Pre-Installation Decisions

To efficiently use Apinizer, it is recommended to decide on how it will be used, and then install and configure Apinizer with these settings. Therefore, having answers to some questions ready will greatly expedite the installation and configuration process. The Apinizer team has shared these questions below, along with some alternative suggestions. These alternatives are written in the order of recommendation based on the experience of the Apinizer team. In the "Your Preference" field, you are expected to provide your feedback by either writing the suggested item and your comments or directly stating your preference.

Question	Our Recommendations	Your Preference
Will the necessary applications such as Kubernetes Cluster and MongoDB be installed, or are they already in place and ready for use by Apinizer? If installation is required, will your organization's staff handle it, or will the Apinizer team be provided with a dedicated server?	If your organization already has these components, utilize them If installation is required, your team will handle the preparation If installation is required, Apinizer team will handle
Is there any product other than WAF and firewall that controls the network where Apinizer will be installed and tightens security?	If Apinizer is capable of blocking internal traffic within the cluster, it is important to report any such product that may accelerate the resolution of potential issues. This information can be obtained from your organization's Network and Security Unit staff.
Is there any usage of the 10.244.x.x block in the network where Apinizer will be installed?	If it is in use, it is necessary to install Apinizer on another block. This information should be obtained from your organization's network team.
Which ports should Apinizer broadcast from on the servers it is installed on?	Between ports 30000-32767, 32080 for Manager, and 30080 or 30090 for Worker. The ports to be configured under the management of your organization's DevOps team (either from the same range or by using nginx ingress)
Will the DNS resolution for Apinizer be handled automatically on the servers there Apinizer is located? If not, are the IP-host mappings already available?	Due to the rare possibility of these addresses changing, it is recommended to configure the servers for automatic resolution. Preparing a list of hostname-IP pairs to be added to Apinizer
Will the Apinizer interface and workers be accessed via DNS? If yes, what will be the DNS configurations?	Addresses such as apimanagement.organization.com and api.organization.com
Where will SSL termination be performed?	In your organization's firewall In the application where your organization performs DNS redirection and load balancing Apinizer worker applications
If Apinizer is to be used outside your organization, from which IP address will it exit? Have the necessary (NAT) processes been implemented to allow Apinizer servers to exit from this address?	Your organization's current exit should not be changed and Apinizer will exit from this address
How will the Apinizer worker application (Core and RAM usage, JVM parameters) be configured?	By dividing the existing license into two or three and entering the corresponding JVM parameters, distribute it across multiple containers With different configurations depending on the policy implemented by your organization
How will the Kubernetes systems on which Apinizer will be installed be managed?	Through the Apinizer interface Using the methodsspecific to your organization
Where should traffic logs be written?	To one of the servers allocated for Elasticsearch, which will be set up by Apinizer To another application configured by your organization
If the traffic logs are in the Elasticsearch managed by Apinizer, how will the backup of this data be taken?	Your organization's System team employees will back up the disk where logs are written as is Your organization's System team employees will back up the server where logs are located as is A snapshot policy will be established to send logs from a specific server to a designated address, and the logs will be backed up there
Are there sensitive information in the traffic logs that should not be visible? If yes, what are these? In which parts of the messages should they not appear?	Your organization's Information Security Team can be requested to provide the organizational policy. Key values containing personal data such as identification number
Where should application and token acquisition logs be written, if the settings are active?	Into the configuraiton database of Apinizer To another application configured by your organization
If there are logs to be stored in the database, how will the growth be controlled?	These logs will be deleted at regular intervals The disk will be expanded as it fills up
Will the admin user account created with the initial installation be used for the Apinizer interface? If yes, who will be using it?	Apinizer will be used by Integration Unit employees if available, and individual authorized user accounts will be created for the users. The admin account will be deactivated The admin user will be used by a single person responsible for Apinizer, and new users will be assigned to other individuals who will use it
Will user management for those accesing the Apinizer interface be entirely handled through Apinizer, or will password authentication be done with LDAP/Active Directory?	Users should always be defined in Apinizer, but password authentication will be configured with your organization's LDAP/AD application. This involves creating a user or service account in Apinizer that has authority to authenticate users connecting to Apinizer through the defined LDAP/AD Complete management of users through Apinizer
How will the Apinizer support team provide support to your team using Apinizer, the Apinizer application and, if desired, the servers on which Apinizer is installed?	Defining VPN and granting access to the Apinizer interface only through Apinizer servers With applications that provide remote access, such as AnyDesk and TeamViewer With meeting applications that allow remote access, such as Zoom, Cisco Webex, Microsoft Teams, Skype With meeting applications like Whereby, Turkcell Bip Meet Via email, phone, and, when necessary, phyically as a guest to the organization

Will the necessary applications such as Kubernetes Cluster and MongoDB be installed, or are they already in place and ready for use by Apinizer?

If installation is required, will your organization's staff handle it, or will the Apinizer team be provided with a dedicated server?

Is there any product other than WAF and firewall that controls the network where Apinizer will be installed and tightens security?

Is there any usage of the 10.244.x.x block in the network where Apinizer will be installed?

Which ports should Apinizer broadcast from on the servers it is installed on?

Will the DNS resolution for Apinizer be handled automatically on the servers there Apinizer is located? If not, are the IP-host mappings already available?

Will the Apinizer interface and workers be accessed via DNS? If yes, what will be the DNS configurations?

Where will SSL termination be performed?

If Apinizer is to be used outside your organization, from which IP address will it exit? Have the necessary (NAT) processes been implemented to allow Apinizer servers to exit from this address?

How will the Apinizer worker application (Core and RAM usage, JVM parameters) be configured?

How will the Kubernetes systems on which Apinizer will be installed be managed?

Where should traffic logs be written?

If the traffic logs are in the Elasticsearch managed by Apinizer, how will the backup of this data be taken?

Are there sensitive information in the traffic logs that should not be visible? If yes, what are these? In which parts of the messages should they not appear?

Where should application and token acquisition logs be written, if the settings are active?

If there are logs to be stored in the database, how will the growth be controlled?

Will the admin user account created with the initial installation be used for the Apinizer interface? If yes, who will be using it?

Will user management for those accesing the Apinizer interface be entirely handled through Apinizer, or will password authentication be done with LDAP/Active Directory?

How will the Apinizer support team provide support to your team using Apinizer, the Apinizer application and, if desired, the servers on which Apinizer is installed?