Aaron Skonnard Cofounder, Pluralsight SOA316
.NET Services Extending.NET technologies to the cloud Open and accessible REST, SOAP, RSS, AtomPub, … Class libraries for Java, PHP, Ruby, … Easy-to-use from.NET – skills move forward Initial focus on three key developer challenges Application integration & connectivity Access control in a federated world Message orchestration
Service Bus Key developer challenges Giving partners secure access to your apps Characteristics or scale of integration unknown Partners / customers / users have devices and services running behind firewalls Approach Provide a high-scale, high-available “Service Bus” that supports open Internet protocols
Service Bus Application Pattern Service Registry NamingNaming Service Orchestration Service Orchestration Federated Identity and Access Control Messaging Fabric ClientsClients Cloud Services On-PremisesOn-Premises Desktop, RIA, Web ESBStorageStorageComputeCompute …… BillingBilling Desktop, RIA, & Web Corp Service Your Service
Service Registry [http|sb]://{account}.servicebus.windows.net/{user-defined} Root account contoso … … svc Multi-Tenant The service registry provides a mapping from URIs to services
Connectivity Two key capabilities Relay Direct connect Available via HTTP / REST / ATOM Available in.NET via WCF Bindings
Rich Set of Connectivity Bindings
Relay Relay Connections Sender Receiver Outbound SSL-Secured TCP 828 Connection to Relay Rendezvous Endpoint One-Way Messages through TCP Tunnel
Relay Direct Connections SenderReceiver - Outbound SSL-Secured TCP 828 Connection to Relay - Out-of-Band Protocol to negotiate Direct Connection Upgrade to Direct when possible
Relay and Direct Connections
Publish/Subscribe Builds on the relay and direct connect connectivity capabilities Initial release is “connected multicast” Over time will provide additional delivery characteristics – anycast, reliable, …
Relay Multicast Publish/Subscribe Sender Receiver Outbound SSL-Secured TCP 828 Connection to Relay Rendezvous Endpoint One-Way Messages through TCP Tunnel Receiver
Publish/Subscribe (Multicast)
Relay Queues SenderReceiver HTTP(S) / net.tcp HTTP(S) Dequeue Msg Manager Queue Policy Queue is created by adding a queue policy to the tree
Relay Routers Sender Receiver HTTP(S) / net.tcp HTTP(S) Dequeue Msg Manager Router Policy Router is created by adding a router policy to the tree Receiver Msg
Queues and Routers Service D Service B Service C Service A Router (Distribution: One) Router (Distribution: One) Queue Router (Distribution: All) Router (Distribution: All) Msg Queues and routers are composable with one another
Queues and Routers
Access Control Key developer challenges Many identity providers, vendors, many protocols, complex semantics – tricky to get right Application strewn with one-off access logic Hard to get right, not agile, not compliant,... Approach Automate federation for a wide-range of identity providers and technologies through a hosted STS Model the access control logic as rules Easy fx that ensures correct token processing
.NET Access Control Service.NET ACS (a hosted STS).NET ACS (a hosted STS) Relying Party (Your App) Relying Party (Your App) Request token Return token Send message with token Trust relationship established Requestor (Your Customer) Requestor (Your Customer) The.NET ACS is a hosted service that externalizes the authorization policy for federated users
Access Control Interactions Your Access Control Project (a hosted STS) Your Access Control Project (a hosted STS) Relying Party (Your App) Relying Party (Your App) 2. Send Claims 4. Send Token (output claims from 3) 5. Send Message w/ token 0. Certificate exchange; periodically refreshed Requestor (Your Customer) Requestor (Your Customer) 1. Define access control rules for a customer 6. Claims checked in Relying Party 3. Map input claims to output claims based on access control rules
Rules and Claims Transformation Your ACS rules define a simple claims transformation Rules are defined within an application scope Chained rules; e.g., bob mgr and mgr allowed Simple model: the output security token is a collection of claims based on the claims in the incoming token Rules Engine claims inclaims out
Managing the ACS You can use the web site or web management APIs… Define and manage application scopes Define and manage access control rules Define and manage claim types Define and manage signing and encryption keys Standards compliant – works with Java, Ruby, … ACS management API based on AtomPub
Case Study: Relay Access Control Access governed by Access Control Rules Relay looks for Send/Listen claims Composes cleanly with SOAP-over-HTTP SOAP 1.1, SOAP 1.2 HTTP clients send messages through the relay with minimal extra effort WS-Security header can be used for end-to-end application level security – optional Composes cleanly w/ transport message protection Support any SOAP 1.2/2.0 BP compliant client
Unauthenticated Senders Unauthenticated “Send” option Clients do not need to acquire tokens for communicating through the relay Supports plain Basic Profile SOAP requests Opt-in Policy set by listening services Enables services to choose between Relay access control and end-to-end access control
Access Control
Workflow Key developer challenges Want to easily describe long-running processes Want modularity and nesting Easy to describe but in practice harder to run Approach.NET 3.0/3.5/4.0 addresses key developer requests.NET Services provides a hosting/mgt solution
Workflow Service – Overview A portal at workflow.ex.azure.microsoft.com New activities for the Azure Services Platform APIs that allow you to deploy, manage, and run your workflows on the cloud Enables you to orchestrate services over HTTP or through the.NET Service Bus A reliable, scalable off-premises host for workflows focused on message orchestration
Workflow Service – Design Flow Workflow & Rules XAML 11 Visual Studio WF Designer Your Apps & Services Service Bus Workflow PortalWorkflow Portal Workflow Client APIWorkflow Client API SOAP Web ServiceSOAP Web Service Workflow PortalWorkflow Portal Workflow Client APIWorkflow Client API SOAP Web ServiceSOAP Web Service Design Workflows 11 Deploy Workflows 22 Manage Workflow Instances 44 Manage Workflow Types VS – one click deploy
Workflows in the Cloud
Summary.NET Services extends.NET to the cloud It's open and accessible It's easy to use your existing.NET skills It comes with all cloud benefits Initial focus on three key developer challenges Application integration & connectivity Access control in a federated world Message orchestration
Related Content Breakout Sessions SOA319Interconnect and Orchestrate Services and Applications with Microsoft.NET Services with Microsoft.NET Services Interactive Sessions SOA01-INT Architecting Enterprise-Grade Cloud Applications Hands on Labs AZP05-HOL Introduction to the Microsoft.NET Access Control Service AZP06-HOL Introduction to the Microsoft.NET Service Bus AZP07-HOL Introduction to the Microsoft.NET Workflow Service Required Slide Speakers, please list the Breakout Sessions, TLC Interactive Theaters and Labs that are related to your session. Required Slide Speakers, please list the Breakout Sessions, TLC Interactive Theaters and Labs that are related to your session.
Sessions On-Demand & Community Resources for IT Professionals Resources for Developers Microsoft Certification and Training Resources Microsoft Certification & Training Resources Resources Required Slide Speakers, TechEd 2009 is not producing a DVD. Please announce that attendees can access session recordings at TechEd Online. Required Slide Speakers, TechEd 2009 is not producing a DVD. Please announce that attendees can access session recordings at TechEd Online.
Track Resources Required Slide Track PMs will supply the content for this slide, which will be inserted during the final scrub. Required Slide Track PMs will supply the content for this slide, which will be inserted during the final scrub. SOA msdn.microsoft.com/biztalk “Dublin” “Oslo” msdn.microsoft.com/oslo msdn.microsoft.com/wcf msdn.microsoft.com/wf msdn.microsoft.com/azure/netservices twitter.com/dotnetservices
Complete an evaluation on CommNet and enter to win! Required Slide
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. Required Slide