Service Delivery BrokerDigital Services Management

Direção de Internet e TecnologiaJune 2015

António Cruz+351 962 041 948antonio.j.cruz@telecom.pt

This document is confidential. Unauthorized use or disclosure of the included information is strictly prohibited.

BACKGROUND AND CONTEXT

ARCHITECTURE

API LIFECYCLE MANAGEMENT

APPS & APIS SECURITY

MARKETPLACES & BACKOFFICE

CONCLUSIONS

AGENDA

EXECUTIVESUMMARY

Service Delivery Broker (SDB), a Cloud product developed at PT/SAPO, drastically reduces development e�ort and time-to-market of innovative multi-channel apps and services.

SDB is a proven, reliable, multi-tenant and cloud-scalable SOA platform, architected to support end-to-end services lifecycle management, and standards-based integration in mission-critical environments.

BACKGROUND AND CONTEXT

Packaged application vendors and SaaS providers are taking service orientation for granted, and, more and more, are publishing the functionality they sell as Web APIs. Mobile applications increasingly use private and public APIs to access enterprise systems of record, necessitating adequate governance and oversight.

“

The Case for APIs

Whether it is technology or service providers o�ering their functionality, or private companies giving access to some of their data according to di�erent charging models, the number of APIs available publicly grows by the day. Their usage is multiplied by a growing population of mobile devices and computing platforms (Web, tablets, smartphones, TVs, video game consoles, cars and more, such as "things" in the Internet of Things [IoT]) ”

Source: Gartner Magic Quadrant for Application Services Governance, April 2015

The Case for APIs

API Business Ecosystem

Historically, the front, middle and back o�ces of an enterprise were integrated point to point by tight coupling, suitable only for a small number of integrations.

1Front o�ce

Business ecosystem

Mid

dle

o�ceBack o�

ceEDI

API Business Ecosystem

With SOA, enterprises adopted an architecture using a service bus for integration, creating loose coupling and the potential for reuse and flexibility. The complexity of integration meant use remained largely internal to the enterprise.

2Enterpriseservice bus

(SOA)

Business ecosystem

EDIEDI

API Business Ecosystem

The new architectural principle and programming model based on RESTful APIs reduces integration cost and complexity, so integrations can scale for many internal as well as external.

Source: PwC Technology Forecast 2012, Issue 2 – The Business Value of APIs

3

Business ecosystem

API

Project Background

In order to sustain its Web Ads business, PT/SAPO’s network of over

required managing and integrating a lot ofheterogenous APIs, capabilities and content.

business partnersand providers200

Project Background

The main business drivers were:

Faster time-to-marketto build and launch innovative services.

Multichannel apps development agility(Mobile, Web,and TV)

Project Background

The main business drivers were:

A standardized catalog, made of agnostic and reusable APIs.

Developers should not have to worry about transversal aspects such as authentication, authorization, access policies, transformations, caching, etc., on every project, over and over again.

SDB Today

SDB is a multi-tenant, carrier-grade, high-performance and high-available cloud solution, developed by PT/SAPO.

Today it delivers:

40million

requests/day

7000

APIs endpoints

13TB

data tra�c/month

23%GROWTH

YoY

SDB Today

Enabling API lifecycle management, authentication, authorization, E2E tracing, intermediate routing, data format and data model transformations, policy enforcement, validation, caching, etc.

Based on Service Orientation principles, ITSM best practices and implementing industry standards: W3C/OASIS/IETF, ITIL, OAuth 2.0, OpenID Connect, etc.

SDB is a multi-tenant, carrier-grade, high-performance and high-available cloud solution, developed by PT/SAPO.

SDB Enabled Faster Apps Development

PT’s Portfolio of Mobile, Web and TV Apps

APIManagement

SDN / NFV

M2M / Internet of Things

Big Data

Enterprise APIs Catalog

API Management Scenarios

Use Cases and Awards

In extensive use since 2006, SDB became a key enabler for building a service-oriented architecture at PT Group.It currently manages thousands of APIs endpoints, enabling application capabilities across online, IPTV and telco services.

SDB was recognised by TMForum as “a proven, reliable and cloud-scalable platform that enables end-to-end service lifecycle management and standards-based integration for mission critical, service-oriented environments”.

Pipeline Innovation Awards recognized SDB as “a top innovator for advancements in the following communications technology categories: Cloud and Product Innovation”.

Deployed at Oi since May 2014, SDB manages and provides secure access to Oi APIs and applications to partners and integrators, providing insight on product usage and reducing customer complaints by easing diagnostics with its extensive tracing facilities.

The PT Service Delivery Broker solution is particularly noteworthy as it fulfils many of the requirements for a Cloud Service Broker while adding robust tools and industry standards based governance to e�ectuate compliance with SOA Best Practices and e�cient Product and Service Lifecycle Management.

Eric G TroupCTO, WW Communications and Media IndustryMicrosoft Corporation

Portugal Telecom/SAPO’s Service Delivery Broker will solve and speed up current monetization challenges Telcos’s industry faces nowadays, optimizing their opportunities, reducing their time-to-market and development e�ort in a more quick and inexpensive way.

Sérgio MartinsHome Entertainment Product ManagerLG Portugal

Web services by INE's statistical information, available through the Service Delivery Broker, enables the di�usion of statistical indicators in a simple, e�cient and responsive way that adapts to the needs of Internet users in Portugal.

Maria Manuela MartinsChief of the Communications and Image ServicesInstituto Nacional de Estatística

References

References

ARCHITECTURE

Service Orientation is not Optional

SOA drastically reduces complexity associated to multi-platform, multi-vendors, multi-programming environments.

GOING FROM...Similar apps requiring multiple connections to each resource.

Knowledge of the source code for each resource is necessary

Forcing usage of specific programming languages

Consumer applications are coupled with underlying technology ContentIT ResourcesNetwork Resources

SOA drastically reduces complexity associated to multi-platform, multi-vendors, multi-programming environments.

...TOSimilar app interfaces will be developed in specific languagesbut standard resource interfaces are already available.

Knowledge of underlying resources technology is not necessary

Developers code in their most proficient language against standardized interfaces

Most common infrastructure aspects are abstracted and standardized ContentIT ResourcesNetwork Resources

Enterprise APIs Catalog

Domain APIs

Service Delivery Broker

Service Orientation is not Optional

Agile Development and Delivery

Most common features are enabled through a configuration.

APIsMarketplaces

TV

Web

MobileDomain-SpecificAPIs

Enterprise APIsCatalog

Messaging

Content

TV

BSS/OSS

IaaS

PaaS

Service Delivery Broker

Concept

Design

Develop

Deploy

Operate

Retire

Users and apps authentication

Resources access authorization

Access policies (e.g. throttling)

Data & format transformations

Content-based routing

Web caching

Load-balancing

API compositions

Stateless workflows

Payment/billing/provisioningintegration

Agile Development and Delivery

Most common features are enabled through a configuration.

Solution Logical Architecture

SDB Marketplace

SDB Runtime

SDB Support Services

Service Enablers

Network Data/IT External

SDB Connect SDB Backo�ce

APIs

Identity Gateway Product Lifecycle Management

Token Manager

Application Manager

Apps

Catalog

Aut

hent

icat

e

Tran

sfor

m

Cac

he

Val

idat

e

Rout

e

Thro

ttle

...

Transaction Trade Configuration Metadata Notification Usage Metric Incident Import/Export ...

API Lifecycle Management

Run as aCloud Service

AND / OR

Run onPremises

Define a Concept Create a Product O�er In Business

Concept Design Develop Deploy Operate Change

TVWebMobile 3 Parties Others

SDB Components

Other Marketplace IdentityGateway Backo�ce

Runtime

Support Services

Distributed Cache Core Databases Tracing Databases

TracingAuthorization Access Control

CatalogProduct

Management ...

MonitoringServices

MonitoringDatabases

AuthenticationServices Core

End-user

Storage

TENANT

C

TENANT

BTENANT

A

FE

3FE

4FE

5FE

2FE

1

Multi-Tenancy & Dynamic Load Balancing

# of frontends allocated to each tenant can change in realtime

N entities sharing a database instance

Many entities over a single installation

SharedDatabases

API LIFECYCLE MANAGEMENT

GROWTHYoY

API Lifecycle Management

Process-driven activities that must be done in collaboration.

Based on best practices and industry standards:

CONCEPTService Manager

DESIGNService Designer

DEVELOPService Developer

DEPLOYService Transition

Manager

OPERATEService Operator

RETIREChange Manager

Role-Based Access Control

Granular profilesand access authorizationsto all configuration items.

ProductManager

API/AppDeveloper

TransitionManagerPartner

ServiceOperator

Real-Time End-To-End Tracing

Visibility on what apps Users accessed, what APIs those apps accessed,and what resources those APIs accessed.

APP“VOD App on iOS”

USER“john@gmail.com”

RESOURCE“Server A on Farm X”

API“SubscriberManagement API”

End-To-End Tracing

LOGICAL

Name of requested API

App that sent the request

Raw response

Detailed message flow

PHYSICAL

User login

Server that answered to the request

End-To-End Tracing

Event Management

Real-time notifications on interesting events, thresholds violations, and abnormal conditions.

Client App SDB Runtime

ServiceHitBegin

OutboundRequestBegin

OutboundRequestEnd

ServiceHitEnd

Service Enabler

Complex EventProcessor Engine

NotificationsSubscribers

OutputDB

Event Streams

Aggregate, Filter, and Correlate

Store

Notify

Complex Event Processing (CEP)

SDB Runtime

ServiceHitBegin

Output

CEP Statement

Running inside

the CEP engine

Event Stream

select current_time() as Time, count(*) as Valuefrom ServiceHitBegin(Service="XPTO").win:time_batch(1 second)

Deploying of new metrics through a configuration

Results can be sent to a database, URL, email, Role, etc.

• Filters events of XPTO service from ServiceHitBeginstream

• Sums all filtered events

• Executes every 1 second

• Notifies other interested parties and/or services

Real-Time Reporting & Statistics

APPs & APIs SECURITY

OAuth Protocol

OAuth is a open standard for authorization.

It provides... a method for clients to access server resources on behalf of a resource owner (such as a di�erent client or an end-user).

a process for end-users to authorize third-party access to their server resources without sharing their credentials (typically, a username and password pair), using user-agent redirections.

Old Enterprise

Identity management iscentralized and internal

Service provider controlsusers access to resources

UsersResources

The OAuth Shift

(Hybrid)

New Enterprise

Identity management isdecentralized and external

Users control apps accessto resources

Apps

UsersResources

Apps

OpenID Connect Protocol

OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol.

It allows... clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.

clients of all types, including Web-based, mobile, and JavaScript clients, to request and receive information about authenticated sessions and end-users.

SERVICE DELIVERY BROKER BACKENDFRONTEND

Security Model for Apps and APIs

SDB TenantAdministrator

SDB Runtime

SDB

Sup

port

Serv

ices

SDBBacko�ce

Social Identity AdaptersFacebook, Google,Twitter, LinkedIn, etc...

Web-basedApp

App User

Corporate IdPs WS-Federation Adapter

TokenManager

IdentityGateway

AppsAuth

Config

SDB Connect

APIs

6

2

3

4

OAuth 2.0

OpenID Connect

Tokens

5

1

7

One Protocol, Multiple Identity Providers Option

OpenID Connect

MARKETPLACES & BACKOFFICE

API Marketplaces

store.services.sapo.pt market.mobizz-project.eu

Provider & Partner Backo�ce

Partners and Product O�erings management.

CONCLUSIONS

Product Di�erentiation

Several SDB di�erentiating aspects make it a best choice, when comparing to other proposals:

Lightweight and standards-based, SDB integrates existing processes, securing, extending and evolving systems and applications in an incremental, non-intrusive way that adjusts to any kind of business.

Closely following TM Forum and ITSM best practices, SDB ensures that governance and best practices are followed and validated by automating the service management lifecycle, from Service Design through Development, Transition, and Operation.

O�ering a natural, easy-to-follow experience for each service management role, SDB drastically minimizes the e�ort needed to use, create, configure, test, publish and monitor well-designed services in multi-channel, multi-platform environments.

Delivered as a multi-tenant cloud service, and supporting pay-as-you-go models for both service providers and consumers, SDB is able to o�er the best cost/value relationship.

Target Audience

...looking for a functionally complete application services governance technology and services set.

...looking to enforce governance through everyday decisions, and devising several policies that must be adhered to.

...trying to adopt a digital operating model, powered by Web APIs and supported by API management platforms.

In the process, they also want to open new business opportunities for their enterprises in permeable digital ecosystems.

...looking for application services governance functionality, developer portals, API metering and billing.

Project TeamsEnterprise Architects CIOs / CTOs Companies

Take-Aways

SDB Runtime & Backo�ce Drastically accelerate launch of multi-channel application and services.

Reduce capital and operational expenditure on integration e�ort.

Standard policies and guidelines for application and services development.

API management lifecycle based on TM Forum/ITSM best practices.

SDB Connect Agile integration between applications and internal/external identity providers.

Standards-based user login and application access to services on web, mobile and TV applications.

Integrated multi-channel application access management for user, developer and service provider roles.

SDB Marketplace & Backo�ce Fast time-to-market and monetization of API-based product o�ers.

Flexible configuration of both subscription and pay-per-use business models.

Self-service portals for managing o�ers, subscriptions, access and metering.

Service Delivery Broker Facets

ServiceDeliveryBroker

ITSMPractices

IAMas a

Service

APIMarketplace

SOAGovernance

Service Delivery BrokerDigital Services Management

Direção de Internet e TecnologiaJune 2015

António Cruz+351 962 041 948antonio.j.cruz@telecom.pt

This document is confidential. Unauthorized use or disclosure of the included information is strictly prohibited.