APIdays Paris 2019 - Delivering Exceptional User Experience with REST and GraphQL APIs, Rebecca Fitzhugh, Rubrik
•Download as PPTX, PDF•
1 like•113 views
Delivering Exceptional User Experience with REST and GraphQL APIs Rebecca Fitzhugh, Director, Developer Relations at Rubrik
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to APIdays Paris 2019 - Delivering Exceptional User Experience with REST and GraphQL APIs, Rebecca Fitzhugh, Rubrik
Similar to APIdays Paris 2019 - Delivering Exceptional User Experience with REST and GraphQL APIs, Rebecca Fitzhugh, Rubrik (20)
More from apidays
More from apidays (20)
Recently uploaded
Recently uploaded (20)
APIdays Paris 2019 - Delivering Exceptional User Experience with REST and GraphQL APIs, Rebecca Fitzhugh, Rubrik
- 1. Delivering Exceptional User Experience with REST and GraphQL APIs Rebecca Fitzhugh | Director, Developer Relations @ Rubrik, Inc.
- 2. The Concept of Cloud Data Management Designing with REST and GraphQL Insights into API Usage
- 3. Concept of Cloud Data Management
- 4. API as a premium – Our API is only available in the Super Deluxe Platinum Enterprise Premium edition API as a side project to address specific large customers – Customer X requires automation of feature Y, so add a shim API for a specific acquisition – The portfolio contains a few products that came with an API API as a bolt-on – The “YOLO” approach with a bolt-on proxy
- 7. Software Converged Infinite Scalability API-Driven Architecture Instant Data Access Cloud Native
- 8. Data Center Protection Cloud Protection Data Assurance Disaster Recovery Data Governance Eliminate tape back- ups, tighten RPO and RTO, archive for long term retention and orchestrate recovery of workloads on- premises Centralize orchestration and automation for in- cloud backup, archival and restores across multiple clouds Proactively identify suspicious and anomalous activity. Quickly rollback and restore service in the event of a ransomware attack Automatically discover non- compliant sensitive data to reduce risk exposure, costly audits and regulatory fines Leverage cloud as a DR site in the event of a failure to ensure uninterrupted service and business continuity
- 10. Started with REST since GraphQL was still closed source at Facebook (and very new) Adopted GraphQL for our Polaris SaaS product. – Much easier to iterate / develop against. – Dramatically less requests needed (often single query). – Strongly typed model for the win! https://crystallize.com/comics/rest-vs-graphql
- 11. Design Principles with REST and GraphQL
- 12. Use predictable, resource, and action-oriented URLs Use HTTP status codes for handling errors and responses Allow sophisticated authentication mechanisms (such as API Keys). Support versioning Aim to be understood by standard HTTP clients Create a maintainable spec that supports all our use cases
- 13. Distributed systems to chat with each other Supply the GUI with an interface
- 14. There were no API versions Breaking changes were normal Standards for model, params, enums, etc. did not exist The product surface area was rapidly expanding
- 15. Things we heard from Engineering: – The API is just for the product to consume; no one else uses them. – GraphQL is self-documenting and strongly-typed, so no docs are needed. – Let’s just make another endpoint for Resource X.
- 16. - Engineering, circa 2016
- 17. Place major integration points (parents) at root level of the API Add child items to each parent Leverage HTTP methods to simplify workflows Ugly: POST to “/add_node” and “/remove_node/{id}” Pretty: POST to “/node” and DELETE to “/node/{id}” Use Boolean field naming conventions Start with ‘has’, ‘is’ or ‘should’ to make it clear that it is a Boolean field Examples: ‘hasRootAccess’, ‘isAdmin’ and ‘shouldDoSomething’
- 18. Create a consistent and deterministic experience when dealing with a huge surface area of integration points: Hypervisors Cloud Native Services Legacy Services File Servers Virtual Appliances
- 19. Introduced a version into the path* Establish a specific version control process and model Use “/internal” to develop new endpoints, but make available to end-users Use “/v1”, “/v2”, “/vn” to publish stable endpoints *not applicable in GraphQL
- 20. No incentives for versioning Over 95% of the API resided in Internal
- 21. - me
- 22. The rules of versioning and deprecation Future deprecation of endpoints / resources New or updated endpoints / resources
- 23. There goes the neighborhood
- 24. Dramatic speed improvements for the GUI As more objects are added, REST continues to fall behind Simple to query all objects and use cursor / pagination More flexibility with our returned values Stress tested load times 95th percentile load times with GraphQL: 3.256 seconds 95th percentile load times with REST: 6.619 seconds
- 25. Added GraphQL to our on-premises product. – Reporting – Dashboards – Various other components Constructed a SaaS platform with GraphQL as the standard API – Started from scratch – Using what we learned – Lots of tweaking
- 26. Schema tools (Voyager, GraphiQL) for visualization Internal construction of new SDKs Existing auth methods (e.g. tokens) are valid globally Base platform will continue with REST and GraphQL SaaS platform will remain entirely GraphQL Using GitHub private repos for development
- 27. Schema is in flux There are no versions Documentation holy wars User education
- 28. Insights into API Usage
- 29. DevOps & Developers – “Give me API docs, I’ll build my own integration” Python Golang Ansible Terraform Systems Administrators – Script common tasks PowerShell Python Enterprise Architects – “Can X integrate with Y?”
- 30. Things we hear from IT Ops: – There’s no need to learn an API; they are for developers only – SDKs and Tools are abstraction layers; just focus on that – The product should do everything and never require API usage.
- 31. Too focused on the technology Not enough focus on the hygiene Lots of questions from our customers General fear of GitHub and coding More was needed
- 34. - Our API Users
- 35. Educational Workshops for Operators
- 36. Let use cases drive stack-ranking Mimic a near-identical UX Educate and enable in parallel Invite early-adopters and give them checklists
- 38. Takeaways
- 39. Increased collaboration with engineering and support Create incentives to document and polish the API Make documentation a top priority Educate internal stakeholders on API usage Bring (more) operators into the SDK build process Use cases, UX, testing, feedback
- 40. Twitter: @RebeccaFitzhugh GitHub: rfitzhugh LinkedIn: /rmfitzhugh
- 41. Don’t Backup. Go .
Editor's Notes
- Over the years, Rubrik has evolved to become an end-to-end data management platform. Managing an increasingly diverse data estate is only one of the dilemmas our customers are trying to resolve. More often than not, our customers begin to adopt Rubrik when they face more pressure to support companywide objectives around digitalization, application and legacy modernization. Since data and management of data is a key aspect of that journey, a lot of our customers take us along that journey. Customer example: Frost Bank’s journey with us is a great demonstration of the Rubrik journey. Founded in 1868, Frost Bank is one of the 50 largest U.S. banks by asset size and has 130+ branch locations across the state of Texas. Their previous solution (TSM, Networker, Data Domain, NetApp, IBM Spectrum Protect) required complex backup management, necessitating 4 full-time headcounts devoted to managing it. They had poor recovery times and had difficulty scaling backups and meeting compliance requirements. Upgrades were painful and unreliable when finished, so much so that staff avoided them as a whole. They began looking for a solution purpose-built for VMware, which led them to Rubrik. They began using Rubrik to protect their virtualized environment of 4,000+ VMs and 4.3 PB across Frost Bank’s core banking, insurance, and advisory systems. What attracted them to Rubrik was just how simple it was to create and maintain backup policies but in addition, they were drawn to Rubrik for its instant restores via Live Mount and on-demand compliance reporting. Rubrik’s immutability gave Frost Bank the confidence that their data is always secure. All the data they backup through Rubrik is encrypted, ensuring that their data is protected at all times in case of ransomware or a cyberattack. With ransomware attacks increasingly targeting banks, Rubrik’s immutable backups ensure that Frost Bank will be able to recover instantly from ransomware with zero data loss. Along with combating potential ransomware attacks, Rubrik allowed Frost Bank to simplify compliance reporting. Before Rubrik, demonstrating compliance with backup and retention requirements presented a challenge. Frost Bank’s old solution forced them to take screenshots every quarter and work with internal audit departments, but with Rubrik, they can generate compliance reports on demand and simplify and accelerate PCI compliance with visibility. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Other benefits for Frost Bank include: Reduced daily management time by 8x Improved RPOs by 3x Reduced RTOs from hours to minutes Reduced costs by 30% API-first Architecture: “Rubrik gives us a lot of flexibility to automate our workflows end-to-end. If we want to deploy a new tool in the future, we know that Rubrik’s APIs will make it easy to integrate." Native integration with Pure Storage FlashBlades:“We were one of the first customers to deploy Pure’s FlashBlades, and Rubrik’s seamless integration with Pure was a major selling point. With Rubrik and Pure we get insanely fast restores and incredible support when we need it.” Scale-Out Architecture: “It was a nightmare to try to scale our previous solution. With Rubrik we just add another appliance when we need one, and we’re good to go.” Significant Cost Savings: “Our old solution was expensive and required frequent refreshes. It would have cost us a lot more to do a lot less with our previous vendor.”
- Rubrik also delivers a SaaS framework to capture descriptive metadata about all your applications and data across multi and hybrid cloud applications and normalizes it into a universal data graph. This universal data graph describes your data, so you can easily search and understand it, track how the data has changed and who has access to it, no matter where it resides. By using this sophisticated metadata framework, you can simplify and speed data integration, quickening delivery of trusted data to the point of need. You eliminate silos, make the use of data more pervasive ad self-serving to a wider set of users and reduce the operational complexity that comes with the distribution of data. Using this rich metadata and Rubrik APIs, Rubrik delivers a variety of purpose-built data management solutions-as-a-service that extend the value of your data across a variety of different data management use cases for centralized management to simplify management of your Rubrik deployment, ML-based ransomware detection and recovery, protection of your cloud workloads like O365, AWS and Azure environments, failover and failback by using Cloud as a DR site to improve resilience and data classification to reduce exposure of sensitive data and demonstrate compliance. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GPS: We offer centralized management for your global, distributed Rubrik environment. Your IT teams are now enabled with a comprehensive view of your physical, virtual, and cloud topologies while making management tasks simple and intuitive. Radar: Rubrik enables you to increase your resiliency against ransomware by making it faster and easier to recover from an attack. We use machine learning to continuously scan the entire environment to provide insights on how your data has changed over time and be alerted of any anomalous or suspicious activity. After analyzing the point of attack, you can minimize disruption and accelerate recovery by replacing manual recoveries with just a few clicks for minimal business disruption. O365: Rubrik brings the power of datacenter protection to the cloud, without having to move your data. For both office 365 and cloud-native protection, Rubrik ensures you can maintain control of where your data is stored. For Office365, all data remains in your Azure subscription, including emails, calendar items, etc. Rubrik orchestrates Azure resources to complete data management tasks, such as backup, search, and recovery, as needed. Cloud-App Protection: For protecting your apps in the cloud, Rubrik can also be deployed as a software instance in the cloud and scale protection in-line with cloud service consumption. This allows you to protect cloud-native applications (such as Windows and Linux-based applications, SQL databases) and store backup data in cloud storage. AppFlows: Rubrik also enables using cloud as a DR site with orchestration for failover/failback, testing, and cloud migration. You can radically simplify disaster recovery and your IT team can eliminate multiple point solutions, management complexity, and unnecessary costs with a unified approach. Sonar: Lastly, to protect you against the evolving regulatory requirements and the need for data privacy, we have built a solution that applies machine learning to discover, classify, and report on sensitive data and easily identify potential violations of compliance policies. We have built-in compliance templates that can instantly applied to facilitate and accelerate compliance with applicable privacy laws such as GDPR, CCPA and more. This kind of metadata driven insights, that connects distributed data sources enables better business outcomes, improved service levels and ensures business continuity.