Transforming API Management with Apigee Hybrid on AWS EKS for British Airways

Client Overview

British Airways is a leading UK-based airline that has been serving customers with the best flying experience for more than 100 years. This airline connects the UK with the world by offering both domestic and international flights. With its affiliates, this airline operates around 200 destinations in over 75 countries throughout Europe, North America, South America, Asia, Africa, and Australia. These leading airlines consistently prioritize sustainability at the heart of their operations to achieve zero carbon emissions in the coming years. 

British Airways was seeking a scalable and flexible API management solution to support its expanding digital infrastructure. To ensure effortless API management with complete infrastructure control, they aimed to implement Apigee Hybrid on AWS Elastic Kubernetes Services (EKS). 

Technical Considerations

The implementation of Apigee Hybrid on AWS EKS presented several challenges:

• British Airways was more inclined towards using AWS Fargate than the Kubernetes engine, which is AWS EKS.
• Learning curve involved within the organisation for AWS EKS. 
• The hyper-secure environment required the airline company’s internal team to manage AWS EKS, resulting in coordination problems and misalignment in setup and troubleshooting. 
• Getting the cyber/information security approvals for all security measures and hardening to be put in place
• Manual configuration and setup posed a risk and required full automation, which can be achieved through extensive scripting and validation.
• New infrastructure and API changes introduced the risk of unexpected failures, requiring validation and testing post-migration. 

How NeosAlpha Helped?

1. Infrastructure Management on AWS EKS

The airline’s internal team handled the AWS EKS infrastructure, which created challenges in setup, troubleshooting, and consistency in the deployment process. Without a proper automation approach, there was a high risk of manual errors, configuration drift, and deployment inconsistencies across different systems. Additionally, collaboration was needed to align the team with their respective responsibilities and avoid delays. 

We worked closely with the internal team to provide guidance and troubleshooting support, ensuring a successful implementation. We used Terraform to automate the entire setup, reducing manual errors and ensuring consistent deployment. Setting up Apigee Hybrid within the AWS EKS cluster ensured a flexible and scalable API management solution. This approach enabled the airline to manage its infrastructure while leveraging Apigee’s capabilities. 

2. API Migration and Stability

API migration from the existing system to Apigee Hybrid was challenging due to possible disruptions. The direct approach posed challenges such as downtime, broken integration, and performance degradation for live services. As APIs were dependent on various systems, any minor disruptions could lead to service outages, leaving a negative impact on users and business operations. 

As an Apigee Partner, we took phase approach during API migration to minimize disruption. APIs were moved gradually, with extensive testing and validation at each stage to ensure continuous functionality. This approach carefully migrated the API, helping to maintain service stability with minimal impact on end users. Throughout the solution, our primary focus remained on automation, scalability, and operational stability to ensure that the airline has a future-proof API management framework. 

3. Security and Platform Hardening

The airline sought robust protection and security across various network touchpoints and data exchanges—the absence of standard security protocols posed challenges in maintaining consistency and alignment with best security practices. 

Our team worked closely with the airline’s information security team to enforce service account policies through Workforce Identity Federation, rather than using service account keys. We provided an Apigee Hybrid platform hardening checklist and enforced it with the infrastructure team. Additionally, we scanned images for vulnerabilities and liaised with Google to mitigate and resolve any security issues that were identified.

4. PCI Compliance

While the legacy APIM was PCI compliant in a SaaS offering, Apigee Hybrid has to be PCI compliant within the client’s infrastructure. The airline needed to ensure that the system adhered to stringent PCI security standards without incurring significant costs or added complexity.

NeosAlpha ensured that PCI data was tokenized before reaching Apigee, eliminating the need for PCI compliance at the Apigee level. This solution saved the airline considerable effort and costs, as it reduced the complexity of meeting PCI compliance requirements for the platform.

Technology Stack

• Google Apigee Hybrid
• AWS Elastic Kubernetes Service (EKS)
• Terraform

Results

• Successful Apigee Hybrid deployment on AWS EKS for greater flexibility and control over API management.
• Fully automated infrastructure setup reduced dependency on manual intervention and ensured consistency. 
• Successful migration with minimal disruption and downtime for existing users
• Achieved a scalable framework for future API management and environment configurations. 
• Enhanced platform security through comprehensive hardening, vulnerability scanning, and proactive threat migration. 
• By eliminating the PCI scope, we have achieved PCI compliance at minimum cost and operational burden.