Post on 21-Dec-2015
transcript
Microsoft .NET Service BusConnectivity, Messaging, Events, and Discovery
Clemens VastersService Bus Technical LeadMicrosoft Corporation
BB38
What is a Service Bus? Connectivity Challenges Naming Service Registry and Discovery Messaging, Connectivity and Events
Agenda
Enterprise Service Bus
Service Orchestration
Service Registry
NamingFederated Identity and
Access Control Messaging Fabric
CRM
Customers Leads
TrendsCampaigns
Supply Chain
Inventory Order Entry
PlanningPurchasing
Point Of Sale
POS Integration
Product Catalog
ReturnsWeb Store
Internet Service Bus
Service Orchestration
Service Registry
NamingFederated Identity and
Access Control Messaging Fabric
Clients MS/3rd Party ServicesOn-Premise ESB
ESBDesktop, RIA, Web
Desktop, RIA, & Web
Your Services
IPv4 Address Shortage Dynamic IP address allocation Network Address Translation (NAT)
Internet is pwn3d by the bad guys Firewalls layered over firewalls over firewalls
Connectivity Challenges
Sender Receiver?Machine Firewall
Network FirewallNetwork Address Translation
Dynamic IP
Dynamic DNS NAT Port Mappings / UPnP Open Inbound Firewall Ports
How Do People Deal With It?
Sender Receiver?Machine Firewall
Network FirewallNetwork Address Translation
Dynamic IP
Brittle, Difficult, Insecure – and sometimes – Impractical Consequence: We see recurring patterns of workarounds
Any Instant Messaging/Communication App Access Control, Relay, Direct Connect
Any Multiplayer Game Access Control, Relay, Direct Connect
Any Home Media Integration System Access Control, Relay, Direct Connect
Any Enterprise Integration System Access Control, VPN/VAN
Who needs it?
Service Bus Naming
Federated, hierarchical, DNS-integrated, transport-neutral naming system
Root
Solution
Solution
Solution
NameB
NameC
Name1
Name2
Name3
NameA
Anything wrong with DNS?
DNS has some practical constraints: High update propagation latency Increasing pollution by ISPs (“DNS assistance”) Names hosts, not services Limited write-access model (often out-of-band)
Service Bus Naming System R/W access with access control via Registry Updates reflected instantaneously Names name endpoints, not machines
Canonical Form of URI Projections
scheme://naming-scope/name/name
Root
X
Y
Z
B
C
1
2
3
A
URI ‘Host’: Naming AuthorityURI ‘Path’: Federated Name Structure
Global Naming Structure (PDC)
scheme://servicebus.windows.net/services/solution/name/…
Root SBWN services
solution
2
3
name
Required Prefix
Global Naming Structure (Post-PDC)
Root
Solution
Solution
Solution
NameB
NameC
Name1
Name2
Name3
NameA
scheme://solution.servicebus.windows.net/name/…
Service Bus – Service Registry
Service Registry
NamingFederated
Identity and Access Control
Messaging Fabric
Service Registry
The service registry is registry for service endpoints, not a general purpose directory
Registry is layered over the naming system Provides programmatic access to naming
Discover: Atom 1.0 feed hierarchy Publish: Atom Publishing Protocol, WS-Transfer
Naming
Service RegistryClient
AtomPub
WS-Transfer
Registry Feed Structure
Accessing the root registry feed for solutions http://servicebus.windows.net/services/solution/ Root of a hierarchy of feeds
Naming Root SBWN services
svc
solution svc
solution
Client
AtomPub
WS-Transfer
Services in Registry Feeds
<?xml version="1.0" encoding="utf-8"?><feed xmlns="http://www.w3.org/2005/Atom" xmlns:wsa="http://www.w3.org/2005/08/addressing"> <title>Title</title> <link href="http://servicebus.windows.net/services/my/svc" rel="self"/> <id>urn:uuid:82a76c80-d498-12d5-b91C-0103839e0ef6</id> … <entry> <title>MyEndpoint</title> <link href="http://swn/services/my/svc/ep1"/> <id>urn:uuid:1225c695-cfb8-4ebb-aaaa-80da344efa6a</id> <wsa:EndpointReference> <wsa:Address> http://servicebus.windows.net/services/my/svc/ep1 </wsa:Address> </wsa:EndpointReference> </entry> </feed>
Service Bus – Messaging
Service Registry
NamingFederated
Identity and Access Control
Messaging Fabric
Primary Programming Model: WCF Family of Bindings for the Service Bus
Service Bus - Messaging
Corresponding WCF Binding Service Bus Relay Binding
BasicHttpBinding BasicHttpRelayBinding
WebHttpBinding WebHttpRelayBinding
WSHttpBinding WSHttpRelayBinding
WS2007HttpBinding WS2007HttpRelayBinding
WSHttpContextBinding WSHttpRelayContextBinding
WS2007HttpFederationBinding WS2007HttpRelayFederationBinding
NetTcpBinding NetTcpRelayBinding
NetTcpContextBinding NetTcpRelayContextBinding
n/a [loosely related to NetMsmqBinding] NetOnewayRelayBinding
n/a [loosely related to NetTcpPeerBinding] NetEventRelayBinding
Works just like WCF: Envelopes: SOAP 1.1, SOAP 1.2, None All WS-* end-to-end security scenarios Transport-level message path protection (SSL) Reliable Messaging, Streaming Full Extensibility Model Web programming model (WebGet/-Invoke) Metadata Exchange
Not supported: (By Design) Atomic Transaction Flow (By Design) Protocol-level transport authentication (PDC Issue) WebScriptingBehavior JavaScript proxy (PDC Issue) Direct Tcp Modes with RM or WS-* Sec.
WCF Relay Bindings For WCF Pros
NetOnewayRelayBinding
Service Bus
Sender Receiver
sb://servicebus.windows.net/services/solution/a/b/
outb
ound
conn
ect o
ne-w
ay n
et.tc
p TCP/SSL 828
BackendNamingRoutingFabric
Frontend Nodes
TCP/SSL 808/828
outbound connect bidi socket
Msg Msg
NATFirewallDynamic IP
SubscribeRoute
NLB
NetEventRelayBinding
Service Bus
Sender Receiver
sb://servicebus.windows.net/services/solution/a/b/
outbound connect bidi socketoutb
ound
conn
ect o
ne-w
ay n
et.tc
p TCP/SSL 828
BackendNamingRoutingFabric
Frontend Nodes
TCP/SSL 808/828
Msg Msg
SubscribeRoute
Receiver
outbound connect bidi socketTCP/SSL
828
Msg
NetTcpRelayBinding / Relayed
Service Bus
Sender Receiver
sb://servicebus.windows.net/services/solution/a/b/BackendNamingRoutingFabric
Frontend Nodes
Ctrl
1
2
3
4
Socket-SocketForwarderoutbound
socke
t
connect
outbound socket
rendezvous
Ctrl
TCP/SSL 818
OnewayRendezvous
Ctrl Msg
NLB
NetTcpRelayBinding / Hybrid
Service Bus
Sender Receiver
sb://servicebus.windows.net/services/solution/a/b/BackendNamingRoutingFabric
Frontend Nodes
Ctrl
rela
yed
conn
ect
OnewayRendezvous
Ctrl Msg
relayed
rendezvous
TCP/SSL 818, 819
NAT
Prob
ing NAT
Probing
NAT Traversal Connection
upgr
ade
upgrade
[WS|Basic|Web]HttpRelayBinding
Service Bus
Sender Receiver
sb://servicebus.windows.net/services/solution/a/b/BackendNamingRoutingFabric
Frontend Nodes
Ctrl
1
2
3
4
HTTP-SocketForwarder
HTTP
HTTPS
request
outbound socket
rendezvous
Ctrl
HTTP/S80/443
OnewayRendezvous
Ctrl Msg
NLB
WSHttpRelayBinding (WS-*)WebHttpRelayBinding
(REST) Clemens Vasters
Service Bus Technical Lead.NET Services
demo
Service Bus – Access Control Integration
Service Registry
NamingFederated
Identity and Access Control
Messaging Fabric
Receiver
Access Control
STS
Service BusRelay
RST/RSTR
AcTk
Token Header
AcTk
#Listen
Relay Access Control Model - Listener
Acquire Access Token
#Listen
Pass Access Token with
Subscription
1
2
Token Evaluated
3
ReceiverSender
Access Control
STS
RST/RSTR
Service BusRelay
AcTk
Token Header
AcTk
#Send
Relay Access Control Model - Sender
Acquire Access Token
#Send
Pass Access Token with Message
Token Evaluated and
Removed
Message Passed on to
Receiver
1
23
4
Integrated Access Control
Access Control Governed by Rules Managed in the Access Control Service Services must be authorized to listen in namespace Evaluation of all claims in the cloud No notion of “identity” in the relayed service
Service can turn off client access control Local evaluation of end-to-end claims Full control over authN/Z model (but less protection)
Clean composition w/ standard SOAP/HTTP model WS-Security Header reserved for E2E Message Security Transparent to HTTP-Header AuthN/AuthZ schemes
Notes on Security
We encourage you to hide your payloads Use WS-Security to protect end-to-end path You own all keys used to protect payloads
Transport security SSL channels terminate in the Service Bus Socket connections relayed on-machine Oneway/Event relayed on backend fabric
What do we look at in the Service Bus? SOAP: Action/wsa:Action, wsa:To, wsa:Action HTTP: Method, URI Access Tokens
Summary
Pervasive, Secure Connectivity for Services Secure NAT Traversal, “DMZ in the sky”
WCF-Integrated Programming Model Attend Session BB12: Thu 10:15am / 408A
Messaging Services: Protocols, Protection, and How We Scale
Protocol Details, Drilldown into all Modes Cross-Platform Support More Security Details A Look Under The Hood
Evals & Recordings
Please fill
out your
evaluation for
this session at:
This session will be available as a recording at:
www.microsoftpdc.com
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.