CA API Management Review

We have been able to accelerate our clients’ transition to digital organizations by using the CA API Gateway to rapidly expose legacy business services as RESTful APIs.

Valuable Features

  • Security
  • Flexibility
  • Ease of use
  • Message translation

Improvements to My Organization

We have been able to accelerate our clients’ transition to digital organizations by using the CA API Gateway to rapidly expose legacy business services as RESTful APIs, adding industry-leading security to the APIs, and providing a Developer Portal that provides governance, control, visibility, and organization of the entire API stack. These features result in faster time to market, cut months off project timelines, and enable businesses to prevent from becoming disrupted by high-tech startups.

Room for Improvement

The Developer Portal has had some limitations but a new version has already been released which addresses these limitations. It is already available in SaaS form and will also be available as an on-premise solution this October.

The previous version of the Portal was a bit more limited in terms of appearance customization (CMS) than the new version. Some other features lacking in the old portal but available in the new version include API-Enabled (functions that can be executed from within the web-based GUI can also be executed from API calls, allowing you to automate tasks), ad-hoc reporting, support for hybrid deployments (Portal in the cloud, API Gateway on-prem), and Swagger support to name a few of the most commonly requested features.

Use of Solution

I have used it for three years.

Scalability Issues

The CA product has outstanding scalability built-in via their “cluster” concept. The Gateways are organized into clusters and adding a new Gateway into an existing cluster is very simple and does not require an admin to configure the newly added Gateway nor manually deploy policy to it; it is all automatic. Stability of the Gateway is rock-solid so long as you follow CA’s best-practices guidelines when provisioning and configuring servers. We have seen sporadic performance issues when clients’ IT Operations team did not follow the guidelines but these were easily remedied by updating VMware configurations to match CA’s recommendations. DRS configuration is an example of this. One must also pay attention to log and audit data as these can grow fast with the high transaction counts of today’s API utilizations. Implementing a strategy to archive this data is important. We very often forward this data into Splunk to provide our clients with a single source for API analytics.

Customer Service and Technical Support

For most use cases, CA support is very responsive and they even have a group dedicated to making fast-paced product updates and customizations for customers with special needs, which is very unique among API solution providers.

Initial Setup

The CA product is very easy to set up. A development environment can be stood up in an hour or two.

Implementation Team

As a service provider, we implement API management solutions for many customers. My advice for customers seeking to implement these solutions is to pay close attention to the CA recommendations on VM settings (if using the virtual appliance), and to ensure they seek assistance from someone familiar with implementing this specific solution. CA has their own professional services division, and there are several consulting firms such as ourselves who have experience implementing this solution.

Other Solutions Considered

We work with multiple API solution providers. Each has their strengths and weaknesses. We work with our clients to understand their needs, current IT infrastructure, future-state IT infrastructure, and roadmap, then provide them with our solution recommendations based on this input and our own personal experience implementing API management and identity and access management solutions.

Other Advice

API management solutions have many additional valuable features that some IT development purists might not feel “should” be handled by an API gateway. Two examples include the API gateway’s ability to process business rules on a service, and the API gateway’s ability to provide orchestration. One could certainly have a lively debate about whether the API gateway is the “right” place to do this, but the point I try to make is that in the real world, work comes at you fast; you have to be nimble and responsive to customer demands. I have been in situations where a business requirement and deadline could not be met because certain architecture was not ready or the team who would normally handle this work was already fully utilized on other requirements. Because the API gateway can handle these tasks, it provides increased flexibility. The new functionality can be added into the gateway and later moved out to a service bus or microservices architecture as time allows.

Disclosure: My company has a business relationship with this vendor other than being a customer: My company is a CA partner. We are resellers of CA Identity Management and API Management products and we provide implementation services to clients.
1 Comment
author avatarUser at a consultancy with 10,001+ employees

You mentioned legacy apps. However, in my understanding, the only language supported for API creation in CA APIM is JavaScript (Java jars can be used for dependency JARs). Does APIM support any other way of migrating legacy apps to APIM?


Sign Up with Email