Azure API Management (APIM) Part 1

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
14 hours 28 minutes
Difficulty
Intermediate
CEU/CPE
15
Video Transcription
00:00
>> Hello Cybrarians.
00:00
Welcome to Lesson 6.1 of Module 6 of this class
00:00
titled: AZ-301 Microsoft Azure Architect Design.
00:00
Here are the learning objectives that I'll
00:00
be covering in this video.
00:00
We'll start by introducing you to Azure API Management,
00:00
where exactly is the service and what does it do?
00:00
We'll then proceed to see
00:00
a visual representation of how the APIM service works.
00:00
We'll cover the core component of the APIM service,
00:00
where we talk about the Azure portal,
00:00
the developer portal,
00:00
and the gateway component.
00:00
We'll talk about pricing tiers and features of APIM,
00:00
what are the options that are available to us.
00:00
Finally, in this lesson,
00:00
we'll talk about virtual network integration for
00:00
APIM if we want to deploy these into a private network.
00:00
Let's get into this.
00:00
Let's start by introducing what
00:00
the Azure API Management service is.
00:00
Number 1, it is an Azure hosted,
00:00
fully managed API Management service and it helps us to
00:00
create consistent and modern API gateways
00:00
for existing backend services.
00:00
Now, what does that mean?
00:00
What that means is that it is a service for
00:00
centralizing the management of APIs,
00:00
regardless of where they are.
00:00
The service actually came from
00:00
Microsoft's acquisition of a company
00:00
called Epiphany around 2013.
00:00
The second thing about APIM is that the service
00:00
works with APIs running in the Cloud or on-premises,
00:00
as long as the APIM gateway can reach it.
00:00
We'll talk about what a gateway component
00:00
is in a short while.
00:00
The service also supports policies,
00:00
which allows us to easily add
00:00
protection for our backend API or to even
00:00
ensure that users can only see
00:00
data of responses that we want them to see,
00:00
regardless of what the backend service returns.
00:00
We can use that to provide
00:00
protection or optimization for our API.
00:00
Number 4, APIM promotes and
00:00
supports developer engagement and it
00:00
does that though its developer portal component,
00:00
which we'll see in a few minutes also.
00:00
The developer portal, it's
00:00
a great tool for user community engagement.
00:00
Number 5, it has
00:00
native integration with Azure services,
00:00
like Azure Monitor and Application Insight,
00:00
for login, reporting, and analytics.
00:00
Let's have a look at how APIM works.
00:00
First, we have
00:00
our backend API that could be hosted in Azure,
00:00
on-premises, or even in other Cloud providers.
00:00
As long as the API is
00:00
reachable by the APIM service we're good.
00:00
We then need to create an APIM service in Azure.
00:00
After the APIM service is created,
00:00
we import our backend API into APIM.
00:00
This is referred to has the frontend API.
00:00
It's very important to note that this
00:00
in itself is not hosting the API,
00:00
it simply creates a facade for our backend API,
00:00
so that we can customize the facade according to
00:00
our needs without touching the backend API.
00:00
Now, in order for users to get access to the API,
00:00
we must first create what is called a product.
00:00
We then associate our APIs with
00:00
the product so that users can
00:00
subscribe to and get
00:00
access to our APIs using the Developer Portal.
00:00
Finally, we can define
00:00
which users or groups can access the product.
00:00
We can pre-invite the users.
00:00
We can allow them to self-subscribe
00:00
with or without approval.
00:00
Let's look in more details at
00:00
the core components of the service.
00:00
The first component is the Azure portal.
00:00
This is the administrative interface where
00:00
API managers and developers create the APIM service,
00:00
define new APIs or import
00:00
existing backend API schema into the service,
00:00
package our APIs into
00:00
products so that users can subscribe to them,
00:00
set up policies like
00:00
quotas or transformations on the APIs,
00:00
gain insight from analytics tools,
00:00
like Azure Monitor or Application Insight,
00:00
and also manage user
00:00
access to the service and to the API.
00:00
All of these are done via the Azure portal.
00:00
The second component is the API Gateway.
00:00
Whenever we create an APIM service
00:00
we get a unique Gateway URL.
00:00
This is the end point that accepts
00:00
API calls and router routes them
00:00
>> to our backend services.
00:00
>> The gateway is also responsible for
00:00
verifying supplied API keys,
00:00
JSON Web Tokens, certificates, and other credentials.
00:00
In other words, it does authentication
00:00
>> and authorization.
00:00
>> It also responsible for
00:00
enforcing user quotas of it limits.
00:00
It applies inbound and outbound policies.
00:00
We'll see what those are in a few minutes.
00:00
It's what's does the caching
00:00
of the backend responses if we've set up
00:00
caching and it also logs metadata
00:00
>> for analytics purposes.
00:00
>> Finally, we have the developer portal,
00:00
which is great for engaging our user community.
00:00
We can provide documentation of our APIs
00:00
so that they can understand how to use the APIs.
00:00
They can try out the API via an interactive console.
00:00
They can create an account
00:00
>> and subscribe to get API keys.
00:00
>> They can access analytics on
00:00
their own usage of
00:00
the APIs that we're making available to them.
00:00
Those are the core components of the APIM service.
00:00
When we deploy APIM
00:00
we have to select the pricing tier that we
00:00
want and the pricing tier that we
00:00
select determines the features
00:00
>> that are available to us.
00:00
>> I'll touch briefly on some features.
00:00
The Azure AD integration feature,
00:00
this feature is available in the developer,
00:00
standard, and premium tiers.
00:00
It enables the use of Azure AD and Azure AD
00:00
B2C as an identity provider for user sign-in,
00:00
so that the users of our developer portal can
00:00
authenticate using the Azure AD
00:00
or Azure AD B2C credentials.
00:00
Then we have the built-in cache feature.
00:00
This is a feature that's available in all the tiers,
00:00
except the consumption tier.
00:00
It enables APIM to cache responses from the backend.
00:00
This can significantly reduce
00:00
API latency or bandwidth consumption
00:00
or even load on the backend web service.
00:00
But we also must be careful to enable caching in
00:00
situations where the returned data
00:00
does not change frequently.
00:00
If the returned data changes
00:00
frequently or it's dynamic data,
00:00
you probably don't want to enable caching for that.
00:00
Then we have the self-hosted gateway.
00:00
Why is this interesting?
00:00
Because this is a containerized, fully functional,
00:00
equivalent version
00:00
of the Manage Gateway diploid to Azure.
00:00
What that means is we have
00:00
this Linux-based container that we can
00:00
deploy on-premises as the gateway of our APIM service.
00:00
We have the SSL settings and this feature,
00:00
it's available for all the tiers and what it allows
00:00
us to do is to define the TLS versions
00:00
that will be allowed for both the client side and
00:00
the backend side transport security.
00:00
You have the client certificate authentication,
00:00
which allows APIM to validate
00:00
the request end client using a certificate.
00:00
Let's look at this feature or functionality of
00:00
APIM called Virtual Network Integration.
00:00
APIM can be deployed inside an Azure virtual network.
00:00
This is so that it can access
00:00
backend services within the network,
00:00
which we're making private which are not public,
00:00
and the developer portal can be configured to be
00:00
either accessible from the Internet
00:00
or from within the network.
00:00
This will make sense to you in a minute.
00:00
Whenever we are configuring
00:00
virtual network integration for APIM,
00:00
there are three options that we have.
00:00
The first option is off,
00:00
which is the default option.
00:00
What that means is that APIM
00:00
is not deployed in a virtual network.
00:00
That's clear, that's straightforward.
00:00
That's the default. Then we have the external option.
00:00
The external option,
00:00
this is where APIM is deployed into a virtual network,
00:00
as you can see on your screen.
00:00
But then the gateway and the
00:00
>> developer portal components
00:00
>> that we discussed earlier
00:00
are accessible from the public Internet
00:00
through an external load balancer.
00:00
What this allows us to do is that the gateway
00:00
and the developer portal
00:00
can still be reached via the Internet,
00:00
but the API Management service can also
00:00
reach our backend services that are made private,
00:00
that are not exposed out to the Internet.
00:00
What that also means is that
00:00
on-premises resources that are connected
00:00
to our virtual network using a VPN technology
00:00
or ExpressRoute can also be
00:00
>> reached by the APIM service.
00:00
>> Finally, we have the internal option.
00:00
This is where APIM is deployed into a virtual network,
00:00
but the gateway and the developer portal components
00:00
are accessible only from within the virtual network.
00:00
This is truly private.
00:00
What this means is that
00:00
the gateway can access
00:00
resources within our virtual network.
00:00
It can also access
00:00
on-premises resources that are connected to
00:00
our virtual network using VPN
00:00
or ExpressRoute or ExpressRoute,
00:00
it can access that.
00:00
But then only from within
00:00
our internal network or from our connected network via
00:00
private handling can access
00:00
the developer portal and can access the gateway.
00:00
In other words, can consume our APIs.
00:00
This brings me to the end of this lesson.
00:00
Thanks very much for watching and
00:00
I'll see you in the next lesson.
Up Next