[Technology Preview] Using the Lightweight Gateway to secure an application domain

The Lightweight Gateway is a nimble, cloud-native, declarative gateway that provides the best-in-class experience for security, traffic control, and integration. Use the Lightweight Gateway to secure an application domain in your VPC on Amazon Web Services (post Preview).

Technology Preview

This feature is provided as a technology preview. As such, the feature might not be fully functional in your environment and support is limited. In addition, the feature’s appearance, functionality, and name are subject to change both in this release and in later releases of API Connect.

For this preview, a Lightweight Gateway instance is deployed on a cluster maintained by IBM instead of within your own VPC. When the preview ends, the Lightweight Gateway will be removed and all data associated with it will be lost.

About the Lightweight Gateway

What is the Lightweight Gateway?

The Lightweight Gateway is a cloud-native gateway that uses a componentized architecture with a small footprint (low memory and CPU requirements). It is designed to work in a network-isolated environment and is optimized for containers, which enables fast start-up and offers a highly scalable, decentralized deployment.

The Lightweight Gateway is a light weight runtime service, which works in the microservice-centric application layer, in contrast with the existing API development model which works from above by using the DataPower® API Gateway to protect API access through the DMZ.

With the Lightweight Gateway, you can accelerate application modernization across hybrid environments. When the preview ends and this feature enters production, the Lightweight Gateway will be hosted within your VPC on Amazon Web Services to protect a specific application domain and set of APIs by directing traffic at the application level.

The Lightweight Gateway feature is available in API Connect Enterprise as a Service and requires the Premium subscription.

What does the Lightweight Gateway offer?

The Lightweight Gateway offers many benefits, including:

  • Support for OpenAPI 3.0 REST APIs (OpenAPI 2.0 is not supported)
  • A robust set of gateway policies to support routing, security, rate limiting, mediation, and governance
  • Monitoring with Open Telemetry

For this preview, you will perform all API creation and lifecycle tasks using YAML code and the API Connect toolkit CLI.

How is the Lightweight Gateway different from DataPower API Gateway?

The Lightweight Gateway is used in conjunction with the DataPower API Gateway; each serves a different purpose:

  • Lightweight Gateway

    The Lightweight Gateway is a set of microservices deployed as part of your API Connect service on AWS on your internal network (post Preview). The Lightweight Gateway supports cloud-first and next-generation needs such as a declarative model and software crypto libraries. The Lightweight Gateway directs traffic at the application level, within your VPC on Amazon Web Services (when the preview ends), and protects a specific application domain and set of APIs. When you use the Lightweight Gateway, you assign each API product to its own instance of the runtime service.

    Use the Lightweight Gateway when you want to secure applications at a local level; for example in a single data center, a service mesh, or a microservice.

  • DataPower API Gateway

    The DataPower API Gateway is the primary gateway service for API Connect Enterprise as a Service. A single gateway secures all of the enterprise's provider organizations and their assets (including all Catalogs and Products). The DataPower API Gateway can be hosted in the DMZ to support external connections, and supports legacy needs such as DMZ Hardening and multiple transport protocols. You deploy it as an API Connect subsystem, either hosted on a server cluster, or as a VMware appliance.

    Use the DataPower API Gateway as the primary protection layer for your enterprise.

Restriction: Lightweight Gateway and DataPower API Gateway are not compatible because they are designed for different purposes.

You cannot use an API with both gateway types, you cannot use policies designed for one gateway type with the other gateway, and you cannot migrate APIs between gateways. When you develop APIs, you incorporate assembly policies that are designed for that type of gateway. When you package an API in a product, the product specifies which type of gateway is used for processing the API.

How do I enable the Lightweight Gateway?

Complete the following steps to enable a Lightweight Gateway preview for your API Connect Enterprise as a Service instance:

  1. Log in to API Connect Enterprise as a Service.
  2. On the page banner, click API Connect instance settings.
  3. On the Instance settings panel, click the Lightweight gateway toggle to enable it.
  4. An instance of the Lightweight Gateway is deployed for your use during the preview.

    When you enable the Lightweight Gateway, a service instance is assigned to your API Connect Enterprise as a Service instance. When you assign an API product to the Lightweight Gateway service, the API product receives its own runtime instance of that service.

    Remember: When the preview ends, the Lightweight Gateway service will be removed and all data associated with it will be lost.