- Availability of Security Assertions: Addresses all the industry security standards
- High Flexibility: Allows policy-driven orchestration and security mediation, in a drag-and-drop manner
VP Of IT Development at a tech services company with 1-10 employees
We have secured APIs, exposing them to the international and domestic partners.
What is most valuable?
How has it helped my organization?
Thanks to this product, we have successfully secured SOAP and REST APIs and exposed them to international/domestic partners using the standard industry protocols.
What needs improvement?
The Policy Manager UI is very busy. It lacks a graphical representation for the flow of the assertions that can significantly improve the clarity of the policy. Thus the Policy Manager UI can be improved in terms of usability. For example, instead of policy assertions in the policy being in a line by line form, it could be represented as graphical flow, similar to how Vordel Gateway does it.
For how long have I used the solution?
I have used this solution for six years.
Buyer's Guide
Layer7 API Management
October 2024
Learn what your peers think about Layer7 API Management. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
What do I think about the stability of the solution?
We have not experienced any stability issues. The product has been very stable.
What do I think about the scalability of the solution?
The CA API Gateway solution is highly scalable. It is very easy to add more nodes to the cluster, which increases the processing power.
How are customer service and support?
The technical support is excellent and very timely. The engineers are extremely knowledgeable, not only in regards to the product, but also in terms of the protocols and standards that are used by the product.
Which solution did I use previously and why did I switch?
We were using Vordel Gateway, but it lacked the flexibility and integration capabilities that CA API Gateway provided at the time.
How was the initial setup?
The initial setup was very straightforward. CA has clear and concise documentation to walk you through the initial setup process for both simple and complex deployments.
Which other solutions did I evaluate?
Vordel Gateway and IBM DataPower. Both these solutions were evaluated from our end, before CA API Gateway was selected.
What other advice do I have?
You should read the documentation.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Programmer Analyst at a healthcare company with 10,001+ employees
We leveraged the UAR tool kit to design a hospital patient portal. Developers can focus on functionality.
What is most valuable?
The most valuable features are reliability and scalability; it's just easy to deploy across our environment. We like those features.
How has it helped my organization?
It certainly filled the API management needs of our organization. For example, we were in the process of designing a patient portal for the hospital, and we were able to quickly leverage the UAR tool kit that’s available. The developers didn't really have to think about security, even though in the healthcare industry, security is a big concern. And that was all leveraged from the robust tool kit available in API Management. Taking that heavy lifting away from the developers so they could focus on functionality and we could focus on delivering the secure access they needed, was great.
What needs improvement?
It's a great product. Just expand on it. I think CA has done a good job bringing the UI component to macOS; that’s good. And I think they're also doing a web UI version where you can create policies. I believe in the past, they had some limitations of what you could or couldn't do, but they are solving some of those issues.
CA is the leader in this space. So we look toward them for coming up with best practices to adopt. I'm not really an expert in that area.
For how long have I used the solution?
We've had it working for about 4 or 5 years
What do I think about the stability of the solution?
We've had it working for about 4 or 5 years now and apart from upgrades, we have never had a problem with outages or components breaking down.
What do I think about the scalability of the solution?
We began with just one appliance. Then, as our needs grew, we put in a load balancer. It had multiple VMs talking together, which was fairly easy to do and we never had a problem with that either. From time to time, when we needed to take one server out of the load, it was an easy process; the other servers automatically absorbed the workload. That's a benefit for us.
How are customer service and technical support?
We had API Management from when it was still Layer 7. Their people were certainly filling a lot of shoes because it was a smaller company at that point and you would see the eagerness for technical support to jump in, be hands on, and help you all the way through. Now, they try to push us towards the solutions and the consultants a little more. In a bigger organization, getting POs signed is not an easy process and when you want something that could take an hour or two hours to fix, now becomes a bigger hassle.
Which solution did I use previously and why did I switch?
When we looked at this emerging API management need seven years ago, we looked at the Gartner recommendations and then looked at our organization’s needs at that time and kind of picked CA right from the beginning.
How was the initial setup?
I jumped in to the second or third upgrade, not at the initial setup.
What other advice do I have?
I would certainly recommend using this product. We've had a wonderful success story. And we've not had any issues with it. Even when the consultants do come out, they are very knowledgeable. They know the product inside and out and can implement it right on site. That is a plus.
When selecting a vendor, the interoperability between their different products that we have is important, as well as expandability. Additionally, we want to be able to configure the product to our liking. That helps us adopt it.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Layer7 API Management
October 2024
Learn what your peers think about Layer7 API Management. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
API Champion at a tech services company with 501-1,000 employees
It integrates with other solutions that we already have. We can move people around because they already have a basic skill set.
What is most valuable?
The best features for us are documentation, the development portal, ease-of-use, and click-to-market. Our API landscape is increasing exponentially and one if the differentiators that allow us to reach our goals is how fast we can get to the market. And our speed-to-market is based on ease-of-deployment and how fast we can iterate and change.
How has it helped my organization?
It sets itself apart mainly because it's a bigger product and a bigger company, so it integrates well with other solutions that we already have on-premises. That makes it a lot easier for us to move people around, since they already have a basic skill set. That really helps. The support that we get from CA in general, including the talks, the books and the documentation that explains how to sell from a technical and a non-technical side, really benefits us.
What needs improvement?
I would like to see a lot more information about design, such as design thinking and design UX, UI, information about the technology, and the problems it's solving for everyday customers.
What do I think about the stability of the solution?
The cloud-based solution that we use right now is stable. We have an on-premise solution as well, which we still have some issues with, but we're still moving forward.
What do I think about the scalability of the solution?
Scalability is unmatched. Since it is cloud and AWS backed, if we need more power, we just call it up and it's pretty quick.
How are customer service and technical support?
Technical support, including the communities, Twitter, and being able to reach somebody on the phone is phenomenal; it's a good working relationship.
Which solution did I use previously and why did I switch?
We have multiple solutions in house. This is the one we choose for now for certain products. There weren't really better products and there's only certain product groups in the market, and we only pick the best-in-breeds. CA was one of them.
For me, the most important quality in a vendor is technical support. I want support from end-to-end, including documentation, technology, and written materials that I can download and review myself and then reapply.
How was the initial setup?
Initial setup was a little bit of both straightforward and complex. We are a large company and have certain scenarios that make things a little bit more complex. CA's always been really good about being right there with us to understand some of our challenges.
What other advice do I have?
Dig in really deep, not only from a technical standpoint but also from a design and product standpoint. That's probably the biggest piece of advice that I can give you. If you miss this, you will forget to see the forest through the trees.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Head of Group Technology at a logistics company with 1,001-5,000 employees
Controls usage of digital assets and access to systems from the outside world. Monetization should be standard, not an add-on.
What is most valuable?
The Mobile SSO and Developer functions are the most valuable features. The Mobile SSO functionality is not available with most similar products in the market, which makes this a unique product. The Developer function helped the developers to be self-sufficient meaning they did not need a lot of training and they could do things on their own.
API security was another important feature in terms of how you are able to control usage of digital assets and access your systems from the outside world. Thus, security was a good feature.
Lastly, the monetization part was also important. We have not started off yet but monetization was one more thing that we were very happy and keen about when we saw this product.
How has it helped my organization?
We have recently implemented it so it is too early for us to say how this product has improved the working of our organization. We wanted it as a feature and capability for the organization so we have invested in it. In the future, it shall proceed in the direction of how we would like to shape-up our organization.
What needs improvement?
We would want to see the monetization feature to be a standard function. At the moment, it is a third-party solution. This feature helps you to carry out API billings, so as the APIs are consumed from the outside world, you can charge your users for using them. Currently, it is not a standard feature and is more like an add-on where they have worked out ISV pricing with others. So, if it is made as a standard feature of the product it will be really good because it will take the promise of app economy to a true level; thus, it will be truly monetized.
Another improvement we would like to see is that the product should be more relevant with the public cloud infrastructure that is pervasive nowadays. So, the ability to host and run these solutions on Amazon, Azure or Google Cloud should be a standard feature for this product. From what we have been told it is going to be a part of the product’s roadmap.
What do I think about the stability of the solution?
This product is stable.
What do I think about the scalability of the solution?
We did our own test to verify scalability and found it was quite scalable. We had no issues.
We had done a load test on the application on our own and it was able to scale to a significant number of transactions per second. Based on our architecture and solution that we have, we are comfortable with the level of volume that it can handle.
How are customer service and technical support?
We have not used any technical support.
Which solution did I use previously and why did I switch?
We were not using a different solution before. We were looking in the markets for solutions which would help us give this level of scalability, based on the nature of business that we have.
We never had a product like this because API management was always a discussion and we never knew how to implement it. When we saw this product and figured out that they had the features we wanted, then we took our time to perform due diligence and figured out this was the right product for us.
How was the initial setup?
We were involved in the initial setup and found it to be a little difficult. The reason being, we implemented this product on Microsoft Azure and the product features on Microsoft Azure were not updated at that time. So, there were some initial hiccups. However, CA professional services and my team were involved extensively to get it rectified. CA services did play their part in making sure that whatever the shortcomings, if any, were addressed. It was a good involvement from their end.
Which other solutions did I evaluate?
We did shortlist other usual vendors namely Apigee, Axway, Mashery that are the other competing products in the market. The number one criteria for selecting this product was CA’s pricing policy as well as its presence in that part of the world from where we come from; it is significantly big compared to all the other companies. In Asia where we come from, not all the companies are present to that extent and you need a level of comfort when you're investing in such a magnitude. You would want the organization to be very strongly present there.
What other advice do I have?
Just do your own homework and make sure your own metrics are ready, specific to your organization. Every organization is different and make sure that you maximize the value of the investment that you are putting in.
The roadmap of the product is the most important criteria while selecting a vendor. In addition, another important factor is the ability to invest in continuous releases/new releases that are coming up in the product. In short, how much the vendor is willing to invest in the product to keep it updated.
We had a little bit of mishaps for the installation. Overall, regarding the product features all what we wanted was in there. It's just that we had our share of a little difficulty in implementation, otherwise it is a good product.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Vice President of API Management Division at a tech company with 51-200 employees
We have been able to accelerate our clients’ transition to digital organizations by using the CA API Gateway to rapidly expose legacy business services as RESTful APIs.
Valuable Features
- Security
- Flexibility
- Ease of use
- Message translation
Improvements to My Organization
We have been able to accelerate our clients’ transition to digital organizations by using the CA API Gateway to rapidly expose legacy business services as RESTful APIs, adding industry-leading security to the APIs, and providing a Developer Portal that provides governance, control, visibility, and organization of the entire API stack. These features result in faster time to market, cut months off project timelines, and enable businesses to prevent from becoming disrupted by high-tech startups.
Room for Improvement
The Developer Portal has had some limitations but a new version has already been released which addresses these limitations. It is already available in SaaS form and will also be available as an on-premise solution this October.
The previous version of the Portal was a bit more limited in terms of appearance customization (CMS) than the new version. Some other features lacking in the old portal but available in the new version include API-Enabled (functions that can be executed from within the web-based GUI can also be executed from API calls, allowing you to automate tasks), ad-hoc reporting, support for hybrid deployments (Portal in the cloud, API Gateway on-prem), and Swagger support to name a few of the most commonly requested features.
Use of Solution
I have used it for three years.
Scalability Issues
The CA product has outstanding scalability built-in via their “cluster” concept. The Gateways are organized into clusters and adding a new Gateway into an existing cluster is very simple and does not require an admin to configure the newly added Gateway nor manually deploy policy to it; it is all automatic. Stability of the Gateway is rock-solid so long as you follow CA’s best-practices guidelines when provisioning and configuring servers. We have seen sporadic performance issues when clients’ IT Operations team did not follow the guidelines but these were easily remedied by updating VMware configurations to match CA’s recommendations. DRS configuration is an example of this. One must also pay attention to log and audit data as these can grow fast with the high transaction counts of today’s API utilizations. Implementing a strategy to archive this data is important. We very often forward this data into Splunk to provide our clients with a single source for API analytics.
Customer Service and Technical Support
For most use cases, CA support is very responsive and they even have a group dedicated to making fast-paced product updates and customizations for customers with special needs, which is very unique among API solution providers.
Initial Setup
The CA product is very easy to set up. A development environment can be stood up in an hour or two.
Implementation Team
As a service provider, we implement API management solutions for many customers. My advice for customers seeking to implement these solutions is to pay close attention to the CA recommendations on VM settings (if using the virtual appliance), and to ensure they seek assistance from someone familiar with implementing this specific solution. CA has their own professional services division, and there are several consulting firms such as ourselves who have experience implementing this solution.
Other Solutions Considered
We work with multiple API solution providers. Each has their strengths and weaknesses. We work with our clients to understand their needs, current IT infrastructure, future-state IT infrastructure, and roadmap, then provide them with our solution recommendations based on this input and our own personal experience implementing API management and identity and access management solutions.
Other Advice
API management solutions have many additional valuable features that some IT development purists might not feel “should” be handled by an API gateway. Two examples include the API gateway’s ability to process business rules on a service, and the API gateway’s ability to provide orchestration. One could certainly have a lively debate about whether the API gateway is the “right” place to do this, but the point I try to make is that in the real world, work comes at you fast; you have to be nimble and responsive to customer demands. I have been in situations where a business requirement and deadline could not be met because certain architecture was not ready or the team who would normally handle this work was already fully utilized on other requirements. Because the API gateway can handle these tasks, it provides increased flexibility. The new functionality can be added into the gateway and later moved out to a service bus or microservices architecture as time allows.
Disclosure: My company has a business relationship with this vendor other than being a customer: My company is a CA partner. We are resellers of CA Identity Management and API Management products and we provide implementation services to clients.
VP, EIM Data Architect at a financial services firm with 1,001-5,000 employees
It provides us security on the gateway to handle the throughput from digital channel projects that require back-end integration. I'd like to be able to import a Swagger file through the gateway.
Valuable Features
The most valuable aspects for us are the security features, such as OAuth and access control. Furthermore, it's a flexible tool that performs well.
Improvements to My Organization
It's a great tool, but I wouldn’t say it streamlined anything. It does just exactly what we acquired for, which is to connect and manage data from our legacy system to the cloud and to mobile. We had some digital channel projects that required back-end integration and needed security on the gateway to handle the throughput that would be coming, so we chose API Management.
Room for Improvement
I'd like to be able to import a Swagger file through the gateway.
Use of Solution
We have been using it for three years.
Deployment Issues
We've had no issues with deployment.
Stability Issues
It has been stable from day one. We haven’t seen anything to suggest it won’t continue to be.
Scalability Issues
It's scaled just fine.
Customer Service and Technical Support
The online material is fantastic and the CA API Academy videos are excellent.
Initial Setup
The initial setup was complex and difficult mainly because we didn’t have heavy Linux support guys.
Other Advice
It takes longer than you would think; timing it is essential.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Technology Analyst at Infosys Technologies Ltd
Gives us insight to the original view and tells us how much data there is
Pros and Cons
- "This improved our organization, because it gives the management data to discuss for the next course of action and it suggests what to work on, as the next thing."
- "From the last version, they have added more dashboard support, but there is still a lot they need to improve. In terms of monitoring, it's almost all covered. The interface can be improved, though."
What is our primary use case?
We've been using it to program intermittently. There's a problem with one version, which saves pretty slowly. Now it's good. Then we found that this is cheaper. The advantages include the coding, as well as getting emails and alerts from them.
How has it helped my organization?
I mostly used it when working in the banking sector. There are many bank connections going on every day, especially during the holiday season, which can be kind of tough. We need to straighten the books, which can include how much money came in, how much money was lost, etc. If the information is not there, there will be a problem. We needed a program to keep track of the data.
This solution gives us an insight to the original view. It tells us how much data is there and it provides manuals to use it. So the technician office is there and it gives us some data. For the moment, we can change anything in the software, like enlarging it for example.
It improved our organization because it gives the management data to discuss for the next course of action and it suggests what to work on, as the next thing.
I published APIs in the CA environment also. That's very good. I haven't done it in my workspace on a personal level, but it's a good thing. I have already published APIs with other solutions, but there is a bit of a difference and that is good for CA. CA is better than Apigee because CA allows you to make changes and is a little generous in terms of where to go with the project. It's good.
It's very good at supporting a large number of APIs or transactions. The transport of APIs is needed. Everything in CA is very easy for developers, because when a developer logs he can view it right away. With other systems, it isn't as easy. I like this. It's going up in the market.
What is most valuable?
I think it's very valuable because of the support desk in one application. It protects us well. That is very important.
In terms of security, it's mostly been enough until now. I had used them in my local work. I was playing with them and saw that they support everything. It's almost all covered so far.
What needs improvement?
From the last version, they have added more dashboard support, but there is still a lot they need to improve. The thing is, on the chart you can set it to forty seconds or one minute. That's fine, but if you hold any request it should be clear on the graph. For instance, on the dashboard of the graph it should be written around it. It should say, this is the response time here, etc. In terms of monitoring, it's almost all covered. The interface can be improved, though.
For how long have I used the solution?
I've been using this solution for two years.
What do I think about the stability of the solution?
It's really stable. That I can assure you. That is the one thing which I have to fight for with my managers because they ask why we should not move to a different solution. They said another solution is more stable. I told them that they are looking at the market analysis. We should test it ourselves. It's a really major banking project that we're working on.
What do I think about the scalability of the solution?
Scalability is really good because it's very easy to create new users. It's really good.
There are 43 people using CA. We will use CA to its maximum capacity. It has become very popular in my office.
How are customer service and technical support?
I never needed to use their technical support. If you need it, you could chat with the online support team. That's it.
Which solution did I use previously and why did I switch?
We used Apigee and API Connect. I found that CA is more stable than the others. When you are deploying code, you also need the previous versions. With CA I can track all the changes. It's more stable and reliable.
How was the initial setup?
The initial setup is simple. If you are a novice it could be complex, but if you are good at working with computers it should be very simple. It takes about seven or eight minutes, including configuration.
All we have to do is consider our code and environment for the applications. For instance, what things are going to happen.
We used three people for deployment. One is project development guy that we might move because development is getting smooth nowadays.
We currently have 18 people, of which seven are developers and three are in management. So there are eight people in back-end maintenance.
What was our ROI?
You can imagine that we are in a gem mine. It costs money to supply the equipment and then we can get 45 gems. It's difficult to know the ROI until you get the gems out.
What other advice do I have?
I would say implement it. If you are new to APIs and things, you won't understand it, but if you have some experience it will be okay.
I would rate this as eight of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
VP Enterprise Solutions - Financial Services at Samsung
Video Review
A compelling platform that enables organizations to easily develop and roll out mobile applications
Pros and Cons
- "They have got a very compelling platform that enables organizations to easily develop and roll out mobile applications."
What is most valuable?
CA has incredible reach in the market across industries. To have the opportunity to partner with CA has been great for us, a great exposure. They have got a very compelling platform that enables organizations to easily develop and roll out mobile applications.
A lot of their customers have come and said, "We'd like to be able to enable these mobile applications with biometric authentication capabilities." It is really a nice blend. We are able to provide that capability to enable that platform to deliver that to their client base.
For how long have I used the solution?
Still implementing.
What do I think about the stability of the solution?
Our solution has been around for several years now. It is FIDO certified. It has got compliance certification from the government, so it is very stable. The underpinnings of Samsung Pay deployed in South Korea. There are five and a half million consumers using that platform. That is one of the largest biometric deployments probably out there today. Then, we are a global organization, so we have deployments throughout the world and across different industries.
What do I think about the scalability of the solution?
The solution is already supporting about five and a half million consumers in South Korea, so it is scalable. Today, there is a server element to that solution. From the client's side, it is SDK-based, but there is a server element. We can support about two million users on each server, then you can nest servers together.
We have no concerns about scalability at this point.
How is customer service and technical support?
We have not gone into production yet. We have not had direct experience with CA's tech support. I can tell you that our development and our technical folks have been working very closely with their development teams. They have teams in India that we work with and teams in Vancouver that we work with. It has been a really good experience for us. Because it is global, you have got to be around the clock to some degree. So far, there have not been any issues. We have a US-based tech support team that as this thing goes into production with clients, we will be leveraging that team as well as the CA team.
How was the initial setup?
There is a server element and a client-side element. The server side installation is fairly straightforward. We don't provide hardware for the server installation, but we provide specifications, then we will help an organization work through it. In pretty much a day or two, you can get a server stood up and working.
On the client side, it is integrating. You're taking this SDK, and you're integrating into native mobile apps. The complexity of that depends upon what you are trying to accomplish. Certainly, with simple use cases, we have had people spin this up in days. As you get more complex in the use cases, you might be looking at weeks. However, this is not a three to six month type of implementation timeframe. It is more of a three to six-week type of implementation timeframe.
Which other solutions did I evaluate?
I do not have a lot of competitive information on other mobile access or mobile API gateways. So, it is hard for me to say how it ranks against other competitors. I will say that it seems like it is deployed in dozens, if not, over a hundred different companies. That says for itself that it is a very strong product.
What other advice do I have?
I would put it up in the eight to nine category out of a 10, if I had pinpoint a number.
Most important criteria when selecting a vendor: CA is extremely appealing because of the reach that they have across industries, and they are pretty deep in many industries. They bring some brand recognition to the table, and obviously Samsung has a very strong brand as well. You combine those two brands, and that just creates a compelling offering which will get the attention of companies out there.
Obviously, the support piece is important, the product stability, and how robust that product are very important to us. We look at that on a number of different dimensions.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Download our free Layer7 API Management Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
API ManagementPopular Comparisons
Microsoft Azure API Management
Amazon API Gateway
webMethods.io
MuleSoft API Manager
Kong Gateway Enterprise
IBM API Connect
IBM DataPower Gateway
WSO2 API Manager
3scale API Management
SwaggerHub
Axway AMPLIFY API Management
TIBCO Cloud API Management
Akana API Management
Buyer's Guide
Download our free Layer7 API Management Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- When evaluating API Management, what aspect do you think is the most important to look for?
- What is the difference between an API Gateway and ESB?
- In a Digital Banking Environment how do we see the role of ESB/ API Managers?
- What is an API Gateway?
- How do you protect your API from security threats?
- What should one take into consideration when choosing an API management solution to manage Microservices?
- Which API Management tools have the best developer portal?
- Which API management tool is the best?
- What is your favorite API Management tool?
- What are the key parts of an API strategy at an enterprise?
You mentioned legacy apps. However, in my understanding, the only language supported for API creation in CA APIM is JavaScript (Java jars can be used for dependency JARs). Does APIM support any other way of migrating legacy apps to APIM?
Thanks
Udaya