Windows Azure AppFabric In this module- What is the AppFabric? The Access Control Service Using the Service Bus Leveraging Distributed Cache

This is not the AppFabric you are looking for. Windows Server AppFabric != Windows Azure Platform AppFabric

Motivating Challenges How do you integrate with components outside your corporate network? How do you expose your software to users outside of your organization? Can they use their existing identities? Social identities? What about smaller, non-enterprise customers? How do you reduce latency and increase performance? <the list goes on…> Access Control Service Bus Caching*

Identity in the Cloud is Hard Outside of identity domains Too many islands of identity Current technology hard or not interoperable Managing 3rd party accounts in your system is risky

Three geeks walk into a bar… Three geeks walk into a bar in California. The bouncer asks for ID. You whip our your drivers license from the state of Ohio. They inspect it, flash a purple light thing at it, verify your age, and let you in. They didn’t force you to register with them to get a bar credential. You would end up with a ton of credentials you were forced to use (like those grocery store customer loyalty cards). The bar trusts the credentials from a trusted provider (and has ways to validate those credentials are valid (the light, and known emebedded security features)).

What is Access Control? Used to authenticate and authorize users Integration Single Sign On and centralized authorization into your web applications Standards-based identity providers Enterprise directories (e.g. Active Directory Federation Server v2.0) Web identities (e.g. Windows Live ID, Google, Yahoo!, and Facebook) V1 available in production; V2 available in AppFabric LABS

Access Control Website Sequence Browser Identity Provider Access Control Application 1. Request Resource 2. Redirect to Identity Provider 4. Authenticate & Issue Token 3. Login 5. Redirect to AC service 7. Validate Token, Run Rules Engine, Issue Token 6. Send Token to ACS 8. Redirect to RP with ACS Token 10. Validate Token 9. Send ACS Token to Relying Party 11. Return resource representation

Access Control Features Integrates with Windows Identity Foundation and tooling Claims-based access control Support for OAuth WRAP, WS-Trust, and WS-Federation protocols Support for the SAML 1.1, SAML 2.0, and Simple Web Token token formats Integrated and customizable Home Realm Discovery OData-based Management Service to ACS configuration

OAuth Open, interoperable standard Microsoft worked with Google and Yahoo! to define Read spec at http://groups.google.com/group/oauth-wrap-wg No XML REST oriented

SWT An OAuth service authenticates the user Produces a SWT token Rides in Authorization header, or query string or body CustomerId%3d31415%26Issuer%3dhttps%253a%252f%252fstringreversalinc.accesscontrol.windows.net%252f%26Audience%3dhttp%253a%252f%252flocalhost%252fprocessstring%26ExpiresOn%3d1266231958%26HMACSHA256%3dI5g66yaiECux9IQ8y7Ffm2S1p%252bAXF73HWfzSNPyPLOE%253d

Service Bus Provides secure messaging and connectivity across different network topologies Enables hybrid applications that span on-premises and the cloud Enables various communication protocols and patterns for developers to engage in reliable messaging

Enabling hybrid applications Datacenter Partner LOB app Mobile Device LOB web service

Enabling hybrid applications Datacenter Partner ACS LOB app SB Mobile Device LOB web service

Enabling hybrid applications Datacenter Partner ACS LOB app SB Mobile Device LOB web service

Enabling hybrid applications Datacenter Partner ACS LOB app SB Mobile Device LOB web service

Enabling hybrid applications Datacenter Partner ACS LOB app SB Mobile Device LOB web service

Relays in the Cloud Service Bus Sender Receiver 2 3 1 4 NLB sb://stringreversalinc.servicebus.windows.net/processtring Backend Naming Routing Fabric Oneway Rendezvous Ctrl Msg Ctrl Frontend Nodes NLB 2 Ctrl Socket-Socket Forwarder 3 TCP/SSL 818 outbound socket connect outbound socket rendezvous 1 Sender Receiver 4

NetTcpRelayBinding / Hybrid Service Bus sb://stringreversalinc.servicebus.windows.net/processtring Backend Naming Routing Fabric Oneway Rendezvous Ctrl Msg Frontend Nodes relayed connect relayed rendezvous NAT Probing NAT Probing TCP/SSL 818, 819 Ctrl upgrade upgrade Sender Receiver NAT Traversal Connection

Have a Service Listen on the SB Listen on SB address Enable ACS Auth behavior Use a ‘relay’ binding

Connect to a Service as a Client Again, just use a SB address and binding Use a behavior to handle ACS authorization

Using the Pub/Sub Model C:\WAPTK\Demos\ServiceBusPubSubVS2010 demo

Service Bus Futures* Management Operations Load Balancing Manage Connection Points Load Balancing Durable Message Buffers

What is the Caching service? A distributed, in-memory cache for applications running in Windows Azure Simple administration; end-user doesn’t bother with configuration, deployment, or management Provides a scalable solution with low latency and high throughput Based on Windows Server AppFabric Caching Currently available in AppFabric LABS Portal as a CTP

Latency Pyramid Memory Network Disk Windows Azure AppFabric Caching (local cache) Lowest latency Network Windows Azure AppFabric Caching (distributed cache) Lower latency Disk Highest latency Storage

Caching Features ASP.NET providers for session state and page output caching Cache any managed object No object size limits No serialization costs for local caching Easily integrates into existing applications Secured by Access Control

Roadmap 9/16 PDC10 H1 2011 CTP Access Control enhancements General Availability Access Control CTP Caching General Availability Caching CTP Service Bus enhancements Release Service Bus enhancements CTP Composite App

Q & A ponderances?