.NET ServicesArchitects Council 27.01.2009

Dariusz ParysDeveloper Evangelist

Developer Platform and Strategy GroupMicrosoft Deutschland GmbH

Kontakt

• Email • dparys@microsoft.com

• Blog• http://blogs.msdn.com/dparys

• IM • developerevangelist@live.com

Dienste in Azure

ServiceBus

AccessControl

Workflow

…

Database

Reporting

Analytics

…

Compute Storage Manage

Identity

Devices

Contacts

…

…

…

Your Applications

.NET Services

• Offene Zugriffstandards–REST, SOAP, RSS, AtomPub, …–Bibliotheken für Java, PHP, Ruby, …

• 3 Fokus Themen–Anwendungs Integration–Zugriffskontrolle in verteilten Systemen–Anwendungs Erweiterbarkeit

Service Bus

Enterprise Service Bus

Service Orchestration

Service Registry

NamingFederated Identity and

Access Control Messaging Fabric

CRM

Customers Leads

TrendsCampaigns

Supply Chain

Inventory Order Entry

PlanningPurchasing

Point Of Sale

POS Integration

Product Catalog

ReturnsWeb Store

Internet Service Bus

Service Orchestration

Service Registry

NamingFederated Identity and

Access Control Messaging Fabric

Clients MS/3rd Party ServicesOn-Premise ESB

ESBDesktop, RIA, Web

Desktop, RIA, & Web

Your Services

• Instant Messaging/Communication App– Access Control, Relay, Direct Connect

• Multiplayer Spiele– Access Control, Relay, Direct Connect

• Home Media Integration System– Access Control, Relay, Direct Connect

• Enterprise Integration System– Access Control, VPN/VAN

Wer benötigt „Connectivity“?

Was muss man tun wenn…

• …man Anwendungen miteinander integrieren möchte die

– in verschiedenen Netzwerken zu Hause sind?

– unterschiedliche Benutzerverwaltungen haben?

– nicht immer erreichbar sind?

• IPv4 Adressraum– Dynamic IP Adresszuordnung– Network Address Translation (NAT)

• Internet voller “Bad Guys”– Firewall auf Firewall auf Firewall…

Connectivity Challenges

Sender Receiver?Machine Firewall

Network Firewall

Network Address Translation

Dynamic IP

• Dynamic DNS• NAT Port Mappings / UPnP• Open Inbound Firewall Ports

Es gibt Möglichkeiten

Sender Receiver?Machine Firewall

Network Firewall

Network Address Translation

Dynamic IP

Jede dieser Entscheidung bringt Risiken mit

Service Bus – Naming

Service Registry

NamingFederated

Identity and Access Control

Messaging Fabric

Naming Scheme

[http|sb]://servicebus.windows.net/services/account/svc/…

Rootservicebus.windows.

net

services

account

contoso

…

svc

Service Registry Root

Multi-Tenant

The service registry provides a mapping from URIs to services

Service Bus – Service Registry

Service Registry

NamingFederated

Identity and Access Control

Messaging Fabric

Service Registry

• Registry nur für Service Endpunkte– Nichts anderes

• Programmatischer Zugriff über– Discover: Atom 1.0 feed hierarchy– Publish: Atom Publishing Protocol,

WS-Transfer

Naming

Service Registry

ClientAtomPub

WS-Transfer

Registry Feed Structure

• Solution Root Feed– http://servicebus.windows.net/services/solution/

– Hierarchisch

Naming

RootSBWN

services

svc

solution

svc

solution

Client

AtomPub

WS-Transfer

Services in Registry Feeds

• <?xml version="1.0" encoding="utf-8"?><feed xmlns="http://www.w3.org/2005/Atom" xmlns:wsa="http://www.w3.org/2005/08/addressing"> <title>Title</title> <link href="http://servicebus.windows.net/services/my/svc" rel="self"/> <id>urn:uuid:82a76c80-d498-12d5-b91C-0103839e0ef6</id> … <entry> <title>MyEndpoint</title> <link href="http://swn/services/my/svc/ep1"/> <id>urn:uuid:1225c695-cfb8-4ebb-aaaa-80da344efa6a</id> <wsa:EndpointReference> <wsa:Address> http://servicebus.windows.net/services/my/svc/ep1 </wsa:Address> </wsa:EndpointReference> </entry> </feed>

Service Bus – Messaging

Service Registry

NamingFederated

Identity and Access Control

Messaging Fabric

• Aus .NET heraus: WCF–Microsoft.ServiceBus

Service Bus - Messaging

Corresponding WCF Binding Service Bus Relay Binding

BasicHttpBinding BasicHttpRelayBinding

WebHttpBinding WebHttpRelayBinding

WSHttpBinding WSHttpRelayBinding

WS2007HttpBinding WS2007HttpRelayBinding

WSHttpContextBinding WSHttpRelayContextBinding

WS2007HttpFederationBinding WS2007HttpRelayFederationBinding

NetTcpBinding NetTcpRelayBinding

NetTcpContextBinding NetTcpRelayContextBindingn/a [loosely related to NetMsmqBinding] NetOnewayRelayBindingn/a [loosely related to NetTcpPeerBinding] NetEventRelayBinding

NetOnewayRelayBinding

Service Bus

Sender Receiver

sb://servicebus.windows.net/services/solution/a/b/

outb

ound

con

nect

one

-way

net

.tcp TCP/

SSL 828

BackendNamingRoutingFabric

Frontend

Nodes TCP/SSL 808/82

8

outbound connect bidi socket

Msg Msg

NATFirewallDynamic IP

Subscribe

Route

NLB

NetEventRelayBinding

Service Bus

Sender Receiver

sb://servicebus.windows.net/services/solution/a/b/

outbound connect bidi socketoutb

ound

con

nect

one

-way

net

.tcp TCP/

SSL 828

BackendNamingRoutingFabric

Frontend

Nodes TCP/SSL 808/82

8

Msg Msg

Subscribe

Route

Receiver

outbound connect bidi socketTCP/SSL 828

Msg

NetTcpRelayBinding / Relayed

Service Bus

Sender Receiver

sb://servicebus.windows.net/services/solution/a/b/BackendNamingRoutingFabric

Frontend

Nodes

Ctrl

1

2

3

4

Socket-SocketForwarderou

tbou

nd

sock

et

connec

t

outbound

socket

rendezvous

Ctrl

TCP/SSL 818

OnewayRendezvo

usCtrl Msg

NLB

NetTcpRelayBinding / Hybrid

Service Bus

Sender Receiver

sb://servicebus.windows.net/services/solution/a/b/BackendNamingRoutingFabric

Frontend

Nodes

Ctrl

rela

yed

connec

t

OnewayRendezvo

usCtrl Msg

relayed

rendezvous

TCP/SSL 818, 819

NAT

Pro

bin

g

NAT

Prob

ing

NAT Traversal Connection

upgra

de

upgrade

[WS|Basic|Web]HttpRelayBinding

Service Bus

Sender Receiver

sb://servicebus.windows.net/services/solution/a/b/BackendNamingRoutingFabric

Frontend

Nodes

Ctrl

1

2

3

4

HTTP-SocketForwarder

HTTP

HTTPS

reques

t

outbound

socket

rendezvous

Ctrl

HTTP/S80/443

OnewayRendezvo

usCtrl Msg

NLB

Service Bus Demo

Access Control

Motivation

On-premise services

Customers/Partners

user*******

?

Motivation

On-premise services

Customers/Partners

user*******

(A) STS

(R) STS

??

Cloud services

1..n

Scenario with the ACS

On-premise/cloud services

Customers/Partners

user*******

Your ACSTrust

Trust

• Diese Dienste nutzen den Access Control Service

• Microsoft SQL Data Services– Username / Passwort und ein Token

des Access Control Service• .NET Service Bus• .NET Workflow Service• The Portals

Zugriff auf Services

Zusammenspiel

Your CustomersYour App

Acc

ess

C

on

trol

Serv

ice

<Any ID Provider>

Live ID Users

XYZ Domain Users

Wer? Was?

UI

Integrieren

ServiceBus

Orchestrieren

Speichern

WF

Data

• Portal– Frontend zum Administrieren von

Anwendungen und Regeln• Client API– Programmierbare Schnittstelle

• Service (STS)– Zur Verfügung gestellter STS (Shared

STS)– Interaktion mittels des Geneva

Frameworks

Bestandteile

Ablauf der Zugriffssicherung

.NET Access Control Service(Managed STS)

Relying Party

(Service Bus, Ihre

Anwendung, etc.)

2. Claims senden

(RST)4. Token senden (RSTR)

(enhält Claims von 3)

5. Nachricht sendenmit Token

0. Cert|Secret austausch; periodisch aktualisiert

Requestor(Ihr Kunde)

1. Zugriffsregeln für Kunden deklarieren

6.Claims werden überprüf

t

3. Input Claims Output Claimswie im Regelwerk beschrieben

Access Control Demo

Workflow

WF Runtime

• Beschreibung einesProgrammablaufs

• Tools/Designers• Activity Library• Runtime• Hosts

Windows Workflow Foundation Tooling

VS DesignerVS

DebuggerRehosted Designer

Workflow

Activity Library

IIS/WAS+“Dublin”

WorkflowService

your.exe“Direct”

Hosts

• Portal http://workflow.ex.azure.microsoft.com

• Neue Aktivitäten für die Windows Azure Plattform

• APIs zum installieren, ausführen und betreiben von Workflows “in-the-cloud”

• Orchestrierung von Diensten – Unternehmensübergreifende Dienste– Zugriff für Kunden und Partner durch

Access Control

Workflow Service – ÜberblickZuverlässiger, skalierbarer off-premises host

für Workflows

• Design Workflows– Auswahl des Workflow Templates– Designer unterstützt– Neue Azure Activities und Subset der

WF Activities• Workflows installieren– Upload und Validierung

• Verwalten von Workflow Typen– Add, delete, update, view instances

• Verwalten von Workflow Instanzen– Create, run, control, track execution

Arbeiten mit Workflows

Workflow Service – Design Flow

Workflow & Rules XAML

1Visual Studio WF Designer

Your Apps & Services

http://

ServiceBus•Workflow Portal•WorkflowClient API•SOAP Web Service

2 3 4

Design Workflows1

Deploy Workflows2

Manage Workflow Instances4

Manage Workflow Types32

VS – one click deploy

Workflow Portal Demo

SQL Data Service

Data Model And ACE Concepts

• Unit ofgeo-location and billing

• Tied toDNS name

• Collectionof Containers

Authority Container Entity

Unit of Consistency

Scope for Query and Update

Collectionof Entities

Unit of Storage

Property Bagof Name/Value pairs

No Schema Required

ConceptsEntity

Entity properties may differ in type and instanceProperty Type Value

Metadata

ID EntityId VWGOLF-01

Kind EntityKind

Car

FlexProps

Description

String Reliable, one owner, …

Price Numeric 12000.00

ListingDate

Datetime 01-01-2008

LocationZip

String 98052Property Type Value

Metadata

ID EntityId MINICOOPER-264

Kind EntityKind

FunCar

FlexProps

Description

String Reliable, one owner, …

Price Numeric 12000.00

ListingDate

String 1st January, 2008

LocationZip

String 98052

EngineSize

Numeric 1600

DifferentKinds

DifferentInstance

Types

Additional Property

Architecture

Data Access

Lib

SDS Runtim

e

REST / SOAP

Data Access

Lib

SDS Runtim

e

REST / SOAP

Data Access

Lib

SDS Runtim

e

REST / SOAP

Data Access

Lib

SDS Runtim

e

REST / SOAP

Data Access

Lib

SDS Runtim

e

REST / SOAP

Data Access

Lib

SDS Runtim

e

REST / SOAP

Data Access

Lib

SDS Runtim

e

REST / SOAP

Mgmt. Services

Distributed

Data Fabric

SQL Server

Mgmt. Services

Distributed

Data Fabric

SQL Server

Mgmt. Services

Distributed

Data Fabric

SQL Server

Mgmt. Services

Distributed

Data Fabric

SQL Server

Mgmt. Services

Distributed

Data Fabric

SQL Server

Mgmt. Services

Distributed

Data Fabric

SQL Server

Mgmt. Services

Distributed

Data Fabric

SQL Server

SQL Data Services Front End

SQL Data Services Back EndMaster ClusterData Cluster

SDS - Reliable Master Cluster Manager

SDS – Data Nodes

SDS - Back-end

SQL Server

Database

Data And Master Nodes

Data Node 105

Data Node 104

Data Node 103

Data Node 102

Data Node 101

P1

S1

P2S2

S1S2

P6 S6P5

S5S6

P3

S5

S3

P3

P4 S4S4

P1P2P3P4P5P6

Partition

ManagerGlobal

Partition Map

SQL Serve

r

Partition

Placement

Advisor

Leader Elector

Distributed Data Fabric

Zusammenfassung

• Anwendungsintegration durch den .NET Service Bus• Zugriffskontrolle durch den .NET Access

Control Service• Wiederverwenden von Anwendungslogik

durch .NET Workflow Service

• Melden Sie sich für den momentanen CTP an unter • http://www.azure.com

Weiterführende Informationen

• PDC Videos–BB01, BB02, BB12, BB23, BB28, BB38, BB55

• Blog Posts– Federating with the ACS

http://www.leastprivilege.com/FederatingWithTheNETAccessControlService.aspx

• Other resources– http://www.microsoft.com/azure/accesscontrol.mspx– http://msdn.microsoft.com/en-us/library/dd129876.aspx– http://dunnry.com/blog/UsingSDSWithAzureAccessControlService.aspx

• Blogs– http://blogs.msdn.com/dparys– http://www.leastprivilege.com