Enabling public/private hybrid Clouds with Cloud gateways
Savvis, Inc. is a global leader in cloud infrastructure and hosted IT solutions for enterprises that helps its clients reduce capital expenses, improve service levels and harness the latest advances in cloud computing. A leader in Gartner’s Magic Quadrant for Infrastructure as a Service and Web Hosting, Savvis has a 15-year history of providing scalable, reliable and secure infrastructure services in more than 45 countries worldwide.
Savvis’ latest managed service offering, Symphony Virtual Private Data Center (VPDC), is aimed at enterprises that want the control and security benefits of a private network, while enjoying the cost advantages of a multi-tenanted cloud environment. Starting with VPDC, Savvis is automating their order processing and fulfillment capabilities, allowing customers to utilize APIs in order to provision
compute instances, multiple tiers of storage, networking, redundant bandwidth, load balancers, firewalls, and more. The APIs expose select middleware functions to customers for programmatic use over the Internet or through private-line access.
Savvis by the Numbers
The VPDC APIs allow customers to simplify how they integrate their internal IT processes with their outsourced private cloud managed by Savvis. Using the APIs, enterprises can automate how they provision, manage and operate compute services in VPDC just as if the private cloud was located within their own organization.
However, no two customers employ the VPDC APIs in exactly the same way. Each enterprise has different capabilities, as well as different requirements, necessitating the ability to adapt to different customer needs without rewriting the APIs. At the same time, Savvis needs to manage the API lifecycle across versions, and tailor throughput to reflect the service level of each customer. Additionally, because the APIs are exposed to the outside world, there is a critical need to ensure that APIs remain available and uncompromised despite the threat of attack by bad actors, or misuse by inexperienced customers. To provide for adaptation, security and management of their VPDC APIs, Savvis knew they needed a solution that would govern how the APIs are exposed and consumed.
Layer 7’s CloudSpan CloudControl Gateway is deployed as an API proxy to abstract and intermediate the publicly exposed VPDC REST-based API, transforming, providing federation for, and rerouting requests without impacting the underlying API. Using the Gateway, Savvis can accommodate different API consumers with different credential types.
As a SOA Governance solution, the Gateway also simplifies the API lifecycle, allowing Savvis to more easily version their APIs while ensuring backward compatibility and continuity across revisions. As a policy enforcement point, the Gateway lets Savvis define and apply control policies to specific APIs, including SLA policies around throttling, metering and prioritization. And as a security solution, the Gateway provides Savvis a simple way to protect their APIs against Denial of Service (DoS) attacks, application layer attacks, and unauthorized access.
With Layer 7’s CloudControl Gateway in place, when Savvis’ enterprise customers send requests to the VPDC API, the message is intercepted by Layer 7 and authenticated against Savvis’ LDAP. If the request originated from a valid customer, Layer 7 then queries Savvis’ entitlements database to determine which product APIs the customer is entitled to invoke; what level of service they have purchased for each product; and then dynamically sets quotas and throughput limits in the appropriate Layer 7 policies.
The message is then passed to the VPDC API where it is processed in conjunction with Savvis’ business process engine and configuration database in order to instantiate the requested private cloud infrastructure, including storage, network devices, managed security services, virtual machines, and more.
The Layer 7 Gateway allows Savvis to leverage policy in order to easily create virtual endpoints for different purposes. For example, the same backend API can be exposed as either a production endpoint for customer use, or else as a trial endpoint that offers only limited usage.
With the vast majority of Savvis’ cloud customers looking to create hybrid deployments that straddle enterprisebased and hosted deployments, Symphony VPDC is on track to become a key competitive differentiator for Savvis. In this context, Layer 7 plays a critical role in providing Savvis with a streamlined, API-driven way to onboard customers to the cloud, while delivering API protection and management without coding.
By centrally configuring security in the Layer 7 CloudSpan CloudControl Gateway rather than in API code, Savvis has sped up deployment, eliminating the API security development/test/deploy cycle. Centralization also gives Savvis a single point from which to push out API policies and policy updates to all of Savvis’ data centers, thereby lowering administration costs. Layer 7 also addresses Savvis’ service provider operational requirements, including helping to ensure that customer quality of service obligations conform to contractual limits.