Get the Straight Facts…API Manager Revealed

We are very excited to announce an Intel API management solution that was released today. The Intel® Expressway API Manager is a composite API platform.

Just creating outstanding APIs is not enough. Intel realized that you need to have a mechanism to communicate, explain, onboard, collaborate, and manage developers. Our API manager provides a composite solution that provides On-Premise and Cloud deployed API portals, and a mechanism to manage your APIs and help with developer on-boarding, registration, portal administration, content management system, community tools and developer enablement tools.

Initially I was going to write a blog about what we do best and how we are different. But I was amazed just looking at the amount of features we released in this version. So I am going to save the story and give you the straight facts below:

As part of our new solution, we provide the following:

  • Easily launch a secure website for API partners. Create an online portal, with your look and feel, for enrolling and supporting developer partners.
  • Take the hassle out of key management. Make key provisioning a snap, whether you’ve got a few partners or tens of thousands. Issue live keys, or require activation by a moderator.
  • Keep partners engaged with reports and tools. Show partner developers how many calls they’re making, which methods they’re using, and more.
  • Publish interactive API docs. Developers can execute calls directly from your API documentation.
  • Run a support forum and a developer blog. Foster an active developer community with full-featured forum and blogging tools.
  • Single Sign-on. Connect to your own identity store so partners don’t have to log in twice
  • B.Y.O.P.: Bring Your Own Portal. If you prefer, use Mashery’s API to plug in your own content management system (CMS)
  • Third-party Integration. Add outside services–such as billing engines–to your portal using Mashery’s API
  • Partner Management. Enable/disable keys & developer permissions
  • Your Branding. Use Javascript and CSS to completely obey your brand’s look-and-feel
  • Built in with Mashery. Never worry about installation or hosting.
  • Markdown Compatibility. Let forum users post formatted code samples using the popular Markdown syntax
  • Role-based Access Control. Create walled-off content for beta testers and other special partners
  • Comment Engine. Allow partners to post comments to your documentation
  • API Value Tracking. See how your API drives key performance indicators such as traffic, purchases, and registrations.
  • Detailed Activity Reports. View API usage and trends by developer, key, and method.
  • Mashery Reporting API. Access all reporting and chart data through an API.
  • Reports-only Role. Securely share reports with colleagues outside your API team.
  • Partner Monitoring. See all activity for a specific partner or app.
  • Latency Measurement. Track response times for your API service and for Mashery
  • Load Statistics. See average and peak loads by endpoint over time.
  • Data Export. Download reports in CSV format for use in Excel.
  • Custom Report Integration. Grab call logs and report data for use in third-party applications
  • Manage APIs as products. Tailor API access to suit the needs of your most important customer/partner segments.
  • Define API access plans. Create custom access plans (standard, premium, etc.) without any coding.
  • Get fine-grained control over resource packaging. Choose which API resources (methods) are included in each plan.
  • Create response filters. Strip out response content for a plan without coding.
  • Reduce work for IT. Let business-side execs securely package API access.
  • Maximize API value. Give business development, marketing, and product management teams the power to negotiate custom API access.

Guess what, built into this solution is a world class API gateway solution (refer to my performance numbers and security certifications blog on this) which includes RESTful service enablement, service orchestration, composition, provisioning, all authentication features, protocol and data format mediation, trust and threat processing, SLA management and API rate limiting.

Check out Intel® Expressway API Manager for more details. I am also doing a joint webinar with Mashery on Dec. 4, Secure, Expose, and Package APIs as Products. You can register here.

 

Andy Thurai — Chief Architect & Group CTO, Application Security and Identity Products, Intel

Andy Thurai is Chief Architect and Group CTO of Application Security and Identity Products with Intel, where he is responsible for architecting SOA, Cloud, Mobile, Big Data, Governance, Security, and Identity solutions for their major corporate customers. In his role, he is responsible for helping Intel/McAfee field sales, technical teams and customer executives. Prior to this role, he has held technology architecture leadership and executive positions with L-1 Identity Solutions, IBM (Datapower), BMC, CSC, and Nortel. His interests and expertise include Cloud, SOA, identity management, security, governance, and SaaS. He holds a degree in Electrical and Electronics engineering and has over 25+ years of IT experience.

He blogs regularly at www.thurai.net/securityblog on Security, SOA, Identity, Governance and Cloud topics. You can also find him on LinkedIn at http://www.linkedin.com/in/andythurai

Advertisements

Announcing Intel(R) Expressway API Manager

We are announcing today the availability of a new product called Intel(R) Expressway API Manager, which we call a composite API platform. What we’ve done here is integrated the Expressway Service Gateway with the developer portal and developer management features from API management market leader Mashery!

Composite API Platform

The solution is a composite because it’s ideal for large enterprises who want a hardened security gateway on-premise but also want the cost savings of a SaaS cloud for developer registration, sign-up and management. Further, Mashery has the benefit of experience, as they have been ‘doing’ API management since about 2006; their product is highly mature and a great match for Expressway.

Both teams are very excited about the new offering. Let’s highlight some of the features:

  • It’s an Intel product sold and supported by Intel. We think this is important for Enterprises that want to make an investment in API management from a large vendor
  • Intel customers get access to all gateway features including: RESTful service enablement, service orchestration, composition, provisioning, all authentication features, protocol and data format mediation, trust and threat processing, SLA management and API rate limiting.
  • A new API console provided by Intel allows you to manage gateway services as APIs
  • Intel customers also get a subscription to the Mashery cloud for developer on-boarding, registration, portal administration, content management system, community tools and developer enablement tools
  • Mashery and the Intel Gateway are fully integrated for access control, basic policies and analytics, with more integration planned for the future. This means Intel customers can use Mashery for developer registration, key generation, and provisioning API rate limits

We wanted a solution that would address large Enterprise requirements which often require “on-prem” traffic processing using a certified gateway but still offer the advantages of a SaaS cloud for evangelizing APIs to internal or external developers or business partners.

Blake

 

New Gartner Research – The Rise of Cloud Service Brokerage

The role of enterprise IT with respect to cloud services is rapidly expanding.  Whether the broad range of activities that the enablement of cloud services entails is managed internally or externally, cloud service brokerage is increasingly expected to be within enterprise IT’s wheelhouse, and this role is critical to scaling enterprise adoption of the cloud.  Proper delivery of cloud services is no small undertaking, given ever-increasing demand, and requires organizations to have a firm grasp on provisioning, integration, migration, APIs, support, billing and security amongst others functions with respect to cloud services.  Depending on the organization, these functions are developed to greater or lesser extents and so finding ways to quickly elevate areas in need of a boost is key.

Gartner’s brand new research on the Hype Cycle for Cloud Service Brokerage details how this role is emerging within enterprise IT and provides a clear framework to analyze the organizational and technical requirements for successful consumption of the cloud at the scale dictated by today’s businesses.  Read the full report here.

New Mobile Middleware Whitepaper

The transition from a browser-only world to the mobile app proliferation of today, necessitates a host of new considerations when it comes to securing the enterprise network.  Our latest whitepaper, “A Unified Mobile Architecture for the Modern Data Center,” analyzes the mobile application landscape and what it means for the prevalent multi-tier architecture, which for some time has been tailored around browsers as the main entry point.  As RESTful API calls surpass traditional web traffic for the largest app providers, this concern becomes even more immediate.

With the understanding that most enterprise networks are a mix of both on premise and cloud-based solutions, this whitepaper takes this viewpoint as the basis for its analysis.  Given the heterogeneity of the mobile app landscape in terms of platforms and operating systems, each with their own unique programming language and set of best practices there is an added layer of complexity in adapting existing enterprise architecture for this new mobile user base.

For the complete whitepaper on mobile middleware, click here.

API Whitepaper – Hot off the Press by Andy Thurai

Here is a link to the API whitepaper produced by Dan Woods, Chief Analyst CITO Research (of API book fame); Blake Dournaee, Intel Product Manager; and yours truly.   I think it came out better than expected and has a foreword by John Musser of ProgrammableWeb (Guru in API space). Given that everything is moving to Cloud and Mobile, you might want to spend a few minutes to check out the best practices of developing, implementing, securing and managing your APIs properly regardless of whether you are thinking IasS, PaaS or SaaS. What makes us unique is the combination of McAfee security and Intel identity and performance as you can see in the paper.

Intel API Whitepaper Download Link


Andy Thurai — Chief Architect & CTO, Application Security and Identity Products, Intel

Andy Thurai is Chief Architect and CTO of Application Security and Identity Products with Intel, where he is responsible for architecting SOA, Cloud, Governance, Security, and Identity solutions for their major corporate customers. In his role, he is responsible for helping Intel/McAfee field sales, technical teams and customer executives. Prior to this role, he has held technology architecture leadership and executive positions with L-1 Identity Solutions, IBM (Datapower), BMC, CSC, and Nortel. His interests and expertise include Cloud, SOA, identity management, security, governance, and SaaS. He holds a degree in Electrical and Electronics engineering and has over 20+ years of IT experience.

He blogs regularly at www.thurai.net/securityblog on Security, SOA, Identity, Governance and Cloud topics. You can find him on LinkedIn at http://www.linkedin.com/in/andythurai.

Intel Cloud SSO is Live!

Today, Intel announced (http://intel.ly/LDRT7W) the general availability of Intel Cloud SSO.

Intel Cloud SSO is a pure cloud-based identity solution from three of the most trusted names in the industry—Intel, McAfee and Salesforce.com—that simplifies the cumbersome process of providing users with access to hundreds of SaaS apps.

Features include:

  • A single point of management, control, access & authentication for enterprise SaaS accounts
  • Secure single sign-on (SSO) to hundreds of SaaS apps, using all major authentication models (SAML, HTML forms, API)
  • SaaS account provisioning & de-provisioning
  • Identity Bridge technology enables secure authentication and automated provisioning/de-provisioning, using enterprise AD/LDAP directories
  • Strong authentication with one-time password (OTP) identity assurance using any mobile phone, and context-aware access restrictions driven by run-time user attributes

and much more…

Attend a webinar “First Look…Intel Cloud SSO Deep Dive”, on Thursday, May 24 at 1 pm Eastern, where we’ll take a deep dive into the product and hear from a beta test customer.

View a demo video on YouTube.

Visit www.intelcloudsso.com to learn more and sign up for a 30-day free trial.

What You Need to Know about API Security

Since the growth of APIs “hockey-sticked” around 2005, the proliferation of web-based APIs has spanned every industry and vertical from e-commerce to map services to enterprise. APIs like that of Twitter, Amazon, and Netflix garner billions of API calls every day, and these represent just a few of the more visible.  With this rapid growth, on the order of 300-400 new APIs arriving each month, security is an ever-increasing concern.  Enterprise focused, SaaS based APIs are among the fastest growing segments, and in light of this, securing company assets and Data Loss Prevention are paramount.  The perimeter of enterprise networks has become amorphous as workflows increasingly leverage platforms and applications beyond the firewall.  So what does that mean for your organization’s security?

Attend our May 10th webinar featuring Intel, McAfee, and tech analyst & CTO, Dan Woods for an advanced perspective on what you should do to ensure API Security, specifically as related to Authentication, DLP, and Validation Controls.

 For more information about Intel Expressway Service Gateway — with free webinars, tutorials and expert blogs on securely exposing Web Services in the Cloud, please visit us at: www.intel.com/go/identity