What needs improvement with Layer7 API Management?

Layer7 API Management should have more stability towards the operating system. I think we were planning to go to version 11, and then Layer7 API Management said you need to move from CentOS to some other operating system. This sort of stability needs to be there. They can't keep forcing the customer to completely change the OS. They should have some stability on the platform in terms of the roadmap. Layer7 API Management should give a clear roadmap of the product and where it is going, and they should not change the underlying layers. Layer7 API Management should also have an online, direct support mechanism wherein we can directly raise a ticket in the global center, and then somebody should come online to provide support if necessary.

The product's initial setup phase is not very straightforward, making it an area where improvements are required.

I recently got to know through some of my sources that there is a lack of support for customers from Broadcom's end. Broadcom's technical support team needs improvement. Broadcom's technical support team needs to be improved to achieve an increase in business in India.

It's quite satisfactory. However, I don't focus much on the cost perspective, but I understand that clients are often concerned about costs. They might be exploring other options due to the high cost associated with our current package. Currently, we don't have any major issues, and any past issues we encountered were promptly resolved. Perhaps in terms of improvement, we could explore more robust connectivity options, but for our current needs, it's been solid. As for my company, we might consider migration, and there are tools like GMU migration, provided by the same vendor, which could potentially help us in that regard.

Layer7 API Management’s price could be reduced.

There could be more integration options included in the product. It needs active connections added in the present version.

Layer7 API Management should improve the quota policy for the number of API calls.

The thick client interface is one thing that needs to move on. The as well should provide a better Web Based UI for policy management. I would also like to see more streamlining between Gateway and integration with the Portal for Collaboration.

Layer7 API Management could have a live API creator feature, so my team can easily create APIs. Right now, the product doesn't have that feature.

Layer7 API Management could improve by assing more portal-based capabilities.

The development portal could be improved. Following Layer7's acquisition of Broadcom, the technical support and sales teams have not been good and both those areas need to be improved. I'd also like to see the latest code support with open API specs and JavaScript which is lacking.

The overall cost of Layer7 API Management is high, they can improve it by making it less expensive. It is a stable platform, but Layer7 API vision and future are not clear

I would also like the next release to support FAPI-CIBA because there are laws in Brazil that require companies that operate in a digital manner to support CIBA and FAPI. This is more for authentication flows.

The UI design could be improved in the next release.

Some areas for improvement would be the security the product provides and the response time when a client is making a call with their payload.

Though Layer7 API Management is overall a great product, it needs improvements on the capabilities related to the engagement of API consumers. 

It needs a forum like tooling which allows API producers and consumers to interact with each other. 

In my opinion, the main improvement they need to do is to find a way to introduce a forum where both the API Producers and API Consumers can interact with each other. This would help in promotion of API consumption at a greater pace.

The Policy Manager tool that is used to manage the solution is very heavy to use because it is based in Java. Sometimes it takes a long time to load. There could be some improvements to it. If they could make Policy Manager on a web page that would be a good alternative.

Its ID authentication is a little outdated. I think they should start using face ID. They need a multifactor authentication solution for the API layer and the other layers, as well. Today, we don't have face recognition for the gateway. We don't have palm recognition either. This would add a needed additional security layer.

The delivery is bulky in terms of implementation. Its price could also be better. It is a very good product as compared to CA API, Google API, and WSO2 API, but its price is high. From the cloud-native perspective, some new features need to be added. It could also be made simpler to implement.

The license model and the cost of licensing can be improved. Especially given that we are in a stable operational mode.

The user interface — what they call the Policy Manager — is somewhat poor but I think that is because of the technology they have chosen. It is a Java desktop. The user interface for a Java desktop is difficult to make and it is not easy to make it look flashy. If they move to a web interface, that is another problem. It cannot match the native Windows interface, but it is okay. It needs to be improved, I guess. That is the only thing I believe needs to be improved in Layer 7. It needs to be easier to navigate and use.

In terms of what could be improved, I think they do not have a good enough knowledge base on setting up the API Management Layer, especially on Azure using containers. In the corporate world, this solution is becoming very popular as we move forward. So something that I would like them to improve on is their information resources because we need more assistance / support from them to get our API Management Layer set up correctly on Azure. They still have a lot to do in this area in terms of support and building a community. But we have confidence, it would improve moving forward. When you talk about full API life cycle management, they lack inbuilt support of community forums as part of their offering which can be published to external developers. The forum can become an important hub for communication between our organization’s API Team and app developers who wish to use our APIs. Using the forums, developers will be able to post questions using the forum.

The Portal lacks maturity. Since the move from Portal 3.x to 4.x, a lot of features were removed. It is slowly coming back. I can see a lot of changes are done in the "background" to decouple components and make it more flexible. Those changes are just not getting to the UI side quick enough. The CA Portal concept of multitenancy does not align with their other products (or how most people see it) and that caught us off guard. CA/Broadcom is addressing this though. I have seen an uptake in feature development since the Broadcom acquisition of CA. It seems that a lot of our concerns were taken up and are being addressed. My rating would have been better if it was not for the Portal. The Gateway I would give a 10 out of 10. For feature improvements, the way the Portal handles the security of APIs needs a total rework. Luckily, we could customise this layer to work for us but it would have been nice if the options were out-of-the-box. As the product set is very customisable, I would like to see an environment where customers could share and upload customised components or "assertions".

One improvement for CA API Management would be better integration with the web access console. Better integration of the web access console would be great. One specific feature that we need is the ability to authenticate directly to the server with API data. It's not complex nowadays. This is a feature that we need and CA doesn't have it. CA API Management can't do the same authentication functionality with the APIs as the other competitive products in the marketplace.

Based on the method an API, we need to be able to access that particular API. They need a workflow for the API Developer Portal, where the process only allows requests to go to the correct person. The CA Mobile API Gateway (MAG) for mobiles has too much latency.

The entire lifecycle management approach needs improvement: from the API management, development, deployment, some of the settings around the quotas, and some security policy applications, etc. for the APIs. We found the Apigee platform a lot more robust in that area.

It is not user-friendly because you have to know so many programming languages.

From the last version, they have added more dashboard support, but there is still a lot they need to improve. The thing is, on the chart you can set it to forty seconds or one minute. That's fine, but if you hold any request it should be clear on the graph. For instance, on the dashboard of the graph it should be written around it. It should say, this is the response time here, etc. In terms of monitoring, it's almost all covered. The interface can be improved, though.

There are old algorithms that the tool does not support - and it shouldn't, in my opinion. But sometimes customers need old algorithms, from old use cases and old applications, migrated to the platform. At those times, there are hiccups that happen. It's a bit of a challenge to make the customer understand that we should not be going with these old applications.

This is not specific to CA's tool, but API tools in general. There are two schools of thought: There is the "Apigee" school of thought that says that we don't need hardware to implement security, and there's the "API Connect" school of thought which says some sort of an enterprise service bus would be critical to the success of the API management tool. I find this hardware reliance is a bit archaic. The biggest reason I would want to get an API management tool is to get rid of the hardware. If I have to have the hardware and put the tool on top of it, that makes it a bit cumbersome for us because the maintenance of the hardware, for any enterprise service bus, is in hundreds of thousands of dollars per year. It needs to go into virtualization.

On the monitoring side, we need a better way to monitor it. CA has not given a clear understanding of what external tools we can use to do this. We also need a total dashboard functionality to see how many transactions are going through, where the problems are, etc. There's no out-of-the-box monitoring other than the dashboard, which doesn't give you very much. Their migration policies are also not the best out there. We just do an export and import of it, which is fairly simple, but they could have made it better.

We have experienced technical difficulties with the product in the past.

The development toolkit used for creating APIs should be more online and user-friendly. Deployment and tracking could also be improved. Tools like Apigee provide a complete online experience along with RESTful APIs, to manage all activities. It is a very nice and user-friendly solution compared to CA.

They should incorporate deeper monitoring features into the solution to make the offering more complete. Doing so would help to showcase traffic patterns and usage to better engage customers and partners proactively. It would also help with API management and capacity planning.

The product needs to keep up with newer trends even though customers might not be requesting it yet. For example, the usage of newer versions of Swagger and YAML format.

* Better GUI for the policy manager. * Needs better professional services in my country. * Better mobile features. * Better HA configuration.

The portal is an important point in the lifecycle of the APIs. Right now, the portal lacks many features. We hope that the new version will have them and that there will be a quality jump, which is needed.

The portal is not the most intuitive and the way things are displayed makes it difficult to find the information we need. We never completely read the info. The way it's written does not make me want to read it.

The CA API Management solution has good security features, but when it comes to being used in areas like enterprise integration, where it is being used as middleware for all the IT environments, that particular feature is quite limited. It doesn't support as many protocols as an industry standard, competing product should.

There is a thick client for configuration that is not as easy to use as you might like. So I would say the design and user experience, from an administrative standpoint, is a little clunky. There are some really very granular kinds of issues that I've found and they're more related to very specific technical components of the application itself. Aside from these individual complaints that are very bound up with our use cases, I don't have any specific recommendations.

Cloud-native architecture of the product.

One area where it certainly needs to improve is the way it allocates requests, in terms of rate limiting. Let's say I have set the rate-limiting to 1000 requests per second and I have four nodes in a cluster. It divides the request into four, that is 250 per node. If I have a node-balancer in front which has the least connection mechanism it sends the first request to a node. It has to improve in terms of API rate-limiting. Also, there is no native Kafka connectivity. If they provided native Kafka connectivity, that would be good.

We did an assessment and are continuing with implementation. I would not say it's 100 percent perfect but, currently, all the features we anticipated using are working. The only issue we have is that we have to buy an APM license separately for end-to-end monitoring. That is something we are looking into.

* This is a punctual need for the characteristics of the business or at the request of some partners: It is the use and configuration of VPNs, which in the current version is not enabled. * Expose system properties and other configurations via the GUI (Policy Manager). * Increase tools for manipulation of JSON messages.

* The API Development tool can be made more user-friendly by providing folder properties. * Assertions for common functionalities (like mathematical operations, string manipulations, connecting to non-SQL). * Masking the user credentials entered in Identity Provider, JDBC based on user role * Analytics and reporting need to be made better and more user-friendly; add some custom reports both on the Developer Portal and API Gateway; exporting of analytics and an email facility. * Logging and tracking of changes done by users in the Developer Portal.