 | Level: Intermediate Michael Groetzner (michael_groetzner@de.ibm.com), IBM Software Group, Boeblingen Lab, Germany
16 Jun 2004 This article describes the challenges of delivering a product on top of WebSphere MQ Integrator Broker. For each challenge, a solution is shown using a feature of WebSphere Business Integration for Financial Networks.
| |
Get the products and tools used in this article
If you are a developerWorks subscriber, you have a single user license to use
a selection of WebSphere Business Integration products,
and other DB2®, Lotus®, Rational®, Tivoli®, and WebSphere products, including the Eclipse-based WebSphere Studio IDE, to develop, test, evaluate, and demonstrate your applications.
If you are not a subscriber, you can subscribe today.
|
|
Introduction
WebSphere® MQ Integrator Broker is IBM's powerful message broker product. You can use it stand-alone to solve a business problem, but you can also use it as part of a larger solution. You can use the broker as an underlying run-time environment and WebSphere MQ Integrator Broker as middleware. Such a scenario occurs when developing an IBM® product, available as WebSphere Business Integration for Financial Networks (hereafter called WebSphere BI for FN). One part of the product, called WebSphere BI for FN Base, is a general infrastructure and provides solution independent services to deliver products on top of WebSphere MQ Integrator Broker V2.1. The other parts, called extensions, use the services of the Base product. These extensions deliver access to different financial networks, for example, the Extension for SWIFTNet allows connecting applications to the Secure IP Network (SIPN) provided by SWIFT. Extensions are provided by IBM, independent software vendors (ISVs), or customers.
WebSphere BI for FN Base supports extensions in the following areas:
- Customization eases adapting message flows and their resources to a customer environment.
- Configuration allows dynamically influencing message flow processing.
- Access control checks whether a specific message is allowed to be processed within a message flow.
- Solution independent services extends the functions of the WebSphere MQ Integrator Broker with a set of nodes commonly required by several extensions.
The following sections describe each of these areas and which problem they solve.
Customization: Changing message flows to a customer
environment
A message flow usually references external resources, for example, database tables or WebSphere MQ queues. Bringing this message flow to a new environment, say from a development or test environment to a production environment, normally requires changes to the resource definitions and message flow. Resource definitions in development, test, and production environments at most customer sites have different naming conventions, for example, different high level qualifiers.
You need to consider such differences in the message flow. Changing a message flow and resource definitions for a new environment is time consuming and error prone. This is true if you provide your message flow as part of a service offering, solution, or product. You must rely on your customer to perform the changes correctly. Maintaining and servicing such message flows and resource definitions is difficult.
To solve the problem, WebSphere BI for FN collects all the necessary information about the instance and its brokers during customization using a customization program. An instance is a set of servers that are managed together, for example, a subset of brokers in a WebSphere MQ Integrator Broker domain.
When loading a service, represented by a message flow to a new message broker in a new broker domain, the customization program automatically changes resource definitions and the message flow according to the collected information. Figure 1 shows the process.
Figure 1. WebSphere BI for FN customization process
In Figure 1, the imported message flows and resource definitions are referenced as templates,
because they need to contain information that was fed into the customization program as customization data.
As a result of the customization process, you get personalized message flows and personalized resource definitions that you can deploy to your resource managers. The personalized message flows have to be imported into the Control Center that manages the WebSphere MQ Integrator Broker domain where the WebSphere BI for FN message flows should run. You can assign and deploy these message flows to the broker. This is similar for other personalized resource definitions. For example, a WebSphere MQ queue definition has to be processed with the WebSphere MQ program, runmqsc, on distributed platforms for the queue manager that is used for the broker. With this process, you get message flows that are consistent with the resource definitions required to run the message flow. Therefore, errors are significantly reduced.
The customization program itself is a text substitution program. For any place in a resource definition or in the message flow where you need a substitution, you can add a placeholder. The customization program processes the template files, recognizes the placeholder, and substitutes it with the actual value for the target environment. These substitution values are collected when a WebSphere BI for FN customizer describes the target environment using the customization program. Such a target environment is more complex. WebSphere BI for FN supports multiple brokers with different distribution of message flows and entities called organizational units (OU) that restricts access to resources within a message flow. When there is a change to the environment, the actual definition needs to be available. This is why the customization data is stored in a customization database.
Configuration: Dynamically influence message flow
processing
With customization, you are setting static information about the runtime environment of a message flow. In many situations, this is not sufficient. The message flows that you develop may provide capabilities that customers may not want to use. In some installations, you need to provide one flow.
However, the flow may need to behave differently, depending on which department owns the message. An example is that the flow has auditing capabilities, but only one of the departments is forced to write the information. Another department cannot afford the resources to perform that operation. For different departments, they can use a WebSphere BI for FN OU. If a message flow is shared by different OUs that need different resources, such as OU-specific destination queues or OU-specific databases, static attributes as supported with WebSphere BI for FN customization, would lead to a set of similar message flows. To avoid this, WebSphere BI for FN offers dynamic attributes with a WebSphere BI for FN configuration service.
With the configuration service, you can define configuration object types and configuration objects as shown in Figure 2. A configuration type is a definition with a name (car) and a collection of attribute names (color, speed, and so on). The configuration type is defined for the whole processing environment, called an instance in WebSphere BI for FN. It describes objects needed during processing. For a configuration type, you can define configuration objects and assign values to each attribute of the object. This can be done for each OU. You can feed these configuration objects into the message flow processing, for example, to be used with the usual WebSphere MQ Integrator Broker compute or filter nodes.
Figure 2. Examples of configuration object types and objects
Feeding the configuration information into the message flow processing is done using the WebSphere BI for FN configuration data provider node. The configuration data provider node retrieves configuration information provided using the WebSphere BI for FN configuration service. This node enriches the message currently being processed with this information. This way, the information is available to subsequent nodes. These nodes then can use the information to make decisions or to use the values as resource names. A decision in a message flow is whether a specific operation, for example auditing, is performed within the OU. When using the information as a resource name, the values can represent the name of a queue for an MQOutput node, a database or database table name, or any other resource you need.
To administer configuration object type and configuration objects, WebSphere BI for FN provides a configuration administration service. The configuration administration service is implemented as a message flow that can process a set of commands. To access this message flow, WebSphere BI for FN provides the WebSphere BI for FN Command Line Interface (CLI). This program formats user input, sends it as a WebSphere BI for FN request message to the configuration message flow, and displays the responses to the commands.
Access Control: Allowing message flow processing
All message flows are processing messages. Each message has a user ID associated with it. For an application, this is the user ID of the person using the program. In many cases the use of the message flow is either restricted to some people or a message is only allowed to be processed by a user if certain criteria is met. For example, the addressee contained in the message is allowed for this person. Another example is a money transfer message flow. This message flow is capable of handling domestic and international payments. A user that is allowed to use the money transfer message flow for domestic payments is not authorized to issue international payments. You can protect the whole message flow by protecting its input queue using external security managers, such as
RACF® on z/OS®. For further security, WebSphere BI for FN provides a security service.
WebSphere BI for FN provides a service that lets you create and maintain security definitions. Like the configuration service, this service is accessed through the CLI. The WebSphere BI for FN security model consists of:
- Access rights define which operations you can perform. An access right is a definition that is done independent of any OU. WebSphere BI for FN provides a set of predefined access rights, but any user can define his or her own access rights.
- Roles are a set of access rights that are required to perform a specific task. Tasks could be, for example, configuration administration in WebSphere BI for FN. To do this, a set of different access rights are required.
Roles are independent of OUs, and customers can define them. WebSphere BI for FN has already some predefined roles, such as for configuration and security administration, but any user can define his or her own role. These roles can contain WebSphere BI for FN predefined access rights or any user defined access right.
- Users of WebSphere BI for FN are those user IDs that are transported by WebSphere MQ in the message descriptor (MQMD).
You can assign users to roles in an OU. A user can exercise different roles in an OU or the user can have the same role in different OUs. WebSphere BI for FN security administrators assign roles to users.
In a message flow, you can check whether a message is allowed to be processed by the message flow. To do this, invoke the access control node provided by WebSphere BI for FN. The access control node actually checks whether the user ID referenced in the MQMD is allowed to perform an operation. This check is done against the definitions made using the WebSphere BI for FN Security administration service.
To allow the node to perform the necessary checking, you must provide the required access rights to pass the node within the message flow. The access rights is either static access rights, for example, whether the user is allowed to use a specific message flow, or the access rights is dependent on the content of a message. For example, the message can contain a field that represents a printer where the message should be printed. You can use this printer name to check whether the user is allowed to print on this specific printer.
Additional functions: Extending WebSphere MQ Integrator Broker
WebSphere MQ Integrator Broker comes with a rich set of predefined nodes. WebSphere BI for FN provides a set of additional nodes that are needed by many products. These include the following functions:
- Message audit node: This node writes the body of a message together with some other data, such as the message id, to a WebSphere BI for FN message audit database. The audit data is separated for each OU, so that an administrator for one OU can view only his or her audit entries or maintain records written by its own message flows.
- Message warehouse node: The WebSphere BI for FN message warehouse node is a more sophisticated warehouse node than the warehouse node provided with WebSphere MQ Integrator. You can use the warehouse entries written using the WebSphere BI for FN message warehouse node for customer defined queries based on fields in the message body.
- Timer node: WebSphere BI for FN provides a timer service for processing timer events. This service is implemented in a set of nodes and a timer event processing message flow. You can define or cancel a timer event using the appropriate node.
A WebSphere BI for FN timer event processing message flow regularly checks timer events and generates WebSphere BI for FN service request messages for expired events. This is useful for timer events that are typically longer than several minutes and where the number of expired events are low.
Another node is a timer input node. This node periodically issues messages to its out terminal. You can use this node to create message flows that need to do regular clean-up operations.
- Event node: WebSphere BI for FN provides a node to issue WebSphere BI for FN events. The events are information units that report error information or business related status information. All events that are issued within a WebSphere MQ Integrator Broker domain is monitored centrally. WebSphere BI for FN provides different monitors and administration functions to view the events. Therefore, you can specify filters that any user can monitor just those events he or she is interested in.
The functions in WebSphere BI for FN provide message processing sub-flows that you can use in the same way as any WebSphere MQ Integrator Broker delivered node. For a complete list of nodes provided by WebSphere BI for FN, refer to the product documentation.
Conclusion
You can use WebSphere MQ Integrator Broker as a processing engine when building a product or a solution within a company. When providing such a product as middleware, you have a set of challenges to consider. The challenges are adapting a message flow to your customers’ environment, dynamically influencing the processing of messages, and accessing specific functions within a message flow. This article showed solutions for these challenges by using the features in WebSphere Business Integration for Financial Networks. These solutions are not only needed when delivering a product, but they are also useful for other WebSphere MQ Integrator Broker projects.
Resources
About the author | | | Michael Groetzner joined IBM in 1990. He has participated in different middleware projects. He was the technical architect for porting WebSphere MQ Integrator Broker to the z/OS platform. He is currently the architect for the WebSphere Business Integration for Financial Networks Base product. |
Rate this page
| |
