As for now we successfully massively deployed around 50 appliances on our 3 datacenters (EMEA region, APAC and AMER), distributed in 4 environments (Sandbox, Development, Testing, Production) with both DMZ and internal LAN functions, load-balanced.
Due to this number of appliances (software version), we've developed a framework enabling us to interact with API Gateways using shell-level commands, covering nearly all Restman APIs available.
One example being able to deploy/update with a single click the whole organization tree (>15 developers communities) with associated roles, permissions, folders, security zones, and generic administrative accounts for those communities; on all appliances.
> On the gateway side... Create and permission folders per environment. I'd like to permission folders such that only
> certain users can create objects in designated areas (really wish the portal understood the gateway's folder structure!)
This is exactly what we've done.
- dedicated folder per developer community
- read visibility for shared policy fragments folders (ex: OTK and MAG, + company wide shared policies).
- allowing create/read/update/delete for cluster-wide properties, restricted to objects with names starting with <community_name>.<project>
- allowing create users to onboard developers
- allow creation of private keys, certificates, etc, segregated by name prefix, so that one community can't see nor interact with objects belonging to other communities.
> Allow consumers to register on the portal, create application requests, and get API keys
We're now struggling with Portal and API Owner Groups in order to segregate communities, but have trouble handling APIs created on the Policy Manager as they show up as "Pubic" on the Portal, and due to API Owner Group feature enabled, no one but the Admin can see them. Still working on this, maybe we'll open a case.
As per the migration, we're using SVN and GMU embedded into an in-house developed automatic migration tool.