API Connect Reserved instance provides the ability to add remote API gateways so that you can co-locate the gateway service with your back-end systems for improved performance. With the new announcement of IBM Cloud Satellite, you can make use of this to securely expand your API Connect footprint across cloud providers and into the on-premise datacenter close to where your applications are running.
Create your Satellite location
To create a Satellite location you will need 3 hosts for the control plane, and at least one host to deploy DataPower on. For each of the hosts you will need to do the following:
Set up the host prior based on the host requirements for Satellite.
Register the host for RedHat updates using
subscription-manager register- then apply a subscription to it in the RedHat Customer Portal
Refresh the packages and enable the repositories
subscription-manager refresh subscription-manager repos --enable rhel-server-rhscl-7-rpms subscription-manager repos --enable rhel-7-server-optional-rpms subscription-manager repos --enable rhel-7-server-rh-common-rpms subscription-manager repos --enable rhel-7-server-supplementary-rpms subscription-manager repos --enable rhel-7-server-extras-rpms
- Run the attach script obtained from the IBM Cloud Satellite UI to attach the host.
For the three hosts to form the control plane, you will need to assign them to the Satellite control plane through the UI or CLI.
Install DataPower in the Satellite location
- Download the DataPower rpms from your reserved instance.
- Install DataPower on your RHEL VM. In order to do this along with the pre-reqs I used the following commands:
yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm yum install schroot ipvsadm telnet yum install idg_cloud1.10011.common.x86_64.rpm idg_cloud1.10011.image.x86_64.rpm
Set up link endpoint
- Create a link endpoint pointing to the API Connect Gateway management endpoint (usually port 3000)
Configure DataPower for API Connect
- Follow the steps to configure your DataPower for use with API Connect.
- For the certificates, in order to avoid a hostname mismatch create a self-signed keypair for the management interface for the hostname generated for your link endpoint.
Configure Certificate Manager service
- If you don’t already have one, create a Certificate Manager instance
- Ensure API Connect Reserved Instance is authorised through IAM to access this certificate manager instance.
Add Remote gateway to your reserved instance
- Register your gateway in your API Connect Reserved Instance, filling in the details as follows:
- Management endpoint - enter the full URL and port generated by IBM Cloud Satellite for the Link Endpoint prefixed with https://
- Certificate - the certificate to present for the mutual TLS communication with the Gateway management
- CA bundle - the certificate in certificate manager to use to verify the gateway management endpoint (either your CA or the certificate itself)
- Base URL - the endpoint you want APIs to be called through - should map to the API gateway address configured in the API Connect Gateway service either directly or through a load balancer.