API Management Comparison Our PoV...Excellent. Boomi supports AS 400 integration. Custom groovy scripting leverages external libraries. Custom connectors with inbuilt technology connectors

Copyright © 2016 HCL Technologies Limited | www.hcltech.com1 Copyright © 2019 HCL Technologies Limited | www.hcltech.com

Nov 18th , 2020

API Management Comparison – Our PoV

Copyright © 2016 HCL Technologies Limited | www.hcltech.com2

Agenda

API Management• Key Parameters

• Product Comparison (Azure APIM vs other products)

• Solution POV

Secrets Management• On Premise Options

• Azure Key Vault

• AKV Architecture

Next Steps• Next Steps


Comparison of Azure, Mule & Dell Boomi

API Management Perspective


CONSENT ON COMPARISON

“The comparison & recommendations provided against each of the API Products are

based on our own assessment & implementation experience on various capabilities.

This does not stand as the thumb rule against the products and this recommendations

are only to set basic guideline for product selection”

Strictly for Internal Use by the Business & Partner


Lifecycle Management - Create, test and Publish APIs

API Gateway to enforce policies

Support for on premise and cloud

Low latency solution

Developer portal

Productized offering

API security

API Management – Solution Capabilities


On Premise On Cloud Hybrid PaaS SaaS

API Management – Deployment Models


▪ Scope of our comparison is mainly on API Management capability only.▪ Each of these Enterprise products have diversified capabilities along with API Management Capability.

▪ Security▪ API Life Cycle▪ API Orchestration▪ Traffic Mediation & Routing▪ Developer and App on-

boarding▪ Cloud Integration

▪ Availability▪ Monetization▪ Documentation &

Productivity▪ Operational Aspects▪ Cost▪ Vendor Support

Our main focus areas of comparison are on:

Azure vs Mule vs. Dell Boomi


Feature

API Keys Excellent. Multi level Subscription keys Excellent. User Specific, Key specific calls restrictions are provided

Adequate

Identity Management

Excellent. Integration with Multiple AD domains Excellent. Provides sandbox environments, Audit log etc.

Excellent. Nano level services control over identity verification could be provided

Threat Protection

Excellent. Rate Limit, DoS attacks, IP filters, JWT token validation. Customizable threat protection policies to create complex rules.

Excellent. Protection at multiple layers. Policies for XML & JSON threat protection, Rate limiting for DoS attacks, Oath, CORS

Excellent. Provides atmospheric APIs to provide threat protection

Schema Validation

Excellent Excellent. Validation component for XML & JSON schema validation is available.

Excellent. Provides cleaning shape process APIs to validate document field values -repair or reject the document before processing

Encryption / masking

Excellent. Encryption of data in motion and at rest.

Excellent. Encryption module that allows for encryption of data in motion and at rest. Masking of desired PII data can be achieved.

Excellent. Base 64 encode/decode functionality through data process shape.PGP Encryption/Decryption functionality through data process shape.

Token Management, OAUTH, SAML

Excellent Excellent. Federated access and protocol conversion is supported

Adequate

SSL & PKI Signatures

Excellent Adequate Adequate

API Security & Identity


Feature

Versioning Adequate. Supports multiple active versions, supports routing based on consumer through Azure Gateway

Excellent. Provides shared API Portal for versioning, deletion and deprecation of deleted APIs – no further access by new consumers, multiple active versions, automated routing based on clients

Excellent. Provides life cycle process for API Versioning, support for multiple active versions

Deployment Excellent. Azure DevOps CI/CD pipeline helps in automating the whole deployment process. Can be deployed to multi-regions in few clicks.

Excellent. API promotion and environment can be managed separately from API implementation. Same implementation can be run in Mule IPaaS, on-prem or other public/private clouds.

Adequate. Deployment function is inbuilt into the platform. Atomsphere API's are also available which could be used to integrate deployments through external CI-CD tools.

Life Cycle Excellent. Design and implement reusable APIs with complete CI/CD – integration with 3rd party testing / defect tracking / mgmt. tools. Manage, orchestrate, monitor, analyze usage of APIs. Supports highly scalable and multi-region environment.

Excellent. Reusable APIs, Automated CI/CD process, manage APIs, orchestrate, monitor, analyze, and facilitate reuse to increase API consumption.

Excellent. Provides unified platform for life cycle management

Publishing to Multiple External Stores

Average Excellent. OAS API prepared can be shared with external stores.

Adequate. While Atomsphere API Management Platform is one, but underlying Atoms in private mode could be deployed to multiple regions, nodes

API Lifecycle Governance


Feature

Workflow Excellent. LogicApps to integrate with business applications and define workflows on Azure –with 100s of in-built connectors, Custom workflows through Azure Service Bus, custom Logic Connectors

Excellent. Provisions to integrate with external workflow engines. MuleSoft provides many OOTB routing components to implement complex orchestrations scatter-gather, aggregation, splitter/for-each , etc.

Excellent. Provides low code development platform for workflow management. Boomi Flow could be leveraged for advanced workflow features, Complex Orchestrations involving multiple systems could be achieved in Boomi through different Logic/Connect/Execute Shapes

Service Consolidation

Excellent. Extensive set of policies for serviceconsolidation. Unified API endpoint to expose internal and external APIs injecting common authentication making it transparent to end users.

Excellent. Provides rich set of consolidation rules. Routing of multiple services using various process API can be aggregated to achieve API consolidation

Adequate. Provides design time tools for API Management. A Single API with multiple operations on different HTTP Methods and multiple underlying Implementation processes could be achieve in Dell Boomi

Branching Policies

Excellent. Provides support for various branching policies through Azure Repos/ DevOps Server 2019 / TFS 2018.

Excellent. Mule Anypoint platform provides IDE for branching policy creation

Excellent. Provide visual design tools for creating branching policies. Support is available to drive multiple Code branches for different requirements .

API Orchestration


Feature

Data Format Transformation

Excellent. Provides Extensive set of transformation rules

Excellent. Has powerful transformation engine Dataweave to transform data.

Adequate. Provides map component functions for data transformation

Protocol Conversion from SOAP to REST

Excellent. Possible through SOAP Pass through. This could also be customized using policies

Adequate Adequate

Legacy Integration

Excellent. Possible through Azure Service Bus Adequate Excellent. Provides enormous set of integration components

Traffic Mediation


Feature

Client ID & App Key Gen.

Adequate Adequate Adequate

Interactive API Console

Excellent. Extensive provision to publish & explore services. Auto-generated API catalog, Manage developers’ access and usage from one place. Provide API usage reports and an interactive console for API testing.

Excellent. API console gets auto generated at design time using the specification itself. API mocking is OOTBSufficient access to manage certain aspects of look & feel of the Dev Portal is possible.

Average. API console is a bit lagging in Dell Boomi API Management module. Only a swagger visualization portal is available to help developers.Boomi is expected to release enhance features in this aspect in next few months

Catalogue Adequate Adequate Adequate

Search & Provisioning

Excellent. Extensive provision to search throughthe product catalogue

Excellent. It has rich search capability. Adequate. Provides multiple search options

Developer & Application On boarding


Feature

Data Format Transformation

Excellent. Extensive policies could be customized as per the transformation need

Excellent. Advanced dataweave feature can be used to transform various data formats.

Exellent. Dell Boomi Visual Mapper supports formats like JSON, XML, CSV, EDI etcOOTB Functions like Lookup, Connector Call, scripting etc make complex transformations possible to do in Boomi.

Protocol Conversion from SOAP to REST

Adequate. OOTB capability to convert a SOAP API to REST

Adequate. Protocol conversion can be achieved using transformation.

Adequate

Legacy Integration

Excellent. Possible through Azure Service Bus Excellent. Platform enables legacy system like DB, JMS, MQ, File integration with help of nearly 140 connectors. Custom connector can also be build using SDK kit.

Excellent. Boomi supports AS 400 integration. Custom groovy scripting leverages external libraries. Custom connectors with inbuilt technology connectors can also be leveraged.

Rate Limitation Excellent. Rate Limit policies can be defined. Multiple level of throttling setup i.e., user, location, key, geography etc.

Excellent. Various policies like rate limitation on API usage with SLA tier can be applied in API Manager

Excellent. Restrict number of incoming requests for a specified time period per Atom or per Environment is possible.

Caching Excellent. Radis Cache for custom caching modules – can be used as an in-memory data structure store, a distributed non-relational database, and a message broker.

Excellent. Mule Object Store is used for caching the response. Integration with External Caching Provider supported.

Adequate. Inbuilt Document Caching mechanism.

Traffic Mediation & Routing


Feature

Traffic Monitoring

Excellent. OOTB Azure Monitor. Azure Event Hub Plugins and extensive support to integrate with various monitoring 3rd party tools.

Excellent. Customized dashboard for API monitoring and provision to setup the custom & trigger notifications.

Excellent. Provides dashboard to perform real time monitoring

Analytics on Traffic

Adequate. Azure Monitor -Metrics, Diagnostic Logs and Alert rules, Analytics, Integration through LogicApps to alert stakeholder, take necessary action based on analytics

Adequate – AnyPoint visualizer, AnyPointMonitoring Component

Adequate. OOTB Dashboards available to view statistics like API Usage History, API Usage Trends and Average Response Times. This can be filtered out to the levels of different environment types as well as Day/Week/Month/Year Basis

Analytics & Traffic Monitoring


Feature

SSO to SaaS Providers

Excellent. Default and external token issuance systems could be configured. Azure domain store could host number of AUTH providers

Excellent. All SAML2.0 based configured SAML identity provider (ID) are supported

Adequate.

IaaS Integration Excellent, Express Route provisions the integration facility

Excellent. VMs can be configured to run Mule runtime to run applications

Adequate. Dell Boomi Atoms are supported on various IaaS clouds.

SaaS Data Connectors

Excellent, through Azure Service Bus provides variety of connectors

Excellent. Platform provides various OOTB connector support like Salesforce, MongoDB, Workday, SAP Hybris, Amazon S3, etc.

Excellent. It provides various connectors to integrates your on-premise and cloud-based applications. Connectors to all leading SaaS providers are available in Boomi (150+ Connectors are available)

Cloud Integration


Feature

System Monitoring

Excellent. Azure Monitor - provide near real-time alerting in public preview for platform metrics from Azure services such as Virtual Machines, Networking, ServiceBus, EventHubs, etc. Surfaces metrics and logs from many services such as, Networking, Storage, Traffic Manager, Network Interfaces, Express Routes, Load Balancers, Data Lake Store, Data Lake Analytics, etc. ,

Excellent. Monitors the performance across servers and apps. Platform provide OOTB API and Runtime monitoring supports event driven alerts, logging support, monitoring dashboards for managing the application health

Adequate. Monitoring Options are available for "Shared Web Server", "Atom, Molecule & Atom Clouds".System monitoring with JMX and Disk Space monitoring options are also available.

Clustering & Scalability

Excellent. API could be hosted in Multi Region High availability zones.OOTB capabilities - Azure Service Fabric Cluster, Azure Service Mesh. OOTB capability to scale up/down, upgrade/downgrade to any of the 4 tiers (Dev/Basic/Std./Premium), supports scaling to multi-region/geo.

Adequate. It has limitation to have maximum of eight nodes in a cluster. Clustering is supported on on-prem. On cloud auto-HA deployment & LB features are used. Horizontal scalability feature is supported for all deployed application based on events configured.

Excellent. Atmosphere is multi-tenant platform. Both Horizontal and Vertical scaling is possible.Features like Atom Workers, Molecules can also aid in scaling up the API Implementations.Clustering of Atoms to form a molecule (HA and LB) is supported OOTB for private Atoms.

Operational Integration

https://docs.microsoft.com/azure/monitoring-and-diagnostics/monitoring-near-real-time-metric-alerts


Feature

Auto healing Excellent Excellent. Cloudhub monitors and provide self-healing mechanism.

Adequate

Auto scaling Excellent Adequate Adequate

Automatic Cluster Discovery


Dynamic Load Balancing


VM/Container Support


Multi Tenancy Excellent Excellent Adequate

Multi Region Deployment

Excellent Adequate Excellent

Availability


Feature

Usage Plans Excellent. You can create stripe plans for your products

Adequate Adequate

Billing Engine Integration

Excellent. Payment provider could be integrated for collecting payments

Adequate Adequate

Rate Plan Adequate Adequate Adequate

Monetization


Feature

Technical Support

Excellent Excellent Excellent. They have different flavours of support namely standard, premium & premium plus.

Learning Curve Excellent Excellent Excellent. Provides good trainings and manual for learning the Dell Boomi.

Ease of Development

Excellent Excellent Adequate

Documentation & Developer Productivity


Feature

Pricing Cost Effective compared to AWS. Priced at different Tiers based on SLA. Pay as you go model.

Pricing is high compared to other API tools. MuleSoft supports annual subscription-based model.Many customers feedback is that pricing is not that cheap, but value for money at enterprise level. Considering one needs to purchase the Platform even if they want only 1 core, it makes sense only at enterprise level.

Expensive comparing to APIGEE. 1. Boomifollows connection-based subscription pricing model.If an enterprise plans to use more than 20+ connectors, Boomi offers attractive pricing that can be negotiated.

Cost


1. API Security & Identity

2. API Orchestration

3. Traffic Mediation

4. Developer & Application Onboarding

5. Routing

6. Cloud Integration

7. Operational Integration

8. Availability

9. Monetization

10.Documentation & Developer Productivity

1. API Life Cycle Governance

2. API Orchestration

3. Analytics & Traffic Monitoring

4. Cloud Integration

1. Operational Integration

Final Chart of Comparison – Qualitative Benefits


Features AKV Hashicorp Vault

License type PaaS (standard and premium Tier) Open Source (for Enterprise setup license required – very high cost)

Operational Effort No / minimal operations effort Needs setup and maintenance effort additionally

Security Certification FIPS 140-2 Level 2 (Leve 3 – AKV Managed HSM) FIPS 140-2

Keys protection Encrypted through Software keys(HSM protected keys-Premium Tier)

HSM Keys

Scalability Can scale up through simple UI configuration To be constantly managed and monitored

Availability Well Managed through Azure – high availability achieved through simple steps

To be self managed

Replication Easy replication of key Vault across regions Supported only in Enterprise version

Backup Key Vault Yes Yes

Import Keys (BYOK) Can import keys securely from on-prem Scripts need to be written/ customized

Secret Management – Product Options


Features AKV Hashicorp Vault

Supports on-prem Can act as an on-prem setup through Azure Stack Yes

Access Control Yes Yes

Dynamic Secrets No Yes

Seal Vault in case of compromise

No Yes

Certificate Mgmt. Yes Yes

Data Encryption Yes Yes

Key rotation Yes Yes

Stream to an Event Hub Yes Need separate implementation

Integrate with Azure Monitor Logs

Yes Need separate implementation

Integrate with variety of DBs and tools

No Yes

Need in-house knowledge of HSM

No Yes

Secret Management – Product Options


1. Control Access to Key Vault2. Limit Access to Key vault data3. Limit number of users with

contributor access4. Use separate Key Vault per

application per environment

5. Backup Key Vault on each

change

6. Turn On logging and setup

alerts

7. Restrict access to Key Vault logs

8. Limit network exposure

9. Turn on Soft recovery options

Best Practices

Copyright © 2020 HCL Technologies Limited | www.hcltech.com

Azure Key Vault – Reference Architecture

24


“We have detailed out the qualitative benefits of using the said products & detailed portfolio analysis could help arrive at the best-fit product”

Recommendation


$7 BILLION ENTERPRISE | 110,000 IDEAPRENEURS | 31 COUNTRIES

Prabhu RamaswamyLead Solutions ArchitectModern AD – API & Micro Services CoE.

Content Contributors

Subramanian VeerappanEnterprise ArchitectEPS – Azure Development & DevOps CoE

Rajinder GuptaSenior Solutions ArchitectBusiness Productivity Services CoE

Sarika SehraTechnical ArchitectBusiness Productivity Service CoE

Documents

API Management Comparison Our PoV...Excellent. Boomi supports AS 400 integration. Custom groovy scripting leverages external libraries. Custom connectors with inbuilt technology connectors