1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation.

Slides:



Advertisements
Similar presentations
Securing, Connecting, and Scaling in Windows Azure Name Title Microsoft Corporation.
Advertisements

Clemens Vasters Technical Lead, Service Bus.NET Services BB12.
Connecting Windows Azure to Your Enterprise Network & Applications
Service Bus Service Bus Access Control.
Christian Weyer Solution Architect thinktecture
Bill Chesnut Microsoft BizTalk Virtual Technical Specialist BizTalk Server MVP Principal Consultant for Mexia
John Shewchuk Dennis Pilarinos Microsoft Corporation.
NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.
CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
Enabling IPv6 in Corporate Intranet Networks
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Cloud Integration Patterns Connect your apps, devices & Vanhoutte.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
1 © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID STUN, TURN and ICE Cary Fitzgerald.
Module 5: Configuring Access to Internal Resources.
SOA and Web Services. SOA Architecture Explaination Transport protocols - communicate between a service and a requester. Messaging layer - enables the.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
 Clemens Vasters Service Bus Technical Lead Microsoft Corporation BB38.
.Net services Azure Services Platform. Introduction to Microsoft.Net Services.Net Service Bus.Net Access Control Service.Net WorkFlow Service Tools.
Introducing BizTalk 2013 and the new Cloud adapters Kent Weare.
Christian Weyer thinktecture.
Name Title Microsoft Corporation Push Notification Introduction and Platform Interaction.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Windows Internet Connection Sharing Dave Eitelbach Program Manager Networking And Communications Microsoft Corporation.
Access Gateway Operation
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Services Working at a Small-to-Medium Business or ISP – Chapter 7.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
Network Layer4-1 DHCP: Dynamic Host Configuration Protocol Goal: allow host to dynamically obtain its IP address from network server when it joins network.
Datacenter LOB web service LOB app Partner Mobile Device.
Lecture 5 – Web Services CSE 490h – Introduction to Distributed Computing, Winter 2008 Except as otherwise noted, the content of this presentation is licensed.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
CIS 3360: Internet: Network Layer Introduction Cliff Zou Spring 2012.
The Inter-network is a big network of networks.. The five-layer networking model for the internet.
Virtual techdays INDIA │ august 2010 Deep Dive into WCF 4.0 Features Sarath S S V S │ Program Manager, BING, Microsoft India R&D.
Azure Services Platform Update James Conard Sr. Director Developer & Platform Evangelism Microsoft Corporation.
Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server.
Aaron Skonnard & Keith Brown Cofounders, Pluralsight SESSION CODE: ASI308 Programming AppFabric: Moving.NET to the Cloud.
Module 10: How Middleboxes Impact Performance
CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.
Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.
S imple O bject A ccess P rotocol Karthikeyan Chandrasekaran & Nandakumar Padmanabhan.
Kemal Baykal Rasim Ismayilov
Deploying IPv6, Now Christian Huitema Architect Windows Networking & Communications Microsoft Corporation.
TAXII SC Call Agenda Administrivia Month Behind Discussion Month Ahead.
Windows ® Azure ™ Platform. Network Architecture Packet Filtering Built-In Firewalls Connect Service SSL WCF Security Agenda.
1 Azure ™ Services Platform Microsoft.NET Services An Introduction Clemens Vasters Technical Lead Microsoft Corporation.
We have a little game to play at the start Chris J.T. Auld Director, Intergen Limited New Zealand (Go All Blacks!)
IPv6 - The Way Ahead Christian Huitema Architect Windows Networking & Communications
Service Bus Client Service ? Machine Firewall Network Firewall Network Address Translation Dynamic IP SenderReceiver.
07 | Advanced WCF Topics Bruno Terkaly | Technical Evangelist Bret Stateham | Technical Evangelist.
Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.
Client-server communication Prof. Wenwen Li School of Geographical Sciences and Urban Planning 5644 Coor Hall
Aaron Skonnard Cofounder, Pluralsight SOA316 .NET Services Extending.NET technologies to the cloud Open and accessible REST, SOAP, RSS, AtomPub, …
Windows Azure Custom Software Development Mobile Middleware Service Bus Remoting Dipl.-Ing. Damir Dobric Lead Architect daenet
Clemens Vasters Principal Technical Lead Microsoft SOA319.
Simon Davies Microsoft Global reach Ease of provisioning Business agility Deployability & manageability Security & Privacy Customisability.
1 Hyderabad Techies Microsoft Developer User Group - Hyderabad Introduction to.NET Services “ Sharing is our Passion “
Introduction to Windows Azure AppFabric
Sabri Kızanlık Ural Emekçi
Extending Your On-Premises Apps with the Windows Azure Platform
Windows Azure AppFabric
Amit R Bhatia / Puneeth Nayak
Working at a Small-to-Medium Business or ISP – Chapter 7
John Shewchuk Technical Fellow Microsoft Corporation
Working at a Small-to-Medium Business or ISP – Chapter 7
Working at a Small-to-Medium Business or ISP – Chapter 7
DHCP: Dynamic Host Configuration Protocol
Presentation transcript:

1 Azure ™ Services Platform Microsoft.NET Services A Closer Look Clemens Vasters Technical Lead Microsoft Corporation

What is a Service Bus? Connectivity Challenges Naming Service Registry and Discovery Messaging, Connectivity and Events Agenda

Internet Service Bus Service Orchestration Service Orchestration Service Registry Naming Federated Identity and Access Control Messaging Fabric ClientsClients MS/3 rd Party Services MS/3 rd Party Services On-Premise ESB ESBESB Desktop, RIA, Web Desktop, RIA, & Web Your Services

IPv4 Address Shortage Dynamic IP address allocation Network Address Translation (NAT) Internet is pwn3d by the bad guys Firewalls layered over firewalls over firewalls Connectivity Challenges Sender Receiver ? Machine Firewall Network Firewall Network Address Translation Dynamic IP

Dynamic DNS NAT Port Mappings / UPnP Open Inbound Firewall Ports How Do People Deal With It? Sender Receiver ? Machine Firewall Network Firewall Network Address Translation Dynamic IP Brittle, Difficult, Insecure – and sometimes – Impractical Consequence: We see recurring patterns of workarounds

Any Instant Messaging/Communication App Access Control, Relay, Direct Connect Any Multiplayer Game Access Control, Relay, Direct Connect Any Home Media Integration System Access Control, Relay, Direct Connect Any Enterprise Integration System Access Control, VPN/VAN Who needs it?

Service Bus – Naming Service Registry Naming Federated Identity and Access Control Messaging Fabric

Service Bus Naming Root Solution NameB NameC Name1 Name2 Name3 NameA

9 Anything wrong with DNS? DNS has some practical constraints: High update propagation latency Increasing pollution by ISPs (“DNS assistance”) Names hosts, not services Limited write-access model (often out-of-band) Service Bus Naming System R/W access with access control via Registry Updates reflected instantaneously Names name endpoints, not machines

10 Canonical Form of URI Projections scheme://naming-scope/name/name Root X Y Z B C A

11 Global Naming Structure (PDC) scheme://servicebus.windows.net/services/solution/name/… Root SBWNservices solution name Required Prefix

Global Naming Structure (Post-PDC) Root Solution NameB NameC Name1 Name2 Name3 NameA

Service Bus – Service Registry Service Registry Naming Federated Identity and Access Control Messaging Fabric

14 Service Registry The service registry is registry for service endpoints, not a general purpose directory Registry is layered over the naming system Provides programmatic access to naming Discover: Atom 1.0 feed hierarchy Publish: Atom Publishing Protocol, WS-Transfer Naming Service Registry Client AtomPub WS-Transfer

15 Registry Feed Structure Accessing the root registry feed for solutions Root of a hierarchy of feeds Naming Root SBWNservices svc solutionsvc solution Client AtomPub WS-Transfer

Services in Registry Feeds Title urn:uuid:82a76c80-d498-12d5-b91C e0ef6 … MyEndpoint urn:uuid:1225c695-cfb8-4ebb-aaaa-80da344efa6a

17.NET Service Bus Registry

Service Bus – Messaging Service Registry Naming Federated Identity and Access Control Messaging Fabric

Primary Programming Model: WCF Family of Bindings for the Service Bus Service Bus - Messaging

Works just like WCF: Envelopes: SOAP 1.1, SOAP 1.2, None All WS-* end-to-end security scenarios Transport-level message path protection (SSL) Reliable Messaging, Streaming Full Extensibility Model Web programming model (WebGet/-Invoke) Metadata Exchange Not supported: (By Design) Atomic Transaction Flow (By Design) Protocol-level transport authentication (PDC Issue) WebScriptingBehavior JavaScript proxy (PDC Issue) Direct Tcp Modes with RM or WS-* Sec. WCF Relay Bindings For WCF Pros

NetOnewayRelayBinding Service Bus Sender Receiver sb://servicebus.windows.net/services/solution/a/b/ outbound connect one-way net.tcp TCP/SSL 828 Backend Naming Routing Fabric Frontend Nodes TCP/SSL 808/828 outbound connect bidi socket Msg NAT Firewall Dynamic IP Subscribe Route NLB

NetEventRelayBinding Service Bus Sender Receiver sb://servicebus.windows.net/services/solution/a/b/ outbound connect bidi socket outbound connect one-way net.tcp TCP/SSL 828 Backend Naming Routing Fabric Frontend Nodes TCP/SSL 808/828 Msg Subscribe Route Receiver outbound connect bidi socket TCP/SSL 828 Msg

23 One-Way Messaging and Events

NetTcpRelayBinding / Relayed Service Bus Sender Receiver sb://servicebus.windows.net/services/solution/a/b/ Backend Naming Routing Fabric Frontend Nodes Ctrl Socket-Socket Forwarder outbound socket connect outbound socket rendezvous Ctrl TCP/SSL 818 Oneway Rendezvous Ctrl Msg Oneway Rendezvous Ctrl Msg NLB

NetTcpRelayBinding / Hybrid Service Bus Sender Receiver sb://servicebus.windows.net/services/solution/a/b/ Backend Naming Routing Fabric Frontend Nodes Ctrl relayed connect Oneway Rendezvous Ctrl Msg Oneway Rendezvous Ctrl Msg relayed rendezvous TCP/SSL 818, 819 NAT Probing NAT Traversal Connection upgrade

26 TCP-based Connections

[WS|Basic|Web]HttpRelayBinding Service Bus Sender Receiver sb://servicebus.windows.net/services/solution/a/b/ Backend Naming Routing Fabric Frontend Nodes Ctrl HTTP-Socket Forwarder HTTP HTTPS request outbound socket rendezvous Ctrl HTTP/S 80/443 Oneway Rendezvous Ctrl Msg Oneway Rendezvous Ctrl Msg NLB

28 HTTP Based Connections

Service Bus – Access Control Integration Service Registry Naming Federated Identity and Access Control Messaging Fabric

30 Receiver Access Control STS Service Bus Relay RST/RSTR Ac Tk Token Header Ac Tk #Listen Relay Access Control Model - Listener Acquire Access Token #Listen Pass Access Token with Subscription Token Evaluated 3 3

31 Receiver Sender Access Control STS RST/RSTR Service Bus Relay Ac Tk Token Header Ac Tk #Send Relay Access Control Model - Sender Acquire Access Token #Send Pass Access Token with Message Token Evaluated and Removed Message Passed on to Receiver

32 Integrated Access Control Access Control Governed by Rules Managed in the Access Control Service Services must be authorized to listen in namespace Evaluation of all claims in the cloud No notion of “identity” in the relayed service Service can turn off client access control Local evaluation of end-to-end claims Full control over authN/Z model (but less protection) Clean composition w/ standard SOAP/HTTP model WS-Security Header reserved for E2E Message Security Transparent to HTTP-Header AuthN/AuthZ schemes

33.NET Access Control

34 Notes on Security We encourage you to hide your payloads Use WS-Security to protect end-to-end path You own all keys used to protect payloads Transport security SSL channels terminate in the Service Bus Socket connections relayed on-machine Oneway/Event relayed on backend fabric What do we look at in the Service Bus? SOAP: Action/wsa:Action, wsa:To, wsa:Action HTTP: Method, URI Access Tokens

Service Bus – Workflow Integration Service Registry Naming Federated Identity and Access Control Messaging Fabric Workflow

36.NET Workflow Services

37

38 Summary Pervasive, Secure Connectivity for Services Secure NAT Traversal, “DMZ in the sky” WCF-Integrated Programming Model

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.