470 likes | 616 Views
.NET Services. Architects Council 27.01.2009. Dariusz Parys Developer Evangelist Developer Platform and Strategy Group Microsoft Deutschland GmbH. Kontakt. Email dparys@microsoft.com Blog http://blogs.msdn.com/dparys IM developerevangelist@live.com. Dienste in Azure.
E N D
.NET Services Architects Council 27.01.2009 • Dariusz Parys Developer Evangelist Developer Platform and Strategy Group Microsoft Deutschland GmbH
Kontakt • Email • dparys@microsoft.com • Blog • http://blogs.msdn.com/dparys • IM • developerevangelist@live.com
Dienste in Azure Your Applications … ServiceBus Workflow Database Analytics Identity Contacts AccessControl … Reporting … Devices … Compute Storage Manage …
.NET Services • Offene Zugriffstandards • REST, SOAP, RSS, AtomPub, … • Bibliotheken für Java, PHP, Ruby, … • 3 Fokus Themen • Anwendungs Integration • Zugriffskontrolle in verteilten Systemen • Anwendungs Erweiterbarkeit
Enterprise Service Bus Service Orchestration Federated Identity and Access Control Naming Service Registry Messaging Fabric CRM Point Of Sale Supply Chain Leads Order Entry Product Catalog Inventory Customers POS Integration Trends Planning Returns Campaigns Purchasing Web Store
Internet Service Bus Service Orchestration Federated Identity and Access Control Naming Service Registry Messaging Fabric Your Services Clients On-Premise ESB MS/3rd Party Services ESB Desktop, RIA, Web Desktop, RIA, & Web
Wer benötigt „Connectivity“? • Instant Messaging/Communication App • Access Control, Relay, Direct Connect • Multiplayer Spiele • Access Control, Relay, Direct Connect • Home Media Integration System • Access Control, Relay, Direct Connect • Enterprise Integration System • Access Control, VPN/VAN
Was muss man tun wenn… • …man Anwendungen miteinander integrieren möchte die • in verschiedenen Netzwerken zu Hause sind? • unterschiedliche Benutzerverwaltungen haben? • nicht immer erreichbar sind?
Connectivity Challenges • IPv4 Adressraum • Dynamic IP Adresszuordnung • Network Address Translation (NAT) • Internet voller “Bad Guys” • Firewall auf Firewall auf Firewall… Network Address Translation Network Firewall Dynamic IP Machine Firewall ? Sender Receiver
Es gibt Möglichkeiten • Dynamic DNS • NAT Port Mappings / UPnP • Open Inbound Firewall Ports JededieserEntscheidungbringtRisikenmit Network Address Translation Network Firewall Dynamic IP Machine Firewall ? Sender Receiver
Service Bus – Naming Federated Identity and Access Control Naming Service Registry Messaging Fabric
Naming Scheme [http|sb]://servicebus.windows.net/services/account/svc/… Service Registry Root account svc The service registry provides a mapping from URIs to services servicebus.windows.net services Root contoso Multi-Tenant …
Service Bus – Service Registry Federated Identity and Access Control Naming Service Registry Messaging Fabric
Service Registry • Registry nurfür Service Endpunkte • Nichtsanderes • ProgrammatischerZugriffüber • Discover: Atom 1.0 feed hierarchy • Publish: Atom Publishing Protocol, WS-Transfer WS-Transfer Client Service Registry AtomPub Naming
Registry Feed Structure • Solution Root Feed • http://servicebus.windows.net/services/solution/ • Hierarchisch solution svc WS-Transfer Client SBWN services Naming Root AtomPub solution svc
Services in Registry Feeds • <?xml version="1.0" encoding="utf-8"?><feed xmlns="http://www.w3.org/2005/Atom"xmlns:wsa="http://www.w3.org/2005/08/addressing"> <title>Title</title> <link href="http://servicebus.windows.net/services/my/svc"rel="self"/> <id>urn:uuid:82a76c80-d498-12d5-b91C-0103839e0ef6</id> … <entry> <title>MyEndpoint</title> <link href="http://swn/services/my/svc/ep1"/> <id>urn:uuid:1225c695-cfb8-4ebb-aaaa-80da344efa6a</id> <wsa:EndpointReference> <wsa:Address> http://servicebus.windows.net/services/my/svc/ep1 </wsa:Address> </wsa:EndpointReference> </entry> </feed>
Service Bus – Messaging Federated Identity and Access Control Naming Service Registry Messaging Fabric
Service Bus - Messaging • Aus .NET heraus: WCF • Microsoft.ServiceBus
NetOnewayRelayBinding Service Bus sb://servicebus.windows.net/services/solution/a/b/ BackendNaming RoutingFabric Route Subscribe Frontend Nodes NLB TCP/SSL 808/828 TCP/SSL 828 outbound connect one-way net.tcp outbound connect bidi socket Msg Msg Sender Receiver NATFirewallDynamic IP
NetEventRelayBinding Service Bus sb://servicebus.windows.net/services/solution/a/b/ BackendNaming RoutingFabric Route Subscribe Frontend Nodes TCP/SSL 808/828 TCP/SSL 828 TCP/SSL 828 outbound connect one-way net.tcp outbound connect bidi socket outbound connect bidi socket Msg Msg Msg Sender Receiver Receiver
NetTcpRelayBinding / Relayed Service Bus sb://servicebus.windows.net/services/solution/a/b/ BackendNaming RoutingFabric Oneway RendezvousCtrl Msg Frontend Nodes Ctrl 2 NLB 3 TCP/SSL 818 outbound socket rendezvous outbound socket connect 1 Socket-SocketForwarder Ctrl Sender Receiver 4
NetTcpRelayBinding / Hybrid Service Bus sb://servicebus.windows.net/services/solution/a/b/ BackendNaming RoutingFabric Oneway RendezvousCtrl Msg Frontend Nodes TCP/SSL 818, 819 NAT Probing NAT Probing relayed connect relayed rendezvous upgrade Ctrl upgrade Sender Receiver NAT Traversal Connection
[WS|Basic|Web]HttpRelayBinding Service Bus sb://servicebus.windows.net/services/solution/a/b/ BackendNaming RoutingFabric Oneway RendezvousCtrl Msg Frontend Nodes Ctrl 2 NLB 3 HTTP/S80/443 outbound socket rendezvous HTTPHTTPSrequest 1 HTTP-SocketForwarder Ctrl Sender Receiver 4
Motivation Customers/Partners ? On-premiseservices user *******
Motivation Cloudservices 1..n Customers/Partners ? ? On-premiseservices user ******* (A) STS (R) STS
Scenario withthe ACS Customers/Partners Your ACS Trust Trust user ******* On-premise/cloudservices
Zugriff auf Services • DieseDienstenutzen den Access Control Service • Microsoft SQL Data Services • Username / Passwort und ein Token des Access Control Service • .NET Service Bus • .NET Workflow Service • The Portals
Zusammenspiel Was? Integrieren Wer? Orchestrieren Your Customers Your App <Any ID Provider> ServiceBus WF Access Control Service Live ID Users UI Data XYZ Domain Users Speichern
Bestandteile • Portal • Frontend zumAdministrieren von Anwendungen und Regeln • Client API • ProgrammierbareSchnittstelle • Service (STS) • ZurVerfügunggestellter STS (Shared STS) • Interaktionmittels des Geneva Frameworks
Ablauf der Zugriffssicherung 3. Input Claims Output Claims wieimRegelwerkbeschrieben 1. ZugriffsregelnfürKundendeklarieren .NET Access Control Service (Managed STS) 0. Cert|Secretaustausch; periodischaktualisiert 4. Token senden (RSTR) (enhält Claims von 3) 6.Claims werdenüberprüft 2. Claims senden (RST) Relying Party (Service Bus, IhreAnwendung, etc.) Requestor (IhrKunde) 5. Nachrichtsenden mit Token
Windows Workflow Foundation Workflow • BeschreibungeinesProgrammablaufs • Tools/Designers • Activity Library • Runtime • Hosts Activity Library WF Runtime Tooling VS Designer VS Debugger Rehosted Designer Hosts IIS/WAS+ “Dublin” Workflow Service your.exe “Direct”
Workflow Service – Überblick Zuverlässiger, skalierbarer off-premises host für Workflows • Portal http://workflow.ex.azure.microsoft.com • NeueAktivitätenfür die Windows Azure Plattform • APIs zuminstallieren, ausführen und betreiben von Workflows “in-the-cloud” • Orchestrierung von Diensten • UnternehmensübergreifendeDienste • ZugrifffürKunden und Partner durch Access Control
Arbeitenmit Workflows • Design Workflows • Auswahl des Workflow Templates • Designer unterstützt • Neue Azure Activities und Subset der WF Activities • Workflows installieren • Upload und Validierung • Verwalten von Workflow Typen • Add, delete, update, view instances • Verwalten von Workflow Instanzen • Create, run, control, track execution
Workflow Service – Design Flow 1 Design Workflows Visual Studio WF Designer 1 2 Deploy Workflows VS – one click deploy 3 Manage Workflow Types Your Apps & Services 2 4 Manage Workflow Instances 2 http:// 3 4 • Workflow Portal • WorkflowClient API • SOAP Web Service Workflow & Rules XAML ServiceBus
Unit ofgeo-location and billing Tied toDNS name Collectionof Containers Data Model And ACE Concepts Authority Container Entity • Unit of Consistency • Scope for Query and Update • Collectionof Entities • Unit of Storage • Property Bagof Name/Value pairs • No Schema Required
Entity properties may differ in type and instance ConceptsEntity DifferentKinds DifferentInstanceTypes Additional Property
Architecture SQL Data Services Front End REST / SOAP REST / SOAP REST / SOAP REST / SOAP REST / SOAP REST / SOAP REST / SOAP SDS Runtime SDS Runtime SDS Runtime SDS Runtime SDS Runtime SDS Runtime SDS Runtime Data Access Lib Data Access Lib Data Access Lib Data Access Lib Data Access Lib Data Access Lib Data Access Lib Master Cluster Data Cluster SQL Data Services Back End SQL Server SQL Server SQL Server SQL Server SQL Server SQL Server SQL Server Distributed Data Fabric Distributed Data Fabric Distributed Data Fabric Distributed Data Fabric Distributed Data Fabric Distributed Data Fabric Distributed Data Fabric Mgmt. Services Mgmt. Services Mgmt. Services Mgmt. Services Mgmt. Services Mgmt. Services Mgmt. Services
Data And Master Nodes SDS - Back-end SDS - Reliable Master Cluster Manager Partition Manager Partition Placement Advisor SQL Server SQL Server Global Partition Map Leader Elector Database P1 Distributed Data Fabric P2 SDS – Data Nodes P3 Data Node 102 Data Node 103 Data Node 104 P4 P5 Data Node 101 Data Node 105 P6 S5 P3 P1 P2 S1 P5 S6 S5 S2 S2 P6 S6 P4 S4 S1 S3 P3 S4
Zusammenfassung • Anwendungsintegration durch den .NET Service Bus • Zugriffskontrolle durch den .NET Access Control Service • Wiederverwenden von Anwendungslogik durch .NET Workflow Service • Melden Sie sich für den momentanen CTP an unter • http://www.azure.com
Weiterführende Informationen • PDC Videos • BB01, BB02, BB12, BB23, BB28, BB38, BB55 • Blog Posts • Federatingwiththe ACShttp://www.leastprivilege.com/FederatingWithTheNETAccessControlService.aspx • Other resources • http://www.microsoft.com/azure/accesscontrol.mspx • http://msdn.microsoft.com/en-us/library/dd129876.aspx • http://dunnry.com/blog/UsingSDSWithAzureAccessControlService.aspx • Blogs • http://blogs.msdn.com/dparys • http://www.leastprivilege.com