Ivelin Radkov - Fotolia


How to implement a middleware governance process

Having a middleware governance process is critical in industries like finance that need to navigate a host of government regulations and reporting requirements.

Startup companies have the freedom to define a middleware governance process on relatively consistent software architecture. More established companies face a bigger challenge in implementing a governance process across a middleware tier that spans multiple legacy platforms and business units. Having a middleware governance process is particularly critical in industries like finance that need to grapple a host of government regulations, reporting requirements and sound financial practices.

At the WSO2Con conference, Michael Gardner, managing director and head of the BNY Mellon Innovation Center explained how the bank is upgrading its middleware in a way that balances agility and thoughtful governance. The goal is to improve the bank's ability to create a cloud fabric that allows the bank respond to new opportunities quickly while managing risk and compliance needs. Gardner said, "It is not only about allowing geeks to write new systems, but to enable business units to accept and adopt this infrastructure."

Internal marketing and education are important

Implementing a solid middleware foundation is critical to allowing BNY Mellon to embrace microservices as well. This will allow the bank to empower small teams of developers to implement specific services with fewer dependencies on other teams and systems. Gardner said this is critical for developer productivity because BNY Mellon has nearly 13,000 IT personnel working across multiple systems and business units.

Service owners at BNY need to take services and wrap them up using RESTful APIs so that other teams can discover and consume them. Enterprises have to watch and measure these efforts closely. "Going to those teams and helping them to understand what it takes to make their business systems accessible as API services can be a daunting challenge," Gardner said. "This takes education and marketing to convince them it is a good thing to do."

Empower an API center of excellence

Performance problems can occur when services call each other, which can be more problematic when some are on premises and others are in the cloud. It is also important to consider ownership of the data, particularly when each microservice uses a separate data store. Isabelle Mauny, vice president of product management at WSO2, said, "All of these issues will have an impact on performance, latency and data consistency. There are advantages with doing microservices, but it is important to have a checklist so that the enterprise does not get burned."

Enterprises need to resolve the issue of ownership. If the enterprise has divisions structured in silos and uses an enterprise service bus (ESB) or API management gateway, it is important to ask who owns it. Mauny said a good practice is to create a center of excellence to promote services and APIs within the company. This is important whether the enterprise adopts ESBs, microservices or API management gateways.

BNY created a dedicated API product management team that spent several months inventorying the business and software systems to generate a service map and plan out an API product roadmap. This team helped communicate between API service teams and business owners to prioritize the implementation of new services. This process helped identify redundant services and reduce overlap.

Components of a governance process

Elements of BNY Mellon's governance process have included creating a lab, auto-generating documentation, establishing a support model, creating a monetization strategy and globalization:

  • An API lab lets developers make prototypes of their services available to others within the company in a secure manner. This empowers developers to experiment and implement services quickly. At the same time, the developers can advise each other on best practices and ensure that services meet governance requirements before being pushed into production. "It becomes a learning environment," Gardner said. "This is important to make sure there is no friction."
  • A documentation strategy ensures that API usage is self-evident to other developers. BNY uses Swagger to generate JSON documents with code samples that make it easier for other developers to leverage the services behind them than simply publishing Word documents.
  • It is also a good practice to make sure that the service team has a support model to address unforeseen third-party developer challenges. "Not all teams have thought this through," Gardner said. "Another aspect of governance is making a checklist that includes documentation on how developers can get help on the weekend. All of these are aspects of a mature support model. The API development teams need to include these elements in the checklist to have a go/no go policy in terms of pushing the API into production."
  • The development teams need to talk to the business teams to articulate what the monetization model behind the API is supposed to be. This model needs to be correlated with the system of record API and integrated into the support system.
  • Globalization support needs to be built into the API from the beginning so that it doesn't have to be retrofitted later. There are a lot of different aspects to globalization beyond simple language translation including date formats, country codes and currencies.

Next Steps

Business continuity boosts governance process

Take the lead on data governance process

The ALM governance process

Dig Deeper on Cloud governance