Layer7 API Management Reviews

The best features for us are documentation, the development portal, ease-of-use, and click-to-market. Our API landscape is increasing exponentially and one if the differentiators that allow us to reach our goals is how fast we can get to the market. And our speed-to-market is based on ease-of-deployment and how fast we can iterate and change.

It sets itself apart mainly because it's a bigger product and a bigger company, so it integrates well with other solutions that we already have on-premises. That makes it a lot easier for us to move people around, since they already have a basic skill set. That really helps. The support that we get from CA in general, including the talks, the books and the documentation that explains how to sell from a technical and a non-technical side, really benefits us.

I would like to see a lot more information about design, such as design thinking and design UX, UI, information about the technology, and the problems it's solving for everyday customers.

The cloud-based solution that we use right now is stable. We have an on-premise solution as well, which we still have some issues with, but we're still moving forward.

Scalability is unmatched. Since it is cloud and AWS backed, if we need more power, we just call it up and it's pretty quick.

Technical support, including the communities, Twitter, and being able to reach somebody on the phone is phenomenal; it's a good working relationship.

We have multiple solutions in house. This is the one we choose for now for certain products. There weren't really better products and there's only certain product groups in the market, and we only pick the best-in-breeds. CA was one of them.

For me, the most important quality in a vendor is technical support. I want support from end-to-end, including documentation, technology, and written materials that I can download and review myself and then reapply.

Initial setup was a little bit of both straightforward and complex. We are a large company and have certain scenarios that make things a little bit more complex. CA's always been really good about being right there with us to understand some of our challenges.

Dig in really deep, not only from a technical standpoint but also from a design and product standpoint. That's probably the biggest piece of advice that I can give you. If you miss this, you will forget to see the forest through the trees.

One valuable feature is the ease of development of the policies for the product. It's very easy to have a brand new developer come in and develop a policy to expose our APIs.

It's benefited us greatly in allowing us to expose our APIs to external third-party vendors in a secure fashion.

I would like to see the GMU, the automated deployment framework, available in some sort of graphical interface. This would allow options, outside of automation, so you could see things graphically.

The product is becoming more stable as the product has become more mature. At this point, it's a pretty stable product.

On the scalability perspective, the product has no issues. It's able to scale out horizontally and vertically and has posed no problem for us. We have a pretty large implementation.

I have absolutely used technical support. They have been pretty good, especially when more complex issues are escalated. They've got some resources that do a wonderful job in helping us come to a resolution.

We didn't have a previous solution specific to this. We had some other products where there was some overlap with this product, but none of the products accomplished what this did. We had a specific need.

There were multiple products that were specialized in different things, but they could do some of the stuff that this product could do. This solution is very narrowly focused on API management.

I was involved in the installation and implementation. I think it was lacking some documentation around performance tuning and getting the product operationalized so that it could maintain itself. The documentation is still a little bit lacking in those areas. The documentation is available on demand, or on informal places like community chat groups where you can get information, but as far as in the product documentation itself, it's lacking in those areas.

When selecting a vendor, look at the partnership with the company. See if they're able to listen to you about your needs. See if they are able to respond quickly. See that the product provides good value. Work closely with the vendor to make sure you get things set up correctly. If you don't, you'll be very disappointed.

I work for a major healthcare company, it's amongst the top ten Fortune 500 companies and we've been leveraging CA API Management to make our healthcare business services available on the Cloud. To make them available on the Cloud and to enable our healthcare capabilities to be consumed by different consumers in real time across a plethora of channels.

We are leveraging CA API Management - we chose it by doing a huge comparison across different competitors. CA API Management helps us to securely consume various services and also the biggest thing has been to do monetization of services. We have certain rules that have been defined where you basically say that this specific healthcare capability is of greater value and we put a dollar amount to it as to which consumers can consume how much and based on its usage and all that.

CA API Management has been the driver for our digital transformation. It's interesting these days, the entire business is heading towards a completely distributed platform where the consumers are everywhere. You have business to business consumers, you have API management consumers and you have mobile consumers. At the same time, you have data providers that are growing heavily. You have data analytics placed platforms and then companies are heading towards providing helping consumers to make analytics-driven decision. Let the data drive the decision so now you're the middleware industry around microservices is facing its own challenge on how to meet the scores upstream and downstream from these back-end services. That's where the microservices platform, CA API Management heavily helps to make sure that you provide your services on the part.

With scalability, it comes to resiliency. If you cannot scale you're not resilient. If you're not resilient your performance is worse. If your performance is worse your API and services are not available.

Fine lines of availability is one of the key criteria's in the industry - 99.99% availability. That means 6 hours downtime in a year, so can you really ensure that everything is interlinked. If we talk about software architecture, quality attributes from these are all interlinked. I would say that eventually, it comes down to your customer satisfaction from there on. So that's our number one goal.

Right now, scalability is our main goal. Maybe they're not the problems but from the standpoint of onboarding a new API on Layer 7, that's fairly simple. I see that it's an extremely user intuitive and user-friendly software. Our operational personnel who have barely have any experience could get on with it and help the enterprise register as many API's as possible from the get-go.

We've been using it for the past 2.5 to 3 years. However, now we have come to a point where our scale is growing and organization is unable to keep up with the needs of the consumer so we are constantly working with CA API Management's operational personnel. They are helping us out but these are our challenges to be very honest.

It is very good software from the standpoint of making an API commercializable and making an API accessible. The security industry is extremely complex, to provide various security capabilities to an API that's fairly simpler. However, we are facing challenges in scaling the CA API Management software so we have seriously faced certain challenges when if your API usage goes beyond a certain limit, say 100,000 transactions per minute, I'm just throwing out a number, I can't provide you the real number but we are facing seriously challenges in scaling, in clustering the CA API Management software and then making sure that we can reliably meet our transactions as your usage grows on the Cloud.

It's challenging at this point because the healthcare API marketplace is growing.

CA API Management has been chosen as the platform for the entire firm so now as the APIs are growing the API management product capability also has to grow. Some of the challenges we are facing is sometimes you have mainframe systems and these mainframe systems are incredibly slow to respond. Now your product has to be capable of keeping your response times open for that duration, so that's one challenge. The ability to scale up, we face that beyond 90,000 or 100,000 transactions, the product has this limitation and it cannot scale. We are seriously facing challenges around response time per transaction and our business demands .1 milliseconds of response time. However, we are seriously reaching up to 3 seconds for some of it. I think internally we have to make this serious call around leveraging CA API Management for certain kind of transactions. Maybe segregate the platform so there are different architecture strategies for it, different approaches for it and we can really achieve it but we need to tune it a lot better.

Technical support are definitely extremely knowledgeable. However, we have faced some challenges where in our initial discussion we don't get a level 1 support. You want the guy with the most knowledge to be there right up front so it gradually takes 3 or 4 levels but the good things is our internal staff is coming up to speed on this but otherwise CA API Management have great knowledge, they built the product so they are very helpful.

If I'm looking for an API management vendor then I would look at the API management vendor's capability, their products capability to make their services available on the Cloud, monetization, security, availability, performance, resiliency, being flexible enough to provide different security integration mechanisms to different APIs, how flexible that software is and user intuitiveness.

My operational personnel should be able to be running from the get-go. I think these are some of the key attributes that we really look at. We did a comprehensive analysis on CA API Management followed by Apigee, followed by SOA software. We did a comprehensive analysis of balance score card by comparing the capabilities and the attributes across all these softwares on a scale of 1 to 10 and then the scorecard came in such a way that CA API Management stood out on every scale for us.

I think cost was also one of the key factors. We figure that Apigee and other software were on a higher scale from the cost standpoint, so I think that played a major role.

The product overall on a scale of 1 to 10 - from a scalability standpoint I would give it an 8. I would certainly give 8, because although I would have loved to go 9 or 10, no product in this world can scale any needs from the get-go but the customer service and the technical support has been outstanding. They have been very helpful so at least they are helping us out. Considering CA from an holistic perspective, not just the product, their ability to meet our needs, their ability to support us, their ability to answer our calls, and answer our specific technical questions, I think I would rate them an 8.

People tend to support what they have done in the past. It's always the case. If you ask a mainframe programmer he would say mainframe is the most rock solid stable platform in this world. I would say because we have lived in CA API Management I would say absolutely you have to use CA API Management.

Jokes apart, the customer has to know the capability of API management software. I see a lot of people asking me if I decoupled services in API management. API Management software's purpose is not to do decoupled services. It's to make your services available on the Cloud. It acts as a security gateway so that your consumers can access your services. One needs to know what he's looking for. These are the fundamental characteristics of an API management software. If you compare those characteristics CA API Management leads the industry.

We use the API Management tool mostly for the portal application and managing the APIs.

CA has a portal where we can expose the public and private APIs across the globe. We use it as a gateway for security and exposing the internal applications through that layer.

For us, it acts like a proxy as it passes through the API layer. We use it to transmit data from one format to another format, especially to route the data based on the content. This is a seamless process. There are little challenges in regards to the AWS integration but we were able to get through that and CA helped us move towards AWS.

The problem was that it was slow. This product was initially built as an in-house product, but later on they converted it to a pilot product. It was not ready at that time but now it is. We are fine-tuning it to make it available on AWS; so, it's good.

We're moving towards microservices. We do have around 358 to 400 APIs, i.e., monolithic APIs, and we want to convert them into lightweight microservices. We want to deploy them in a container, use the gateway and then expose those microservices to the external world. That’s our main goal and we are using CA API Gateway for this purpose.

I want a more loosely coupled migration utility.

Now they provide a DMU for migration of the code or APIs for continuous delivery. But it's not robust, so I want to see what CA is going to come up with regards to that.

In terms of using the tool itself, it is not user-friendly. You can use the product with ease, but once it starts developing the code, there are a lot of APIs and functions that are not readily available for you. You need to refer to a document to learn about that. They should provide some APIs which will drop down the list of all the functions and that are available and ready to use. The world is changing now; we don't want to be stuck in the 80s or 70s, where we need to search for everything and then try to write a code for it one-by-one. It needs be a good tool; easy for the customers to use it.

The main missing aspect from this tool is that although continuous delivery is available, it is not that straightforward and we have to work on that.

The stability is good except when we went live with AWS; that's when we had initial hiccups but slowly it improved. We are good at this point.

The good thing about McCloud being on AWS is scalability which you get by default. Hence, you don't have to worry about how you want to manage your infrastructure. By default, it will look at your load and there are some alarms set on that and then it will act. When you see the peak, it automatically scales to a new instance and when the load is too low, it will kill that new instance that it has created. AWS will help us with that.

We have used technical support. We had a few bugs in the code, i.e., bugs in the product code for which we had to talk to CA central customer service; they were good and responsive.

Previously, we were using OAG - Oracle Application Gateway. The CDCI was not that good with that. The continuous delivery and continuous integration are not readily available and there are a lot of bugs in the code, in the product. In comparison to that, the CA tool is less buggy.

There were a few reasons for choosing this vendor. The first being the continuous delivery and continuous integration, which was one of the major things we were looking for. Next, we wanted to look at the portal and the API itself; how do you manage the APIs, giving access, access control and all those aspects. The third thing we were looking at was security. So, these are 3 different things that we were considering whilst selecting a vendor.

I was part of the initial setup but CA was there with us to help through the implementation process. It's not complex.

We did do some research and tried to explore some of the API products available in the market. We did speak to all the different product owners, assessed it and then finally we came up with this solution.

Some of the vendors we looked at were Apigee and Amazon API Gateway.

Overall, this is a good product. Those who are interested in a similar product should try to do a PoC first and then see what you want from it.

The Mobile SSO and Developer functions are the most valuable features. The Mobile SSO functionality is not available with most similar products in the market, which makes this a unique product. The Developer function helped the developers to be self-sufficient meaning they did not need a lot of training and they could do things on their own.

API security was another important feature in terms of how you are able to control usage of digital assets and access your systems from the outside world. Thus, security was a good feature.

Lastly, the monetization part was also important. We have not started off yet but monetization was one more thing that we were very happy and keen about when we saw this product.

We have recently implemented it so it is too early for us to say how this product has improved the working of our organization. We wanted it as a feature and capability for the organization so we have invested in it. In the future, it shall proceed in the direction of how we would like to shape-up our organization.

We would want to see the monetization feature to be a standard function. At the moment, it is a third-party solution. This feature helps you to carry out API billings, so as the APIs are consumed from the outside world, you can charge your users for using them. Currently, it is not a standard feature and is more like an add-on where they have worked out ISV pricing with others. So, if it is made as a standard feature of the product it will be really good because it will take the promise of app economy to a true level; thus, it will be truly monetized.

Another improvement we would like to see is that the product should be more relevant with the public cloud infrastructure that is pervasive nowadays. So, the ability to host and run these solutions on Amazon, Azure or Google Cloud should be a standard feature for this product. From what we have been told it is going to be a part of the product’s roadmap.

This product is stable.

We did our own test to verify scalability and found it was quite scalable. We had no issues.

We had done a load test on the application on our own and it was able to scale to a significant number of transactions per second. Based on our architecture and solution that we have, we are comfortable with the level of volume that it can handle.

We have not used any technical support.

We were not using a different solution before. We were looking in the markets for solutions which would help us give this level of scalability, based on the nature of business that we have.

We never had a product like this because API management was always a discussion and we never knew how to implement it. When we saw this product and figured out that they had the features we wanted, then we took our time to perform due diligence and figured out this was the right product for us.

We were involved in the initial setup and found it to be a little difficult. The reason being, we implemented this product on Microsoft Azure and the product features on Microsoft Azure were not updated at that time. So, there were some initial hiccups. However, CA professional services and my team were involved extensively to get it rectified. CA services did play their part in making sure that whatever the shortcomings, if any, were addressed. It was a good involvement from their end.

We did shortlist other usual vendors namely Apigee, Axway, Mashery that are the other competing products in the market. The number one criteria for selecting this product was CA’s pricing policy as well as its presence in that part of the world from where we come from; it is significantly big compared to all the other companies. In Asia where we come from, not all the companies are present to that extent and you need a level of comfort when you're investing in such a magnitude. You would want the organization to be very strongly present there.

Just do your own homework and make sure your own metrics are ready, specific to your organization. Every organization is different and make sure that you maximize the value of the investment that you are putting in.

The roadmap of the product is the most important criteria while selecting a vendor. In addition, another important factor is the ability to invest in continuous releases/new releases that are coming up in the product. In short, how much the vendor is willing to invest in the product to keep it updated.

We had a little bit of mishaps for the installation. Overall, regarding the product features all what we wanted was in there. It's just that we had our share of a little difficulty in implementation, otherwise it is a good product.

The most valuable feature is that the API gateway is very strong in security. Most of the enterprises have exposed their back-end services as APIs and everything is okay if the APIs are accessed internally within the enterprise. However, now with all kinds of mobile channels and omnichannel customer experience, the APIs get exposed to the outer world; at such a time, you need something so that you can secure your data. You don't want to be in the news that something bad has happened. Thus, API gateway acts like a security gateway.

It has the ability to enforce security policies on APIs so that the user transaction is secured. Thus making sure that the transaction is a real one and not an unauthorized/hacked transaction.

Whenever there is a new API development our organization does not need to worry about the security aspects in regards to the API because it's already in place.

In my opinion, the policies need to be simplified so that developers are able to understand and taking that into consideration they can build their APIs. The support and maintenance needs to be simpler.

They need to provide more knowledge and it should not be that only CA is able to provide that service. There is need to pass on the knowledge to the enterprise users.

At our organization, we're still not into production but we have some references from other industries like the telecom industry. What we have seen is that there are some initial hiccups, as you encounter with any new technology.

However, once you have proper organizational structure in place to support and manage API gateway appliance, things become smoother.

We have used the technical support and it is excellent. CA is accessible since they have dedicated resources. They provide access to the engineering team and their service is good.

I was involved in the decision-making process to adopt the solution. Initially, we had a normal NetScaler load balancer. However, the challenge with that tool was once your APIs get exposed to the internet/the mobile phone, how to pass the username and password from your mobile phone to your back-ends.

The mobile experience demands that you don't want users to authenticate every time they want to use the application. For example, the Facebook user experience is such that once you enter your username and password you are logged in and whenever you come next time, the token gets refreshed. A similar kind of experience is what we were looking for and that demands API management.

I was not involved in the setup of this product. Since I was an architect, I brought the product in our organization, made people aware of it, socialized it within the enterprise with different stakeholders and now they're leveraging it.

We considered other vendors like IBM DataPower and also looked into Apigee, which is now taken over by Google.

We came up with a reference architecture, so there's got to be some standardization in regards to how you want to build APIs, expose the APIs, naming conventions and so on.

The way to manage the policies needs to be simplified and developers need to be trained. In my opinion, CA API Gateway in that security space is very ideal and it's one of the best out there.

We acquired this platform to give more agility to inter-development. We are using this platform, for example, to deliver a fast integration between our back-end platform and our front end. CA API Management enables us to very quickly create and manage the business rules, and do the integration. After this implementation, we reduced our lead-time in integration and development by approximately 50%.

It standardized all processes during development with the integration between platforms.

CA can provide more features to help with performing tests, for example, to create a month of simulated data to perform stress tests using the CA. In the past, we had to pay our client to create a database for us to perform tests using credit card information with simulated customers. We want the CA API management platform to include a specific module for creating this test database.

I started my challenge there in March 2016, but the platform was implemented 2015. I received all the benefits of this platform.

It is extremely stable.

It is perfect on scalability. Today, I can say we are performing at a rate of five million requests, or five million transactions, per day using this platform.

We are using local support in Brazil to help us during some specific integration between platforms; but it's very, very specific cases.

This API management software platform is great for us. We are extremely satisfied with the platform.

This product is easy to use. We are able to troubleshoot with the logs that it creates and it's easy to get people up to speed on it.

We use it for managing policies and that process is simple and easy to perform.

We'd like to see an updated migration tool. Right now, the migration process works but it is a little clunky because there's not a good tool for migrating it. It's an older version tool so the services need to be restarted every once in a while.

It's pretty stable. Once in a while we'll have an issue or we have to restart it but the product itself is very stable for us.

I think it scales well. We've got a cluster going and we can increase the size if we have to so it works out well.

I have only used technical support to consult about upgrades. They are very good. They always have answers when we have questions so it has worked out really well.

We used Layer 7 before CA acquired it.

I recommend this product because of how successful we've been with it.

The most important criteria for me when selecting a vendor is the quality of their support and technical staff. If they are able to help us, it makes it a lot easier.