About the talk
Learn how API management and a service mesh work together as part of moving to or building new modern cloud-native architectures. T-Mobile shares their journey and shows a demo of their architecture combining API management and a service mesh. You’ll also learn how to navigate in multi-cloud and hybrid environments with Apigee SaaS, Apigee Hybrid, and Anthos.
Speakers: Dino Chiesa, Terry Wang
Google Cloud Next ’20: OnAir → https://goo.gle/next2020
Subscribe to the GCP Channel → https://goo.gle/GCP
product: Apigee, Anthos; fullname: Dino Chiesa;
event: Google Cloud Next 2020; re_ty: Publish;
Welcome, thanks for joining. I'm glad you're all here. My name is Dino Piazza. I work for Google on the apogee team. My role is to help customers understand and use apogee to solve their business problems. Today, we're going to talk about service mash and API management and how T-Mobile adopted both of these to improve their capability to deliver Innovation securely and scale. This isn't news Enterprises are evolving their monolithic. Applications into microservices architecture. Has a system as a set of interconnected. Microservices helps
organizations to build and maintain complex, distributed systems, more easily independently developed, a more flexible and agile approach. As the system gross, it's an attractive idea and service mesh infrastructure. Has been built to help manage these sets of interco operating service likely proxies like Liberty or on voice management tool build on top of these. These allow the services to find each other communicates securely and scale elastically but no Enterprise,
no matter how modern consists only of systems built on microservices at one category in a portfolio, which includes custom model has and third-party SAS systems. Now, service is only useful if developers can find it, get the credentials required to connect to it, and then build and run an application using those credentials. A good hygiene. We've got to manage and measure all that activity. This is where API management comes in. It helps you manage the apis that are shared outside of each.
Remember sharing could be across the remains within a company I want to talk a little bit about API management and it's a needling of modernization that transition from mindless to microservices, one capability of a route request from clients to back-end systems. When you introduce a new system, you can use the API management. Layer to migrate those request. This is a really common use case among our customers. The routing can be dependent on any factor that can be dynamic client applications can be completely unaware that this is happening, and that facilitates a phase migration with control.
Apogee is API management and its cross-cloud allow you to manage apis across your entire portfolio. Your own data center public clouds, third-party SAS wherever the services run. Now I'd like to invite my friend Terry to talk about T-Mobile's modernization journey and how they used API management. Answer with mash as complementary pieces of their Foundation. Thank you. Do you know, hi, my name is Tara. When I work on ATM management and service match, your API Center, for my T Mobile. I'm glad to be here. First,
I want to talk about our API first journey to be honest, it's been quite a journey for us. T-Mobile, will you introduce a 56 years ago to jumpstart our program back then? By the very few, Michael services, or even restful Services? Majority of the services was hope based deliver by me to wear platforms or cutting Java applications. Will use Appetit, can't wait to transform the soap. Palos to make them easier for the application to consume for years ago. T-Mobile, you parked on the
transformation journey and may the 80s first strategy as one of his main drivers. We started to break down into microservices, wear hats commanders grow not only your number of services by the oso in business agility, are you still take Mom to make changes now? How many apps are releasing? Bailey is so Rosy, right? Yes, but we definitely experienced growing pain. We still had multiple platforms languages and libraries security and quality and delivery or inconsistent. That's why we started to look into this your service match, we successfully deployed our pallet Services
into production last year. Now, we're planning to roll out and bake ways you both are public and private clouds. Since our team started two years ago looking working on building your Harper tools to bootstrap API development in every phase of the life cycle. What happened, swaggering, turn into town taste to make sure the API design standards are followed by teams with apathy proxy. Are you still match generators in the old and the commentaries to give Dimensions, the CI CD Pipeline with compliance
checks. These tools allow development team to deploy their services, YouTube app and service, Mash secure and receiving minor. You never stopped in the API development, lifecycle. The events are locked. My data is collected and our search for through our API Explorer tool. We're both API, consumers and providers can find the relativity information about their services quickly. This improved, our meantime to recovery when you to sukkur, we're very proud of these tools
that your neighbor asked at T-Mobile running are a CARE program, a scale. Was really motivated as hell. Looking to use your service match with a shift last night. Security strategy. A couple years ago we wanted to for strong coconut called a PR with proper locking and monitoring for any security violations. We create a token libraries for Java amended viable to the machines They Work. Well Services adopted the library. However there still a thousands of the 80s last money program a language to Carver's which provides security and granular.
Matrix were looking for a more out-of-the-box, the features such as circuit breakers. A security handling connection, the refi and Telemetry often handled by the Batman team in the cold. Depends on programming languages and libraries in Pocket timeline. Sometimes these features were you familiar in different ways? And managed by different tools, they were inconsistent. Big overhead for Kings to manage and operate with the service smash, these features are offered. At platform level.
Using standard policy. The overhead for these Advanced features shift from developers to the service match. It helped Dimension deliver product features, and deliver them faster and more securely. ServiceMaster on API management, stop two different problems together. It transforms your back in services in to apis. There are consumable by the internal and external applications. Smash get some more details to service clients about the quality of the architecture. The resumes
mechanisms is a granular Telemetry. This real class act as security flows. The participate, all this information details are provided to application but I'm voice actor process. What ATM. I mean, we're trying to solve the problem of which to expose existing apis for others. Consume how to attract, who uses its apis and you forced policies about what's allowed to use them. I stopped is Trudy's closed. So I can, Cade authorized from useful, use of services. That can be used at the same time to promote, API usage, on T-Mobile or
services at the various platforms and cloud or public Cloud API management allows us to provide consistent and points. To the consumers, I laid the foundation for you. Active governance, API, Gateway and service. Match architecture is to pay the road at T-Mobile for API around. Next, I'm going to demo r850 proxy generator and you still match generator tools for developers to deliver Services faster with a strong sturdy by Tifa. In the section, I'm going to demo a couple in, are too sweet.
You still come pick. Can a tapped eproxy Jam? The purpose of these generators is to light developers quickly, get onto the platform and take advantage of the platform features right away, without spending too much time to learn it so that they can focus more on, developing their domain specific features. This channel bundle 84 side of a features often required to make the service more secure and follow the best practice set forth by the company. Definitely developers. Can always add their custom policies and
configurations that meet their specific requirement later. Out of the box, the default ready, provides 70 to 80% of the features. Let's look at the, you used to Jen first. Where was follow the API first approach. So, domestic, and pick a time generator is actually in micro Services is restful Services spring boot app used to come charts and 80 for sale City Pipeline and then we use the chart to deploy the configuration into is your class singers. let's look at more details about
facial configuration. So this is the request object for the generator service. So you specified user information. This is used for adding team purposes and you specify type of applications springboard or some other types. And where do you want to store it generated artifacts if you want to generate the medical services based on the Swagger, by default can specify the Spiker on information and on-the-job a base class and some other informations. At 4. Are
you still, right? So you need to specify work. Where's your costume? Where do you want to deploy this apps to have her? You can change or add X equations later. So one of the features is required is the security that Deputy talk about Asians? This is required by any services at any later to new force is zero trust. So these are the complications and luckily I used to provide this feature by default, you just need to configure it. Let me run. This service. Okay, I will take a few seconds, but you will see a new
folder, should be created. In the Repository. Now, it started at generating and that you still configuration is stored at a common folder. And these are the features we bonded together. As a default said, the authentication xan. You know, the Service Centre and circuit breakers and a default country release pattern and HPA and some other routings I want to get into the authentication configuration. So we can they belong to your eyes and get up? He's talking about the dacians. So this this is to make the service the most secure and you don't need to implement the library is at the cold
level. so, we also generate a The process of the pipeline which allows you to, you know, if you play your complicated computation, singing to the Caster, more easily. So the pipeline will be hold the Java app and push the container you image into the registry and through the static code scan, and run. The people set up a unitized and finally deployed into the pasture and you can customize, it is all you want. And the defroster work for most of the teams, Okay.
So I generated who won yesterday to save time because you know the the whole process running through the sassy the pipeline will take about 7 minutes. Now, you can see everything is running a green. It's the poison into that, you co claster so which is running up here. Now, I can launch. A test to verify the features so if I don't have the token, the bear token and I should get for one. Yes, it's an authorized by. So if I conclude valid bar Tolkien Now it's getting through over my service it, since it's not implemented. What's rule? 501. So
the other one I want to pass is that exclude the house check path, right? So without the Tolkien, it should work, just fine. So that mean, verify that, yes, I don't have any spare tokens and getting divided response. Okay, so this is how easy it is to, you know, what that they used to, you know, that he features and you can quickly deploy your microservice into the cluster. Secondly, I want to demo the app T proxy Jam. Distance from a Swagger foul and you can specify the apogee, proxy names, and some other voting rules and which a
set of policies. And then you can get into any environment whether or not. It doesn't matter. So what this approach we've achieved until and, you know, connectivity and security Salami. Show. Determining whether a little bit just to save time. I already build this complication already and everything is based on this is Swagger and give the Swagger will have the default values for you to specify. Where do you want to store that generator a project and how to route to a Target is and what the project information to
start tracking as well? And you know, finally so, you can submit what's on the rate, a A p t t pipeline for you. So overhear it generated a proxy and poem that generator turkey and poems under sub pipeline? And it will do you know quite a few complaints of checks and the authentication authorization checks and threat protection checks and you know logging. So we definitely and also the quarter despite the last four trophic policies and and then you can just be applied to any environment you want. So you can customize it to
Ida more as you wish. so, I want to show you what what are the policies looks like when it deployed into the operating environment. So you can see that ID for water, use the for money off of these past policies and there's a set of policies for Chris law and another Depot set of a policies for pulled pork and coleslaw and there's a logging policies. You know how. So you know, without you knowing anything about apogee, you're able to just expose your service on the apathy and exposed to
other teams to consume. Now, let's look at, you know, the nn2 and testing. So I do have this, you know, it's his service up here, this is configured, you know, exposed to it a PT, I connect to the service, I just deployed in the East Ewing Maryland. So without the token, I took a 4-1. So this is from a pudgy, right? So I'm not allowing to pass on to the back end at all. This is security protection. If I do have the George Hogan, I'm passing through Albuquerque liar and getting into
to use your service Smash. And I'm getting the fire. 501 not implemented over to the crack response. So if I give the wrong, Token. I'm getting a more generic message. So this is going to want you exposed to it and you can't even more unified Ira messages for all the services. You know what? Happy so, the third feature amount to Demo is our API Explorer tool? So weak like all the informations every step of the process, including the generator, including the department, you know, from the
Explorer you can. Get all those informations, you know, from Swagger specification to where it deployed and who's consuming and who owns the sand? You know, what's the history. So one of the things I do want to show is the Telemetry, right? So you know, this is a proxy at the parade today by me and I want to see The Matrix Since I deployed yesterday, I did some testing today, so it shows all the details about this service. And shows how it performs and what era can get, you know, this is the
end up on my phone which just shows you how to use the generators to deploy your service until you see how an exposed for a PD and you're getting a few false set of a features. And also, the Telemetry is your canning. Thank you very much. Thanks for that Terry. It's super interesting to learn about T-Mobile Journey towards greater flexibility and Agility in their systems which brings me to the last thing I'd like to mention Appetit hybrid, when customers use the apogee SAS Gateway, which runs in the Google Cloud, the connection from
the client to the gateway to the Upstream service in Span multiple public networks. With apogee hybrid, you can run after the Gateway is co-located with your work loads. This flexibility means you can avoid Crossing Network boundaries while still enjoying that stain grade apogee, capability. So consider that if you need that capability, Find me, I'd like to summarize couple things we learned today, API management, compliments, microservices architecture has second, T-Mobile Journey, combines API management processes and tooling Brisa platform on which T-Mobile
developers, build a future. You finally ft hybrid provides even more flexibility for those who need it. Both Terry and I thank you for watching the session to continue the conversation. I've set up some expert, one-on-one sessions over the next couple of weeks, we will be answering your questions in the queue in a section for the session. Also, thanks again.
Buy this talk
Buy this video
With ConferenceCast.tv, you get access to our library of the world's best conference talks.