We've deployed WSO2 Api Manager in Active-Active scheme with single Api Manager Analytics server. Also we're using Graylog+Elastic+Grafana to collect logs from back-end services behind API.
The case is that amount of back-end services calls are hugely greater (millions vs thousands) than a corresponding API hits count. Why is that? What are we missing?
Related
Need to compute IOPS required for SSD when using API Manager 2.1.0
When working with API and Key Manager databases, what should be the typical IOPS for the database SSD? We expect around 1000 HTTP POST requests Per Second. This needs to be authenticated and routed to one of the back-end Service end-points. Also, can anyone provide details on database queries that get executed when API requests are processed by the Worker Gateways? Are stored procedures used while accessing the API and Key Manager databases and what is the schema for the databases? Please provide any links that will help understand the low-level details of the database interactions.
Many third-party services providers allow you to configure a "Webhook" (aka HTTP POST) to your system when an event occurs in their system. Service providers will use various methods of authentication (HMAC, OAuth, TLS, etc.).
For example, Company1 configures ServiceABC to send notification to http://company1.com/eventlistener when an event occurs in the service provider (eg transaction approved):
ServiceABC.com -> HTTP POST -> http://company1.com/eventlistener
http://company1.com/eventlistener is in the DMZ. It will authenticate the message and forward to back end service as appropriate.
[DMZ] http://company1.com/eventlistener -> | [Behind] http://backendUrl/service
In this example, assume the service provider does not support OAuth. Authentication is performed using a custom header scheme.
Can/Should the WSO2 API Manager be used in this scenario?
If not the API Manager, can the WSO2 ESB be used ?
API Manager is the right solution here. API Manager has 5 main components, gateway, publisher, store, keymanager and traffic manager. In the basic distributed setup these 5 components can run on 5 machines. API Publisher publishes APIs to gateway (real artifact of API are here) and store (virtual representation of API, to which can be subscribed, are here). Gateway exposes your APIs to outside. So it resides in DMZ. API Store also can be on DMZ depending on what you want. Keymanager handles authentication (eg. OAuth2) and should be in MZ. Traffic manager is used for request throttling.
Backend authentication can be done with a simple customization.
You can find clustering documentation here. APIM deployment patterns are here.
Hope this helps.
I actually try WSO2 API Manager in our IT and I can't found how to monitor backend WS.
Is there a way to have an alert (trace/mail/...) when :
the time response of a webservice is too high?
the Webservice is unavailable (or http code isn't 200) ?
This tool seems great but I need a monitoring part...
Perhaps I simply miss it...
Any helps ?
If you already use WSO2 APIM in production how do you manage this part?
Regards,
Mike
By Using APIM and CEP integration, you can achieve this requirement. APIM can be configured to publish thrift events into CEP and then CEP can process these events to provide necessary alerts and notifications as required.
Please refer below document for APIM and CEP integration.
WSO2 API Manager has following statistics monitoring
API Subscriptions: Number of subscriptions per API (across all
versions of an API)
API Usage: Number of API calls being made per API
(across all versions of an API)
API Response Times:
API Last Access Times: The subscribers who did the last 10 API invocations and the APIs/versions they invoked
API Usage by Resource Path: Usage of an API and from which resource path (per API version)
API Usage by Destination: To see destination-based usage tracking, you must first enable it. See API Usage by Destination.
API Usage by User: Number of times a user has accessed an API
Faulty Invocations: The number of API invocations that failed to reach the endpoint per API per user In a faulty API invocation, the message is mediated though the fault sequence. By default, the API Manager considers an API invocation to be faulty when the backend service is unavailable.
For more information, please see https://docs.wso2.com/display/AM1100/Viewing+API+Statistics
For our public hosted version of API Manager - WSO2 API Cloud - we simply set up Pingdom for both the gateway and the web UIs and exposed the public dashboard at the SLA & Support page. Pingdom also has email, sms, etc. alerts when response times get over 30 seconds.
Internally we also use various server monitoring tools like icinga.
We are developing a merchant application in that we have various modules like Schedule, Booking, Invoice e.t.c, each of this module are runs in different server, those are exposed through as RESTful granular services. UI layer will communicate with these granular service accordingly. To identify the request and redirect to specific micro service runs in service layer of various sever we have created a service gateway. Some of the service required data manipulation on the go which is presently accomplished through Mule ESB and some routing activities are also managed through it.
Actual purpose of the Service gateway is to match the request with service dictionary available and redirect to the respective micro service, at present its been developed in j2ee framework and runs in wildfly server. So to achieve the same process in light weight manner we come across a micro service manager like"getKong" and Customising "nginx" server to manage microservices, Mule ESB.
Along with Service Bus management is it advisable to use the Mule ESB as MicroService maanager as like getKong or any other valuable suggestion ?
In my personal opinion, you have three options:
If you don't need to perform authentication/authorization or/and
Throttling and your routing can be quite complex/complicated than is
completely fine to do it in Mule ESB.
If you do just URL rewrite nginx is probally the best choice for
minimum overhead and maximum performances.
If you really need an API manager with all the rich features than is
fine getKong or, if you want to stay in the MuleSoft
world and your are willing to pay, you can have a look at API
Gateway.
Hope this helps
I have a question on WSO2 API Manager Clustering. I have gone through the deployment documentation in detail and understand the distributed deployment concept where in one can seggregate the publisher, store, key manager and gateway. But as per my asessment, that makes the deployment architecture pretty complex to maintain. So I would like to have a simpler deployment.
What I have tested is to simply have two different instances of the WSO2 API Manager to run in two different boxes pointing to the same underlying data sources in MySQL. What I have seen is that, the API calls work perfectly and the tokens obtained from one WSO2 instance would work for API invocation on the other API Manager instance. The only issue with this model is that we need to deploy the APIs from individual publisher components for as many WSO2 API Manager instances that are running. I am fine to do that since the publishing will be done by one single small team. We will have a hardware load balancer in front having the API endpoint URLs and token endpoint URLs for both the API managers and the harware LB will do the load balancing.
So my question is - are there any problems in following this simple approach from the RUNTIME perspective? Does the clustering add any benefit from RUNTIME perspective for WSO2 API Manager?
Thank you.
Your approach has following drawbacks (there can be more which I do not know);
It is not scalable. Meaning - you can't independently scale (adding more instances of) store or publisher or gateway or key manager.
Distributed throttling won't work. It will lead to throttling inconsistencies since the throttling replication won't happen if you don't enable clustering. Lets say you define 'Gold' tier for an API. Doesn't matter how many gateway instances you are using, a user should be restricted to access no more than 20req/min to this API. This should have been implemented based on a distributed counter (not sure the exact implementation details). So if you don't enable clustering, one gateway node doesn't know the number of requests served by other gateway nodes. So each gateway node will have their own throttle counter. Meaning - a user might be able to access your API more than 20req/min. So this is one of the throttling inconsistencies. Further, lets say one gateway node is throttled out a user but the other gateway node is not. Now, if your LB routes the request to 1st gateway node, user will not be able to access the API. If your LB routes the request to 2nd gateway node, user will be able to access the API. This is another instance of throttling inconsistency. To overcome all these issues, you just need to replicate the throttling across all the gateway nodes by enabling clustering.
Distributed caching won't work. For example, API Key validation information are cached. If you revoke a token in one API Manager node, cache will be cleared in that node. So a user can't use revoked token via that API Manager node, BUT he is able to use the token via the other API Manager node until the cache is invalidated (I guess 15 min by default). This is just one instance where things can go wrong if you don't cluster your API Manager instances. To solve these issues, you just need to enable clustering, then the cache will be in sync across the cluster. Read this doc for more details on various caching available in WSO2 API Manager.
You will be having several issues if you don't have above features. WSO2 highly recommends distributed deployment in production.