Open in app

Sign in

Write

Sign in

WSO2 API Manager 4 deployment options explained

Chanaka Fernando
WSO2 Best Practices
Published in
8 min readMar 21, 2022

--

How to deploy WSO2 API Manager 4 in your enterprise

Introduction

WSO2 API Manager 4. x is the latest version of the award-winning WSO2 API Management platform. With the introduction of APIM v 4.0 in 2021, the WSO2 team has integrated its Integration (ESB) functionality as well as Streaming capabilities under one packaging. I wrote a blog post mentioning the key features of APIM 4.0 here.

In this article, I’m going to talk about another interesting aspect of the product which is the deployment options available for customers. Before talking about the deployment options, let’s take a look at the components of the WSO2 APIM 4.

Figure 1: WSO2 APIM 4 components

The preceding figure depicts the main components included under WSO2 APIM 4. Those are

  • API Management — Provides full API lifecycle management functionality
  • Enterprise Integration — Offers fully-featured hybrid integration capabilities
  • Streaming Integration — Supports stream processing capabilities

Let’s take a deeper look at each of these components.

API Management

This component is divided into 2 main sections called control plane and data plane as depicted in the preceding figure.

  • Control plane — This is the unit that controls the behavior of the tool. It contains the security, development, LCM, rate-limiting, service discovery functions.
  • Data plane — This is the component that handles all the requests and responses from the clients. It connects with the control plane as and when necessary to update configurations, validate requests against policies and other management functions.

Control plane

This is the main control center of the WSO2 API Manager runtime which has the following functional capabilities.

  • Developer portal — This is the place where all the APIs are cataloged so that application developers can find the required APIs
  • Publisher — The interface used by API creators to build different types of APIs such as REST, GraphQL, Websockets or AsyncAPIs
  • Key Manager — This is the security component which is built into the tool that manages the tokens and secrets for API users
  • Traffic Manager — Controls the API traffic with rate-limiting and throttling policies. Also acts as the event hub for communication between components.
  • Admin portal — This is a portal that is used by system administrators to control users, permissions, policies, workflows and other tasks.
  • Service Registry — This is a component that registers external endpoints such as Integration services so that creation of APIs is easier.

Data plane

This is the actual gateway which receives requests from consumers such as mobile or web applications. WSO2 offers 2 gateway choices here.

  • Standard gateway — This is the backward compatible API gateway which is designed using the “synapse” runtime. More suitable for monolithic gateway use cases.
  • Micro gateway — This is the modern, cloud-native gateway built using “envoy” proxy as the runtime. This is called the “Choreo Connect” going forward.

Enterprise Integration

This is a separate runtime available in the WSO2 APIM 4. It is the same old WSO2 ESB/EI that was available prior to APIM 4 release with improved features and functionalities that are related to cloud-native deployments. The runtime component is called the “Micro Integrator” or MI which uses the same “synapse” based runtime for developing integration applications.

Streaming Integration

This component is designed for stream processing based use cases such as streaming ETL, change data capture (CDC) or real-time analytics. It is based on “Siddhi” runtime which was used in WSO2’s older products such as Complex Event Processor (CEP) and Stream Processor (SP). The runtime component is called the “Streaming Integrator” or SI.

You can learn more about WSO2 APIM 4 and the components mentioned above using the documentation here.

Deployment options

Let’s get into the deployment options that are supported by the WSO2 APIM 4 and how you can achieve that with the current offerings of WSO2. There are 3 main deployment options supported by WSO2 for APIM 4. Those are

  • On-premise (customer managed)deployment — Deploy all the components in a customer managed infrastructure such as physical servers, VMs or infrastructure as a service (IaaS) cloud.
  • Cloud (WSO2 managed, SaaS) deployment — Deploy all the components in a WSO2 managed environment and use it as a service. This can be a private cloud or a shared cloud deployment based on the customer need.
  • Hybrid deployment — Deploy part of the product in WSO2 managed environment and the rest in a customer managed environment.

The WSO2 APIM 4 can be deployed in all of the above mentioned deployment methods.

What is Choreo?

Choreo is a platform for digital innovation for enterprise teams. It offers the functionalities such as Integration, API Management and Microservices development in an integrated cloud environment which offers as a SaaS product. You can find more about Choreo from here.

In the context of this article, Choreo acts as the cloud counterpart of the WSO2 APIM 4 functionality. We will be using Choreo for cloud and hybrid deployment options for WSO2 APIM 4.

How to deploy WSO2 APIM 4?

Now we have a better understanding of the WSO2 APIM 4 product, the deployment options and the functionality of each component. Let us discuss how these components are deployed in your computing environment.

Figure 2: WSO2 APIM4 deployment options

The preceding figure aggregates all 3 possible deployment options for WSO2 APIM 4 into a single diagram.

On-premise deployment

In the left hand side of the figure, it shows how to deploy WSO2 APIM 4 in an on-premise (customer managed) environment where different components such as data plane, control plane are deployed separately. Here, Traffic Manager which is part of the control plane has been deployed as a separate component since that would provide us the opoortunity to manage it better. This component (TM)is used as the event hub for communication between data plane and control plane as well. Hence, it is better to deploy that as a separate component from the shared control plane. For data plane, we can use either standard gateway or micro gateway as per the use case. If the reuirement is to deploy APIs in a shared API gateway, standard gateway would be the better choice. If you need to deploy multiple gateways with each having a small number of APIs (e.g. in a multi-tenant kind of scenario), you can use the micro gateway.

The other data plane components such as micro integrator and streaming integrator are optional and you can use those component as and when required. For analytics, you can either use ELK based (upcoming) on-premise analytics solution or cloud based, Choreo analytics solution. The below figure depicts a possible on-premise deployment with cloud analytics.

Figure 3: WSO2 APIM 4 on-premise deployment with cloud analytics

As depicted in the preceding figure, WSO2 APIM 4 is deployed in a customer managed environment in a partially distributed manner. The data plane is deployed as a separate 2-node gateway cluster and the traffic manager is also deployed as a separate 2-node cluster. The control plane is deployed using all-in-one APIM profile in another 2-node cluster. Cloud based analytics is used for business analytics.

Cloud (SaaS) deployment

If you do not want to manage infrastructure and use the WSO2 APIM 4 as a service, you can go with the cloud based deployment. This is the model shown in the right hand side of Figure 2 above. In this approach, you don’t need to worry about the components or the scalability, rather use the cloud solution to build business use cases. WSO2 offers this functionality through Choreo product which offers more functionality than the standard APIM 4. Some additional functionality includes

  • Observability
  • AI/ML based development
  • CI/CD pipelines for automated deployments
  • Marketplace to share services/APIs
  • Low code editor for service development

This deployment is not visible to the customers and they don’t need to worry about the internal details of it. Customer will only interact with a browser to use this functionality and the rest of the work is taken care by the WSO2 team. The below figure depicts the high-level details of the cloud deployment for your reference.

Figure 4: WSO2 APIM 4 cloud (SaaS) deployment (high-level view)

As depicted in the preceding figure, the cloud deployment uses the APIM 4 control plane along with the micro gateway (Choreo Connect) as the data plane. Since the cloud deployment is running on top of a container based environment, MGW is the best option for running the data plane. For integration functionality, the cloud deployment uses “Ballerina” based runtime with an improved low-code editor which used AI/ML for better development.

In addition to this option, there is another SaaS option available for users who want to have a dedicated deployment of WSO2 APIM 4. In this option also, customer will only access the system through a web browser and does not need to worry about deployment architecture or the environments.

Hybrid deployment

This is the third deployment option available to deploy WSO2 APIM 4 in which the components are deployed across enviornments managed by the customer and WSO2. The below figure depicts this deployment model.

Figure 5: WSO2 APIM 4 hybrid deployment model

As depicted in the preceding figure, the data plane component which is the Micro Gateway (Choreo Connect) is deployed in an environment managed by the customer. In addition to that, the traffic manager component is also deployed along with that for better performance. If required, you can get rid of this and use the cloud control plane for this.

The Choreo cloud based control plane is used along with the on-premise data plane here. It will provide the required functionality to manage and control the on-premise data plane. In addition to that, cloud based analytics is used for the business analytics which is connected to the on-premise gateway components.

Hybrid deployment managed by the user

If you are not in a position to use the WSO2 managed cloud environment but needs to deploy WSO2 APIM 4 in a hybrid model, you can do that as well. In this case, you will deploy control plane in a cloud environment (such as IaaS) managed by you the customer and deploy the data plane in an on-premise environment (again, managed by you the customer). The only difference in this option when compared to the on-premise option we discussed earlier is the location of the components. The ownership of the full deployment is still with the customer (you). This option is depicted in the figure below.

Figure 6: WSO2 APIM 4 hybrid deployment managed by the user

As depicted in the preceding figure, the control plane is deployed inside a cloud infrastructure such as AWS, Azure or GCP and that is owned and managed by the customer. This is a non-scalable component and the latency won’t have an impact on the end users of APIs. It would also be a cheaper option when comparing with managing and on-premise servers for this component.

The data plane is deployed in the on-premise data center closer to the back end systems since that would impact the user experience and the performance of the applications. Traffic Manager is also deployed in the on-premise data center to reduce the latency between that and the gateway. If required, this component can be removed since that functionality is available in the control plane.

That’s all for now. Keep learning!

Wso2
Api Management
Technology
Software Architecture
Solution Architecture

--

--

Chanaka Fernando
WSO2 Best Practices

Written by Chanaka Fernando

2.2K Followers
Editor for

Writes about Microservices, APIs, and Integration. Author of “Designing Microservices Platforms with NATS” and "Solution Architecture Patterns for Enterprise"

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams