uma introdução ao azure appfabric
DESCRIPTION
ARC204. Pedro Félix. CCISEL [email protected]. Uma introdução ao Azure AppFabric. Azure AppFabric. Set of services Service Bus (SB) Access Control Service (ACS) Running in the cloud Based on Windows Azure Platform Providing - PowerPoint PPT PresentationTRANSCRIPT
![Page 2: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/2.jpg)
4
Azure AppFabric
• Set of services• Service Bus (SB)• Access Control Service (ACS)
• Running in the cloud• Based on Windows Azure Platform
• Providing• SB : Service Connectivity, Addressability and Discoverability• ACS : Service Access Control
![Page 3: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/3.jpg)
Service Bus
![Page 4: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/4.jpg)
6
A Scenario
CloudTrack.
FabrikamContoso
Create/view issuesView/manage issues
• Issue Tracker web app.• Cloud-based• Multi-tenant
![Page 5: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/5.jpg)
7
Connectivity challenges
CloudTrack.Notify new issue
Fetch trace data
FW, NAT, …FW, NAT, …
Create new issue
![Page 6: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/6.jpg)
8
Challenges
• Addressability and discoverability• Private addresses and Network Address Translation (NAT)• Dynamic addresses (e.g. ISP)
• Connectivity• Firewalls (denial of inbound connections)• Event distribution• Transient connectivity
![Page 7: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/7.jpg)
9
Service Bus
outbound inbound
address?
![Page 8: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/8.jpg)
10
Service Bus“All problems in computer science can be solved by another level of indirection”
Butler Lampson
inboundService Busoutbound
![Page 9: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/9.jpg)
11
Connectivity and addressability
outboundService Bus
• Relay• Service “listens” on the SB via outbound connection• Client “sends” to the SB• SB relays between client and service
sendspublic address
listens
![Page 10: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/10.jpg)
12
Naming and discovery
outboundService Bus
• Naming• Service is exposed via a public name• Local DNS binds these public names to IP addresses• Local registry describes available public names
outboundpublic name
RegistryDNS
sends listens
![Page 11: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/11.jpg)
13
Naming and discovery• Naming
• Public service namespaces• One Azure project – multiple service namespaces• {scheme}://{namespace}.servicebus.windows.net/{relpath}
• Registry• Mapping between URIs and services• Readable via HTTP+ATOM
![Page 12: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/12.jpg)
14
Demo
http://demos-pfelix.servicebus.windows.net/techdays
REST-like Services
![Page 13: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/13.jpg)
15
Buffering
outbound
• Buffering• One-way messaging• Temporal decoupling
outboundpublic name
sends listens
![Page 14: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/14.jpg)
16
Eventing (pub-sub)
outboundService Bus
• Eventing – multicast• One-way messages• Multiple listeners• Message distribution - multicast
outbound
outbound
sends listens
listens
![Page 15: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/15.jpg)
17
Demo
http://demos-pfelix.servicebus.windows.net/techdays
Publish-Subscribe
![Page 16: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/16.jpg)
18
Security
outboundService Bus
• Access Control• Both “listen” and “send” subject to access control• Programmable authorization policy, defined by ACS
• Isolation – SB is the DMZ
outbound
ACSsends listens
![Page 17: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/17.jpg)
19
WCF architecture
Transport
Client
User code
EncodingProtocolProtocol
Transport
Dispatcher
Service Impl.
EncodingProtocolProtocol
Binding element
Binding element
Binding element
Binding element
Binding
• Channel stack with transport and protocol channels• Channels described by binding elements• One binding contains several binding elements
![Page 18: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/18.jpg)
20
WCF and SB
Transport
Client
User code
EncodingProtocolProtocol
Transport
Dispatcher
Service Impl.
EncodingProtocolProtocol
Binding element
Binding element
Binding element
Binding element
Binding
ServiceBus
• New bindings• New transport channels and binding elements
• New behaviors
![Page 19: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/19.jpg)
21
Bindings
• WebHttpRelayBinding• HTTP (Web programming model)• Client interoperability
• BasicHttpRelayBinding e WS2007HttpRelayBinding• SOAP over HTTP (basic profile | WS-*)• Client interoperability
• NetTcpRelayBinding• Similar to NetTcpBinding (request-response and duplex)
• NetOnewayRelayBinding e NetEventRelayBinding• One- way w/buffering and multicast
![Page 20: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/20.jpg)
22
Binding elements
• Http(s)RelayTransportBindingElement
• TcpRelayTransportBindingElement
• RelayedOnewayTransportBindingElement
![Page 21: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/21.jpg)
Access Control Service
![Page 22: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/22.jpg)
24
Access Control Service
• Identity and access control• Distributed systems• Decentralized authority• Heterogeneous technologies
• Claims-based model• Service Bus integration
![Page 23: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/23.jpg)
25
Identity and Authorization
creds Contoso::Alice
webapp::IssueView
Contoso::LeadDev
webapp::IssueMgr
![Page 24: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/24.jpg)
26
webapp (IssueTracker)
Centralized Solution
creds Contoso::Alice
webapp::IssueView
Contoso::LeadDev
webapp::IssueMgr
MembershipProvider
RoleProvider IPrincipal.IsInRole(...)
![Page 25: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/25.jpg)
27
webapp (IssueTracker)
Decentralized Authority
creds Contoso::Alice
webapp::IssueView
Contoso::LeadDev
webapp::IssueMgr
Contoso Authority
![Page 26: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/26.jpg)
28
Contoso Identity Provider webapp
Decentralized Authority
creds Contoso::Alice
webapp::IssueView
Contoso::LeadDev
webapp::IssueMgr
Identity Directory
![Page 27: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/27.jpg)
29
Contoso webapp
Decision Enforcement
creds Contoso::Alice
webapp::IssueView
Contoso::LeadDev
webapp::IssueMgr
ServiceBus
webapp::SB.Listen
AuthorizationDecision
AuthorizationEnforcement
IdentityInformation
![Page 28: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/28.jpg)
30
webappAccess Control ServiceContoso
Access Control Service
credsContoso::LeadDev
Alice
webapp::IssueView
SBwebapp::SB.Listen
Identity Provider Authorization DecisionAuthorization Enforcement
![Page 29: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/29.jpg)
31
Demo
MembershipAccess Control
Service
WIF
LeadDevAlice
Listen
WIF
WS-Trust
WRAP
Service Bus
SAML
SWT
username+
password
![Page 30: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/30.jpg)
32
Access Control Service
• Claims-based Identity and Access Control• Claims transformer (“claims in, claims out”)
• Consumes claims from federated issuers• Provides claims to applications and services
• Rule based issuance policy• Rule: If has claim1 then output claim2
• Not an identity provider• Does not manage user’s identities
![Page 31: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/31.jpg)
33
Protocols and technologies
• AppFabric 1.0• OAuth WRAP (Web Resource Authorization Protocol)• Simple Web Token
• Future (and past)?• WS-Federation – “passive” (browser based) federation• WS-Trust – “active” (SOAP based) federation• LiveID integration
![Page 32: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/32.jpg)
34
WRAP
Client Protected Resource
IdentityProvider
Bearer Token with authorization claims API
Authorization Server
Bearer Token with
authorization claims
Identity :
username + shared secret
SWT token
SAML token
![Page 33: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/33.jpg)
35
WRAP and SWT• Simple Web Token (SWT)
• Form encoded name-value pairs• HMAC-SHA-256 symmetric signature
• WRAP token request• HTTP POST• username+password or authentication assertion (e.g. SAML)
• WRAP protected client call• HTTP header (Authorization: WRAP access_token = “…”)• GET or POST parameter (wrap_access_token = “…”)
![Page 34: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/34.jpg)
36
Finally …
• Service Bus• Connectivity• Addressability and discoverability• Eventing• Buffering
• Access Control Service• Authorization Decision Point
• For Service Bus• For other services, both cloud or on-premises
• Flexible claims based policy
![Page 35: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/35.jpg)
Q & A
![Page 36: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/36.jpg)
A sua opinião é importante!Complete o questionário de avaliação e devolva-o à saida.
![Page 37: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/37.jpg)
![Page 38: Uma introdução ao Azure AppFabric](https://reader036.vdocuments.site/reader036/viewer/2022062502/56816391550346895dd4867f/html5/thumbnails/38.jpg)