Enroll a Layer7 API Gateway

This article provides information about enrolling a Layer7 API Gateway after the tenant record is created.
apip50
This article provides information about enrolling a Layer7 API Gateway after the tenant record is created.
After a tenant record is created, you must enroll an API Gateway to handle API run-time traffic for example, managing and creating services. The API Gateway is a component that exposes, secures, and manages back-end applications, network systems, or infrastructure through services and APIs.
This article contains the following information:
Before You Begin
Before enrolling an API Gateway, ensure that the following requirements are met:
  • The tenant record must be created. See Create the API Portal Tenant.
  • The following tools are correctly installed, configured, secured, and tested:
    • Layer7 API Gateway
    • OAuth Toolkit (OTK)
    • See Compatibility Matrix for version compatibility between APIM tools and products.
  • The OTK installation has the following properties:
    • No instance modifier.
    • The
      Shared Portal
      and
      Internal, Portal
      solution kits are installed. These solution kits, available when installing the OAuth Solution Kit, are required for integrating with the API Portal.
    • The default JDBC connection named
      OAuth
      is used.
  • Ensure that no global policies are configured on the API Gateway.
  • Have the API Portal hostname (for example, apim.mycompany.com) mapped in your DNS server or in the hosts file of your Gateway
  • The time on the API Gateway is synchronized with the
    API Portal
    . Typically, both entities point to the same NTP server.
Before enrolling the API Gateway, take a snapshot of the
API Portal
as a backup.
Enroll a Gateway
You can enroll a Gateway on
API Portal
.
Follow these steps:
  1. In a browser, navigate to the new tenant URL that you defined in enroll.json.
  2. Log in to the
    API Portal
    as the API Portal administrator using the following default credentials:
    • User: admin
    • Password: 7layer
    Change the default password upon login.
  3. Select the
    Services
    icon.
  4. Select
    Publish, Proxies
    .
    The API Proxy page displays.
  5. Select
    Add Proxy
    .
  6. Enter a name in the
    Proxy Name
    field.
  7. Select Automatic, On Demand, or Scripted deployment type.
    For more information, see Deployment Types.
  8. Select
    Create
    .
    The Proxy Enrollment page displays.
  9. In
    Enrollment URL
    , select
    Select URL
    and copy the value.
  10. Using the Layer7 API Gateway Policy Manager, connect to your Layer7 API Gateway.
  11. After you are logged in, select
    Tasks
    ,
    Extensions and Add-Ons, Enroll with Portal
    .
  12. Paste the enrollment URL in the
    Enroll with SaaS Portal
    window and select
    Apply
    .
  13. Log in to your new tenant Portal, for example,
    mytenant.mycompany.com
    , and then validate that the external tenant displays.
  14. Restart the API Gateway by running
    service ssg restart
    on the API Gateway server.
Deployment Types
When enrolling a proxy, select one of the following deployment types:
  • Automatic – Gateway published APIs must use the automatic deployment type.
  • On-demand
  • Scripted
See Manage API Deployments for more information about selecting a deployment type.
Post Deployment
After the administrator deploys the
API Portal
, the following functionalities are available for the users:
  • Publish an API, and view the details of the API
  • Create and manage users
  • Self-register to Portal and view the APIs
  • Create Organizations and Account Plans
  • Approve or reject requests from the Requests page
  • Perform configurations from the Settings page
  • Only view APIs in the API explorer.
    Because you are not enrolled with API Proxy, you cannot test the APIs from the API Explorer option.
Integrate with API proxy clusters to perform the following tasks:
  • Publish APIs
  • Manage API keys
  • View the analytics data in the Analytics dashboard
  • Test the APIs on Proxy using the API Explorer
Failed Gateway Deployment?
If you tried to enroll an API Gateway with an API Portal but the enrollment failed, clean up the API Gateway and Portal before you try again.
Use the following procedures whether you set up the API Gateway on AWS or on another cloud or network.
To clean up the API Gateway:
  1. In the Policy Manager, log in to the Gateway as a Gateway administrator.
  2. On the
    Tasks
    menu, select
    Certificates, Keys and Secrets
    and
    Manage Certificates
    . Use the dialog to remove the TSSG, PSSG and DSSG certificates.
    Do not delete the API Gateway self-signed SSL certificate.
  3. On the
    Tasks
    menu, select
    Certificates, Keys and Secrets
    and
    Manage Private Keys
    . Use the dialog to remove the portalman private key.
  4. On the
    Tasks
    menu, select
    Global Settings
    and
    Manage Scheduled Tasks
    . Use the dialog to remove the following tasks:
    • Portal Sync Application
    • Portal Sync API
    • Portal Tenant Sync Policy Template
    • Portal Sync Account Plan
    • Portal Bulk Sync Application
    • Portal Check Bundle Version
    • Delete Portal Entities
    • Move Metrics Data Off Box Task
    • Portal Sync SSO Configuration
  5. On the
    Tasks
    menu, select
    Global Settings
    and
    Manage Cluster-wide Properties
    . Use the dialog to remove all properties that begin with
    portal.
  6. Restart Gateway service.
To remove the Portal:
  1. Log in to the API Portal as an API Portal administrator.
  2. On the navigation bar, select the
    Services
    icon and select
    Proxies
    .
  3. On the
    API Proxy
    page, select
    Add Proxy
    to add new API proxy, enter a different name, and select
    Create
    .
  4. Copy the enrollment URL.
  5. Connect to the API Gateway with the Policy Manager.
  6. In the
    Policy Manager
    , select
    Tasks
    on the top menu bar.
  7. On the menu, select
    Extensions and Add-Ons, Enroll with Portal
    .
  8. Paste the enrollment URL in the
    Enroll with SaaS Portal
    window.
  9. On the
    API Proxy
    page, delete the old API proxy which is enrolled with the same API gateway.
Update Portal Integration
To enroll Portal or to update the enrollment bundle:
  1. In the Gateway Policy Manager, log in as admin.
  2. After you are logged in, select
    Tasks
    on the top menu bar.
  3. On the menu, select
    Extensions and Add-Ons
    .
  4. Select
    Enroll with Portal
    or
    Update Portal Integration
    .