Create a hybrid cloud with API Connect and Secure Gateway  

Extend your on-premises applications and services to a hybrid cloud

Last updated | By Animesh Singh, Tommy Li, Arthur De Magalhaes


A hybrid cloud model blends elements of both private and public cloud, giving you the choice and flexibility to run apps and services across both. In the simplest terms, the hybrid model is primarily a private cloud that allows you to tap into a public cloud whenever it makes sense. This journey shows you how to expose your on-premises private cloud applications and services to the public cloud and vice versa.


Multi-cloud and hybrid deployments across private and public clouds are a necessity for the next generation of applications. With this new world, developers and businesses need a way to access data (such as customer records) from a system of engagement applications that are hosted offsite on public clouds. Even if applications are hosted onsite, developers still need a way to expose functionalities externally via APIs.

In this journey, we leverage transport protocols and an API gateway that can create connectivity via secure tunnels and expose the private cloud application and APIs outside the corporate firewall. We then move the application to the public cloud while onsite resources like databases are still accessible.

Going hybrid has never been easier. See how we did it and you’ll learn how to:

  • Create a tunnel to connect your on-premises environment to the public cloud.
  • Build and run a sample application by using either WebSphere Liberty for on-premises or Cloud Foundry for the public cloud.
  • Have the application connect to an on-premises database by using CouchDB and Docker.
  • Expose application APIs for public consumption by using an API gateway framework.


  1. In scenario one, a sample Java ‘airline’ application and database is deployed in a private cloud by using Docker, WebSphere Liberty, and CouchDB. The Java application uses JAX-RS and Swagger annotations to expose APIs that provide recommended flights that are based on user inputs.
  2. The application leverages a weather API service on the public cloud to pull weather data for selected airport destinations.
  3. The Secure Gateway server is deployed on the public cloud and the client is installed inside a private cloud to expose an on-premises application outside the corporate firewall. This is a port-to-port connection at this point.
  4. The API Connect service launches on the public cloud and the on-premises sample airline application APIs are pulled in to simplify cataloging. Publishing to the public cloud enables consumers to open it, which opens it up to being used by multiple applications.
  5. In a second scenario with the same airline sample application, only the airline has a CouchDB that deploys in a private cloud by way of using Docker.
  6. Again, the Secure Gateway server and client are launched on public and private clouds, respectively, to expose the database outside the enterprise firewall.
  7. However, the application in this second scenario deploys on the public cloud by leveraging Cloud Foundry and connects to the onsite CouchDB by using the secure tunnel.
  8. As in the previous scenario, the application also uses the Weather API service.
  9. Finally, the API Connect service launches on the public cloud and the sample airline application APIs are pulled in to simplify cataloging, allowing it to be used by multiple applications.

Related Blogs

Related Links

Unlock enterprise data using APIs

Read this journey to figure out how to use LoopBack and API Connect to solve the need to leverage existing enterprise assets using APIs.

The Java 6 Collections API

In this series, Ted Neward digs beneath the core functionality of the Java platform to uncover little known facts about APIs that could help you solve even the stickiest programming challenges.