1 / 26

Windows Azure AppFabric Deep Dive

Windows Azure AppFabric Deep Dive. Name Title Microsoft Corporation. Session Objectives. Scenario  Explanation  Example Eventing Service remoting Tunneling Drill into Access Control Service Tips and Tricks Firewall Configuration Hosting Service Bus endpoints in Windows Azure

nayef
Télécharger la présentation

Windows Azure AppFabric Deep Dive

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows Azure AppFabric Deep Dive Name Title Microsoft Corporation

  2. Session Objectives • Scenario Explanation  Example • Eventing • Service remoting • Tunneling • Drill into Access Control Service • Tips and Tricks • Firewall Configuration • Hosting Service Bus endpoints in Windows Azure • Security • The AppFabric Labs Environment

  3. AppFabric Service Bus

  4. Three Common Patterns • Eventing • One-way communication • Unicast or Multicast • Immediate or temporally decoupled • Service Remoting • RPC-style, Request/Response or Duplex • Contracts, Schemas, Structured Data • Tunneling • Full-Duplex Tunneling of Raw Streams • TCP, Pipes, Proxies, …

  5. Eventing • 1 : N Communications • 1 client transmits message to service bus • Service bus relays message to N clients • One way messaging • Unicast – broadcast to a single listener • Multicast – broadcast to multiple listeners • Buffering • Transient storage for messages • Support occasionally disconnected client

  6. Eventing Access Control Service Bus Listener Sender • Notify remote parties of events • Sender transmits information to listeners • Events are distributed unicast or multicast Listener

  7. Implementing Eventing • Simple WCF Semantics • Provide WCF Service Contract with OneWay operations • Create Service Impl using MulticastServicebehaviour • Authenticate each client to SB endpoint • Create two connections to the Service Bus • A ServiceHost to listen for chat messages • A client connection to send new messages • Send and receive messages

  8. demo Relay Chat Name Title Group

  9. Service Remoting • Expose Web Services Beyond the Firewall • On premise web service • Expose to clients without firewall changes • Message distribution options • Simple load balancing support • Supports full duplex communications • Pass through underlying security constructs • End to End Authentication • End to End Encryption

  10. Service Remoting Access Control Service Bus Sender Listener • Access Web Services across the Internet • Publish services and communicate bi-directionally

  11. Implementing Remoting • Config only from Existing Service • Take existing on premise service • Use WCF config to authenticate and connect to SB • Each service has a unique SB endpoint • Simple client with supporting libraries • Query Service Bus Registry via ATOM for list of endpoints • Choose endpoint at random (or other ‘smart’ algorithm) • Establish communications with selected endpoint • Message is relayed to selected service

  12. demo Load Balanced Service Name Title Group

  13. Tunneling • Tunnel low level protocols via Service Bus • High performance tunnel over TCP where possible • Automatic fallback to tunnel over simple HTTP where needed • Expose Any On-Premise Securely • To clients over the internet • To Windows Azure services

  14. Tunneling Access Control Protocol Bridge Protocol Bridge Service Bus Sender Listener • Transport existing protocols over Service Bus

  15. Implementing Tunneling • Implement Agent • Read Configuration • Listen on port/pipe on local machine • Forward communications efficiently to/from service bus • Implement Bridge • Listen on service bus • Forward communications to/from local port/pipe

  16. demo Port Bridge Name Title Group

  17. Access Control Service

  18. Why an Access Control Service? • Federate identity • Leveraging multiple identity providers per application • ADFS v2, Live ID, Facebook, Yahoo, Google, … • Identity abstraction • Evolve past username/password • Leverage claims-based identity

  19. How it works 3. Map input claims to output claims based on access control rules 1. Define access control rules for an identity provider Access Control Service 4. Return token (receive output claims) 0. Establish trust via key exchange 2. Request token (pass input claims) 6. Process token Your Service Customer 5. Send message with token

  20. Capabilities • ACS == claims-based access control • Key features • Open to all platforms • Simple rules for mapping input to output claims • OAuth WRAP & SWT • Integrates with ADFS v2 • All web services can take advantage of these capabilities with a single code base

  21. demo ACS Calculator Name Title Group

  22. Tips and Tricks

  23. Firewall Configuration • AppFabric is tolerant of diverse network topologies • Minimum Configuration • Enable outbound HTTP on port 80 and 443 • Authenticate against proxy server if any • Optimal configuration • Allow outbound on port 9350 and 9351 • Can limit to well known IP ranges

  24. SB Endpoints in Windows Azure • Create Worker Role • Create ServiceHost • Authenticated against service bus • Open ServiceHost

  25. Session Takeaways • Service Bus provides topology agnostic message bridge in the cloud • Three Key Service Bus Patterns • Eventing • Remoting • Tunneling • Access Control Service abstracts authentication & authorization • Labs provides early access to new features

  26. © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

More Related