SlideShare a Scribd company logo

Adopting APIs & Microservices at a Major Bank (Part 2)

Download as PPTX, PDF
Nordic APIs
Nordic APIs

Major banks around the world are well aware that their business is about to change forever. Fintechs, Open APIs, Blockchains and other innovations are forcing them to adapt at speeds they’ve never dreamed of before. APIs and Microservices promise to grant them that level of agility, but embracing them demands a fundamental shift in technology, process and culture, all at once. This is the story of one major Canadian bank’s journey.

Software
1 of 11
Presented at the API Summit from Nordic APIs June 12, 2018 @ Austin, Texas Adopting APIs & Microservices at a Major Canadian Bank – Part 2
APIs are a natural evolution of CIBC’s integration journey. Modern APIs are a technology innovation that will make the bank more agile with faster time-to-market. Enterprise Service Bus Enterprise Service Bus Domain Domain Domain The Evolution of Integration Monolithic • Direct integration • Defined use case only • Need to understand details of producer AND consumer systems for integration ? Enterprise Service Bus • Service-Oriented Architecture (SOA) • Interface Agreements/Contracts • Connect indirectly through ESB (layer of abstraction) Domain Service Buses • Federating the ESB environment • Giving more autonomy to CIOs • Pick the technologies and stack that suits their needs APIs / Microservices • Mobile & single-page apps arrive • FinTechs and regulators add fuel • They all want “RESTful” APIs • Functionality in small, separate independent, scalable containers • Coordinated integration • Easier to change/upgrade • Reuse = Faster + Less Duplication • Increasing Demand • ESB became bloated, complex • Difficult to change • One change affects all • Lots of testing required • Promotes Domain independence • Enables heterogeneous tech. • Facilitates innovation • Domain Service Buses got thick • Proliferation of Technology • No need to agree ahead of time • Automated “self-service” model • Independent enhancement • Independent deployment • Contained the “blast radius” • Accelerates innovation GaGateway The move to APIs represents a big cultural and structural shift for the bank, and this shift must be backed up by the right technology.
APIs are the future: So how do we build them? Before we could take advantage of APIs at the bank, we needed to choose an API platform. The decision to build the API Foundation in-house is a hedge against a volatile landscape and develops critical internal skills. We have taken a different approach Instead of gambling on one of these external platforms, Enterprise Architecture built the API Foundation on open-source technology we developed in-house. We need to pick a technology, but we can’t predict which––if any––of these will eventually dominate the landscape. Numerous vendors have all come out with their own API platforms The market is full of API frameworks & platform that are clamoring to be the standard technology of the future. We subjected our API platform to intense, independent 3rd party evaluation. So far the evaluations have been very positive. “Great framework – thoughtful, holistic and quite advanced” “Building custom as a hedge against a volatile market makes sense right now” “Security model is built-in and highly robust” “Enables creation of customer enhancements, including FI-specific ones” “Uses OpenSource intelligently” Then we took our framework to Europe…
Following these principles positions us well for future-readiness and ongoing evolvability in a unpredictable technology environment. • Security enforcement • Billing & Metering • Centralize Monitoring & Alerting • Caching (User/Data) • Centralized portal for Marketplace, Dev/Ops and Governance • Developer Freedom • Diverse Consumer Behaviour • Holistic/Organic Re-Use • Purpose-Built Interfaces • Friendliness/Ease-of-Use PROLIFERATION • Architecture Governance • Centralized Management • Generalized/Broad Re-Use • Standard Resource Models • Full-Featured Functionality STANDARDIZATION TOO MUCH = ANALYSIS PARALYSISTOO MUCH = THE WILD WEST YOU HAVE TO DO THESE NO MATTER WHAT! CROSS-CUTTING CONCERNS The following principles are designed to help guide integration decisions going forward: Embrace Agility By prescribing rapid releases and frequent iterations, an Agile approach supports creating solutions that can evolve quickly and easily, enabling radical innovation. To achieve this rapid release cycle, remove developer road blocks wherever possible. Open-Source First The intent is the bring the best of the open source community to CIBC and fill gaps in functionality with vendor products. Given the rapid pace of change in the integration space, open source solutions often lead the pack. Democratized Development Allow development teams to use the technology stack which makes the most sense business domain (i.e. heterogeneity), while still leveraging common mechanisms and solutions to address cross-cutting concerns and inter-domain communications. Smart Apps & Dumb Pipes Focus intelligence in the applications and build only speed into the pipes, so that logic is moved out of hubs and towards the applications. This trend may imply the end of the ESB as a future-ready integration solution. Balance Proliferation & Standardization Encouraging experimentation and proliferation is the only way to drive innovation; however, this must be balanced against centralized, standardized governance, security and support models. A federated approach strikes the right balance. Support Two-Speed / Bi-Modal IT Components close to the user experience must iterate and evolve at a much faster rate than those close to the back-end core systems, which are more focused on integrity and safety. Supporting both these delivery modes in concert is key. Establish your guiding principles before you pick technology.
Beware the “Magical Black Box” approach to API Gateways. Many leading solutions advocate a centralized gateway, but this will likely end up limiting your architecture. The API Foundation embraces the distributed gateway approach, spreading out cross-cutting concerns to each individual microservice. Centralized Gateway All cross-cutting concerns and isolation are in a single, “smart” layer. Although this is easier to manage… While easier to adopt and manage, this approach included a lot of baggage from the SOA days, emphasizing a “magical black box” approach to integration, where the gateway acts as a central hub. Distributing gateways means… …you ensure the load and logic is spread out, enabling scale and logical isolation. Distributed Gateway Cross-cutting concerns are distributed to where they make sense. We are seeing the industry moving in this direction in lockstep with microservice adoption. CA, IBM, Red Hat and others already offer solution packaged this way to support true distribution. …it can have trouble scaling and will likely create a single point-of-failure. NETWORK & SECURITY SERVICES PERIMETER API GATEWAY (INNER/OUTER) Branch Telephone ATM On-Line Mobile Developers Devices GATEWAY SERVICE GATEWAY SERVICE GATEWAY SERVICE GATEWAY SERVICE GATEWAY SERVICE Branch Telephone ATM On-Line Mobile Developers Devices CENTRALIZED API GATEWAY (“MAGICAL BLACK BOX”) DOMAIN SERVICE BUS Service-Oriented Platforms PROPRIETARY INTERFACE Legacy & Custom Platforms MOM MICROSERVICES
The new players are built as pure service mesh… The distributed approach is maturing into the service mesh. The last few years have seen a radical move from centralized solutions to fully distributed equivalents. With the rise of the service mesh, the volatility in the market will increase, and building in-house skills will become even more critical. The Rise of the Service Mesh As the world of APIs experimented with different implementations, it became increasingly clear that the “secret sauce” to achieving speed and agility was not good API Management but a robust, distributed microservices architecture. The industry stopped talking about API Gateways and started talking about MSA. One vendor after another re-invented their solutions to be more distributed. “A centralized traffic cop manages all your API activity & rules” “Build aggregate APIs & convert to legacy formats in the gateway.” “API Gateways expose your shared services as managed APIs” “API Gateways act as the single point-of-entry for all API traffic in the system.” “A sidecar is conceptually ‘attached’ to the main application provides “platform features.” “Dedicated infrastructure layer for making service-to- service communication safe, fast and reliable.” Articles from 2013 to 2015 Articles from 2016 to 2018 Strongloop microgateway & API Connect CA API Mgt & Layer 7 as microgateway Latest version boasts NGINX service mesh Moving from Apigee to Endpoints & Istio “A service mesh is an inter- service communication infrastructure.” “The latest greatest thing in microservices.” API Gateway Service Mesh
Our API Foundation embraces & improves the service mesh. Thanks to the core open-source Light platform and our investment in in-house skills, we are leading the way. Doing APIs and microservices the right way forces your bank to act more like a technology company, which is a critical shift to get right. Standard Service Mesh Make no mistake, the Service Mesh represents the future of APIs & microservices … The service mesh pattern is still fairly new, and it means different things to different people. As the model matures, it is like the implementation options will diversify to suit different needs. … but there’s still room for innovation from smart internal teams looking for advantages. Service Mesh Plus That’s where skilled internal teams are key, as they should be looking for opportunities to take the commoditized capabilities available through open source and compose them into strong differentiators. Uses a sidecar pattern, which is a dedicated adjacent microservice acting as a proxy. Requires all participants in the mesh to use a homogenous set of agent microservices. Using Jenkins, process automation for CI/CD is executed against individual microservices. Using OAuth, the service mesh can implement a distributed authorization scheme. Uses an embedded gateway inside each microservice, resulting in fewer hops. Leverages lightweight routers & proxies to easily adapt to a heterogenous environment The LightBot extension to Jenkins enables automating multiple microservices across repos. By steering the Light OAuth server to our needs, we are moving to federated authorization.
The API Foundation is now in full swing across the bank. We have taken great strides forward over the last several months, achieving several declared milestones. Although we have only deployed a few microservices, already we are seeing significant savings (50-70%) in both cost and time per integration. API Foundation Core Being Used Across Delivery Teams • Growing group of API Foundation Developers • APIF Core being used in several active initiatives API Governance Council in Place & APIs are Mandated • Council has cross-SBU representation and reviews all initiatives that deviate from APIF • Initial Governance process in place, being continuously refined Managed Container Environment (CaaS) Fully Operational • Private cloud in place running an OpenShift- based CaaS environment • Development environment in place, with complete DevOps and microservice cross-cutting tools • Production environment on track for end of June Ongoing Developer Training for APIs & Microservices • Over 80 internal Designers and Developers have been trained on APIF & microservices • Ongoing training for APIF, microservices, swagger, with more to come. Pilot of internal API Marketplace is Available Today • Early release of the API Marketplace currently running @ marketplace.cibc.com • Formal beta targeting end of June, with general availability slated for mid-August.
Each pillar is built separately, but to have a stable strategy and platform you need to build all four pillars, atop a strong foundation. Each pillar will likely be tackled by different teams, but they are interdependent and must be coordinated. Getting your API Platform up and ready is a balancing act. CLOUD DEVOPS APIs AGILE Bank of the Future TECHNOLOGY & OPERATIONS ORGANIZATIONAL STRUCTURE CORPORATE VALUES & CULTURE API STRATEGY & PLATFORM
Systems that can elegantly & incrementally adapt to an everchanging environment never have to be replaced – they must only evolve! Analogies for IT systems are shifting from hard, fixed, industrial things (bridges, buildings, cities) to soft, flexible, living things (cells, molecules, organisms). This is driven by the need to embrace change. The single most important idea you have to remember…
Thank you! Check out the Light microservices platform @ http://www.networknt.com

Recommended

How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...
How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...
How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...
Nordic APIs
 
The Art of API Design, by David Biesack at Apiture
The Art of API Design, by David Biesack at ApitureThe Art of API Design, by David Biesack at Apiture
The Art of API Design, by David Biesack at Apiture
Nordic APIs
 
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
Nordic APIs
 
Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...
Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...
Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...
Nordic APIs
 
The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...
The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...
The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...
Nordic APIs
 
API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL
API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNLAPI Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL
API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL
Nordic APIs
 
API Discovery from Crawl to Run - Rob Dickinson, Graylog
API Discovery from Crawl to Run - Rob Dickinson, GraylogAPI Discovery from Crawl to Run - Rob Dickinson, Graylog
API Discovery from Crawl to Run - Rob Dickinson, Graylog
Nordic APIs
 
Productizing and Monetizing APIs - Derric Gilling, Moseif
Productizing and Monetizing APIs - Derric Gilling, MoseifProductizing and Monetizing APIs - Derric Gilling, Moseif
Productizing and Monetizing APIs - Derric Gilling, Moseif
Nordic APIs
 

Recommended

How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...
How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...
How I Built Bill, the AI-Powered Chatbot That Reads Our Docs for Fun , by Tod...
Nordic APIs
 
The Art of API Design, by David Biesack at Apiture
The Art of API Design, by David Biesack at ApitureThe Art of API Design, by David Biesack at Apiture
The Art of API Design, by David Biesack at Apiture
Nordic APIs
 
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
ABAC, ReBAC, Zanzibar, ALFA… How Should I Implement AuthZ in My APIs? by Dav...
Nordic APIs
 
Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...
Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...
Crafting a Cloud Native API Platform to Accelerate Your Platform Maturity - B...
Nordic APIs
 
The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...
The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...
The Federated Future: Pioneering Next-Gen Solutions in API Management - Marku...
Nordic APIs
 
API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL
API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNLAPI Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL
API Authorization Using an Identity Server and Gateway - Aldo Pietropaolo, SGNL
Nordic APIs
 
API Discovery from Crawl to Run - Rob Dickinson, Graylog
API Discovery from Crawl to Run - Rob Dickinson, GraylogAPI Discovery from Crawl to Run - Rob Dickinson, Graylog
API Discovery from Crawl to Run - Rob Dickinson, Graylog
Nordic APIs
 
Productizing and Monetizing APIs - Derric Gilling, Moseif
Productizing and Monetizing APIs - Derric Gilling, MoseifProductizing and Monetizing APIs - Derric Gilling, Moseif
Productizing and Monetizing APIs - Derric Gilling, Moseif
Nordic APIs
 
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, SipiosSecurely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios
Nordic APIs
 
Security of LLM APIs by Ankita Gupta, Akto.io
Security of LLM APIs by Ankita Gupta, Akto.ioSecurity of LLM APIs by Ankita Gupta, Akto.io
Security of LLM APIs by Ankita Gupta, Akto.io
Nordic APIs
 
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...
Nordic APIs
 
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...
Nordic APIs
 
Reigniting the API Description Wars with TypeSpec and the Next Generation of ...
Reigniting the API Description Wars with TypeSpec and the Next Generation of ...Reigniting the API Description Wars with TypeSpec and the Next Generation of ...
Reigniting the API Description Wars with TypeSpec and the Next Generation of ...
Nordic APIs
 
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAnyEstablish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny
Nordic APIs
 
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...
Nordic APIs
 
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIsGoing Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs
Nordic APIs
 
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Nordic APIs
 
GenAI: Producing and Consuming APIs by Paul Dumas, Gartner
GenAI: Producing and Consuming APIs by Paul Dumas, GartnerGenAI: Producing and Consuming APIs by Paul Dumas, Gartner
GenAI: Producing and Consuming APIs by Paul Dumas, Gartner
Nordic APIs
 
The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...
The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...
The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...
Nordic APIs
 
How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...
How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...
How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...
Nordic APIs
 
cURL to SDK: Navigating the API Adoption Chasm - Sidney Maestre, APIMatic
cURL to SDK: Navigating the API Adoption Chasm - Sidney Maestre, APIMaticcURL to SDK: Navigating the API Adoption Chasm - Sidney Maestre, APIMatic
cURL to SDK: Navigating the API Adoption Chasm - Sidney Maestre, APIMatic
Nordic APIs
 
Centralize Data Access Control with GraphQL - Andrew Carlson, Apollo
Centralize Data Access Control with GraphQL - Andrew Carlson, ApolloCentralize Data Access Control with GraphQL - Andrew Carlson, Apollo
Centralize Data Access Control with GraphQL - Andrew Carlson, Apollo
Nordic APIs
 
Session Slides: You’ve Had an API Breach, Now What? by Axel Grosse, 42Crunch
Session Slides: You’ve Had an API Breach, Now What? by Axel Grosse, 42CrunchSession Slides: You’ve Had an API Breach, Now What? by Axel Grosse, 42Crunch
Session Slides: You’ve Had an API Breach, Now What? by Axel Grosse, 42Crunch
Nordic APIs
 
APIs at Scale with TypeSpec by Mandy Whaley, Microsoft
APIs at Scale with TypeSpec by Mandy Whaley, MicrosoftAPIs at Scale with TypeSpec by Mandy Whaley, Microsoft
APIs at Scale with TypeSpec by Mandy Whaley, Microsoft
Nordic APIs
 
Standards, Standards, Everywhere… What Standards Really Mean In An API World ...
Standards, Standards, Everywhere… What Standards Really Mean In An API World ...Standards, Standards, Everywhere… What Standards Really Mean In An API World ...
Standards, Standards, Everywhere… What Standards Really Mean In An API World ...
Nordic APIs
 
Future-proofing Authentication with Passkeys
Future-proofing Authentication with PasskeysFuture-proofing Authentication with Passkeys
Future-proofing Authentication with Passkeys
Nordic APIs
 
You Don't Need SDKs, Wait Maybe You Do?
You Don't Need SDKs, Wait Maybe You Do?You Don't Need SDKs, Wait Maybe You Do?
You Don't Need SDKs, Wait Maybe You Do?
Nordic APIs
 
Monitor Discourse via API using Grafana
Monitor Discourse via API using GrafanaMonitor Discourse via API using Grafana
Monitor Discourse via API using Grafana
Nordic APIs
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
SelfMade bd
 

More Related Content

More from Nordic APIs

Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, SipiosSecurely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios
Nordic APIs
 
Security of LLM APIs by Ankita Gupta, Akto.io
Security of LLM APIs by Ankita Gupta, Akto.ioSecurity of LLM APIs by Ankita Gupta, Akto.io
Security of LLM APIs by Ankita Gupta, Akto.io
Nordic APIs
 
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...
Nordic APIs
 
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...
Nordic APIs
 
Reigniting the API Description Wars with TypeSpec and the Next Generation of ...
Reigniting the API Description Wars with TypeSpec and the Next Generation of ...Reigniting the API Description Wars with TypeSpec and the Next Generation of ...
Reigniting the API Description Wars with TypeSpec and the Next Generation of ...
Nordic APIs
 
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAnyEstablish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny
Nordic APIs
 
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...
Nordic APIs
 
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIsGoing Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs
Nordic APIs
 
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Nordic APIs
 
GenAI: Producing and Consuming APIs by Paul Dumas, Gartner
GenAI: Producing and Consuming APIs by Paul Dumas, GartnerGenAI: Producing and Consuming APIs by Paul Dumas, Gartner
GenAI: Producing and Consuming APIs by Paul Dumas, Gartner
Nordic APIs
 
The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...
The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...
The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...
Nordic APIs
 
cURL to SDK: Navigating the API Adoption Chasm - Sidney Maestre, APIMatic
cURL to SDK: Navigating the API Adoption Chasm - Sidney Maestre, APIMaticcURL to SDK: Navigating the API Adoption Chasm - Sidney Maestre, APIMatic
cURL to SDK: Navigating the API Adoption Chasm - Sidney Maestre, APIMatic
Nordic APIs
 
Centralize Data Access Control with GraphQL - Andrew Carlson, Apollo
Centralize Data Access Control with GraphQL - Andrew Carlson, ApolloCentralize Data Access Control with GraphQL - Andrew Carlson, Apollo
Centralize Data Access Control with GraphQL - Andrew Carlson, Apollo
Nordic APIs
 
Session Slides: You’ve Had an API Breach, Now What? by Axel Grosse, 42Crunch
Session Slides: You’ve Had an API Breach, Now What? by Axel Grosse, 42CrunchSession Slides: You’ve Had an API Breach, Now What? by Axel Grosse, 42Crunch
Session Slides: You’ve Had an API Breach, Now What? by Axel Grosse, 42Crunch
Nordic APIs
 
APIs at Scale with TypeSpec by Mandy Whaley, Microsoft
APIs at Scale with TypeSpec by Mandy Whaley, MicrosoftAPIs at Scale with TypeSpec by Mandy Whaley, Microsoft
APIs at Scale with TypeSpec by Mandy Whaley, Microsoft
Nordic APIs
 

More from Nordic APIs (20)

Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, SipiosSecurely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios
Securely Boosting Any Product with Generative AI APIs - Ruben Sitbon, Sipios
 
Security of LLM APIs by Ankita Gupta, Akto.io
Security of LLM APIs by Ankita Gupta, Akto.ioSecurity of LLM APIs by Ankita Gupta, Akto.io
Security of LLM APIs by Ankita Gupta, Akto.io
 
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...
I'm an API Hacker, Here's How to Go from Making APIs to Breaking Them - Katie...
 
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...
Unleashing the Potential of GraphQL with Streaming Data - Kishore Banala, Net...
 
Reigniting the API Description Wars with TypeSpec and the Next Generation of ...
Reigniting the API Description Wars with TypeSpec and the Next Generation of ...Reigniting the API Description Wars with TypeSpec and the Next Generation of ...
Reigniting the API Description Wars with TypeSpec and the Next Generation of ...
 
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAnyEstablish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny
Establish, Grow, and Mature Your API Platform - James Higginbotham, LaunchAny
 
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...
Inclusive, Accessible Tech: Bias-Free Language in Code and Configurations - A...
 
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIsGoing Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs
Going Platinum: How to Make a Hit API by Bill Doerrfeld, Nordic APIs
 
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
 
GenAI: Producing and Consuming APIs by Paul Dumas, Gartner
GenAI: Producing and Consuming APIs by Paul Dumas, GartnerGenAI: Producing and Consuming APIs by Paul Dumas, Gartner
GenAI: Producing and Consuming APIs by Paul Dumas, Gartner
 
The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...
The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...
The SAS developer portal – developer.sas.com 2.0: How we built it by Joe Furb...
 
How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...
How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...
How Netflix Uses Data Abstraction to Operate Services at Scale - Vidhya Arvin...
 
cURL to SDK: Navigating the API Adoption Chasm - Sidney Maestre, APIMatic
cURL to SDK: Navigating the API Adoption Chasm - Sidney Maestre, APIMaticcURL to SDK: Navigating the API Adoption Chasm - Sidney Maestre, APIMatic
cURL to SDK: Navigating the API Adoption Chasm - Sidney Maestre, APIMatic
 
Centralize Data Access Control with GraphQL - Andrew Carlson, Apollo
Centralize Data Access Control with GraphQL - Andrew Carlson, ApolloCentralize Data Access Control with GraphQL - Andrew Carlson, Apollo
Centralize Data Access Control with GraphQL - Andrew Carlson, Apollo
 
Session Slides: You’ve Had an API Breach, Now What? by Axel Grosse, 42Crunch
Session Slides: You’ve Had an API Breach, Now What? by Axel Grosse, 42CrunchSession Slides: You’ve Had an API Breach, Now What? by Axel Grosse, 42Crunch
Session Slides: You’ve Had an API Breach, Now What? by Axel Grosse, 42Crunch
 
APIs at Scale with TypeSpec by Mandy Whaley, Microsoft
APIs at Scale with TypeSpec by Mandy Whaley, MicrosoftAPIs at Scale with TypeSpec by Mandy Whaley, Microsoft
APIs at Scale with TypeSpec by Mandy Whaley, Microsoft
 
Standards, Standards, Everywhere… What Standards Really Mean In An API World ...
Standards, Standards, Everywhere… What Standards Really Mean In An API World ...Standards, Standards, Everywhere… What Standards Really Mean In An API World ...
Standards, Standards, Everywhere… What Standards Really Mean In An API World ...
 
Future-proofing Authentication with Passkeys
Future-proofing Authentication with PasskeysFuture-proofing Authentication with Passkeys
Future-proofing Authentication with Passkeys
 
You Don't Need SDKs, Wait Maybe You Do?
You Don't Need SDKs, Wait Maybe You Do?You Don't Need SDKs, Wait Maybe You Do?
You Don't Need SDKs, Wait Maybe You Do?
 
Monitor Discourse via API using Grafana
Monitor Discourse via API using GrafanaMonitor Discourse via API using Grafana
Monitor Discourse via API using Grafana
 

Recently uploaded

%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
Delhi Call girls
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
VictorSzoltysek
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
OnePlan Solutions
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
harshavardhanraghave
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
Health
 

Recently uploaded (20)

%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
Crypto Cloud Review - How To Earn Up To $500 Per DAY Of Bitcoin 100% On AutoP...
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
Generic or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisionsGeneric or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisions
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
SHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions PresentationSHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions Presentation
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) SolutionIntroducing Microsoft’s new Enterprise Work Management (EWM) Solution
Introducing Microsoft’s new Enterprise Work Management (EWM) Solution
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 

Adopting APIs & Microservices at a Major Bank (Part 2)

  • 1. Presented at the API Summit from Nordic APIs June 12, 2018 @ Austin, Texas Adopting APIs & Microservices at a Major Canadian Bank – Part 2
  • 2. APIs are a natural evolution of CIBC’s integration journey. Modern APIs are a technology innovation that will make the bank more agile with faster time-to-market. Enterprise Service Bus Enterprise Service Bus Domain Domain Domain The Evolution of Integration Monolithic • Direct integration • Defined use case only • Need to understand details of producer AND consumer systems for integration ? Enterprise Service Bus • Service-Oriented Architecture (SOA) • Interface Agreements/Contracts • Connect indirectly through ESB (layer of abstraction) Domain Service Buses • Federating the ESB environment • Giving more autonomy to CIOs • Pick the technologies and stack that suits their needs APIs / Microservices • Mobile & single-page apps arrive • FinTechs and regulators add fuel • They all want “RESTful” APIs • Functionality in small, separate independent, scalable containers • Coordinated integration • Easier to change/upgrade • Reuse = Faster + Less Duplication • Increasing Demand • ESB became bloated, complex • Difficult to change • One change affects all • Lots of testing required • Promotes Domain independence • Enables heterogeneous tech. • Facilitates innovation • Domain Service Buses got thick • Proliferation of Technology • No need to agree ahead of time • Automated “self-service” model • Independent enhancement • Independent deployment • Contained the “blast radius” • Accelerates innovation GaGateway The move to APIs represents a big cultural and structural shift for the bank, and this shift must be backed up by the right technology.
  • 3. APIs are the future: So how do we build them? Before we could take advantage of APIs at the bank, we needed to choose an API platform. The decision to build the API Foundation in-house is a hedge against a volatile landscape and develops critical internal skills. We have taken a different approach Instead of gambling on one of these external platforms, Enterprise Architecture built the API Foundation on open-source technology we developed in-house. We need to pick a technology, but we can’t predict which––if any––of these will eventually dominate the landscape. Numerous vendors have all come out with their own API platforms The market is full of API frameworks & platform that are clamoring to be the standard technology of the future. We subjected our API platform to intense, independent 3rd party evaluation. So far the evaluations have been very positive. “Great framework – thoughtful, holistic and quite advanced” “Building custom as a hedge against a volatile market makes sense right now” “Security model is built-in and highly robust” “Enables creation of customer enhancements, including FI-specific ones” “Uses OpenSource intelligently” Then we took our framework to Europe…
  • 4. Following these principles positions us well for future-readiness and ongoing evolvability in a unpredictable technology environment. • Security enforcement • Billing & Metering • Centralize Monitoring & Alerting • Caching (User/Data) • Centralized portal for Marketplace, Dev/Ops and Governance • Developer Freedom • Diverse Consumer Behaviour • Holistic/Organic Re-Use • Purpose-Built Interfaces • Friendliness/Ease-of-Use PROLIFERATION • Architecture Governance • Centralized Management • Generalized/Broad Re-Use • Standard Resource Models • Full-Featured Functionality STANDARDIZATION TOO MUCH = ANALYSIS PARALYSISTOO MUCH = THE WILD WEST YOU HAVE TO DO THESE NO MATTER WHAT! CROSS-CUTTING CONCERNS The following principles are designed to help guide integration decisions going forward: Embrace Agility By prescribing rapid releases and frequent iterations, an Agile approach supports creating solutions that can evolve quickly and easily, enabling radical innovation. To achieve this rapid release cycle, remove developer road blocks wherever possible. Open-Source First The intent is the bring the best of the open source community to CIBC and fill gaps in functionality with vendor products. Given the rapid pace of change in the integration space, open source solutions often lead the pack. Democratized Development Allow development teams to use the technology stack which makes the most sense business domain (i.e. heterogeneity), while still leveraging common mechanisms and solutions to address cross-cutting concerns and inter-domain communications. Smart Apps & Dumb Pipes Focus intelligence in the applications and build only speed into the pipes, so that logic is moved out of hubs and towards the applications. This trend may imply the end of the ESB as a future-ready integration solution. Balance Proliferation & Standardization Encouraging experimentation and proliferation is the only way to drive innovation; however, this must be balanced against centralized, standardized governance, security and support models. A federated approach strikes the right balance. Support Two-Speed / Bi-Modal IT Components close to the user experience must iterate and evolve at a much faster rate than those close to the back-end core systems, which are more focused on integrity and safety. Supporting both these delivery modes in concert is key. Establish your guiding principles before you pick technology.
  • 5. Beware the “Magical Black Box” approach to API Gateways. Many leading solutions advocate a centralized gateway, but this will likely end up limiting your architecture. The API Foundation embraces the distributed gateway approach, spreading out cross-cutting concerns to each individual microservice. Centralized Gateway All cross-cutting concerns and isolation are in a single, “smart” layer. Although this is easier to manage… While easier to adopt and manage, this approach included a lot of baggage from the SOA days, emphasizing a “magical black box” approach to integration, where the gateway acts as a central hub. Distributing gateways means… …you ensure the load and logic is spread out, enabling scale and logical isolation. Distributed Gateway Cross-cutting concerns are distributed to where they make sense. We are seeing the industry moving in this direction in lockstep with microservice adoption. CA, IBM, Red Hat and others already offer solution packaged this way to support true distribution. …it can have trouble scaling and will likely create a single point-of-failure. NETWORK & SECURITY SERVICES PERIMETER API GATEWAY (INNER/OUTER) Branch Telephone ATM On-Line Mobile Developers Devices GATEWAY SERVICE GATEWAY SERVICE GATEWAY SERVICE GATEWAY SERVICE GATEWAY SERVICE Branch Telephone ATM On-Line Mobile Developers Devices CENTRALIZED API GATEWAY (“MAGICAL BLACK BOX”) DOMAIN SERVICE BUS Service-Oriented Platforms PROPRIETARY INTERFACE Legacy & Custom Platforms MOM MICROSERVICES
  • 6. The new players are built as pure service mesh… The distributed approach is maturing into the service mesh. The last few years have seen a radical move from centralized solutions to fully distributed equivalents. With the rise of the service mesh, the volatility in the market will increase, and building in-house skills will become even more critical. The Rise of the Service Mesh As the world of APIs experimented with different implementations, it became increasingly clear that the “secret sauce” to achieving speed and agility was not good API Management but a robust, distributed microservices architecture. The industry stopped talking about API Gateways and started talking about MSA. One vendor after another re-invented their solutions to be more distributed. “A centralized traffic cop manages all your API activity & rules” “Build aggregate APIs & convert to legacy formats in the gateway.” “API Gateways expose your shared services as managed APIs” “API Gateways act as the single point-of-entry for all API traffic in the system.” “A sidecar is conceptually ‘attached’ to the main application provides “platform features.” “Dedicated infrastructure layer for making service-to- service communication safe, fast and reliable.” Articles from 2013 to 2015 Articles from 2016 to 2018 Strongloop microgateway & API Connect CA API Mgt & Layer 7 as microgateway Latest version boasts NGINX service mesh Moving from Apigee to Endpoints & Istio “A service mesh is an inter- service communication infrastructure.” “The latest greatest thing in microservices.” API Gateway Service Mesh
  • 7. Our API Foundation embraces & improves the service mesh. Thanks to the core open-source Light platform and our investment in in-house skills, we are leading the way. Doing APIs and microservices the right way forces your bank to act more like a technology company, which is a critical shift to get right. Standard Service Mesh Make no mistake, the Service Mesh represents the future of APIs & microservices … The service mesh pattern is still fairly new, and it means different things to different people. As the model matures, it is like the implementation options will diversify to suit different needs. … but there’s still room for innovation from smart internal teams looking for advantages. Service Mesh Plus That’s where skilled internal teams are key, as they should be looking for opportunities to take the commoditized capabilities available through open source and compose them into strong differentiators. Uses a sidecar pattern, which is a dedicated adjacent microservice acting as a proxy. Requires all participants in the mesh to use a homogenous set of agent microservices. Using Jenkins, process automation for CI/CD is executed against individual microservices. Using OAuth, the service mesh can implement a distributed authorization scheme. Uses an embedded gateway inside each microservice, resulting in fewer hops. Leverages lightweight routers & proxies to easily adapt to a heterogenous environment The LightBot extension to Jenkins enables automating multiple microservices across repos. By steering the Light OAuth server to our needs, we are moving to federated authorization.
  • 8. The API Foundation is now in full swing across the bank. We have taken great strides forward over the last several months, achieving several declared milestones. Although we have only deployed a few microservices, already we are seeing significant savings (50-70%) in both cost and time per integration. API Foundation Core Being Used Across Delivery Teams • Growing group of API Foundation Developers • APIF Core being used in several active initiatives API Governance Council in Place & APIs are Mandated • Council has cross-SBU representation and reviews all initiatives that deviate from APIF • Initial Governance process in place, being continuously refined Managed Container Environment (CaaS) Fully Operational • Private cloud in place running an OpenShift- based CaaS environment • Development environment in place, with complete DevOps and microservice cross-cutting tools • Production environment on track for end of June Ongoing Developer Training for APIs & Microservices • Over 80 internal Designers and Developers have been trained on APIF & microservices • Ongoing training for APIF, microservices, swagger, with more to come. Pilot of internal API Marketplace is Available Today • Early release of the API Marketplace currently running @ marketplace.cibc.com • Formal beta targeting end of June, with general availability slated for mid-August.
  • 9. Each pillar is built separately, but to have a stable strategy and platform you need to build all four pillars, atop a strong foundation. Each pillar will likely be tackled by different teams, but they are interdependent and must be coordinated. Getting your API Platform up and ready is a balancing act. CLOUD DEVOPS APIs AGILE Bank of the Future TECHNOLOGY & OPERATIONS ORGANIZATIONAL STRUCTURE CORPORATE VALUES & CULTURE API STRATEGY & PLATFORM
  • 10. Systems that can elegantly & incrementally adapt to an everchanging environment never have to be replaced – they must only evolve! Analogies for IT systems are shifting from hard, fixed, industrial things (bridges, buildings, cities) to soft, flexible, living things (cells, molecules, organisms). This is driven by the need to embrace change. The single most important idea you have to remember…
  • 11. Thank you! Check out the Light microservices platform @ http://www.networknt.com