cloud guidancejohn devadoss

product unit manager, patterns & practicesjohnd@microsoft.com

DPR 202

Agenda

Why care

How to think about and exploit the Windows Azure Platform

Real-world walk-through/demo

Discussion

Step 1 - Unlocking the Cloud

“You can have any color Model T so long as it's black.”

Pop Quiz

You can have any colour Model T so long as it's black.

The model of “one size fits all” is now seen by most IT organizations as being flawed.

“Packaged”Application

An application that I buy “off the

shelf” and run myself.

Self Hosted “Home Built”

An application that I develop and

run myself.

Build

vs.

Buy

Build

Buy

Hosted “Home Built”

An application that I develop

myself, but run at a hoster.

Hosted “Packaged”

An application that I buy “off the

shelf” and then run at a hoster.

Cloud Platform

An application that I develop

myself, but run in the cloud.

“Software as a Service”

A hosted application that I

buy from a provider.

On premises vs. CloudOn premises Cloud

Trade-offs

Windows Azure Platform

Windows Azure

Applications

.NET Services

SQL Azure

Applications

OthersWindowsMobile

WindowsVista/XP

WindowsServer

Windows Azure PlatformAn illustration

Windows Azure

Windows Azure Basics

The goal of Windows Azure is to provide a platform that is scalable and available

Windows Azure can run various kinds of Windows applications:

.NET applicationsUnmanaged codePHP. . .

.NET Services

Windows Azure

Applications

Applications

SQL Azure

OthersWindowsMobile

WindowsVista/XP

WindowsServer

Fabric

Storage

Config

Compute

Application

Windows AzureWindows in the cloud

…

Fabric

Compute Storage

Application

VMs VMs

Windows Azure Fabric

main(){ … }

Agent Agent

Windows Azure Compute Service A closer look

Load Balancer

HTTPIIS

ASP.NET,WCF etc.

Windows Azure Compute ServicePoints of interest

The VMs are provided by a cloud-optimized hypervisorFor developers:

Applications see a 64-bit Windows Server 2008 interface

A few things require accessing the Windows Azure Agent, e.g., logging

A desktop facsimile of Windows Azure in the cloud is provided for development

…

Fabric

Compute Storage

Application

Windows Azure Storage ServiceA closer look

Blobs

HTTP/ HTTPS

Tables Queues

Windows Azure StoragePoints of interest

Storage types:Blobs: a simple hierarchy of binary dataTables: entity storage (not relational tables)Queues: allow communication among web and worker role instances

Access:Data is exposed via a RESTful interfaceData can be accessed by:

Windows Azure applicationsOther on-premises or cloud applications

Table . . .TableTable

Entity . . .EntityEntity

Property Property . . .Property

Windows Azure StorageA closer look at tables

Name Type Value

Windows Azure StorageTables: Challenges

Access via RESTYou can’t use ordinary ADO.NET

No SQLNo real joins, aggregates, etc.

An unfamiliar hierarchical structureYou can’t easily move relational data to itSupporting services are scarce, e.g., reporting

No schema

Windows Azure StorageTables: Strengths

Massive scalabilityBy effectively allowing scale-out data

Applied to the right problem, Windows Azure Tables are a beautiful thing

Web RoleInstance

Queue

1) Receive work

3) Dequeue message

4) Do work

2) Enqueue message

5) Delete message

Worker RoleInstance

Using QueuesThe suggested application model

Guidance on Using Windows Azure

Using Windows AzureSome examples

A start-up might create a new Web application on Windows Azure

They can fail fast or scale fastAn ISV might create a SaaS version of an existing .NET application on Windows Azure

It’s .NET, so porting the code is doableAn enterprise might build a new application on Windows Azure

It’s .NET, so developers are plentiful

SQL Azure

SQL Azure

.NET Services

Windows Azure

Applications

Applications

OthersWindowsMobile

WindowsVista/XP

WindowsServer

SQL AzureData services in the cloud

SQL Azure

Others (Future)

SQL AzureToday:

SQL AzureFormerly known as SQL Server Data Services (SSDS)

In the future: ReportingAnalysisExtract/Transform/Load (ETL) servicesMore

TDS Database

Database

Database

SQL Azure

Others (Future)

SQL AzureAn illustration

Guidance on Using SQL Azure

Using SQL AzureSome examples

A Windows Azure application might use SQL Azure for its dataA departmental app could use SQL Azure rather than a local database

For better reliability and availabilityAn organization might make data available to both in-house and partner apps through SQL Azure

Such as a company with a far-flung dealer network

.NET Services

.NET Services

Windows Azure

Applications

Applications

SQL Azure

OthersWindowsMobile

WindowsVista/XP

WindowsServer

Service Bus

Access Control ?

.NET ServicesInfrastructure in the cloud

The Access Control Service

The problem:Different organizations identify users with tokens containing different claimsApplications can be faced with a confusing mess

The solution: The Access Control Service implements a security token service (STS) in the cloudIt accepts one token and issues another

The claims in the outgoing token can differ from those in the incoming token

An administrator can define rules for how this claims transformation is done

Service Bus

The problem: Exposing internal applications on the Internet isn’t easy

Network address translation (NAT) and firewalls get in the way

The solution:Service Bus provides a cloud-based intermediary between clients and internal applicationsIt also provides a service registry that clients can use to find the services they need

Access Control

Service Bus

Service Bus

Registry

Endpoints

Organization YOrganization X

Application Application

Service Bus

2) Discover endpoints

1) Register endpoints3) Access

application

Guidance on Using .NET Services

Using .NET ServicesSome examples

An app that’s accessed over the Internet from different organizations might rely on Access Control to rationalize the identity information it receives

And to do access controlAn enterprise might expose an internal application to its trading partners via Service Bus

Note: this is a bit of a trick question, and it has to do with security….

What are the first two questions an application has to answer?

Pop Quiz

In A Nutshell

Your CustomersYour Application

.NET

Acc

ess

Cont

rol S

ervi

ceAc

coun

t

<Any ID Provider>

Live ID Users

XYZ Domain Users

Who is the caller?

What can they do?

ServiceBus

WorkflowService

SQL DataService

Web UI

Step 1. Unlocking the CloudAuthentication and Authorization

Glaxo Smith Kline – “BigPharma”

A day in the life…John is a scientist doing research @ BigPharmaHas an idea…Needs a new Biological Reagent…

Options:1. Search the web

1. Multiple sources2. Different formats3. Security constraints

2. Call colleagues to see if they have it1. Expensive

3. Go to the Lab and create it1. 2 -3 months2. Expensive

Cloud-Catalog

Firewall

PharmaX

Firewall FirewallFirewall

Access Control & Security

Queries QueriesUploadsUpdatesQueries

UploadsUpdatesQueries

China Subsidiary

LitwareReagent

DB

BigPharmaReagent

DB

PharmaXReagent

DB

Key requirementsDe-centralized managementAccess Control

(Very) fine grained Access ControlOrg Row Field

X-OrgLeveraging existing Identity and AuthZ infrastructureGeo-distributed informationFlexible data schemaInteroperability through standards

a working prototypeProvisioningUsing the catalog

demo

Key requirements – recapDe-centralized management

Self-provisioningMulti-tenant architecture (extensibility, customization, etc)

Access Control(Very) fine grained Access ControlOrg Row FieldCross-Organization

Leveraging existing Identity and AuthZ infrastructureSSO

Flexible data schemaInteroperability through standards:

WS-* WS-Federation, WS-Trust, SAML

Geo-distributed information

Identity & Access ControlFederation & Claims

3

1

2IP-STS

STS

An event analogyTechEd

Operations

TechEdSessions

TechEdParty

Attendee

Speaker

Staff

TechEdSpeakerRoom

Identity & Access ControlFederation & Claims

ADFS

Windows Identity Foundation

a working prototypedemo

More on Access Control

Takeaways

Cloud computing is herepatterns & practices is building guidance

Claims-based Authentication and Authorization‘Cloudlib’

A new world is unfoldingPrepare to be part of it

Agenda

Why care

How to think about and exploit the Windows Azure Platform

Real-world walk-through/demo

Discussion

Step 1 - Unlocking the Cloud