Manage APIs across hybrid and multi-cloud environments with Apigee hybrid:
|Manage all APIs in one place|
Apigee hybrid helps you manage all internal and external APIs with a single platform.
With unified API management, you can provide your developers, partners, and customers a consistent API program experience.
|Address security and compliance|
If your compliance and security considerations make on-premises deployment a must for your applications, with an enterprise-grade hybrid gateway, you host and manage the Apigee hybrid runtime plane on your premises.
You manage and control the runtime, enabling you to leverage your existing compliance, governance, and security infrastructure.
|Support your multi-cloud strategy|
Balancing cost and performance may lead you to a multi-cloud strategy.
Whether you are just exploring different cloud providers or have already chosen a multi-cloud strategy, your API management platform should give you the flexibility you need. Host and manage enterprise-grade hybrid gateways across your clouds of choice.
Management and runtime planes
You can think of Apigee hybrid as traditional Apigee Edge split into two distinct parts, a management plane maintained by Apigee in the Cloud, and a runtime plane that you install and maintain on a network that you control:
- Apigee-run management plane: A set of services hosted and maintained by Apigee in the Cloud that provide Apigee Edge UI, management API, and API analytics features for hybrid.
Customer-managed runtime plane: A set of containerized runtime services that you set up and maintain in your own Kubernetes cluster. All API traffic passes through and is processed within the runtime plane.
Manage the containerized runtime on your Kubernetes cluster for greater agility with staged rollouts, auto-scaling, and other operational benefits of containers.
The following illustration shows the general organization of hybrid into a management plane hosted by Apigee and a runtime plane that you install into Kubernetes on-premises or in a Cloud-managed Kubernetes provider:
One key thing to know about hybrid is that all API traffic is processed within the boundaries of your network and under your control, while management services, the UI, and API analytics run in the Cloud and are maintained by Apigee. See also Where is your data stored?
About the management plane
The management plane includes the Edge UI, management API server, and analytics platform. Basically, you interact with the management plane in exactly the same way you do when you use Apigee Edge Cloud or Edge for Private Cloud. You use the Edge UI or management APIs to create and deploy API proxies, configure policies, create API products, and create developer apps.
About the runtime plane
The runtime plane runs in a Kubenernetes cluster that you own and maintain. As shown in the following diagram, the runtime plane includes several main services, which run in separate pods in your cluster. The services are described in more detail in the following sections.
The hybrid Message Processor (MP) brings the entire functionality of Apigee Edge related to API request processing and policy execution to the runtime plane. The MP loads from local storage all of the deployed proxies, resources, target servers, certs, and keystores for target TLS, caches, KVMs, flow hooks, and so on for a specified organization's environment. You must configure an Ingress controller to expose the MP to requests coming from outside the cluster.
The Synchronizer's primary job is to fetch configuration data about an API environment from the management plane to the runtime plane. The runtime plane needs this environment-specific configuration data to do its work. This downloaded data is also called the contract.
The Synchronizer periodically polls the Management Server for changes and downloads a new configuration whenever changes are detected. The configuration data is retrieved and stored locally as a JSON file in a location where the Message Processors can access it.
The downloaded configuration data allows the runtime plane to function independently from the management plane. With a config, MPs on the runtime plane can bootstrap and run using the locally stored data as their configuration. If the connection between the management and runtime plane goes down, services on the runtime plane continue to function.
The configuration data downloaded by the Synchronizer includes:
- Environment information, including the environment name, the organization name, and feature flags.
- Shared API resources, including the resource scope, resource names, locations, and properties.
- Target server definitions
- TLS settings, including the location of keys and certificates
- Environment caches
- Key value map names (the runtime is responsible for initializing and populating KVMs).
- Proxy bundles and shared flow deployments, including the name, revision, type and location.
- Flow hooks
- API products
- Data masks
Cassandra is the runtime datastore used to provide Apigee core persistence services (CPS) for the runtime plane.
You deploy the Cassandra database in Kubernetes in a StatefulSet node pool, as Cassandra is a distributed data system requiring state to be managed on the runtime plane. Locating these entities close to the runtime processing services helps support requirements for security and high scalability.
The Cassandra database stores information about the following entities:
- Key management system (KMS) data, including companies, developers, developer apps, API products, and API keys
- Key value map (KVM) data
- Response cache data
- OAuth data, including access tokens, refresh tokens, and authorization codes
- Quota data, including buckets and counters
Management API (MART)
The Management API for Runtime data (MART) interacts with the local Cassandra datastore. The public Apigee Edge management APIs use MART APIs to access and manage data entities on the runtime plane, such as KMS (API keys and OAuth tokens), quotas, and API products.
Apigee Edge management API calls to access and manage these entities are sent to your local MART server from the management plane. For example, if you create a new API product using the Edge management API, the management plane calls MART APIs to update the runtime plane.
Hybrid concepts for Edge for Private Cloud customers
Most of the hybrid services will sound familiar to Edge for Private Cloud customers. In general, public cloud users did not need to know about these services.
The following table lists the Edge for Private Cloud components and how they are presented in the hybrid model:
|Private Cloud Component||Corresponding service in the hybrid model|
|Management Server||MART (Management API for Runtime data) interacts with the local Cassandra datastore. It serves as an API provider for the management API to access and manage runtime data entities such as KMS (API Keys and OAuth tokens), KVM, quota, and API products.|
|OpenLDAP||LDAP in the management plane.|
|Router||Ingress on the Kubernetes cluster hands requests to the Router/Message Processor (RMP) containerized app in the runtime plane.|
|Message Processor||In hybrid, the Message Processor (MP) acts as an API gateway that processes incoming requests. MPs are implemented as one or more containerized apps in the runtime plane.|
|ZooKeeper||The synchronization of API proxy configurations, environment
information, and other data is managed by the Synchronizer service
on the runtime plane.
The Synchronizer periodically polls the Management Server for changes and downloads a new configuration whenever changes are detected.
|Cassandra||Cassandra is the runtime data store that provides Apigee core persistence services (CPS) for the KMS, KVM, quota, and cache features in Edge. This is deployed in Kubernetes as a StatefulSet, as Cassandra is a distributed data system requiring state managed on a filesystem.|
|Qpid Server||Analytics in hybrid is managed by a data collection pod running in the Kubernetes cluster. This pod uses fluentd and UDCA (Universal Data Collection Agent) containerized apps to gather analytics and feed the data to the UAP (Unified Analytics Platform) in the management plane.|
|Edge UI||The management plane hosts the Edge UI. It is not in the Kubernetes cluster in hybrid.|
|JMX||In Private Cloud, each component was separately configured to use JMX to gather health metrics. In hybrid, metrics are managed by a Prometheus server for all services. There is one Prometheus server per cluster.|