CA API Management Review

Manages and secures APIs


What is most valuable?

It's a purveyor of tools for managing and securing APIs. It is flexible in how it creates custom policies and uses builds with impressive methods.

How has it helped my organization?

We implemented few Layer7 project to various organizations. Most of them just use it as a 'proxy' for policy checking. For example, limit the number of access attempts on specific page from the same IP for a specific duration.

Other clients use it for logic flow, to create a workflow integrated with the Australian government's MyGov framework, which is beyond just security checks.

What needs improvement?

Some of the common useful functions/assertions (e.g., JWT encoding/decoding) are only available in other CA products. The client needs to purchase and install those products in order to make it available for Layer 7. I don't think it is justified to maintain another product that is not really needed, in order to have just one function. If those common, useful functions could be part of the core Layer7 product, that would be great.

Provide complete documentation with examples of usage on its build in assertion/function.

Easier to find documents (e.g., cluster setup).

For how long have I used the solution?

We have been using this solution for two years.

What was my experience with deployment of the solution?

  • When more than one developer is working on separate policies, it is hard to export, import, and merge the policies to other parties
  • When migrating to different environments
  • When integrating with SVN/Git: This is not well documented

What do I think about the stability of the solution?

There were no stability issues. It is a very stable and mature product. So far, there have not been many complaints from clients regarding the stability.

What do I think about the scalability of the solution?

Scalability performance has always been an issue. It behaves slowly when communicating with Windows-based servers (e.g., F5 load balancer or DB server, as compared to when communicating with a UNIX server.)

How is customer service and technical support?

Customer Service:

Customer service provides good and fast responses. They help a lot when problems occur. They always respond in a timely fashion.

Technical Support:

Technical support provides good and fast responses. They help a lot when problems occur. By the way, the forum is also helpful for self-service.

Which solutions did we use previously?

We didn't use other solutions before this one.

How was the initial setup?

The setup was simple, as it comes with the OVA file. It reduced a lot of time and problems in the deployment. The main focus is on integration with client's exiting infrastructure, instead of setting up Layer 7.

What about the implementation team?

We are the vendor. I have worked on this product for more than two years and implemented it in at least three organizations.

What was our ROI?

We are the vendor and we implemented it for clients. We do not use it for ourselves. We are not aware of the ROI.

What's my experience with pricing, setup cost, and licensing?

The pricing and licensing issues are done by other staff members. I have no idea on how much it costs or what the pricing structures look like.

Which other solutions did I evaluate?

I believe the company already did a lot evaluations with other similar products.

Disclosure: I work for the vendor.
Add a Comment
Guest

Sign Up with Email