Amplify Platform

Amplify Whiteboard chat #4 – Policy Agents

Previously in my Amplify articles, I covered an open API Management PlaneAPI Discovery and Subscriptions, and API observability and traffic analytics.

In my final Whiteboard chat, we look at the Policy Agent capabilities of Amplify.

Amplify Policy Agent

The Amplify policy agent goes beyond visibility and observability and applies policies to APIs in their respective platforms. Applying rules to API traffic is an essential element of API Security.

API Security solutions tend to augment an APIs security posture by adding a layer of indirection to it such as a proxy or a gateway. This pattern has its limits—you cannot stack a new gateway in front of existing gateways each time a new API security requirement changes or is added.

By contrast, policy agents are about applying security within the APIs pre-existing domain.

For example, in a service mesh, our Istio policy agent will configure the envoy components to apply specific policies to specific APIs, as instructed by the Amplify Management Plane.

The capabilities that let you interface directly with the control plane of a service mesh (see Figure 1 below) provides tremendous potential for organizations looking at applying top-down policy governance across multiple service meshes for example.

Figure 1: Policies applied to APIs within a Service Mesh in Amplify

Complex issue

Policy governance across an API management platform is a complex issue. Inside an organization, different groups need to be able to collaborate while maintaining autonomy over their APIs.

Also, not all API platform implementations are equally designed for accommodating policies being applied from an outside governance layer.

Even when the centralized policy governance pattern is desired from an organizational perspective, the concerned API platform implementation might need to be adapted to accommodate this new way of functioning. This results in a temporary distribution of policy governance.

Distributed governance does not exclude centralized visibility and observability as was covered in the last two whiteboard chats. In fact, the discovery and traceability agents in Amplify operate in a way that is completely transparent to the existing API platforms. They do not require expanding existing (local silo) governance over the behaviors of those APIs.

At the time of writing this, policy agent capabilities are available for select environments and are an area of ongoing innovation at Axway. Continuing to enable this freedom with guardrails model where governance at the policy level is distributed, but visibility and insights are centralized will drive the evolution of these capabilities moving forward.

Conclusion

This Whiteboard chat on policy agent concludes our series on the Amplify API Management Plane. I hope this helps in understanding what an API Management Plane can and should do for your enterprise across your API silos.

Note that the management plane is only part of the Amplify platform. Amplify also provides an API gateway, an event-based API hub called Axway Amplify Streams, and numerous integration capabilities for API-enabling just about anything you can imagine. We’ll look at highlighting some of these other Amplify capabilities in future whiteboard chats.

Discover all four whiteboard videos in our series:

View the Whiteboard video on Amplify Policy Agent today.

Don’t miss out on the next Axway Whiteboard Chat: A deep dive into the Amplify API Platform on May 12th, register today.