azure appfabric
play

Azure AppFabric WebDay, Porto, Feb. 2, 2010 Pedro Flix ( pedrofelix - PowerPoint PPT Presentation

Dec 16, 2022 •307 likes •620 views

An introduction to the Azure AppFabric WebDay, Porto, Feb. 2, 2010 Pedro Flix ( pedrofelix em cc.isel .ipl.pt) Azure AppFabric Set of services Service Bus (SB) Access Control Service (ACS) Running in the cloud Based on

  1. An introduction to the Azure AppFabric WebDay, Porto, Feb. 2, 2010 Pedro Félix ( pedrofelix em cc.isel .ipl.pt)

  2. Azure AppFabric • Set of services – Service Bus (SB) – Access Control Service (ACS) • Running in the cloud – Based on Windows Azure Platform • Providing – SB : Service Connectivity, Addressability and Discoverability – ACS : Service Access Control 2

  3. A Motivating Scenario • Issue Tracker web app. • Cloud-based CloudTrack • Multi-tenant . View/manage issues Create/view issues Contoso Fabrikam 3

  4. Connectivity challenges CloudTrack . Notify new issue Create new issue Fetch trace data FW, NAT, … FW, NAT, … 4

  5. Challenges • Addressability and discoverability – Private addresses and Network Address Translation (NAT) – Dynamic addresses (e.g. ISP) • Connectivity – Firewalls (denial of inbound connections) – Event distribution – Transient connectivity 5

  6. Service Bus address? outbound inbound 6

  7. Service Bus “All problems in computer science can be solved by another level of indirection” Butler Lampson Service Bus outbound inbound 7

  8. Connectivity and addressability • Relay – Service “listens” on the SB via outbound connection – Client “sends” to the SB – SB relays between client and service sends listens public address Service Bus outbound 8

  9. Naming and discovery • Naming – Service is exposed via a public name – Local DNS binds these public names to IP addresses – Local registry describes available public names DNS Registry sends listens public name Service Bus outbound outbound 9

  10. Naming and discovery • Naming – Public service namespaces – One Azure project – multiple service namespaces – {scheme} :// {namespace} .servicebus.windows.net/ {relpath} • Registry – Mapping between URIs and services – Readable via HTTP+ATOM 10

  11. Buffering • Buffering – One-way messaging – Temporal decoupling sends listens public name outbound outbound 11

  12. Eventing (pub-sub) • Eventing – multicast – One-way messages – Multiple listeners – Message distribution - multicast outbound listens sends listens Service Bus outbound outbound 12

  13. Security • Access Control – Both “listen” and “send” subject to access control – Programmable authorization policy, defined by ACS • Isolation – SB is the DMZ ACS sends listens Service Bus outbound outbound 13

  14. WCF architecture • Channel stack with transport and protocol channels • Channels described by binding elements • One binding contains several binding elements User code Service Impl. Client Dispatcher Protocol Protocol Binding element Protocol Protocol Binding element Encoding Encoding Binding element Transport Transport Binding element Binding 14

  15. WCF and SB • New bindings – New transport channels and binding elements • New behaviors User code Service Impl. Client Dispatcher Protocol Protocol Binding element Protocol Protocol Binding element Encoding Encoding Binding element Service Transport Transport Binding element Bus Binding 15

  16. Bindings • WebHttpRelayBinding – HTTP (Web programming model) – Client interoperability • BasicHttpRelayBinding e WS2007HttpRelayBinding – SOAP over HTTP (basic profile | WS-*) – Client interoperability • NetTcpRelayBinding – Similar to NetTcpBinding (request-response and duplex) • NetOnewayRelayBinding e NetEventRelayBinding – One- way w/buffering and multicast 16

  17. Binding elements • Http(s)RelayTransportBindingElement • TcpRelayTransportBindingElement • RelayedOnewayTransportBindingElement 17

  18. Demo http:// demos-pfelix .servicebus.windows.net/ webday 18

  19. Access Control Service • Identity and access control • Distributed systems – Decentralized authority – Heterogeneous technologies • Claims-based model • SB integration 19

  20. Identity and Authorization Contoso:: Contoso:: webapp:: webapp:: creds Alice LeadDev IssueMgr IssueView 20

  21. Centralized Solution webapp (IssueTracker) Contoso:: Contoso:: webapp:: webapp:: creds Alice LeadDev IssueMgr IssueView Membership Role IPrincipal.IsInRole(...) Provider Provider 21

  22. Decentralized Authority webapp (IssueTracker) Contoso:: Contoso:: webapp:: webapp:: creds Alice LeadDev IssueMgr IssueView Contoso Authority 22

  23. Decentralized Authority Contoso Identity Provider Contoso Identity Provider webapp Contoso:: Contoso:: webapp:: webapp:: creds Alice LeadDev IssueMgr IssueView Identity Directory 23

  24. Decision  Enforcement Contoso webapp Identity Authorization Information Decision Contoso:: Contoso:: webapp:: webapp:: creds Alice LeadDev IssueMgr IssueView Service Service Authorization Authorization Bus webapp:: Enforcement Enforcement SB.Listen 24

  25. Access Control Service Authorization Enforcement Identity Provider Authorization Decision webapp webapp Contoso Access Control Service Access Control Service Contoso:: webapp:: creds LeadDev IssueView Alice SB webapp:: SB.Listen 25

  26. Access Control Service • Claims-based Identity and Access Control • Claims transformer (“claims in, claims out”) – Consumes claims from federated issuers – Provides claims to applications and services • Rule based issuance policy – Rule: If has claim1 then output claim2 • Not an identity provider – Does not manage user’s identities 26

  27. Protocols and technologies • AppFabric 1.0 – OAuth WRAP (Web Resource Authorization Protocol) – Simple Web Token • Future (and past)? – WS-Federation – “passive” (browser based) federation – WS-Trust – “active” (SOAP based) federation – LiveID integration 27

  28. WRAP Identity Authorization Provider Server Bearer Token with Bearer Token with API authorization claims Protected Client Resource 28

  29. WRAP and SWT • Simple Web Token (SWT) – Form encoded name-value pairs – HMAC-SHA-256 symmetric signature • WRAP token request – HTTP POST – username+password or authentication assertion (e.g. SAML) • WRAP protected client call – HTTP header (Authorization: WRAP access_token = “…”) – GET or POST parameter ( wrap_access_token = “…”) 29

  30. Demo Access Control WRAP Service Membership WIF WS-Trust LeadDev username Alice + password SAML Listen Service Bus SWT WIF 30

  31. Finally … • Service Bus – Connectivity – Addressability and discoverability – Eventing – Buffering • Access Control Service – Authorization Decision Point • For Service Bus • For other services, both cloud or on-premises – Flexible claims based policy 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Using PubSub For Scheduling in Azure SDN Qi Zhang (Microsoft - Azure Networking) Azure

Using PubSub For Scheduling in Azure SDN Qi Zhang (Microsoft - Azure Networking) Azure

Using PubSub For Scheduling in Azure SDN Qi Zhang (Microsoft - Azure Networking) Azure Networking Regional Cable Azure Region A Network Consumers CDN Regional Network Carrier Microsoft Edge Enterprise, SMB, WAN mobile Azure

604 views • 26 slides
Azure Active Directory Provider The Azure Provider can be used to congure infrastructure in

Azure Active Directory Provider The Azure Provider can be used to congure infrastructure in

Azure Active Directory Provider The Azure Provider can be used to congure infrastructure in Azure Active Directory (https://azure.microsoft.com/en- us/services/active-directory/) using the Azure Resource Manager API's. Documentation regarding

925 views • 46 slides
at Your Fingertips, in the Azure Cloud An Azure/UberCloud Sales Guide

at Your Fingertips, in the Azure Cloud An Azure/UberCloud Sales Guide

Engineering Simulations at Your Fingertips, in the Azure Cloud An Azure/UberCloud Sales Guide Wolfgang.Gentzsch@TheUberCloud.com For Use by Microsoft Sales Benefits of HPC* as a Service flexible - on-demand - user-friendly 1 2 3 4

1.02k views • 12 slides
Getting Started with The Azure Data Platform How to Set Up a Fully-Functional Azure Data &

Getting Started with The Azure Data Platform How to Set Up a Fully-Functional Azure Data &

Getting Started with The Azure Data Platform How to Set Up a Fully-Functional Azure Data & Analytics Environment in Just 30-Days 10/21/2020 CONFI DENTI AL | 2020 | 1 Todays Presenter Rob Carek Director, Global Solution Development

349 views • 31 slides
Lead Azure Architect, MCT(Microsoft Certified Trainer) Azure Talk by Niraj kumar, Cloud Architect!

Lead Azure Architect, MCT(Microsoft Certified Trainer) Azure Talk by Niraj kumar, Cloud Architect!

http://blog.kloudezy.com Niraj Kumar Lead Azure Architect, MCT(Microsoft Certified Trainer) Azure Talk by Niraj kumar, Cloud Architect! Azure Talk Telegram Group http://blog.kloudezy.com Azure Container Services Containers vs VMs Azure

895 views • 7 slides
Azure MapReduce Thilina Gunarathne Salsa group, Indiana University Agenda Recap of Azure

Azure MapReduce Thilina Gunarathne Salsa group, Indiana University Agenda Recap of Azure

Azure MapReduce Thilina Gunarathne Salsa group, Indiana University Agenda Recap of Azure Cloud Services Recap of MapReduce Azure MapReduce Architecture Application development using AzureMR Pairwise distance alignment

326 views • 30 slides
ENMAX GIS in Azure May 16,2019 Background Why the Azure cloud? In 2016 ENMAX IT

ENMAX GIS in Azure May 16,2019 Background Why the Azure cloud? In 2016 ENMAX IT

ENMAX GIS in Azure May 16,2019 Background Why the Azure cloud? In 2016 ENMAX IT Infrastructure launched a Data Centre Transformation project as ENMAX had out grown our on premise data center This move was also consistent with a

186 views • 15 slides
Microsoft AZURE Giovanni Gatto Azure Partner Recruiter EMAIL: ggatto@Microsoft.com TWITTER:

Microsoft AZURE Giovanni Gatto Azure Partner Recruiter EMAIL: ggatto@Microsoft.com TWITTER:

Microsoft AZURE Giovanni Gatto Azure Partner Recruiter EMAIL: ggatto@Microsoft.com TWITTER: @giobannigatto Industry transformation Big data Devices Apps Cloud one quarter nearly half more than half 40ZB of external app of total IT

391 views • 18 slides
Niraj Kumar Lead Azure Architect, MCT( Microsoft Certified Trainer) Azure Talk by Niraj kumar,

Niraj Kumar Lead Azure Architect, MCT( Microsoft Certified Trainer) Azure Talk by Niraj kumar,

http://blog.kloudezy.com Niraj Kumar Lead Azure Architect, MCT( Microsoft Certified Trainer) Azure Talk by Niraj kumar, Cloud Architect! http://blog.kloudezy.com Azure Storage Azure Storage Overview Types of Storage Account and performance

609 views • 8 slides
High Performance Computing with do doAzur ureP ePar arallel allel Using Azure as your

High Performance Computing with do doAzur ureP ePar arallel allel Using Azure as your

High Performance Computing with do doAzur ureP ePar arallel allel Using Azure as your Parallel-Backend for Microsoft Embarassingly Parallel work JS Tan Azure Big Compute Azure Infrastructure Commodity, most Fast processors, Fast

454 views • 21 slides
Microsoft Azure Workshop Getting Started with Microsoft Azure Hands on Tutorial Swag, including

Microsoft Azure Workshop Getting Started with Microsoft Azure Hands on Tutorial Swag, including

Microsoft Azure Workshop Getting Started with Microsoft Azure Hands on Tutorial Swag, including a raffle for a Razer bundle worth $120 and including a mechanical keyboard, gaming mouse, gaming mouse pad, and overear headphones 7pm TONIGHT!

313 views • 15 slides
AZ-300-301 - Microsoft Certified: Azure Architect Technologies These 2 courses composed of

AZ-300-301 - Microsoft Certified: Azure Architect Technologies These 2 courses composed of

AZ-300-301 - Microsoft Certified: Azure Architect Technologies These 2 courses composed of modules are designed for IT Professionals who will learn about how to manage their Azure resources, including deployment and configuration of virtual

328 views • 4 slides
Microsoft Azure Security Protecting mission-critical cloud Steve Faehl Microsoft US National

Microsoft Azure Security Protecting mission-critical cloud Steve Faehl Microsoft US National

Microsoft Azure Security Protecting mission-critical cloud Steve Faehl Microsoft US National Director Security Strategy Microsoft Azure, a strong foundation Azure Government The only Supports the broadest Physically Meets the most

422 views • 9 slides
MICROSOFT AZURE MACHINE LEARNING Oscar Naim Microsoft Microsoft Azure Machine Learning What is

MICROSOFT AZURE MACHINE LEARNING Oscar Naim Microsoft Microsoft Azure Machine Learning What is

MICROSOFT AZURE MACHINE LEARNING Oscar Naim Microsoft Microsoft Azure Machine Learning What is Machine Learning? Azure Machine Learning: How it works Azure Machine Learning in action Get started Contents What is Machine Learning?

456 views • 21 slides
All-in with Azure AD, Intune, and Oce 365 All-in with Azure AD, Intune, and Oce 365

All-in with Azure AD, Intune, and Oce 365 All-in with Azure AD, Intune, and Oce 365

All-in with Azure AD, Intune, and Oce 365 All-in with Azure AD, Intune, and Oce 365 Notes and Slides: billdeitrick.com/citn2019 Notes and Slides: billdeitrick.com/citn2019 Bill Deitrick Bill Deitrick Information Services Director

599 views • 20 slides
Microsoft Azure Backup echnologies mikep@biggreenit.com Director of Cloud T Mike Prachar T

Microsoft Azure Backup echnologies mikep@biggreenit.com Director of Cloud T Mike Prachar T

Microsoft Azure Backup echnologies mikep@biggreenit.com Director of Cloud T Mike Prachar T odays Agenda 11:40 Who is Big Green IT? Jeff Rogers 11:45 Azure Backup Mike Prachar 12:10 Azure Backup Demo Ryan

568 views • 52 slides
Advanced Publish/Subscribe Communication Services Antonio Carzaniga and Alexander L. Wolf

Advanced Publish/Subscribe Communication Services Antonio Carzaniga and Alexander L. Wolf

Advanced Publish/Subscribe Communication Services Antonio Carzaniga and Alexander L. Wolf University of Colorado at Boulder Boulder, Colorado USA {carzanig alw}@cs colorado edu {carzanig,alw}@cs.colorado.edu About the Tutors Antonio

1k views • 96 slides
A history of the CACG, EUGridPMA, and the IGTF (and some next steps) First APGridPMA

A history of the CACG, EUGridPMA, and the IGTF (and some next steps) First APGridPMA

A history of the CACG, EUGridPMA, and the IGTF (and some next steps) First APGridPMA Face-to-Face Meeting Beijing David Groep, 2005-11-29 A brief history From the CACG to EUGridPMA to IGTF The EU DataGrid CACG The EUGridPMA:

610 views • 34 slides
The Open Container Initiative Establishing standards for an open ecosystem Jonathan Boulle

The Open Container Initiative Establishing standards for an open ecosystem Jonathan Boulle

The Open Container Initiative Establishing standards for an open ecosystem Jonathan Boulle @baronboulle | jonathan.boulle@coreos.com A short agenda Why do we care about standards? Where have container standards come from? Where

1.46k views • 84 slides
using distributed responsibility David Groep EGI IGTF Liaison www.egi.eu EGI-Engage is

using distributed responsibility David Groep EGI IGTF Liaison www.egi.eu EGI-Engage is

Evolving the EGI trust fabric using distributed responsibility David Groep EGI IGTF Liaison www.egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework Programme of the European Union under grant number 654142

765 views • 23 slides
Personal presenta,ons To be presented at opening of seminar. Max presenta,on ,me: 30 seconds

Personal presenta,ons To be presented at opening of seminar. Max presenta,on ,me: 30 seconds

Personal presenta,ons To be presented at opening of seminar. Max presenta,on ,me: 30 seconds Please email your presenta,on to Borje.Ohlman@ericsson.com Deadline: Monday June 20 th 8:00 CET Randy Bush Internet In'ta've Japan Seminar topic

773 views • 35 slides
Management of Large Management of Large Networks New Frontiers in Computing San Jose State

Management of Large Management of Large Networks New Frontiers in Computing San Jose State

Management of Large Management of Large Networks New Frontiers in Computing San Jose State University A August 14, 2010 t 14 2010 P Pradeep Kathail d K th il CTO, NSSTG, Cisco pkathail@cisco.com pkathail@cisco.com 1 Agenda Agenda

532 views • 16 slides
Computer Security Security.di.unimi.it/sicurezza1314/ Chapter 1: 1 Info corso di Sicurezza

Computer Security Security.di.unimi.it/sicurezza1314/ Chapter 1: 1 Info corso di Sicurezza

Computer Security Security.di.unimi.it/sicurezza1314/ Chapter 1: 1 Info corso di Sicurezza Docente corso Andrea Lanzi: andrea.lanzi@unimi.it Pagina corso: http://security.di.unimi.it/sicurezza1314/ Orario di ricevimento su

425 views • 23 slides
ARCSAuthorisa.onServices NeilWitheridge

ARCSAuthorisa.onServices NeilWitheridge

ARCSAuthorisa.onServices NeilWitheridge Manager,ARCSAuthorisa7onServices APAN29,Sydney,February2010 Overview ARCS&PlaEormsforCollabora7on

593 views • 13 slides

More recommend