Extending Your On-Premises Apps with the Windows Azure Platform Jorke Odolphi Infrastructure Evangelist Microsoft
Windows 7 | Presenter Mode Tuesday, August 28, 2018 Agenda Not all apps can move to the Cloud How Windows Azure platform services can extend on-premises applications: Identity Application Level Connectivity Data Synchronization Network Connectivity Next Steps Microsoft Confidential
Evaluating Your Apps for the Cloud Questions to Consider Application State Application Scale App Dependencies Latency Requirements Data Sensitivity Some Easy Cases SLA Requirements e.g., web site sharing public data Regulation & Compliance Often, Forklift Approach Will Not Work Careful decomposition needed
Windows Azure Platform Developer Experience Use existing skills and tools Windows Azure Marketplace Compute Storage CDN Database Data Sync Service Bus Access Control
a Windows Azure Service A Windows Azure service consists of An isolation boundary A set of component roles, each with endpoints Numbered, multiple instances of each role A Windows Azure application behaves correctly when any role instance fails. All of this is specified in a service model Worker Role Web Role VM Role
Comparison of Role Types Web Role : The role is hosted on IIS Worker Role : The role is an executable (you can create your own web server, host a database, …) VM Role : The role is the VM. Use Windows services, scheduled tasks, etc. You configure and maintain the OS. Web / Worker Role Admin Web / Worker Role VM Role Abstraction (i.e. Less IT & Less Plumbing Code) Control
Challenges crossing Organizational Boundaries Windows 7 | Presenter Mode Tuesday, August 28, 2018 Challenges crossing Organizational Boundaries Partner Sync Sync Sync Cloud App Sync Sync Microsoft Confidential
Windows 7 | Presenter Mode Tuesday, August 28, 2018 ENTERPRISE WINDOWS AZURE PLATFORM Identity Access Control Application-layer Connectivity & Messaging Service Bus Data Synchronization SQL Azure Data Sync Network Connectivity Windows Azure Connect Microsoft Confidential
Windows 7 | Presenter Mode Tuesday, August 28, 2018 ENTERPRISE WINDOWS AZURE PLATFORM Identity Access Control Application-layer Connectivity & Messaging Service Bus Data Synchronization SQL Azure Data Sync Network Connectivity Windows Azure Connect Microsoft Confidential
AppFabric Access Control What it is: Claims-based, Federated authorization management service What it does: Simplify user access authorization across organizations and ID providers Perform claims transformation to map identities with access levels Use it to: Secure AppFabric Service Bus communications Secure web services Secure web applications
Windows 7 | Presenter Mode Tuesday, August 28, 2018 Identity Challenges Cloud App Active Directory User – Doesn’t want to use different identity for every app Developer – Doesn’t want to write code to support multiple identity providers Administrator – Wants to easily grant access to apps to Active Directory identities Microsoft Confidential
Windows 7 | Presenter Mode Tuesday, August 28, 2018 How it works 1. Define access control rules 3. Map input claims to output claims based on access control rules Access Control 0. Establish trust via key exchange (receive output claims) 4. Return token 2. Request token (pass input claims) 6. Process token Your Service Customer 5. Send message with token Microsoft Confidential
Identity Solution: Cloud Single Sign-on with Access Control Windows 7 | Presenter Mode Tuesday, August 28, 2018 Identity Solution: Cloud Single Sign-on with Access Control ADFS 2.0 AC Active Directory User – Can use his preferred Identity Provider Developer – Writes one set of code to accommodate multiple Identity Providers Administrator – Grants access to all Active Directory users by establishing trust between Active Directory and Access Control Microsoft Confidential
Windows 7 | Presenter Mode Tuesday, August 28, 2018 ENTERPRISE WINDOWS AZURE PLATFORM Identity Access Control Application-layer Connectivity & Messaging Service Bus Data Synchronization SQL Azure Data Sync Network Connectivity Windows Azure Connect Microsoft Confidential
Windows 7 | Presenter Mode Tuesday, August 28, 2018 Application Connectivity Challenges Extend reach of SOA Assets through the Cloud Partner Cloud App Microsoft Confidential
Windows 7 | Presenter Mode Tuesday, August 28, 2018 Connectivity Options Service Bus ESB-like functionality Provide secure access at individual service level Enables access from external organizations (through ACS) VPN–like access Provide secure access at machine level Tight integration with your corporate network and Active Directory domain Virtual Network Microsoft Confidential
AppFabric Service Bus Solves Cloud Connectivity Windows 7 | Presenter Mode Tuesday, August 28, 2018 AppFabric Service Bus Solves Cloud Connectivity Easily locate and connect cloud services, hosted assets and on-premises applications Navigate firewall boundaries securely and simply Interoperate Supports a variety of languages and industry standards Microsoft Confidential
TechReady11 8/28/2018 How it Works Service Bus Traverse NAT/Firewall – Each App initiates outbound connection Exchange messages between loosely coupled applications Support for a variety of messaging patterns Message buffering for loosely connected applications Send Send Receive Receive App 1 App 2 © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Interaction Patterns Expose Services Event Notifications Access Web Services across the Internet Publish services and communicate bi-directionally Event Notifications Notify remote parties of events Events are distributed unicast or multicast
Expose on-premises Services through the Service Bus Windows 7 | Presenter Mode Expose on-premises Services through the Service Bus Tuesday, August 28, 2018 Partner Partner Cloud App Extend reach of existing on-premise services to facilitate greater collaboration between partners, branch offices, remote workers and devices Microsoft Confidential
Multi-tenant, high-density, scaled-out host What IS AppFabric .NET Composition AppFabric Container Multi-tenant, high-density, scaled-out host Composition runtime Management AppFabric Services Caching Service Bus Access Control Integration Composite App (WF, WCF) Windows Azure Windows Server SQL Server SQL Azure
Windows 7 | Presenter Mode Tuesday, August 28, 2018 ENTERPRISE WINDOWS AZURE PLATFORM Identity Access Control Application-layer Connectivity & Messaging Service Bus Data Synchronization SQL Azure Data Sync Network Connectivity Windows Azure Connect Microsoft Confidential
Windows 7 | Presenter Mode Tuesday, August 28, 2018 SQL Azure Data Sync SQL Azure Powers movement of data Cloud cloud On-premises cloud Getting data where you need it Sync SQL Azure instances Sync SQL Server to SQL Azure Sync offline apps to SQL Azure Enable geo-replication of data Sync Microsoft Confidential
SQL Azure Data Sync – Example Use Cases Move workloads in stages preserving existing Infrastructure Move part of the application and sync its data Meet compliance and regulations Control data synchronized off-premises Enable new scenarios Spanning enterprise, cloud and remote offices/retail stores
On-Premises (Headquarters) SQL Azure Data Sync SQL Azure Database Now Sync Sync Data Sync Service For SQL Azure Remote Offices Retail Stores Sync Sync Sync Sync Sync End of CY10 On-Premises (Headquarters)
SQL Azure Data Sync – Closer Look On Premises Windows Azure Local Agent Data Sync Service Sync Orchestrator Sync Orchestrator SQL Server Sync Provider SQL Server Proxy Provider HTTPS SQL Server Provider TDS SQL Server SQL Azure 26
Windows 7 | Presenter Mode Tuesday, August 28, 2018 ENTERPRISE WINDOWS AZURE PLATFORM Identity Access Control Application-layer Connectivity & Messaging Service Bus Data Synchronization SQL Azure Data Sync Network Connectivity Windows Azure Connect Microsoft Confidential
Windows Azure Connect Secure network connectivity between on-premises and cloud Supports standard IP protocols Enables hybrid apps access to on-premises servers Allows remote administration of Azure apps Simple setup and management Integrated with Window Azure Service Model Web, Worker and VM Roles supported Windows Azure Enterprise
Windows Azure Connect – Closer Look Network policy managed through Azure portal Granular control of connectivity between Azure roles and external machines Automatic setup of IPsec Tunnel firewalls/NAT’s through hosted SSL-based relay Network policies enforced & traffic secured via end-to-end certificate-based IPSec DNS name resolution based on endpoint machine names Role A Role B Role C (multiple VM’s) Relay Enterprise Databases Dev machines Microsoft Confidential
Summary AppFabric Access Control AppFabric Service Bus Claims-based security: Integrates with Windows Identity Foundation Protocols: WS-Federation, WS-Security, WS-Trust Identity Providers: ADFS 2.0, Facebook, Windows LiveId, Yahoo, Google) Application-layer connectivity & messaging Secure WCF service-remoting, eventing & protocol tunneling SQL Azure Data Sync Windows Azure Connect Synchronize SQL Azure instances SQL Server to SQL Azure Sync Move Data Closer to Apps Secure network connectivity between on-premises and cloud IP-level connectivity, IP-sec based Extend Active Directory to Cloud Assets
Windows 7 | Presenter Mode Tuesday, August 28, 2018 Resources SECURITY & APP CONNECTIVITY Windows Azure AppFabric on Microsoft.com : http://www.microsoft.com/windowsazure/appfabric Windows Azure AppFabric MSDN Developer Center: http://www.microsoft.com/windowsazure/developers/appfabric/ Windows Azure AppFabric Team Blog: http://blogs.msdn.com/b/windowsazureappfabric/ FEDERATED DATA SQL Azure on Microsoft.com: http://www.microsoft.com/windowsazure/sqlazure/ SQL Azure MSDN Developer Center: http://msdn.microsoft.com/en-us/windowsazure/sqlazure SQL Azure Blog: http://blogs.msdn.com/b/SQL Azure/ NETWORK CONNECTIVITY Windows Azure on Microsoft.com: http://www.microsoft.com/windowsazure Windows Azure MSDN Developer Center: http://msdn.microsoft.com/en-us/windowsazure Windows Azure Blog: http://blogs.msdn.com/b/windowsazure/ Microsoft Confidential
Jorke Odolphi Infrastructure Evangelist jorkeo@microsoft.com Thank you Jorke Odolphi Infrastructure Evangelist jorkeo@microsoft.com