christian weyer [email protected] thinktecture
TRANSCRIPT
Our Way Through The Sky
Introduction & Motivation for ISBExtending a simple WCF serviceIdentity, Authentication, AuthorizationApplication ScenariosMessaging Options Summary
2
S+S
Service Delivery
SaaS
Service Composition
SOA
Service Experience
Web 2.0
Service ……
Services
Software+
Internet Service Bus – Why Again?
Software+Services seems to me like „SOA done the right way“, franklyIncreasing need to build and enable composite applications in a service-oriented mannerSome solutions look for easy connectivityProvide value add with advanced messaging optionsStrong focus on identity, authentication and authorization required4
Imagine…
5
Bond Price
Form
at A
Form
at B
Ente
rpri
se X
Imagine again…
6
Bond Price Trade
Form
at A
Form
at B
Form
at C
Ente
rpri
se X
Still imagine…
7
Bond Price Trade
Form
at A
Form
at B
Form
at C
Ente
rpri
se X
Enterprise Service Bus Pattern
8
Form
at A
Form
at B
Form
at C
XML XML XML
Enterprise Service Bus
Ente
rpri
se X
Bond Price Trade
And now imagine…
9
Ente
rpri
se X Fo
rmat
A
Form
at B
Form
at C
BOND PRICE TRADE
XML XML XML
Internet Service Bus
Microsoft “Biztalk Services”
Can you still imagine…?
10Application 1 Application 2
Form
at A
Form
at B
XML XML
Internet Service Bus
Microsoft “Biztalk Services”
Bank
A
Bank
A
Finally, imagine…
11Application 1 Application 2
Form
at A
Form
at B
XML XML
Internet Service Bus
Microsoft “Biztalk Services”
Market Data
Publish
SubscribeSubscribe
XML
Bank
A
It looks reasonable, doesn‘t it?
12Application 1 Application 2
Form
at A
Form
at B
XML XML
Internet Service Bus
Microsoft “Biztalk Services”
Market Data
Publish
SubscribeSubscribe
XML
Subscribe
Publish
Possible ISB Usage Scenarios
Syndication
Peer-To-Peer
Callbacks, Notifications
Multicasting, Pub/Sub
Remote Control
Prototyping, Testing
13
C I
AC
on
fidenti
alit
y, In
tegri
ty, A
uth
en
tici
ty
„Biztalk Services“ Demystified
Codename „Biztalk Services“ is the current incarnation of the ISBProvides several services in the cloud, currently
Identity Management, STSConnectivity, RelayingWorkflow (just not yet)
Enter the ISB at http://labs.biztalk.net/Developers (and architects) can grab an SDK
WCF-based, leveraging standardsCustom bindings and behaviors
14
ServiceClient
RelayedConnection
Connect Open
Authenticate
Authenticate
1
3
24
Identity Service
Connectivity Service
Trust
“Biztalk Services”
Relay Binding
15
DirectConnection(optional)
5
6
RelayBinding In Code
ITokenProvider tokenProvider = new CardSpaceTokenProvider();
ServiceEndpoint ehep = echoHost.AddServiceEndpoint( typeof(IEcho), new RelayBinding( RelayConnectionMode.RelayedDuplex), "sb://connect.biztalk.net/ services/thinktecture/Echo");
ehep.Behaviors.Add(tokenProvider);
RelayBinding In Config
<endpoint address="sb://connect.biztalk.net/ services/thinktecture/Echo" contract="IEcho" binding="relayBinding" bindingConfiguration="myRelay" />…<bindings> <relayBinding> <binding name="myRelay" connectionMode="RelayedDuplex" /> </relayBinding></bindings>
Security Risk Model
Frankly, in some big shops the relay binding is to date a reason to get fired
There is a reason for the DMZ
You expose your very own machine to the outsideCustomers need to be aware of this different security risk model
Integrate risk model into analysis phase
IMO, we will need guidance and tools to properly set up and configure networks for working with the relay
Maybe also leverage different technologies, like Teredo or UPnP
18
Identity & Claims-Based Acess Rules
Authentication through username/password or information card„Biztalk Services“ implements a Secure Token Service (STS) based on WS-Trust specification
Feel the future of ADAuthorization based on powerful & flexible claims-based model
Configure through web frontendConfigure through API in SDK
19
Relay & Identity Message Interaction
20
Identity
Relay
ServiceClien
t
GetToken()GetToken()
Connecthttp://relay.biztalk.net/services/tt/
Relay cert registered w/STS
Openhttp://relay.biztalk.net/services/tt/
Scenario I
Duplex Communication & Notifications
ProblemConsumers want to be notified of new dataNo polling, but rather proactive push messaging desiredNATs and firewalls in the way (by design )
SolutionExpose duplex contract through relay bindingService can publish new data through the ISB‘s addressISB securely dispatches messages appropriately to the callback endpoints
21
Scenario II
Multicasting
ProblemMultiple (n) receivers want to receive messagesSender(s) does not want to send n messages and maintain list of receiversNATs and firewalls in the way (by design)
SolutionLet the ISB do the maintenance of receivers Sender send one message to the ISB – the ISB send n messages to n receivers
22
Biztalk Services
(Cloud)
………
Send:sb://.../traffic
Listen:sb://.../traffic
Listen:sb://.../traffic
Multicasting
23
Scenario III
Multicast Publish & Subscribe
ProblemWe have m publishers and n subscribersNeed for infrastructure to handle these message exchangesSimilar to pure multicasting scenarioNATs and firewalls in the way (by design)
Solutionm publishers send to multicast address at ISBn subscribers listen to mulitcast address at ISBISB does the hard work of correlation and dispatching
24
Where Are We? Where Is The ISB?
„Biztalk Services“ is an incubation project
There will be a V1 of the ISB…Of course, there are still missing parts today, e.g.:
Store and forwardBroader platforms supportReally federated identity
I am sure we will see improved feature support in upcoming releases
Keep track and watch http://labs.biztalk.net/25
Summary
Leveraging the cloud for composite applications can be a winner
Powerful messaging optionsEnabling otherwise-hard-to-realize scenarios
Internet Service Bus can handle connectivity, authentication, authorization, messaging and other connected systems aspectsThink about security risk model„Biztalk Services“ incubation project shows the path to a real ISB – with a real name 26
Resources
Email Christian [email protected]
Weblog Christian Weyerhttp://blogs.thinktecture.com/cweyer
thinktecturehttp://www.thinktecture.com
27
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.