Layer7 API Management Reviews

In our context, we have a number of REST APIs that we had to expose, a number of partners, internal users, as well as external partners who wanted to basically integrate cleanly and quickly, but didn't want to do five independent integrations into each API, so the CA tool allows us to effectively wrap those APIs into a common interface, so you can make one call and then the gateway will go away and make the other calls for you. That is the primary goal was that and the tool does that for us.

What it allows us to do is it's more time to market than the value, actually, so a lot of our affiliate marketing teams, they go and engage with the vendor's affiliates, effectively, and they want a very quick, clean solution to get a lot of customers in, place a bet, see their bet history and then log out and tap on and move on to do something else. What this allows us to do is that, whereas previously, I would have had to a specific project team, they would take two or three months to do an integration, now you can do that in a matter of weeks. You can realize the value of a commercial relationship very quickly.

Once it goes live, it's very stable, clearly, it's as stable as your infrastructure or authority or testing is, but once it goes live, as long as you sort of adhere to all the policy management, and make sure you're progressing code, you're testing it correctly, once it goes live it's pretty stable. We've not had any failures with it in the year and a half that it's been live, and it's very stable. From a performance perspective, it's great. You can throttle, you can do rate limiting, so it's very flexible for us.

It's been very good as we need them, thankfully we haven't had much call to call them up, because it's been stable, but we call them up for platform upgrades, when we went from version 7 to 8 and 8 now through to 9. As we need assistance, we raise a ticket. They're very responsive, they're very thorough in what they come back to us with, so they've been a really good partner for us.

The trigger, effectively, was that we had a partner, we'd done a commercial deal. The partner wanted to integrate, we wanted to integrate with the partner, but the partner had a legacy sort of application that they weren't able to do this integrating to five APIs. They wanted one interface, and they didn't want to on-board any of the logic, they wanted that to be done somewhere else, hence the CA API Management tool that does that for us. They make one call, it goes away, does all the connections, all the session affinity, with all the underlying APIs, and that partner can just make the calls as they want. They deployed it on desktop, on tablet, mobile's coming as well now, and we use it for other partners as well.

We had a very short time for it to get it done, so I dealt with CA, we managed to do the deal for the software. They put us in touch with a partner called Smart, Smart421 in the UK. We had a very high-level discussion about what my requirement was, the platform that we have, what I needed to wrap, which calls, so we did a lot of preparation in advance, and then they came on-site, and within two weeks we had a working API. We'd wired together the underlying platforms to build this API that was then sent to the first vendor. Very clean, very slick. As with any IT project, as long as you are prepared, you've done your homework, you know exactly how to lead the implementation, what to take the vendor through, then it works very well.

Partly it's obviously the reputation of the vendor, it's the support structures, it's the partners that they deal with. If they put you in touch with a partner to install the software, what is the calibre of the partner that they're dealing, and that reflects on them as an organization. Their licensing structures, how flexible they are to deal with you, these sorts of things. We also looked at Mashery and Apigee.

We chose CA API Management as it was better licensing model, it was better cost model for us. I wanted that product. I'd previously worked in an organization with they'd bought what was in the Layer 7 product, and so I had an understanding of the product, I had an understanding that it had been used in my industry. I knew that it would work, because I'd seen it done before, so those things were quite key for us.

Break it into small chunks, so what we did was we had a very defined use case, and we could have gone to a much larger project, but the ideas was to focus on the component that we were after, what we had to go and deliver, break that down, get it working, and then that gives the business more confidence to then invest in it further, future phases, and we just broke it down to that. We were able to very quickly deliver something of value, and that then allows you to move on from there, as opposed to doing the full solution first up, and then we could have failed on the way through, the requirements could have changed, but it was better for us, and it's something I recommend that you just break it down.

I give it a nine. It's a great tool, it's a great product. It's good for us because it does specifically what I need it to do. The only area I'd say there could be some improvement is some of the documentation perhaps, some of the release notes are not the best. I think they're trying to brush things up and make it better, so it's improving all the time, but initially when we first started seeing some of the interface and some of the documentation it was quite confusing, but then we have a partner that takes the pain, I suppose, for that. Buy the tool. It's fantastic.

What are the key digital priorities and initiatives in your company?
The key things for us is on-boarding affiliates, partners, as quickly as possible, for their customers, or our customers who bet through them, to leverage those relationships, leverage those customers to allow them to bet with us. API Management for us at the minute has been around in having a clean interface for these guys to be able to quickly integrate with us, and then we can very quickly get them up and running, and it's a commercially beneficial arrange for us.

Are you considering upgrading in the future?
We're investigating options as with most industries, omni channel is the big thing now, so we're investigating how we could use this in an omni channel perspective to wire up our other parts of the business, so that's something we may consider. Part of the show, there are developer portals to making it easier for developers, third parties, to actually interact with us. The current product, the gateway product, doesn't have a portal, so effectively I have to document how to integrate, and then every time I make a change, I have to then email the document out to all of my development partners, whereas if I had the developer portal, they can then just go log in themselves, register themselves, they get their own API keys, all that stuff's taken care of, so those things are quite interesting for me and for our partners.

The primary use case is we are using the API Management Suite. It has the Gateway and Portal, and we are using the Gateway to front all the APIs in FedEx.

The Gateway is performing very well. The Portal is not.

We can get more visibility into our data.

The benefit of the Gateway is that it provides security, authorization authentication, and analytics. These are the main benefits which we are using it for. 

The most valuable, for the Gateway, is it can front our APIs very easily, and it can integrate with FedEx easily, so those are good. 

For the Portal, we are able to manage with APIs and documentation. However, there are a lot of improvements, which could be done on the Portal side.

For additional features, I would like to see how it can be deployed into the cloud platform out-of-the-box and not having to do a lot of the initial setup. If it can be done out-of-the-box, that will make customer's life very easy.

Their upgrade solutions are not straightforward. Therefore, we are running the older version. We wanted to go to the latest and greatest. However, it is really complex going from where we are to the next one. 

It is fairly stable for the Gateway side. However, not for the Portal side.

We have seen that it can scale both vertically and horizontally. 

We have used technical support quite often, and they are really good. We have opened multiple tickets, and they are very responsive, especially for the Severity 1 tickets. 

The initial setup was very complex.

CA Service was helping me with the implementation. 

Initially we were looking into different options. We looked into Apigee, Axway, and CA. We did the whole evaluation, and CA come out to be the winner, because CA is the market industry leader.

From CA's new technologies, it looks like CA is moving in the right direction.

Look to your performance matrix and your benchmarks. What are you interested in? If you are looking for support, this is definitely the best solution. 

Most important criteria when selecting a vendor: Performance is one of the major ones. Security is another. 

• Time to market
• Ease of use
• Strong support

We were able to market our mobile app products with their strong security features.

There is a need for the migration of policies, better reporting, and monitoring integration.

I have used this solution for two years.

There were no stability issues so far.

I did encounter scalability issues. I wish they could extend the MySQL replication to multiple nodes.

The technical support provided is the best.

Initially we were using MuleSoft Enterprise Service Bus (ESB) before we switched to CA API Management.

The setup was straightforward.

CA has great pricing for gateways, so negotiate with your sales team.

Make sure you involve networking, security, and other infrastructure teams for the implementation.

We use the API Management tool mostly for the portal application and managing the APIs.

CA has a portal where we can expose the public and private APIs across the globe. We use it as a gateway for security and exposing the internal applications through that layer.

For us, it acts like a proxy as it passes through the API layer. We use it to transmit data from one format to another format, especially to route the data based on the content. This is a seamless process. There are little challenges in regards to the AWS integration but we were able to get through that and CA helped us move towards AWS.

The problem was that it was slow. This product was initially built as an in-house product, but later on they converted it to a pilot product. It was not ready at that time but now it is. We are fine-tuning it to make it available on AWS; so, it's good.

We're moving towards microservices. We do have around 358 to 400 APIs, i.e., monolithic APIs, and we want to convert them into lightweight microservices. We want to deploy them in a container, use the gateway and then expose those microservices to the external world. That’s our main goal and we are using CA API Gateway for this purpose.

I want a more loosely coupled migration utility.

Now they provide a DMU for migration of the code or APIs for continuous delivery. But it's not robust, so I want to see what CA is going to come up with regards to that.

In terms of using the tool itself, it is not user-friendly. You can use the product with ease, but once it starts developing the code, there are a lot of APIs and functions that are not readily available for you. You need to refer to a document to learn about that. They should provide some APIs which will drop down the list of all the functions and that are available and ready to use. The world is changing now; we don't want to be stuck in the 80s or 70s, where we need to search for everything and then try to write a code for it one-by-one. It needs be a good tool; easy for the customers to use it.

The main missing aspect from this tool is that although continuous delivery is available, it is not that straightforward and we have to work on that.

The stability is good except when we went live with AWS; that's when we had initial hiccups but slowly it improved. We are good at this point.

The good thing about McCloud being on AWS is scalability which you get by default. Hence, you don't have to worry about how you want to manage your infrastructure. By default, it will look at your load and there are some alarms set on that and then it will act. When you see the peak, it automatically scales to a new instance and when the load is too low, it will kill that new instance that it has created. AWS will help us with that.

We have used technical support. We had a few bugs in the code, i.e., bugs in the product code for which we had to talk to CA central customer service; they were good and responsive.

Previously, we were using OAG - Oracle Application Gateway. The CDCI was not that good with that. The continuous delivery and continuous integration are not readily available and there are a lot of bugs in the code, in the product. In comparison to that, the CA tool is less buggy.

There were a few reasons for choosing this vendor. The first being the continuous delivery and continuous integration, which was one of the major things we were looking for. Next, we wanted to look at the portal and the API itself; how do you manage the APIs, giving access, access control and all those aspects. The third thing we were looking at was security. So, these are 3 different things that we were considering whilst selecting a vendor.

I was part of the initial setup but CA was there with us to help through the implementation process. It's not complex.

We did do some research and tried to explore some of the API products available in the market. We did speak to all the different product owners, assessed it and then finally we came up with this solution.

Some of the vendors we looked at were Apigee and Amazon API Gateway.

Overall, this is a good product. Those who are interested in a similar product should try to do a PoC first and then see what you want from it.

I have used this tool for my customers, as I am a service provider, not an end user. I have dealt with implementations and configurations for CA API Management.

We implemented the API versioning for software services and REST services.

Mostly, it can identify client IT and user accounts to give them a lot of business logic. It can also provide API versioning. It can provide different versions to different customers, but the original API are the same.

Controlling microservices for my customers.

It provides a good user interface and is easy to use.

It is not user-friendly because you have to know so many programming languages.

It is a stable product. I have had no issue with it.

The scalability is good.

When it comes to supporting a large number of APIs or transactions, the performance is not bad, because it is in staging. We have not moved it to production.

Our client's environment has four CA API Gateways.

The technical support responds very quickly by email. The last time that I communicated with the technical support, I asked them, "If MariaDB, instead of SQL, is compatible with CA API Gateway?"

However, now CA's entire product service is poor in Taiwan, as there is no local support.

The implementation of CA API Management was complex. It took us (my colleague and me) six months to implement with two people. My colleague was responsible for implementing the API Gateway. 

My colleague is a system engineer. Because I am a programmer, I am in charge of the design and customizability. It is a complicated solution. You have to know so much IT knowledge to do the implementation.

The solution helped us to quickly publish and monetize APIs. I have used versioning responses to publish or send APIs to different customers with different versions.

It has a reasonable pricing model by instance.

I would not recommend the product based on how it has performed to implement it. I did not like working with the product.

We have not used it to modernize legacy systems via microservices, APIs, or developing a new platform for mobile. We also did not use it for connecting data to apps via APIs.

I am not familiar with the security aspects of the solution.

We stopped offering the product as a service a month ago since the product no longer belongs to CA. In Taiwan, I believe no one will buy CA products anymore because it is no longer trustworthy as a company, since the products are no longer supported.

In terms of priority: the scalability, uptime and the way that it's versatile. You can load up multiple different kinds of services at the same time. We have multiple different services going live on a particular platform, concurrently. It happens a lot. It's important for a system to handle that. Then CA's API solution also works with multiple solutions which are provided by CA, like LISA tools and all that. Altogether, it's a very cohesive unit.

Some of the things that we see as room of improvement are how do you integrate with other systems out there. Integration with the existing systems and infrastructure, which is not necessarily related. How do you integrate those systems in? Examples could be: how does CA integrate with IBM or existing systems? Lot's of large organizations have existing systems they don't want to replace with other systems. How does CA's systems work with those systems concurrently? Those would be important considerations.

So far the stability has been really good, we haven't had any problem. I believe we have been using it for sometime. As per the industry standards, it's been quite stable. Personally, I have been involved for almost 2 years but I understand that our organization has been using it for quite some time. We are in a business which sees lots of volume, trillions of volumes of calls. The system that we work with has to handle those trillion number of volumes of calls. All of that also happens in the real time, so the system has to scale up to spikes. Sometimes during holiday season and all that, we see quite a lot of spikes going in. The system has to manage all those spikes and CA has been able to do that.

The technical support has been good. They have dedicated technical support for us, we have dedicated account managers from CA, as well as specialists. It's great to have those kind of partnerships with CA.

I'll definitely give it 8.5. Whether they can put up the solutions that we want, that's number 1. How long they would take, is it going to provide value addition at this point of time or in the future would we have to invest in technology dollars in order to improve that? What is the pricing? What's the scalability? What's the uptime? All those features. It's been very good.

I think CA's API Management technology is in the top 3 in the industry. It depends upon what kind of things you're looking for or what kind of features you're looking for.

The most valuable features of the solution is the gateway and the power of the gateway. The CA solution, as far as how it rates with other products in the marketplace, gives you one of the most robust sets of gateway functionality and security capabilities out of the box in a configurable fashion. Instead of having to actually write code to achieve those things, the CA Layer 7 product gives you the ability to actually configure a very broad range of capabilities and policies directly out of the box.

If it's implemented correctly and you take advantage of some of the capabilities, like the ability to use APIM on the side and integrate that in with policies, it removes a lot of the weight of building all of those rules into the underlying services. It allows you to escalate that up and put that into policy management that can be managed in real time, which creates a faster move to market with capabilities.

Based on a lot of the other tools in the marketplace, the user interface itself is more linear and programmatic based. For a developer it seems to be a very natural interface, but for someone that you'd like to get in there, just doing more configuration, I think there's an opportunity there.

It's enterprise class software. It gives you the ability to scale and load balance, and based on how the technology is being managed today using a database as an underlying component that allows you to synchronize multiple gateways to the database. And then the ability to cluster the data technology. It can scale as much as you need to scale.

The initial setup and the configuration is relatively straightforward. I think the more challenging aspect of it is, like any solution that's an enterprise scale solution, is just getting the base infrastructure agreed upon, configured and implemented. Once that's accomplished it's very easy to configure and set up.

Looking at broad capabilities, looking at stability of the company, today you need to look at vendors that are staying up with the demands of the market and where the market is heading, and making sure that the improvements being made to the software are in line with that. I think it's important to look at vendors that are releasing more than twice a year so that you can see rapid deployment of technology.

It depends on the customer and the industry. Typically, the customers are choosing CA because of the broad capabilities of the gateway, the performance of the gateway; the gateway is one of the top performing gateways in the market, and security. It's absolutely the best security product in the market from a gateway perspective.

I give it a 9, because everybody's got room for improvement. I would definitely recommend the product. As you start looking at releasing APIs, some of the biggest concerns that we have are performance, because consumption is based on how usable the API is. When you start looking at the architecture that CA has put together in giving you the ability to cache information from the front side request, cache information from the back side request, and then create your own caching capabilities to improve that performance, that is a huge benefit and a huge consideration in making a product determination.

We have more than 50 applications in the backend. We monitor the infrastructure through a database monitoring tool. Our daily tasks involve working on P1 incidents, managing change requests, conducting patching updates, working on P2 tickets, backend server certificate renewals, etc. 

Layer7 API Management should improve the quota policy for the number of API calls. 

I have been working with the solution for six years. 

Layer7 API Management is stable. 

The solution provides good support, but sometimes, time is taken to solve issues. 

Positive

Layer7 API Management is easy to maintain. 

The product is moderately priced. 

We have large enterprise customers for Layer7 API Management, and I rate it a nine out of ten.