The infrastructure that powers modern cloud-native applications is always changing, forcing organizations to adapt how they deliver and manage these applications. Kubernetes enables these applications to be run on multicloud infrastructure, which is powerful, but multicloud comes with its own set of challenges. Organizations need to give careful thought to how their applications are consumed externally by customers and partners. Internally, within their distributed applications, organizations need to ensure various services can seamlessly communicate with each other. In this two-part article series, we look at the various communication patterns that have emerged for enterprise applications in the cloud. We specifically focus on API gateways and service meshes. They both have common and unique characteristics that need to be understood to put them to best use. Combining them seamlessly is key to unlocking the benefits of a multicloud strategy.
Infrastructure: From cloud to multicloud
Infrastructure is changing from cloud to multicloud. The cloud was the biggest shift of the past decade, and multicloud is set to be the norm for enterprise infrastructure in this decade. Container technologies, primarily Kubernetes, are making this shift possible. Kubernetes is able to manage container instances the same way irrespective of the environment — on-premises to any public cloud.
Applications: From monolithic to microservices
In application development, a similar migration is underway. Application architecture is shifting from a monolithic to a microservices model. A monolith is a singular app with locked-in parts such as a unified codebase. It typically communicates directly from app to user in a north-south direction.
Microservices-based apps are composed of independent, distributed services that are orchestrated to work together to achieve a business process or outcome. These services are operated as independent workflows, yet need to work cohesively. This requires mature service-to-service communication that is both north-south and east-west in direction.
API gateway: Communication at the business layer
Let’s start by defining what an API is. APIs are communication endpoints that enable applications to talk to each other. APIs are primarily used to integrate internal and external applications. However, they can also be used between multiple services within the same application. An API gateway manages a collection of APIs and the requests that are processed by them.
The purpose of using an API gateway is to abstract key functionality of the application and make it easily available and consumable by client services. Those client services can be external partners and customers or other internal services.
API-based communication is asynchronous. This means the sender and receiver operate independently of each other. This allows for more resilient communication, a consistent experience for external consumers, and better separation of concerns of the organization itself.
API gateways are extensible with third-party APIs and plugins that are already available or that can be purpose-built for an organization’s needs. Many organizations, like Xero for example, make their platform available for partners to build services and products on top of. From an IT Ops perspective, some of the vendor APIs that are most commonly integrated with an organization’s API gateways are Okta for Oauth, AWS Lambda for serverless, and monitoring tools like Datadog. An API gateway brings predictability and consistency to application integration.
Lifecycle of an API gateway
Creating a single API and exposing it to a single consumer is simple. However, as the number of APIs and API consumers proliferate, it becomes increasingly difficult to manage APIs at scale. APIs are written in different programming languages, employing different architectures, and for a variety of purposes. When this happens, organizations need to adopt an API management strategy.
API lifecycle management involves many steps, as shown below.
- API development: Defining API architecture, creating the APIs
- API versioning: Tracking changes to APIs over time
- API security: Only authorized services are allowed access
- API deployment: Moving API code into production
- API monitoring: Analyzing API health via metrics
- API updates: Keeping APIs updated with new security patches and features
Since APIs are built to extend and scale a business’s offerings, they require operations that are equally able to scale as the number of APIs increase. A conscious and continuous lifecycle-based approach to API management is an investment, but it yields many benefits.
API gateways built on multicloud infrastructure
API gateways are purpose-built to connect applications and services irrespective of their underlying technologies and infrastructure. They are centrally managed yet globally distributed, because of which they can greatly benefit from multicloud infrastructure. The leading organizations that take an API-first approach to their platform usually operate their APIs on a combination of multiple cloud service providers and on-premise as well. However, to enable APIs in a multicloud setup, it requires a deeper layer of communication — a service mesh. We’ll look at service meshes in part 2 of this series. For now, let’s take a look at the various API gateway solutions available today.
The top API gateway solutions
The API gateway market is quite crowded, with many vendors providing services for every type of customer. Gartner’s magic quadrant lists them all in an easy-to-read way.
At the top of the list are Apigee and Mulesoft. Apigee was acquired by Google a few years ago after a successful start in the API management space. Since then, Google has integrated Apigee with its Google Cloud platform. Mulesoft as well was acquired by Salesforce in a landmark $6.5 billion deal. This space has been busy and growing now in a new era of Kubernetes.
Another top contender in the space is Kong. While the Kong API gateway is open source, the company behind it provides support and services for the product. It is a thriving product with a large and growing community. Interestingly, Kong has recently created a service mesh called Kuma and is bridging the gap between an API gateway and a service mesh. This is an ambitious effort, and Gartner rightly positions Kong as the visionary in the space.
Tyk is similar to Kong in that it also is open source, is very capable, and has a fairly large community supporting it. I’ve compared Kong and Tyk elsewhere and have recommended Kong for a plugin-based approach, and Tyk for its wide language support.
Another option is to opt for an API gateway provided by one of the top three cloud vendors. AWS API Gateway comes to mind as the most popular of the lot. The benefit of going this route is deep integration with that cloud provider’s other services.
API gateways: Indispensable, but not a complete solution
API gateways have proven to be indispensable to manage cloud applications over the past decade. As we move into the next decade and multicloud setups are becoming the norm, API gateways remain relevant. However, they are not a complete solution for integration, networking, and communication on their own. It takes a service mesh to operate effectively in a multicloud setup. When used together, an API gateway and a service mesh can deliver on the promise of multicloud — no vendor lock-in, and complete flexibility to mix and match features and save on costs — and importantly, delivery cutting edge applications that enhance the user experience. The best options for API gateways are available, but having the right approach to implementing them is essential. We discuss that and more in part 2.
Featured image: Shutterstock