270 likes | 521 Vues
Windows Azure AppFabric Deep Dive. Name Title Microsoft Corporation. Session Objectives. Scenario Explanation Example Eventing Service remoting Tunneling Drill into Access Control Service Tips and Tricks Firewall Configuration Hosting Service Bus endpoints in Windows Azure
E N D
Windows Azure AppFabric Deep Dive Name Title Microsoft Corporation
Session Objectives • Scenario Explanation Example • Eventing • Service remoting • Tunneling • Drill into Access Control Service • Tips and Tricks • Firewall Configuration • Hosting Service Bus endpoints in Windows Azure • Security • The AppFabric Labs Environment
Three Common Patterns • Eventing • One-way communication • Unicast or Multicast • Immediate or temporally decoupled • Service Remoting • RPC-style, Request/Response or Duplex • Contracts, Schemas, Structured Data • Tunneling • Full-Duplex Tunneling of Raw Streams • TCP, Pipes, Proxies, …
Eventing • 1 : N Communications • 1 client transmits message to service bus • Service bus relays message to N clients • One way messaging • Unicast – broadcast to a single listener • Multicast – broadcast to multiple listeners • Buffering • Transient storage for messages • Support occasionally disconnected client
Eventing Access Control Service Bus Listener Sender • Notify remote parties of events • Sender transmits information to listeners • Events are distributed unicast or multicast Listener
Implementing Eventing • Simple WCF Semantics • Provide WCF Service Contract with OneWay operations • Create Service Impl using MulticastServicebehaviour • Authenticate each client to SB endpoint • Create two connections to the Service Bus • A ServiceHost to listen for chat messages • A client connection to send new messages • Send and receive messages
demo Relay Chat Name Title Group
Service Remoting • Expose Web Services Beyond the Firewall • On premise web service • Expose to clients without firewall changes • Message distribution options • Simple load balancing support • Supports full duplex communications • Pass through underlying security constructs • End to End Authentication • End to End Encryption
Service Remoting Access Control Service Bus Sender Listener • Access Web Services across the Internet • Publish services and communicate bi-directionally
Implementing Remoting • Config only from Existing Service • Take existing on premise service • Use WCF config to authenticate and connect to SB • Each service has a unique SB endpoint • Simple client with supporting libraries • Query Service Bus Registry via ATOM for list of endpoints • Choose endpoint at random (or other ‘smart’ algorithm) • Establish communications with selected endpoint • Message is relayed to selected service
demo Load Balanced Service Name Title Group
Tunneling • Tunnel low level protocols via Service Bus • High performance tunnel over TCP where possible • Automatic fallback to tunnel over simple HTTP where needed • Expose Any On-Premise Securely • To clients over the internet • To Windows Azure services
Tunneling Access Control Protocol Bridge Protocol Bridge Service Bus Sender Listener • Transport existing protocols over Service Bus
Implementing Tunneling • Implement Agent • Read Configuration • Listen on port/pipe on local machine • Forward communications efficiently to/from service bus • Implement Bridge • Listen on service bus • Forward communications to/from local port/pipe
demo Port Bridge Name Title Group
Why an Access Control Service? • Federate identity • Leveraging multiple identity providers per application • ADFS v2, Live ID, Facebook, Yahoo, Google, … • Identity abstraction • Evolve past username/password • Leverage claims-based identity
How it works 3. Map input claims to output claims based on access control rules 1. Define access control rules for an identity provider Access Control Service 4. Return token (receive output claims) 0. Establish trust via key exchange 2. Request token (pass input claims) 6. Process token Your Service Customer 5. Send message with token
Capabilities • ACS == claims-based access control • Key features • Open to all platforms • Simple rules for mapping input to output claims • OAuth WRAP & SWT • Integrates with ADFS v2 • All web services can take advantage of these capabilities with a single code base
demo ACS Calculator Name Title Group
Firewall Configuration • AppFabric is tolerant of diverse network topologies • Minimum Configuration • Enable outbound HTTP on port 80 and 443 • Authenticate against proxy server if any • Optimal configuration • Allow outbound on port 9350 and 9351 • Can limit to well known IP ranges
SB Endpoints in Windows Azure • Create Worker Role • Create ServiceHost • Authenticated against service bus • Open ServiceHost
Session Takeaways • Service Bus provides topology agnostic message bridge in the cloud • Three Key Service Bus Patterns • Eventing • Remoting • Tunneling • Access Control Service abstracts authentication & authorization • Labs provides early access to new features
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.