1 / 38

Microsoft .NET Services A Closer Look

Microsoft .NET Services A Closer Look. Clemens Vasters Technical Lead Microsoft Corporation. Agenda. What is a Service Bus? Connectivity Challenges Naming Service Registry and Discovery Messaging, Connectivity and Events. Internet Service Bus. Service Orchestration.

tamar
Download Presentation

Microsoft .NET Services A Closer Look

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Microsoft .NET ServicesA Closer Look Clemens Vasters Technical Lead Microsoft Corporation

  2. Agenda • What is a Service Bus? • Connectivity Challenges • Naming • Service Registry and Discovery • Messaging, Connectivity and Events

  3. Internet Service Bus Service Orchestration Federated Identity and Access Control Naming Service Registry Messaging Fabric Your Services Clients On-Premise ESB MS/3rd Party Services ESB Desktop, RIA, Web Desktop, RIA, & Web

  4. Connectivity Challenges • IPv4 Address Shortage • Dynamic IP address allocation • Network Address Translation (NAT) • Internet is pwn3d by the bad guys • Firewalls layered over firewalls over firewalls Network Address Translation Network Firewall Dynamic IP Machine Firewall ? Sender Receiver

  5. How Do People Deal With It? • Dynamic DNS • NAT Port Mappings / UPnP • Open Inbound Firewall Ports Brittle, Difficult, Insecure – and sometimes – Impractical Consequence: We see recurring patterns of workarounds Network Address Translation Network Firewall Dynamic IP Machine Firewall ? Sender Receiver

  6. Who needs it? • Any Instant Messaging/Communication App • Access Control, Relay, Direct Connect • Any Multiplayer Game • Access Control, Relay, Direct Connect • Any Home Media Integration System • Access Control, Relay, Direct Connect • Any Enterprise Integration System • Access Control, VPN/VAN

  7. Service Bus – Naming Federated Identity and Access Control Naming Service Registry Messaging Fabric

  8. Service Bus Naming • Federated, hierarchical, DNS-integrated, transport-neutral naming system Solution NameA Name1 Solution NameB Name2 Root Solution NameC Name3

  9. Anything wrong with DNS? • DNS has some practical constraints: • High update propagation latency • Increasing pollution by ISPs (“DNS assistance”) • Names hosts, not services • Limited write-access model (often out-of-band) • Service Bus Naming System • R/W access with access control via Registry • Updates reflected instantaneously • Names name endpoints, not machines

  10. Canonical Form of URI Projections scheme://naming-scope/name/name X A 1 Y B 2 Root Z C 3 URI ‘Host’: Naming Authority URI ‘Path’: Federated Name Structure

  11. Global Naming Structure (PDC) scheme://servicebus.windows.net/services/solution/name/… Required Prefix solution name SBWN services 2 Root 3

  12. Global Naming Structure (Post-PDC) scheme://solution.servicebus.windows.net/name/… Solution NameA Name1 Solution NameB Name2 Root Solution NameC Name3

  13. Service Bus – Service Registry Federated Identity and Access Control Naming Service Registry Messaging Fabric

  14. Service Registry • The service registry is registry for service endpoints, not a general purpose directory • Registry is layered over the naming system • Provides programmatic access to naming • Discover: Atom 1.0 feed hierarchy • Publish: Atom Publishing Protocol, WS-Transfer WS-Transfer Client Service Registry AtomPub Naming

  15. Registry Feed Structure • Accessing the root registry feed for solutions • http://servicebus.windows.net/services/solution/ • Root of a hierarchy of feeds solution svc WS-Transfer Client SBWN services Naming Root AtomPub solution svc

  16. Services in Registry Feeds • <?xml version="1.0" encoding="utf-8"?><feed xmlns="http://www.w3.org/2005/Atom"xmlns:wsa="http://www.w3.org/2005/08/addressing"> <title>Title</title> <link href="http://connect.biztalk.net/services/my/svc"rel="self"/> <id>urn:uuid:82a76c80-d498-12d5-b91C-0103839e0ef6</id> … <entry> <title>MyEndpoint</title> <link href="http://cbn/services/my/svc/ep1"/> <id>urn:uuid:1225c695-cfb8-4ebb-aaaa-80da344efa6a</id> <wsa:EndpointReference> <wsa:Address> http://servicebus.windows.net/services/my/svc/ep1 </wsa:Address> </wsa:EndpointReference> </entry> </feed>

  17. .NET Service Bus Registry demo

  18. Service Bus – Messaging Federated Identity and Access Control Naming Service Registry Messaging Fabric

  19. Service Bus - Messaging • Primary Programming Model: WCF • Family of Bindings for the Service Bus

  20. WCF Relay Bindings For WCF Pros • Works just like WCF: • Envelopes: SOAP 1.1, SOAP 1.2, None • All WS-* end-to-end security scenarios • Transport-level message path protection (SSL) • Reliable Messaging, Streaming • Full Extensibility Model • Web programming model (WebGet/-Invoke) • Metadata Exchange • Not supported: • (By Design) Atomic Transaction Flow • (By Design) Protocol-level transport authentication • (PDC Issue) WebScriptingBehavior JavaScript proxy • (PDC Issue) Direct Tcp Modes with RM or WS-* Sec.

  21. NetOnewayRelayBinding Service Bus sb://servicebus.windows.net/services/solution/a/b/ BackendNaming RoutingFabric Route Subscribe Frontend Nodes NLB TCP/SSL 808/828 TCP/SSL 828 outbound connect one-way net.tcp outbound connect bidi socket Msg Msg Sender Receiver NATFirewallDynamic IP

  22. NetEventRelayBinding Service Bus sb://servicebus.windows.net/services/solution/a/b/ BackendNaming RoutingFabric Route Subscribe Frontend Nodes TCP/SSL 808/828 TCP/SSL 828 TCP/SSL 828 outbound connect one-way net.tcp outbound connect bidi socket outbound connect bidi socket Msg Msg Msg Sender Receiver Receiver

  23. One-Way Messaging and Events demo

  24. NetTcpRelayBinding / Relayed Service Bus sb://servicebus.windows.net/services/solution/a/b/ BackendNaming RoutingFabric Oneway RendezvousCtrl Msg Frontend Nodes Ctrl 2 NLB 3 TCP/SSL 818 outbound socket rendezvous outbound socket connect 1 Socket-SocketForwarder Ctrl Sender Receiver 4

  25. NetTcpRelayBinding / Hybrid Service Bus sb://servicebus.windows.net/services/solution/a/b/ BackendNaming RoutingFabric Oneway RendezvousCtrl Msg Frontend Nodes TCP/SSL 818, 819 NAT Probing NAT Probing relayed connect relayed rendezvous upgrade Ctrl upgrade Sender Receiver NAT Traversal Connection

  26. TCP-based Connections demo

  27. [WS|Basic|Web]HttpRelayBinding Service Bus sb://servicebus.windows.net/services/solution/a/b/ BackendNaming RoutingFabric Oneway RendezvousCtrl Msg Frontend Nodes Ctrl 2 NLB 3 HTTP/S80/443 outbound socket rendezvous HTTPHTTPSrequest 1 HTTP-SocketForwarder Ctrl Sender Receiver 4

  28. HTTP Based Connections demo

  29. Service Bus – Access Control Integration Federated Identity and Access Control Naming Service Registry Messaging Fabric

  30. Relay Access Control Model - Listener 1 Access ControlSTS Acquire Access Token#Listen RST/RSTR 2 Pass Access Token with Subscription AcTk 3 Token Evaluated #Listen Token Header AcTk Service BusRelay Receiver

  31. Relay Access Control Model - Sender Access ControlSTS 1 RST/RSTR Acquire Access Token#Send AcTk #Send Service BusRelay Sender Receiver AcTk Token Header 3 Token Evaluated and Removed 2 4 Pass Access Token with Message Message Passed on to Receiver

  32. Integrated Access Control • Access Control Governed by Rules • Managed in the Access Control Service • Services must be authorized to listen in namespace • Evaluation of all claims in the cloud • No notion of “identity” in the relayed service • Service can turn off client access control • Local evaluation of end-to-end claims • Full control over authN/Z model (but less protection) • Clean composition w/ standard SOAP/HTTP model • WS-Security Header reserved for E2E Message Security • Transparent to HTTP-Header AuthN/AuthZ schemes

  33. .NET Access Control demo

  34. Notes on Security • We encourage you to hide your payloads • Use WS-Security to protect end-to-end path • You own all keys used to protect payloads • Transport security • SSL channels terminate in the Service Bus • Socket connections relayed on-machine • Oneway/Event relayed on backend fabric • What do we look at in the Service Bus? • SOAP: Action/wsa:Action, wsa:To, wsa:Action • HTTP: Method, URI • Access Tokens

  35. Service Bus – Workflow Integration Workflow Federated Identity and Access Control Naming Service Registry Messaging Fabric

  36. .NET Workflow Services demo

  37. Q & A

  38. Summary • Pervasive, Secure Connectivity for Services • Secure NAT Traversal, “DMZ in the sky” • WCF-Integrated Programming Model

More Related