Enterprise Class Multitenant API Management

Here is a free lesson to start-up companies trying to position their products for large scale Enterprises:  plain and simple, your products need to support multitenancy.

All of the prevailing trends such as IoT – including connected devices and wearables, digital media and gaming, Telco APIs, hybrid clouds, and SaaS require  an API layer that provides elasticity and efficiency beyond run-of-the-mill virtualization. Virtualization and over-provisioning of infrastructure may work in a mid-sized Enterprise, but when it comes to scale, only a truly multitenant infrastructure will do.

The largest enterprises are diversified, and with the increased adoption of APIs, multiple departments will want to own and control their own API definitions, life-cycle management and API policies  – for both production and development.

This assumes an “on-premise” or “owned” model where the Enterprise owns and manages the infrastructure to expose the API themselves.  I’ve talked before about the blind faith we sometimes put into SaaS; it’s the religion of our time.  For those that want a more quantitative view, this simple TCO calculator can do wonders. Before you place your banner down on one side of the argument, look at the numbers for yourself and actually calculate which is better for your organization.

For Enterprise API Management, a mid-sized organization might address these concerns by deploying a number of independent clusters of virtual API Gateways (software or appliances) to ensure isolation for security and availability. While this model works, it is not efficient as the Enterprise may buy more licenses than are justified by throughput alone, not to mention the operational overhead of managing each API gateway itself.

Even if a mid-sized Enterprise can get away with it, a large service provider that needs to worry about driving costs out of its IT budget cannot as the savings multiply per instance.

Single Tenant API Management

Single Tenant API Management

For example, take the first diagram as an example case study. Here a customer uses API gateways to surface APIs, with projects originating in different departments, each with its own audience. Here we have three tenants or business groups:  sales & marketing, the CIO Team, and the cloud service architects. The sales and marketing team has a new content-rich tablet application that accesses relevant partner and social feeds exposed by the Enterprise, the CIO Team has opened internal APIs for integration and mobile employee productivity apps, and the cloud architects have exposed APIs for external B2B and partner access.

In each case gateways are provisioned as a set of units specific for these tenants. In this environment there is a tendency to over-provision, no matter how accurate you think your sizing will be in terms of number of API calls and data throughput. Based on actual throughput, each department is likely replicating costs & resources for  fail-over, high availability and operational maintenance.

If we take this example and extrapolate to to a larger Enterprise, the repeated costs can really add up. This is where a true multitenant API Management platform helps.

Multitenant API Management adds the correct measure of control & resource allocation to drive costs out of the system. In the multitenant case, we’ve reduced the number of licenses (including gateway, O/S, and other software licenses) by nearly 40%. Rather than maintain three distinct clusters, the same separation of concerns, manageability and policy separation, as well as fail-over and throughput is being handled by 10 gateways. Multitenancy brings consolidation and efficiencies for API management.

Multitenant API Management

Multitenant API Management

While all of this is conceptually simple, actually building the feature in a production product is difficult and takes careful engineering to ensure the system is resilient to tenant changes yet remains stable in the face of potentially millions of API requests. This is exactly what we’ve done in Expressway for API Management over the last 8-10 years working with the Fortune 50. Despite claims made by others, your product probably doesn’t support true multitenancy that scales to production use cases unless you are an Expressway customer.

Many of the products in the market go only ‘halfway’, supporting a set of views or domains, but never support a true separation of statistics, logs, roles. and insulated policy changes for production environments. Halfway doesn’t cut it when there are trillion devices out there looking to access your API.

Expressway Multitenant API Management Capabilities:

  1. Insulated tenants – Application data is protected from view from other tenants in the system
  2. Log Separation – Statistics and logs produced by one tenant are only viewable within a tenant context
  3. Distinct Roles – Tenants have unique administrative roles that are separated from system management
  4. Policy Lifecycle Separation – APIs and their associated policies can be updated and changed independent of other tenants’ administrative operation and runtime processing
  5. Scriptable Configuration – Expressway multi-tenancy is controllable by scripting languages from the command line such as Python and Perl to automate API deployment into an Enterprises API layer
  6. Global Manager Control – The entire tenancy system is controlled by a global manager role used to manage tenants, provide a consolidated view and manage clustering, all with the Fortune 50 CIO in mind.

Got APIs? Got Multitenancy Requirements? Expressway can help.

Expressway Multitenant API Management

Expressway Multitenant API Management


Blake Dournaee

About Blake Dournaee

Passionate, energetic product manager that lives at the intersection of business, innovation and technology. I currently work at Intel in the Datacenter Software Division working on products and technologies relating to mobile, APIs, cloud services and big data.

Comments are closed.