Skip to main content
Version: latest

Hybrid Deployment with API7 Cloud

A hybrid deployment combines the ease of use of a managed Control Plane in API7 Cloud with the security and performance of on-premises Data Plane (DP) nodes. This page explains how to set up a hybrid deployment and the associated considerations.

Hybrid Deployment Architecture

In a hybrid deployment, the Control Plane (CP) is managed by API7.ai and runs in API7 Cloud. Your Data Plane nodes are deployed in your own infrastructure (e.g., on-premises data center or your private cloud).

  • API7 Cloud (Control Plane): Provides the dashboard, Admin API, and configuration management.
  • On-Premises Infrastructure (Data Plane): Hosts the Data Plane nodes that process your API traffic.
  • mTLS Communication: Secure communication between API7 Cloud and your Data Plane nodes is established using mutually authenticated TLS (mTLS).

Setup Steps

Follow these steps to set up a hybrid deployment:

  1. Create an API7 Cloud Account: Sign up for an account on API7 Cloud and create a new Gateway Group.
  2. Retrieve Connection Details: Obtain the CP endpoint address and the necessary mTLS certificates (CA, certificate, and private key) from the API7 Cloud dashboard.
  3. Deploy Data Plane Nodes: Install API7 Gateway on your on-premises servers or in your private cloud.
  4. Configure Data Plane Nodes: Update the config.yaml file for each DP node with the API7 Cloud CP endpoint and mTLS certificate paths.
  5. Verify Connectivity: Ensure that the DP nodes can connect to the API7 Cloud CP and successfully receive configuration.

Connectivity Requirements

  • Outbound Traffic: On-premises DP nodes must have outbound access to the API7 Cloud CP endpoint.
  • Firewall Configuration: Update your firewall rules to allow traffic from the DP nodes to the CP's port (typically port 443).
  • DNS Resolution: Ensure your DP nodes can resolve the API7 Cloud CP's domain name.

Security Considerations

  • mTLS: The use of mTLS ensures that only authorized DP nodes can connect to the CP and that all communication is encrypted.
  • Data Privacy: Only configuration metadata is sent to the CP in API7 Cloud. Your actual API request and response data remain within your own infrastructure and never leave your network.
  • Secrets Management: Securely store and manage the mTLS certificates used for connecting to API7 Cloud.

Benefits of Hybrid Deployment

  • Reduced Operational Overhead: API7.ai manages the Control Plane, including upgrades and maintenance.
  • Local Traffic Processing: Data Plane nodes process traffic locally, minimizing latency and keeping data within your network.
  • Scalability: Easily scale your Data Plane nodes in your own infrastructure as your traffic grows.

Next Steps

API7.ai Logo

The digital world is connected by APIs,
API7.ai exists to make APIs more efficient, reliable, and secure.

Sign up for API7 newsletter

Product

API7 Gateway
API7 AI Gateway
API7 API Portal

Learn

API Gateway Guide
Plugin Hub
API Gateway Comparison
Customers

Resources

API Gateway Docs
Blog
Demo Hub
APISIX vs Kong

Company

About
Contact
Compliance Standards
Partners
Terms & Privacy
SOC2 Type IIISO 27001HIPAAGDPRRed Herring

Copyright © APISEVEN PTE. LTD 2019 – 2026. Apache, Apache APISIX, APISIX, and associated open source project names are trademarks of the Apache Software Foundation