Leading Global Publisher

Securing, Managing and Orchestrating APIs with CloudSpan

This leading global publisher of science and health information provides their customers and partners with access to scientific publications, medical journals, legal libraries, newspaper and magazine archives, as well as risk and business information all presented as independent, subscription-based services.

By the Numbers
100,000s of authors 100,000s of reviewers 10,000s of editorial board members

Core markets include the medical profession, where reference materials, clinical decision support and professional education are key, but also academia with its huge appetite for information and need for efficient research. In fact, its growth in scientific 1,000s of employees R&D and healthcare that are driving demand for an integrated experience across whats being researched; whats under development; and whats being practiced. And 1,000s of journal editors with more and more of these third parties wanting to embed the Publishers content and solutions into their own workflows, there is an opportunity to create new revenue streams by exposing information services publicly to partners and customers.

API Publication Challenges

But making their application and service APIs available online raised a number of red flags, not only for the Publishers security officers, but also for their IT group who would bear the brunt of repackaging internal APIs for third-party consumption. Remapping, recomposing or even reprogramming APIs wholesale in order to create personalized subsets or filtered views of APIs for each class of customer or partner and then maintaining and updating them over time can quickly become unmanageable. Additionally, moving APIs between environments or deploying new versions of APIs can expose hidden dependency issues or break existing integrations, causing downtime or even SLA violations. When it came to security, granting direct access to information services that are responsible for a large portion of their revenues made the Publishers security group nervous. They recognized that with the growing threat of cyber attacks their existing network firewalls were just not good enough. While firewalls can provide protection from standard, Web-based attacks, they lack the ability to inspect XML-based messages and check for XML-specific threats. And when APIs get called in combination or sequentially, message integrity and privacy concerns arise. Conventional network-based VPNs using SSL or IPSec cant provide a message level audit trail or support nonrepudiation across a service transaction.

Enter Layer 7 CloudSpan

While the Publisher examined many different solutions, they settled on Layer 7 CloudSpan CloudControl because it provided the closest fit to their business requirements in a single product. Previously, customers had to submit multiple queries to multiple information services and manually aggregate the results. CloudSpans flexible and extensible policy engine not only allowed the Publisher to create their business logic in policy (rather than code) simplifying and speeding time to implementation, but also allowed for orchestration and aggregation across multiple information services, providing customers with rich results from a single query. Additionally, because CloudSpan features true clustering capabilities, the Publisher was able to implement clusterwide rate limiting, allowing them to meter service usage in order to block access to a service if the customers contractual quota was exceeded. Because the clustered devices maintain and update a shared counter, metering is always accurate. This capability also allows CloudSpan to provide effective protection against replay attacks.

Leading Global Publisher Case Study

Finally, CloudSpans ability to translate between incoming REST based queries and the Publishers SOAP-based s REST-based back-end information services meant that customers and partners could use their preferred client (Google Apps/Gadgets) to access information.

The Solution
CloudControl is deployed in the Publishers DMZ, protecting and providing access to virtualized instances of the s Publishers services. When a customer or partner attempts to gain access to their subscription(s) CloudControl (s), intercepts the incoming query, and calls out to the Publishers internal access control system in order to authorize the user. At this point, CloudControl not o checks to ensure the user has not exceeded their contractual usage only quotas, but is also able to enforce fine-grained authentication in order to grant the user access only to those th information services (or individual service operations) they are allowed to access. In this way, the Publisher was s able to create personalized API views for each user. Customers can submit sophisticated queries that can be orchestrated across multiple services, au automatically aggregating results. Partners can remap and recompose APIs across the range of information services, allowing them to create new service offerings that not only better address their requirements, but can also be more easily integrated into their existing workflows Finally, usage is tracked and metered, allowing the Publisher to extract workflows. owing billing information, validate SLA conformance and check usage for capacity planning.

The Results
Academics are voracious consumers of information, limited only by the constraints of their R&D budgets. For them, the Publishers CloudSpan-based solution was a godsend providing richer, more complete results faster. based godsend, , faster Other customers and partners now have the capabilities they require to better integrate their information service subscriptions directly within their own organizations processes, streamlining research and improving efficiency. As n a result, customer satisfaction and retention rates are expected to improve. For the Publisher, creating and managing their business logic in policy rather than code resulted in faster ing ed deployment and simplified maintenance all of which has resulted in a lower total cost of ownership than maintenance, comparable, multi-product solutions.

Copyright 2011 Layer 7 Technologies Inc. All rights reserved. SecureSpan and the Layer 7 Technologies design mark are trademarks of Layer 7 Technologies Inc. All other trademarks and copyrights are the property of their respective owners.