Die Präsentation wird geladen. Bitte warten

Die Präsentation wird geladen. Bitte warten

.NET Services Architects Council 27.01.2009 Dariusz Parys Developer Evangelist Developer Platform and Strategy Group Microsoft Deutschland GmbH.

Ähnliche Präsentationen


Präsentation zum Thema: ".NET Services Architects Council 27.01.2009 Dariusz Parys Developer Evangelist Developer Platform and Strategy Group Microsoft Deutschland GmbH."—  Präsentation transkript:

1 .NET Services Architects Council Dariusz Parys Developer Evangelist Developer Platform and Strategy Group Microsoft Deutschland GmbH

2 Kontakt Blog IM

3 Dienste in Azure

4 .NET Services Offene Zugriffstandards –REST, SOAP, RSS, AtomPub, … –Bibliotheken für Java, PHP, Ruby, … 3 Fokus Themen –Anwendungs Integration –Zugriffskontrolle in verteilten Systemen –Anwendungs Erweiterbarkeit

5 Service Bus

6 Enterprise Service Bus Service Orchestration Service Registry Naming Federated Identity and Access Control Messaging Fabric CRM Customers Leads Trends Campaigns Supply Chain Inventory Order Entry Planning Purchasing Point Of Sale POS Integration Product Catalog Returns Web Store

7 Internet Service Bus Service Orchestration Service Registry Naming Federated Identity and Access Control Messaging Fabric Clients MS/3 rd Party Services On-Premise ESB ESB Desktop, RIA, Web Desktop, RIA, & Web Your Services

8 Instant Messaging/Communication App –Access Control, Relay, Direct Connect Multiplayer Spiele –Access Control, Relay, Direct Connect Home Media Integration System –Access Control, Relay, Direct Connect Enterprise Integration System –Access Control, VPN/VAN Wer benötigt Connectivity?

9 Was muss man tun wenn… …man Anwendungen miteinander integrieren möchte die –in verschiedenen Netzwerken zu Hause sind? –unterschiedliche Benutzerverwaltungen haben? –nicht immer erreichbar sind?

10 IPv4 Adressraum –Dynamic IP Adresszuordnung –Network Address Translation (NAT) Internet voller Bad Guys –Firewall auf Firewall auf Firewall… Connectivity Challenges Sender Receiver ? Machine Firewall Network Firewall Network Address Translation Dynamic IP

11 Dynamic DNS NAT Port Mappings / UPnP Open Inbound Firewall Ports Es gibt Möglichkeiten Sender Receiver ? Machine Firewall Network Firewall Network Address Translation Dynamic IP Jede dieser Entscheidung bringt Risiken mit

12 Service Bus – Naming Service Registry Naming Federated Identity and Access Control Messaging Fabric

13 Naming Scheme [http|sb]://servicebus.windows.net/services/account/svc/… Root servicebus. windows. net services account contoso … … svc Service Registry Root Multi-Tenant The service registry provides a mapping from URIs to services

14 Service Bus – Service Registry Service Registry Naming Federated Identity and Access Control Messaging Fabric

15 Service Registry Registry nur für Service Endpunkte –Nichts anderes Programmatischer Zugriff über –Discover: Atom 1.0 feed hierarchy –Publish: Atom Publishing Protocol, WS- Transfer Naming Service Registry Client AtomPub WS-Transfer

16 Registry Feed Structure Solution Root Feed –http://servicebus.windows.net/services/solutio n/ –Hierarchisch Namin g Root SBWN service s svc solutio n svc solutio n Client AtomPub WS-Transfer

17 Services in Registry Feeds Title urn:uuid:82a76c80-d498-12d5-b91C e0ef6 … MyEndpoint urn:uuid:1225c695-cfb8-4ebb-aaaa-80da344efa6a

18 Service Bus – Messaging Service Registry Naming Federated Identity and Access Control Messaging Fabric

19 Aus.NET heraus: WCF –Microsoft.ServiceBus Service Bus - Messaging

20 NetOnewayRelayBinding Service Bus Sender Receiver sb://servicebus.windows.net/services/solution/a/b/ outbound connect one-way net.tcp TCP/S SL 828 Backend Naming Routing Fabric Frontend Nodes TCP/SSL 808/828 outbound connect bidi socket Msg NAT Firewall Dynamic IP Subscrib e Route NLB

21 NetEventRelayBinding Service Bus Sender Receiver sb://servicebus.windows.net/services/solution/a/b/ outbound connect bidi socket outbound connect one-way net.tcp TCP/S SL 828 Backend Naming Routing Fabric Frontend Nodes TCP/SSL 808/828 Msg Subscrib e Route Receiver outbound connect bidi socket TCP/S SL 828 Msg

22 NetTcpRelayBinding / Relayed Service Bus Sender Receiver sb://servicebus.windows.net/services/solution/a/b/ Backend Naming Routing Fabric Frontend Nodes Ctrl Socket-Socket Forwarder outboun d socket connect outbound socket rendezvous Ctrl TCP/SSL 818 Oneway Rendezvou s Ctrl Msg Oneway Rendezvou s Ctrl Msg NLB

23 NetTcpRelayBinding / Hybrid Service Bus Sender Receiver sb://servicebus.windows.net/services/solution/a/b/ Backend Naming Routing Fabric Frontend Nodes Ctrl relayed connect Oneway Rendezvou s Ctrl Msg Oneway Rendezvou s Ctrl Msg relayed rendezvous TCP/SSL 818, 819 NAT Probing NAT Traversal Connection upgrad e

24 [WS|Basic|Web]HttpRelayBinding Service Bus Sender Receiver sb://servicebus.windows.net/services/solution/a/b/ Backend Naming Routing Fabric Frontend Nodes Ctrl HTTP-Socket Forwarder HTTP HTTPS request outbound socket rendezvous Ctrl HTTP/S 80/443 Oneway Rendezvou s Ctrl Msg Oneway Rendezvou s Ctrl Msg NLB

25 Service Bus Demo

26 Access Control

27 Motivation On-premise services Customers/Partners ?

28 Motivation On-premise services Customers/Partners (A) STS (R) STS ? ? Cloud services 1..n

29 Scenario with the ACS On-premise/cloud services Customers/Partners Your ACS Trust

30 Diese Dienste nutzen den Access Control Service Microsoft SQL Data Services –Username / Passwort und ein Token des Access Control Service.NET Service Bus.NET Workflow Service The Portals Zugriff auf Services

31 Zusammenspiel Your Customers Your App Access Control Service Live ID Users XYZ Domain Users Wer? Was? UI Integrieren Service Bus Orchestrieren Speichern WF Data

32 Portal –Frontend zum Administrieren von Anwendungen und Regeln Client API –Programmierbare Schnittstelle Service (STS) –Zur Verfügung gestellter STS (Shared STS) –Interaktion mittels des Geneva Frameworks Bestandteile

33 Ablauf der Zugriffssicherung.NET Access Control Service (Managed STS).NET Access Control Service (Managed STS) Relying Party (Service Bus, Ihre Anwendung, etc.) Relying Party (Service Bus, Ihre Anwendung, etc.) 2. Claims senden (RST) 4. Token senden (RSTR) (enhält Claims von 3) 5. Nachricht senden mit Token 0. Cert|Secret austausch; periodisch aktualisiert Requestor (Ihr Kunde) Requestor (Ihr Kunde) 1. Zugriffsregeln für Kunden deklarieren 6.Claims werden überprüft 3. Input Claims Output Claims wie im Regelwerk beschrieben

34 Access Control Demo

35 Workflow

36 WF Runtime Beschreibung eines Programmablaufs Tools/Designers Activity Library Runtime Hosts Windows Workflow Foundation Tooling VS Designer VS Debugger Rehosted Designer Workflow Activity Library IIS/WAS+ Dublin IIS/WAS+ Dublin Workflow Service Workflow Service your.exe Direct your.exe Direct Hosts

37 Portal Neue Aktivitäten für die Windows Azure Plattform APIs zum installieren, ausführen und betreiben von Workflows in-the-cloud Orchestrierung von Diensten –Unternehmensübergreifende Dienste –Zugriff für Kunden und Partner durch Access Control Workflow Service – Überblick Zuverlässiger, skalierbarer off-premises host für Workflows

38 Design Workflows –Auswahl des Workflow Templates –Designer unterstützt –Neue Azure Activities und Subset der WF Activities Workflows installieren –Upload und Validierung Verwalten von Workflow Typen –Add, delete, update, view instances Verwalten von Workflow Instanzen –Create, run, control, track execution Arbeiten mit Workflows

39 Workflow Service – Design Flow Workflow & Rules XAML 11 Visual Studio WF Designer Your Apps & Services ServiceBusServiceBus Workflow PortalWorkflow Portal WorkflowClient APIWorkflowClient API SOAP Web ServiceSOAP Web Service Workflow PortalWorkflow Portal WorkflowClient APIWorkflowClient API SOAP Web ServiceSOAP Web Service Design Workflows 11 Deploy Workflows 22 Manage Workflow Instances 44 Manage Workflow Types VS – one click deploy

40 Workflow Portal Demo

41 SQL Data Service

42 Data Model And ACE Concepts Unit of geo-location and billing Tied to DNS name Collection of Containers

43 Concepts Entity Entity properties may differ in type and instance

44 Architecture Data Access Lib SDS Runtime REST / SOAP Data Access Lib SDS Runtime REST / SOAP Data Access Lib SDS Runtime REST / SOAP Data Access Lib SDS Runtime REST / SOAP Data Access Lib SDS Runtime REST / SOAP Data Access Lib SDS Runtime REST / SOAP Data Access Lib SDS Runtime REST / SOAP Mgmt. Services Distribute d Data Fabric SQL Server Mgmt. Services Distribute d Data Fabric SQL Server Mgmt. Services Distribute d Data Fabric SQL Server Mgmt. Services Distribute d Data Fabric SQL Server Mgmt. Services Distribute d Data Fabric SQL Server Mgmt. Services Distribute d Data Fabric SQL Server Mgmt. Services Distribute d Data Fabric SQL Server

45 SDS - Reliable Master Cluster Manager SDS – Data Nodes SDS - Back-end SQL Server Database Data And Master Nodes Data Node 105 Data Node 104 Data Node 103 Data Node 102 Data Node 101 P1 S1 P2 S2 S1 S2 P6 S6 P5 S5 S6 P3 S5 S3 P3 P4 S4 P1 P2 P3 P4 P5 P6 Partition Manager Global Partition Map SQL Server Partition Placeme nt Advisor Leader Elector Distributed Data Fabric

46 Zusammenfassung Anwendungsintegration durch den.NET Service Bus Zugriffskontrolle durch den.NET Access Control Service Wiederverwenden von Anwendungslogik durch.NET Workflow Service Melden Sie sich für den momentanen CTP an unter

47 Weiterführende Informationen PDC Videos –BB01, BB02, BB12, BB23, BB28, BB38, BB55 Blog Posts –Federating with the ACS Other resources –http://www.microsoft.com/azure/accesscontrol.mspx –http://msdn.microsoft.com/en-us/library/dd aspx –http://dunnry.com/blog/UsingSDSWithAzureAccessControlService.aspxhttp://dunnry.com/blog/UsingSDSWithAzureAccessControlService.aspx Blogs –http://blogs.msdn.com/dparyshttp://blogs.msdn.com/dparys –http://www.leastprivilege.comhttp://www.leastprivilege.com


Herunterladen ppt ".NET Services Architects Council 27.01.2009 Dariusz Parys Developer Evangelist Developer Platform and Strategy Group Microsoft Deutschland GmbH."

Ähnliche Präsentationen


Google-Anzeigen