Layer7 API Management Reviews

In terms of priority: the scalability, uptime and the way that it's versatile. You can load up multiple different kinds of services at the same time. We have multiple different services going live on a particular platform, concurrently. It happens a lot. It's important for a system to handle that. Then CA's API solution also works with multiple solutions which are provided by CA, like LISA tools and all that. Altogether, it's a very cohesive unit.

Some of the things that we see as room of improvement are how do you integrate with other systems out there. Integration with the existing systems and infrastructure, which is not necessarily related. How do you integrate those systems in? Examples could be: how does CA integrate with IBM or existing systems? Lot's of large organizations have existing systems they don't want to replace with other systems. How does CA's systems work with those systems concurrently? Those would be important considerations.

So far the stability has been really good, we haven't had any problem. I believe we have been using it for sometime. As per the industry standards, it's been quite stable. Personally, I have been involved for almost 2 years but I understand that our organization has been using it for quite some time. We are in a business which sees lots of volume, trillions of volumes of calls. The system that we work with has to handle those trillion number of volumes of calls. All of that also happens in the real time, so the system has to scale up to spikes. Sometimes during holiday season and all that, we see quite a lot of spikes going in. The system has to manage all those spikes and CA has been able to do that.

The technical support has been good. They have dedicated technical support for us, we have dedicated account managers from CA, as well as specialists. It's great to have those kind of partnerships with CA.

I'll definitely give it 8.5. Whether they can put up the solutions that we want, that's number 1. How long they would take, is it going to provide value addition at this point of time or in the future would we have to invest in technology dollars in order to improve that? What is the pricing? What's the scalability? What's the uptime? All those features. It's been very good.

I think CA's API Management technology is in the top 3 in the industry. It depends upon what kind of things you're looking for or what kind of features you're looking for.

We use Layer7 API Management to manage API gateway and customize policy scripts.

The product works well from an implementation perspective.

Layer7 API Management’s price could be reduced.

I rate the product’s stability an eight out of ten.

We can create multiple gateways using the product. It has good scalability. It is suitable for enterprise customers who have many APIs and microservices.

We have used WSO2, Kong, MuleSoft, and other open-source products.

The initial setup process is easy and flexible.

Our customers found the product’s cost a little higher. They are looking for open-source solutions.

We evaluated Salesforce.

I rate Layer7 API Management an eight out of ten.

The product has a user-friendly interface. There are customization options, unlike the previous version, where we had to do manual coding. We use the configuration wizard to set it up. It saves us a lot of time.

There could be more integration options included in the product. It needs active connections added in the present version.

We have been using Layer7 API Management for three months. At present, we are using the latest version.

It is a stable product.

We have 12 Layer7 API Management users in our organization.

The initial setup process is easy. The deployment time depends on the custom applications. It takes time to integrate configuration to explain the process to small business vendors.

There are various licensing models for Layer7 API Management. We have to buy additional licenses to get new versions.

I rate Layer7 API Management an eight out of ten. It takes time to learn and understand the product.

The most valuable feature is the basic authentication.

Some areas for improvement would be the security the product provides and the response time when a client is making a call with their payload. 

I've been working with this solution for three years.

There are some issues from the front and backend, but none relating to the API portal.

The scalability depends on configuration, but if that is correct, then the scalability is good.

The tech support is fast and responsive.

The deployment was pretty straightforward.

I would rate this solution as nine out of ten.

Our primary use case is basic encryption/decryption using symmetric assertions and then, gradually, SOAP signatures, SOAP encryption, non-SOAP XML encryption, and signing that. In the last six months or so, I have been working on JWT (JSON Web Tokens).

Using this solution, the deployment and development processes become easier when compared to before, when complete Java development was necessary. Now, the encryption part is very easy and our clients don't have to continuously depend on logic. On this platform, it's very easy for them to understand and to do testing. It saves them time.

I haven't found that there are any most-valuable features. I'm not using any feature most often in any of my use cases. The use cases depend upon the customers' requirements.

In terms of protecting APIs against threats and vulnerabilities, there are a few assertions which are built-in for threat protection. I have used them for vulnerabilities, like for DDoS attacks, XML schema validation, IP restriction, and for cross-domain.

There are old algorithms that the tool does not support - and it shouldn't, in my opinion. But sometimes customers need old algorithms, from old use cases and old applications, migrated to the platform. At those times, there are hiccups that happen. It's a bit of a challenge to make the customer understand that we should not be going with these old applications.

We have not faced many issues with its stability.

Scalability is a bit tough if it is a production environment. If you are planning to scale it and increase the number of servers within one to two years, that can be challenging. Up until now, if I have installed four servers, I haven't been given requirements to add more than that.

We have contacted support. There were two cases where there wasn't support for old algorithms, the assertions weren't supporting them, and we reached out to the support team. They were very helpful. It depends on the problem you are asking them about. If it's easy, they give you solutions quickly. If there is a requirement for the engineering team to be involved, then it takes time. But they're very helpful.

The setup is straightforward. If I'm doing it on a local machine, it takes 20 to 30 minutes for a single client. I don't have any implementation strategies. It's a straightforward process where you just need to select the options, click enter, enter, enter, and provide whatever input is required.

Before starting the implementation with a customer, we give them the prerequisites that are required. If those prerequisites are met, it doesn't take much time to do the deployment. They have to provide the IP, the hostnames, and the port openings.

In our last deployment, it took me two days to install all the port services. There was one replication and there were two persisting nodes. I did the complete installation and was initially involved in the API development. After that, my colleagues were involved in the development of APIs.

It requires a minimum of two people for maintenance, once it's up and running.

The tool is very powerful so if you are looking to go with an API platform I would recommend CA.

The number of users among our clients is growing, although I don't have an actual number I can give you. Initially, it takes time to get people to understand the platform, but once they understand it, everyone wants to use the platform and have their application exposed to this platform only.

Overall, I would rate the solution at nine out of ten. 

Primary user case is producing APIs as products, essentially, and creating the environment for developers to sign up to use APIs. 

It has performed well so far. We just got a test instance installed, and did a PoC earlier in the year. We are more or less just getting started with it. 

• For developers to be able to come, sign up, or find APIs. 
• Sign up for the API and start using it in their applications without a Gateway developer having to get involved. 

The benefit of it is being able to create a sense of the API marketplace. It has improved the way our company functions by streamlining the effort and getting people out of the process.

I would like to be able to see the publisher role be able to be organized within organizations, so somebody within that role can only manipulate their particular policies.

We had some problems getting it installed, but it has been running fine ever since.

It is all docker containers. So, it seems to be pretty good.

The technical support is good, knowledgeable, and responsive.

They are all friendly to work with and really seem to care about us being successful.

We were using the API Gateway before. 

The industry is moving is to be more API-oriented and more self-service oriented, which is why we invested in a new solution.

The initial setup was complex. It ran into a lot of problems. It was a new release. It was a 4.1 release. We spent the first day or so, probably almost two days, getting it to accept the proper IP from the DNS name. We ran into certificate problems. Mainly, just the installation script in our particular environment did not work very well. So, instead of what should have taken us a couple hours, or what we planned for a few hours, it ended up taking about three and a half days.

I did a PoC in the earlier part of the year. We built out some APIs on that, then we just installed the test instance a couple weeks ago. 

Purchase 4.0 now and wait until they flush out the 4.1 problems.

We evaluated CA and Google. We chose CA because we already had an embedded solution with them and a good relationship. Pricing was also a factor.

Most important criteria when selecting a vendor:

• Reliability
• Support
• Pricing.

CA is a large company. It is not like they are going to go upside down tomorrow. You want to make sure that the company is going to be around for awhile if you are investing in them. 

We use it for security.

So far so good. We have our own challenges - some monitoring and some performance related things - but at the same time, I think it's pretty good.

The security that it provides, actually. Being in the financial services industry, obviously security is very important for us.

I'm part of an engineering team so this product coming with out-of-the-box security, that is valuable to our organization.

We are evaluating the next release, actually. We would like to see more stability.

It needs to be a bit more stable. I think they see that, as Support is working on that. We have our own challenges related to the stability. For example, the log space filling up the entire disk because of gateway went down. CA is aware of this issue.

But otherwise, as I said, we have had a pretty good experience with the product.

We do not use it on a massive scale at this point, so it's pretty good.

It's pretty good. It's been a fruitful experience so far.

We were transitioning from another product, DataPower. We switched because of the native support for APIs in API Management.

We didn't consider any other vendors.

What's important to us when selecting a vendor, support is the most important factor.

I would tell anyone who is researching this type of solution to go for API Management.

• Availability of Security Assertions: Addresses all the industry security standards
• High Flexibility: Allows policy-driven orchestration and security mediation, in a drag-and-drop manner

Thanks to this product, we have successfully secured SOAP and REST APIs and exposed them to international/domestic partners using the standard industry protocols.

The Policy Manager UI is very busy. It lacks a graphical representation for the flow of the assertions that can significantly improve the clarity of the policy. Thus the Policy Manager UI can be improved in terms of usability. For example, instead of policy assertions in the policy being in a line by line form, it could be represented as graphical flow, similar to how Vordel Gateway does it.

I have used this solution for six years.

We have not experienced any stability issues. The product has been very stable.

The CA API Gateway solution is highly scalable. It is very easy to add more nodes to the cluster, which increases the processing power.

The technical support is excellent and very timely. The engineers are extremely knowledgeable, not only in regards to the product, but also in terms of the protocols and standards that are used by the product.

We were using Vordel Gateway, but it lacked the flexibility and integration capabilities that CA API Gateway provided at the time.

The initial setup was very straightforward. CA has clear and concise documentation to walk you through the initial setup process for both simple and complex deployments.

Vordel Gateway and IBM DataPower. Both these solutions were evaluated from our end, before CA API Gateway was selected.

You should read the documentation.