2.2 Understanding Deployment Scenarios

Secure API Manager has four components: Analytics, API Gateway, Database Service, and Lifecycle Manager. Each component performs a different function for Secure API Manager. For more information, see Understanding the Secure API Manager Components. Secure API Manager allows you to deploy all components on one appliance or you can deploy the components in any configuration you want. There are restrictions and limitations for the different deployment scenarios. Use the following information to plan your deployment configuration.

2.2.1 Deployment Considerations and Restrictions

Determining how to deploy the components depends on many different variables:

  • Network environment

  • Number of APIs stored in the API Gateway

  • Number of API calls

  • Number of people adding APIs and creating applications

  • Analytics usage

You can deploy one or more components on an appliance or you can deploy each component on its own appliance. You can deploy any configuration that works for your environment, but there are some restrictions with deploying the different components.

  • Database Service: The Database Service component must run on its own appliance. Do not combine any other components with the Database Service component. The Database Service component keeps track of configuration information and user accounts. Running other components with the Database Service can cause corruption of the configuration files.

  • Lifecycle Manager and API Gateway on the same appliance: The Lifecycle Manager and the API Gateway store information on the NFS server. If you deploy the Lifecycle Manager and the API Gateway on one appliance, Secure API Manager uses only the NFS information for the Lifecycle Manager component and it ignores the API Gateway NFS information. Both components write to the single mount point you specify during the deployment of the Lifecycle Manager.

    IMPORTANT:Once you have installed the Lifecycle Manager and API Gateway components on the same appliance, if you want to deploy additional Lifecycle Manager and API Gateway components in your environment at a later time, you must again deploy them on the same appliance. Secure API Manager knows only about the Lifecycle Manager mount point on the NFS server and it will continue to use that as the only location to store information. Attempting to use different configurations of the Lifecycle Manager and the API Gateway will result in database corruption on the NFS mount point.

  • Lifecycle Manager and API Gateway on separate appliances: If you deploy the Lifecycle Manager and the API Gateway on separate appliances, you must use the same NFS server but you must define and use separate mount points.

    IMPORTANT:Once you have installed the Lifecycle Manager and API Gateway components on separate appliances, if you want to deploy additional Lifecycle Manager and API Gateway components in your environment at a later time, you must again deploy them on separate appliances. Attempting to use different configurations of the Lifecycle Manager and the API Gateway will result in database corruption on the NFS mount point.

2.2.2 Deployment Scenario for Testing

You can deploy all four components on one appliance but this configuration is for testing purposes only. Running all of the components on one appliance drastically reduces the performance of the entire Secure API Manager system. You cannot cluster a test system.

IMPORTANT:Deploying all four components on one appliance is supported only for testing purposes. It is not supported in a production environment.

The Analytics and Database Service components use a lot of disk space and processing power. We require that you deploy the Database Service component on its own appliance in a production environment. In addition, running the Analytics component on its own appliance greatly increases the performance of the overall system.

2.2.3 Enterprise Deployment Scenario

For enterprise environments, we recommend that you deploy each component on a separate appliance and that you cluster each component for load balancing and high availability. For more information, see Enabling High Availability and Load Balancing.

To cluster components, use an L4 switch. Clustering provides redundancy, high availability, and load balancing. We also recommend that you place the L4 switch for the API Gateway and Lifecycle Manager in the DMZ to allow external applications, services, and API developers access to Secure API Manager. You must ensure that the API Gateway component or the L4 switch for the API Gateway component can communicate with the Identity Provider in Access Manager. You must also ensure that API developers can communicate with the Lifecycle Manager.

The following graphic depicts the recommended deployment scenario for enterprise environments. In this scenario, all of the components are deployed on separate appliances.

Figure 2-2 Secure API Manager Recommended Deployment Scenario

The appliances are clustered using an L4 switch for high availability and load balancing. The L4 switches for the API Gateway and the Lifecycle Manager are in the DMZ to allow external application, services, and API developers access to Secure API Manager.You must ensure that the API Gateway component or the L4 switch for the API Gateway component can communicate with the Identity Provider in Access Manager. You must also ensure that API developers can communicate with the Lifecycle Manager.