Windows Azure for Developers

Building Block Services

Wednesday, March 7th 2012

About Me

Michael S. Collier

National Architect,

Windows Azure

michael.collier@neudesic.com

@MichaelCollier

www.MichaelSCollier.com

Today’s Agenda

• Windows Azure Overview• Building Block Services

– Access Control Services– Caching– Service Bus

• Q & A

Windows Azure Core Components

WORKERROLE

WEBROLE

VM

VMROLE

QUEUESERVICE

BLOBSERVICE

TABLESERVICE

DATABASESERVICE

DATA SYNCSERVICE

IMPORT EXPORTSERVICE

REPORTINGSERVICE

Compute

Storage Database

DataMarket Service

Windows Azure Connect

Service Bus

Access Control Service

Cache Service

Windows Azure Traffic ManagerWindows Azure graphics courtesy of David Pallmann (http://davidpallmann.blogspot.com/)

Building Block Services

• Additional platform services for advanced functionality• Use with “core” services or own their own• Enhance developer productivity• Consume cloud services – initial move to the cloud• Services

– Access Control Services – federated identity management service

– Caching – distributed caching service– Service Bus – messaging and routing service

Access Control Services

• No need to build your own identity management – Another component to maintain– Likely not a distinguishable part of your application– Deal with user management

• User support• Password management (including resets)

Federated Identity Management

• Authenticate– Windows Identity Foundation (WIF)– OAuth and WS-Federation

• Authorize– Claims-based

• Identity Providers– Corporate via Active Directory (ADFSv2)– Social

• Windows Live, Yahoo!, Google, Facebook

– Build your own using membership (identityserver.codeplex.com)

• Write to ACS and let Microsoft worry about the rest

ACS – How Does It Work?

BrowserIdentity Provider

Access Control

Application

6. Login

8. Redirect to AC service

12. Validate Token

1. Request Resource

2. Redirect to ACS

7. Authenticate & Issue Token

9. Send Token to ACS10. Validate Token, Run Rules Engine, Issue Token

11. Redirect to RP with ACS Token

13. Send ACS Token to Relying Party

14. Return resource representation

3. Auth/N

5. Redirect to IdP

4. Home-realmDiscovery

Dia

gram

cou

rtes

y of

Win

dow

s Az

ure

Boot

Cam

p

DEMOWindows Azure Access Control Service

ACS – Final Tips

• Update session cooking handling– WIF uses Data Protection API (DPAPI) by default.– DPAPI not support in Windows Azure.– Encrypt cookies with RSA using a certificate (SSL or self-signed (dev))– Windows Azure Training Kit has full example– http://

davidpallmann.blogspot.com/2011/12/mobile-global-with-html5-mvc-windows_27.html

• Put WIF configuration params in ServiceConfiguration– WIF uses web.config– Read in params from ServiceConfiguration.cscfg on role start and

rewrite web.config– http://

blogs.msdn.com/b/vbertocci/archive/2011/05/31/edit-and-apply-new-wif-s-config-settings-in-your-windows-azure-webrole-without-redeploying.aspx

Caching

• Distributed, in-memory caching for Windows Azure apps• Scalable, low latency, and high throughput• Very similar to Windows Server AppFabric Caching• Ability to enable a local cache• Limits

– 8MB per object– No serialization for local caching

• Security via ACS

Caching

• Easy to plug in as provider for ASP.NET session state and page output

• Sample client configuration XML provided in portal

Caching

• Add the following assemblies– Microsoft.ApplicationServer.Caching.Client.dll– Microsoft.ApplicationServer.Caching.Core.dll– Microsoft.WindowsFabric.Common.dll– Microsoft.WindowsFabric.Data.Common.dll– Microsoft.Web.DistributedCache.dll (for ASP.NET web projects)

• Write the code

Service Bus

• Robust messaging and routing services• Ability to connect services across networks

– Defeats NATs and firewalls– Great for hybrid application scenarios!

• Uses ACS for security

Message Relay

Sender Receiver

Service Bus

sb://namespace.servicebus.windows.net/service

Upgrade connection – NAT traversal connection

Message Relay

• Use SB addressing and bindings• Simply use new ‘relay’ bindings• Behavior for ACS authorization

• Not new . . . Been in Service Bus for a while!

Service Bus Message Queues

• Reliable and durable – backed by SQL Azure• Store up to 1GB per queue• No TTL – unlike Windows Azure queues• 256KB maximum message size• Messaging API, WCF, and REST interfaces

Publisher ReceiverQueue

Service Bus Topics (pub/sub)

• Takes SB Queues to the next level• 2,000 subscriptions on a single Topic• Subscription is a virtual queue – gets a copy of each message• Filters

– Use SQL92 syntax to configure Subscription to receive only messages with matching properties

• Actions– Modify message properties as they’re selected

Publisher

Subscription

Topic

Receiver

Receiver

ReceiverSubscription

SHOW ME THE CODE!Windows Azure Service Bus Queues & Topics

Summary

• Compute roles, storage, and SQL Azure get a lot of attention.

• Don’t forget about the building block services

Service Bus

Access Control Service

Cache Service

Robust service relay and messaging

Easy to configure Cache-as-a-Service

Federated identity management (authentication and authorization)

Resources

• How To Guides for .NET– http://www.windowsazure.com/en-us/develop/net/

• Managing Caches in Windows Azure– http://msdn.microsoft.com/en-us/library/windowsazure/gg618005.aspx

• Windows Azure Service Bus Best Practices– http

://windowsazurecat.com/2011/09/best-practices-leveraging-windows-azure-service-bus-brokered-messaging-api/

• Service Bus Explorer– http://code.msdn.microsoft.com/windowsazure/Service-Bus-Explorer-f2abca5a

• Rick Garibay – “Azure AppFabric Service Bus Brokered Messaging GA & Rude CTP Diffs”– http://

www.rickgaribay.net/archive/2011/09/14/azure-appfabric-service-bus-brokered-messaging-ga-amp-rude-ctp.aspx

• Vitorrio Bertocci’s Blog– http://blogs.msdn.com/b/vbertocci /

Q &

A

Ask your questions