Architecture Overview

Learn about the NGINX Management Suite API Connectivity Manager architecture.

Overview

This topic provides an overview of the API Connectivity Manager architecture and personas.


Terminology

This document introduces the following concepts.

Topology

Term
Description
Management Plane The management plane is an abstraction layer used to configure, monitor, and manage the layers of a network stack. API Connectivity Manager, a part of the management plane, establishes guardrails and configures rules for the data plane.
Data Plane NGINX Plus instances in the traffic path that act as load balancers, API gateways, firewalls, ingress controllers, and caching systems.
Proxy Cluster

NGINX is widely known as a reverse proxy, and a Proxy Cluster is a set of one or more NGINX Plus servers working together. A proxy cluster keeps configurations in sync across all instances and maintains data consistency by sharing the runtime state.

Examples:

  • API Gateway Cluster: A cluster of one or more NGINX Plus instances acting as a single proxy for API requests.
  • Dev Portal Cluster: A cluster of one or more NGINX Plus instances configured to act as Developer Portals. Developer portals provide a framework for hosting API documentation, provisioning access keys, and managing approval workflows. In addition, you can test your APIs with the “Try It Out” feature.

Platform Services

API Connectivity Manager uses NATS to communicate with the NGINX Management Suite platform services.

Service
Description
Core The core service configures and sets up the management plane, as well as performs data analysis for metrics, events, and alerts.
Data Plane Manager (DPM) The data plane manager (DPM) service is responsible for configuring NGINX instances on the data plane, monitoring the state of data plane resources, and generating reports and event messages.
Ingestion The ingestion service collects metrics, security violations, and events that are not sent to the data plane manager service by the NGINX Agent. This information can be forwarded to external data stores.
Integrations The integrations process includes features for interacting with external components, like configuring NGINX App Protect WAF policies, managing threat campaigns, and more.

Architecture

The following diagram shows how API Connectivity Manager’s components are organized and interact.

Note:
API Connectivity Manager takes an API-first approach: commands issued using the web interface are processed using the API Connectivity Manager REST API.
API Connectivity Manager architecture

Personas

Infrastructure Admin

Infrastructure Admins, interacting primarily with the management plane, manage the infrastructure for hosts.

Routine tasks

  • Configure SSO
  • Provision the infrastructure
  • Configure domain names
  • Manage data plane hosts
  • Manage certificates
  • Enforce global/enterprise policies

API Owner

API Owners oversee the API lifecycle, which they can maintain using a CI/CD pipeline.

The API Owner relies on the Infrastructure Admin to complete the initial configuration before beginning work.

Routine tasks

  • Set up an API team
  • On-board an API
  • Configure policies to meet Quality of Service (QoS) commitments
  • Select the API Gateway cluster for publishing an API
  • Select the Dev Portal cluster for publishing API documentation

Application Owner

Application Owners develop new digital experiences.

Routine tasks

  • Learn about APIs and API contracts by reading the documentation on the Dev Portal.
  • Test APIs using the “Try It Out” feature in the on-board documentation.