Why the “Trusted Agent Model”
To better understand why we have chosen the Trusted Agent Model, it is important to describe the other two methods in a little detail so we can compare and contrast each approach.
If you are interested in how the Trusted Agent Model works, skip ahead to “How it Works”.
“Sneaker Net” – This method is where there is an actual person who is authorized to fetch information from the source system, translate this into some medium (verbal, paper, fax, email) and send it to another person who is authorized to receive the information and update the target system.
Some positive features of this pattern are:
• Each person only needs authorization for their system. One does not need access or have any knowledge of the other creating a firewall between the two enterprise systems.
• Each person can exercise discretion on what information is shared minimizing interactions between the two systems and providing a layer of authorization by only sharing the intended data.
• Simple to implement. This pattern can be implemented by business users and normally does not require developer support. There is little to no infrastructure beyond common transport protocols that most all business users have access to.
Some of the negatives of this pattern are:
• Dependent on a person being available when the transfer is needed. Possibility that the receiver is not available when data in sent so information stalls in the workflow.
• Data quality may be an issue due to a person’s bias and potential lack of strong business rules governing the transaction.
• Susceptible to social engineering attacks that cause data corruption or loss.
• In-secure transport protocol. Information is at risk of man-in-the-middle type of attacks and leakage during the transmission of data.
• Low bandwidth – many interactions require more people to support the workflow making scaling expensive.
“Trusted Third Party Model” – This method employs a software solution “Middleware” that sits between two or more enterprise systems and acts as a broker and workflow engine to move information from one system to another. The middleware is trusted with explicit knowledge of each system. It is programed to fetch information from the source and to update information in the target.
Some positive features of this pattern are:
• No actual person needed for normal information flows from one system to another and can happen 24/7.
• Communication channel can be secured reducing the risk of data leakage.
• Scalable. The number of information exchanges possible is much greater and fare less costly than the sneaker net.
• Works best in a scheduled synchronization pattern where the source system records are compared to target system records and any changes updated in the target system.
• Webhooks integration pattern can provide some “real time” integration flows.
Some of the negatives of this pattern are:
• The complexity of integration using API’s requires active development and management by professionals with software development skills. Business users must collaborate with IT to implement any information sharing.
• API security is complex and prone to mistakes. With Externally hosted SAS applications, API endpoints are exposed to the internet and are a target of exploitation.
• The solutions provider is responsible for defending against DDos and other internet focused attacks.
• Read-Time synchronization patterns are difficult or not supported and require a high level of up-time for each party to ensure message delivery.
• Business users delegate trust to the third party. The risk can be mitigated by hosting integration services internal to the organization, but trust must still be granted to the middleware hosting the services.
• All data transmitted becomes known by the third party.
“Trusted Agent Model” – This method focuses on discreate enterprise solution agents that share information in a publisher / subscriber model. This is closer to how people share information and uses many of the positive features from sneaker net and trusted third party patterns while reducing the risks of each. The pattern focuses first on real time integration workflows with support for scheduled synchronization as second choice.
Some positive features of this pattern are:
• Each agent is specific to a single enterprise solution and has no knowledge or access to other enterprise solutions.
• Agents are configured by the trusted business user and does not require professional developer skills to configure. Only information intended to be shared ever leaves the solution.
• Agents create a trust relationship between each other, authorized by their respective business user(s), that provides end-to-end encryption of shared information. Only the trusted agent can decrypt and validate a message sent by another trusted agent.
• Agents operate behind corporate fire walls and require no internet facing services, dramatically reducing the attack surface of the enterprise solution.
• By using a high availability durable messaging store like Microsoft’s Service Bus, messages can be sent and if necessary queued for later processing by agents that may be intermittently off-line. By using end-to-end encryption information is not exposed to a third party, Microsoft would not have the ability to decrypt any of the messages. Message durability, delivery sequence and fault recovery are features of this pattern.
Some of the negative features of this pattern are:
• Absolute synchronization of data sets is more challenging as this pattern does not employ full synchronization as the first-choice solution. This pattern can be implemented but the service bus message size is a limiting consideration.
• This pattern is not suited for traditional ETL workloads that satisfy business intelligence requirements. It is more suited to master data management where two enterprise systems need information native to the solution to perform its business function.
The following diagram is provided here to show the main components of this model.
See “How It Works” for a more detailed understanding of the components and how they interact to provide the workflow of the Trusted Agent Model.
Summary
The choice between these models depends on factors like security, scalability, technical expertise, and specific use case requirements. The “Sneaker Net” model is straightforward but has limitations in terms of security and scalability. The “Trusted Third Party Model” offers more flexibility but requires technical skills and third-party trust. The “Trusted Agent Model” prioritizes security, real-time integration and a business user focus but may be less suitable for certain data synchronization tasks.
We believe that the “Trusted Agent Model” bridges the gap between the two traditional strategies and offers an efficient cost effective solution to the Master Data management problem.