the end user, and with the help of those APIs, they can access the data instead of the database.

How has it helped my organization?

APIs can be developed to provide security. We can show them in one single pane of glass, such as the CA API Management API Developer Portal. It is there that we can provide the monetization for their APIs and what is happening on third-party applications, like Paytm or BookMyShow. 

Customers go to the portal and register there. It is there that they chose their APIs from a list. Based on the registration of the APIs, the customer will be charged.

Our customers will purchase these APIs and give to their application users. The functionality provided by the CA API Management tool is about the work framework, and the API Gateway also provides work functionalities. In the API Gateway, there are features called Solution Kits. These provides work protocol functionalities and the framework. 

In order to develop an API, we'll face so many problems: 

  • What method we should use?
  • What is the data it should return?
  • If I give this API data to the browser, how will it be processed? 

There are so many problems from the perspective of designing an API. However, the CA API Management tool, along with the CA API Gateway, eliminate all our issues.

As an organization grow, you can use CA API Management for authentication purposes through the CA API Gateway. It allows for multiple identity providers with different Active Directories.

What is most valuable?

It takes an existing service, like JSON or SOAP, and converts it for use on the application (e.g., REST services).

From a security point of view, there are different types of attacks: cross-origin resource sharing, SQL injection, shell scripting, and code injection. These type of attacks can be eliminated with the help of this tool because they are built-in with rules. If I drag and drop one rule called cross-origin resource sharing to the website I want to allow it on, only that website can contact CA API Management regarding this assertion. 

For an OAuth perspective, the application needs to be registered at my API Gateway. Once the application is registered, every time a user requests access to my API Gateway, I have to capture whether it is a valid application or not. Once it is getting validated, only then will it show them the access page for the login page to the application.

What needs improvement?

Based on the method an API, we need to be able to access that particular API.

They need a workflow for the API Developer Portal, where the process only allows requests to go to the correct person.

The CA Mobile API Gateway (MAG) for mobiles has too much latency.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

If an entire cluster fails, we have disaster recovery with this solution. It provides an exact replica.

Because it contains Java, the heap memory needs to be cleaned constantly or problems will occur.

For day-to-day maintenance, two people are enough staff, e.g., checking the logs.

What do I think about the scalability of the solution?

CA API Management is okay when it comes to supporting a large number of APIs or large number of transactions. It has high availability. With the help of a load balancer, we distribute the load among all the API Gateways. In this way, we provide high-availability for all the API Gateways.

We have scaled the product out to different countries, like China and Australia.

Which solution did I use previously and why did I switch?

Previously, there was only SOAP services. When you are making an API call with SOAP services, It has a lot of impact on the application by taking too much of the bandwidth. 

Now, all the users are filling our their forms in the back-end with form data into JSON, and sending the information to the REST services.

People want the REST services. There are already existing applications which are running on the SOAP services. Rather than losing their businesses, with the help of CA API management,  they can have both their REST and SOAP services in the back-end.

How was the initial setup?

The initial setup is straightforward, like creating and deploying an API. Everything happens in one single loop.

If you install the CA API gateway, it takes about 15 minutes, as it is available in OVA format. If you go with the OVA format, you don't need to do much configuration. Then, it comes up in an internal MySQL database.

The API Developer Portal takes easily an hour to set up.

What about the implementation team?

When we introduce the solution to a new organization, it's not a complicated process. If we describe to them how an API can reduce work in their regular life, then they can easily understand that. When we give this to the customers, they become happy.

We use two people for deployments.

What's my experience with pricing, setup cost, and licensing?

CA API Management has a licensing path. If you want more features, it requires more licenses and more installation time.

Which other solutions did I evaluate?

Compared to other tools, like Apigee, this is the best tool that I have used.

What other advice do I have?

This product is available on-premise, in the cloud, and Docker.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Buyer's Guide
Layer7 API Management
December 2024
Learn what your peers think about Layer7 API Management. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
General Manager at Global SEIS
Real User
Beneficial integration, easy to use portal, and simple building APIs
Pros and Cons
  • "The most valuable features of Layer7 API Management are integration, ease of use, building APIs easily, and portal straightforward."
  • "The overall cost of Layer7 API Management is high, they can improve it by making it less expensive."

What is most valuable?

The most valuable features of Layer7 API Management are integration, ease of use, building APIs easily, and portal straightforward.

What needs improvement?

The overall cost of Layer7 API Management is high, they can improve it by making it less expensive. It is a stable platform, but Layer7 API vision and future are not clear

For how long have I used the solution?

We have been using and implementing Layer7 API Management for approximately 10 years.

What do I think about the stability of the solution?

Layer7 API Management is a highly stable solution.

How are customer service and support?

The support from Layer7 API Management could improve. We do not have a strong Latin American support. The support over the last two years has been poor. The vendor of Layer7 API Management, Broadcom, used to have approximately 500 employees here in Latin America but now they only have approximately 20.

You as customer has to find someone with a lot of experience in API Management so the users can take advantage of all the value the solution has.

What's my experience with pricing, setup cost, and licensing?

The price of Layer7 API Management is too high and should be reduced. However, it is a good solution in the market.

What other advice do I have?

I rate Layer7 API Management an eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Practice Lead at a tech services company with 11-50 employees
Real User
The solution kits are customizable. We can implement micro-services architecture.

What is most valuable?

Although a lot of features come handy, the most usable feature is that solution kits are customizable. We were able to cater to a large variety of implementation and customizations with ease.

How has it helped my organization?

We have developed frameworks around this product set. It provides the ability to customize and has tremendous depth.

The frameworks are configuration driven, which gives the ability to implement micro-services architecture with ease and provides DevOps agility in terms of continuous deployment, etc.

What needs improvement?

The feature set is quite diverse and community driven, which is a good avenue to promote future features into this product.

The policy manager UI shows signs of aging, but it is not a must.

Policy manager is probably built using Java SWING, it has all the features, but loses some points on the look and feel, compared to some new generation IDEs.

It would be nice to see the PM revamped and some additional features added, such as step debugging for encapsulated assertions etc.

For how long have I used the solution?

I have been using CA API Management for five years.

What do I think about the stability of the solution?

We have not had any issues with stability.

What do I think about the scalability of the solution?

We have not had any issues with scalability.

How are customer service and technical support?

I would give technical support a rating of 10/10.

Which solution did I use previously and why did I switch?

We did have a previous solution, but the lack of a feature set, only cloud-based implementations, and lack of customizations drove us towards CA.

How was the initial setup?

The setup was very simple and straightforward.

What's my experience with pricing, setup cost, and licensing?

It is definitely competitively priced. Working with your local AM can help you achieve a pricing level that’s suitable to your needs.

It comes with many options, so do discuss your future roadmap with a CA Solution Strategist to advise you on the proper model.

Which other solutions did I evaluate?

We looked at Apigee, Mashery, IBM, MuleSoft, WSO2, and others.

What other advice do I have?

  • The product is feature rich and can solve a myriad of use cases.
  • We have noticed that building frameworks on the product set, with the help of a senior architect who drives the adoption early on, is a key. They can help create reference architecture for your organization that pays dividends in the end.
  • Aim for CA certified resources or partners for a good quality solution.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
it_user352995 - PeerSpot reviewer
Expert Architect at a tech services company with 1,001-5,000 employees
Consultant
Using it creates a single set of APIs, even though the back-end REST, UI, and GUI technologies are different. Its UI is very outdated and we'd like something easier and more intuitive.

Valuable Features:

Security is the most valuable feature for us. We have a lot of threat protections turned on and I think the gateway has inherent security protections for DDoS and a whole list of other security risks. We also have the ability to customize the security of each product that we're doing, which has been really helpful. 

It also provides some load-balancing features. We can choose which traffic goes to which back-end server and the gateway will help us manage all that.

Improvements to My Organization:

I think it's protecting and exposing our internal APIs externally. We have a lot of different types of back-end technologies that use the APIs -- REST, UIs, and GUIs. So using the API product creates a single set of APIs, even though in the back-end they're much different.

Room for Improvement:

The UI is very dated. I've talked to some of the development and product managers about that, and I think it's a known issue. It's early 2000's technology. We would like to see something online and a better UI that's easier to use and more intuitive.

Reporting could use some enhancements as well. We just moved to the 8.4 version from 7.1, and they've got a new reporting tool called ESM. We're just now starting to use that, so maybe that's going to provide what we need; it's to be determined.

Deployment Issues:

The deployment's taken a little longer than we expected.

Scalability Issues:

We're exposing probably fifty different products externally. We've got thousands of requests, probably, per hour that come through. It's a lot of batched products -- people will run a job and it's sending a lot of things. We have a lot of traffic. The gateway itself has been stable. Downtime has usually been something like the network equipment around the gateway itself, but the gateway itself has been fairly stable.

Initial Setup:

We have development test-production environments, so to get it on our infrastructure under our own management tools, there's a lot of bureaucracy. So it's not just a push-button type deal; it requires a lot of coordination, tickets, firewall changes, provisioning hardware, things like that. All that to say that the initial setup was not straightforward but rather complex.

Other Solutions Considered:

There were several other options evaluated, but I wasn't a part of that.

Other Advice:

I saw some things this week at CA World which I think will make the product better, more intuitive to use with a better interface and easier deployment. There are things I saw on the road map that they'll address in the near future.

I would advice that someone go through the self-training before just jumping in. I learned from co-workers as well.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior System Analyst at National Institute of Education
User
It has improved API governance and gives analytics to API performance
Pros and Cons
  • "It has improved API governance and gives analytics to API performance."
  • "It needs better mobile features and HA configuration."

What is our primary use case?

We use it primary for API management in my data center, for mobile applications and application-to-application integration.

How has it helped my organization?

It has improved API governance, gives analytics to API performance, and provided abstraction to the solution providers.

What is most valuable?

  • Policy assertion
  • Policy manager
  • SSO
  • Authentication
  • HA features
  • Analytics
  • Very extension logs

What needs improvement?

  • Better GUI for the policy manager.
  • Needs better professional services in my country. 
  • Better mobile features.
  • Better HA configuration.

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user778503 - PeerSpot reviewer
Software Engineer at a tech services company with 10,001+ employees
Consultant
It scales really well and does a lot of load balancing
Pros and Cons
  • "You can create little, custom Java assertions that you can insert to do your business logic, which might not be covered by the commercial product out-of-the-box."
  • "More developer focused tools. They have a nice debugger inside of the program, but when you are developing code with their policies, it is tough to visualize that sometimes as a developer."

What is our primary use case?

Our primary use case is to host a handful of different API services for the consumers of our customer. We build and maintain several of those APIs right on the Gateway using their policies. We use it to kind of proxy request through to Java services and other things that we have created.

What is most valuable?

The extensibility of it. It can do a lot of things. You can create little, custom Java assertions that you can insert to do your business logic, which might not be covered by the commercial product out-of-the-box. 

How has it helped my organization?

I like the extensibility of it. It can do a lot of things. You can create little, custom Java assertions which you can insert into your business logic. This might not be covered by the commercial product out-of-the-box. 

What needs improvement?

More developer focused tools. They have a nice debugger inside of the program, but when you are developing code with their policies, it is tough to visualize that sometimes as a developer. So, tools that are a little more focused on rapidly creating those policies would be beneficial.  

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

We actually started with this product a few years back. It is definitely improved significantly since then. I think the amount of releases and bug fixes that they have pushed out have really helped.

What do I think about the scalability of the solution?

The scalability has been great for us. We have consumers that range from 10 to 20 users upwards to 1000s of users. Thus, it scales really well. It does a lot of load balancing and other nice, little technical tricks that help smooth out requests which come in.

How are customer service and technical support?

They have come in sometimes to do onsite training when we requested it. For the most part, when we have technical problems, they are very responsive. They get it down to the developers quickly, who understand the problems and they work with us to get those fixes in their next release if it is something that is a bug or help us work around it. 

Which solution did I use previously and why did I switch?

When we first started on the Gateway, it was a different company, then CA bought it. The difference from that other company, which might have been a smaller company, from there to CA has just been the responsiveness and that extra level of training and other support that we are getting from CA. 

How was the initial setup?

I have been involved in deploying this product in several of our different environments from the ground up as well as in the upgrade process. From the CA part of it, everything has gone smooth. The problems are always on our side with our environments. I think the Gateway itself is a very simple product to get up and running and their upgrade process is good as well. There are a few little tricky things here and there like with everything, but for the most part, they continue to work to adjust it. 

What other advice do I have?

It is better than similar Gateway products that I have used in the past. Again, that flexibility really lends itself to us, and our program, a lot. However, there are certainly some areas for continued improvement and it seems like they are going in the right direction, so hopefully that continues. 

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
PeerSpot user
Arquitecto de Soluciones at Puntos Colombia S.A.S.
Real User
Keeps clear traceability of the changes made in each of our APIs
Pros and Cons
  • "It allows us to keep clear traceability of the changes made in each of our APIs."
  • "The speed and versatility in the implementation of APIs without writing a line of code in any programming language."
  • "The solution has numerous configuration options to increase security in communication."
  • "The administration interface (Policy Manager) is very easy to understand and use."
  • "As a SaaS product, control over some configuration elements and environments is lost."
  • "Increase tools for manipulation of JSON messages."

What is our primary use case?

Administration and configuration of the platform API management version 9.2. SaaS, security configuration, design, and implementation of APIs, which are exposed to partners of the company for the execution of business flows. All this is done quickly and easily with minimal effort.

How has it helped my organization?

  • The API Gateway has allowed us to manage and maintain systems quickly, with great versatility, while solving problems in real-time.
  • It allows us to keep clear traceability of the changes made in each of our APIs.
  • A large number of security measures have been implemented which make data manipulation more reliable.
  • As a SaaS product, control over some configuration elements and environments is lost.

What is most valuable?

  • The speed and versatility in the implementation of APIs without writing a line of code in any programming language.
  • The solution has numerous configuration options to increase security in communication.
  • The administration interface (Policy Manager) is very easy to understand and use.

What needs improvement?

  • This is a punctual need for the characteristics of the business or at the request of some partners: It is the use and configuration of VPNs, which in the current version is not enabled.
  • Expose system properties and other configurations via the GUI (Policy Manager).
  • Increase tools for manipulation of JSON messages.

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Layer7 API Management Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Product Categories
API Management
Buyer's Guide
Download our free Layer7 API Management Report and get advice and tips from experienced pros sharing their opinions.