 Okay, see the red light. So here we go This is Elijah Martinez. I'm Bob Land. We work for SAP in our areas SAP cloud platform Which we'll talk a little about we're gonna be discussing monetizing Microservices and APIs and cloud foundry in some order. So First of all a few words about what SAP cloud platform is SAP has a lot of stuff that enterprises use the SAP HANA database S4 HANA Software the their applications like concur, Arriba Typically all these things out of the box meet a lot of the needs of an enterprise, but they need Extra they need extra functionality and rather than do that One at a time when enterprise at a time SAP has put together a Platform as a service which includes collaboration Integration Internet of things machine learning and as you see cloud foundry. These are the things the building blocks that are used for Customizing the experience of the enterprise software and in particular microservices By using API proxies. It's possible and we'll see this to look at all of the assets the software assets as Potential sources of microservices which can then be used in the cloud and so we'll talk a little about and and then of course We can leverage things like support for browsers and mobile devices So first of all That explanation doesn't satisfy a daughter. She's in sixth grade So this is what I tell her SAP cloud platform is like a big minecraft Inventory of really cool things and they let IT organizations Create really great enterprise software while they are scrambling in survival mode And so you can think of the security is like diamond armor and then the web IDE is like a crafting table and HTML and job those are your swords your picks We have no JS and so on you can imagine who are the skeletons firing arrows and the The cave spiders so next slide here, so Really, this is what we see we can use cloud foundry for scaling we can use it for failover We use for load balancing and this makes so what which used to be a challenge a lot easier If you're trying to get a job done at the same time have reusable code You have a lot of problems the code is not those are two things that are intention And what can happen is scaling can be a problem or you may have Technical desk so This is really a terrific thing for doing so it gives another chance. Let's go on again So we're going to talk about Microservices derived from the back end software how we can monetize it There's a story about that and a little bit about how we track API usage So getting into what we mean by that microservices from the back end So cloud foundry is great if you're doing greenfield cloud native development But if you've got legacy software you can be excited about that because you can develop Microsoft services Based on the capabilities you already have and back in software Running in data centers and you can leverage it in the cloud next slide, please so API management is very important for this. This is mining. You know the minecraft thing valuable focused certain functionality from on-premise software and so We consume those API's with cloud native software and there's no required refactoring Replatforming or any changes in the back end code so next and the security remains the same So we're gonna see a story about how this happens in one organization. So let's go next. So there's the story and Next And it's about a closeout sale. So these cartoons are actually a product Called scenes that SAP uses for user-centered design. It allows us to look at scenarios based on the individual circuit of using the software and ask ourselves how they cope today how they cope with our software development and we can focus on Optimizing functionality so here we've got a warehouse manager Leo an IT manager Walt and installation tech Zoe next so Zoe Leo are setting up for a week of installing hardware with customers and suddenly Looking at route maps Zoe sees that her phone gets a device use deprecated and Leo gets the same thing. I don't know if any of you have ever had that I've actually had that happen to me and I won't say the brand of device but as a result I had to go through Some talks with IT so next and of course in IT what you get is a train of Messages from lots and lots of people with problems Now Walt is thinking about this logically says all of these people bought the devices online from the company store they should be able to go online and exchange those devices the problem is the store isn't built to do that and touching that kind of monolithic app can be dangerous if You don't break it you may take its design in a direction that you later regret and so What he really wants is just to be able to layer something on top of what already exists Next slide. So this I'll just say this is the company store app. You can have this your very self we have these You can get a Trial account in SAP cloud platform for free just registering online And among the sample apps is in fact a webshop like this next So well and here there's the the phone that we're saying is is going to be recalled so what he wants to do is for the employee who owns one of those to see a pop-up that says this is deprecated exchange it and Run do the right thing so and then just send an email saying this has all been handled So let's say he does that how did he do that? Okay now so well he took a little too fast Okay, so instead of disappearing the phone from the list because it's deprecated next he wants to insert API management in between the APIs that were exposed on the back end and that were consumed in the cloud on the web and the API management layer Makes these changes and layers them on top of the interface already existed. So let's see how he does that next Okay, so that's what he wants. He wants to come up so he deprecated a single button that says exchange and then the JavaScript does the rest on so The steps number one Use this SAP cloud platform API management create API proxies For the O data services and then protect them with keys and policies then something else and eventually you hope to make money next so he goes to API management, this is one of the many services we saw for SAP cloud platform and It has two flavors There's a portal for people who are building APIs and another portal for people who are consuming APIs in applications So first we have to build the API. So here he sees statistics on what APIs has been have been built already in the system And how much they're being used and who the big users are Now what he can do now is go to the company store browse it in Chrome and So we all do just click on developer tools and now he can look and find where is that thing getting its back-end data about these devices Copies the URL now goes back to the home page and says create API pastes the URL and Now creates a base path in the API He says he clicks once and now he's got a Basic API proxy. He's come in between the back-end and The internet so at this point when he clicks save and deploy He's got a live proxy. Does he really he can copy that next and Paste it into Chrome and he sees the back-end data and that's bad So what he realizes is maybe that was a little too fast and he goes on to add security so you go to policies now goes to policies and He can now add as many policies as he wants on the request and response paths of that API a Good one to add at this point is Check for an API key and see you have a good API key. So he puts that in right away now Let's see what happens. Ah, okay You can no longer get to your precious back-end data from Chrome because it's looking for a valid API key now few steps apis Back a little. Okay. Thanks. Okay. Yeah, you have to create a product. So he's clicking on product A product is a way a logical Collection of API is that go together for developers might be as little as one API, but typically There may be several ones for example a security Product might have several kinds of protection for different kinds of code injection moving on Okay, so he's creating a product named product and moving on And he selects just the API that he just built saying that's what's in the product Okay, and the product is now published which means that he can work on it in the developer portal So at this point he puts on his developer hat and opens the developer portal he sees the product there he can click on that and Typically there would be Information he's built the thing so he knows what it does but this would have a lot of information about what this API does and Any cautions about using it? He subscribes in the name of his application Okay, moving on and so that's the company store UI Which also is now going to have additional logic and widgets for his deprecated items announcement and the exchange button So now the company store UI is a registered API application and so If he clicks on that he finds its very own unique API key That is going to give him access to the API so we move on and there's a in SAP Cloud Platform you have a client that can use for testing these things or he could use postman same thing and sure enough if he adds the API key to his request He can actually get at the back-end data and this time it's been done securely with an API key So moving on So he's gotten at the back-end data He has managed to add a policy that makes it safe to expose and now he can use hooks those hooks From the company store UI so that he can exchange deprecated devices So he basically just has to make changes to the UI the back-end remains exactly the same and I never was and so He gets it and now his employees are able to exchange a deprecated phones is He done Well, not quite Leo it turns out is now getting flooded with thousands of phones which the vendor will not take back and His idea for a solution is could he please have an external facing website so that wholesalers can bid on these things And he can clear his stock. He needs to zero his inventory They discuss it and the company is able to negotiate to have a 24-hour closeout online auction but a 24-hour closeout of bidding war does not sound good to waltz because that web traffic would not be a good thing for his dedicated servers to experience The answer is to deploy the auction site on cloud Foundry moving on so He doesn't create the auction site what he does is he goes back to the API? Portal and he creates permissions on a product that can be exposed to external users And then those users log in to the dev portal and with their role. They only see a limited number of Products so using that reduced product, which doesn't expose anything That that is sensitive A contractor is able to create an auction site using another SAP cloud platform feature the portal service and The portal service is a great way to create things Websites that have uniform branding and that are tightly integrated with the rest of SAP cloud platform So the site has been Created for him. He now goes into so Walt now can access his cloud Foundry space in SAP cloud platform and He can create a container for his for his closeout sales and then upload it From the mtar file which represents the work that the that the contractor did And at that point he sees that he now has an instance of his Closeout site and it's running He can look at details of it and then Next he can vary the the quota and Memory next and he can those two buttons up there Allow him to add or subtract instances and next and so by monitoring exactly what's going on he can massage the Ability of the auction site to handle traffic so Leo is able to clear his shelves and The deprecated inventory is zero Now Walt is getting emails from some of the bidders who would like to have Opportunities to buy other access inventory and they would like to subscribe to these APIs as a service well Walt is able to Recognize that he was able to solve his immediate problem. Leo wants to use the same method to liquidate further inventory issues, so He's now considering selling access to a limited API that he now has a good idea of what it would be To liquidators and third-party developers and charge them based on usage Next so tracking usage is the key to monetization here and that's analytics So if you see here the API platform and developer services we talked about But the analytics is the other part of this so you can look at the long and short-term trends and Analyze and of course because every application has a unique Token you're able to see a key. You're able to see who's using what Now you probably also noticed we had this thing called API business hub Which was to the left when he went to API management now what that is is? Like the developer portal But it's for the things that came out of the box with SAP cloud platform you're able to get at those features through APIs and so you can explore that and and Use that as a way of generating new functionality so next So yeah, the Yeah, this is a good example of some of the things on the side there the S4 HANA finance or the success factors These are all the translation hub. These are all things that can be accessed as APIs and integrated another software This translation is only like 39 languages These are some resources and the most important thing is that if you do decide to just Sign up for free for a your very own Trial landscape You play with these things and It's better than a demo next Thank you very much Never my fan So I did just want to summarize a little bit about what we had heard in this nice demo presentation You know the idea here is that you can as a developer come in and work on top of the APIs that exist already to monetize and Basically revamp existing access and assets You can do that either as a partner So Bob mentioned for example, you can have a partner build the shell structure Which can be reutilized on top of the APIs that exist already you can do this as a customer So you can actually incentivize developers to direct traffic. So for example the auction site You can basically open up those APIs to the developers and say for every, you know Person you direct over to my auction site I will give you some small amount of payment from your application And I will track that again as Bob was talking about through your API key which you're able to get and You're also able to as a developer Create your own APIs on top of the microservices in Cloud Foundry and charge other users to use the service that you are Creating in again like this mashup style concept where for example, you have an existing legacy system You've built an extension on top of that from your own microservice that you've created and by them consuming what you've created You're able to then charge them some cost to use and that's actually one of the very nice things about the API business hub That Bob was just introducing is that many developers are not necessarily enterprise developers You may not know about enterprise services software all this stuff. It's something you don't really care about You've never worked with it before But with the APIs you don't need to know all that stuff, right? You just need to know what the forms of the data that's going to be returned You need to know sort of what people are going to be looking for and then build some kind of extension or application on top of that So we've actually already seen Success factors, which is our HR solution. We've seen developers come into the business hub Discover the forms and data that's returned. We actually have sandbox data that you can play with live In the API business hub for free And just from discovering and learning what those data formats look like Build an application that actually visualizes and makes a nice front-end on top of that data Which can then be sold to customers in order to actually Be used in their live production instances and these are people who don't necessarily know this enterprise data already so it's a really nice way to actually start to develop Monetize and make money on top of data without having to be like a true enterprise level person So I just wanted to kind of summarize all the things that you heard here as well as Bring a little bit of new stuff into it. Now, of course monetization doesn't have to just be on the API management layer level We like it because it makes it much more easy and flexible There was an earlier talk by Pankaj about actually monetizing microservices on the cloud Foundry layer and you can really do monetization wherever you want But we think that API is one of the easiest ways to actually go ahead and be very agile in terms of getting Processes started and monetizing them So I think with that maybe we can open it up for questions Are there any questions about any of the things that you saw here? I know this is a lot of information to be presented with at once if not I'm not seeing a lot of hands up. Okay So there are definitely quite a few security policies So authentication, of course, doesn't have to just be done with an API key. You can do it with an OAuth Token you can do it with SAML. So Calling out to an IDP for people to really make these applications enterprise ready and then there's real Access runtime level authentications. You can do things like like you're saying injection protection One of the ones that I just saw very recently was for JSON inspection you can actually limit the number of Recursive layers that can be added to a particular thing so you can't just overload a back end with some ridiculous number of things You can do traffic quota. You can do spike arrest. You can do XML bomb protection things like that So there are actually quite a number of pre-made security policies Specifically with that kind of stuff in mind and I don't know if anyone's familiar with OWASP So this is kind of a broader security thing. So we've Really tried to address a lot of the top Threats that they have brought up in terms of being a ready-made policy and then as Bob mentioned you can actually create or script your own Enhanced security protections if there's something that's not out of the box that you really need So it's a pretty robust tool for actually really protecting and making sure that APIs are not just open willy-nilly and that's really one of the powers of that is that Everybody loves API's. I mean it really makes the developer Experience much better, but the idea of having just open API's is not always the best especially in an enterprise scenario. So You know if you have any kind of need for protection of a back end Having that managed API with the security the authentication Transformations things like that it really adds a lot of value to those APIs. So Thank you for that question any other questions So Our developer portal well so the actual underlying structure of the API management is all built as an API first technology So you can access all of the information via API calls The actual just front-end is built on what we call Fiori. This is kind of our Fiori experience, but it can be Modified so for example Bob talked about the cloud portal. You can actually build a cloud portal front-end to the developer portal And you don't have to use our stuff out of the box either. So you can use even just like a CMS or Just a plain web page as long as you're able to Pull in those API calls. So it really is whatever you want. So we provide something for you out of the box We provide templates for making easily consumed portal sites And then if you want to go your own way, then you have all those API calls available as well Anything else? I know every time I start to say like ah, there's no more questions. Someone has one So I'll really I'll wait this time Any other questions? Okay, now I'm calling it and if you do have other questions that come to mind we do have an expert booth available in the show hall Well, and myself will be participating as well as a number of other experts in the cloud platform product management and True technical development experience level. So please feel free to come by and ask us any questions you like and Thank you for attending