Mobile has ushered in a whole new world of business scenarios focused at engaging customers, employees, and business partners. Mobility has gained almost ubiquitous acceptance as a mainstream channel for doing business, catching a lot of large and small companies by surprise. The pressure of businesses trying to capitalize on this channel is imposing additional strain on Enterprise IT to serve existing channels and this new channel with significantly different user interaction characteristics and demands.
This growing demand for mobile apps has hidden consequences for Enterprise IT including a spike in back-end activities/transactions; the resulting need to re-architect how firms handle security, data, and middleware; and the reworking of back-end systems and processes. Enterprise IT, under pressure to deliver, has legitimately taken one or both of the following approaches to deliver mobile applications:
- Use Mobile Application Development Platforms (MADP) to build native or hybrid mobile apps, recreating an alternative façade to their web application. This typically entails consuming the same interfaces and security standards that were designed for web applications and making the necessary transformations in the mobile device. MADP providers to their credit have been adding support for consuming various message formats and a variety of security and data protection protocols.
- Create a parallel RESTful API infrastructure connecting applications directly to mobile devices. RESTful APIs offer a lightweight format that is simpler to document and consume within mobile apps. However this creates a parallel or sometimes redundant infrastructure to existing middleware or SOA deployments.
Both of these approaches have their merits, but neither constitutes a complete solution for addressing the demands of an enterprise mobile architecture. Organizations that took the MADP only approach are finding that it results in; heavy and sluggish mobile apps that compromise the mobile user experience, apps that are difficult to port to other devices, and apps that require frequent updates every time a backend application or service changes. Creating point to point APIs creates a redundant infrastructure to the SOA and ESB infrastructure in place at most large enterprise. To address the chattiness and atomic nature of mobile transactions, some services providers have been pushing to create a completely new infrastructure to address mobility demands.
However, as we observed with cloud where organizations are now coming to the realization that there is a happy but broad “hybrid” medium between private datacenter and cloud only infrastructures, enterprises are also realizing that they do not need to re-architect all their backend applications and middleware to adapt to mobile. There is no need to start a demolition project, or stand-up a parallel infrastructure just to support mobile apps. The ideal middle ground is setting up a sort of intermediary, between your existing applications and services, and your mobile applications that does all the transformation, and mediation, applies security polices and so on. We at SOA Software have been quietly building just such a solution. Enter the Mobile Application Gateway.
The Mobile Application Gateway is a solution that addresses the limitations of the above approaches. It does not replace the need for MADP, but enables native and hybrid mobile apps to communicate securely with enterprise applications and services, whether they are running on-premise or in the cloud.
There are three key aspects of what a Mobile Application Gateway should deliver
Provide REST APIs
MADP platforms provide a platform for building engaging apps that can be provisioned to multiple devices/platforms through multiple app stores. Some MADP providers or newly minted mBaaS platforms also provide a set of services that are commonly required for building mobile applications. Abstracting out enterprise backend applications and services makes it more efficient for app developers to concentrate on the mobile user experience and functionality, rather than getting bogged down in the details of the various different messaging formats, styles, protocols and the corresponding nuances in the way they handle security.
A Mobile Application Gateway provides a REST API façade for mobile developers, providing them with API documentation, an easy way to test these APIs, license them from respective API providers and apply standard security mechanisms, accelerating development and relegating complex message and security processing to the Mobile Application Gateway.
Transform, Mediate and Integrate with other Applications and Services
Most enterprises have a large deployment of existing applications and services. They use an array of different messaging formats and protocol that could range from SOAP/XML to JMS or even native platform specific protocols like Net.TCP. While the APIs that are published to developers need to be simple and elegant, they need not expose the architectural complexity that is often required behind the scenes. Some of the best-designed APIs aggregate and orchestrate between multiple backend applications and middleware infrastructure.
A Mobile Application Gateway can help achieve this without replacing existing middleware, by adding a valuable proxy that can be deployed in the DMZ (or cloud) to perform the necessary transformation, mediation, security token exchange, orchestration etc. at the edge of the enterprise.
Manage Lifecycle of APIs and Services
Enterprises have spent millions of dollars on their applications, middleware and security infrastructure. This infrastructure is constantly being updated and upgraded due to business requirements such as new features etc., or technological requirements like version upgrades or patch updates. It is quite difficult to keep track of the relationships between the various applications and services, their respective versions and their complex interdependencies. This complexity is further accentuated when these applications and services are published externally as APIs to a vast army of mobile developers and partners, as any change to an internal application or service, might have ripple effects on APIs. We are all aware of the frequent updates to either mobile apps themselves or even worse, the loss of capabilities in these apps when a backend service is changed.
This calls for a more strict and holistic approach to how businesses manage the lifecycle of their APIs across all stages of the lifecycle from business requirements, design, development, testing, production and retirement. Enterprises need to adopt tools that allow them to manage their API Lifecycle, beyond simple version control, linking lifecycle management back to the underlying services and applications, and most importantly the evolving business and technology requirements that initiate these changes.
The Mobile Application Gateway is an integral part of the enterprise API Lifecycle solution, taking its configuration and policy directly from audited decisions made during the planning and development stages of the lifecycle.
There are several other aspects of enterprise mobile app initiative such as analytics, monitoring, and security but I will reserve these discussions for future posts in this series. However, it’s clear that there is a need for an intermediary like a Mobile Application Gateway to abstract enterprise applications and services from mobile application developers in order to accelerate mobile development.