Aaron Skonnard Cofounder, Pluralsight SOA316 .NET Services Extending .NET technologies to the cloud Open and accessible REST, SOAP, RSS, AtomPub, … Class libraries for Java, PHP,

Download Report

Transcript Aaron Skonnard Cofounder, Pluralsight SOA316 .NET Services Extending .NET technologies to the cloud Open and accessible REST, SOAP, RSS, AtomPub, … Class libraries for Java, PHP, 

Aaron Skonnard
Cofounder, Pluralsight
SOA316
.NET Services
Extending .NET technologies to the cloud
Open and accessible
REST, SOAP, RSS, AtomPub, …
Class libraries for Java, PHP, Ruby, …
Easy-to-use from .NET – skills move forward
Initial focus on three key developer challenges
Application integration & connectivity
Access control in a federated world
Message orchestration
Service Bus
Key developer challenges
Giving partners secure access to your apps
Characteristics or scale of integration unknown
Partners / customers / users have devices and
services running behind firewalls
Approach
Provide a high-scale, high-available “Service Bus”
that supports open Internet protocols
Service Bus Application Pattern
Service Orchestration
Naming
Federated
Identity and
Access Control
Service Registry
Messaging Fabric
Your
Service
Clients
Desktop,
Desktop,
Desktop,
RIA, Web
RIA,
RIA,
Web
&
Web
On-Premises
ESB
Corp Service
Cloud Services
Storage
Compute
Billing
…
Service Registry
[http|sb]://{account}.servicebus.windows.net/{user-defined}
The service registry provides a
mapping from URIs to services
Root
account
svc
contoso
Multi-Tenant
…
Connectivity
Two key capabilities
Relay
Direct connect
Available via HTTP / REST / ATOM
Available in .NET via WCF Bindings
Rich Set of Connectivity Bindings
WCF Binding
New Service Bus Binding
BasicHttpBinding
BasicHttpRelayBinding
WebHttpBinding
WebHttpRelayBinding
WSHttpBinding
WSHttpRelayBinding
WS2007HttpBinding
WS2007HttpRelayBinding
WSHttpContextBinding
WSHttpRelayContextBinding
WS2007FederationHttpBinding
WS2007FederationHttpRelayBinding
NetTcpBinding
NetTcpRelayBinding
NetTcpContextBinding
NetTcpRelayContextBinding
n/a
NetOnewayRelayBinding
n/a
NetEventRelayBinding
Relay Connections
http://{account}.servicebus.windows.net/a/b
Relay
Outbound SSL-Secured TCP 828
Connection to Relay Rendezvous
Endpoint
Sender
One-Way Messages
through TCP Tunnel
Receiver
Direct Connections
http://{account}.servicebus.windows.net/a/b
Relay
- Outbound SSL-Secured TCP 828
Connection to Relay
- Out-of-Band Protocol to
negotiate Direct Connection
Sender
Receiver
Upgrade to Direct
when possible
Relay and Direct Connections
Publish/Subscribe
Builds on the relay and direct connect
connectivity capabilities
Initial release is “connected multicast”
Over time will provide additional delivery
characteristics – anycast, reliable, …
Multicast Publish/Subscribe
http://{account}.servicebus.windows.net/a/b
Relay
Outbound SSL-Secured TCP 828
Connection to Relay Rendezvous
Endpoint
Sender
One-Way Messages
through TCP Tunnel
Receiver
Receiver
Receiver
Receiver
Publish/Subscribe (Multicast)
Queues
http://{account}.servicebus.windows.net/{user-defined}
Queue is created by
adding a queue
policy to the tree
Relay
Msg
Sender
Queue
Policy
Msg
Manager
Receiver
Routers
http://{account}.servicebus.windows.net/{user-defined}
Router is created by
adding a router
policy to the tree
Relay
Msg
Sender
Router
Policy
Msg
Msg
Msg
Manager
Receiver
Receiver
Receiver
Queues and Routers
Queues and routers are composable with one another
Queue
Msg
Service A
Msg
Msg
Router
(Distribution: All)
Service B
Msg
Router
(Distribution: One)
Msg
Service C
Service D
Queues and Routers
Access Control
Key developer challenges
Many identity providers, vendors, many protocols,
complex semantics – tricky to get right
Application strewn with one-off access logic
Hard to get right, not agile, not compliant, ...
Approach
Automate federation for a wide-range of identity
providers and technologies through a hosted STS
Model the access control logic as rules
Easy fx that ensures correct token processing
.NET Access Control Service
The .NET ACS is a hosted service that externalizes the
authorization policy for federated users
.NET ACS
(a hosted STS)
Trust
relationship
established
Relying Party
(Your App)
Send message with token
Requestor
(Your Customer)
Access Control Interactions
3. Map input claims
to output claims based on
access control rules
1. Define access control
rules for a customer
6. Claims
checked in
Relying
Party
0. Certificate
exchange;
periodically
refreshed
Relying Party
(Your App)
Your Access
Control Project
(a hosted STS)
5. Send Message
w/ token
Requestor
(Your Customer)
Rules and Claims Transformation
Your ACS rules define a simple claims transformation
Rules are defined within an application scope
Chained rules; e.g., bob  mgr and mgr  allowed
Simple model: the output security token is a collection
of claims based on the claims in the incoming token
claims in
claims out
Rules Engine
Managing the ACS
You can use the web site or web management APIs…
Define and manage application scopes
Define and manage access control rules
Define and manage claim types
Define and manage signing and encryption keys
Standards compliant – works with Java, Ruby, …
ACS management API based on AtomPub
Case Study: Relay Access Control
Access governed by Access Control Rules
Relay looks for Send/Listen claims
Composes cleanly with SOAP-over-HTTP
SOAP 1.1, SOAP 1.2 HTTP clients send messages
through the relay with minimal extra effort
WS-Security header can be used for end-to-end
application level security – optional
Composes cleanly w/ transport message protection
Support any SOAP 1.2/2.0 BP compliant client
Unauthenticated Senders
Unauthenticated “Send” option
Clients do not need to acquire tokens for
communicating through the relay
Supports plain Basic Profile SOAP requests
Opt-in Policy set by listening services
Enables services to choose between Relay
access control and end-to-end access control
Access Control
Workflow
Key developer challenges
Want to easily describe long-running processes
Want modularity and nesting
Easy to describe but in practice harder to run
Approach
.NET 3.0/3.5/4.0 addresses key developer requests
.NET Services provides a hosting/mgt solution
Workflow Service – Overview
A reliable, scalable off-premises host for workflows
focused on message orchestration
A portal at workflow.ex.azure.microsoft.com
New activities for the Azure Services Platform
APIs that allow you to deploy, manage, and run
your workflows on the cloud
Enables you to orchestrate services over HTTP
or through the .NET Service Bus
Workflow Service – Design Flow
Visual Studio WF Designer
1
VS – one click deploy
2
1
Design Workflows
2
Deploy Workflows
3
Manage Workflow Types
4
Manage Workflow Instances
Your Apps & Services
2
Workflow &
Rules XAML
3
4
•Workflow Portal
•Workflow Client API
•SOAP Web Service
http://
Service Bus
Workflows in the Cloud
Summary
.NET Services extends .NET to the cloud
It's open and accessible
It's easy to use your existing .NET skills
It comes with all cloud benefits
Initial focus on three key developer challenges
Application integration & connectivity
Access control in a federated world
Message orchestration
Related Content
Breakout Sessions
SOA319 Interconnect and Orchestrate Services and Applications
with Microsoft .NET Services
Interactive Sessions
SOA01-INT Architecting Enterprise-Grade Cloud Applications
Hands on Labs
AZP05-HOL Introduction to the Microsoft .NET Access Control Service
AZP06-HOL Introduction to the Microsoft .NET Service Bus
AZP07-HOL Introduction to the Microsoft .NET Workflow Service
Resources
www.microsoft.com/teched
www.microsoft.com/learning
Sessions On-Demand & Community
Microsoft Certification & Training Resources
http://microsoft.com/technet
http://microsoft.com/msdn
Resources for IT Professionals
Resources for Developers
www.microsoft.com/learning
Microsoft Certification and Training Resources
Track Resources
SOA
www.microsoft.com/soa
msdn.microsoft.com/wcf
msdn.microsoft.com/wf
www.microsoft.com/net
msdn.microsoft.com/biztalk
www.microsoft.com/biztalk
“Dublin”
www.microsoft.com/net/dublin
“Oslo”
msdn.microsoft.com/oslo
www.microsoft.com/net/oslo.aspx
msdn.microsoft.com/azure/netservices
www.microsoft.com/azure/netservices
twitter.com/dotnetservices
Complete an
evaluation on
CommNet and
enter to win!
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should
not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,
IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.