Try our new research platform with insights from 80,000+ expert users
Sr. Systems Engineer at a hospitality company with 1,001-5,000 employees
Real User
We were able to market our mobile app products with their security features.
Pros and Cons
  • "Ease of use."
  • "There is a need for the migration of policies, better reporting, and monitoring integration."

What is most valuable?

  • Time to market
  • Ease of use
  • Strong support

How has it helped my organization?

We were able to market our mobile app products with their strong security features.

What needs improvement?

There is a need for the migration of policies, better reporting, and monitoring integration.

For how long have I used the solution?

I have used this solution for two years.

Buyer's Guide
Layer7 API Management
January 2025
Learn what your peers think about Layer7 API Management. Get advice and tips from experienced pros sharing their opinions. Updated: January 2025.
831,265 professionals have used our research since 2012.

What do I think about the stability of the solution?

There were no stability issues so far.

What do I think about the scalability of the solution?

I did encounter scalability issues. I wish they could extend the MySQL replication to multiple nodes.

How are customer service and support?

The technical support provided is the best.

Which solution did I use previously and why did I switch?

Initially we were using MuleSoft Enterprise Service Bus (ESB) before we switched to CA API Management.

How was the initial setup?

The setup was straightforward.

What's my experience with pricing, setup cost, and licensing?

CA has great pricing for gateways, so negotiate with your sales team.

What other advice do I have?

Make sure you involve networking, security, and other infrastructure teams for the implementation.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
it_user558057 - PeerSpot reviewer
Lead Software Engineer at a wellness & fitness company with 501-1,000 employees
Real User
We use it to transmit data from one format to another format, including content-based data routing.

What is most valuable?

We use the API Management tool mostly for the portal application and managing the APIs.

CA has a portal where we can expose the public and private APIs across the globe. We use it as a gateway for security and exposing the internal applications through that layer.

For us, it acts like a proxy as it passes through the API layer. We use it to transmit data from one format to another format, especially to route the data based on the content. This is a seamless process. There are little challenges in regards to the AWS integration but we were able to get through that and CA helped us move towards AWS.

The problem was that it was slow. This product was initially built as an in-house product, but later on they converted it to a pilot product. It was not ready at that time but now it is. We are fine-tuning it to make it available on AWS; so, it's good.

How has it helped my organization?

We're moving towards microservices. We do have around 358 to 400 APIs, i.e., monolithic APIs, and we want to convert them into lightweight microservices. We want to deploy them in a container, use the gateway and then expose those microservices to the external world. That’s our main goal and we are using CA API Gateway for this purpose.

What needs improvement?

I want a more loosely coupled migration utility.

Now they provide a DMU for migration of the code or APIs for continuous delivery. But it's not robust, so I want to see what CA is going to come up with regards to that.

In terms of using the tool itself, it is not user-friendly. You can use the product with ease, but once it starts developing the code, there are a lot of APIs and functions that are not readily available for you. You need to refer to a document to learn about that. They should provide some APIs which will drop down the list of all the functions and that are available and ready to use. The world is changing now; we don't want to be stuck in the 80s or 70s, where we need to search for everything and then try to write a code for it one-by-one. It needs be a good tool; easy for the customers to use it.

The main missing aspect from this tool is that although continuous delivery is available, it is not that straightforward and we have to work on that.

What do I think about the stability of the solution?

The stability is good except when we went live with AWS; that's when we had initial hiccups but slowly it improved. We are good at this point.

What do I think about the scalability of the solution?

The good thing about McCloud being on AWS is scalability which you get by default. Hence, you don't have to worry about how you want to manage your infrastructure. By default, it will look at your load and there are some alarms set on that and then it will act. When you see the peak, it automatically scales to a new instance and when the load is too low, it will kill that new instance that it has created. AWS will help us with that.

How are customer service and technical support?

We have used technical support. We had a few bugs in the code, i.e., bugs in the product code for which we had to talk to CA central customer service; they were good and responsive.

Which solution did I use previously and why did I switch?

Previously, we were using OAG - Oracle Application Gateway. The CDCI was not that good with that. The continuous delivery and continuous integration are not readily available and there are a lot of bugs in the code, in the product. In comparison to that, the CA tool is less buggy.

There were a few reasons for choosing this vendor. The first being the continuous delivery and continuous integration, which was one of the major things we were looking for. Next, we wanted to look at the portal and the API itself; how do you manage the APIs, giving access, access control and all those aspects. The third thing we were looking at was security. So, these are 3 different things that we were considering whilst selecting a vendor.

How was the initial setup?

I was part of the initial setup but CA was there with us to help through the implementation process. It's not complex.

Which other solutions did I evaluate?

We did do some research and tried to explore some of the API products available in the market. We did speak to all the different product owners, assessed it and then finally we came up with this solution.

Some of the vendors we looked at were Apigee and Amazon API Gateway.

What other advice do I have?

Overall, this is a good product. Those who are interested in a similar product should try to do a PoC first and then see what you want from it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Layer7 API Management
January 2025
Learn what your peers think about Layer7 API Management. Get advice and tips from experienced pros sharing their opinions. Updated: January 2025.
831,265 professionals have used our research since 2012.
Technical Director at SoftPro
Reseller
The product implementation was complex, but the tool has a good user interface and is easy to use
Pros and Cons
  • "The solution helped us to quickly publish and monetize APIs. I have used versioning responses to publish or send APIs to different customers with different versions."
  • "The implementation of CA API Management was complex. It is a complicated solution. You have to know so much IT knowledge to do the implementation."

What is our primary use case?

I have used this tool for my customers, as I am a service provider, not an end user. I have dealt with implementations and configurations for CA API Management.

We implemented the API versioning for software services and REST services.

How has it helped my organization?

Mostly, it can identify client IT and user accounts to give them a lot of business logic. It can also provide API versioning. It can provide different versions to different customers, but the original API are the same.

What is most valuable?

Controlling microservices for my customers.

It provides a good user interface and is easy to use.

What needs improvement?

It is not user-friendly because you have to know so many programming languages.

What do I think about the stability of the solution?

It is a stable product. I have had no issue with it.

What do I think about the scalability of the solution?

The scalability is good.

When it comes to supporting a large number of APIs or transactions, the performance is not bad, because it is in staging. We have not moved it to production.

Our client's environment has four CA API Gateways.

How is customer service and technical support?

The technical support responds very quickly by email. The last time that I communicated with the technical support, I asked them, "If MariaDB, instead of SQL, is compatible with CA API Gateway?"

However, now CA's entire product service is poor in Taiwan, as there is no local support.

How was the initial setup?

The implementation of CA API Management was complex. It took us (my colleague and me) six months to implement with two people. My colleague was responsible for implementing the API Gateway. 

My colleague is a system engineer. Because I am a programmer, I am in charge of the design and customizability. It is a complicated solution. You have to know so much IT knowledge to do the implementation.

What was our ROI?

The solution helped us to quickly publish and monetize APIs. I have used versioning responses to publish or send APIs to different customers with different versions.

What's my experience with pricing, setup cost, and licensing?

It has a reasonable pricing model by instance.

What other advice do I have?

I would not recommend the product based on how it has performed to implement it. I did not like working with the product.

We have not used it to modernize legacy systems via microservices, APIs, or developing a new platform for mobile. We also did not use it for connecting data to apps via APIs.

I am not familiar with the security aspects of the solution.

We stopped offering the product as a service a month ago since the product no longer belongs to CA. In Taiwan, I believe no one will buy CA products anymore because it is no longer trustworthy as a company, since the products are no longer supported.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner reseller.
PeerSpot user
it_user479772 - PeerSpot reviewer
VP Product Development at a financial services firm with 10,001+ employees
Video Review
Real User
I like the scalability, uptime and the way that it's versatile.

Valuable Features

In terms of priority: the scalability, uptime and the way that it's versatile. You can load up multiple different kinds of services at the same time. We have multiple different services going live on a particular platform, concurrently. It happens a lot. It's important for a system to handle that. Then CA's API solution also works with multiple solutions which are provided by CA, like LISA tools and all that. Altogether, it's a very cohesive unit.

Room for Improvement

Some of the things that we see as room of improvement are how do you integrate with other systems out there. Integration with the existing systems and infrastructure, which is not necessarily related. How do you integrate those systems in? Examples could be: how does CA integrate with IBM or existing systems? Lot's of large organizations have existing systems they don't want to replace with other systems. How does CA's systems work with those systems concurrently? Those would be important considerations.

Stability Issues

So far the stability has been really good, we haven't had any problem. I believe we have been using it for sometime. As per the industry standards, it's been quite stable. Personally, I have been involved for almost 2 years but I understand that our organization has been using it for quite some time. We are in a business which sees lots of volume, trillions of volumes of calls. The system that we work with has to handle those trillion number of volumes of calls. All of that also happens in the real time, so the system has to scale up to spikes. Sometimes during holiday season and all that, we see quite a lot of spikes going in. The system has to manage all those spikes and CA has been able to do that.

Customer Service and Technical Support

The technical support has been good. They have dedicated technical support for us, we have dedicated account managers from CA, as well as specialists. It's great to have those kind of partnerships with CA.

Other Advice

I'll definitely give it 8.5. Whether they can put up the solutions that we want, that's number 1. How long they would take, is it going to provide value addition at this point of time or in the future would we have to invest in technology dollars in order to improve that? What is the pricing? What's the scalability? What's the uptime? All those features. It's been very good.

I think CA's API Management technology is in the top 3 in the industry. It depends upon what kind of things you're looking for or what kind of features you're looking for.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
it_user479754 - PeerSpot reviewer
Founding Partner - Principal at Vanick Digital
Video Review
Consultant
The most valuable features of the solution is the gateway and the power of the gateway.

Valuable Features:

The most valuable features of the solution is the gateway and the power of the gateway. The CA solution, as far as how it rates with other products in the marketplace, gives you one of the most robust sets of gateway functionality and security capabilities out of the box in a configurable fashion. Instead of having to actually write code to achieve those things, the CA Layer 7 product gives you the ability to actually configure a very broad range of capabilities and policies directly out of the box.

Improvements to My Organization:

If it's implemented correctly and you take advantage of some of the capabilities, like the ability to use APIM on the side and integrate that in with policies, it removes a lot of the weight of building all of those rules into the underlying services. It allows you to escalate that up and put that into policy management that can be managed in real time, which creates a faster move to market with capabilities.

Room for Improvement:

Based on a lot of the other tools in the marketplace, the user interface itself is more linear and programmatic based. For a developer it seems to be a very natural interface, but for someone that you'd like to get in there, just doing more configuration, I think there's an opportunity there.

Scalability Issues:

It's enterprise class software. It gives you the ability to scale and load balance, and based on how the technology is being managed today using a database as an underlying component that allows you to synchronize multiple gateways to the database. And then the ability to cluster the data technology. It can scale as much as you need to scale.

Initial Setup:

The initial setup and the configuration is relatively straightforward. I think the more challenging aspect of it is, like any solution that's an enterprise scale solution, is just getting the base infrastructure agreed upon, configured and implemented. Once that's accomplished it's very easy to configure and set up.

Other Solutions Considered:

Looking at broad capabilities, looking at stability of the company, today you need to look at vendors that are staying up with the demands of the market and where the market is heading, and making sure that the improvements being made to the software are in line with that. I think it's important to look at vendors that are releasing more than twice a year so that you can see rapid deployment of technology.

Other Advice:

It depends on the customer and the industry. Typically, the customers are choosing CA because of the broad capabilities of the gateway, the performance of the gateway; the gateway is one of the top performing gateways in the market, and security. It's absolutely the best security product in the market from a gateway perspective.

I give it a 9, because everybody's got room for improvement. I would definitely recommend the product. As you start looking at releasing APIs, some of the biggest concerns that we have are performance, because consumption is based on how usable the API is. When you start looking at the architecture that CA has put together in giving you the ability to cache information from the front side request, cache information from the back side request, and then create your own caching capabilities to improve that performance, that is a huge benefit and a huge consideration in making a product determination.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partners
PeerSpot user
reviewer2263797 - PeerSpot reviewer
CA Layer 7 API Gateway Administrator at a computer software company with 10,001+ employees
MSP
Top 20
Helps to monitor the infrastructure but needs improvement in quota policy
Pros and Cons
  • "We have more than 50 applications in the backend. We monitor the infrastructure through a database monitoring tool. Our daily tasks involve working on P1 incidents, managing change requests, conducting patching updates, working on P2 tickets, backend server certificate renewals, etc."
  • "Layer7 API Management should improve the quota policy for the number of API calls."

What is our primary use case?

We have more than 50 applications in the backend. We monitor the infrastructure through a database monitoring tool. Our daily tasks involve working on P1 incidents, managing change requests, conducting patching updates, working on P2 tickets, backend server certificate renewals, etc. 

What needs improvement?

Layer7 API Management should improve the quota policy for the number of API calls. 

For how long have I used the solution?

I have been working with the solution for six years. 

What do I think about the stability of the solution?

Layer7 API Management is stable. 

How are customer service and support?

The solution provides good support, but sometimes, time is taken to solve issues. 

How would you rate customer service and support?

Positive

How was the initial setup?

Layer7 API Management is easy to maintain. 

What's my experience with pricing, setup cost, and licensing?

The product is moderately priced. 

What other advice do I have?

We have large enterprise customers for Layer7 API Management, and I rate it a nine out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Layer7 API Developer at Allied Globetech
Real User
Built-in assertions for vulnerabilities, like DDoS attacks and IP restrictions, are useful
Pros and Cons
  • "There are a few assertions which are built-in for threat protection. I have used them for vulnerabilities, like for DDoS attacks, XML schema validation, IP restriction, and for cross-domain."
  • "There are old algorithms that the tool does not support - and it shouldn't, in my opinion. But sometimes customers need old algorithms, from old use cases and old applications, migrated to the platform. At those times, there are hiccups that happen."

What is our primary use case?

Our primary use case is basic encryption/decryption using symmetric assertions and then, gradually, SOAP signatures, SOAP encryption, non-SOAP XML encryption, and signing that. In the last six months or so, I have been working on JWT (JSON Web Tokens).

How has it helped my organization?

Using this solution, the deployment and development processes become easier when compared to before, when complete Java development was necessary. Now, the encryption part is very easy and our clients don't have to continuously depend on logic. On this platform, it's very easy for them to understand and to do testing. It saves them time.

What is most valuable?

I haven't found that there are any most-valuable features. I'm not using any feature most often in any of my use cases. The use cases depend upon the customers' requirements.

In terms of protecting APIs against threats and vulnerabilities, there are a few assertions which are built-in for threat protection. I have used them for vulnerabilities, like for DDoS attacks, XML schema validation, IP restriction, and for cross-domain.

What needs improvement?

There are old algorithms that the tool does not support - and it shouldn't, in my opinion. But sometimes customers need old algorithms, from old use cases and old applications, migrated to the platform. At those times, there are hiccups that happen. It's a bit of a challenge to make the customer understand that we should not be going with these old applications.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

We have not faced many issues with its stability.

What do I think about the scalability of the solution?

Scalability is a bit tough if it is a production environment. If you are planning to scale it and increase the number of servers within one to two years, that can be challenging. Up until now, if I have installed four servers, I haven't been given requirements to add more than that.

How is customer service and technical support?

We have contacted support. There were two cases where there wasn't support for old algorithms, the assertions weren't supporting them, and we reached out to the support team. They were very helpful. It depends on the problem you are asking them about. If it's easy, they give you solutions quickly. If there is a requirement for the engineering team to be involved, then it takes time. But they're very helpful.

How was the initial setup?

The setup is straightforward. If I'm doing it on a local machine, it takes 20 to 30 minutes for a single client. I don't have any implementation strategies. It's a straightforward process where you just need to select the options, click enter, enter, enter, and provide whatever input is required.

Before starting the implementation with a customer, we give them the prerequisites that are required. If those prerequisites are met, it doesn't take much time to do the deployment. They have to provide the IP, the hostnames, and the port openings.

In our last deployment, it took me two days to install all the port services. There was one replication and there were two persisting nodes. I did the complete installation and was initially involved in the API development. After that, my colleagues were involved in the development of APIs.

It requires a minimum of two people for maintenance, once it's up and running.

What other advice do I have?

The tool is very powerful so if you are looking to go with an API platform I would recommend CA.

The number of users among our clients is growing, although I don't have an actual number I can give you. Initially, it takes time to get people to understand the platform, but once they understand it, everyone wants to use the platform and have their application exposed to this platform only.

Overall, I would rate the solution at nine out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
reviewer881136 - PeerSpot reviewer
Senior Director IAM Security Engineering at a financial services firm with 10,001+ employees
Real User
Substantially decreases the amount of time it takes to secure new APIs
Pros and Cons
  • "One of the features that the tool provides is the ability to simply onboard new APIs to an existing security platform. We build all the policies for security upfront, and then we can add those policies pretty simply and straightforwardly to any new API that gets developed in the enterprise."
  • "One of the features that the tool provides is the ability to simply onboard new APIs to an existing security platform. We build all the policies for security upfront, and then we can add those policies pretty simply and straightforwardly to any new API that gets developed in the enterprise."

What is our primary use case?

API management, for security.

How has it helped my organization?

One of the features that the tool provides is the ability to simply onboard new APIs to an existing security platform. We build all the policies for security upfront, and then we can add those policies pretty simply and straightforwardly to any new API that gets developed in the enterprise. That has been the quickest and easiest thing. 

We're rolling it out across the enterprise as we speak, after that six months or so of heavy usage, and we're finding that the amount of time it takes to secure new APIs has gone down substantially.

What is most valuable?

The security features are the most important because that's what we're using the application for, specifically.

What needs improvement?

There is a thick client for configuration that is not as easy to use as you might like. So I would say the design and user experience, from an administrative standpoint, is a little clunky.

There are some really very granular kinds of issues that I've found and they're more related to very specific technical components of the application itself. Aside from these individual complaints that are very bound up with our use cases, I don't have any specific recommendations.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

No issues with stability.

What do I think about the scalability of the solution?

In terms of scalability, we haven't encountered any issues. Scalability has been something that we're starting to explore a little bit more now - automated scalability - responding to increases in capacity in the environment. But we haven't had any issues, and I don't necessarily anticipate any issues. CA provides certain containerized versions of their components that are very easy to deploy and scale.

How is customer service and technical support?

CA has been extremely responsive to any request that we've had for assistance, for support, and for new features. I haven't been able to evaluate the newer version that has recently been released, so we haven't evaluated it yet in terms of feature completeness.

How was the initial setup?

The initial setup was pretty straightforward. They provided us with a container and we got it up and running, and then we just started working on it. You can follow the instructions pretty easily.

Which other solutions did I evaluate?

We did not have a previous solution, but we did evaluate Mulesoft as an alternative and, possibly, Informatica. We ultimately decided that our relationship with CA, and the type integration with some of the other applications that we had deployed in the enterprise, made the API Gateway a much better option for us.

What other advice do I have?

I would suggest you take a look at all of the components. The API Management Suite that CA offers is broader than simply the API Management Gateway. The Suite has some features, extra components, that really make for a much easier and more accessible way a way of doing API management within the enterprise. There are components like the Mobile API Gateway and Live API Creator. These additional components really expand what the products can do, in a way that makes your value proposition easier to present to the business.

I would say this solution is a solid eight. It does everything that it says that it does. It would get a higher rating if it had a little cleaner interface and was easier to administer, but I think that's a pretty solid rating for a product like this.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Download our free Layer7 API Management Report and get advice and tips from experienced pros sharing their opinions.
Updated: January 2025
Product Categories
API Management
Buyer's Guide
Download our free Layer7 API Management Report and get advice and tips from experienced pros sharing their opinions.