net services architects council 27.01.2009 dariusz parys developer evangelist developer platform and...
Post on 06-Apr-2015
113 Views
Preview:
TRANSCRIPT
.NET ServicesArchitects Council 27.01.2009
Dariusz ParysDeveloper Evangelist
Developer Platform and Strategy GroupMicrosoft Deutschland GmbH
Kontakt
• Email • dparys@microsoft.com
• Blog• http://blogs.msdn.com/dparys
• IM • developerevangelist@live.com
Dienste in Azure
ServiceBus
AccessControl
Workflow
…
Database
Reporting
Analytics
…
Compute Storage Manage
Identity
Devices
Contacts
…
…
…
Your Applications
.NET Services
• Offene Zugriffstandards–REST, SOAP, RSS, AtomPub, …–Bibliotheken für Java, PHP, Ruby, …
• 3 Fokus Themen–Anwendungs Integration–Zugriffskontrolle in verteilten Systemen–Anwendungs Erweiterbarkeit
Service Bus
Enterprise Service Bus
Service Orchestration
Service Registry
NamingFederated Identity and
Access Control Messaging Fabric
CRM
Customers Leads
TrendsCampaigns
Supply Chain
Inventory Order Entry
PlanningPurchasing
Point Of Sale
POS Integration
Product Catalog
ReturnsWeb Store
Internet Service Bus
Service Orchestration
Service Registry
NamingFederated Identity and
Access Control Messaging Fabric
Clients MS/3rd Party ServicesOn-Premise ESB
ESBDesktop, RIA, Web
Desktop, RIA, & Web
Your Services
• Instant Messaging/Communication App– Access Control, Relay, Direct Connect
• Multiplayer Spiele– Access Control, Relay, Direct Connect
• Home Media Integration System– Access Control, Relay, Direct Connect
• Enterprise Integration System– Access Control, VPN/VAN
Wer benötigt „Connectivity“?
Was muss man tun wenn…
• …man Anwendungen miteinander integrieren möchte die
– in verschiedenen Netzwerken zu Hause sind?
– unterschiedliche Benutzerverwaltungen haben?
– nicht immer erreichbar sind?
• IPv4 Adressraum– Dynamic IP Adresszuordnung– Network Address Translation (NAT)
• Internet voller “Bad Guys”– Firewall auf Firewall auf Firewall…
Connectivity Challenges
Sender Receiver?Machine Firewall
Network Firewall
Network Address Translation
Dynamic IP
• Dynamic DNS• NAT Port Mappings / UPnP• Open Inbound Firewall Ports
Es gibt Möglichkeiten
Sender Receiver?Machine Firewall
Network Firewall
Network Address Translation
Dynamic IP
Jede dieser Entscheidung bringt Risiken mit
Service Bus – Naming
Service Registry
NamingFederated
Identity and Access Control
Messaging Fabric
Naming Scheme
[http|sb]://servicebus.windows.net/services/account/svc/…
Rootservicebus.windows.
net
services
account
contoso
…
svc
Service Registry Root
Multi-Tenant
The service registry provides a mapping from URIs to services
Service Bus – Service Registry
Service Registry
NamingFederated
Identity and Access Control
Messaging Fabric
Service Registry
• Registry nur für Service Endpunkte– Nichts anderes
• Programmatischer Zugriff über– Discover: Atom 1.0 feed hierarchy– Publish: Atom Publishing Protocol,
WS-Transfer
Naming
Service Registry
ClientAtomPub
WS-Transfer
Registry Feed Structure
• Solution Root Feed– http://servicebus.windows.net/services/solution/
– Hierarchisch
Naming
RootSBWN
services
svc
solution
svc
solution
Client
AtomPub
WS-Transfer
Services in Registry Feeds
• <?xml version="1.0" encoding="utf-8"?><feed xmlns="http://www.w3.org/2005/Atom" xmlns:wsa="http://www.w3.org/2005/08/addressing"> <title>Title</title> <link href="http://servicebus.windows.net/services/my/svc" rel="self"/> <id>urn:uuid:82a76c80-d498-12d5-b91C-0103839e0ef6</id> … <entry> <title>MyEndpoint</title> <link href="http://swn/services/my/svc/ep1"/> <id>urn:uuid:1225c695-cfb8-4ebb-aaaa-80da344efa6a</id> <wsa:EndpointReference> <wsa:Address> http://servicebus.windows.net/services/my/svc/ep1 </wsa:Address> </wsa:EndpointReference> </entry> </feed>
Service Bus – Messaging
Service Registry
NamingFederated
Identity and Access Control
Messaging Fabric
• Aus .NET heraus: WCF–Microsoft.ServiceBus
Service Bus - Messaging
Corresponding WCF Binding Service Bus Relay Binding
BasicHttpBinding BasicHttpRelayBinding
WebHttpBinding WebHttpRelayBinding
WSHttpBinding WSHttpRelayBinding
WS2007HttpBinding WS2007HttpRelayBinding
WSHttpContextBinding WSHttpRelayContextBinding
WS2007HttpFederationBinding WS2007HttpRelayFederationBinding
NetTcpBinding NetTcpRelayBinding
NetTcpContextBinding NetTcpRelayContextBindingn/a [loosely related to NetMsmqBinding] NetOnewayRelayBindingn/a [loosely related to NetTcpPeerBinding] NetEventRelayBinding
NetOnewayRelayBinding
Service Bus
Sender Receiver
sb://servicebus.windows.net/services/solution/a/b/
outb
ound
con
nect
one
-way
net
.tcp TCP/
SSL 828
BackendNamingRoutingFabric
Frontend
Nodes TCP/SSL 808/82
8
outbound connect bidi socket
Msg Msg
NATFirewallDynamic IP
Subscribe
Route
NLB
NetEventRelayBinding
Service Bus
Sender Receiver
sb://servicebus.windows.net/services/solution/a/b/
outbound connect bidi socketoutb
ound
con
nect
one
-way
net
.tcp TCP/
SSL 828
BackendNamingRoutingFabric
Frontend
Nodes TCP/SSL 808/82
8
Msg Msg
Subscribe
Route
Receiver
outbound connect bidi socketTCP/SSL 828
Msg
NetTcpRelayBinding / Relayed
Service Bus
Sender Receiver
sb://servicebus.windows.net/services/solution/a/b/BackendNamingRoutingFabric
Frontend
Nodes
Ctrl
1
2
3
4
Socket-SocketForwarderou
tbou
nd
sock
et
connec
t
outbound
socket
rendezvous
Ctrl
TCP/SSL 818
OnewayRendezvo
usCtrl Msg
NLB
NetTcpRelayBinding / Hybrid
Service Bus
Sender Receiver
sb://servicebus.windows.net/services/solution/a/b/BackendNamingRoutingFabric
Frontend
Nodes
Ctrl
rela
yed
connec
t
OnewayRendezvo
usCtrl Msg
relayed
rendezvous
TCP/SSL 818, 819
NAT
Pro
bin
g
NAT
Prob
ing
NAT Traversal Connection
upgra
de
upgrade
[WS|Basic|Web]HttpRelayBinding
Service Bus
Sender Receiver
sb://servicebus.windows.net/services/solution/a/b/BackendNamingRoutingFabric
Frontend
Nodes
Ctrl
1
2
3
4
HTTP-SocketForwarder
HTTP
HTTPS
reques
t
outbound
socket
rendezvous
Ctrl
HTTP/S80/443
OnewayRendezvo
usCtrl Msg
NLB
Service Bus Demo
Access Control
Motivation
On-premise services
Customers/Partners
user*******
?
Motivation
On-premise services
Customers/Partners
user*******
(A) STS
(R) STS
??
Cloud services
1..n
Scenario with the ACS
On-premise/cloud services
Customers/Partners
user*******
Your ACSTrust
Trust
• Diese Dienste nutzen den Access Control Service
• Microsoft SQL Data Services– Username / Passwort und ein Token
des Access Control Service• .NET Service Bus• .NET Workflow Service• The Portals
Zugriff auf Services
Zusammenspiel
Your CustomersYour App
Acc
ess
C
on
trol
Serv
ice
<Any ID Provider>
Live ID Users
XYZ Domain Users
Wer? Was?
UI
Integrieren
ServiceBus
Orchestrieren
Speichern
WF
Data
• Portal– Frontend zum Administrieren von
Anwendungen und Regeln• Client API– Programmierbare Schnittstelle
• Service (STS)– Zur Verfügung gestellter STS (Shared
STS)– Interaktion mittels des Geneva
Frameworks
Bestandteile
Ablauf der Zugriffssicherung
.NET Access Control Service(Managed STS)
Relying Party
(Service Bus, Ihre
Anwendung, etc.)
2. Claims senden
(RST)4. Token senden (RSTR)
(enhält Claims von 3)
5. Nachricht sendenmit Token
0. Cert|Secret austausch; periodisch aktualisiert
Requestor(Ihr Kunde)
1. Zugriffsregeln für Kunden deklarieren
6.Claims werden überprüf
t
3. Input Claims Output Claimswie im Regelwerk beschrieben
Access Control Demo
Workflow
WF Runtime
• Beschreibung einesProgrammablaufs
• Tools/Designers• Activity Library• Runtime• Hosts
Windows Workflow Foundation Tooling
VS DesignerVS
DebuggerRehosted Designer
Workflow
Activity Library
IIS/WAS+“Dublin”
WorkflowService
your.exe“Direct”
Hosts
• Portal http://workflow.ex.azure.microsoft.com
• Neue Aktivitäten für die Windows Azure Plattform
• APIs zum installieren, ausführen und betreiben von Workflows “in-the-cloud”
• Orchestrierung von Diensten – Unternehmensübergreifende Dienste– Zugriff für Kunden und Partner durch
Access Control
Workflow Service – ÜberblickZuverlässiger, skalierbarer off-premises host
für Workflows
• Design Workflows– Auswahl des Workflow Templates– Designer unterstützt– Neue Azure Activities und Subset der
WF Activities• Workflows installieren– Upload und Validierung
• Verwalten von Workflow Typen– Add, delete, update, view instances
• Verwalten von Workflow Instanzen– Create, run, control, track execution
Arbeiten mit Workflows
Workflow Service – Design Flow
Workflow & Rules XAML
1Visual Studio WF Designer
Your Apps & Services
http://
ServiceBus•Workflow Portal•WorkflowClient API•SOAP Web Service
2 3 4
Design Workflows1
Deploy Workflows2
Manage Workflow Instances4
Manage Workflow Types32
VS – one click deploy
Workflow Portal Demo
SQL Data Service
Data Model And ACE Concepts
• Unit ofgeo-location and billing
• Tied toDNS name
• Collectionof Containers
Authority Container Entity
Unit of Consistency
Scope for Query and Update
Collectionof Entities
Unit of Storage
Property Bagof Name/Value pairs
No Schema Required
ConceptsEntity
Entity properties may differ in type and instanceProperty Type Value
Metadata
ID EntityId VWGOLF-01
Kind EntityKind
Car
FlexProps
Description
String Reliable, one owner, …
Price Numeric 12000.00
ListingDate
Datetime 01-01-2008
LocationZip
String 98052Property Type Value
Metadata
ID EntityId MINICOOPER-264
Kind EntityKind
FunCar
FlexProps
Description
String Reliable, one owner, …
Price Numeric 12000.00
ListingDate
String 1st January, 2008
LocationZip
String 98052
EngineSize
Numeric 1600
DifferentKinds
DifferentInstance
Types
Additional Property
Architecture
Data Access
Lib
SDS Runtim
e
REST / SOAP
Data Access
Lib
SDS Runtim
e
REST / SOAP
Data Access
Lib
SDS Runtim
e
REST / SOAP
Data Access
Lib
SDS Runtim
e
REST / SOAP
Data Access
Lib
SDS Runtim
e
REST / SOAP
Data Access
Lib
SDS Runtim
e
REST / SOAP
Data Access
Lib
SDS Runtim
e
REST / SOAP
Mgmt. Services
Distributed
Data Fabric
SQL Server
Mgmt. Services
Distributed
Data Fabric
SQL Server
Mgmt. Services
Distributed
Data Fabric
SQL Server
Mgmt. Services
Distributed
Data Fabric
SQL Server
Mgmt. Services
Distributed
Data Fabric
SQL Server
Mgmt. Services
Distributed
Data Fabric
SQL Server
Mgmt. Services
Distributed
Data Fabric
SQL Server
SQL Data Services Front End
SQL Data Services Back EndMaster ClusterData Cluster
SDS - Reliable Master Cluster Manager
SDS – Data Nodes
SDS - Back-end
SQL Server
Database
Data And Master Nodes
Data Node 105
Data Node 104
Data Node 103
Data Node 102
Data Node 101
P1
S1
P2S2
S1S2
P6 S6P5
S5S6
P3
S5
S3
P3
P4 S4S4
P1P2P3P4P5P6
Partition
ManagerGlobal
Partition Map
SQL Serve
r
Partition
Placement
Advisor
Leader Elector
Distributed Data Fabric
Zusammenfassung
• Anwendungsintegration durch den .NET Service Bus• Zugriffskontrolle durch den .NET Access
Control Service• Wiederverwenden von Anwendungslogik
durch .NET Workflow Service
• Melden Sie sich für den momentanen CTP an unter • http://www.azure.com
Weiterführende Informationen
• PDC Videos–BB01, BB02, BB12, BB23, BB28, BB38, BB55
• Blog Posts– Federating with the ACS
http://www.leastprivilege.com/FederatingWithTheNETAccessControlService.aspx
• Other resources– http://www.microsoft.com/azure/accesscontrol.mspx– http://msdn.microsoft.com/en-us/library/dd129876.aspx– http://dunnry.com/blog/UsingSDSWithAzureAccessControlService.aspx
• Blogs– http://blogs.msdn.com/dparys– http://www.leastprivilege.com
top related