Compare Apigee hybrid to Edge

This section compares Apigee hybrid to Apigee Edge.

Components/services comparison

Most of the hybrid services have corresponding components that will sound familiar to Apigee Edge customers. In general, Apigee Edge for Public Cloud users did not need to know about these services.

The following table lists common Edge services and how they are presented in the Edge for Public Cloud, Edge for Private Cloud, and hybrid models:

Service Apigee Product or Feature Area
Hybrid Edge for Public Cloud Edge for Private Cloud
Analytics A data collection pod in the runtime plane uses fluentd and UDCA (Universal Data Collection Agent) to gather analytics and feed the data to the UAP (Unified Analytics Platform) in the management plane. Managed by Apigee Qpid and Postgres servers
API Proxy Gateway The Message Processor (MP) processes incoming requests. MPs are implemented as one or more containerized apps in the runtime plane. Message Processor
Persistence Cassandra provides persistence for the KMS, KVM, quota, and cache features. Cassandra node or ring
Deployment The Synchronizer ensures that API proxy configurations, environment information, and other data is kept up to date between the management plane and runtime plane. ZooKeeper
Administrative User Interface The Apigee hybrid UI is a containerized app hosted on the management plane. The Apigee hybrid UI is hosted on the Management Server
Load Balancing An Istio Ingress controller hands requests to the Router/Message Processor (RMP) containerized app in the runtime plane. Router
APIs Apigee APIs are accessed through the Management Server and MART. MART interacts with the local Cassandra datastore and serves as an API provider for the Apigee APIs to access and manage runtime data entities. Management Server
Metrics Managed by a single Prometheus server per cluster for all services. Each component configured with JMX
 

Feature comparison

The following sections provide a comparision of hybrid and Edge features.

Summary of current feature differences

The following table describes feature-level differences between hybrid and the Edge/Apigee Edge for Private Cloud platforms.

Feature Current differences in hybrid
Analytics

The following Analytics features are not supported:

  • Async queries
  • Data export
APIs

Apigee hybrid uses the Apigee APIs.

For a complete list of differences, see Unsupported Edge APIs

API Monitoring

Proxy and target metrics are available in Stackdriver; you can configure dashboards and alerts based on that data.

API Proxy Revisions
  • Immutable when deployed

For more information, see Deployment overview.

Apigee Adapter for Istio Not supported
Deployments
  • Asynchronous deployments
  • Retrieving deployment status is based on the last time the runtime plane "checked-in" with the management plane
Environments
  • Self-service through the Apigee hybrid UI and APIs
  • More flexibility in serving topology
  • An MP pod can only serve one environment

For more information, see Manage environments.

Extensions Not supported
Hosted targets Not supported
Keystores/Truststores
  • Northbound managed as Kubernetes secrets
  • Southbound managed as in Apigee Edge
  • References are not supported
KVMs
  • In the hybrid UI, you can create environment-scoped KVM maps that are either unencrypted or encrypted. You cannot add, update, or view KVM entries in the UI.
  • You cannot use the Apigee API to add, update, or list KVM entries. *
  • To add entries to a KVM, you must use the KeyValueMapOperations policy.
  • You can use property sets for some of the same use cases as KVMs. See Property sets vs. KVMs.

For more information on creating KVM maps in the UI, see Key Value Maps.

Microgateway Not supported
Monetization Not supported
Node.js
  • Apigee hybrid does not support Node.js API proxies
  • Apigee recommends that you host Node.js applications as separate containers in Kubernetes (same or different cluster)
  • Hosted targets are not supported
OAuth New Revoke OAuthv2 policy revokes by end user ID, app ID, or both
Organizations
OpenAPI Specification management Not supported
Policies
Portal

Integrated portals and customer-managed Drupal-8 based portals are in alpha.

Note: Integrated portals will soon be available in beta.

The following features are not yet supported in integrated portal:

  • Audience management
  • Custom domains
  • Developer teams
  • Developer account administration view
Resources
  • Cannot use organization-level resources
Roles and Permissions
  • Managed through Google Cloud Platform (GCP) Console's IAM service
  • Some curated out-of-the-box roles are available
  • You can create custom roles which can include other GCP permissions

For more information, see Users and roles.

Sense Not supported
SOAP services in the Build a proxy wizard Not supported
Tooling The following tools are not supported in hybrid:
  • Maven plugins
  • apigeetool
Trace/Debug Sessions

Apigee hybrid includes the following differences for trace:

For more information, see Trace differences.

Virtual Hosts
  • Not managed in or by Apigee
  • You are responsible for managing the Kubernetes ingress point
  • Istio Gateway (Envoy) is used where certificates and keys are deployed
  • OCSP stapling is not supported by Envoy (as of August 2019)
  • TLS variables are not available in API proxies

For more information, see About virtual hosts and environments.

WSDL proxy generator Not supported
 

Which Edge features are removed in hybrid?

Google does not plan to support the following features in Apigee hybrid:

  • APIs to:
    • Manipulate KVM entries
    • Search for or revoke OAuth access tokens (because tokens are hashed)
  • Developer portal development using Drupal 7
  • OAuth v1 or OAuthv1.0a policy
  • ConcurrentRateLimit policy rate limiting policy
  • Trireme (EOL'd on 10/10/2019)

API comparison

In general, most of the Apigee Edge APIs have Apigee API equivalents. This section provides:

Summary of changes using the API

The following lists the changes in behavior across all Apigee APIs as compared to the Apigee Edge APIs.

Behavior Apigee APIs Apigee Edge APIs
Base domain apigee.googleapis.com api.enterprise.apigee.com
Media types application/json application/json
application/xml
Authentication OAuth2 OAuth2, SAML, Basic
Timestamps in keys String format
{
  "createdAt": "1234",
  "lastModifiedAt": "5678"
}
int64 format
{
  "createdAt": 1234,
  "lastModifiedAt": 5678
}
Structure of expand=false query parameter
{
  "proxies": [
    {
      "name": "helloworld"
    },
    {
      "name": "weather"
    }
  ]
}
[
  "helloworld",
  "weather"
]
Query parameters prefixed by underscore Not supported (optimal=true) Supported (_optimal=true)
Properties in payloads:
  • created_by
  • modified_by
  • self
Not supported Supported
Default values in payloads Not included Included
Error handling structure
{
  "error": {
    "code": 409,
    "message": "...",
    "status": "ABORTED",
    "details": [...]
  }
}
{
  "code": "...",
  "message": "..",
  "contexts": []
}
Cache deletion response Returns: 204 No Content Returns: 200 OK and cache details

Unsupported Edge APIs

The following table lists the unsupported Edge APIs (that do not have Apigee API equivalents).

API category Unsupported Edge APIs
API Monitoring No APIs supported
API proxies
  • Force undeploy API proxy
  • Get npm dependencies
  • Manage npm modules
Cached logs No APIs supported
Company apps No APIs supported
Company app family No APIs supported
Company app keys No APIs supported
Debug sessions
  • Cannot stop trace sessions
  • Cannot delete individual transactions

For more information, see Trace differences.

Developer app
  • Get count of API resources
Developer app family No APIs supported
Extensions No APIs supported
Keystore: Truststore Test a keystore or truststore
Keystore: Certs Use organizations.environments.keystores.aliases APIs
Keystore: Keys Use organizations.environments.keystores.aliases APIs
LDAP No APIs supported
Monetization No APIs supported
OAuth V2 No APIs supported
Policies No APIs supported
Resource files
  • API proxy revision scope
  • Organization scope
Sense No APIs supported
Users and user roles Use Google Identity and Access Management (IAM)-related APIs
Virtual hosts No APIs supported