Azure API Management (APIM) Part 1

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
14 hours 28 minutes
Difficulty
Intermediate
CEU/CPE
15
Video Transcription
00:00
Hello, Siberians. Welcome to lessen 6.1 off model six Off this Coast attitude is that resemble one Microsoft Azure tactic. Design.
00:10
So here the landing objectives they'll be covering in this video,
00:15
we'll start by introducing you to as you're a P I management. Where exactly is the service and what does it do?
00:22
But then proceeds to see a visual representation off? How the AP I am Service works.
00:30
We'll cover the car components off the A p I am service. We will talk about the azure Pato, the developer poto and get we component.
00:39
We'll talk about pricing tiers and features off a P i him. What are the options that are available to us?
00:47
And finally, in this lesson would talk about virtual network integration for a P. I am, if wants to deploy days into a private network. Lets get into this.
01:00
Let's start by introducing what the A joy appear. Management service is
01:04
number one.
01:06
It is an azure Alstead, fully managed AP High Management Service on it helps us to create consistent and modern AP. I get ways for existent back and service is now what does that mean? What that means is that it is a service for centralizing the management off AP Heights for godless off. Where they have
01:26
on the service actually came
01:27
for Microsoft acquisition of a company called Epiphany around 20 to 10.
01:34
The second Finn about FBI him is that the service walks with FBI's running in the cloud or on premises as long as the A P I am get weakened Richet and we'll talk about what they get where component is in a short while.
01:49
The service also supports policies, which allows us to easily have protection for back and a P. I also even ensure that users can only sit data off responses that we want them to see, regardless off. What's the back in service returns. So we can use that to provide protection optimization for a P I.
02:10
Number four a. P I am promotes and supports develop I engagement, and it does. That show is develop a proto component, which will see in a few minutes. Also
02:21
on the developer Pato. It's a great two for user community engagement.
02:27
Number five it, as native integration with azure service, is like as your monitor on application inside for Logan, reporting on analitico
02:38
So let's have a look at our baby. I am works
02:42
first. We have a back and a P I. That could be all stayed in hasher, on premises or even in other cloud providers. As long as the a p I is reachable by the happy I am service. We're good.
02:55
Well, then it's to create an AP. I am service in hasher.
03:01
After the happy I am service is created, we import a buck and a P I into a P. I am. This is referred to has the front end AP High on is very important to note that this in itself it's no Austin the air p I. It's simply creates if a kid
03:17
for a buck and a pH so that we can customize defecate according to our needs
03:22
without touching the back and a P I.
03:24
Now, in order for user's to get access to the A p I, we must first create what is called a product
03:30
would then associate our AP highs with the product so that users can subscribe to on get access to our AP highs using the developer Pato.
03:43
Finally, we can define which users or groups can access the product. We can pre invites the user's. We can allow them to self subscribed, with or without approval.
03:54
Let's look in Ma details at the core component off the service.
04:00
The first component is the azure Pato.
04:02
This is the administrative interface where FBI managers and developers creates the AP. I am service define new MP eyes or import existent back and FBI skimmer into the service
04:15
package of our happy eyes into products so that users can subscribe to them. Set up policies like Cortez are transformations on the FBI's
04:25
gain Insight from analytics tools like a germ monitor or application Insight on also manages their access to the service onto the FBI. So all of these are done very is your pato.
04:36
The second component is the A P. A gateway.
04:41
Whenever we cleared on a P I am service, we get a unique get way, your arrow and this is the end point. That, except a P I calls on route of woods, them tow are back, and service is
04:54
so the get ways. Also responsible for very fine supplied a P I keys just on Web tokens, certificates and other credentials. Another what it does what indication on authorization
05:04
it also responsible for and fasten user quarters of it limits it applies. Impound on our bomb policies will see what those are in a few minutes.
05:15
It's what's does the cash in off the back and responses if we've set up cash in on it also logs meta data for analytics purposes.
05:25
Finally, we have the developer Pato, which is great for engaging our user community
05:31
so we can provide documentation of a hippie highs so that they can understand how to use the FBI's. They can try out the epi I V, an interactive console. They can create an account and subscribe to get FBI keys. They can access analytics on their own. Usage off the AP is that we're making available to them.
05:51
So there's not a car component
05:53
off the A P I am service.
05:57
When would deploy E p. I am.
05:59
We have to select the price interior that we want on the price. It yet that will select the term is the features that are available to us, and I will touch briefly on some features.
06:11
So the a giant the integration feature This feature is available in the developers standard and premium tears. It enables the use off, actually Katie and a joy DBT see as an identity provider for use a signing
06:26
so that the user's if I develop a Pato can authenticate using the a joy D oh, as your lady Beetle secret ensures,
06:34
then we have the beauty in cash. Feature is a feature that's available in all the tears except the consumption tear.
06:43
It enables a P I am toe cash responses from the back end on this can significantly videos a p i literacy or bandwidth consumption, or even load on the back and Web service.
06:57
But we also must be careful toe and neighbor Cashin in situations where the returns data does not change frequently. If the returns that are changes frequently or its dynamic data, you probably don't want to enable cash in for that.
07:13
Then we have the self instead, Gateway. What is interesting because this is a containerized, fully functional equivalent vision off the manage get were deployed to Hodja. What that means is we have this Lynn ox based container that we can deploy on premises as wth e get way
07:31
off our a p I am service
07:34
we have the SSL settings on this feature. It's a very before harder tears and weight allows us to do is to define the T. L s visions that will be allowed for both the client side on the back. Inside transport security
07:48
you have, the client said, Forget authentication, which allows a p I am toe validates the requested client
07:55
using a certificate.
07:58
Let's look at this feature off functionality off a p I am called virtual network integration. Epi I am can be deployed inside an edge of Rachel Network on This is so that it can access back and service is within the network, which were making private and a public
08:16
on the developer. Pato can be configured Toby, either accessible from the Internet or from within the network. This will make sense to you in a minute.
08:24
So whenever we're configuring virtual network integration for AP, ahem, there three options that we have.
08:31
The first option is off, which is the default option,
08:35
and what that means is that a P I am is not deployed in a virtual network. That's clay that straightforward.
08:41
That's the default.
08:43
Then we have the external option
08:46
on the external option. This is where a P I am is deployed into a virtual network, as you can see on your screen.
08:54
But then the get way on the developer Pato components that would discussed earlier, accessible from the public Internet
09:03
to an external load balancer.
09:07
And what is allows us to do is that they get way on Dhe the developer. Pato can still reach very Internet, but the FBI management service can also reach our back and service is that our mid privates that are no exposed out to the Internet
09:24
And what that also means is that on premises resources that are connected to veteran Toe, a virtual network is in a VP in technology or express world can also believed by the A p I am service
09:37
and finally we have the internal option on this is way. P. I am is deployed into a virtual network, but the get way on the developer Pato components are accessible only from within the veteran network, so this is truly private and what is Mrs That's the get way
09:58
can access resources. We do not virtual network. It can also access on premises resources that are connected to our virtual network is in V Piano Express. Route to express route can access that.
10:07
But then only from within. Our internal network off from our connected network via private on Elin can access the developer Pato and can access to get way in other words can consume away AP ice. It brings me to the hand off this lesson. Thanks very much for watching
10:26
and I'll see you in the next lesson.
Up Next
AZ-301 Microsoft Azure Architect Design

This AZ-301 training covers the skills that are measured in the Microsoft Azure Architect Design certification exam. Learn strategies to plan for the exam, target your areas of study, and gain hands-on experience to prepare for the real world.

Instructed By