US Fortune-500 financial services organisation

A ‘batteries included’ approach that’s easy, fast and cost-effective on an on-premise private data-centre

REGION  Americas
SECTOR  Financial Services
PRODUCT  Open Source

US Fortune-500 financial services organization and Tyk

The user, an American Fortune-500 organisation focusing on financial services, has replaced a multi-million-dollar legacy system with Tyk’s powerful, open source gateway – at no charge. In addition to the cost benefits, Tyk is simpler and easy to use, meaning everyone wins.

Who is the user?

  • A Fortune-500 financial services organisation
  • Specialising in insurance and investment
  • Based in the US
  • Works with clients across the Americas region

Why did the user need an API gateway and management solution?

The user needed an easily automatible, cloud native API gateway that suited its business needs. In its own data centre, they previously used Apigee API Management software and, while it worked, it was getting very costly and tied the organisation to the GCP platform. The top-down initiative was to become vendor-agnostic as soon as possible with both tooling and clouds.

This led the user to look at API open source gateways. The company found Tyk to be most robust to build on top of, while also delivering a vendor-agnostic solution for their whole ecosystem. This enabled the user to move off the multi-million-dollar Apigee platform and achieve a huge cost saving.

The fact that Tyk solution is built from the ground up in Golang, and not dependent on any 3rd party underlying technology was an important factor for the user in ultimately selecting Tyk.

The move to Tyk also meant that the Fortune-500 financial services organisation was able to address its previous vendor lock-in issue.

Why Tyk?

Tyk isn’t the only solution on the market, so what was it that made the user decide to put their trust in Tyk to manage their internal APIs, empowering them to better serve their financial customers?

The user’s development organization has long been a proponent of OSS and heavily relies on OSS in the development and delivery of services.  Given Tyk’s OSS roots and continued stewardship of the open-source community,  it was a natural fit.

Finally, it was the ease with which Tyk could be deployed into nearly any environment. It was the ‘batteries included’ nature of having a fully featured, enterprise-grade API Gateway out of the box, with no underpinning dependencies to worry about.

How has the user deployed Tyk? (Private data centre)

The user has deployed Tyk to their legacy on-premise environment in their own data centre. Microservices are deployed both inside of a Rancher managed Kubernetes cluster and outside of the cluster as well.  The Tyk gateways, while residing inside of the cluster are able to manage and route API traffic for both groups of microservices.

For authorization and authentication to these services, the user utilizes both JWTs and LDAP.  Tyk offers full support for JWT validation and LDAP auth out of the box but also allows for users to employ their own custom authentication and validation logic via plugins.  Tyk supports plugins written in Python, Go, Lua, JavaScript, and the gRPC supported languages as well.  The user, leveraging Tyk’s plugin framework, developed JWT and LDAP validation plugins written in Go to execute the desired custom logic for authentication and authorization to their microservices.  The user is utilizing Tyk Pump to send analytics in real time to their existing New Relic platform. One of the many integrations that Tyk Pump offers out of the box.

The organisation has completed the migration phase of replacing its legacy Apigee micro-gateways with Tyk in this architecture.  Tyk, allowing for the import of the user’s existing API keys and API data from Apigee, the user is able to transition APIM over to Tyk without having to update their service implementations or reissue any keys to their consumers.

This migration also allows for the user to greatly reduce the complexity of managing their existing APIs.  Tyk has a concept of API versioning, allowing the user to define different configurations and behaviors for different versions of a given API, all within a single API definition.  With the user’s former solution in Apigee each deviation from an API’s default behavior would require an entirely new API to be created, resulting in thousands of API’s the user had to keep up with and manage.  With Tyk’s versioning capability these thousands of APIs will eventually be able to be reduced down to a few hundred, making the full life-cycle management of their APIs a much less daunting task.

In total, the user has created 4 separate environments: Dev, Test, Stage and Prod.

Components installed: gateway, redis, pump  –  Load balancing: F5 LTM  –  WAFs: none  –  Connectivity between components: Redis using TLS over 6379  –  Location of installation: On-premise data center, Milwaukee Wisconsin  –  Platform solution is installed on: VMware, rancher managed kubernetes also on vmware  –  Operating system used: Tyk gateway and pump built on alpine docker image, run on CentOS (stable)

What difference has using Tyk made?

The user is benefitting from choosing Tyk in several ways. Front and centre is the significant cost saving that using Tyk has achieved, but the Tyk solution is also simpler and easier to use.

Tyk has, quite simply, provided the best gateway on the market, with the ability to achieve everything the user needs, through an open source, powerful gateway at no charge. A major benefit is Tyk’s willingness to support the open source only product under an Enterprise Support SLA.

The fact that Tyk works with a wide variety of programming languages is a further benefit. Ultimately, the Tyk solution is helping the user better manage resources and cutting costs on tooling significantly. It is keeping the organisation from having vendor lock-in with cloud providers or other tooling, while the Tyk Sync open source tool supports continuous integration & development. If you are interested in learning more about Tyk’s suite of OSS feel free to get in touch here.