Upload
haruko
View
98
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Windows Azure Service Bus. Name Title Microsoft Corporation. Agenda. Why Service Bus? Service Bus Namespace and Access Control Service Bus Relay Service Bus Messaging. Service Bus. Connectivity Service Relay Protocol Tunnel Eventing. Integration Routing - PowerPoint PPT Presentation
Citation preview
Windows Azure Service BusNameTitleMicrosoft Corporation
Agenda
Why Service Bus?Service Bus Namespace and Access ControlService Bus RelayService Bus Messaging
ServiceBus
ConnectivityService RelayProtocol Tunnel Eventing
Rich options for interconnecting apps across network boundaries
Integration RoutingCoordination Transformation
Content-based routing, document transformation, and process coordination.
Svc Management Naming, DiscoveryMonitoring
Consistent management surface and service observation capabilities
MessagingQueuing Pub/SubReliable Transfer
Reliable, transaction-aware cloud messaging infrastructure for business apps.
Why Service Bus?
Cloud/On-Premise IntegrationCloud-Hosted, reliable asynchronous Messaging Infrastructure with Publish/SubscribeCloud-Based Relay enabling NAT/Firewall Traversal for reach into on-prem assets
Cloud/On-Premise IntegrationService Registry that allows organizing endpoints into a common, discovery enabled network surface for services spread across different network environmentsIntegration with Access Control providing security gate with Federated Identity support
Cross-Site Federation (SaaS)Endpoint Federation instead of Network Federation (VPN)Non-intrusive, does not require network reconfigurationEnables integration scenarios with:Multi-TenancyMinimal mutual trustMinimal or no control over the on-premise networking environment
Trade Franchise Partner IntegrationEnables integration across partners and franchise environmentsLow trust Limited controlDiverse sites with varying connectivityDirect peer access and cloud access
Mobile Workforce/Customer IntegrationMobile devices are largely not “behind the firewall”VPN solutions are largely impractical due to setup and management complexity
Mobile Workforce/Customer IntegrationYet, mobile devices need access to on-premise assetsIn reach for larger enterprises, not so much for smaller ones without static or at least public IPs
Mobile Workforce/Customer IntegrationDirect access, access via the cloud using ISV supplied servicesIn the future also support for Azure inherent mobile services such as Service Bus Push support for mobile
Federated Cloud/On-Prem SolutionsFederated solutions provide the same functionality in the cloud and on-premiseCloud enhances the on-premise solution by providing reach and scaleOn-premise solution provides no-compromise availability even in case of a full network outage
Smart Grid System
Large Scale Eventing / Command-Control
“Last Mile” problem of reaching into the consumer householdReach consumer or industrial devices at scaleBroadcast event data at “utility scale” Send targeted notifications based on geography or demographicsLarge scale notifications and broadcast will become part of Service Bus in CY12
Smart Grid System
Smart Grid System
Service Bus Namespace and Access Control
Service Bus Namespacehttps://yourapp.servicebus.windows.net/foo/bar/baz
Naming treeATOM Feed at the root for discoveryManagement via REST on the ATOM feed hierarchyAll names that can exist do exist
“Infinite” depth Factually: 32 segments, 450 character path limit
Entities own the namespace tree leavesAny branch can be differently secured with ACS
Service Bus and Access ControlSpecial relationship between Service Bus and ACSEach SB namespace has a ‘buddy’ namespace in ACS‘yourapp.servicebus.windows.net’‘yourapp-sb.accesscontrol.windows.net’
‘-sb’ namespacesPreconfigured relying party for Service Bus namespace rootCan‘t be deleted, system-managed signing key, uses default rule groupPreconfigured service identity ‘owner’Can’t be deleted, configured as superuser via default rule group Tokens issued for ‘owner’ assigned ‘Listen’, ‘Send’, and ‘Manage’
Service Bus Rights and ClaimsService Bus defines one authorization claim type with three possible values that indicate the authorized operation(s) ‘net.windows.servicebus.action’ ‘Send’ – Permit ‘send’ operations on a Service Bus entity‘Listen’ – Permit ‘send’ or ‘receive’ operations on a Service Bus entity‘Manage’ – Permit management operations like creating, inspecting, or deleting Service Bus entities.
Access Control – Conceptual ModelEach name/branch in
the namespace can have a set of associated mappings from ‘claims’ to ‘rights’‘Claims’ are issued by identity providers federated with Access Control‘Rights’ define permissions on Service Bus entities: ‘Send’, ‘Listen’, ‘Manage’
owner: Sendowner: Listenowner: Manage
John: Manage
Fred: SendAlice: SendPeter: Listen
Access Control – Implementationhttps://yourapp-sb.accesscontrol.windows.net
owner: Sendowner: Listenowner: Manage
John: Manage
Fred: SendAlice: SendPeter: Listen
http://yourapp.sbwn
Relying Party/Realm Rule Group
http
http
Namespace and Access Control
demo
Service Bus Relay
“Expose Web Services from anywhere to anywhere”
Outbound TCP (Ports 9350-9353)9350 Unsecured TCP One-way (client)9351 Secured TCP One-way (all listeners, secured clients)9352 Secured TCP Rendezvous (all listeners except one-way)9353 Direct Connect Probing Protocol (TCP listeners with direct connect)Outbound HTTP (Port 80, Listeners)TCP equivalent tunnel with overlaid TLS/SSL formed over pair of HTTP requestsAlternate connectivity path if outbound TCP is blockedOutbound HTTPS (Port 443, Senders)
Relayed One-Way Unicast and MulticastRelayed WCF NET.TCP with Direct Connect OptionRelayed WCF HTTP with support for REST and SOAP 1.1/1.2Endpoint protection with Access Control
Key Capabilities
Connectivity Options
Relay Programming ModelFull WCF Programming ModelBindings functionally symmetric with WCFWebHttpRelayBinding (HTTP/REST)BasicHttpRelayBinding (SOAP 1.1)WS2007HttpRelayBinding (SOAP 1.2)NetTcpRelayBinding (Binary transport)Special Service Bus BindingsNetOnewayRelayBinding (Multicast one-way)NetEventRelayBinding (Multicast one-way)Transport binding elements for custom binding stacks
WebHttpRelayBinding provides full interoperability with any HTTP/REST client, BasicHttpRelayBinding with any SOAP client
OnewayNetOnewayRelayBindingAll TCP and HTTP listeners use one-way as internal control channel60KB message-size limitOne-way onlyNo rendezvous overhead
Backend
NamingRouting
Fabric
solution. a b
FrontendNodes
outbound
connect one-way
net.tcp
outbound connect bidi socket
MsgMsg
NATFirewall
Dynamic IP
NLB TCP/SSL HTTP(S)TCP/SSL HTTP(S)
RouteSubscribe
EventNetEventRelayBindingSmall-Scale Synchronous Multicast 60KB message-size limitOne-way onlyNo rendezvous overhead
Backend
NamingRouting
Fabric
solution. a b
FrontendNodes
outbound
connect one-way
net.tcp
outbound connect bidi socket
MsgMsg
TCP/SSL HTTP(S)TCP/SSL HTTP(S)
RouteSubscribe
outbound connect bidi socket
Msg
Rendezvous(TCP & HTTP)
NetTcpRelayBindingWebHttpRelayBindingBasicHttpRelayBindingWS2007RelayBindingRendezvous HandshakeBi-Directional Net.Tcp Full DuplexNo message size limit
solution. a b
NLB
outbound socket rendezvous
HTTP/SocketForwarder
outbound
socket connect
Ctrl
Ctrl
TCP/SSL or HTTP
Backend
NamingRouting
Fabric
FrontendNodes
solution. a bBacken
dNamingRouting
Fabric
FrontendNodes
Hybrid ConnectSpecial Mode of NetTcpRelayBindingTcpRelayConnection-Mode.HybridStarts as relayed connectionPerforms NAT probing and behavior predictionEstablishes direct connection and upgrades if possibleUpgrade driven by trafficTakes large transfers off the RelayNo transfer charges, lower latency
relayed connect
NAT Probing
CtrlNAT Probing
NAT Traversal Connection
Upgrade
Upgrade
relayed rendezvous
Oneway RendezvousCtrl Msg
TCP/SSL HTTP(S)
Service Bus Relay Samples
demo
Service Bus Messaging
Relay vs. Message Broker
The Relay routes messages ‘straight through’ with feedback path and network backpressure into sender
Route
AuthN/Z Backpressure Feedback Relay
Query FilterPull
AuthN/Z Broker
Brokers hold messages for retrieval and querying
Push vs. Pull
‘Push’ is a sender initiated activity that results in delivery of a message to a receiver without the receiver explicitly asking for one or a particular message
Intermediary
Broker
‘Pull’ is a receiver initiated activity that delivers stored messages to the receiver in a context that the receiver controls. The context is decoupled from the ‘Push’ style send operation
Ways to PullReceive and DeleteFastest. Message lost if receiver crashes or transmission fails.
Peek LockMessage is locked when retrieved. Reappears on broker when not deleted within lock timeout.
TransactionalLocal model
Broker
Broker
Broker
Broker Message
MessagesBrokered messaging properties are not SOAP headersProperties are key/value pairs that may very well carry payloadsIt’s not uncommon to have messages with empty message bodiesMessage bodies are useful for a single opaque payload not exposed to the broker (e.g. encrypted content)
Body
Properties
Queues
Load LevelingReceiver receives and processes at its own pace. Can never be overloaded. Can add receivers as queue length grows, reduce receiver if queue length is low or zero. Gracefully handles traffic spikes by never stressing out the backend.
Offline/BatchAllows taking the receiver offline for servicing or other reasons. Requests are buffered up until the receiver is available again.
Queue
Queues
Load BalancingMultiple receivers compete for messages on the same queue (or subscription). Provides automatic load balancing of work to receivers volunteering for jobs.Observing the queue length allows to determine whether more receivers are required.
Queue
TopicsTopic Sub
SubSub
Message DistributionEach receiver gets its own copy of each message. Subscriptions are independent. Allows for many independent ‘taps’ into a message stream. Subscriber can filter down by interest.
Constrained Message Distribution (Partitioning)Receiver get mutually exclusive slices of the message stream by creating appropriate filter expressions.
Subscription FiltersFilter conditions operate on message properties and are expressed in SQL’92 syntax InvoiceTotal > 10000.00 OR ClientRating <3ShipDestCtry = ‘USA’ AND ShipDestState=‘WA’LastName LIKE ‘V%’
Filters actions may modify/add/remove properties as message is selectedSET AuditRequired = 1
Runtime API Choices
HTTPREST
SOAP WS-*(Relay Clients)
Messaging API Hello World!
var tkp = TokenProvider.CreateSharedSecretTokenProvider("acct", "…");var svcUri = ServiceBusEnvironment.CreateServiceUri("sb", "myns", "");
var nsm = new NamespaceManager(svcUri, tkp);nsm.CreateQueue(queueName);
var mf = MessagingFactory.Create(svcUri, tkp);var qc = mf.CreateQueueClient(queueName);qc.Send(new BrokeredMessage { Properties = {{ "Greeting", "Hello World!" }}});
var m = qc.Receive();Console.WriteLine(m.Properties["Greeting"]);
1
2
3
Service Bus Messaging Samples
demo
© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to
be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.