1 / 37

Architecture of the .NET Services

Architecture of the .NET Services. John Shewchuk Dennis Pilarinos Microsoft Corporation. Azure ™ Services Platform. A Look Inside Azure. Your Applications. …. Service Bus. Workflow. Database. Analytics. Identity. Contacts. Access Control. …. Reporting. …. Devices. …. Compute.

leon
Download Presentation

Architecture of the .NET Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Architecture of the .NET Services John Shewchuk Dennis Pilarinos Microsoft Corporation

  2. Azure™ Services Platform

  3. A Look Inside Azure Your Applications … ServiceBus Workflow Database Analytics Identity Contacts AccessControl … Reporting … Devices … Compute Storage Manage …

  4. .NET Services • Extending .NET technologies to the cloud • Open and accessible • REST, SOAP, RSS, AtomPub, … • Class libraries for Java, PHP, Ruby, … • Easy-to-use from .NET – skills move forward • Initial focus on three key developer challenges • Application integration • Access control in a federated world • Application extensibility

  5. Service Bus • Key developer challenges • Want to make it easy and secure for partners to use your application • Don’t always know the characteristics or scale of the integration • Partners / customers / users have devices and services running behind firewalls • Approach • Provide a high-scale, high-available “Service Bus” that supports open Internet protocols

  6. Service Bus • The Internet Service Bus pattern • Service Registry • Connectivity (Relay & Direct Connect) • Publish/Subscribe • Nitty Gritty • Bindings • Ensuring connectivity • Integration with Access Control

  7. Service Bus Application Pattern Service Orchestration Federated Identity and Access Control Naming Service Registry Messaging Fabric Your Service Clients On-Premises Cloud Services Desktop, RIA, Web Compute Storage ESB Desktop, RIA, Web Desktop, RIA, & Web … Billing Corp Service

  8. Service Registry [http|sb]://servicebus.windows.net/services/account/svc/… Service Registry Root account svc The service registry provides a mapping from URIs to services servicebus.windows.net services Root contoso Multi-Tenant …

  9. Connectivity • Two key capabilities • Relay • Direct connect • Relay • Ensure applications connect • Available to all via the service registry • Direct connect • Uses the relay to establish communication • Then shortcuts for efficiency • Available via HTTP / REST / ATOM • Available in .NET via WCF Bindings

  10. One-Way Connection Relay sb://servicebus.windows.net/services/user/service/endpoint Outbound SSL-Secured TCP 828Connection to Relay Rendezvous Endpoint One-Way Messagesthrough TCP Tunnel Sender Receiver

  11. Direct Connections sb://servicebus.windows.net/services/user/service/endpoint Relay - Outbound SSL-Secured TCP 828Connection to Relay - Out-of-Band Protocol to negotiate Direct Connection Sender Receiver Upgrade to Direct when possible

  12. Publish/Subscribe • Builds on the relay and direct connect connectivity capabilities • Initial release is “connected multicast” • Over time will provide additional delivery characteristics – anycast, reliable, …

  13. Multicast Publish/Subscribe Relay sb://servicebus.windows.net/services/user/service/endpoint Outbound SSL-Secured TCP 828Connection to Relay Rendezvous Endpoint One-Way Messagesthrough TCP Tunnel Sender Receiver Receiver Receiver Receiver

  14. Service Bus • The Internet Service Bus pattern • Service Registry • Connectivity (Relay & Direct Connect) • Publish/Subscribe • Nitty Gritty • Bindings • Ensuring connectivity • Integration with Access Control

  15. Rich Set of Connectivity Bindings

  16. RFC2616-Compliance Relay http://servicebus.windows.net/services/user/service/endpoint Only 2 concurrent connections per domain 2 concurrent polling clients starve dual reply-to path RFC2616 compliant HTTP stack Sender Receiver

  17. HTTP Connection Workaround Relay http://servicebus.windows.net/services/user/service/endpoint STA Synchronized reply-to connections Single-threaded polling receiver; multiplexed message batch retrieval; MT local dispatch and fan-out Sender Multiplex messages through volatile message buffer for pickup Receiver

  18. Relay Access Control Principles • Access Control is governed by Access Control Rules • Composes cleanly with SOAP-over-HTTP • SOAP 1.1, SOAP 1.2 HTTP clients able to send messages through the relay with minimal extra effort • WS-Security header can used for end-to-end application level security - optional • Composes cleanly with transport-only message protection • Support any SOAP 1.2/2.0 BP compliant client

  19. Unauthenticated Senders • Unauthenticated ‘Send’ option • Client do not need to acquire tokens for communicating through the relay • Supports plain Basic Profile SOAP requests • Opt-In Policy set by listening services • Enables services to choose between Relay-based access control and locally-enforced end-to-end access control

  20. Service Bus Summary • Service Registry • Relay and direct connect connectivity • Publish/Subscribe • Integrated with Access Control services

  21. Access Control • Key developer challenges • Many identity providers, many vendors, many protocols, complex semantics – tricky to get right • Application strewn with one-off access logic • Hard to get right, not agile, not compliant, many dead ends • Approach • Automate federation for a wide-range of identity providers and technologies • Factor the access control logic from the application into manageable collection of rules • Easy-to-use framework that ensures correct token processing

  22. Access Control Interactions 3. Map input claims to output claims based on access control rules 1. Define access control rules for a customer Your Access Control Project (a hosted STS) 0. Certificate exchange; periodically refreshed 4. Send Token (output claims from 3) 6.Claims checked in Relying Party 2. Send Claims Relying Party (Your App) Requestor (Your Customer) 5. Send Message w/token

  23. Hosted Security Token Service • Use the web site or web APIs… • Define and manage application scopes • Delegate access to scopes • Define and manage access control rules • Rules are defined within an application scope • Rules can be chained; e.g. bob  manager and manager  allowed • Simple model: the output security token is a collection of claims based on the claims in the incoming token • Define and manage claim types • Define and manage signing and encryption keys • Standards compliant – works with Java, Ruby, …

  24. demo

  25. Relay And End-to-End Security AC.W.N Credential appliesTo: Relay Endpoint AC.W.NSTS RST/RSTR AC.W.N Credential appliesTo: Target Endpoint AC.W.N Credential appliesTo: Relay Endpoint Requires AC.W.N Token P P P Target Service Client Relay WS-Sec Hdr WS-Sec Hdr relayToken

  26. Access Control Summary • Flexible, rules-driven access control • Rich support for a wide range of identity providers • The Geneva framework is the .NET developer experience • Easy to incorporate into existing applications • Works with lots of other environments; e.g. Sun’s Java Metro 1.3, …

  27. Workflow • Key developer challenges • Want to easily describe long-running processes • Want modularity and nesting • Easy to describe but in practice harder to run • Hosting and scaling can be challenging • Setup and installing, define scale-out approach, ensure long-running availability, manage upgrades, … • Approach • .NET 3.0/3.5/4.0 addresses key developer requests • .NET Services makes it easy to deploy, manage and run Workflows

  28. Windows Workflow Foundation Workflow • Easily describe coordinated work with minimal ceremony • Tools/Designers • Activity Library • Runtime • Hosts Activity Library WF Runtime Tooling VS Designer VS Debugger Rehosted Designer Hosts IIS/WAS+ “Dublin” Workflow Service your.exe “Direct”

  29. Workflow Service – Overview A reliable, scalable off-premises host for workflows • A portal at workflow.ex.azure.microsoft.com • New activities for the Azure Services Platform • APIs that allow you to deploy, manage, and run your workflows on the cloud • Enables you to orchestrate services • Connect to services in your enterprise anywhere on the Internet – uses the connectivity services • Give you partners and customer access – uses the access control services

  30. Workflow Service – Basic Usage • Design Workflows • Choose WF Model • Use a WF Designer • Use new Azure activities and a subset of WF out-of-the box activities • Deploy Workflows • Upload and validate • Manage Workflow Types • Add, delete, update, view instances • Manage Workflow Instances • Create, run, control, track execution

  31. Workflow Service – Design Flow 1 Design Workflows Visual Studio WF Designer 1 2 Deploy Workflows VS – one click deploy 3 Manage Workflow Types Your Apps & Services 2 4 Manage Workflow Instances 2 http:// 3 4 • Workflow Portal • WorkflowClient API • SOAP Web Service Workflow & Rules XAML ServiceBus

  32. Workflow Service Summary • Execute Workflows with high availability • Design Workflows using exiting tools • Easily deploy and manage Workflows • Portal for easy access • Management APIs for rich automation

  33. Call to Action • Register for a .NET Services account & download the SDK • http://www.azure.com • Try out the .NET Services in the HOLs area • HOLs for Service Bus, Access Control, Workflow, SQL Services, and Live Services • Attend one of the many breakout sessions

  34. Evals & Recordings Please fill out your evaluation for this session at: This session will be available as a recording at: www.microsoftpdc.com

  35. Q&A Please use the microphones provided

  36. © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related