490 likes | 601 Vues
c loud guidance. j ohn devadoss p roduct unit manager, patterns & practices johnd@microsoft.com DPR 202. Agenda. Why care. How to think about and exploit the Windows Azure Platform. Real-world walk-through/demo. Step 1 - Unlocking the Cloud. Discussion. Pop Quiz.
E N D
cloud guidance john devadoss product unit manager, patterns & practices johnd@microsoft.com DPR 202
Agenda • Why care • How to think about and exploit the Windows Azure Platform • Real-world walk-through/demo • Step 1 - Unlocking the Cloud • Discussion
Pop Quiz “You can have any color Model T so long as it's black.”
The model of “one size fits all” is now seen by most IT organizations as being flawed.
Trade-offs “Packaged” Application An application that I buy “off the shelf” and run myself. Hosted “Packaged” An application that I buy “off the shelf” and then run at a hoster. “Software as a Service” A hosted application that I buy from a provider. Buy Build vs. Buy Self Hosted “Home Built” An application that I develop and run myself. Hosted “Home Built” An application that I develop myself, but run at a hoster. Cloud Platform An application that I develop myself, but run in the cloud. Build On premises vs. Cloud Cloud On premises
Windows Azure PlatformAn illustration .NET Services SQL Azure Applications Windows Azure Applications Windows Server Windows Vista/XP Windows Mobile Others
Windows Azure Basics • The goal of Windows Azure is to provide a platform that is scalable and available • Windows Azure can run various kinds of Windows applications: • .NET applications • Unmanaged code • PHP • . . .
Windows AzureWindows in the cloud Application Compute Storage Fabric Config .NET Services SQL Azure Applications Windows Azure Applications Windows Server Windows Vista/XP Windows Mobile Others
Windows Azure Compute Service A closer look VMs VMs main() { … } ASP.NET, WCF etc. HTTP IIS Load Balancer Agent Agent Windows Azure Fabric Application Storage Compute Fabric …
Windows Azure Compute ServicePoints of interest • The VMs are provided by a cloud-optimized hypervisor • For developers: • Applications see a 64-bit Windows Server 2008 interface • A few things require accessing the Windows Azure Agent, e.g., logging • A desktop facsimile of Windows Azure in the cloud is provided for development
Windows Azure Storage ServiceA closer look HTTP/ HTTPS Blobs Tables Queues Application Storage Compute Fabric …
Windows Azure StoragePoints of interest • Storage types: • Blobs: a simple hierarchy of binary data • Tables: entity storage (not relational tables) • Queues: allow communication among web and worker role instances • Access: • Data is exposed via a RESTful interface • Data can be accessed by: • Windows Azure applications • Other on-premises or cloud applications
Windows Azure StorageA closer look at tables . . . Table Table Table Entity Entity Entity . . . Property Property Property . . . Name Type Value
Windows Azure StorageTables: Challenges • Access via REST • You can’t use ordinary ADO.NET • No SQL • No real joins, aggregates, etc. • An unfamiliar hierarchical structure • You can’t easily move relational data to it • Supporting services are scarce, e.g., reporting • No schema
Windows Azure StorageTables: Strengths • Massive scalability • By effectively allowing scale-out data • Applied to the right problem, Windows Azure Tables are a beautiful thing
Using QueuesThe suggested application model 1) Receive work Web Role Instance Worker Role Instance 4) Do work 3) Dequeue message 2) Enqueue message 5) Delete message Queue
Using Windows AzureSome examples • A start-up might create a new Web application on Windows Azure • They can fail fast or scale fast • An ISV might create a SaaS version of an existing .NET application on Windows Azure • It’s .NET, so porting the code is doable • An enterprise might build a new application on Windows Azure • It’s .NET, so developers are plentiful
SQL AzureData services in the cloud SQL Azure Others (Future) .NET Services SQL Azure Applications Windows Azure Applications Windows Server Windows Vista/XP Windows Mobile Others
SQL Azure • Today: • SQL Azure • Formerly known as SQL Server Data Services (SSDS) • In the future: • Reporting • Analysis • Extract/Transform/Load (ETL) services • More
SQL AzureAn illustration Database TDS Database Database SQL Azure Others (Future)
Using SQL AzureSome examples • A Windows Azure application might use SQL Azure for its data • A departmental app could use SQL Azure rather than a local database • For better reliability and availability • An organization might make data available to both in-house and partner apps through SQL Azure • Such as a company with a far-flung dealer network
.NET ServicesInfrastructure in the cloud Access Control Service Bus .NET Services SQL Azure Applications ? Windows Azure Applications Windows Server Windows Vista/XP Windows Mobile Others
The Access Control Service • The problem: • Different organizations identify users with tokens containing different claims • Applications can be faced with a confusing mess • The solution: • The Access Control Service implements a security token service (STS) in the cloud • It accepts one token and issues another • The claims in the outgoing token can differ from those in the incoming token • An administrator can define rules for how this claims transformation is done
Service Bus • The problem: Exposing internal applications on the Internet isn’t easy • Network address translation (NAT) and firewalls get in the way • The solution: • Service Bus provides a cloud-based intermediary between clients and internal applications • It also provides a service registry that clients can use to find the services they need
Service Bus Service Bus 2) Discover endpoints Registry 1) Register endpoints 3) Access application Endpoints Application Application Organization X Organization Y Access Control Service Bus
Using .NET ServicesSome examples • An app that’s accessed over the Internet from different organizations might rely on Access Control to rationalize the identity information it receives • And to do access control • An enterprise might expose an internal application to its trading partners via Service Bus
Pop Quiz Note: this is a bit of a trick question, and it has to do with security…. What are the first two questions an application has to answer?
In A Nutshell What can they do? Who is the caller? Your Application Your Customers Service Bus <Any ID Provider> Live ID Users .NET Access Control Service Account Web UI Workflow Service XYZ Domain Users SQL Data Service
A day in the life… • John is a scientist doing research @ BigPharma • Has an idea… • Needs a new Biological Reagent… • Options: • Search the web • Multiple sources • Different formats • Security constraints • Call colleagues to see if they have it • Expensive • Go to the Lab and create it • 2 -3 months • Expensive
Cloud-Catalog BigPharma Reagent DB Litware Reagent DB PharmaX Reagent DB Access Control & Security Uploads Updates Queries Uploads Updates Queries Queries Queries Firewall Firewall Firewall Firewall PharmaX China Subsidiary
Key requirements • De-centralized management • Access Control • (Very) fine grained Access Control • Org Row Field • X-Org • Leveraging existing Identity and AuthZ infrastructure • Geo-distributed information • Flexible data schema • Interoperability through standards
demo a working prototype Provisioning Using the catalog
Key requirements – recap • De-centralized management • Self-provisioning • Multi-tenant architecture (extensibility, customization, etc) • Access Control • (Very) fine grained Access Control • Org Row Field • Cross-Organization • Leveraging existing Identity and AuthZ infrastructure • SSO • Flexible data schema • Interoperability through standards: • WS-* WS-Federation, WS-Trust, SAML • Geo-distributed information
Identity & Access ControlFederation & Claims 3 2 IP-STS 1 STS
An event analogy TechEd Operations TechEd Speaker Room Speaker TechEd Sessions Attendee TechEd Party Staff
Identity & Access ControlFederation & Claims Windows Identity Foundation ADFS
demo a working prototype More on Access Control
Takeaways • Cloud computing is here • patterns & practices is building guidance • Claims-based Authentication and Authorization • ‘Cloudlib’ • A new world is unfolding • Prepare to be part of it
Agenda • Why care • How to think about and exploit the Windows Azure Platform • Real-world walk-through/demo • Step 1 - Unlocking the Cloud • Discussion