Middleware eases client/server challenges

Federal agencies that have moved away from mainframes and into client/server computing have discovered that the world has become a bit more complicated.

While mainframes may have been more expensive to maintain and inflexible, they offered a homogeneity and a discipline lacking in the distributed environment. In contrast, the client/ server practitioner must deal with a Babel of disparate operating systems and communications protocols, multiple data sources and differing hardware platforms, including those pesky mainframes.

A growing number of agencies are turning to middleware to deal with the muddle of client/server. Middleware is a software technology that masks differences between operating systems and network protocols, allowing data to flow among different hardware platforms and resident applications. Middleware also provides smoother access to legacy data and applications—an important factor in the federal sector. And finally, middleware brings such mainframe-like features as security, transaction integrity and fault tolerance to the distributed environment.

The government's middleware adherents include the Army's Sustaining Base Information Services (SBIS) project and the Defense Department's Global Command and Control System (GCCS). The Joint Logistics Systems Center (JLSC) is another DOD middleware user of note, with a number of projects under way. And DOD and the Department of Veterans Affairs are testing a software "mediator" that will bridge DOD and VA health care systems, according to Fred Peters, director of operations for the Office of the Assistant Secretary of Defense for Health Affairs.

"Middleware is the layer of software that enables interoperability between the various components of a system," explained Ralph Luck, vice president of technology at Praxis Inc., an Alexandria, Va., consulting firm. "Middleware becomes essential as we move to distributed processing."

But there's a catch. Middleware is every bit as amorphous as the client/ server technology it seeks to corral. The information technology field is rife with definitions and perceptions of middleware. Today vendors offer at least five kinds of middleware products. Users with particularly complex environments may need multiple kinds of middleware to impose order on their distributed systems.

"There is no such thing as one middleware product that does everything for everyone," said Peter Tait, vice president of marketing at PeerLogic Inc., a San Francisco-based middleware vendor. "It's quite likely that you'll see four or five products...in a complex application."

Tait and other executives said they believe that middleware technologies are beginning to converge and that there will be greater integration among the various layers of middleware in the future.

RDA Solutions

Industry executives divide middleware technology in different ways, but essentially the major categories are remote data access (RDA), remote procedure call (RPC), message-oriented middleware (MOM), object request brokers (ORBs) and distributed transaction processing monitors.

RDA products, sometimes referred to as gateways, allow clients to tap data housed in different database servers—be they Unix boxes or mainframes. This form of middleware is currently considered the most widely used in the federal and commercial sectors.

"The perception in the market regarding middleware has been overwhelmingly focused on access of remote databases," said H. Bailey Spencer, president of Praxis.

RDA products translate database access statements into the database access language of the targeted database. Products designed for SQL, for example, convert access statements into the proprietary SQL dialects used by the various relational database management vendors. RDA products also conceal the differences among various network protocols, allowing database queries to clear potential network hurdles.

Vendor offerings include Information Builders Inc.'s EDA, Software AG's Entire Access and SAS Institute Inc.'s SAS/Access. The database management vendors also offer gateway products, such as Sybase Inc.'s Enterprise Connect middleware line.

"Why should anyone care about middleware? Productivity," said David A. MacSwain, senior vice president of marketing and technology with Software AG Federal, Reston, Va. "Middleware hides a lot of the complexities of the network that—without middleware—would have to be dealt with at a very esoteric programming level."

The Congressional Budget Office and the Marine Corps use the Entire Net-Work portion of Software AG's middleware product line.

The RPC Approach

RDA solutions are typical of two-tiered client/server environments that revolve around desktop clients and a departmental server. More sophisticated, three-tiered environments require different middleware approaches, industry executives said. One popular method is RPC, which is the basis for such distributed architectures as the Open Software Foundation's Distributed Computing Environment (DCE) and Sun Microsystems Inc.'s Network File System.

With RPC, a client program issues a request for a specific service located on a remote machine. The request then returns to the client device with the results of that service. RPC technology is thus able to tap applications across an entire network, regardless of the specific hardware platforms and operating systems involved. RPC vendors include NobleNet Inc., Southboro, Mass., and Netwise Inc., a Boulder, Colo., company purchased late last year by Microsoft Corp. Information Builders' EDA also handles RPC.

In the government, JLSC is using RPC-based middleware as it deploys key logistics systems in a classic three-tiered environment featuring PC clients, Unix servers and mainframes housing legacy databases.

"In DOD, they are beginning to develop a new generation of systems, but they still need to access old legacy applications," Praxis' Luck said. Besides linking disparate platforms, RPC also provides for improved security and data integrity, Luck said.

Praxis is supplying Netwise Inc.'s RPC products to JLSC via the Defense Enterprise Integration Services contracts. The products are being used to implement material management and depot maintenance systems.

Information Builders' EDA is heavily involved in JLSC's Materiel Management Standard System, according to Dennis McLaughlin, national sales manager for EDA at Information Builders. The company is providing the product through integrator Computer Sciences Corp.

JLSC is also testing a middleware product from Open Environment Corp., a Boston firm that industry analysts place in the RPC/DCE camp. Open Environment markets Entera, a development tool that partitions applications into three segments: user interface, business logic and data access.

Robb Alpaugh, head of Open Environment's federal operation, said a key theme in the government's use of middleware is platform integration. DOD in particular, he said, is interested in "bringing mainframes into the client/server architecture."

Army Lt. Gen. Alonzo Short (ret.), former director of the Defense Information Systems Agency, is no stranger to DOD integration. In his new role as president of Micah Systems Inc., he said he views middleware as a critical factor in the migration of DOD systems. Micah employees are being trained on Open Environment's Entera.

"I think for the foreseeable future, middleware is certainly the way to go," Short said. The key, he added, is being able to access legacy systems from a client/server environment.

Civilian agencies are running with middleware as well.

NASA is among the agencies employing DCE. And Information Builders' McLaughlin cited the Agriculture Department and the U.S. Postal Service as middleware customers. McLaughlin called the government the "perfect middleware customer."

Message-Oriented Middleware

MOM technology uses a store-and-forward paradigm reminiscent of electronic mail. In the MOM approach, the client sends a message to request a particular service on a remote server, much like RPC. But with MOM, messages go to a queue. Here, a queue manager directs the message to trigger the appropriate service. A response is then sent back to the client.

The queuing method offers improved reliability because the message remains in the queue even if the targeted server crashes, according to MOM vendors. In addition, MOM is asynchronous, which means that the client can do other things while it waits for a reply from the initial message.

RPC products, in contrast, are synchronous, although non-blocking synchronous technology—developed by Netwise—allows RPC systems to act asynchronously. And some products, such as Software AG's Entire Broker, support both RPC and messaging approaches.

MOM products include IBM's MQSeries Three-Tier, Momentum Software's X*IPC, Peerlogic's PIPES Platform and Talarian Corp.'s SmartSockets.

Talarian does 65 to 75 percent of its business in the federal market, according to Tom Laffey, Talarian's co-founder and vice president of engineering. "We find the government pretty aggressive about purchasing middleware," he said.

Talarian's SmartSockets is playing an integration role on the Air Force Space Missile Systems Center's Center for Research Support satellite control system. The system, which plans missions and plots orbits for satellites, uses an array of commercial off-the-shelf products. Storm Integration Inc., a systems integrator, used SmartSockets to build the Air Force's satellite system.

"Storm was able to piece that together from off-the-shelf products, gluing them together with middleware," Laffey said.

Demand for MOM products tracks with the rise of more sophisticated client/server architectures, noted PeerLogic's Tait. "When we started with client/server...the need for a complex infrastructure was not obvious,"

Tait said. "Now people are building more complex, three-tiered architectures."

Integration is the main theme for PeerLogic's MOM products. Tait said his company gets involved with organizations that have a mix of machines and databases built at different times.

According to Tait, prospects often ask, " `Can we put a consistent set of glue out there to make things look the same?' They need an infrastructure to handle complexity."

ORBs Arrive

ORBs are object-oriented technology's entry in the middleware market. ORBs provide a mechanism that allows objects to make requests and receive responses. The ORB mediates between applications, providing interoperability within a distributed system. ORBs also offer security features, including authentication mechanisms that check the identities of requesting and receiving objects.

The Object Management Group's Common Object Request Broker Architecture (CORBA) specification—recognized by most of the major ORB makers—provides objects with a standard way of invoking each other's services.

ORB products include Digital Equipment Corp.'s ObjectBroker, IBM's SOM and Iona Technologies Ltd.'s Orbix. In the integration community, TRW Inc.'s Systems Integration Group developed the CORBA-compliant Universal Network Architecture Services for C++ product. Rational Software Corp. is the primary distributor for the product.

ORBs offer the advantages of a simplified application structure that provides for code reuse and flexible applications, according to vendors. But the technology is still in its infancy, according to industry analysts.

"ORBs are really very immature," said Ed Ackly, a middleware analyst with International Data Corp.

"There is still a lot of evolution to go there."

Analysts point out that ORBs currently have limited means for ensuring transaction integrity. In other words, there is no way to confirm that an object invoked by an ORB actually completes the specified service. This criticism, however, is also made in reference to other middleware methods.

Nevertheless, some agencies are using ORBs. The Advanced Research Projects Agency and the Los Alamos National Laboratory, for example, have employed Iona's Orbix. Los Alamos tapped Sybase's Gain Momentum multimedia authoring tool and Orbix to create a telemedicine application that provides rapid access to patient records and charts.

Distributed TP Monitors

Distributed transaction processing monitors represent yet another layer of middleware. These products add rigor to other middleware approaches, introducing features that ensure the integrity of transactions.

The ability to track transactions has been a limitation in most distributed systems. Transaction protection is particularly important in the case of multiple, related transactions. For example, a middleware product could send a message to one system to ship an order and a message to another system to generate a bill. Failure to execute those transactions properly could result in an order being filled without billing the customer, or vice versa.

Industry executives said RPC, MOM and ORBs have vulnerabilities in this regard.

"It's clear that messaging middleware can be used independently of monitors," said Geoff Sharman, a strategic marketing consultant for IBM's CICS for AIX product line. "But if it fails to complete the work, a monitor is capable of saying, `Don't take the message out of the queue until the work is completed.' "

Better Integration

Accordingly, vendors are working to integrate distributed transaction processing monitors with the various middleware approaches. IBM, for example, is integrating its SOM ORB with monitor technology, according to Sharman.

Likewise, Transarc Corp., an IBM subsidiary and maker of the Encina transaction processing monitor, is seeking to collaborate with ORB vendors.

"We are working with some of the leading ORB vendors to make sure we are bringing these products together," said Peter Houston, market development manager at Transarc.

"ORBs and transaction processing monitors are on a converging track; there is no doubt they are a value-add to each other," Houston said.

The integration of RPC and transaction processing monitors, meanwhile, already is a reality. Encina, for example, is being used on a number of federal government projects in conjunction with the RPC-based DCE. DCE and Encina are key underpinnings of SBIS and are also being used on portions of GCCS, according to John Ryan, federal sales associate with Transarc.

Ryan said agencies involved with DCE sometimes have "additional requirements for transactional integrity and fault tolerance" that transaction processing monitors can provide. In addition, such transaction processing monitors as Encina extend DCE's security features. Encina, for example, includes a security checking function that automatically verifies that incoming requests are from authorized clients, according to Transarc.

The linking of transaction processing monitors is not the only integration afoot in middleware.

PeerLogic, for instance, has melded its PIPES Platform with Sybase's Enterprise Messaging Services. RPC leader NobleNet is reselling Iona's Orbix ORB. And Information Builders announced last month plans to integrate its RDA/RPC product with Momentum's X*IPC. An integrated product is expected this quarter.

The objective of these alliances is to support increasingly complex client/ server installations. Their timing couldn't be better, according to industry watchers.

"With the mainframe, everything was in one box," Praxis' Luck said. "If a distributed system is a virtual mainframe, you now have to have the software to do externally what had been done internally."


  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Congratulations to the 2020 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

  • Cybersecurity
    cybersecurity (Rawpixel/Shutterstock.com)

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

Stay Connected