Why Migrate to Kong
APIs form the core of technology backbone for most enterprises today or they intend to do so. The API Management tool is a key ingredient to the mix. An API Management tool provides following capabilities in a nutshell:
- API Gateway: API gateways handle all routing requests, composition, and protocol translations between the client and the third-party service they’re connected to.
- API Lifecycle Management: A sustainable system for building, testing, onboarding, versioning, and managing APIs.
- Orchestration & Choreography
- Developer Portal: Provides a hub for developers to access and share API documentation. This encourages them to discover, explore, test & monetize APIs.
- API Security: Support for TLS & Message Encryption (OAuth 2.0)
As you adopt modern architectures, including cloud, microservices and containers, to build innovative applications, you need an API gateway that is scalable, highly performant, and flexible. Kong is the only enterprise-class API gateway that provides low latency, is lightweight, deployment-agnostic and extensible for these modern architectures.
We’re thought leaders in the space and have provided a cloud native, future proofed solution for your organization that legacy API management solutions cannot. Odds are that your developers are already using Kong open source and love it - but your org has likely outgrown it. As you push the boundaries with infrastructure agnostic applications, and embrace a completely decentralized approach, you can rest assured that Kong Enterprise offers flexible deployment models from bare metal to containers including Kubernetes, to make that transition seamless.... And, when you decide to go serverless, that’s no sweat for Kong.
The performance of API gateways became critical when applications started becoming more distributed in a microservices architecture. Kong provides the lowest latency performance results of nanoseconds, where legacy vendors latency performance results are a thousand times higher in the hundreds of milliseconds, which starts to add-up when the gateway is invoked multiple times within a workflow.
The benefits of Kong’s solution include role-based security, interactive management interfaces, 24x7 white glove customer success and a lot more. You also gain access to the Kong developer portal that supports all your teams: internal, external and partners. Additionally, you gain the power of deep, real-time analytical insights and easy operations that your DevOps team will love.
Our plugin architecture allows us to add, move, delete, and create plugins for all your internal and external API traffic. These include but are not limited to, authentication, rate limiting, transformations, and whatever your needs may be because of the extensible architecture.
Migration Considerations: Apigee to Kong
Apigee and Kong both are very comprehensive API management tools, both offers robust API Management, Development and Deployment options, while there are many points of convergence for both in terms of functionality and technical capabilities, in this article we will talk about few key technical considerations which should be kept in mind while migrating from APIGEE to Kong.
Our Methodology involves:
- To analyse current API ecosystem to understand various aspects for migration to Kong API management platform
- De-Risk migration initiative by providing most considerations prior to starting the transformation journey
- Implement best practices on API design, adhere to API standards, enforce consistent usage & can support future expansions
- Increase developer productivity, ensures reusability & reliability by Implementation of Coforge accelerators for Kong such as APIOPs, Migration Framework, Factory Model
The solution comes bundled with automated deployment & installation of all Kong components. It is loosely coupled and can be run independently.
Key APIGEE Architectural Constructs
Although there are many components that must be considered for migration, here we have listed few technical components that needs special mention as architecturally Kong may not be following similar patterns or features. So, it becomes imperative to understand at what capacity these features are being used and what impact this can bring to overall migration.
- API Product: Many APIGEE customers adopts API Product concept which essentially represents their APIs as a Business Product function”. APIGEE as a tool provides “Out-Of-the-Box” feature to define API product, while Kong also supports “Productize APIs” and has capability to develop the same it does not have any direct feature, hence as a foremost activity when migrating an API Product from APIGEE to Kong will need some architectural tweaking and hence should be one of the most important point of discussion.
- Shared Flows & Flow Hooks: Shared Flows & Flow Hooks allows developers to develop common logic (Common API’s, Policies & Authentication) which are shared among API’s. Kong does not have a concept of Shared Flows, but similar functionality can be achieved by proper design and architecture. Migration will require a partial manual effort
- Organization: An “Organization” in Apigee is the top-level container in the hierarchy of resources (APIs/Proxy’s, Shared Flows etc.), while it is mandatory in Apigee to have an “Organization”; Kong organizes resources using Data Plane & Control Plane. There will be a one-to-one mapping from Apigee to Kong for all resources within an organization.
- Users & Roles: Apigee User & Roles represent Developers, Administrators and other team members and their privileges, they are derived from GCP IAM. Kong uses Organization to manage users and roles. The users & roles can potentially be auto migrated to Kong organization.
Apigee to Kong Migration Steps
Coforge’ s migration services provide a set of services, from strategy to execution that help our clients transform existing applications enabling quicker realization of business outcomes. Our overall tested & reliable solution package can help customers with application inventory, assessment, code analysis, migration planning and execution.
The below chart describes the process that is followed for migrating APIGEE to Kong API gateway. There are obvious steps that can be automated by embracing utilities for migrating to Kong API gateway.
APIGEE To Kong Components Mapping
||Depends on Infrastructure & Users based
||Depends on Usage
||Open API Spec is accepted and supported by Kong.
||API proxies acts as managed 'facades' for backend services for the APIs
||backend services for the APIs.OTB Support (Kong Routes)
||Open API Spec is accepted andsupported by Kong.
||combine policies and resources into a shared flow that you can consume from multiple API proxies, and even from other shared flows. It is exposed as another API or proxy.
||Not Supported (Custom Solution Required)
||For combined common plugin features, We can build custom solution or same plugin can be applied to multiple Kong components (services, routes, upstream, consumer).
|Environments & Organization
Organization: An organization is the toplevel container in Apigee Edge. It contains all API proxies and related resources.
Environments: An Apigee environment is a software environment, within an organization, for creating and deploying API proxies. APIs & API proxies must be deployed to an environment before it can be accessed. APIs & proxies can be deployed to a single environment or to multiple environments.
||Organization in Kong is used for user roles and group mapping. Onboarding to Kong SaaS Konnect platform is done based upon Org. Customer hosted Kong Runtime provides the infrastructure to deploy Kong artefacts and proxies the services.
||Logical grouping of environments
||Kong Runtime Group
||Group of Kong Runtime managed in a single Kong Runtime Group
||DNS end-points assigned to Apigee server for exposing APIs & Proxyd
||Kong Runtime DNS
||DNS mapped to Kong Runtime server/ Runtime server external ip
||Flow hook attaches a shared flow so that it executes at the same place for all API proxies deployed to a specific environment. This allows a separately implemented and deployed sequence of logic that is not part of a proxy's implementation code.
||Not Supported (Custom Solution Required)
||Custom Solution can be built to support the feature. Kong provides a feature to execute plugins in sequence based upon need.
||TargetServers decouple concrete endpoint URLs from TargetEndpoint configurations. Instead of defining a concrete URL in the configuration, it allows to configure one or more named TargetServers. Then, each TargetServer is referenced by name in a TargetEndpoint HTTPConnection.
||Kong Gateway services and Upstream can be used to configure the target service provider endpoint and other security or header related parameters.
||A keystore contains a TLS certificate and private key used to identify the entity during TLS handshaking. In one-way TLS, when a client connects to the TLS endpoint on the server, the server's keystore presents the server's certificate (public cert) to the client
||Certificates & SNI
||Certificates used to store certificates that is required for TLS or SSL hand shake. SNI is ued to map certificates to host server.
||Granular access privileges assigned to a GCP user
||Organization in Kong is used for user roles and group mapping.
||Users represents the organization's API team, which can include people such as administrators, API proxy and API product creators, users monitoring analytics and other statistics, and any others. They are directly tied to GCP IAM users
||Organization in Kong is used for user roles and group mapping.
||The users in an organization create one or more API products, where an API product is a bundle of API proxies combined with a service plan. That service plan can set access limits on API proxies, provide security, allow monitoring and analytics, and provide additional features.
||Kong Services, Third Party Plugins and Custom Solution
||n Kong services provide base to support this feature. Different Third Party plugins and Custom solution can be build to support these features.
||API portals are bridges between API providers and API consumers that provide information about the API at every stage of an API's lifecycle. API portals allow providers to expose and publicize their APIs, educate developer communities about them, provision user access, generate client keys and more.
||Kong Developer Portal is used for API documentation, API discovery, bridges between consumer client and API.
API Management tool has become a vital part of enterprise solution, we at Coforge have niche expertise on API solutions around Kong including migration from existing API solution to Kong API solution.
We are trying to solve following common problems around API Management Tool & Kong Migration:
- What is API Management Tool & why it is required
- How to select an API Management Tool
- Why Kong is good choice
- What are the key considerations for Apigee to Kong Migration
- How Coforge helps and enables client in migration to Kong