Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.

Published byCathleen Bryant Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation."— Presentation transcript:

1 1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation

2 What is a Service Bus? Connectivity Challenges Naming Service Registry and Discovery Messaging, Connectivity and Events Agenda

3 Internet Service Bus Service Orchestration Service Orchestration Service Registry Naming Federated Identity and Access Control Messaging Fabric ClientsClients MS/3 rd Party Services MS/3 rd Party Services On-Premise ESB ESBESB Desktop, RIA, Web Desktop, RIA, & Web Your Services

4 IPv4 Address Shortage Dynamic IP address allocation Network Address Translation (NAT) Internet is pwn3d by the bad guys Firewalls layered over firewalls over firewalls Connectivity Challenges Sender Receiver ? Machine Firewall Network Firewall Network Address Translation Dynamic IP

5 Dynamic DNS NAT Port Mappings / UPnP Open Inbound Firewall Ports How Do People Deal With It? Sender Receiver ? Machine Firewall Network Firewall Network Address Translation Dynamic IP Brittle, Difficult, Insecure – and sometimes – Impractical Consequence: We see recurring patterns of workarounds

6 Any Instant Messaging/Communication App Access Control, Relay, Direct Connect Any Multiplayer Game Access Control, Relay, Direct Connect Any Home Media Integration System Access Control, Relay, Direct Connect Any Enterprise Integration System Access Control, VPN/VAN Who needs it?

7 Service Bus – Naming Service Registry Naming Federated Identity and Access Control Messaging Fabric

8 Service Bus Naming Root Solution NameB NameC Name1 Name2 Name3 NameA

9 9 Anything wrong with DNS? DNS has some practical constraints: High update propagation latency Increasing pollution by ISPs (“DNS assistance”) Names hosts, not services Limited write-access model (often out-of-band) Service Bus Naming System R/W access with access control via Registry Updates reflected instantaneously Names name endpoints, not machines

10 10 Canonical Form of URI Projections scheme://naming-scope/name/name Root X Y Z B C 1 2 3 A

11 11 Global Naming Structure (PDC) scheme://servicebus.windows.net/services/solution/name/… Root SBWNservices solution 2 2 3 3 name Required Prefix

12 Global Naming Structure (Post-PDC) Root Solution NameB NameC Name1 Name2 Name3 NameA

13 Service Bus – Service Registry Service Registry Naming Federated Identity and Access Control Messaging Fabric

14 14 Service Registry The service registry is registry for service endpoints, not a general purpose directory Registry is layered over the naming system Provides programmatic access to naming Discover: Atom 1.0 feed hierarchy Publish: Atom Publishing Protocol, WS-Transfer Naming Service Registry Client AtomPub WS-Transfer

15 15 Registry Feed Structure Accessing the root registry feed for solutions http://servicebus.windows.net/services/solution/ Root of a hierarchy of feeds Naming Root SBWNservices svc solutionsvc solution Client AtomPub WS-Transfer

16 Services in Registry Feeds Title urn:uuid:82a76c80-d498-12d5-b91C-0103839e0ef6 … MyEndpoint urn:uuid:1225c695-cfb8-4ebb-aaaa-80da344efa6a http://servicebus.windows.net/services/my/svc/ep1

17 17.NET Service Bus Registry

18 Service Bus – Messaging Service Registry Naming Federated Identity and Access Control Messaging Fabric

19 Primary Programming Model: WCF Family of Bindings for the Service Bus Service Bus - Messaging

20 Works just like WCF: Envelopes: SOAP 1.1, SOAP 1.2, None All WS-* end-to-end security scenarios Transport-level message path protection (SSL) Reliable Messaging, Streaming Full Extensibility Model Web programming model (WebGet/-Invoke) Metadata Exchange Not supported: (By Design) Atomic Transaction Flow (By Design) Protocol-level transport authentication (PDC Issue) WebScriptingBehavior JavaScript proxy (PDC Issue) Direct Tcp Modes with RM or WS-* Sec. WCF Relay Bindings For WCF Pros

21 NetOnewayRelayBinding Service Bus Sender Receiver sb://servicebus.windows.net/services/solution/a/b/ outbound connect one-way net.tcp TCP/SSL 828 Backend Naming Routing Fabric Frontend Nodes TCP/SSL 808/828 outbound connect bidi socket Msg NAT Firewall Dynamic IP Subscribe Route NLB

22 NetEventRelayBinding Service Bus Sender Receiver sb://servicebus.windows.net/services/solution/a/b/ outbound connect bidi socket outbound connect one-way net.tcp TCP/SSL 828 Backend Naming Routing Fabric Frontend Nodes TCP/SSL 808/828 Msg Subscribe Route Receiver outbound connect bidi socket TCP/SSL 828 Msg

23 23 One-Way Messaging and Events

24 NetTcpRelayBinding / Relayed Service Bus Sender Receiver sb://servicebus.windows.net/services/solution/a/b/ Backend Naming Routing Fabric Frontend Nodes Ctrl 1 1 2 2 3 3 4 4 Socket-Socket Forwarder outbound socket connect outbound socket rendezvous Ctrl TCP/SSL 818 Oneway Rendezvous Ctrl Msg Oneway Rendezvous Ctrl Msg NLB

25 NetTcpRelayBinding / Hybrid Service Bus Sender Receiver sb://servicebus.windows.net/services/solution/a/b/ Backend Naming Routing Fabric Frontend Nodes Ctrl relayed connect Oneway Rendezvous Ctrl Msg Oneway Rendezvous Ctrl Msg relayed rendezvous TCP/SSL 818, 819 NAT Probing NAT Traversal Connection upgrade

26 26 TCP-based Connections

27 [WS|Basic|Web]HttpRelayBinding Service Bus Sender Receiver sb://servicebus.windows.net/services/solution/a/b/ Backend Naming Routing Fabric Frontend Nodes Ctrl 1 1 2 2 3 3 4 4 HTTP-Socket Forwarder HTTP HTTPS request outbound socket rendezvous Ctrl HTTP/S 80/443 Oneway Rendezvous Ctrl Msg Oneway Rendezvous Ctrl Msg NLB

28 28 HTTP Based Connections

29 Service Bus – Access Control Integration Service Registry Naming Federated Identity and Access Control Messaging Fabric

30 30 Receiver Access Control STS Service Bus Relay RST/RSTR Ac Tk Token Header Ac Tk #Listen Relay Access Control Model - Listener Acquire Access Token #Listen Pass Access Token with Subscription 1 1 2 2 Token Evaluated 3 3

31 31 Receiver Sender Access Control STS RST/RSTR Service Bus Relay Ac Tk Token Header Ac Tk #Send Relay Access Control Model - Sender Acquire Access Token #Send Pass Access Token with Message Token Evaluated and Removed Message Passed on to Receiver 1 1 2 2 3 3 4 4

32 32 Integrated Access Control Access Control Governed by Rules Managed in the Access Control Service Services must be authorized to listen in namespace Evaluation of all claims in the cloud No notion of “identity” in the relayed service Service can turn off client access control Local evaluation of end-to-end claims Full control over authN/Z model (but less protection) Clean composition w/ standard SOAP/HTTP model WS-Security Header reserved for E2E Message Security Transparent to HTTP-Header AuthN/AuthZ schemes

33 33.NET Access Control

34 34 Notes on Security We encourage you to hide your payloads Use WS-Security to protect end-to-end path You own all keys used to protect payloads Transport security SSL channels terminate in the Service Bus Socket connections relayed on-machine Oneway/Event relayed on backend fabric What do we look at in the Service Bus? SOAP: Action/wsa:Action, wsa:To, wsa:Action HTTP: Method, URI Access Tokens

35 Service Bus – Workflow Integration Service Registry Naming Federated Identity and Access Control Messaging Fabric Workflow

36 36.NET Workflow Services

37 37

38 38 Summary Pervasive, Secure Connectivity for Services Secure NAT Traversal, “DMZ in the sky” WCF-Integrated Programming Model

Download ppt "1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation."

Similar presentations

Securing, Connecting, and Scaling in Windows Azure Name Title Microsoft Corporation.

Securing, Connecting, and Scaling in Windows Azure Name Title Microsoft Corporation.
Clemens Vasters Technical Lead, Service Bus.NET Services BB12.

Clemens Vasters Technical Lead, Service Bus.NET Services BB12.
Connecting Windows Azure to Your Enterprise Network & Applications

Connecting Windows Azure to Your Enterprise Network & Applications
Service Bus Service Bus Access Control.

Service Bus Service Bus Access Control.
Christian Weyer Solution Architect thinktecture

Christian Weyer Solution Architect thinktecture
Bill Chesnut Microsoft BizTalk Virtual Technical Specialist BizTalk Server MVP Principal Consultant for Mexia

Bill Chesnut Microsoft BizTalk Virtual Technical Specialist BizTalk Server MVP Principal Consultant for Mexia
John Shewchuk Dennis Pilarinos Microsoft Corporation.

John Shewchuk Dennis Pilarinos Microsoft Corporation.
NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.

NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.
CPSC 441 - Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
Enabling IPv6 in Corporate Intranet Networks

Enabling IPv6 in Corporate Intranet Networks
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Cloud Integration Patterns Connect your apps, devices & Vanhoutte.

Cloud Integration Patterns Connect your apps, devices & Vanhoutte.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN, TURN and ICE Cary Fitzgerald.

1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN, TURN and ICE Cary Fitzgerald.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
SOA and Web Services. SOA Architecture Explaination Transport protocols - communicate between a service and a requester. Messaging layer - enables the.

SOA and Web Services. SOA Architecture Explaination Transport protocols - communicate between a service and a requester. Messaging layer - enables the.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
 Clemens Vasters Service Bus Technical Lead Microsoft Corporation BB38.

 Clemens Vasters Service Bus Technical Lead Microsoft Corporation BB38.
.Net services Azure Services Platform. Introduction to Microsoft.Net Services.Net Service Bus.Net Access Control Service.Net WorkFlow Service Tools.

.Net services Azure Services Platform. Introduction to Microsoft.Net Services.Net Service Bus.Net Access Control Service.Net WorkFlow Service Tools.
Introducing BizTalk 2013 and the new Cloud adapters Kent Weare.

Introducing BizTalk 2013 and the new Cloud adapters Kent Weare.

Similar presentations

Ads by Google