Uma introdu o ao azure appfabric
This presentation is the property of its rightful owner.
Sponsored Links
1 / 38

Uma introdução ao Azure AppFabric PowerPoint PPT Presentation


  • 86 Views
  • Uploaded on
  • Presentation posted in: General

ARC204. Pedro Félix. CCISEL [email protected] Uma introdução ao Azure AppFabric. Azure AppFabric. Set of services Service Bus (SB) Access Control Service (ACS) Running in the cloud Based on Windows Azure Platform Providing

Download Presentation

Uma introdução ao Azure AppFabric

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Uma introdu o ao azure appfabric

ARC204

Pedro Félix

CCISEL

[email protected]

Uma introdução ao AzureAppFabric


Azure appfabric

Azure AppFabric

  • Set of services

    • Service Bus (SB)

    • Access Control Service (ACS)

  • Running in the cloud

    • Based on Windows Azure Platform

  • Providing

    • SB : Service Connectivity, Addressability and Discoverability

    • ACS : Service Access Control


Uma introdu o ao azure appfabric

Service Bus


A scenario

A Scenario

  • Issue Tracker web app.

  • Cloud-based

  • Multi-tenant

CloudTrack

.

View/manage issues

Create/view issues

Contoso

Fabrikam


Connectivity challenges

Connectivity challenges

CloudTrack

.

Notify new issue

Create new issue

Fetch trace data

FW, NAT, …

FW, NAT, …


Challenges

Challenges

  • Addressability and discoverability

    • Private addresses and Network Address Translation (NAT)

    • Dynamic addresses (e.g. ISP)

  • Connectivity

    • Firewalls (denial of inbound connections)

    • Event distribution

    • Transient connectivity


Service bus

Service Bus

address?

outbound

inbound


Service bus1

Service Bus

“All problems in computer science can be solved by another level of indirection”

Butler Lampson

Service Bus

outbound

inbound


Connectivity and addressability

Connectivity and addressability

  • Relay

    • Service “listens” on the SB via outbound connection

    • Client “sends” to the SB

    • SB relays between client and service

sends

listens

public

address

Service Bus

outbound


Naming and discovery

Naming and discovery

  • Naming

    • Service is exposed via a public name

    • Local DNS binds these public names to IP addresses

    • Local registry describes available public names

DNS

Registry

sends

listens

public

name

Service Bus

outbound

outbound


Naming and discovery1

Naming and discovery

  • Naming

    • Public service namespaces

    • One Azure project – multiple service namespaces

    • {scheme}://{namespace}.servicebus.windows.net/{relpath}

  • Registry

    • Mapping between URIs and services

    • Readable via HTTP+ATOM


Uma introdu o ao azure appfabric

Demo

http://demos-pfelix.servicebus.windows.net/techdays

REST-like Services


Buffering

Buffering

  • Buffering

    • One-way messaging

    • Temporal decoupling

sends

listens

public

name

outbound

outbound


Eventing pub sub

Eventing (pub-sub)

  • Eventing – multicast

    • One-way messages

    • Multiple listeners

    • Message distribution - multicast

outbound

listens

sends

listens

Service Bus

outbound

outbound


Uma introdu o ao azure appfabric

Demo

http://demos-pfelix.servicebus.windows.net/techdays

Publish-Subscribe


Security

Security

  • Access Control

    • Both “listen” and “send” subject to access control

    • Programmable authorization policy, defined by ACS

  • Isolation – SB is the DMZ

ACS

sends

listens

Service Bus

outbound

outbound


Wcf architecture

WCF architecture

  • Channel stack with transport and protocol channels

  • Channels described by binding elements

  • One binding contains several binding elements

User code

Service Impl.

Client

Dispatcher

Binding element

Protocol

Protocol

Binding element

Protocol

Protocol

Binding element

Encoding

Encoding

Binding element

Transport

Transport

Binding


Wcf and sb

WCF and SB

  • New bindings

    • New transport channels and binding elements

  • New behaviors

User code

Service Impl.

Client

Dispatcher

Binding element

Protocol

Protocol

Binding element

Protocol

Protocol

Binding element

Encoding

Encoding

Service

Bus

Binding element

Transport

Transport

Binding


Bindings

Bindings

  • WebHttpRelayBinding

    • HTTP (Web programming model)

    • Client interoperability

  • BasicHttpRelayBinding e WS2007HttpRelayBinding

    • SOAP over HTTP (basic profile | WS-*)

    • Client interoperability

  • NetTcpRelayBinding

    • Similar to NetTcpBinding (request-response and duplex)

  • NetOnewayRelayBinding e NetEventRelayBinding

    • One- way w/buffering and multicast


Binding elements

Binding elements

  • Http(s)RelayTransportBindingElement

  • TcpRelayTransportBindingElement

  • RelayedOnewayTransportBindingElement


Uma introdu o ao azure appfabric

Access ControlService


Access control service

Access Control Service

  • Identity and access control

  • Distributed systems

    • Decentralized authority

    • Heterogeneous technologies

  • Claims-based model

  • Service Bus integration


Identity and authorization

Identity and Authorization

creds

Contoso::

Alice

Contoso::

LeadDev

webapp::

IssueMgr

webapp::

IssueView


Centralized solution

Centralized Solution

webapp (IssueTracker)

creds

Contoso::

Alice

Contoso::

LeadDev

webapp::

IssueMgr

webapp::

IssueView

Membership

Provider

Role

Provider

IPrincipal.IsInRole(...)


Decentralized authority

Decentralized Authority

webapp (IssueTracker)

creds

Contoso::

Alice

Contoso::

LeadDev

webapp::

IssueMgr

webapp::

IssueView

Contoso Authority


Decentralized authority1

Decentralized Authority

Contoso Identity Provider

webapp

creds

Contoso::

Alice

Contoso::

LeadDev

webapp::

IssueMgr

webapp::

IssueView

Identity

Directory


Decision enforcement

Decision  Enforcement

Identity

Information

Authorization

Decision

Contoso

webapp

creds

Contoso::

Alice

Contoso::

LeadDev

webapp::

IssueMgr

webapp::

IssueView

Authorization

Enforcement

Service

Bus

webapp::

SB.Listen


Access control service1

Access Control Service

Authorization Enforcement

Identity Provider

Authorization Decision

Contoso

Access Control Service

webapp

creds

Contoso::

LeadDev

Alice

webapp::

IssueView

SB

webapp::

SB.Listen


Uma introdu o ao azure appfabric

Demo

Access Control Service

WRAP

Membership

WIF

WS-Trust

LeadDev

Alice

username

+

password

SAML

Listen

Service Bus

SWT

WIF


Access control service2

Access Control Service

  • Claims-based Identity and Access Control

  • Claims transformer (“claims in, claims out”)

    • Consumes claims from federated issuers

    • Provides claims to applications and services

  • Rule based issuance policy

    • Rule: If has claim1 then output claim2

  • Not an identity provider

    • Does not manage user’s identities


Protocols and technologies

Protocols and technologies

  • AppFabric 1.0

    • OAuth WRAP (Web Resource Authorization Protocol)

    • Simple Web Token

  • Future (and past)?

    • WS-Federation – “passive” (browser based) federation

    • WS-Trust – “active” (SOAP based) federation

    • LiveID integration


Uma introdu o ao azure appfabric

WRAP

Identity

Provider

Authorization Server

Identity :

username + shared secret

SWT token

SAML token

Bearer Token with authorization claims

Bearer Token with authorization claims

Client

API

Protected Resource


Wrap and swt

WRAP and SWT

  • Simple Web Token (SWT)

    • Form encoded name-value pairs

    • HMAC-SHA-256 symmetric signature

  • WRAP token request

    • HTTP POST

    • username+password or authentication assertion (e.g. SAML)

  • WRAP protected client call

    • HTTP header (Authorization: WRAP access_token = “…”)

    • GET or POST parameter (wrap_access_token = “…”)


Finally

Finally …

  • Service Bus

    • Connectivity

    • Addressability and discoverability

    • Eventing

    • Buffering

  • Access Control Service

    • Authorization Decision Point

      • For Service Bus

      • For other services, both cloud or on-premises

    • Flexible claims based policy


  • Login