Architecture Overview

Learn about the NGINX Management Suite API Connectivity Manager architecture.

This documentation applies to NGINX Management Suite API Connectivity Manager 1.1.0 and later.


This topic provides an overview of the NGINX Management Suite API Connectivity Manager (ACM) architecture and personas.


The following terminology is used in this topic:

Term Description
Management Plane A management plane is an abstraction layer for configuring, monitoring, and managing the layers of a network stack and its component parts. As part of the management plane, API Connectivity Manager establishes guardrails and configures rules for the data plane.
Data Plane The NGINX Plus instance(s). The data plane is part of the network that carries user traffic and processes application data requests. This layer includes networking systems – such as load balancers, firewalls, API gateways, ingress controllers, and caching systems – which read inbound and outbound packets and decide what to do with them.
API Gateway Proxy The API Gateway Proxy is a logical data representation of the NGINX API Gateway. It includes ingress, backend, and routing configurations that tell NGINX Plus how to direct incoming API requests to specific backend resources.
Dev Portal Proxy The Developer Portal Proxy is a logical data representation of an API Gateway and web server. It includes ingress configurations and provides a website where API consumers can access API documentation.


The following architecture diagram describes the arrangement of the NGINX Management Suite API Connectivity Manage components and how they interact.

API Connectivity Manager follows an API-first approach. Commands issued using the web interface are processed using the ACM REST API.

High Level Component Diagram


ACM uses NATS to communicate with the following NGINX Management Suite services:

Service Description
nms-core The core service sets up and configures the control plane. Also, the service analyzes data for metrics, events, and alerts.
nms-dpm The data plane manager (DPM) service configures NGINX instances on the data plane. The service also monitors the state of data plane resources and generates reports and event messages.
nms-ingestion The ingestion service collects the metrics, security violations, and events that aren’t sent to the data plane manager by the NGINX Agent. This information can be forwarded to external datastores.


Infrastructure Admin

Infrastructure Admins, interacting primarily with the management plane, manage the infrastructure for hosts.

Routine tasks

  • Configure SSO
  • Provision the infrastructure
  • Configure domain names
  • Manage data plane hosts
  • Manage certificates
  • Enforce global/enterprise policies

API Owner

API Owners oversee the API lifecycle, which they can maintain using a CI/CD pipeline.

The API Owner relies on the Infrastructure Admin to complete the initial configuration before beginning work.

Routine tasks

  • Set up an API team
  • On-board an API
  • Configure policies to meet Quality of Service (QoS) commitments
  • Select the gateway proxy for publishing an API
  • Select the Dev Portal proxy for publishing API documentation

Application Owner

Application Owners develop new digital experiences.

Routine tasks

  • Learn about APIs and API contracts by reading the documentation on the Dev Portal.
  • Test APIs using the “Try it out” feature in the on-board documentation.