microsoft net services a closer look
Download
Skip this Video
Download Presentation
Microsoft .NET Services A Closer Look

Loading in 2 Seconds...

play fullscreen
1 / 38

Microsoft Services A Closer Look - PowerPoint PPT Presentation


  • 43 Views
  • Uploaded on

Microsoft .NET Services A Closer Look. Clemens Vasters Technical Lead Microsoft Corporation. Agenda. What is a Service Bus? Connectivity Challenges Naming Service Registry and Discovery Messaging, Connectivity and Events. Internet Service Bus. Service Orchestration.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Microsoft Services A Closer Look' - tamar


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
microsoft net services a closer look

Microsoft .NET ServicesA Closer Look

Clemens Vasters

Technical Lead

Microsoft Corporation

agenda
Agenda
  • What is a Service Bus?
  • Connectivity Challenges
  • Naming
  • Service Registry and Discovery
  • Messaging, Connectivity and Events
internet service bus
Internet Service Bus

Service Orchestration

Federated Identity and Access Control

Naming

Service Registry

Messaging Fabric

Your Services

Clients

On-Premise ESB

MS/3rd Party Services

ESB

Desktop, RIA, Web

Desktop, RIA, & Web

connectivity challenges
Connectivity Challenges
  • IPv4 Address Shortage
    • Dynamic IP address allocation
    • Network Address Translation (NAT)
  • Internet is pwn3d by the bad guys
    • Firewalls layered over firewalls over firewalls

Network Address Translation

Network Firewall

Dynamic IP

Machine Firewall

?

Sender

Receiver

how do people deal with it
How Do People Deal With It?
  • Dynamic DNS
  • NAT Port Mappings / UPnP
  • Open Inbound Firewall Ports

Brittle, Difficult, Insecure – and sometimes – Impractical Consequence: We see recurring patterns of workarounds

Network Address Translation

Network Firewall

Dynamic IP

Machine Firewall

?

Sender

Receiver

who needs it
Who needs it?
  • Any Instant Messaging/Communication App
    • Access Control, Relay, Direct Connect
  • Any Multiplayer Game
    • Access Control, Relay, Direct Connect
  • Any Home Media Integration System
    • Access Control, Relay, Direct Connect
  • Any Enterprise Integration System
    • Access Control, VPN/VAN
service bus naming
Service Bus – Naming

Federated Identity and Access Control

Naming

Service Registry

Messaging Fabric

service bus naming1
Service Bus Naming
  • Federated, hierarchical, DNS-integrated, transport-neutral naming system

Solution

NameA

Name1

Solution

NameB

Name2

Root

Solution

NameC

Name3

anything wrong with dns
Anything wrong with DNS?
  • DNS has some practical constraints:
    • High update propagation latency
    • Increasing pollution by ISPs (“DNS assistance”)
    • Names hosts, not services
    • Limited write-access model (often out-of-band)
  • Service Bus Naming System
    • R/W access with access control via Registry
    • Updates reflected instantaneously
    • Names name endpoints, not machines
canonical form of uri projections
Canonical Form of URI Projections

scheme://naming-scope/name/name

X

A

1

Y

B

2

Root

Z

C

3

URI ‘Host’: Naming Authority

URI ‘Path’: Federated Name Structure

global naming structure pdc
Global Naming Structure (PDC)

scheme://servicebus.windows.net/services/solution/name/…

Required Prefix

solution

name

SBWN

services

2

Root

3

global naming structure post pdc
Global Naming Structure (Post-PDC)

scheme://solution.servicebus.windows.net/name/…

Solution

NameA

Name1

Solution

NameB

Name2

Root

Solution

NameC

Name3

service bus service registry
Service Bus – Service Registry

Federated Identity and Access Control

Naming

Service Registry

Messaging Fabric

service registry
Service Registry
  • The service registry is registry for service endpoints, not a general purpose directory
  • Registry is layered over the naming system
  • Provides programmatic access to naming
    • Discover: Atom 1.0 feed hierarchy
    • Publish: Atom Publishing Protocol, WS-Transfer

WS-Transfer

Client

Service Registry

AtomPub

Naming

registry feed structure
Registry Feed Structure
  • Accessing the root registry feed for solutions
    • http://servicebus.windows.net/services/solution/
    • Root of a hierarchy of feeds

solution

svc

WS-Transfer

Client

SBWN

services

Naming Root

AtomPub

solution

svc

services in registry feeds
Services in Registry Feeds
  • <?xml version="1.0" encoding="utf-8"?><feed xmlns="http://www.w3.org/2005/Atom"xmlns:wsa="http://www.w3.org/2005/08/addressing"> <title>Title</title> <link href="http://connect.biztalk.net/services/my/svc"rel="self"/> <id>urn:uuid:82a76c80-d498-12d5-b91C-0103839e0ef6</id> … <entry> <title>MyEndpoint</title> <link href="http://cbn/services/my/svc/ep1"/> <id>urn:uuid:1225c695-cfb8-4ebb-aaaa-80da344efa6a</id> <wsa:EndpointReference> <wsa:Address> http://servicebus.windows.net/services/my/svc/ep1 </wsa:Address> </wsa:EndpointReference> </entry> </feed>
service bus messaging
Service Bus – Messaging

Federated Identity and Access Control

Naming

Service Registry

Messaging Fabric

service bus messaging1
Service Bus - Messaging
  • Primary Programming Model: WCF
  • Family of Bindings for the Service Bus
wcf relay bindings for wcf pros
WCF Relay Bindings For WCF Pros
  • Works just like WCF:
    • Envelopes: SOAP 1.1, SOAP 1.2, None
    • All WS-* end-to-end security scenarios
    • Transport-level message path protection (SSL)
    • Reliable Messaging, Streaming
    • Full Extensibility Model
    • Web programming model (WebGet/-Invoke)
    • Metadata Exchange
  • Not supported:
    • (By Design) Atomic Transaction Flow
    • (By Design) Protocol-level transport authentication
    • (PDC Issue) WebScriptingBehavior JavaScript proxy
    • (PDC Issue) Direct Tcp Modes with RM or WS-* Sec.
netonewayrelaybinding
NetOnewayRelayBinding

Service Bus

sb://servicebus.windows.net/services/solution/a/b/

BackendNaming

RoutingFabric

Route

Subscribe

Frontend Nodes

NLB

TCP/SSL 808/828

TCP/SSL 828

outbound connect one-way net.tcp

outbound connect bidi socket

Msg

Msg

Sender

Receiver

NATFirewallDynamic IP

neteventrelaybinding
NetEventRelayBinding

Service Bus

sb://servicebus.windows.net/services/solution/a/b/

BackendNaming

RoutingFabric

Route

Subscribe

Frontend Nodes

TCP/SSL 808/828

TCP/SSL 828

TCP/SSL 828

outbound connect one-way net.tcp

outbound connect bidi socket

outbound connect bidi socket

Msg

Msg

Msg

Sender

Receiver

Receiver

nettcprelaybinding relayed
NetTcpRelayBinding / Relayed

Service Bus

sb://servicebus.windows.net/services/solution/a/b/

BackendNaming

RoutingFabric

Oneway

RendezvousCtrl Msg

Frontend Nodes

Ctrl

2

NLB

3

TCP/SSL 818

outbound socket rendezvous

outbound socket connect

1

Socket-SocketForwarder

Ctrl

Sender

Receiver

4

nettcprelaybinding hybrid
NetTcpRelayBinding / Hybrid

Service Bus

sb://servicebus.windows.net/services/solution/a/b/

BackendNaming

RoutingFabric

Oneway

RendezvousCtrl Msg

Frontend Nodes

TCP/SSL 818, 819

NAT Probing

NAT Probing

relayed connect

relayed rendezvous

upgrade

Ctrl

upgrade

Sender

Receiver

NAT Traversal Connection

ws basic web httprelaybinding
[WS|Basic|Web]HttpRelayBinding

Service Bus

sb://servicebus.windows.net/services/solution/a/b/

BackendNaming

RoutingFabric

Oneway

RendezvousCtrl Msg

Frontend Nodes

Ctrl

2

NLB

3

HTTP/S80/443

outbound socket rendezvous

HTTPHTTPSrequest

1

HTTP-SocketForwarder

Ctrl

Sender

Receiver

4

service bus access control integration
Service Bus – Access Control Integration

Federated Identity and Access Control

Naming

Service Registry

Messaging Fabric

relay access control model listener
Relay Access Control Model - Listener

1

Access ControlSTS

Acquire Access Token#Listen

RST/RSTR

2

Pass Access Token with Subscription

AcTk

3

Token Evaluated

#Listen

Token Header

AcTk

Service BusRelay

Receiver

relay access control model sender
Relay Access Control Model - Sender

Access ControlSTS

1

RST/RSTR

Acquire Access Token#Send

AcTk

#Send

Service BusRelay

Sender

Receiver

AcTk

Token Header

3

Token Evaluated and Removed

2

4

Pass Access Token with Message

Message Passed on to Receiver

integrated access control
Integrated Access Control
  • Access Control Governed by Rules
    • Managed in the Access Control Service
    • Services must be authorized to listen in namespace
    • Evaluation of all claims in the cloud
    • No notion of “identity” in the relayed service
  • Service can turn off client access control
    • Local evaluation of end-to-end claims
    • Full control over authN/Z model (but less protection)
  • Clean composition w/ standard SOAP/HTTP model
    • WS-Security Header reserved for E2E Message Security
    • Transparent to HTTP-Header AuthN/AuthZ schemes
notes on security
Notes on Security
  • We encourage you to hide your payloads
    • Use WS-Security to protect end-to-end path
    • You own all keys used to protect payloads
  • Transport security
    • SSL channels terminate in the Service Bus
    • Socket connections relayed on-machine
    • Oneway/Event relayed on backend fabric
  • What do we look at in the Service Bus?
    • SOAP: Action/wsa:Action, wsa:To, wsa:Action
    • HTTP: Method, URI
    • Access Tokens
service bus workflow integration
Service Bus – Workflow Integration

Workflow

Federated Identity and Access Control

Naming

Service Registry

Messaging Fabric

summary
Summary
  • Pervasive, Secure Connectivity for Services
    • Secure NAT Traversal, “DMZ in the sky”
  • WCF-Integrated Programming Model
ad