Microsoft recently announced the general availability (GA) of API Management Premium version 2, which features a new architecture that eliminates management traffic from the customer VNet, making private networking, according to the company, much more secure and easier to set up.
Azure API Management is Microsoft’s API Gateway offering in the Cloud and provides customers with various tiers based on workloads and features. Earlier, the company released Basic and Standard versions two tiers, followed by a preview of Premium v2. The company designed these second-generation API Management tiers to provide more flexible options for a broader range of scenarios. Moreover, the tiers provide simplified networking, faster deployment, configuration, and scaling.
In a tech community blog post, the company writes:
Using VNet injection in Premium v2 no longer requires configuring routes or service endpoints. Customers can secure their API workloads without impacting API Management dependencies, while Microsoft can secure the infrastructure without interfering with customer API workloads.
With Premium v2, users can configure their APIs with complete networking flexibility: force-tunnel all outbound traffic to on-premises, send all outbound traffic through an NVA, or add a WAF device to monitor all inbound traffic to their API Management instance.
(Source: Tech community blog post)
With the GA release of premium V2, the company added three new features to enhance security, resilience, and flexibility:
- Inbound Private Link: Users can now enable private endpoint connectivity to restrict inbound access to your Premium v2 instance. It can be enabled along with VNet injection, VNet integration, or without a VNet.
- Availability zone support: Premium v2 now supports availability zones (zone redundancy) to enhance the reliability and resilience of the API gateway.
- Custom CA certificates: The Azure API Management v2 gateway can now validate TLS connections to the backend service using custom CA certificates.
Silvia Wibowo concluded in a Medium blog post on V2, summarizing the networking options for the service:
There are four network options for Azure API Management v2 Tier: vNet Injection, vNet Integration, Private Endpoint for APIM, and Off/None. Make sure you understand network options and how they affect the different components of APIM, as documented in Azure API Management with an Azure virtual network.
While the v2 tiers simplify operations, Ratomir Vukadin, a Senior Software Engineer, noted the substantial pricing differences in a LinkedIn post:
The API Management offers a lot of benefits, but in the end, shifting from 700$ at least in Standard V2 that supports VNET integration per month, to ~200$ per month for one service is a lot of savings per year, let’s be honest. For $200 instances, we may ship the Premium App Service or Azure Container Apps and set up the self-hosted API GW.
My opinion is that Microsoft should ship the API management in all pricing tiers at least for VNet integration, Developer Portal, and Self-hosted options. 🙂
Currently, the Premium v2 tier is available in six public regions (Australia East, East US2, Germany West Central, Korea Central, Norway East, and UK South) with additional regions coming soon. Furthermore, pricing details are available on the pricing page.
