API Manager for Vendorlink

Slides:



Advertisements
Similar presentations
MFA for Business Banking – Security Questions with 2nd Request Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing.
Advertisements

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.
MFA for Business Banking – Security Questions with Reset Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing.
Microsoft ® System Center Configuration Manager 2007 R3 and Forefront ® Endpoint Protection Infrastructure Planning and Design Published: October 2008.
Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
Attacking Session Management Juliette Lessing
1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.
Network security policy: best practices
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Login Screen This is the Sign In page for the Dashboard Enter Id and Password to sign In New User Registration.
Clarity Educational Community Get the Results You Need When You Need Them Transitioning to CA PPM On Demand Presented by: Joshua.
Kuali Rice at Indiana University Rice Setup Options July 29-30, 2008 Eric Westfall.
Hands-On Microsoft Windows Server 2008
20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,
2013 Dynamics SL Event May 15, As of 5/1/2013 the most recent version of MR is 2012 Rollup 5 Proceed with caution if you choose to update your MR.
Windows Small Business Server 2003 Setting up and Connecting David Overton Partner Technical Specialist.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Sudarshan Yadav Sr. Program Manager, Microsoft
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Internet Authentication Service.
1 Implementing Monitoring and Reporting. 2 Why Should Implement Monitoring? One of the biggest complaints we hear about firewall products from almost.
MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
FriendFinder Location-aware social networking on mobile phones.
The ERA of API in the World of IoT Jing Zhang-Lee November, 2015.
FriendFinder Location-aware social networking on mobile phones.
SQL Server 2012 Session: 1 Session: 4 SQL Azure Data Management Using Microsoft SQL Server.
ASP.NET 2.0 Security Alex Mackman CM Group Ltd
L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.
Copyright © 2006, Oracle. All rights reserved Oracle Web Services Manager.
Configuring ALSMS Remote Navigation
BIM 360 Glue Migration to BIM 360 Account Administration (HQ)
Module Overview Installing and Configuring a Network Policy Server
SaaS Application Deep Dive
Power BI Security Best Practices
Secure communication among services
Introduction to Networking
API Documentation Guidelines
Digital Partner of Record Overview
What’s New in Fireware v12.1.1
2018 Real Cisco Dumps IT-Dumps
RMS with Microsoft SharePoint
Digital Partner of Record Overview
Azure AD Application Proxy
WEB API.
Dev Test on Windows Azure Solution in a Box
iCIMS 16.3 Release: Highlights
Ashish Pandit, Louis Zelus, Jonathan Whitman
Getting Started.
Getting Started.
Architecture Competency Group
Matthew Levy Azure AD B2B vs B2C Matthew Levy
SharePoint Online Authentication Patterns
Microsoft Virtual Academy
IT and Development support services
Office 365 Development.
This is the Sign In page for the Dashboard
DRC Central Office Services
Security and identity (Network Access Protection, Parental Controls)
Building production-ready APIs with ASP.NET Core 2.2
Technical Integration Guide
Troubleshooting.
SCCM in hybrid world Predrag Jelesijević Microsoft 7/6/ :17 AM
Erik Porter Program Manager ASP.NET Microsoft Corporation
Building Windows Store Apps with Windows Azure Mobile Services
Securing web applications Externally
What’s New In WatchGuard Wi-Fi Cloud v8.6
STANDARD ACCOUNT: SOLUTION QUICK GUIDE
Presentation transcript:

API Manager for Vendorlink Chris Messner Goal is to give a good background on API Manager, what it is, why we’re moving towards it, the benefits, the migration plan/timeline Interactive session Ask questions at any time

“Oh no, Vendor ABC is hammering VendorLink again!” “I cannot determine which Vendor is causing the SQL Server to spike! Help!” “ABC Vendor is making hundreds of calls a minute and it’s killing my database! I wish I could prevent them from doing that!” “Vendor ABC is reporting that Student Snapshot is running slow, but when I call it with the test client it returns almost immediately. Is it really running slow or not?” “Oh no, Vendor ABC is hammering VendorLink again!” How many of us have uttered these words or thoughts at some point over the last few years.

Azure API Manager (APIM) What is it? Proxy service built by Microsoft Hosted on Microsoft’s Azure cloud platform How does it work? Provides a proxy over an existing API Applies policies to the incoming/outgoing requests Routes the request to appropriate backend service Policies: preliminary input validations and authorizations, adjust the HTTP Request prior to forwarding to backend, re-format outputs into different formats

Current Vendorlink Architecture Vendor application authenticates directly against each individual ITC using unique keys per

VendorLink APIM Architecture 3 parts of APIM: Admin Portal, Vendor API Portal, API Gateway

Admin portal Administrative portion of APIM Setup and configuration of actual proxy VendorLink APIs Necessary policies (routing, rate-limiting, ip whitelist) Activation and management of Vendor accounts and subscriptions Analytics Managed by Software Answers -Where all of the APIM administration is performed -Each VendorLink API has been setup in APIM -ITC Request routing policies are in place -Initially there will be no rate-limiting -To protect the APIs we will not make API publicly available and provide subscriptions only to approved Vendors -Analytics: overall health of APIM

Vendor API portal Vendor integration point Management of APIM Gateway Subscriber keys Direct access to VendorLink documentation Integrated test client Analytics -Where Vendor configure their subscription -APIM Gateway Subscriber Key management -200 pg User Guide becomes stale vs. Instantly updated documentation -Integrated Test Client that immediately has the configurations necessary to call APIs as soon as they are published to APIM -Analytics: Vendor drill down analytics

API Gateway Authenticate with Auth Server Call API Gateway Authenticates subscriber key Handles ITC routing Manages and applies API request policies -Initial authentication with PB Auth Server -Vendor applications integrate here -Authentication of APIM Gateway Subscriber Key -Policies applied here: ITC routing, Analytic mechanisim

Benefits of APIM Visibility into VendorLink usage -Aid VendorLink committee in knowing how to prioritize enhancement requests -Aid Development in knowing how/where to optimize

Benefits of APIM Ability to rate-limit Vendor requests -Types of rate-limiting (by itc, by vendor, by api) -Initially there will be no rate-limiting applied – can be added as needed

Benefits of APIM Built-in API documentation -API documentation built right into the API manager -Example of the documentation -Example of the URL format -Actual code samples of how to call the API -Sample request/response

Benefits of APIM Built-in API test client -Built-in test client -In the past we have had issues with firewalls and network (internal vs. external) with using the Rest Test Client. The Vendor API Portal test client will remove those as an issue and make the call exactly as a vendor would from outside the network.

Vendor Modifications Retrieve an OAuth token from centralized ProgressBook authentication server Increased efficiency OAuth 2.0 industry standard vs. VendorLink native HMAC approach Convert application to navigate to a single endpoint Url Single endpoint Single Vendor Id/Key -Simplified model allows for them to manage/maintain a single VendorKey managed by the Centralized Auth Server - Software Answers ProgressBook Support during migration process

Vendor Modifications HTTP Header changes for VendorLink call Remove VL-Authorization (used in HMAC) Remove Date (used in HMAC) Add Ocp-Apim-Subscription-Key (APIM subscriber key) Add Authorization (containing the OAuth token) Add Itc (request routing key) Provide IP Addresses of all client applications to ProgressBook Support

https://pbapi.azure-api.net/VendorLink/SisService/Version Headers Ocp-Apim-Subscription-Key: 2a84558b9090b3cdd112a Used by APIM Gateway to authenticate the subscriber itc: ITC-Routing-Key Used by APIM Gateway to route the request to the ITC Authorization: Bearer eyJ0eXAiOLCbG {truncated for brevity} Used by VendorLink application to authorize the user

ITC Perspective Continue to maintain data security via SIS Security Which Vendor’s can access your data What data each Vendor can access -ITCs still manage/protect their districts data

ITC Perspective Management of Vendor Key shifts to centralized ProgressBook Auth Server Vendor still needs to exist in Central and SIS ITC Vendor Key is no longer used by the Vendor VendorLink versioning transparent to Vendors New Operations will be added to Vendor API Gateway prior to the VendorLink release -Vendor still necessary in Central/SIS to allow for authentication/authorization -Vendor will no longer use the VendorKey that they received from the each of the ITCs

ITC Perspective Existing Vendor Integrations New Vendor Integrations Vendor completes the migration process on their side No intervention necessary from ITC staff New Vendor Integrations Syncer process continues to publish the VendorLink Users and Roles to the ITCs Continue to setup Vendors (Central & SIS) for security authorization purposes

ITC Perspective VendorLink test/play environments Configured as a separate Vendor Product in APIM Ability to expose VendorLink test/play environments externally -Necessary by v18.0 because of end of HMAC support -ITCs still control what vendor users have access to the environments so external exposure optional

What to do if… …you find the need to enforce a rate-limit on a vendor? Contact the ProgressBook Support Team (Software Answers) and provide the following details ITC Name Vendor Name Specify the Operation (GET Student Snapshot) OR All Operations Desired rate-limit (x calls / minute)

What to do if… …you have a vendor reporting issues connecting to VendorLink? Determine if the issue is with APIM or with the VendorLink application If call not in the VendorLink logs then potential issue w/ APIM Attempt identical call from the Integrated APIM Test Client Verify the request headers exist and are correct ProgressBook Support can help to further analyze specific issues

Migration Process Step Responsible Activity Status 1 Software Answers Complete VendorLink setup in ProgressBook Admin Portal Complete 2 Setup all Pristine Vendors in the Central Authentication Server 3 Email all Vendors to inform them of migration plan Spring 2017 4 Vendor Register for an account at the ProgressBook Vendor API Portal Spring 2017 - Summer 2018 5 Monitor ProgressBook Admin Portal for new accounts that need a VendorLink subscription 6 Perform necessary updates to client application to support/call the new ProgressBook API Gateway

Next Steps Visit the Vendor API Portal and register your ITC for a developer account Provide your test/play environment Url to ProgressBook Support prior to ProgressBook v18.0 release Become familiar with the Vendor API Portal Peruse the VendorLink documentation Use the Integrated Test Client

Questions?