Microsoft net services a closer look
Download
1 / 38

Microsoft Services A Closer Look - PowerPoint PPT Presentation


  • 43 Views
  • Uploaded on

Microsoft .NET Services A Closer Look. Clemens Vasters Technical Lead Microsoft Corporation. Agenda. What is a Service Bus? Connectivity Challenges Naming Service Registry and Discovery Messaging, Connectivity and Events. Internet Service Bus. Service Orchestration.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Microsoft Services A Closer Look' - tamar


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Microsoft net services a closer look

Microsoft .NET ServicesA Closer Look

Clemens Vasters

Technical Lead

Microsoft Corporation


Agenda
Agenda

  • What is a Service Bus?

  • Connectivity Challenges

  • Naming

  • Service Registry and Discovery

  • Messaging, Connectivity and Events


Internet service bus
Internet Service Bus

Service Orchestration

Federated Identity and Access Control

Naming

Service Registry

Messaging Fabric

Your Services

Clients

On-Premise ESB

MS/3rd Party Services

ESB

Desktop, RIA, Web

Desktop, RIA, & Web


Connectivity challenges
Connectivity Challenges

  • IPv4 Address Shortage

    • Dynamic IP address allocation

    • Network Address Translation (NAT)

  • Internet is pwn3d by the bad guys

    • Firewalls layered over firewalls over firewalls

Network Address Translation

Network Firewall

Dynamic IP

Machine Firewall

?

Sender

Receiver


How do people deal with it
How Do People Deal With It?

  • Dynamic DNS

  • NAT Port Mappings / UPnP

  • Open Inbound Firewall Ports

Brittle, Difficult, Insecure – and sometimes – Impractical Consequence: We see recurring patterns of workarounds

Network Address Translation

Network Firewall

Dynamic IP

Machine Firewall

?

Sender

Receiver


Who needs it
Who needs it?

  • Any Instant Messaging/Communication App

    • Access Control, Relay, Direct Connect

  • Any Multiplayer Game

    • Access Control, Relay, Direct Connect

  • Any Home Media Integration System

    • Access Control, Relay, Direct Connect

  • Any Enterprise Integration System

    • Access Control, VPN/VAN


Service bus naming
Service Bus – Naming

Federated Identity and Access Control

Naming

Service Registry

Messaging Fabric


Service bus naming1
Service Bus Naming

  • Federated, hierarchical, DNS-integrated, transport-neutral naming system

Solution

NameA

Name1

Solution

NameB

Name2

Root

Solution

NameC

Name3


Anything wrong with dns
Anything wrong with DNS?

  • DNS has some practical constraints:

    • High update propagation latency

    • Increasing pollution by ISPs (“DNS assistance”)

    • Names hosts, not services

    • Limited write-access model (often out-of-band)

  • Service Bus Naming System

    • R/W access with access control via Registry

    • Updates reflected instantaneously

    • Names name endpoints, not machines


Canonical form of uri projections
Canonical Form of URI Projections

scheme://naming-scope/name/name

X

A

1

Y

B

2

Root

Z

C

3

URI ‘Host’: Naming Authority

URI ‘Path’: Federated Name Structure


Global naming structure pdc
Global Naming Structure (PDC)

scheme://servicebus.windows.net/services/solution/name/…

Required Prefix

solution

name

SBWN

services

2

Root

3


Global naming structure post pdc
Global Naming Structure (Post-PDC)

scheme://solution.servicebus.windows.net/name/…

Solution

NameA

Name1

Solution

NameB

Name2

Root

Solution

NameC

Name3


Service bus service registry
Service Bus – Service Registry

Federated Identity and Access Control

Naming

Service Registry

Messaging Fabric


Service registry
Service Registry

  • The service registry is registry for service endpoints, not a general purpose directory

  • Registry is layered over the naming system

  • Provides programmatic access to naming

    • Discover: Atom 1.0 feed hierarchy

    • Publish: Atom Publishing Protocol, WS-Transfer

WS-Transfer

Client

Service Registry

AtomPub

Naming


Registry feed structure
Registry Feed Structure

  • Accessing the root registry feed for solutions

    • http://servicebus.windows.net/services/solution/

    • Root of a hierarchy of feeds

solution

svc

WS-Transfer

Client

SBWN

services

Naming Root

AtomPub

solution

svc


Services in registry feeds
Services in Registry Feeds

  • <?xml version="1.0" encoding="utf-8"?><feed xmlns="http://www.w3.org/2005/Atom"xmlns:wsa="http://www.w3.org/2005/08/addressing"> <title>Title</title> <link href="http://connect.biztalk.net/services/my/svc"rel="self"/> <id>urn:uuid:82a76c80-d498-12d5-b91C-0103839e0ef6</id> … <entry> <title>MyEndpoint</title> <link href="http://cbn/services/my/svc/ep1"/> <id>urn:uuid:1225c695-cfb8-4ebb-aaaa-80da344efa6a</id> <wsa:EndpointReference> <wsa:Address> http://servicebus.windows.net/services/my/svc/ep1 </wsa:Address> </wsa:EndpointReference> </entry> </feed>



Service bus messaging
Service Bus – Messaging

Federated Identity and Access Control

Naming

Service Registry

Messaging Fabric


Service bus messaging1
Service Bus - Messaging

  • Primary Programming Model: WCF

  • Family of Bindings for the Service Bus


Wcf relay bindings for wcf pros
WCF Relay Bindings For WCF Pros

  • Works just like WCF:

    • Envelopes: SOAP 1.1, SOAP 1.2, None

    • All WS-* end-to-end security scenarios

    • Transport-level message path protection (SSL)

    • Reliable Messaging, Streaming

    • Full Extensibility Model

    • Web programming model (WebGet/-Invoke)

    • Metadata Exchange

  • Not supported:

    • (By Design) Atomic Transaction Flow

    • (By Design) Protocol-level transport authentication

    • (PDC Issue) WebScriptingBehavior JavaScript proxy

    • (PDC Issue) Direct Tcp Modes with RM or WS-* Sec.


Netonewayrelaybinding
NetOnewayRelayBinding

Service Bus

sb://servicebus.windows.net/services/solution/a/b/

BackendNaming

RoutingFabric

Route

Subscribe

Frontend Nodes

NLB

TCP/SSL 808/828

TCP/SSL 828

outbound connect one-way net.tcp

outbound connect bidi socket

Msg

Msg

Sender

Receiver

NATFirewallDynamic IP


Neteventrelaybinding
NetEventRelayBinding

Service Bus

sb://servicebus.windows.net/services/solution/a/b/

BackendNaming

RoutingFabric

Route

Subscribe

Frontend Nodes

TCP/SSL 808/828

TCP/SSL 828

TCP/SSL 828

outbound connect one-way net.tcp

outbound connect bidi socket

outbound connect bidi socket

Msg

Msg

Msg

Sender

Receiver

Receiver



Nettcprelaybinding relayed
NetTcpRelayBinding / Relayed

Service Bus

sb://servicebus.windows.net/services/solution/a/b/

BackendNaming

RoutingFabric

Oneway

RendezvousCtrl Msg

Frontend Nodes

Ctrl

2

NLB

3

TCP/SSL 818

outbound socket rendezvous

outbound socket connect

1

Socket-SocketForwarder

Ctrl

Sender

Receiver

4


Nettcprelaybinding hybrid
NetTcpRelayBinding / Hybrid

Service Bus

sb://servicebus.windows.net/services/solution/a/b/

BackendNaming

RoutingFabric

Oneway

RendezvousCtrl Msg

Frontend Nodes

TCP/SSL 818, 819

NAT Probing

NAT Probing

relayed connect

relayed rendezvous

upgrade

Ctrl

upgrade

Sender

Receiver

NAT Traversal Connection



Ws basic web httprelaybinding
[WS|Basic|Web]HttpRelayBinding

Service Bus

sb://servicebus.windows.net/services/solution/a/b/

BackendNaming

RoutingFabric

Oneway

RendezvousCtrl Msg

Frontend Nodes

Ctrl

2

NLB

3

HTTP/S80/443

outbound socket rendezvous

HTTPHTTPSrequest

1

HTTP-SocketForwarder

Ctrl

Sender

Receiver

4



Service bus access control integration
Service Bus – Access Control Integration

Federated Identity and Access Control

Naming

Service Registry

Messaging Fabric


Relay access control model listener
Relay Access Control Model - Listener

1

Access ControlSTS

Acquire Access Token#Listen

RST/RSTR

2

Pass Access Token with Subscription

AcTk

3

Token Evaluated

#Listen

Token Header

AcTk

Service BusRelay

Receiver


Relay access control model sender
Relay Access Control Model - Sender

Access ControlSTS

1

RST/RSTR

Acquire Access Token#Send

AcTk

#Send

Service BusRelay

Sender

Receiver

AcTk

Token Header

3

Token Evaluated and Removed

2

4

Pass Access Token with Message

Message Passed on to Receiver


Integrated access control
Integrated Access Control

  • Access Control Governed by Rules

    • Managed in the Access Control Service

    • Services must be authorized to listen in namespace

    • Evaluation of all claims in the cloud

    • No notion of “identity” in the relayed service

  • Service can turn off client access control

    • Local evaluation of end-to-end claims

    • Full control over authN/Z model (but less protection)

  • Clean composition w/ standard SOAP/HTTP model

    • WS-Security Header reserved for E2E Message Security

    • Transparent to HTTP-Header AuthN/AuthZ schemes



Notes on security
Notes on Security

  • We encourage you to hide your payloads

    • Use WS-Security to protect end-to-end path

    • You own all keys used to protect payloads

  • Transport security

    • SSL channels terminate in the Service Bus

    • Socket connections relayed on-machine

    • Oneway/Event relayed on backend fabric

  • What do we look at in the Service Bus?

    • SOAP: Action/wsa:Action, wsa:To, wsa:Action

    • HTTP: Method, URI

    • Access Tokens


Service bus workflow integration
Service Bus – Workflow Integration

Workflow

Federated Identity and Access Control

Naming

Service Registry

Messaging Fabric




Summary
Summary

  • Pervasive, Secure Connectivity for Services

    • Secure NAT Traversal, “DMZ in the sky”

  • WCF-Integrated Programming Model


ad