 This video provides a brief introduction to Red Hat OpenShift API management, also known as ROM. It covers obtaining an OpenShift dedicated cluster on AWS, managing identity providers, installing the Red Hat OpenShift API management add-on, using the service as a dedicated admin, and using the service as a developer. So to get started, you'll need to obtain an OpenShift dedicated cluster. This starts by logging in to cloud.redhat.com. Once you've logged in, you can select OpenShift cluster management, also known as OCM. Once you've selected OpenShift cluster management, you'll see existing clusters for your account or group. You can click the Create Cluster button and then select OpenShift dedicated. Since Red Hat OpenShift API management is only supported on OpenShift dedicated at present. When prompted to choose a cloud vendor, select AWS. This is because Red Hat OpenShift API management is only available on AWS at present. Various configuration options are available for the OpenShift cluster, and these will be enabled or disabled based on your customer entitlements. A region can be selected, as can availability zones, and even instance types for your chosen cloud provider. Compute nodes can be selected, and network side arranges can be configured to facilitate customer networking, pod density, and scalability concerns. In this example here, we're going to go with mostly the standard options, so our cluster will be public, and we're also going to use the basic networking configuration. Once you're ready, go ahead and choose Create Cluster. This will start the provisioning process, and you'll be redirected to a page that has the installation progress. It'll take a few minutes, but your cluster will become available after a short time. After the cluster has been provisioned, you'll need to configure an identity provider, as highlighted by the OCM UI. Clicking the Add OAuth configuration link will present the Create Identity Provider dialog. A few standard IDPs are supported, as is any provider that supports an open ID flow. For this demo, I've configured a GitHub IDP. This just involves copying, pasting some settings from a GitHub organization, so we'll skip ahead. Once the identity provider is configured, it will be listed in the OCM UI. Next, it's time to choose a user, or list of users to a point as dedicated admins. You can do this by entering their username, which in this case is my GitHub username. I can now go ahead and test everything is working as expected by clicking the open console link and logging in by choosing my IDP from the list. Since I'm using GitHub, I'm redirected to them to authorize the organization access, and then I'm redirected back to OpenShift. Installing Roan, the Red Hat OpenShift API management add-on, is a straightforward experience. Simply choose the add-ons tab for the cluster in OCM, and if you have the correct entitlements, you'll be able to click Install. If you specified a custom site or range when creating your OSD cluster, you'll also need to provide the add-on with similar information. You'll also be asked for an email address. This email address will be the recipient for alerts related to the API management service. For example, if you exceed rate limits defined by your SKU. A user with the dedicated admin role can log into the cluster and observe the managed services operators being installed. It's important to note that the managed services operators can only be viewed by dedicated admins. A dedicated admin cannot modify or delete these operators. Once the installation is complete, Red Hat applications and managed services will be displayed within the OpenShift application launcher. Clicking on the API management link will allow a user to access the three-scale dashboard. To log in, they'll use the configured IDP on the cluster. Since this user I'm using is a dedicated admin, you can see they have full access to the default three-scale tenant. They can view developer accounts, modify the developer portal, and they can also configure SSO integrations. Speaking of SSO integrations, this provides us with a nice segue to take a look at the Red Hat SSO instance provided with Roam. The SSO instance can be accessed via the OpenShift application launcher. Similar to the three-scale API management and OpenShift console itself, log in occurs using the configured IDP on the cluster. The dedicated admin user can view and make some modifications in the master realm. You can see here that we're demonstrating how to create a new realm. And also a client in the SSO portal. Let's see how these can be used with three-scale. Now that the client has been prepared, we can copy the details across into the relevant fields in the three-scale developer portal settings and create an SSO integration. We can go ahead and test it out. And in this process also validate that the three-scale SMTP settings are operating as expected. Since part of the sign-up process involves providing our email, this will allow us to verify the SMTP settings. A short time after signing up, we can head over to our email inbox and see that the email has in fact been delivered. So now I'll switch from Firefox to Chrome and demonstrate the product using a user that is not part of the dedicated admin's group. So you can see here that I'm using a different user here in Chrome than I was in Firefox. Another notable difference is that the link to Ocm is no longer included in the OpenShift application launcher. Let's see what happens when this user tries to navigate to the three-scale console. You can see the login flow is the same and it uses my GitHub IDP. However, you can see this user doesn't have access to much. They'll need to be granted access by a user that has necessary permissions to do so, such as the dedicated admin I was using previously. Let's check out Red Hat SSO next. As you can see, this user can login and view the mast around. But many UI options are no longer rendered. For example, the users and clients are not displayed. This user can create a realm if they need to for their own application. But as you can see, the access to the mast around is restricted for them versus the dedicated admin users. And this concludes the introduction to Red Hat OpenShift API management.