API Gateway Mapping - Gartner - F5

Gartner published its “Market Guide for API Gateways” in October, 2022. Gartner has since published additional research on the topic, including:

API Security: What You Need to Do to Protect Your APIs (January 2023)
Research Index: Everything You Should Do to Address API Security (March 2023)
API Strategy Maturity Model (September 2023)
Market Guide for Cloud Web Application and API Protection (November 2023)

Given Gartner’s pull in the industry, the leadership in your organization may turn to this market research for advice around API Gateways, API Management, and API Security. Therefore, it is important to understand how F5 maps to the Gartner market guide and how that market guide maps to F5’s four tier architecture.

In the market guide, Gartner lays out five Enterprise Architectures of API Gateways. Before we examine the mapping between the Gartner architecture and F5’s architecture, it is worth better understanding the Gartner terminology.

Edge Gateway: This can be thought of as the external portion of the entirety of an enterprise's online presence – on-premises, data centers, cloud environments, and edge environments.
Enterprise Gateway: This can be thought of as the internal portion of the entirety of an enterprise’s online presence.
Departmental Gateway: This can be thought of as each individual environment. For example, AWS, Azure, on-premises, etc.
Micro-Gateway: This can be thought of as sub-environments, such as an individual app or API within AWS. These gateways are specialized for microservice architectures/the microservice level.
Embedded Gateway: This can be thought of as libraries and/or functions that allow developers to integrate an API Gateway within apps and APIs.

It is important to note that not every app or API requires every element of the API Gateway architecture.

F5 leverages a four tier architecture in working with customers to architect services and solutions for distributed, hybrid app and API environments:

The F5 architecture maps to the Gartner architecture as follows:

Global Shared Services <--> Edge Gateway, Enterprise Gateway (F5 products that address this tier: F5XC Regional Edge)

Site Shared Services <--> Departmental Gateway (F5 products that address this tier: F5XC Customer Edge, BIG-IP)

Application Services <--> Micro-Gateway (F5 products that address this tier: NGINX, F5XC)

Beyond the functionality of gateways, there are also significant benefits to having a centralized, unified Management and Operations Services tier, such as is offered as part of the F5 Distributed Cloud Platform. (F5 products that address this tier: F5XC Console)

Some reference architectures are included here to help illustrate the points above:

In this above diagram, F5 Distributed Cloud (F5XC) WAAP covers App Security, API Discovery (and API Security), DDoS Protection, and Load Balancing. F5XC App Stack assists with API Management.

In the above diagram, F5XC WAAP covers App Security, API Discovery (and API Security), DDoS Protection, and Load Balancing. F5XC App Stack assists with API Management.

In the above diagram, F5XC Multicloud Networking (MCN) creates a private link between partner companies, which includes a secure tunnel. F5XC WAAP covers App Security, API Discovery (and API Security), and DDoS Protection. F5XC App Stack assists with API Management. F5XC App Connect connects applications and API nodes.

In the above diagram, F5XC WAAP covers App Security, API Discovery (and API Security), DDoS Protection, and Load Balancing. F5XC App Stack assists with API Management. F5XC App Connect connects applications and API nodes.

In the above diagram, F5XC WAAP covers App Security, API Discovery (and API Security), DDoS Protection, and Load Balancing. F5XC App Stack and/or NGINX assist with microservices.

Published Mar 28, 2024

Version 1.0

F5 Distributed Cloud WAAP

security