Layer7 API Management Reviews

Primary user case is producing APIs as products, essentially, and creating the environment for developers to sign up to use APIs. 

It has performed well so far. We just got a test instance installed, and did a PoC earlier in the year. We are more or less just getting started with it. 

• For developers to be able to come, sign up, or find APIs. 
• Sign up for the API and start using it in their applications without a Gateway developer having to get involved. 

The benefit of it is being able to create a sense of the API marketplace. It has improved the way our company functions by streamlining the effort and getting people out of the process.

I would like to be able to see the publisher role be able to be organized within organizations, so somebody within that role can only manipulate their particular policies.

We had some problems getting it installed, but it has been running fine ever since.

It is all docker containers. So, it seems to be pretty good.

The technical support is good, knowledgeable, and responsive.

They are all friendly to work with and really seem to care about us being successful.

We were using the API Gateway before. 

The industry is moving is to be more API-oriented and more self-service oriented, which is why we invested in a new solution.

The initial setup was complex. It ran into a lot of problems. It was a new release. It was a 4.1 release. We spent the first day or so, probably almost two days, getting it to accept the proper IP from the DNS name. We ran into certificate problems. Mainly, just the installation script in our particular environment did not work very well. So, instead of what should have taken us a couple hours, or what we planned for a few hours, it ended up taking about three and a half days.

I did a PoC in the earlier part of the year. We built out some APIs on that, then we just installed the test instance a couple weeks ago. 

Purchase 4.0 now and wait until they flush out the 4.1 problems.

We evaluated CA and Google. We chose CA because we already had an embedded solution with them and a good relationship. Pricing was also a factor.

Most important criteria when selecting a vendor:

• Reliability
• Support
• Pricing.

CA is a large company. It is not like they are going to go upside down tomorrow. You want to make sure that the company is going to be around for awhile if you are investing in them. 

We have many use cases. We are doing an enterprise install for all CA API management tool searches which are covered under the ELA, Enterprise License Agreement. We have close to a 100 plus use cases that we want to deploy, the next is over a six months to one year timeline.

There are many things, which are really good, like the Gateway. That's really great and pretty useful. The Mobile API Gateway is also great.

We have not tested it to the extent that we should. Maybe six months down the line we will have a better picture.

At a high level, I would say the portal is a pain. CA double up portal is a pain. It is something that we are struggling with right now. That is just one of the products which is probably not sufficiently satisfactory. We are struggling to get it installed to be used now.

It is not a fully-baked product as a whole. So, individual solutions may be good, but they are evolving in their silos. There needs to be wholistic thinking about how each one of these products functions. Each one of these CA products under API management needs to work in synergy, and evolve in a more cohesive, coherent way so we as enterprise we can take it seamlessly without much pain. 

We have not used technical support yet.

We have ELA with other product vendors, like IBM and Oracle. However, we thought CA might be a good option based on their support within the account. The CA folks who are working, partnering with us within the account and our organization, they have been very reachable and very cooperative.

So even though we have licenses with IBM and Oracle for the same kind of products, API management, we are going ahead with CA just because of the trust that they were able to build. 

It was probably not that straightforward, because the vendor team (CA Services) struggled a bit. 

We implemented using CA Services to come and install the software.

I felt there was a lack of expertise on CA's part, because there are many things within the API management. Maybe the consultant from CA services who came to our organization did not have the experience on all the tools that CA was releasing, which was why the initial setup may not have been straightforward for him. He was good with Gateway, but with the other pieces, he was struggling a bit. It took sometime for him.

We already have ELA with multiple product vendors. It is a matter of using which one we want and moving forward. 

CA is worth trying. It is definitely a key contender in the API management space.

Most important criteria when selecting a vendor: size and brand value.

Web services authentication. 

So far so good, in terms of performance.

Quick response to the setup authentication for web services. That's important to us because we generally don't have a lot of time.

It's separating web services versus web applications, single sign-on. I would say that is the main benefit.

• More throughput
• More scalability
• Better built-in monitoring

So far stability is pretty good. We haven't experienced lag time or crashes.

Scalability is very good.

I think we have used tech support but the response has been so-so. They need more knowledgeable people.

We didn't have a previous solution.

When selecting a vendor the most important factors for us are 

• cost
• validity of the product
• stable product

It's a very good product to use to initially set up single sign-on for web services authentication.

Our primary use case is to enable our customers who are on the Internet. We want them to access our protective web series behind a corporate firewall. To do that, we like to use the OAuth ToolKit within the CA API. It can minimize the password exposure by generating a token using the ToolKit, then use the token to make the web services calls to our protected back-end services.

• The ToolKit with OAuth Manager
• The Policy Manager
• The Gateway Migration Utility (GMU) is a pretty good tool to use.

We are still evaluating it, so I cannot comment much on this. 

I would like to see more documentation. The current documentation is there, but we do not find it very useful. For example, we wanted to integrate with PingFederate TV provider and there was not enough information to customize the way we wanted. It took a lot of effort and we had to reach out to the Gateway folks to help us out on how to do that customization. Thus, it is not easy to integrate with other solutions.

It is pretty stable. We have not seen any issues, anywhere, where we need to restart.

We are still doing a PSA, so we will have to see how it scales once we ramp up volume and we roll out to the production with real life traffic.

We engaged an architect from CA. They were pretty good.

We use it for security.

So far so good. We have our own challenges - some monitoring and some performance related things - but at the same time, I think it's pretty good.

The security that it provides, actually. Being in the financial services industry, obviously security is very important for us.

I'm part of an engineering team so this product coming with out-of-the-box security, that is valuable to our organization.

We are evaluating the next release, actually. We would like to see more stability.

It needs to be a bit more stable. I think they see that, as Support is working on that. We have our own challenges related to the stability. For example, the log space filling up the entire disk because of gateway went down. CA is aware of this issue.

But otherwise, as I said, we have had a pretty good experience with the product.

We do not use it on a massive scale at this point, so it's pretty good.

It's pretty good. It's been a fruitful experience so far.

We were transitioning from another product, DataPower. We switched because of the native support for APIs in API Management.

We didn't consider any other vendors.

What's important to us when selecting a vendor, support is the most important factor.

I would tell anyone who is researching this type of solution to go for API Management.

Our primary use case is to host a handful of different API services for the consumers of our customer. We build and maintain several of those APIs right on the Gateway using their policies. We use it to kind of proxy request through to Java services and other things that we have created.

The extensibility of it. It can do a lot of things. You can create little, custom Java assertions that you can insert to do your business logic, which might not be covered by the commercial product out-of-the-box. 

I like the extensibility of it. It can do a lot of things. You can create little, custom Java assertions which you can insert into your business logic. This might not be covered by the commercial product out-of-the-box. 

More developer focused tools. They have a nice debugger inside of the program, but when you are developing code with their policies, it is tough to visualize that sometimes as a developer. So, tools that are a little more focused on rapidly creating those policies would be beneficial.  

We actually started with this product a few years back. It is definitely improved significantly since then. I think the amount of releases and bug fixes that they have pushed out have really helped.

The scalability has been great for us. We have consumers that range from 10 to 20 users upwards to 1000s of users. Thus, it scales really well. It does a lot of load balancing and other nice, little technical tricks that help smooth out requests which come in.

They have come in sometimes to do onsite training when we requested it. For the most part, when we have technical problems, they are very responsive. They get it down to the developers quickly, who understand the problems and they work with us to get those fixes in their next release if it is something that is a bug or help us work around it. 

When we first started on the Gateway, it was a different company, then CA bought it. The difference from that other company, which might have been a smaller company, from there to CA has just been the responsiveness and that extra level of training and other support that we are getting from CA. 

I have been involved in deploying this product in several of our different environments from the ground up as well as in the upgrade process. From the CA part of it, everything has gone smooth. The problems are always on our side with our environments. I think the Gateway itself is a very simple product to get up and running and their upgrade process is good as well. There are a few little tricky things here and there like with everything, but for the most part, they continue to work to adjust it. 

It is better than similar Gateway products that I have used in the past. Again, that flexibility really lends itself to us, and our program, a lot. However, there are certainly some areas for continued improvement and it seems like they are going in the right direction, so hopefully that continues. 

It's a secure product that allows us to expose API and lock down to only those devices and individuals which have the verified rights to access.

• Secure access to customer records – secured device, only access when in correct postal code area.
• Provide key, up to date information to engineers when engaging with customers.

• Ease of use
• Ability of development and ops teams to expose and manage their own API

30 months.

No issues with stability.

Cost and licencing model restrictive for auto scaling.

Seven out of 10. Not as focused on ensuring that the issues are fully resolved as I would like.

No. Selected after extensive "beauty contest."

Complex to set up and operate. Requires deep understanding of networks, security, as well as API management.

Consider if you need this advanced tool to undertake simple API management. Costly solution which is designed for heavy duty and complex work.

Apigee.

Consider if the product is needed – there are cheaper, less complex solutions out there.

Consultancy costs for CA should be considered – worth the money as it saves time (and therefore cost) with configuration.

Its simplicity; and it's user friendly. Advanced Authentication and Security features. Ability of Gateway to create API on the go with compatibility to integrate with all Blackened Systems (MQ native, JMS, SFTP, HTTPS, SCP, Windows/Oracle, LDAP, etc.).

Improvement in developer portal customization.

Eight years.

Not yet.

No.

8 out of ten.

The only solution I use is CA APIM and it’s the best. I haven't even thought
of switching into another one.

Very easy.

Depends on the client's requirements.

Yes, IBM and Apigee.

CA APIM is the best product in the market. With API Gateway, you can expose
APIs with an advanced authentication mechanism and security, within days.