CA API Management Review

Facilitates securely exposing APIs to the internet, but the Policy Manager UI needs work

What is our primary use case?

We use the API Gateway as a front door to access our APIs that we host internally, to enable us to get involved in the digitalization.

It has performed very well, actually. It's given us new capabilities that we never had before and gives us more confidence in increasing the number of APIs that we actually have.

What is most valuable?

I think the flexibility. It's very configurable. Each policy is very customizable, where we can accommodate different capabilities that our trading partners actually have. Even though from a textbook standpoint, there's always a certain ideal pattern that you want to apply, that's rarely the case with our trading partners. That flexibility is very important.

And the main point of the Gateway is the security aspect of it. It's very good from that standpoint. It has met all of our expectations. We're very happy with that.

How has it helped my organization?

It gave us new capabilities that we really didn't have before. We didn't have a good way of exposing APIs to the internet in a reliable, secure way. It gave us that ability. 

It also gives us a focal point where it's allowing us to consolidate our portfolio. Where before - Cargill is a very large company - from one business unit to the next, they didn't necessarily know what we actually have. This product enables us to consolidate that, so there's one place to look.

What needs improvement?

The tool itself, I think, could be better. Along with the flexibility it does have, I wish it had a little more modern user interface. For troubleshooting, debugging, that kind of thing, it could definitely be better. I would like to see improvements in the user interface, for sure for Policy Manager. That's the developer's tool. 

Debugging seems a little bit archaic by modern standards. I would like to see that improved. 

I would like to see better documentation for the development language itself. I think they took a step backwards, actually, when they published all their documentation online. Accessibility is better because it's on the web. But the content seems to me to have taken a step backwards. Not enough details, more difficult to find specifics. And you would almost think that would be the opposite, but the feedback I've gotten from our developers, and my own experience, is that it's not the case.

But in terms of the structure of how the language works, it's pretty good. It gives you a lot of flexibility and allows you to accomplish a lot quickly.

So, in general, improvements in the UI, usability. Like I said, it seems dated in terms of how it works, by modern standards. I think they could go a long way to refurbishing the whole UI.

What do I think about the stability of the solution?

It's been very good. 

We have had some issues. Technically it's like a database replication issue, where our operations people tell me that the audit logs have been quite large, and that has caused some replication issues between the two nodes in our cluster. 

But outside of that, it's been very good.

What do I think about the scalability of the solution?

We're relatively new to this so I don't think we're taxing the capacity of our gateway at all. In the business that we're in, I don't think that we're going to get to huge volumes anyways. Our goal is to leverage it more. So far, that hasn't been an issue at all.

The biggest thing for us would be that currently it is deployed in one region. We're a global company, so that technically is a little bit of a constraint for us. We haven't been able to deploy more gateways in other regions mainly due to cost of licensing.

How are customer service and technical support?

Overall it's been very good. 

There are two perspectives. We've used our technical sales contacts. They have been very responsive and very good. We're lucky that we have a couple of them local in our city. They've actually come on-premise to help us. That's been very helpful, very good. Professional services has been really good too. I've spent a lot of time with them. Again, their expertise has been very valuable. 

From a ticket support point of view, where we submit a ticket, I would say that's been a little bit less helpful, in terms of responsiveness, and conveying the actual issue to the person. Once you get them on the phone, and have a one on one working session - which they have been willing to do - that's been very good. But through the ticketing system and the support website, it could be better.

Which solution did I use previously and why did I switch?

It was a gap in our company. We knew we had APIs that we wanted to leverage and work with our trading partners, for them to access it. But working with our security team, we knew that we didn't have a good way of exposing them securely. That was a roadblock for our business. We couldn't make them accessible because of polices. API Gateway filled that gap and enabled us to use best practices to expose our APIs.

How was the initial setup?

I have been involved more from the development standpoint. We're set up in two groups, an operational side which sets up the infrastructure, does actual server software; I haven't been involved too much from that standpoint. It's more in the development side, to get initial templates together and patterns that we're going to apply. And just coming up with some standards for our developers to use.

I would say it's complex. But I think part of it is just the nature of what this stuff is, when you're dealing with security and the variety of approaches that there can be. That makes it complex. For us, it was relatively new, so there were a lot of challenges there to just learn all the different aspects of it. 

Which other solutions did I evaluate?

We did consider other vendors. I wasn't part of the original selection, but it came down to two different vendors, CA being one of them - at the time it was Layer 7. Then we did a proof of concept, so I was involved in that. 

In the end, it was really no contest. I tell our other people about this: That it was a week long proof of concept and the other vendor, it couldn't complete one use case. In one week, they had three people that they brought on-premise to work on our use cases for the proof of concept, and they couldn't complete any of them. Layer 7, they completed all of the use cases in one afternoon. It was pretty convincing.

What other advice do I have?

What's important to us when selecting a vendor, besides the product, the vendor needs to be of significant size to be able to continue to evolve the product. It needs to be able to provide enterprise-level support. We're a large company, so we expect the vendor to provide that backing of their product and SLAs. When we choose a product we don't want it to be a product that comes and goes. We want there to be a clear vision of where it's going, that's important to us. CA was able to demonstrate that to us.

It's very good in terms of what we wanted out of the product, initially. But now that we've explored and had the product for a while, we expect more. I think it definitely has room for improvement. Some of those things we're seeing here today, or in this week, at the CA World conference, give me some hope that that improvement is going to happen.

I would advise taking a look at what's available. Clearly, we've had good success with CA API Gateway, but this is a very quickly evolving space. I would encourage them to look at what's out there, what's available. They should prioritize what's important to them, what they're looking for out of the product. Then do a proof of concept to make sure that they feel comfortable, that the product is what they need. Also work with the technical support staff, to make sure that they're comfortable working with them too.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment