Please share with the community what you think needs improvement with Layer7 API Management.
What are its weaknesses? What would you like to see changed in a future version?
The Portal lacks maturity. Since the move from Portal 3.x to 4.x, a lot of features were removed. It is slowly coming back. I can see a lot of changes are done in the "background" to decouple components and make it more flexible. Those changes are just not getting to the UI side quick enough. The CA Portal concept of multitenancy does not align with their other products (or how most people see it) and that caught us off guard. CA/Broadcom is addressing this though. I have seen an uptake in feature development since the Broadcom acquisition of CA. It seems that a lot of our concerns were taken up and are being addressed. My rating would have been better if it was not for the Portal. The Gateway I would give a 10 out of 10. For feature improvements, the way the Portal handles the security of APIs needs a total rework. Luckily, we could customise this layer to work for us but it would have been nice if the options were out-of-the-box. As the product set is very customisable, I would like to see an environment where customers could share and upload customised components or "assertions".
One improvement for CA API Management would be better integration with the web access console. Better integration of the web access console would be great. One specific feature that we need is the ability to authenticate directly to the server with API data. It's not complex nowadays. This is a feature that we need and CA doesn't have it. CA API Management can't do the same authentication functionality with the APIs as the other competitive products in the marketplace.
Based on the method an API, we need to be able to access that particular API. They need a workflow for the API Developer Portal, where the process only allows requests to go to the correct person. The CA Mobile API Gateway (MAG) for mobiles has too much latency.
It is not user-friendly because you have to know so many programming languages.
The entire lifecycle management approach needs improvement: from the API management, development, deployment, some of the settings around the quotas, and some security policy applications, etc. for the APIs. We found the Apigee platform a lot more robust in that area.
From the last version, they have added more dashboard support, but there is still a lot they need to improve. The thing is, on the chart you can set it to forty seconds or one minute. That's fine, but if you hold any request it should be clear on the graph. For instance, on the dashboard of the graph it should be written around it. It should say, this is the response time here, etc. In terms of monitoring, it's almost all covered. The interface can be improved, though.
There are old algorithms that the tool does not support - and it shouldn't, in my opinion. But sometimes customers need old algorithms, from old use cases and old applications, migrated to the platform. At those times, there are hiccups that happen. It's a bit of a challenge to make the customer understand that we should not be going with these old applications.
This is not specific to CA's tool, but API tools in general. There are two schools of thought: There is the "Apigee" school of thought that says that we don't need hardware to implement security, and there's the "API Connect" school of thought which says some sort of an enterprise service bus would be critical to the success of the API management tool. I find this hardware reliance is a bit archaic. The biggest reason I would want to get an API management tool is to get rid of the hardware. If I have to have the hardware and put the tool on top of it, that makes it a bit cumbersome for us because the maintenance of the hardware, for any enterprise service bus, is in hundreds of thousands of dollars per year. It needs to go into virtualization.
On the monitoring side, we need a better way to monitor it. CA has not given a clear understanding of what external tools we can use to do this. We also need a total dashboard functionality to see how many transactions are going through, where the problems are, etc. There's no out-of-the-box monitoring other than the dashboard, which doesn't give you very much. Their migration policies are also not the best out there. We just do an export and import of it, which is fairly simple, but they could have made it better.
We have experienced technical difficulties with the product in the past.
The development toolkit used for creating APIs should be more online and user-friendly. Deployment and tracking could also be improved. Tools like Apigee provide a complete online experience along with RESTful APIs, to manage all activities. It is a very nice and user-friendly solution compared to CA.
They should incorporate deeper monitoring features into the solution to make the offering more complete. Doing so would help to showcase traffic patterns and usage to better engage customers and partners proactively. It would also help with API management and capacity planning.
The product needs to keep up with newer trends even though customers might not be requesting it yet. For example, the usage of newer versions of Swagger and YAML format.
* Better GUI for the policy manager. * Needs better professional services in my country. * Better mobile features. * Better HA configuration.
The portal is an important point in the lifecycle of the APIs. Right now, the portal lacks many features. We hope that the new version will have them and that there will be a quality jump, which is needed.
The portal is not the most intuitive and the way things are displayed makes it difficult to find the information we need. We never completely read the info. The way it's written does not make me want to read it.
The CA API Management solution has good security features, but when it comes to being used in areas like enterprise integration, where it is being used as middleware for all the IT environments, that particular feature is quite limited. It doesn't support as many protocols as an industry standard, competing product should.
There is a thick client for configuration that is not as easy to use as you might like. So I would say the design and user experience, from an administrative standpoint, is a little clunky. There are some really very granular kinds of issues that I've found and they're more related to very specific technical components of the application itself. Aside from these individual complaints that are very bound up with our use cases, I don't have any specific recommendations.
Cloud-native architecture of the product.
One area where it certainly needs to improve is the way it allocates requests, in terms of rate limiting. Let's say I have set the rate-limiting to 1000 requests per second and I have four nodes in a cluster. It divides the request into four, that is 250 per node. If I have a node-balancer in front which has the least connection mechanism it sends the first request to a node. It has to improve in terms of API rate-limiting. Also, there is no native Kafka connectivity. If they provided native Kafka connectivity, that would be good.
We did an assessment and are continuing with implementation. I would not say it's 100 percent perfect but, currently, all the features we anticipated using are working. The only issue we have is that we have to buy an APM license separately for end-to-end monitoring. That is something we are looking into.
* This is a punctual need for the characteristics of the business or at the request of some partners: It is the use and configuration of VPNs, which in the current version is not enabled. * Expose system properties and other configurations via the GUI (Policy Manager). * Increase tools for manipulation of JSON messages.
* The API Development tool can be made more user-friendly by providing folder properties. * Assertions for common functionalities (like mathematical operations, string manipulations, connecting to non-SQL). * Masking the user credentials entered in Identity Provider, JDBC based on user role * Analytics and reporting need to be made better and more user-friendly; add some custom reports both on the Developer Portal and API Gateway; exporting of analytics and an email facility. * Logging and tracking of changes done by users in the Developer Portal.