1.2 Understanding the Secure API Manager Components

NetIQ provides Secure API Manager as an appliance that you can deploy in your existing virtual (VMware) environment. Secure API Manager has four separate components: Analytics, API Gateway, Database Service, and Lifecycle Manager.

Secure API Manager allows you to deploy the components in different configurations depending on your environment. For more information, see Understanding Deployment Scenarios.

IMPORTANT:Running all of the components on one virtual machine is not supported in a production environment. Deploying all components on one virtual machine is supported only for testing purposes.

The following graphic provides a high-level architectural view of Secure API Manager. The graphic shows the different components of Secure API Manager and how they interact with each other. One important thing to note is that Secure API Manager requires Access Manager to work.

Figure 1-4 Secure API Manager Architecture

The following sections provide details about the different components of Secure API Manager.

IMPORTANT:We recommend as a best practice that you deploy each component on its own appliance in a production environment. You must run the Database Service, API Gateway, and Lifecycle Manager on separate appliances. You should also install the Analytics component on its own appliance if you plan to run a lot of reports.

1.2.1 Analytics

The Analytics component provides detailed logs about the number of authorizations to each API, which APIs have been combined to create applications, and where the authorizations are coming from, among many other items. There are no configuration options for the Analytics component. The Analytics reports work as long as you deploy the Analytics component.

1.2.2 API Gateway

Integrating Secure API Manager with NetIQ Access Manager ensures that only the approved calls are made to the APIs through OAuth tokens. The API Gateway component controls the number of authorizations to the API through the use of throttling policies. All API communications go through the API Gateway to create audit trails and to provide detailed analytics about each API.

1.2.3 Database Service

Many of the services in Secure API Manager require a database to function. The Database Service component provides multiple databases for different services. For example, there is a database that contains all of the APIs and a database for analytics. When you deploy the Database Service, it deploys the required databases for Secure API Manager to work.

WARNING:The Database Service component must run on its own appliance. Do not combine any other components with the Database Service component.

1.2.4 Lifecycle Manager

The Lifecycle Manager component consists of the consoles responsible for creating, testing, managing, and deprecating APIs. It also contains the administration consoles for Secure API Manager and Analytics. These different components are:

Publisher: The Publisher is where you add the APIs to the single repository. You can see all available APIs in one location and view the analytics of the APIs in this console. You access the Publisher at https://lifecycle-manager-dns-name:9444/publisher. For more information, see Accessing the Publisher in the NetIQ Secure API Manager 1.1 API Management Guide.
Store: The Store displays all available APIs to the developers who want to use the APIs. The Store also allows developers to combine two or more APIs together to create applications. You access the Store at https://lifecycle-manager-dns-name:9444/store. For more information, see Accessing the Store in the NetIQ Secure API Manager 1.1 API Management Guide.
Management console: The management console allows you to configure roles, view logs, and manage other aspects of Secure API Manager. You access the console at https://lifecycle-manager-dns-name:9444/carbon. For more information, see Accessing the Management Console in the NetIQ Secure API Manager 1.1 Administration Guide.
Administration console: The administration console allows you to create and manage groups as well as configure policies for throttling access to APIs. You access the console at https://lifecycle-manager-dns-name:9444/admin. For more information, see Accessing the Administration Console in the NetIQ Secure API Manager 1.1 Administration Guide.

You can deploy all components on one appliance for testing purposes. You must run the Database Service, API Gateway, and Lifecycle Manager on separate appliances. We recommend as a best practice in an enterprise environment that you deploy each component on a separate appliance. For more information, see Understanding Deployment Scenarios.

There is an appliance management console available for each appliance that you deploy. The appliance management console allows you to manage that specific appliance. For example, if you cluster the appliance for load balancing and high availability, the appliance management console allows you to apply patches to each appliance in the cluster. For more information, see Managing the Appliance in the NetIQ Secure API Manager 1.1 Administration Guide.