Wednesday, August 29, 2012

API Management: The missing link for SOA success

Nearly 2 years ago I tweeted:



Well, unfortunately, I had it a bit wrong.

APIs and service do have a very direct and 1-1 relationship: an API is the interface of a service. However, what is different is that one's about the implementation and is focused on the provider, and the other is about using the functionality and is focused on the consumer. The service of course is what matters to the provider and API is what matters to the consumer.

So its clearly more than just a new name.

Services: If you build it will they come?

One of the most common anti-patterns of SOA is the one service - one client pattern. That's when the developer who wrote the service also wrote its only client. In that case there's no sharing, no common data, no common authentication and no reuse of any kind. The number one reason for SOA (improving productivity by reusing functionality as services) is gone. Its simply client-server at the cost of having to use interoperable formats like XML, JSON, XML Schema, WSDL and SOAP. 

There are two primary reasons for this pattern being so prevalent: first is due to a management failure whereby everyone is required to create services for whatever they do because that's the new "blessed way". There's no architectural vision driving proper factoring. Instead its each person or at least each team for themselves. The resulting services are only really usable for that one scenario - so no wonder no one else uses them!

Writing services that can service many users requires careful design and thinking and willingness to invest in the common good. That's against human intuition and something that will happen only if its properly guided and incentivized. The cost of writing common services must be paid by someone and will not happen by itself.

That's in effect the second reason why this anti-pattern exists: the infrastructure in place for SOA does not support or encourage reuse. Even if you had a service that is reusable how do you find out how well it works? How do you know how many people are using it? Do you know what time of day they use it most? Do you know which operations of your service get hit the hardest? Next, how do others even find out you wrote a service and it may do what they need? 

SOA Governance (for which WSO2 has an excellent product: WSO2 Governance Registry) is not focused on encouraging service reuse but rather on governing the creation and management of services. The SOA world has lacked a solution for making it easy to help people discover available services and to manage and monitor their consumption. 

API Management

What's an API? Its the interface to a service. Simple. In other words, if you don't have any services, you have no APIs to expose and manage.

API Management is about managing the entire lifecycle of APIs. This involves someone who publishes the interface of a service into a store of some kind. Next it involves developers who browse the store to find APIs they care about and get access to them (typically by acquiring an access token of some sort) and then the developers using those keys to program accesses to the service via its interface.

Why is this important? In my opinion, API Management is to SOA what Amazon EC2 is to Virtualization. Of course virtualization has been around for a long time, but EC2 changed the game by making it trivially simple for someone to get a VM. It brought self service, serendipitous consumption, and elasticity to virtualization. Similarly, API Management brings self service & serendipitous consumption by allowing developers to discover, try and use services without requiring any type of "management approval". It allows consumers to not have to worry about scaling - they just indicate the desired SLA (typically in the form of a subscription plan) and its up to the provider to make it work right. 

API Management & SOA are married at the hip

If you have an SOA strategy in your organization but don't have an API Management plan then you are doomed to failure. Notice that I didn't even talk about externally exposing APIs- even internal service consumption should be managed through an API Management system so that everyone has clear visibility into who's using what service and how much is used when. Its patently obvious why external exposition of services requires API Management.

Chris Haddad, WSO2's VP of Technology Evangelism, recently wrote a superb whitepaper that discusses and explain the connection between SOA and API Management. Check out Promoting service reuse within your enterprise and maximizing SOA success and I can guarantee you will leave enlightened.

In May this year, a blog on highscalability.com talked about how "Startups Are Creating A New System Of The World For IT". In that the author talked about open source as the foundation of this new system and SOA as the load bearing walls of the new IT landscape. I will take it to the next level and say that API Management is the roof of the new IT house.

WSO2 API Manager

We recently introduced an API Management product: WSO2 API Manager. This product comes with an application for API Providers to create and manage APIs, a store application for API Developers to discover and consume APIs and a gateway to route API traffic through. Of course all parts of the product can be scaled horizontally to deal with massive loads. The WSO2 API Manager can be deployed either for internal consumption, external consumption or both. As with any other WSO2 product, this too is 100% open source. After you read Chris' whitepaper download this product and sit it next to your SOA infrastructure (whether its from us or not) and see what happens!

Congratulations Dr. Ajith Ranabahu!

It gives me great pleasure to post belated congratulations to Dr. Ajith Ranbahu on his completing his Ph.D. in Computer Science from Wright State University in Dayton, Ohio. Ajith's Ph.D. topic was Abstraction Driven Application and Data Portability in Cloud Computing and his advisor was Prof. Amith Sheth. You can watch his Ph.D. defense on YouTube ... a sign of the times!

Ajith is of course one of the 6 founding members of the Apache Axis2 team and the 5th to finish his Ph.D.! Now only Deepal (at Georgia Tech) is left to finish and it'll be an amazing record when he completes too :-). Ajith also worked inWSO2 for an year before leaving for grad school where he continued to work on Axis2 and WSO2 Tungsten (now WSO2 App Server) and where he was championing building developer tools (which I used to dismiss ;-)). He initially went to University of Georgia but moved to Dayton when Amith moved to Dayton. Ajith plans to stay on at Dayton for a while and is looking towards a research career.

Sunday, August 26, 2012

Congratulations Dr. Nabeel Mohamed!

It gives me great pleasure to post belated congratulations to Dr. Nabeel Mohamed on completing his Ph.D. in Computer Science from Purdue University.

Nabeel was an employee in WSO2 for a short time before he left to pursue Ph.D. work and is the first of many who have worked in WSO2 and gone onto doing Ph.Ds to complete the degree. Nabeel's Ph.D. thesis topic was "Privacy Preserving Access Control for Third-Party Data Management Systems" and his advisor was Prof. Elisa Bertino. The topic is of immense applicability for cloud data protection. Nabeel is staying on in Purdue as a Post-Doctoral Researcher right now.