john shewchuk dennis pilarinos microsoft corporation
TRANSCRIPT
![Page 1: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/1.jpg)
Architecture of the .NET Services
John ShewchukDennis Pilarinos
Microsoft Corporation
![Page 2: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/2.jpg)
Azure™ Services Platform
![Page 3: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/3.jpg)
A Look Inside Azure
ServiceBus
AccessControl
Workflow
…
Database
Reporting
Analytics
…
Compute Storage Manage
Identity
Devices
Contacts
…
…
…
Your Applications
![Page 4: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/4.jpg)
Extending .NET technologies to the cloud Open and accessible
REST, SOAP, RSS, AtomPub, … Class libraries for Java, PHP, Ruby, …
Easy-to-use from .NET – skills move forward Initial focus on three key
developer challenges Application integration Access control in a federated world Application extensibility
.NET Services
![Page 5: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/5.jpg)
Key developer challenges Want to make it easy and secure for partners to use your application Don’t always know the characteristics or scale of the integration Partners / customers / users have devices and services running behind
firewalls Approach
Provide a high-scale, high-available “Service Bus” that supports open Internet protocols
Service Bus
![Page 6: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/6.jpg)
The Internet Service Bus pattern Service Registry Connectivity (Relay & Direct Connect) Publish/Subscribe
Nitty Gritty Bindings Ensuring connectivity Integration with Access Control
Service Bus
![Page 7: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/7.jpg)
Service Bus Application Pattern
Service Registry
Naming
Service Orchestration
Federated Identity and
Access ControlMessaging Fabric
Clients Cloud ServicesOn-Premises
Desktop, RIA, Web
ESB Storage Compute
…Billing
Desktop, RIA, Web
Desktop, RIA, & Web Corp Service
Your Service
![Page 8: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/8.jpg)
[http|sb]://servicebus.windows.net/services/account/svc/…
Service Registry
Rootservicebus.windows.
netservices
account
contoso
…
svc
Service Registry Root
Multi-Tenant
The service registry provides a mapping from URIs to services
![Page 9: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/9.jpg)
Two key capabilities Relay Direct connect
Relay Ensure applications connect Available to all via the service registry
Direct connect Uses the relay to establish communication Then shortcuts for efficiency
Available via HTTP / REST / ATOM Available in .NET via WCF Bindings
Connectivity
![Page 10: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/10.jpg)
Relay
sb://servicebus.windows.net/services/user/service/endpoint
One-Way Connection
Sender Receiver
Outbound SSL-Secured TCP 828Connection to Relay Rendezvous
Endpoint
One-Way Messagesthrough TCP Tunnel
![Page 11: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/11.jpg)
Relay
sb://servicebus.windows.net/services/user/service/endpoint
Direct Connections
Sender Receiver
- Outbound SSL-Secured TCP 828Connection to Relay
- Out-of-Band Protocol to negotiate Direct Connection
Upgrade to Direct when possible
![Page 12: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/12.jpg)
Publish/Subscribe
Builds on the relay and direct connect connectivity capabilities
Initial release is “connected multicast” Over time will provide additional delivery
characteristics – anycast, reliable, …
![Page 13: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/13.jpg)
Relay
Multicast Publish/Subscribe
sb://servicebus.windows.net/services/user/service/endpoint
Sender Receiver
Outbound SSL-Secured TCP 828Connection to Relay Rendezvous
Endpoint
One-Way Messagesthrough TCP Tunnel
ReceiverReceiverReceiver
![Page 14: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/14.jpg)
Service Bus
The Internet Service Bus pattern Service Registry Connectivity (Relay & Direct Connect) Publish/Subscribe
Nitty Gritty Bindings Ensuring connectivity Integration with Access Control
![Page 15: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/15.jpg)
Rich Set of Connectivity Bindings
WCF Binding New Service Bus Binding
BasicHttpBinding BasicHttpRelayBinding
WebHttpBinding WebHttpRelayBinding
WSHttpBinding WSHttpRelayBinding
WS2007HttpBinding WS2007HttpRelayBinding
WSHttpContextBinding WSHttpRelayContextBinding
WS2007FederationHttpBinding WS2007FederationHttpRelayBinding
NetTcpBinding NetTcpRelayBinding
NetTcpContextBinding NetTcpRelayContextBinding
n/a NetOnewayRelayBinding
n/a NetEventRelayBinding
![Page 16: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/16.jpg)
Relay
RFC2616-Compliance
http://servicebus.windows.net/services/user/service/endpoint
Sender ReceiverRFC2616 compliant
HTTP stack
Only 2 concurrent connections per
domain
2 concurrent polling clients starve dual
reply-to path
![Page 17: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/17.jpg)
Relay
http://servicebus.windows.net/services/user/service/endpoint
HTTP Connection Workaround
Sender Receiver
Single-threaded polling receiver;
multiplexed message batch
retrieval; MT local dispatch and fan-out
Multiplex messages through volatile
message buffer for pickup
STA Synchronized reply-to connections
![Page 18: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/18.jpg)
Access Control is governed by Access Control Rules Composes cleanly with SOAP-over-HTTP
SOAP 1.1, SOAP 1.2 HTTP clients able to send messages through the relay with minimal extra effort
WS-Security header can used for end-to-end application level security - optional Composes cleanly with transport-only message protection
Support any SOAP 1.2/2.0 BP compliant client
Relay Access Control Principles
![Page 19: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/19.jpg)
Unauthenticated ‘Send’ option Client do not need to acquire tokens for
communicating through the relay Supports plain Basic Profile SOAP requests Opt-In Policy set by listening services
Enables services to choose between Relay-based access control and locally-enforced end-to-end access control
Unauthenticated Senders
![Page 20: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/20.jpg)
Service Registry Relay and direct connect connectivity Publish/Subscribe Integrated with Access Control services
Service Bus Summary
![Page 21: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/21.jpg)
Key developer challenges Many identity providers, many vendors, many protocols, complex semantics – tricky to get right Application strewn with one-off access logic Hard to get right, not agile, not compliant, many dead ends
Approach Automate federation for a wide-range of identity providers and technologies Factor the access control logic from the application into manageable collection of rules Easy-to-use framework that ensures correct
token processing
Access Control
![Page 22: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/22.jpg)
Access Control Interactions
Your Access Control Project(a hosted STS)
Relying Party(Your App)
2. Send Claims
4. Send Token
(output claims from
3)
5. Send Messagew/token
0. Certificate exchange; periodically refreshed
Requestor(Your Customer)
1. Define access control rules for a customer
6.Claims checked in
Relying Party
3. Map input claims to output claims based on access control rules
![Page 23: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/23.jpg)
Use the web site or web APIs… Define and manage application scopes
Delegate access to scopes Define and manage access control rules
Rules are defined within an application scope Rules can be chained; e.g. bob manager and manager
allowed Simple model: the output security token is a collection
of claims based on the claims in the incoming token Define and manage claim types Define and manage signing and encryption keys Standards compliant – works with Java, Ruby, …
Hosted Security Token Service
![Page 24: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/24.jpg)
demo
![Page 25: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/25.jpg)
Target Service
AC.W.NSTS
Client
RST/RSTR
AC.W.N Credential appliesTo: Target Endpoint
Relay And End-to-End Security
Relay
P P
Requires AC.W.N Token
AC.W.N Credential appliesTo: Relay Endpoint
WS-Sec Hdr
P
AC.W.N CredentialappliesTo: Relay Endpoint
relayToken
WS-Sec Hdr
![Page 26: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/26.jpg)
Flexible, rules-driven access control Rich support for a wide range of
identity providers The Geneva framework is the .NET
developer experience Easy to incorporate into
existing applications Works with lots of other environments; e.g.
Sun’s Java Metro 1.3, …
Access Control Summary
![Page 27: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/27.jpg)
Key developer challenges Want to easily describe long-running processes Want modularity and nesting Easy to describe but in practice harder to run
Hosting and scaling can be challenging Setup and installing, define scale-out approach, ensure long-running availability, manage upgrades, …
Approach .NET 3.0/3.5/4.0 addresses key developer requests .NET Services makes it easy to deploy, manage and run Workflows
Workflow
![Page 28: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/28.jpg)
WF Runtime
Easily describe coordinated work with minimal ceremony
Tools/Designers Activity Library Runtime Hosts
Windows Workflow Foundation
Tooling
VS Designer VS Debugger Rehosted Designer
Workflow
Activity Library
IIS/WAS+“Dublin”
WorkflowService
your.exe“Direct”
Hosts
![Page 29: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/29.jpg)
A portal at workflow.ex.azure.microsoft.com New activities for the Azure Services Platform APIs that allow you to deploy, manage, and run your workflows on the cloud Enables you to orchestrate services
Connect to services in your enterprise anywhere on the Internet – uses the connectivity services Give you partners and customer access – uses the access control services
Workflow Service – Overview
A reliable, scalable off-premises host for workflows
![Page 30: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/30.jpg)
1. Design Workflows Choose WF Model Use a WF Designer Use new Azure activities and a subset of WF out-of-the box activities
2. Deploy Workflows Upload and validate
3. Manage Workflow Types Add, delete, update, view instances
4. Manage Workflow Instances Create, run, control, track execution
Workflow Service – Basic Usage
![Page 31: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/31.jpg)
Workflow Service – Design Flow
Workflow & Rules XAML
1Visual Studio WF Designer
Your Apps & Services
http://
ServiceBus•Workflow Portal•WorkflowClient API•SOAP Web Service
2 3 4
Design Workflows1
Deploy Workflows2
Manage Workflow Instances4
Manage Workflow Types32
VS – one click deploy
![Page 32: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/32.jpg)
Execute Workflows with high availability Design Workflows using exiting tools Easily deploy and manage Workflows Portal for easy access Management APIs for rich automation
Workflow Service Summary
![Page 33: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/33.jpg)
Register for a .NET Services account & download the SDK http://www.azure.com
Try out the .NET Services in the HOLs area HOLs for Service Bus, Access Control, Workflow,
SQL Services, and Live Services Attend one of the many breakout sessions
Call to Action
![Page 34: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/34.jpg)
Evals & Recordings
Please fill
out your
evaluation for
this session at:
This session will be available as a recording at:
www.microsoftpdc.com
![Page 35: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/35.jpg)
Please use the microphones provided
Q&A
![Page 36: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/36.jpg)
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
![Page 37: John Shewchuk Dennis Pilarinos Microsoft Corporation](https://reader036.vdocuments.us/reader036/viewer/2022070307/551b6fdf550346a10a8b48d6/html5/thumbnails/37.jpg)