Create a hybrid cloud with API Connect and Secure Gateway  

Extend your on-premises applications and services to a hybrid cloud

Last updated

A hybrid cloud model blends elements of both private and public cloud, giving you the choice and flexibility to run apps and services across both. In the simplest terms, the hybrid model is primarily a private cloud that allows you to tap into a public cloud whenever it makes sense. This journey shows you how to expose your on-premises private cloud applications and services to the public cloud and vice versa.

By Animesh Singh, Tommy Li, Arthur De Magalhaes


Multi-cloud and hybrid deployments across private and public clouds are a necessity for the next generation of applications. With this new world, developers and businesses need a way to access data (such as customer records) from a system of engagement applications that are hosted offsite on public clouds. Even if applications are hosted onsite, developers still need a way to expose functionalities externally via APIs.

In this journey, we leverage transport protocols and an API gateway that can create connectivity via secure tunnels and expose the private cloud application and APIs outside the corporate firewall. We then move the application to the public cloud while onsite resources like databases are still accessible.

Going hybrid has never been easier. See how we did it and you’ll learn how to:

  • Create a tunnel to connect your on-premises environment to the public cloud.
  • Build and run a sample application by using either WebSphere Liberty for on-premises or Cloud Foundry for the public cloud.
  • Have the application connect to an on-premises database by using CouchDB and Docker.
  • Expose application APIs for public consumption by using an API gateway framework.


  1. In scenario one, a sample Java ‘airline’ application and database is deployed in a private cloud by using Docker, WebSphere Liberty, and CouchDB. The Java application uses JAX-RS and Swagger annotations to expose APIs that provide recommended flights that are based on user inputs.
  2. The application leverages a weather API service on the public cloud to pull weather data for selected airport destinations.
  3. The Secure Gateway server is deployed on the public cloud and the client is installed inside a private cloud to expose an on-premises application outside the corporate firewall. This is a port-to-port connection at this point.
  4. The API Connect service launches on the public cloud and the on-premises sample airline application APIs are pulled in to simplify cataloging. Publishing to the public cloud enables consumers to open it, which opens it up to being used by multiple applications.
  5. In a second scenario with the same airline sample application, only the airline has a CouchDB that deploys in a private cloud by way of using Docker.
  6. Again, the Secure Gateway server and client are launched on public and private clouds, respectively, to expose the database outside the enterprise firewall.
  7. However, the application in this second scenario deploys on the public cloud by leveraging Cloud Foundry and connects to the onsite CouchDB by using the secure tunnel.
  8. As in the previous scenario, the application also uses the Weather API service.
  9. Finally, the API Connect service launches on the public cloud and the sample airline application APIs are pulled in to simplify cataloging, allowing it to be used by multiple applications.



Java API for RESTful Web Services or JAX-RS is an API specifications for creating web services using the Representational State Transfer (REST) architectural pattern.


A framework of API developer tools for the OpenAPI Specification that enables development across the entire API lifecycle.

Apache CouchDB

An open-source database software that focuses on ease of use and having an architecture that “completely embraces the Web.”

WebSphere Liberty

A dynamic and easy-to-use Java EE application server, with fast startup times, no server restarts to pick up changes, and a simple XML configuration.

API Connect

Create and run secure APIs and microservices.

Secure Gateway

A service for establishing a secure, persistent connection between your environment and the cloud.

Weather Company Data

Use the Weather Company Data for IBM Bluemix service to incorporate weather data into your Bluemix applications.


API Management

The process of creating, documenting, and making APIs available, providing access controls, and tracking statistics.


Accessing computer and information technology resources through the Internet.


Containers are virtual software objects that include all the elements that an app needs to run.

Data Store

Repository for storing and managing collections of data.

Hybrid Integration

Enabling customers to draw on the capabilities of public cloud service providers while using private cloud deployment for sensitive applications and data.


A secure, object-oriented programming language for creating applications.

Related Blogs

Hybrid cloud application deployments: A necessity for today’s apps

Modern cloud-native applications know no boundaries. They span multiple clouds,  services, and runtimes. Within the hybrid cloud model, many use cases are becoming prevalent, and what we’re seeing more and more are patterns that are being requested to bridge the on-premises private cloud deployments with public clouds. Within this specific hybrid model, these three use...

Continue reading Hybrid cloud application deployments: A necessity for today’s apps

Related Links

Unlock enterprise data using APIs

Read this journey to figure out how to use LoopBack and API Connect to solve the need to leverage existing enterprise assets using APIs.

The Java 6 Collections API

In this series, Ted Neward digs beneath the core functionality of the Java platform to uncover little known facts about APIs that could help you solve even the stickiest programming challenges.