.NET Services Architects Council 27.01.2009 Dariusz Parys Developer Evangelist Developer Platform and Strategy Group Microsoft Deutschland GmbH
Kontakt Email dparys@microsoft.com Blog http://blogs.msdn.com/dparys IM developerevangelist@live.com
Dienste in Azure Your Applications … Service Bus Workflow Database Analytics Identity Contacts Access Control … Reporting … Devices … Compute Storage Manage …
.NET Services Offene Zugriffstandards 3 Fokus Themen REST, SOAP, RSS, AtomPub, … Bibliotheken für Java, PHP, Ruby, … 3 Fokus Themen Anwendungs Integration Zugriffskontrolle in verteilten Systemen Anwendungs Erweiterbarkeit
Service Bus
Enterprise Service Bus Service Orchestration Service Registry Naming Federated Identity and Access Control Messaging Fabric Point Of Sale Supply Chain CRM POS Integration Product Catalog Returns Web Store Inventory Order Entry Planning Purchasing Customers Leads Trends Campaigns
Service Orchestration Internet Service Bus Service Orchestration Service Registry Naming Federated Identity and Access Control Messaging Fabric Your Services Clients On-Premise ESB MS/3rd Party Services ESB Desktop, RIA, Web Desktop, RIA, & Web
Wer benötigt „Connectivity“? Instant Messaging/Communication App Access Control, Relay, Direct Connect Multiplayer Spiele Home Media Integration System Enterprise Integration System Access Control, VPN/VAN
Was muss man tun wenn… …man Anwendungen miteinander integrieren möchte die in verschiedenen Netzwerken zu Hause sind? unterschiedliche Benutzerverwaltungen haben? nicht immer erreichbar sind?
Connectivity Challenges IPv4 Adressraum Dynamic IP Adresszuordnung Network Address Translation (NAT) Internet voller “Bad Guys” Firewall auf Firewall auf Firewall… Network Address Translation Network Firewall Dynamic IP Machine Firewall ? Sender Receiver
Jede dieser Entscheidung bringt Risiken mit Es gibt Möglichkeiten Dynamic DNS NAT Port Mappings / UPnP Open Inbound Firewall Ports Jede dieser Entscheidung bringt Risiken mit Network Address Translation Network Firewall Dynamic IP Machine Firewall ? Sender Receiver
Federated Identity and Access Control Service Bus – Naming Federated Identity and Access Control Naming Service Registry Messaging Fabric
servicebus. windows. net Naming Scheme [http|sb]://servicebus.windows.net/services/account/svc/… Service Registry Root account svc The service registry provides a mapping from URIs to services Root servicebus. windows. net services contoso Multi-Tenant …
Service Bus – Service Registry Federated Identity and Access Control Naming Service Registry Messaging Fabric
Service Registry Registry nur für Service Endpunkte Nichts anderes Programmatischer Zugriff über Discover: Atom 1.0 feed hierarchy Publish: Atom Publishing Protocol, WS-Transfer WS-Transfer Client Service Registry AtomPub Naming
Registry Feed Structure Solution Root Feed http://servicebus.windows.net/services/solution/ Hierarchisch solution svc WS-Transfer Client Naming Root SBWN services AtomPub solution svc
Services in Registry Feeds <?xml version="1.0" encoding="utf-8"?> <feed xmlns="http://www.w3.org/2005/Atom" xmlns:wsa="http://www.w3.org/2005/08/addressing"> <title>Title</title> <link href="http://servicebus.windows.net/services/my/svc" rel="self"/> <id>urn:uuid:82a76c80-d498-12d5-b91C-0103839e0ef6</id> … <entry> <title>MyEndpoint</title> <link href="http://swn/services/my/svc/ep1"/> <id>urn:uuid:1225c695-cfb8-4ebb-aaaa-80da344efa6a</id> <wsa:EndpointReference> <wsa:Address> http://servicebus.windows.net/services/my/svc/ep1 </wsa:Address> </wsa:EndpointReference> </entry> </feed>
Service Bus – Messaging Federated Identity and Access Control Naming Service Registry Messaging Fabric
Service Bus - Messaging Aus .NET heraus: WCF Microsoft.ServiceBus Corresponding WCF Binding Service Bus Relay Binding BasicHttpBinding BasicHttpRelayBinding WebHttpBinding WebHttpRelayBinding WSHttpBinding WSHttpRelayBinding WS2007HttpBinding WS2007HttpRelayBinding WSHttpContextBinding WSHttpRelayContextBinding WS2007HttpFederationBinding WS2007HttpRelayFederationBinding NetTcpBinding NetTcpRelayBinding NetTcpContextBinding NetTcpRelayContextBinding n/a [loosely related to NetMsmqBinding] NetOnewayRelayBinding n/a [loosely related to NetTcpPeerBinding] NetEventRelayBinding
NetOnewayRelayBinding Service Bus sb://servicebus.windows.net/services/solution/a/b/ Backend Naming Routing Fabric Route Subscribe Frontend Nodes outbound connect one-way net.tcp outbound connect bidi socket NLB TCP/SSL 808/828 TCP/SSL 828 Msg Msg Sender Receiver NAT Firewall Dynamic IP
NetEventRelayBinding Service Bus sb://servicebus.windows.net/services/solution/a/b/ Backend Naming Routing Fabric Route Subscribe Frontend Nodes TCP/SSL 808/828 TCP/SSL 828 TCP/SSL 828 Msg Msg Msg outbound connect one-way net.tcp outbound connect bidi socket outbound connect bidi socket Sender Receiver Receiver
NetTcpRelayBinding / Relayed Service Bus sb://servicebus.windows.net/services/solution/a/b/ Backend Naming Routing Fabric Oneway Rendezvous Ctrl Msg Ctrl Frontend Nodes NLB 2 Ctrl Socket-Socket Forwarder 3 TCP/SSL 818 outbound socket connect outbound socket rendezvous 1 Sender Receiver 4
NetTcpRelayBinding / Hybrid Service Bus sb://servicebus.windows.net/services/solution/a/b/ Backend Naming Routing Fabric Oneway Rendezvous Ctrl Msg Frontend Nodes relayed connect relayed rendezvous NAT Probing NAT Probing TCP/SSL 818, 819 Ctrl upgrade upgrade Sender Receiver NAT Traversal Connection
[WS|Basic|Web]HttpRelayBinding Service Bus sb://servicebus.windows.net/services/solution/a/b/ Backend Naming Routing Fabric Oneway Rendezvous Ctrl Msg Ctrl Frontend Nodes NLB 2 Ctrl HTTP-Socket Forwarder 3 HTTP/S 80/443 HTTP HTTPS request outbound socket rendezvous 1 Sender Receiver 4
Service Bus Demo
Access Control
Motivation Customers/Partners ? On-premise services user *******
Motivation ? ? Cloud services 1..n Customers/Partners On-premise services user ******* (A) STS (R) STS
Scenario with the ACS Customers/Partners Your ACS Trust Trust user ******* On-premise/cloud services
Zugriff auf Services Diese Dienste nutzen den Access Control Service Microsoft SQL Data Services Username / Passwort und ein Token des Access Control Service .NET Service Bus .NET Workflow Service The Portals
Zusammenspiel Was? Wer? WF Access Control Service UI Data Your App Integrieren Orchestrieren Your Customers Your App <Any ID Provider> ServiceBus WF Live ID Users Access Control Service UI Data XYZ Domain Users Speichern
Bestandteile Portal Client API Service (STS) Frontend zum Administrieren von Anwendungen und Regeln Client API Programmierbare Schnittstelle Service (STS) Zur Verfügung gestellter STS (Shared STS) Interaktion mittels des Geneva Frameworks
Ablauf der Zugriffssicherung 3. Input Claims Output Claims wie im Regelwerk beschrieben 1. Zugriffsregeln für Kunden deklarieren .NET Access Control Service (Managed STS) 0. Cert|Secret austausch; periodisch aktualisiert 4. Token senden (RSTR) (enhält Claims von 3) 6.Claims werden überprüft 2. Claims senden (RST) Relying Party (Service Bus, Ihre Anwendung, etc.) Requestor (Ihr Kunde) 5. Nachricht senden mit Token
Access Control Demo
Workflow
Windows Workflow Foundation Tooling VS Designer VS Debugger Rehosted Designer Beschreibung eines Programmablaufs Tools/Designers Activity Library Runtime Hosts WF Runtime Workflow Activity Library Hosts IIS/WAS+ “Dublin” Workflow Service your.exe “Direct”
Workflow Service – Überblick Zuverlässiger, skalierbarer off-premises host für Workflows Portal http://workflow.ex.azure.microsoft.com Neue Aktivitäten für die Windows Azure Plattform APIs zum installieren, ausführen und betreiben von Workflows “in-the-cloud” Orchestrierung von Diensten Unternehmensübergreifende Dienste Zugriff für Kunden und Partner durch Access Control
Arbeiten mit Workflows Design Workflows Auswahl des Workflow Templates Designer unterstützt Neue Azure Activities und Subset der WF Activities Workflows installieren Upload und Validierung Verwalten von Workflow Typen Add, delete, update, view instances Verwalten von Workflow Instanzen Create, run, control, track execution
Workflow Service – Design Flow 1 Visual Studio WF Designer Design Workflows 1 Deploy Workflows 2 VS – one click deploy 2 Manage Workflow Types 3 Manage Workflow Instances 4 Your Apps & Services Workflow Portal WorkflowClient API SOAP Web Service 2 3 4 http:// Workflow & Rules XAML ServiceBus
Workflow Portal Demo
SQL Data Service
Data Model And ACE Concepts Authority Container Entity Unit of geo-location and billing Tied to DNS name Collection of Containers Unit of Consistency Scope for Query and Update Collection of Entities Unit of Storage Property Bag of Name/ Value pairs No Schema Required
Different Instance Types Concepts Entity Entity properties may differ in type and instance Property Type Value Metadata ID EntityId VWGOLF-01 Kind EntityKind Car FlexProps Description String Reliable, one owner, … Price Numeric 12000.00 ListingDate Datetime 01-01-2008 LocationZip 98052 Different Kinds Different Instance Types Property Type Value Metadata ID EntityId MINICOOPER-264 Kind EntityKind FunCar FlexProps Description String Reliable, one owner, … Price Numeric 12000.00 ListingDate 1st January, 2008 LocationZip 98052 EngineSize 1600 Additional Property
Architecture SQL Data Services Front End SQL Data Services Back End REST / SOAP REST / SOAP REST / SOAP REST / SOAP REST / SOAP REST / SOAP REST / SOAP SDS Runtime SDS Runtime SDS Runtime SDS Runtime SDS Runtime SDS Runtime SDS Runtime Data Access Lib Data Access Lib Data Access Lib Data Access Lib Data Access Lib Data Access Lib Data Access Lib Data Cluster SQL Data Services Back End Master Cluster SQL Server SQL Server SQL Server SQL Server SQL Server SQL Server SQL Server Distributed Data Fabric Distributed Data Fabric Distributed Data Fabric Distributed Data Fabric Distributed Data Fabric Distributed Data Fabric Distributed Data Fabric Mgmt. Services Mgmt. Services Mgmt. Services Mgmt. Services Mgmt. Services Mgmt. Services Mgmt. Services
SDS - Reliable Master Cluster Manager Partition Placement Advisor Data And Master Nodes SDS - Reliable Master Cluster Manager SDS – Data Nodes SDS - Back-end Partition Manager Global Partition Map SQL Server Partition Placement Advisor Leader Elector Distributed Data Fabric SQL Server Database P1 P2 P3 P4 P5 P6 Data Node 105 Data Node 104 Data Node 103 Data Node 102 Data Node 101 P6 S6 P5 S5 P3 S3 P4 S4 P1 P2 S1 S2 S2 S1
Zusammenfassung Anwendungsintegration durch den .NET Service Bus Zugriffskontrolle durch den .NET Access Control Service Wiederverwenden von Anwendungslogik durch .NET Workflow Service Melden Sie sich für den momentanen CTP an unter http://www.azure.com
Weiterführende Informationen PDC Videos BB01, BB02, BB12, BB23, BB28, BB38, BB55 Blog Posts Federating with the ACS http://www.leastprivilege.com/FederatingWithTheNETAccessControlService.aspx Other resources http://www.microsoft.com/azure/accesscontrol.mspx http://msdn.microsoft.com/en-us/library/dd129876.aspx http://dunnry.com/blog/UsingSDSWithAzureAccessControlService.aspx Blogs http://blogs.msdn.com/dparys http://www.leastprivilege.com