Middleware analyst

Last updated

Middleware analysts are computer software engineers with a specialization in products that connect two different computer systems together. These products can be open-source or proprietary. As the term implies, the software, tools, and technologies used by Middleware analysts sit "in-the-middle", between two or more systems; the purpose being to enable two systems to communicate and share information.

Contents

Roles and Responsibilities

Middleware analysts [1] look at the system of systems. [2] They solve technical problems which involve large scale inter-disciplinary objectives with multiple, heterogeneous, distributed systems that are embedded in networks at multiple levels. [3] Middleware analysts hold and maintain proficiency in middleware technologies. Middleware is computer software that connects software components or applications. A central theme in most middleware analyst roles is being able to articulate why Service Oriented Architecture (SOA) is important to the business. [4]

Best practices for implementations

Middleware best practices promote usability and maintainability among the systems served. A few examples of best practices are included here to provide some insight as to how middleware addresses key principles of standards-based computing.

One common problem for middleware is the manner in which user-defined applications are configured so that queue references bypass queue alias definitions referring directly to the queue local or queue remote definition. Such a bypass of queue alias deviates best practices and should be corrected when the administrator and/or programmer can correct it within time and scope parameters. All references from user-defined applications should point to queue aliases. Then the queue aliases should point to the defined queue local or queue remote.

Queue aliases [5] allow flexibility for middleware administrators to resolve or relieve production problems quickly. By using queue aliases, middleware administrators can redirect message flow, in the event of a service problem, without changes to the user-defined application. For example, if a queue local were overflowing, a middleware admin could change the queue alias to point to a temporary queue local, thereby allowing the user-defined application to continue its processing without interruption while the underlying root cause is corrected.

By pointing all user-defined application references to queue aliases, it preserves the flexibility that middleware admins would have to help with production issues that may occur. If the best practice of queue aliases were not followed, the ability of a middleware admin to help with a production outage would be hindered.

Skills

Message queuing (“MQ”) is a middleware technology that greatly simplifies communication between the nodes of a system and between the nodes that connect systems together. Information system consultants use message queuing as their skill base. Upon this base, information system consultants add workflow management, message brokering, and J2EE implementations using java virtual machines (JVMs) and Message Driven Beans (MDBs).

Arguably the most important skill a middleware analyst uses is not technical, it is surely cultural. SOA does require people to think of business and technology differently. Instead of thinking of technology first, middleware analysts must first think in terms of business functions, or services. It is expected that adoption of SOA will change business IT departments, creating service-oriented (instead of technology-oriented) IT organizations. Middleware analysts perform crucial evangelization of this concept.

The enterprise service bus is a core element of any SOA. ESBs provide the "any to any" connectivity between services within a company, and beyond that company to connect to the company's trading partners. Therefore, middleware analysts need to be skilled in SOA and enterprise service bus concepts first and foremost. Middleware analysts rely on an SOA reference architecture to lay out an SOA environment that meets the company's needs and priorities. The ESB is part of this reference architecture and provides the backbone of an SOA but is not considered an SOA by itself.

Security concerns

Generic common practices

Because middleware is a cross-platform tool, the sophistication of your middleware analysts are expected to be acute. People that are designing and implementing the middleware message flow need to fully understand how the security model on each target platform works. This may include Windows, Unix, z/OS or IBM i.

Middleware protects data in transit through PKI and SSL technology. Security certificates are procured from a certification authority and regularly deployed and updated on servers. This protects data while it is in transit as it leaves one Server and arrives on the next server in the chain. It does not protect data while data is at rest.

Supplemental transmission security can augment the primary SSL measures that exist on your server. These are SSL client authentication, DN filtering, CRL check by LDAP, and cryptographic hardware (IPSEC-level encryption). This type of security is called "border-level security" because it only protects the data from when it leaves your borders until it gets to your trading partner's borders. It does not protect data once data has entered the border. IPSEC is the most efficient and least costly protection method. SSL is the middle ground, with a balance between flexibility, resource consumption, and transmission time.

When data is at rest in queues, it is not protected by MQ. That is, data is in "plain text". Therefore, if the data contained in messages is sensitive, then it is essential that application-level data encryption be used. Examples of data which could be protected by this strategy include banking data (account numbers, banking transactions, etc.) Application-level transaction security is the most secure form of protection but also the most costly in terms of CPU and I/O bandwidth consumption of both the sending and receiving servers. It is also the least efficient.

Middleware data channels can be set up to provide varying degrees of protection. A sender/receiver channel pair could be configured to provide IPSEC transport-level security not using SSL. A second sender/receiver pair could be configured to provide SSL border-to-border level security not using IPSEC. A third sender/receiver channel pair could be set up to provide application-level encryption. Using this scheme, you provision a wide selection of protection mechanisms from which your applications can choose at runtime. This offers applications the ability to achieve best security when needed or more efficient security when data is not quite so sensitive.

HIPAA-specific considerations

If your enterprise handles HIPAA ePHI data, then your middleware analysts need to know and understand the requirements set forth by law. [6] Failure to protect data at-rest may subject your organization to fines and penalties levied by the Federal government or other authority. [7] This requires application-level data encryption prior to delivering the data to the queuing system for transport. [8]

System administrators, including middleware analysts, are not permitted to view unprotected ePHI data. Therefore, whenever ePHI data is present in any information system, it must be protected from the ability of an administrator to view it. It is not permissible to allow ePHI data to be kept in a queue unprotected.

See also

Related Research Articles

z/OS 64-bit operating system for IBM mainframes

z/OS is a 64-bit operating system for IBM z/Architecture mainframes, introduced by IBM in October 2000. It derives from and is the successor to OS/390, which in turn followed a string of MVS versions. Like OS/390, z/OS combines a number of formerly separate, related products, some of which are still optional. z/OS has the attributes of modern operating systems, but also retains much of the older functionality originated in the 1960s and still in regular use—z/OS is designed for backward compatibility.

The Jakarta Messaging API is a Java application programming interface (API) for message-oriented middleware. It provides generic messaging models, able to handle the producer–consumer problem, that can be used to facilitate the sending and receiving of messages between software systems. Jakarta Messaging is a part of Jakarta EE and was originally defined by a specification developed at Sun Microsystems before being guided by the Java Community Process.

Middleware in the context of distributed applications is software that provides services beyond those provided by the operating system to enable the various components of a distributed system to communicate and manage data. Middleware supports and simplifies complex distributed applications. It includes web servers, application servers, messaging and similar tools that support application development and delivery. Middleware is especially integral to modern information technology based on XML, SOAP, Web services, and service-oriented architecture.

A virtual private network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. The benefits of a VPN include increases in functionality, security, and management of the private network. It provides access to resources that are inaccessible on the public network and is typically used for remote workers. Encryption is common, although not an inherent part of a VPN connection.

An application server is a server that hosts applications or software that delivers a business application through a communication protocol.

In computer science, message queues and mailboxes are software-engineering components typically used for inter-process communication (IPC), or for inter-thread communication within the same process. They use a queue for messaging – the passing of control or of content. Group communication systems provide similar kinds of functionality.

Message-oriented middleware (MOM) is software or hardware infrastructure supporting sending and receiving messages between distributed systems. MOM allows application modules to be distributed over heterogeneous platforms and reduces the complexity of developing applications that span multiple operating systems and network protocols. The middleware creates a distributed communications layer that insulates the application developer from the details of the various operating systems and network interfaces. APIs that extend across diverse platforms and networks are typically provided by MOM.

<span class="mw-page-title-main">Internet security</span> Branch of computer security

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

IBM MQ is a family of message-oriented middleware products that IBM launched in December 1993. It was originally called MQSeries, and was renamed WebSphere MQ in 2002 to join the suite of WebSphere products. In April 2014, it was renamed IBM MQ. The products that are included in the MQ family are IBM MQ, IBM MQ Advanced, IBM MQ Appliance, IBM MQ for z/OS, and IBM MQ on IBM Cloud. IBM MQ also has containerised deployment options.

In software architecture, publish–subscribe is a messaging pattern where senders of messages, called publishers, do not program the messages to be sent directly to specific receivers, called subscribers, but instead categorize published messages into classes without knowledge of which subscribers, if any, there may be. Similarly, subscribers express interest in one or more classes and only receive messages that are of interest, without knowledge of which publishers, if any, there are.

Oracle Fusion Middleware consists of several software products from Oracle Corporation. FMW spans multiple services, including Java EE and developer tools, integration services, business intelligence, collaboration, and content management. FMW depends on open standards such as BPEL, SOAP, XML and JMS.

Network Security Services Collection of cryptographic computer libraries

Network Security Services (NSS) is a collection of cryptographic computer libraries designed to support cross-platform development of security-enabled client and server applications with optional support for hardware TLS/SSL acceleration on the server side and hardware smart cards on the client side. NSS provides a complete open-source implementation of cryptographic libraries supporting Transport Layer Security (TLS) / Secure Sockets Layer (SSL) and S/MIME. NSS releases prior to version 3.14 are tri-licensed under the Mozilla Public License 1.1, the GNU General Public License, and the GNU Lesser General Public License. Since release 3.14, NSS releases are licensed under GPL-compatible Mozilla Public License 2.0.

The Advanced Message Queuing Protocol (AMQP) is an open standard application layer protocol for message-oriented middleware. The defining features of AMQP are message orientation, queuing, routing, reliability and security.

There are a number of security and safety features new to Windows Vista, most of which are not available in any prior Microsoft Windows operating system release.

IBM App Connect Enterprise is IBM's premier integration software offering, allowing business information to flow between disparate applications across multiple hardware and software platforms. Rules can be applied to the data flowing through user-authored integrations to route and transform the information. The product can be used as an Enterprise Service Bus supplying a communication channel between applications and services in a service-oriented architecture.

Message broker

A message broker is an intermediary computer program module that translates a message from the formal messaging protocol of the sender to the formal messaging protocol of the receiver. Message brokers are elements in telecommunication or computer networks where software applications communicate by exchanging formally-defined messages. Message brokers are a building block of message-oriented middleware (MOM) but are typically not a replacement for traditional middleware like MOM and remote procedure call (RPC).

Service-oriented architectures (SOA) are based on the notion of software services, which are high-level software components that include web services. Implementation of an SOA requires tools as well as run-time infrastructure software. This is collectively referred to as a service-oriented architecture implementation framework or (SOAIF). The SOAIF envisions a comprehensive framework that provides all the technology that an enterprise might need to build and run an SOA. An SOAIF includes both design-time and run-time capabilities as well as all the software functionality an enterprise needs to build and operate an SOA, including service-oriented:

Middleware is a type of computer software that provides services to software applications beyond those available from the operating system. It can be described as "software glue".

Enduro/X is an open-source middleware platform for distributed transaction processing. It is built on proven APIs such as X/Open group's XATMI and XA. The platform is designed for building real-time microservices based applications with a clusterization option. Enduro/X functions as an extended drop-in replacement for Oracle Tuxedo. The platform uses in-memory POSIX Kernel queues which insures high interprocess communication throughput.

Apache RocketMQ Open-source stream processing platform

RocketMQ is a distributed messaging and streaming platform with low latency, high performance and reliability, trillion-level capacity and flexible scalability. It is the third generation distributed messaging middleware open sourced by Alibaba in 2012. On November 21, 2016, Alibaba donated RocketMQ to the Apache Software Foundation. Next year, on February 20, the Apache Software Foundation announced Apache RocketMQ as a Top-Level Project.

References

  1. "Middleware Analyst, Emerging Technology". Archived from the original on 2010-08-20. Retrieved 2009-09-04.
  2. Agrawal, M.; Graba, L. (2005). "Distributed Middleware Requirements for Disparate Avionics and Control Software". 24th Digital Avionics Systems Conference. Vol. 2. pp. 8.B.4-1-8.B.4-5. doi:10.1109/DASC.2005.1563466. ISBN   0-7803-9307-4. S2CID   23776303.
  3. Tai, Stefan; Lamparter, Steffen (2008). "Modeling Services – An Inter-disciplinary Perspective". Communications in Computer and Information Science. 8: 8–11. doi:10.1007/978-3-540-78999-4_2. ISBN   978-3-540-78998-7.
  4. "Removed".
  5. "System Administration Guide". Archived from the original on 2003-09-27. Retrieved 2009-09-04.
  6. "Archived copy" (PDF). Archived from the original (PDF) on 2009-04-19. Retrieved 2009-05-04.{{cite web}}: CS1 maint: archived copy as title (link)
  7. "HIPAA: Health Insurance Portability and Accountability Act". Archived from the original on 2009-04-22. Retrieved 2009-05-04.
  8. "Us-en_software_HP". 9 November 2020.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.