View
2.036
Download
4
Category
Tags:
Preview:
Citation preview
Azure Boot Camp
A Lap AroundWindows Azure AppFabric
Wely LauMicrosoft MVP, Windows Azure“Cloud” Architect, NCS
Email : wely@ncs.com.sgBlog: http://wely-lau.net/
Azure Boot Camp
Agenda
Windows Azure Platform In One Slide
What is Windows Azure AppFabric?
Identity and Access Control
Service Bus
Caching
Azure Boot Camp
“Windows Azure Platform” In One Slide
Service BusAccess Control
Caching
Data SyncDatabase
Reporting
Storage• Tables• Blobs• Queues
Compute• Web Role• Worker
Role• VM Role
• Connect• Traffic
Manager
Virtual Network
Azure Boot Camp
Agenda
Windows Azure Platform In One Slide
What is Windows Azure AppFabric?
Identity and Access Control
Service Bus
Caching
Azure Boot Camp
Motivating Challenges
How do you expose your software to users outside of your organization?
Can they use their existing identities? Social identities?
How do you integrate with components outside your corporate network?
What about smaller, non-enterprise customers?
How do you reduce latency and increase performance?
Service BusAccess Control
Caching
Azure Boot Camp
What is Windows Azure AppFabric?Comprehensive building block
services / middleware for developing, deploying, and managing appGoals
Extend .NET technologies to the cloudIncrease developer productivityBridge existing applications to the cloud
Open and accessible service APIREST, SOAP, RSS, AtomPub, …Class libraries for .NET, Java, PHP, Ruby,
Azure Boot Camp
Agenda
Windows Azure Platform In One Slide
What is Windows Azure AppFabric?
Identity and Access Control
Service Bus
Caching
Azure Boot Camp
Identity – Stuff to think about
Login / Federated LoginAuthenticationAuthorizationUsername & PasswordMembership DatabaseIdentity ProvidersSingle Sign OnTokens & Its FormatSecurity & CertificateAnd the list goes on…
Azure Boot Camp
Single Identity Approach
The site is the Identity ProviderI have 100s of these identities
“island of identity”It’s annoying
Azure Boot Camp
Using a 3rd party
Pick a 3rd party, rely on itSomewhat limiting, but a step in the right directionTypically “claim-based”
Azure Boot Camp
Claim-based Identity Term DefinitionsRelying Party
Your application that rely on IdP for authentication and authorization
Identity Provider (IdP)Third party service that will authenticate your usersEx: GoogleID, WindowsLiveID, Yahoo!, or even your app
ClaimsA statement that one subject makes about itself or another subject.E.g. : name, email, groups, privilege, etc…
Security TokenA piece of token representation of claims that is cryptographically signed by the issuer
Security Token Service (STS)A service that issues claims and packages them in encrypted security tokens
Azure Boot Camp
BrowserIdentity
Provider / STS
Application (Relying
Party)
3. Login
5. Redirect to Relying Party
1. Request Resource
2. Redirect to Identity Provider
4. Authenticate & Issue Token
6. Send Token to Relying Party
8. Return resource representation
Typical Claims-based App Sequence
7. Validate Token
Azure Boot Camp
But… I want more IdP…
I want my user, can log-in with
Challenges:Deal directly with different IdPDeal directly with different Security Token Format?Deal directly with different ProtocolDeal directly with different …
EnterpriseActive
Directory
Azure Boot Camp
Access Control ServiceIntegration SSO and centralized auth into your web Hides one layer of abstraction
Just to deal with ACS, not with many IdP
Access Control Service
Your App
ADFS 2.0
….
Azure Boot Camp
BrowserIdentity
Provider / STS
Access Control
Application (Relying
Party)
3. Login
5. Redirect to AC service
1. Request Resource
2. Redirect to Identity Provider
4. Authenticate & Issue Token
6. Send Token to ACS
7. Validate Token, Run Rules Engine, Issue Token
8. Redirect to RP with ACS Token
9. Send ACS Token to Relying Party
11. Return resource representation
Access Control Website Sequence
10. Validate Token
Azure Boot Camp
Access Control Features
Integrates with Windows Identity Foundation and toolingClaims-based access controlSupport for OAuth WRAP, WS-Trust, and WS-Federation protocolsSupport for the SAML 1.1, SAML 2.0, and Simple Web Token token formatsIntegrated and customizable Home Realm DiscoveryOData-based Management Service to ACS configuration
Azure Boot Camp
demo
Access Control Service
- Preparing simple app- Setting up ACS account- Add STS Ref- Security Token Visualizer- Simple Authorization
Azure Boot Camp
Agenda
Windows Azure Platform In One Slide
What is Windows Azure AppFabric?
Identity and Access Control
Service Bus
Caching
Azure Boot Camp
Service Bus
Provides secure messaging and connectivity across different network topologiesEnables hybrid applications that span on-premises and the cloudEnables various communication protocols and patterns for developers to engage in reliable messaging
Azure Boot Camp
… and here’s why this is interesting …
Existing code, not designed for the cloud Things you can’t run in the cloud Things you might not want to run in the cloud
Azure Boot Camp
Enabling hybrid applications
Datacenter
LOB web service
LOB app
Partner
Mobile Device
Azure Boot Camp
Enabling hybrid applications
Datacenter
LOB web service
LOB app
Partner
Mobile Device
SB
ACS
Azure Boot Camp
Enabling hybrid applications
Datacenter
LOB web service
LOB app
Partner
Mobile Device
SB
ACS
Azure Boot Camp
Datacenter
Enabling hybrid applications
Partner
Mobile Device
LOB web service
LOB app
SB
ACS
Azure Boot Camp
Relay
Relay Connections
Sender Receiver
Outbound SSL TCP connection to relay
rendezvous endpoint
One-Way Messages
through TCP Tunnel
http://{account}.servicebus.windows.net/a/b
Receiver can also listen overHTTP to overcome port restrictions
on the receiving side (“Web sockets”)
Azure Boot Camp
Relay
Direct Connections
Sender Receiver
- Outbound SSL TCP connection to relay
- Out-of-band protocol to negotiate
Direct Connection
Upgrade to direct
connection when possible
http://{account}.servicebus.windows.net/a/b
Azure Boot Camp
Relay
Eventing: Publish/Subscribe
Sender Receiver
Outbound SSL TCP connection to relay rendezvous
endpoint
One-way messages
through TCP Tunnel Receiver
ReceiverReceiver
http://{account}.servicebus.windows.net/a/b
Azure Boot Camp
Have a Service Listen on the SB
Listen on SB addressEnable ACS Auth behaviorUse a ‘relay’ binding
Azure Boot Camp
Connect to a Service as a Client
Again, just use a SB address and bindingUse a behavior to handle ACS authorization
Azure Boot Camp
demo
Service Bus
- Local Svc Hosted on IIS- Exposing WCF to Service Bus- Establishing Direct Connection- Eventing
Azure Boot Camp
Agenda
Windows Azure Platform In One Slide
What is Windows Azure AppFabric?
Identity and Access Control
Service Bus
Caching
Azure Boot Camp
Latency Pyramid
Memory
Network
Disk
Windows Azure AppFabric Caching (local cache)
Windows Azure AppFabric Caching (distributed cache)
Storage
Lowest latency
Lower latency
Highest latency
Azure Boot Camp
What is the Caching service?A distributed, in-memory cache for applications running in Windows Azure:
In-memory cache located near your Windows Azure applicationsSimple administrationBased on Windows Server AppFabric Caching
Benefits:Highly scalable 64-bit caching solution with low latency and high throughputCan dynamically increase and decrease as needed, without redeploying or modifying your applicationDoesn’t have to bother with configuration, deployment, or management of their cache infrastructure
Azure Boot Camp
DifferentiatorsBuilt-in ASP.NET providers for session state & page outputExtreme low latency with the local cache
Caches any managed object (CLR objects, rows, XML, Binary Data…)Only requirement is that the object should be serializable
Easily integrates into existing applications
Secured by the Access Control Service
Windows Azure AppFabric Caching
Azure Boot Camp
Anatomy of A Distributed Cache
Cache footprint or bandwidth requirement may grow beyond a single VM
Distributed caches scale out
Unified Cache View
Multiple role instances may be
cache clients
Clients access the cache as if it was a
single large namespace
Cache layer distributes data
across the various cache
instances
Azure Boot Camp
Caching Features
ASP.NET providers for session state and page output cachingCache any managed object
No object size limitsNo serialization costs for local caching
Easily integrates into existing applicationsSecured by Access Control
Azure Boot Camp
Windows Azure Session StateWindows Azure Load Balancer uses round-robin allocation. Session state must persist to client or storage on every request
LB
session[“foo”] = 1; session[“foo”] = 2;
What is the value of session[“foo”]?
Azure Boot Camp
AppFabric Caching Session StateSession state stored using Windows Azure AppFabric Caching and an out-of-the-box session state provider
LB
session[“foo”] = 1; session[“foo”] = 2;
AppFabric Caching
What is the value of session[“foo”]?
Azure Boot Camp
demo
Caching
- Standard data cache API- Measuring data throughput- “built-in” Session Cache Provider
Azure Boot Camp
?Q
& A
Ask your questions.
Recommended