1 / 28

Understanding & using Windows Azure AppFabric

Understanding & using Windows Azure AppFabric. Connecting On-Premise-Apps with the Cloud. Mario Szpuszta Architect Advisor marioszp@microsoft.com. Connecting On-Premise and Cloud Why? When? Windows Azure Platform AppFabric – Overview Architecture, components, scenarios

oren-henry
Download Presentation

Understanding & using Windows Azure AppFabric

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Understanding & usingWindows Azure AppFabric Connecting On-Premise-Apps with the Cloud Mario Szpuszta Architect Advisor marioszp@microsoft.com

  2. Connecting On-Premise and Cloud Why? When? Windows Azure Platform AppFabric – Overview Architecture, components, scenarios Getting started with Azure AppFabric Simple example showing core components Pre-Requisites: Windows Azure Overview-Know-How Know about fundamental components Understand Web Roles, Worker Roles, Storage, SQL Azure Primary Take-Aways and Targets

  3. Agenda • Windows Azure AppFabric – What? Why? • Connecting services using Service Bus • What is the service bus? • What can it do for us? • Securing services using Access Control Service • Understanding the federated approach of ACL • Using ACL to secure services across boundaries • Summary, discussion

  4. Azure AppFabric What is it? Which problems does it solve?

  5. Typical Application Architecture UI (Web) UI (AJAX, RIA, Client) HTTP/XML(SOAP, REST…) HTTP/HTML Services of other organizations HTTP/XML(SOAP, REST…) Application logic, business logic, services Any protocol Ressource access Stream TCP/TDS

  6. Windows Azure and typical Architectures UI (Web) UI (AJAX, RIA, Client) Secureintegration HTTP/XML(SOAP, REST…) HTTP/HTML Services of other organizations HTTP/XML(SOAP, REST…) Compute power Application logic, business logic, services Any protocol Ressource access RelationalDB (scalable)Storage Stream TCP/TDS Storage

  7. Integration across boundaries – Basic Scenario

  8. Integration – What are the Problems? • Authenticate • OrgA-users • ?? • Common Authorization • across orgs. • Firewalls • IP filters • IP address • NAT

  9. Integration On-Premise  Cloud Cloud has huge benefits But – not everything can go into the Cloud Existing code not designed for cloud Things that can‘t run in the cloud Parts you don‘t want to have in the cloud (law, legal etc.) The No#1 Scenario for App Fabric

  10. Service Bus Connecting services across boundaries

  11. Service Bus – Solves the Connectivity-Challenges Firewalls IP filters IP address NAT Firewalls IP filters IP address NAT

  12. Internet-scoped overlay-network bridging across NATs and Firewalls with federated access control Network Listen/Send from any Internet-Connected PC Internet-scoped, per-endpoint Naming and Discovery NAT/FW Traversal via TCP and HTTP Web Streams Service Bus: Core Capabilities Private Network Space Internet Space B C D A

  13. Transfer raw and structured data allowing for any common shape of communication Raw Data, Text, XML, JSON, … Datagrams, Sessions, Correlated Messages Unicast, Multicast Service Bus: Core Capabilities A B Octet-Streams Text … JSON XML … A B SOAP XML-RPC … A B

  14. Eventing One-way communication Unicast or Multicast Immediate or temporally decoupled Service Remoting RPC-style, Request/Response or Duplex Contracts, Schemas, Structured Data Tunneling Full-Duplex Tunneling of Raw Streams TCP, Pipes, Proxies, … 3 Key Service Bus Pattern Families

  15. Access Control Service Federated security for cross-boundary integration

  16. Access Control Service – Helps with Security Authenticate OrgA-users ?? Authenticate OrgA-users ?? Common Authorization across orgs. Common Authorization across orgs.

  17. Access Control Service (ACS) claims based access control for REST-services Key capabilities / features: Usable from any platform (for real) Implements OAuth WRAP & SWT Low-friction way to onboard new clients Integrates with AD FS v2 Enables simple delegation Introducing the Access Control Service

  18. ACS – Based on Community Efforts • OAuth Profiles • Web Resource Authorization Protocol (WRAP) • Simple Web Tokens (SWT) • Microsoft, Yahoo!, and Google contributed • Specs, community discussion, and other information available on Google groups • http://groups.google.com/group/oauth-wrap-wg • Contributed to OAuth IETF working group

  19. ACS – How It Works!? 3. Map input claims to output claims based on access control rules 1. Define access control rules for a customer Your ACS Service Namespace 0. Secret exchange; periodically refreshed 4. Return Access Token (output claims from 3) 6.Token Validated 2. Request Access Token (Claims) YourREST Web Service Your Customer 5. Send Message w/ Access Token

  20. In Oauth WRAP terms (sec. 5.1)… 3. Map input claims to output claims based on access control rules 1. Define access control rules for a customer AuthenticationServer 0. Secret exchange; periodically refreshed 4. Return Access Token (output claims from 3) 6.Token Validated 2. Request Access Token (Claims) Protected Resource Client 5. Send Message w/ Access Token

  21. ACS Token Requests • 3 ways to request a token • Plaintext • Lowest friction option, no crypto required • Signed token • Enables simple delegation, HMAC SHA 256 required • AD FS v2 issued SAML bearer token • Enables enterprise integration • ACS always returns the same kind of token

  22. ACS Gross Anatomy Windows Azure ACS Management Endpoint ACS Token Issuing Endpoint ACS Management Endpoint ACS Token Issuing Endpoint ACS Management Endpoint Portal ACS Token Issuing Endpoint SDK ACM.exe Mgmt Browser

  23. Summary, Discussion Key take-aways, questions, answers

  24. Access Control Service – Helps with Security Authenticate OrgA-users ?? ACL provides federated identity Common Authorization across orgs. ACL provides claims-based security Service Bus provides connectivity

  25. Windows Azure Platform AppFabric Integration platform for connecting services Connectivity-part = Service bus Security-part = Access Control Service Perfect for integrating on-premise apps with cloud No cloud platform makes building hybrids simpler than Windows Azure!! Summary, Key Take-Aways

  26. Official home pages http://www.microsoft.com/windowsazure/appfabric http://www.microsoft.com/windowsazure/developers/appfabric/ https://appfabric.azure.com/helpandresources.aspx Blogs, further ressources http://blogs.msdn.com/netservices http://vasters.com/clemensv/ http://blogs.msdn.com/justinjsmith/ http://www.mszcool.at/blog Links, Ressources...

  27. Thank you for your Attention! • For more Information please contact • Mario Szpuszta • Architect Advisor • marioszp@microsoft.com • http://www.mszcool.at/blog • +43 664 1927 365 • Microsoft Österreich GmbH. • Am Euro Platz 3 • A-1120 Vienna • Austria

More Related