CA API Management Review

The latest version is less functional than the previous version but security assertions bound to APIs are valuable

What is our primary use case?

The primary use case would be services for APIs that we are going to expose either internally, within the enterprise, or at the outside edge of the enterprise.

What is most valuable?

Most valuable might be the security assertions, the policy assertions that are able to be bound somehow to the APIs.

How has it helped my organization?

We are a company with a rather complex process when it comes to integration of applications. Our expectation - we are only about to get this product into  a productive state so we are not using it productively at the moment - so the expectation is that it will simplify the on-boarding of either internal or external developers when they are using our APIs.

What needs improvement?

The solution is divided into their Gateway and to their Developer Portal components. For the Gateway component, our expectation was that it is provided as a Docker image, but it turned out that it was not supported in production up to the version that we are currently using. But the next version is obviously provided as a complete containerized version for production, which is quite good.

On the other hand, the Portal provides some questions so to speak, at the moment, because as we decided on the product last year, at the end of 2016, and it turned out that CA completely rewrote the Portal solution and the current version of it is not at the level of the functionality of the previous 3.5 version. That's quite a problem for us because we expected some functions in the Portal which are currently not available. Unfortunately, the new version is also not being introduced here at CA World, so I'm somewhat doubtful as to whether it will be provided this year. So it will probably be available only next year.

What do I think about the stability of the solution?

We are not in the production state at the moment so I cannot say anything about its stability.

How are customer service and technical support?

We have quite good support by the guys from sales support so far but, as I said, as we are not in production yet, we cannot evaluate the normal support services.

Which solution did I use previously and why did I switch?

It's a completely new solution for us as we were not dealing with REST-based APIs up to that point, and internally we are used to using SOAP Vitsa-based web services instead, as the major application technology. Now it's more and more moving to the REST-based approach with some kind of mircrosource architecture concepts that are being introduced, so we need to look for another solution or some kind of add-on to a existing integration infrastructure.

How was the initial setup?

I was not directly involved but I was on the side getting feedback from the guys who were doing the real set up. It was a mixture out of straightforward implementation or installation and rather complex stuff. We're dealing with a specific installation image that was due to the fact that we were using specific combination of hardware, software and operating system.

Which other solutions did I evaluate?

Without naming them, they are the top contenders in the well-known ratings, so the ones that you find there were used as a basis for evaluation and, from then on, we did some deep-dives into the functional capabilities of these products and then decided on a shortlist. Those vendors were then were evaluated by our procurement concerning the financial aspect of the old stuff.

What other advice do I have?

When considering the most important criteria when selecting a vendor, of course there are all kinds of functional criteria according to the product that we are evaluating. On the other hand, it's important, of course, that the vendor is stable. And because we are a large company, it is for us important that the vendor also provide some kind of stability due to its size and its footprint internationally.

Brand name isn't a big consideration for us. On the other hand, you have different analysts' reports that are quite important for us, as we don't have time and budget, from an architecture point of view, to evaluate all existing solutions in detail. So we have to have a starting point, which of course is the analysts' ratings and then, with some products, we usually do some kind of PoC and workshops to find out if they match our requirements.

I would actually divide my rating into two parts. The CA Gateway solution I would rate at nine out of 10, based on its mature capabilities in all the areas that are relevant for us. On the Portal, I would give only four out of 10 because I actually I don't quite understand the CA market strategy in that area, and the fact that the current version doesn't provide the same capabilities that they used to have with 3.5. There are some major capabilities that we miss there and which have not been introduced in the current 4.x version schemes; we're waiting for that to happen.

I would advise you plan a thorough PoC with the top two or three contenders on the list to find out about not only the functional criteria on the paper, but also how the product works and looks and feels in real life.

Disclosure: I am a real user, and this review is based on my own experience and opinions.

Add a Comment