Middleware analyst
Encyclopedia
Middleware analysts are computer software engineers
with a specialization in products that connect two different computer systems together. These products can be open-source
or proprietary. As the term implies, the software, tools, and technologies used by Middleware analysts sit "in-the-middle", between two or more systems; the purpose being to enable two systems to communicate and share information.
. They solve technical problems which involve large scale inter-disciplinary objectives with multiple, heterogeneous, distributed systems that are embedded in networks at multiple levels.
Middleware analysts hold and maintain proficiency in middleware technologies. Middleware
is computer software that connects software components or applications. A senior middleware analyst should be able to articulate why SOA
is important to business. SOA is a central theme in most middleware analyst roles within organizations..
computing.
A common problem new implementations of middleware stumble into is how user-defined applications are configured so that queue references bypass Queue Alias definitions referring directly to the Queue Local or Queue Remote definition. This is a deviation from Best Practices and should be corrected when the administrator and/or programmer can correct it within time and scope parameters. All references from user-defined Applications should point to Queue Aliases. Then the Queue Aliases should point to the defined Queue Local or Queue Remote.
Queue Aliases allow flexibility for middleware administrators to resolve or relieve production problems quickly. By using Queue Aliases, middleware administrators can redirect message flow
, in the event of a service problem, without changes to the user-defined application. For example, if a Queue Local were overflowing, a middleware admin could change the Queue Alias to point to a temporary Queue Local, thereby allowing the user-defined application to continue its processing without interruption while the underlying root cause is corrected.
By pointing all user-defined Application references to Queue Aliases, it preserves the flexibility that middleware admins would have to help with Production issues that may occur. If the Best Practice of Queue Aliases were not followed, the ability of a middleware admin to help with a Production outage would be hindered.
Arguably the most important skill a middleware analyst uses is not technical, it is surely cultural. SOA
does require people to think of business and technology differently. Instead of thinking of technology first (If we implement this system, what kinds of things can we do with it?), middleware analysts must first think in terms of business functions, or services (My company does these business functions, so how can I set up my IT system to do those things for me most efficiently?). It is expected that adoption of SOA
will change business IT departments, creating service-oriented (instead of technology-oriented) IT organizations. Middleware analysts perform crucial evangelization of this concept.
The enterprise service bus
is a core element of any SOA
. ESBs provide the "any to any" connectivity between services within a company, and beyond that company to connect to the company's trading partners. Therefore, middleware analysts need to be skilled in SOA
and enterprise service bus
concepts first and foremost. Middleware analysts rely on an SOA Reference Architecture to lay out an SOA environment
that meets the company's needs and priorities. The ESB is part of this reference architecture and provides the backbone of an SOA but is not considered an SOA by itself.
on each target platform works. This may include Windows, Unix
, z/OS
or AS/400.
Middleware protects data in transit through PKI
and SSL
technology. Security certificates are procured from a Certification Authority and regularly deployed and updated on servers. This protects data while it is in-transit as it leaves one Server and arrives on the next server in the chain. It does not protect data while data is at rest.
Supplemental transmission security
can augment the primary SSL measures that exist on your server. These are SSL client authentication, DN filtering, CRL check by LDAP, and cryptographic hardware (IPSEC-level encryption). This type of security is called "border-level security" because it only protects the data from when it leaves your borders until it gets to your trading partner's borders. It does not protect data once data has entered the border. IPSEC is the most efficient and least costly protection method. SSL is the middle ground, with a balance between flexibility, resource consumption, and transmission time.
When data is at rest in queues, it is not protected by MQ. That is, data is in "plain text". Therefore, if the data contained in messages is so sensitive that you do not want your trusted administrators to see this data, then it is essential that application-level data encryption
be used. Examples of data which could be protected by this strategy include banking data (account numbers, banking transactions, etc.) Application-level transaction security is the most secure form of protection but also the most costly in terms of CPU and I/O bandwidth consumption of both the sending and receiving servers. It is also the least efficient.
Middleware data channels can be set up to provide varying degrees of protection. A sender/receiver channel pair could be configured to provide IPSEC transport-level security not using SSL. A second sender/receiver pair could be configured to provide SSL border-to-border level security not using IPSEC. A third sender/receiver channel pair could be set up to provide application-level encryption. Using this scheme, you provision a wide selection of protection mechanisms from which your applications can choose at runtime. This offers your applications the ability to achieve best security when needed or more efficient security when data is not quite so sensitive.
. Failure to protect data at-rest may subject your organization to fines and penalties levied by the Federal government or other authority. This requires application-level data encryption prior to delivering the data to the queuing system for transport.
System administrators, including middleware analysts, are not permitted to view unprotected ePHI data. Therefore, whenever ePHI data is present in any information system, it must be protected
from the ability of an administrator to view it. It is not permissible to allow ePHI data to be kept in a queue unprotected.
Software engineer
A software engineer is an engineer who applies the principles of software engineering to the design, development, testing, and evaluation of the software and systems that make computers or anything containing software, such as computer chips, work.- Overview :...
with a specialization in products that connect two different computer systems together. These products can be open-source
Open-source software
Open-source software is computer software that is available in source code form: the source code and certain other rights normally reserved for copyright holders are provided under a software license that permits users to study, change, improve and at times also to distribute the software.Open...
or proprietary. As the term implies, the software, tools, and technologies used by Middleware analysts sit "in-the-middle", between two or more systems; the purpose being to enable two systems to communicate and share information.
Role and Responsibility of a Middleware Analyst
Middleware analysts look at the system of systemsSystem of systems
System of systems is a collection of task-oriented or dedicated systems that pool their resources and capabilities together to create a new, more complex system which offers more functionality and performance than simply the sum of the constituent systems...
. They solve technical problems which involve large scale inter-disciplinary objectives with multiple, heterogeneous, distributed systems that are embedded in networks at multiple levels.
Middleware analysts hold and maintain proficiency in middleware technologies. Middleware
Middleware
Middleware is computer software that connects software components or people and their applications. The software consists of a set of services that allows multiple processes running on one or more machines to interact...
is computer software that connects software components or applications. A senior middleware analyst should be able to articulate why SOA
Service-oriented architecture
In software engineering, a Service-Oriented Architecture is a set of principles and methodologies for designing and developing software in the form of interoperable services. These services are well-defined business functionalities that are built as software components that can be reused for...
is important to business. SOA is a central theme in most middleware analyst roles within organizations..
Best Practices for Implementations
Middleware best practices encompass generally accepted principles to promote usability and maintainability. A selected few examples of best practices are included here to provide valuable insight and enlightenment as to how middleware addresses key principles of standards-basedCommunications server
Communications servers are open, standards-based computing systems that operate as a carrier-grade common platform for a wide range of communications applications and allow equipment providers to add value at many levels of the system architecture....
computing.
A common problem new implementations of middleware stumble into is how user-defined applications are configured so that queue references bypass Queue Alias definitions referring directly to the Queue Local or Queue Remote definition. This is a deviation from Best Practices and should be corrected when the administrator and/or programmer can correct it within time and scope parameters. All references from user-defined Applications should point to Queue Aliases. Then the Queue Aliases should point to the defined Queue Local or Queue Remote.
Queue Aliases allow flexibility for middleware administrators to resolve or relieve production problems quickly. By using Queue Aliases, middleware administrators can redirect message flow
IBM WebSphere Message Broker
WebSphere Message Broker is IBM's integration broker from the WebSphere product family that allows business information to flow between disparate applications across multiple hardware and software platforms. Rules can be applied to the data flowing through the message broker to route and transform...
, in the event of a service problem, without changes to the user-defined application. For example, if a Queue Local were overflowing, a middleware admin could change the Queue Alias to point to a temporary Queue Local, thereby allowing the user-defined application to continue its processing without interruption while the underlying root cause is corrected.
By pointing all user-defined Application references to Queue Aliases, it preserves the flexibility that middleware admins would have to help with Production issues that may occur. If the Best Practice of Queue Aliases were not followed, the ability of a middleware admin to help with a Production outage would be hindered.
Skills required of a Middleware Analyst
Message queuing (“MQ”) is a middleware technology that greatly simplifies communication between the nodes of a system and between the nodes that connect systems together. Information System Consultants use Message Queuing as their skill base. Upon this base, Information System Consultants add Workflow management, Message brokering, and cutting edge J2EE implementations using Java Virtual Machines (JVMs) and Message Driven Beans (MDBs).Arguably the most important skill a middleware analyst uses is not technical, it is surely cultural. SOA
Service-oriented architecture
In software engineering, a Service-Oriented Architecture is a set of principles and methodologies for designing and developing software in the form of interoperable services. These services are well-defined business functionalities that are built as software components that can be reused for...
does require people to think of business and technology differently. Instead of thinking of technology first (If we implement this system, what kinds of things can we do with it?), middleware analysts must first think in terms of business functions, or services (My company does these business functions, so how can I set up my IT system to do those things for me most efficiently?). It is expected that adoption of SOA
Service-oriented architecture
In software engineering, a Service-Oriented Architecture is a set of principles and methodologies for designing and developing software in the form of interoperable services. These services are well-defined business functionalities that are built as software components that can be reused for...
will change business IT departments, creating service-oriented (instead of technology-oriented) IT organizations. Middleware analysts perform crucial evangelization of this concept.
The enterprise service bus
Enterprise service bus
An enterprise service bus is a software architecture model used for designing and implementing the interaction and communication between mutually interacting software applications in Service Oriented Architecture...
is a core element of any SOA
Service-oriented architecture
In software engineering, a Service-Oriented Architecture is a set of principles and methodologies for designing and developing software in the form of interoperable services. These services are well-defined business functionalities that are built as software components that can be reused for...
. ESBs provide the "any to any" connectivity between services within a company, and beyond that company to connect to the company's trading partners. Therefore, middleware analysts need to be skilled in SOA
Service-oriented architecture
In software engineering, a Service-Oriented Architecture is a set of principles and methodologies for designing and developing software in the form of interoperable services. These services are well-defined business functionalities that are built as software components that can be reused for...
and enterprise service bus
Enterprise service bus
An enterprise service bus is a software architecture model used for designing and implementing the interaction and communication between mutually interacting software applications in Service Oriented Architecture...
concepts first and foremost. Middleware analysts rely on an SOA Reference Architecture to lay out an SOA environment
SOA environment
A typical Service-Oriented Architecture environment consists of tools and technologies that enable design, development, and deployment of modules that comprise a Service Component Architecture. Open Source and proprietary tools can be used....
that meets the company's needs and priorities. The ESB is part of this reference architecture and provides the backbone of an SOA but is not considered an SOA by itself.
Generic Common Practices
Because middleware is a cross-platform tool, the sophistication of your middleware analysts are expected to be acute. People that are designing and implementing the middleware message flow need to fully understand how the security modelComputer security model
A computer security model is a scheme for specifying and enforcing security policies.A security model may be founded upon a formal model of access rights, a model of computation, a model of distributed computing, or no particular theoretical grounding at all....
on each target platform works. This may include Windows, Unix
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
, z/OS
Z/OS
z/OS is a 64-bit operating system for mainframe computers, produced by IBM. It derives from and is the successor to OS/390, which in turn followed a string of MVS versions.Starting with earliest:*OS/VS2 Release 2 through Release 3.8...
or AS/400.
Middleware protects data in transit through PKI
Public key infrastructure
Public Key Infrastructure is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate...
and SSL
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
technology. Security certificates are procured from a Certification Authority and regularly deployed and updated on servers. This protects data while it is in-transit as it leaves one Server and arrives on the next server in the chain. It does not protect data while data is at rest.
Supplemental transmission security
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
can augment the primary SSL measures that exist on your server. These are SSL client authentication, DN filtering, CRL check by LDAP, and cryptographic hardware (IPSEC-level encryption). This type of security is called "border-level security" because it only protects the data from when it leaves your borders until it gets to your trading partner's borders. It does not protect data once data has entered the border. IPSEC is the most efficient and least costly protection method. SSL is the middle ground, with a balance between flexibility, resource consumption, and transmission time.
When data is at rest in queues, it is not protected by MQ. That is, data is in "plain text". Therefore, if the data contained in messages is so sensitive that you do not want your trusted administrators to see this data, then it is essential that application-level data encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
be used. Examples of data which could be protected by this strategy include banking data (account numbers, banking transactions, etc.) Application-level transaction security is the most secure form of protection but also the most costly in terms of CPU and I/O bandwidth consumption of both the sending and receiving servers. It is also the least efficient.
Middleware data channels can be set up to provide varying degrees of protection. A sender/receiver channel pair could be configured to provide IPSEC transport-level security not using SSL. A second sender/receiver pair could be configured to provide SSL border-to-border level security not using IPSEC. A third sender/receiver channel pair could be set up to provide application-level encryption. Using this scheme, you provision a wide selection of protection mechanisms from which your applications can choose at runtime. This offers your applications the ability to achieve best security when needed or more efficient security when data is not quite so sensitive.
HIPAA-specific Considerations
If your enterprise handles HIPAA ePHI data, then your middleware analysts need to know and understand the requirements set forth by lawInformation Privacy Laws
Information privacy laws cover the protection of information on private individuals from intentional or unintentional disclosure or misuse. The European Directive on Protection of Personal Data, released on July 25, 1995 was an attempt to unify the laws on data protection within the European...
. Failure to protect data at-rest may subject your organization to fines and penalties levied by the Federal government or other authority. This requires application-level data encryption prior to delivering the data to the queuing system for transport.
System administrators, including middleware analysts, are not permitted to view unprotected ePHI data. Therefore, whenever ePHI data is present in any information system, it must be protected
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
from the ability of an administrator to view it. It is not permissible to allow ePHI data to be kept in a queue unprotected.
See also
- event-driven SOAEvent-driven SOAEvent-driven SOA is a form of service-oriented architecture , combining the intelligence and proactiveness of event-driven architecture with the organizational capabilities found in service offerings...
- Enterprise service busEnterprise service busAn enterprise service bus is a software architecture model used for designing and implementing the interaction and communication between mutually interacting software applications in Service Oriented Architecture...
- IBM WebSphere MQ
- IBM WebSphere Message BrokerIBM WebSphere Message BrokerWebSphere Message Broker is IBM's integration broker from the WebSphere product family that allows business information to flow between disparate applications across multiple hardware and software platforms. Rules can be applied to the data flowing through the message broker to route and transform...