Uma introdu o ao azure appfabric
Download
1 / 38

Uma introdução ao Azure AppFabric - PowerPoint PPT Presentation


  • 130 Views
  • Uploaded on

ARC204. Pedro Félix. CCISEL [email protected] Uma introdução ao Azure AppFabric. Azure AppFabric. Set of services Service Bus (SB) Access Control Service (ACS) Running in the cloud Based on Windows Azure Platform Providing

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Uma introdução ao Azure AppFabric' - braith


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Uma introdu o ao azure appfabric

ARC204

Pedro Félix

CCISEL

[email protected]

Uma introdução ao AzureAppFabric


Azure appfabric
Azure AppFabric

  • Set of services

    • Service Bus (SB)

    • Access Control Service (ACS)

  • Running in the cloud

    • Based on Windows Azure Platform

  • Providing

    • SB : Service Connectivity, Addressability and Discoverability

    • ACS : Service Access Control


Service Bus


A scenario
A Scenario

  • Issue Tracker web app.

  • Cloud-based

  • Multi-tenant

CloudTrack

.

View/manage issues

Create/view issues

Contoso

Fabrikam


Connectivity challenges
Connectivity challenges

CloudTrack

.

Notify new issue

Create new issue

Fetch trace data

FW, NAT, …

FW, NAT, …


Challenges
Challenges

  • Addressability and discoverability

    • Private addresses and Network Address Translation (NAT)

    • Dynamic addresses (e.g. ISP)

  • Connectivity

    • Firewalls (denial of inbound connections)

    • Event distribution

    • Transient connectivity


Service bus
Service Bus

address?

outbound

inbound


Service bus1
Service Bus

“All problems in computer science can be solved by another level of indirection”

Butler Lampson

Service Bus

outbound

inbound


Connectivity and addressability
Connectivity and addressability

  • Relay

    • Service “listens” on the SB via outbound connection

    • Client “sends” to the SB

    • SB relays between client and service

sends

listens

public

address

Service Bus

outbound


Naming and discovery
Naming and discovery

  • Naming

    • Service is exposed via a public name

    • Local DNS binds these public names to IP addresses

    • Local registry describes available public names

DNS

Registry

sends

listens

public

name

Service Bus

outbound

outbound


Naming and discovery1
Naming and discovery

  • Naming

    • Public service namespaces

    • One Azure project – multiple service namespaces

    • {scheme}://{namespace}.servicebus.windows.net/{relpath}

  • Registry

    • Mapping between URIs and services

    • Readable via HTTP+ATOM


Demo

http://demos-pfelix.servicebus.windows.net/techdays

REST-like Services


Buffering
Buffering

  • Buffering

    • One-way messaging

    • Temporal decoupling

sends

listens

public

name

outbound

outbound


Eventing pub sub
Eventing (pub-sub)

  • Eventing – multicast

    • One-way messages

    • Multiple listeners

    • Message distribution - multicast

outbound

listens

sends

listens

Service Bus

outbound

outbound


Demo

http://demos-pfelix.servicebus.windows.net/techdays

Publish-Subscribe


Security
Security

  • Access Control

    • Both “listen” and “send” subject to access control

    • Programmable authorization policy, defined by ACS

  • Isolation – SB is the DMZ

ACS

sends

listens

Service Bus

outbound

outbound


Wcf architecture
WCF architecture

  • Channel stack with transport and protocol channels

  • Channels described by binding elements

  • One binding contains several binding elements

User code

Service Impl.

Client

Dispatcher

Binding element

Protocol

Protocol

Binding element

Protocol

Protocol

Binding element

Encoding

Encoding

Binding element

Transport

Transport

Binding


Wcf and sb
WCF and SB

  • New bindings

    • New transport channels and binding elements

  • New behaviors

User code

Service Impl.

Client

Dispatcher

Binding element

Protocol

Protocol

Binding element

Protocol

Protocol

Binding element

Encoding

Encoding

Service

Bus

Binding element

Transport

Transport

Binding


Bindings
Bindings

  • WebHttpRelayBinding

    • HTTP (Web programming model)

    • Client interoperability

  • BasicHttpRelayBinding e WS2007HttpRelayBinding

    • SOAP over HTTP (basic profile | WS-*)

    • Client interoperability

  • NetTcpRelayBinding

    • Similar to NetTcpBinding (request-response and duplex)

  • NetOnewayRelayBinding e NetEventRelayBinding

    • One- way w/buffering and multicast


Binding elements
Binding elements

  • Http(s)RelayTransportBindingElement

  • TcpRelayTransportBindingElement

  • RelayedOnewayTransportBindingElement


Access ControlService


Access control service
Access Control Service

  • Identity and access control

  • Distributed systems

    • Decentralized authority

    • Heterogeneous technologies

  • Claims-based model

  • Service Bus integration


Identity and authorization
Identity and Authorization

creds

Contoso::

Alice

Contoso::

LeadDev

webapp::

IssueMgr

webapp::

IssueView


Centralized solution
Centralized Solution

webapp (IssueTracker)

creds

Contoso::

Alice

Contoso::

LeadDev

webapp::

IssueMgr

webapp::

IssueView

Membership

Provider

Role

Provider

IPrincipal.IsInRole(...)


Decentralized authority
Decentralized Authority

webapp (IssueTracker)

creds

Contoso::

Alice

Contoso::

LeadDev

webapp::

IssueMgr

webapp::

IssueView

Contoso Authority


Decentralized authority1
Decentralized Authority

Contoso Identity Provider

webapp

creds

Contoso::

Alice

Contoso::

LeadDev

webapp::

IssueMgr

webapp::

IssueView

Identity

Directory


Decision enforcement
Decision  Enforcement

Identity

Information

Authorization

Decision

Contoso

webapp

creds

Contoso::

Alice

Contoso::

LeadDev

webapp::

IssueMgr

webapp::

IssueView

Authorization

Enforcement

Service

Bus

webapp::

SB.Listen


Access control service1
Access Control Service

Authorization Enforcement

Identity Provider

Authorization Decision

Contoso

Access Control Service

webapp

creds

Contoso::

LeadDev

Alice

webapp::

IssueView

SB

webapp::

SB.Listen


Demo

Access Control Service

WRAP

Membership

WIF

WS-Trust

LeadDev

Alice

username

+

password

SAML

Listen

Service Bus

SWT

WIF


Access control service2
Access Control Service

  • Claims-based Identity and Access Control

  • Claims transformer (“claims in, claims out”)

    • Consumes claims from federated issuers

    • Provides claims to applications and services

  • Rule based issuance policy

    • Rule: If has claim1 then output claim2

  • Not an identity provider

    • Does not manage user’s identities


Protocols and technologies
Protocols and technologies

  • AppFabric 1.0

    • OAuth WRAP (Web Resource Authorization Protocol)

    • Simple Web Token

  • Future (and past)?

    • WS-Federation – “passive” (browser based) federation

    • WS-Trust – “active” (SOAP based) federation

    • LiveID integration


WRAP

Identity

Provider

Authorization Server

Identity :

username + shared secret

SWT token

SAML token

Bearer Token with authorization claims

Bearer Token with authorization claims

Client

API

Protected Resource


Wrap and swt
WRAP and SWT

  • Simple Web Token (SWT)

    • Form encoded name-value pairs

    • HMAC-SHA-256 symmetric signature

  • WRAP token request

    • HTTP POST

    • username+password or authentication assertion (e.g. SAML)

  • WRAP protected client call

    • HTTP header (Authorization: WRAP access_token = “…”)

    • GET or POST parameter (wrap_access_token = “…”)


Finally
Finally …

  • Service Bus

    • Connectivity

    • Addressability and discoverability

    • Eventing

    • Buffering

  • Access Control Service

    • Authorization Decision Point

      • For Service Bus

      • For other services, both cloud or on-premises

    • Flexible claims based policy


ad