Windows Azure Service BusNameTitleMicrosoft Corporation

Agenda

Why Service Bus?Service Bus Namespace and Access ControlService Bus RelayService Bus Messaging

ServiceBus

ConnectivityService RelayProtocol Tunnel Eventing

Rich options for interconnecting apps across network boundaries

Integration RoutingCoordination Transformation

Content-based routing, document transformation, and process coordination.

Svc Management Naming, DiscoveryMonitoring

Consistent management surface and service observation capabilities

MessagingQueuing Pub/SubReliable Transfer

Reliable, transaction-aware cloud messaging infrastructure for business apps.

Why Service Bus?

Cloud/On-Premise IntegrationCloud-Hosted, reliable asynchronous Messaging Infrastructure with Publish/SubscribeCloud-Based Relay enabling NAT/Firewall Traversal for reach into on-prem assets

Cloud/On-Premise IntegrationService Registry that allows organizing endpoints into a common, discovery enabled network surface for services spread across different network environmentsIntegration with Access Control providing security gate with Federated Identity support

Cross-Site Federation (SaaS)Endpoint Federation instead of Network Federation (VPN)Non-intrusive, does not require network reconfigurationEnables integration scenarios with:Multi-TenancyMinimal mutual trustMinimal or no control over the on-premise networking environment

Trade Franchise Partner IntegrationEnables integration across partners and franchise environmentsLow trust Limited controlDiverse sites with varying connectivityDirect peer access and cloud access

Mobile Workforce/Customer IntegrationMobile devices are largely not “behind the firewall”VPN solutions are largely impractical due to setup and management complexity

Mobile Workforce/Customer IntegrationYet, mobile devices need access to on-premise assetsIn reach for larger enterprises, not so much for smaller ones without static or at least public IPs

Mobile Workforce/Customer IntegrationDirect access, access via the cloud using ISV supplied servicesIn the future also support for Azure inherent mobile services such as Service Bus Push support for mobile

Federated Cloud/On-Prem SolutionsFederated solutions provide the same functionality in the cloud and on-premiseCloud enhances the on-premise solution by providing reach and scaleOn-premise solution provides no-compromise availability even in case of a full network outage

Smart Grid System

Large Scale Eventing / Command-Control

“Last Mile” problem of reaching into the consumer householdReach consumer or industrial devices at scaleBroadcast event data at “utility scale” Send targeted notifications based on geography or demographicsLarge scale notifications and broadcast will become part of Service Bus in CY12

Smart Grid System

Smart Grid System

Service Bus Namespace and Access Control

Service Bus Namespacehttps://yourapp.servicebus.windows.net/foo/bar/baz

Naming treeATOM Feed at the root for discoveryManagement via REST on the ATOM feed hierarchyAll names that can exist do exist

“Infinite” depth Factually: 32 segments, 450 character path limit

Entities own the namespace tree leavesAny branch can be differently secured with ACS

Service Bus and Access ControlSpecial relationship between Service Bus and ACSEach SB namespace has a ‘buddy’ namespace in ACS‘yourapp.servicebus.windows.net’‘yourapp-sb.accesscontrol.windows.net’

‘-sb’ namespacesPreconfigured relying party for Service Bus namespace rootCan‘t be deleted, system-managed signing key, uses default rule groupPreconfigured service identity ‘owner’Can’t be deleted, configured as superuser via default rule group Tokens issued for ‘owner’ assigned ‘Listen’, ‘Send’, and ‘Manage’

Service Bus Rights and ClaimsService Bus defines one authorization claim type with three possible values that indicate the authorized operation(s) ‘net.windows.servicebus.action’ ‘Send’ – Permit ‘send’ operations on a Service Bus entity‘Listen’ – Permit ‘send’ or ‘receive’ operations on a Service Bus entity‘Manage’ – Permit management operations like creating, inspecting, or deleting Service Bus entities.

Access Control – Conceptual ModelEach name/branch in

the namespace can have a set of associated mappings from ‘claims’ to ‘rights’‘Claims’ are issued by identity providers federated with Access Control‘Rights’ define permissions on Service Bus entities: ‘Send’, ‘Listen’, ‘Manage’

owner: Sendowner: Listenowner: Manage

John: Manage

Fred: SendAlice: SendPeter: Listen

Access Control – Implementationhttps://yourapp-sb.accesscontrol.windows.net

owner: Sendowner: Listenowner: Manage

John: Manage

Fred: SendAlice: SendPeter: Listen

http://yourapp.sbwn

Relying Party/Realm Rule Group

http

http

Namespace and Access Control

demo

Service Bus Relay

“Expose Web Services from anywhere to anywhere”

Outbound TCP (Ports 9350-9353)9350 Unsecured TCP One-way (client)9351 Secured TCP One-way (all listeners, secured clients)9352 Secured TCP Rendezvous (all listeners except one-way)9353 Direct Connect Probing Protocol (TCP listeners with direct connect)Outbound HTTP (Port 80, Listeners)TCP equivalent tunnel with overlaid TLS/SSL formed over pair of HTTP requestsAlternate connectivity path if outbound TCP is blockedOutbound HTTPS (Port 443, Senders)

Relayed One-Way Unicast and MulticastRelayed WCF NET.TCP with Direct Connect OptionRelayed WCF HTTP with support for REST and SOAP 1.1/1.2Endpoint protection with Access Control

Key Capabilities

Connectivity Options

Relay Programming ModelFull WCF Programming ModelBindings functionally symmetric with WCFWebHttpRelayBinding (HTTP/REST)BasicHttpRelayBinding (SOAP 1.1)WS2007HttpRelayBinding (SOAP 1.2)NetTcpRelayBinding (Binary transport)Special Service Bus BindingsNetOnewayRelayBinding (Multicast one-way)NetEventRelayBinding (Multicast one-way)Transport binding elements for custom binding stacks

WebHttpRelayBinding provides full interoperability with any HTTP/REST client, BasicHttpRelayBinding with any SOAP client

OnewayNetOnewayRelayBindingAll TCP and HTTP listeners use one-way as internal control channel60KB message-size limitOne-way onlyNo rendezvous overhead

Backend

NamingRouting

Fabric

solution. a b

FrontendNodes

outbound

connect one-way

net.tcp

outbound connect bidi socket

MsgMsg

NATFirewall

Dynamic IP

NLB TCP/SSL HTTP(S)TCP/SSL HTTP(S)

RouteSubscribe

EventNetEventRelayBindingSmall-Scale Synchronous Multicast 60KB message-size limitOne-way onlyNo rendezvous overhead

Backend

NamingRouting

Fabric

solution. a b

FrontendNodes

outbound

connect one-way

net.tcp

outbound connect bidi socket

MsgMsg

TCP/SSL HTTP(S)TCP/SSL HTTP(S)

RouteSubscribe

outbound connect bidi socket

Msg

Rendezvous(TCP & HTTP)

NetTcpRelayBindingWebHttpRelayBindingBasicHttpRelayBindingWS2007RelayBindingRendezvous HandshakeBi-Directional Net.Tcp Full DuplexNo message size limit

solution. a b

NLB

outbound socket rendezvous

HTTP/SocketForwarder

outbound

socket connect

Ctrl

Ctrl

TCP/SSL or HTTP

Backend

NamingRouting

Fabric

FrontendNodes

solution. a bBacken

dNamingRouting

Fabric

FrontendNodes

Hybrid ConnectSpecial Mode of NetTcpRelayBindingTcpRelayConnection-Mode.HybridStarts as relayed connectionPerforms NAT probing and behavior predictionEstablishes direct connection and upgrades if possibleUpgrade driven by trafficTakes large transfers off the RelayNo transfer charges, lower latency

relayed connect

NAT Probing

CtrlNAT Probing

NAT Traversal Connection

Upgrade

Upgrade

relayed rendezvous

Oneway RendezvousCtrl Msg

TCP/SSL HTTP(S)

Service Bus Relay Samples

demo

Service Bus Messaging

Relay vs. Message Broker

The Relay routes messages ‘straight through’ with feedback path and network backpressure into sender

Route

AuthN/Z Backpressure Feedback Relay

Query FilterPull

AuthN/Z Broker

Brokers hold messages for retrieval and querying

Push vs. Pull

‘Push’ is a sender initiated activity that results in delivery of a message to a receiver without the receiver explicitly asking for one or a particular message

Intermediary

Broker

‘Pull’ is a receiver initiated activity that delivers stored messages to the receiver in a context that the receiver controls. The context is decoupled from the ‘Push’ style send operation

Ways to PullReceive and DeleteFastest. Message lost if receiver crashes or transmission fails.

Peek LockMessage is locked when retrieved. Reappears on broker when not deleted within lock timeout.

TransactionalLocal model

Broker

Broker

Broker

Broker Message

MessagesBrokered messaging properties are not SOAP headersProperties are key/value pairs that may very well carry payloadsIt’s not uncommon to have messages with empty message bodiesMessage bodies are useful for a single opaque payload not exposed to the broker (e.g. encrypted content)

Body

Properties

Queues

Load LevelingReceiver receives and processes at its own pace. Can never be overloaded. Can add receivers as queue length grows, reduce receiver if queue length is low or zero. Gracefully handles traffic spikes by never stressing out the backend.

Offline/BatchAllows taking the receiver offline for servicing or other reasons. Requests are buffered up until the receiver is available again.

Queue

Queues

Load BalancingMultiple receivers compete for messages on the same queue (or subscription). Provides automatic load balancing of work to receivers volunteering for jobs.Observing the queue length allows to determine whether more receivers are required.

Queue

TopicsTopic Sub

SubSub

Message DistributionEach receiver gets its own copy of each message. Subscriptions are independent. Allows for many independent ‘taps’ into a message stream. Subscriber can filter down by interest.

Constrained Message Distribution (Partitioning)Receiver get mutually exclusive slices of the message stream by creating appropriate filter expressions.

Subscription FiltersFilter conditions operate on message properties and are expressed in SQL’92 syntax InvoiceTotal > 10000.00 OR ClientRating <3ShipDestCtry = ‘USA’ AND ShipDestState=‘WA’LastName LIKE ‘V%’

Filters actions may modify/add/remove properties as message is selectedSET AuditRequired = 1

Runtime API Choices

HTTPREST

SOAP WS-*(Relay Clients)

Messaging API Hello World!

var tkp = TokenProvider.CreateSharedSecretTokenProvider("acct", "…");var svcUri = ServiceBusEnvironment.CreateServiceUri("sb", "myns", "");

var nsm = new NamespaceManager(svcUri, tkp);nsm.CreateQueue(queueName);

var mf = MessagingFactory.Create(svcUri, tkp);var qc = mf.CreateQueueClient(queueName);qc.Send(new BrokeredMessage { Properties = {{ "Greeting", "Hello World!" }}});

var m = qc.Receive();Console.WriteLine(m.Properties["Greeting"]);

1

2

3

Service Bus Messaging Samples

demo

© 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to

be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.