arcready - architecting modern distributed applications
DESCRIPTION
Nearly every application we build today has dependencies to other systems. How do we design them to work together to meet our goals? How do we decide what to build and what to buy? Do we host it ourselves or in the cloud? With a bewildering array of choices, the biggest challenge we face today is how to architect robust applications with the right technologies to meet our user’s needs and integrate nicely into our existing IT ecosystems. Join our Central Region Architect Evangelists for a great discussion on architecting distributed applications using all the latest technologies and best practices. Session 1: Blueprints for Success. In this session, we will survey the modern architecture landscape from the ground up, including infrastructure, application, and client solution choices. We’ll discuss how current industry trends are shaping our architectures and present an innovative architecture mapping technique for analyzing our customer’s needs and aligning them to today’s technologies and solution patterns. Session 2: Making It Real. In this session, we’ll take a look at several case studies to learn how to apply the mapping technique from Session 1 to architect real world solutions that add true business value. We’ll examine applications we use every day and take a walk through a Microsoft reference architecture that explores many of the decisions we face when building modern distributed applications.TRANSCRIPT
Architecting Modern Distributed Applications
ArcReady:
About ArcReady…About ArcReady…
A A forumforum for aspiring and practicing for aspiring and practicing architects to discuss industry trends architects to discuss industry trends
An overview of Microsoft’sAn overview of Microsoft’s roadmaproadmap as as it relates to software architectureit relates to software architecture
A mechanism to solicit your A mechanism to solicit your feedback feedback
An opportunity to An opportunity to showcaseshowcase the work the work you do!you do!
About your presenter(s)…About your presenter(s)…
Clint EdmonsonArchitect EvangelistMicrosoft [email protected]
Brian PrinceArchitect EvangelistMicrosoft [email protected]
Larry ClarkinArchitect EvangelistMicrosoft [email protected]
Phil WheatArchitect EvangelistMicrosoft [email protected]
AgendaAgenda
Session 1: Blueprints for SuccessSession 1: Blueprints for Success
BreakBreak
Session 2: Making It RealSession 2: Making It Real
Drawing for prizesDrawing for prizes
Session 1Session 1
Blueprints for SuccessBlueprints for Success
Industry TrendsIndustry Trends
Industry TrendsIndustry Trends
Trend 1: Service Oriented Architecture (SOA)
Industry TrendsIndustry Trends
Industry TrendsIndustry Trends
Trend 2: Software as a Service (SaaS)Trend 2: Software as a Service (SaaS)
Industry TrendsIndustry Trends
Industry TrendsIndustry Trends
Trend 3: Web 2.0 Trend 3: Web 2.0
Industry TrendsIndustry Trends
Industry TrendsIndustry Trends
Trend 4: Rich Internet Applications (RIA)Trend 4: Rich Internet Applications (RIA)
Industry TrendsIndustry Trends
Industry TrendsIndustry Trends
Trend 5: Cloud ComputingTrend 5: Cloud Computing
Industry TrendsIndustry Trends
Industry TrendsIndustry Trends
SOA: Service Oriented Architecture Reuse and Agility
Web 2.0Network Effect
SaaS: Software as a Service Flexible pricing and delivery
RIA: Rich Internet ApplicationsExperience
Software + ServicesSoftware + Services
Cloud ComputingService Utility
Industry TrendsIndustry Trends
Is this just a Microsoft thing?Is this just a Microsoft thing?
Industry TrendsIndustry Trends
“Let me just say it: We want native third-party applications on the iPhone, and we plan to have an SDK in developers' hands in February” - Steve Jobs
Apple Reverses on Third-Party iPhone Apps
“But Google's offline approach also is a recognition that Microsoft's right in insisting that not all computing will take place in the Internet cloud. Microsoft's been touting a vision of "software plus services" that relies on Internet-connected desktop apps, and more enterprise software-as-a-service companies, such as CRM vendor RightNow, recognize the need for some client software.”
Google CEO Says Software
to Play a Bigger Role
Industry TrendsIndustry Trends
IBM also introduced Bluehouse, the code name for services … designed to help business partners share contacts, files, project and interact via chat and Web meeting. The model is similar to what Microsoft has been pushing with its software-plus-services strategy developed by Microsoft CTO Ray Ozzie, who created the Notes platform.
Microsoft is trying to define a new category with software plus services…it turns out that Microsoft may have a point and, while Salesforce.com would be unlikely to concede this, in fact it provides some supporting evidence. A few years ago Salesforce.com released its Off-line Edition for its popular customer relationship management (CRM) product.
Heads in the Cloud, Feet on the GroundHeads in the Cloud, Feet on the Ground
Heads in the Cloud, Feet on the GroundHeads in the Cloud, Feet on the Ground
Economy of ScaleLow High
ControlHigh Low
When it comes to running applications, organizations today face a tension between
control and economy of scale
Application runs on-premise
Buy my own hardware, and
manage my own data center
Heads in the Cloud, Feet on the GroundHeads in the Cloud, Feet on the Ground
Economy of ScaleLow High
Application runs at a hoster
Pay someone to host my
application using hardware
that I specify
Application runs using cloud
platform
Pay someone to host my
application without
specifying the hardware (they promise to be
“infinitely” scalable)
Application is supplied by a
vendor
Pay for someone’s
hosted application. Don’t care about the
hardware, as long as it works.
ControlHigh Low
On Premise Hoster Cloud Vendor
Heads in the Cloud, Feet on the GroundHeads in the Cloud, Feet on the Ground
Tension between build vs. buy
Build
vs.
Buy
Build
Buy
On Premise Hoster Cloud Vendor
“Packaged”Application
An application that I buy “off the
shelf” and run myself
“Home Built”Application
An application that I develop and
run myself
Heads in the Cloud, Feet on the GroundHeads in the Cloud, Feet on the GroundBu
ild v
s. B
uyBu
ildBu
y
Hosted “Home Built”
An application that I develop
myself, but run at a hoster
Hosted “Packaged”
An application that I buy “off the
shelf” and then run at a hoster
“Home Built”using cloud
An application that I develop myself, that is hosted using
cloud platform
“Packaged”using cloud
An application that I buy “off the
shelf”, that is hosted using
cloud platform
“Software as a Service”
A hosted application that I
buy from a vendor
“Platform as a Service”
A vendor hosted development and
runtime environment
On Premise Hoster Cloud Vendor
“Packaged”Application
“Home Built”Application
Big Pharmaceutical ExampleBig Pharmaceutical Example
Hosted “Home Built”
Hosted “Packaged”
“Home Built”using cloud
“Packaged”using cloud
“Software as a Service”
“Platform as a Service”
Clinical Trial
Molecule Research
HR System
CRM
ERP
“Too costly to run this myself, but I’ve made too many customizations”
“Too costly to run this myself, but I’ve made too many customizations”
On Premise Hoster Cloud Vendor
“Packaged”Application
“Home Built”Application
Big Pharmaceutical ExampleBig Pharmaceutical Example
Hosted “Home Built”
Hosted “Packaged”
“Home Built”using cloud
“Packaged”using cloud
“Software as a Service”
“Platform as a Service”
Clinical Trial
Molecule Research
HR System
CRM
ERP
“CRM and Email are commodity services – They have no customizations, and it’s cheaper for someone else to run these”
“CRM and Email are commodity services – They have no customizations, and it’s cheaper for someone else to run these”
On Premise Hoster Cloud Vendor
“Packaged”Application
“Home Built”Application
Big Pharmaceutical ExampleBig Pharmaceutical Example
Hosted “Home Built”
Hosted “Packaged”
“Home Built”using cloud
“Packaged”using cloud
“Software as a Service”
“Platform as a Service”
Clinical Trial
Molecule Research
HR System
CRM
ERP
“I can’t afford to maintain this old HR application written in VB – it’s driving me mad!”
“I can’t afford to maintain this old HR application written in VB – it’s driving me mad!”
“…but due to regulatory issues, I cannot store my HR data off-premise”
“…but due to regulatory issues, I cannot store my HR data off-premise”
On Premise Hoster Cloud Vendor
“Packaged”Application
“Home Built”Application
Big Pharmaceutical ExampleBig Pharmaceutical Example
Hosted “Home Built”
Hosted “Packaged”
“Home Built”using cloud
“Packaged”using cloud
“Software as a Service”
“Platform as a Service”
Clinical Trial
Molecule Research
CRM
ERP
HR System
“I wish I had access to cheaper compute and storage when I need it”
“I wish I had access to cheaper compute and storage when I need it”
On Premise Hoster Cloud Vendor
“Packaged”Application
“Home Built”Application
Big Pharmaceutical ExampleBig Pharmaceutical Example
Hosted “Home Built”
Hosted “Packaged”
“Home Built”using cloud
“Packaged”using cloud
“Software as a Service”
“Platform as a Service”
Clinical Trial
Molecule Research
CRM
ERP
HR System
“THIS is where I want to spend my IT resources – I’m going to double down on this application!”
“THIS is where I want to spend my IT resources – I’m going to double down on this application!”
Architectural Blueprints
On Premise Hoster Cloud Vendor
Architectural Blueprints
Infrastructure
On Premise Hoster Cloud Vendor
Architectural Blueprints
Physical, DedicatedSingle service on dedicated hardware
Physical, SharedMultiple services sharing same hardware
Physical, HPCPhysical hardware supporting HPC scenario
Virtual, SingleSingle instance virtual image
Virtual, SharedMultiple instance virtual image
Infrastructure
On Premise Hoster Cloud Vendor
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Architectural Blueprints
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Architectural Blueprints
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Storage
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Architectural Blueprints
FileFileshare, flat, page-based
RelationalHosted relational database, familiar, transactional, finite
UnstructuredKey/value Pair, no atomicity, infinitely scalable
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Storage
UnstructuredRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Architectural Blueprints
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
MessagingStorage
UnstructuredRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Architectural Blueprints
Service BusAsynchronous, reliable messaging, publish/subscribe model
Peer to PeerNode registration, directory, presence awareness
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
MessagingStorage
Service Bus Peer to PeerUnstructuredRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Architectural Blueprints
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage
Service Bus Peer to PeerUnstructuredRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Architectural Blueprints
AuthenticationUsername / Password or claims based
Role Based AuthorizationRole-checking and authorization
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage
Service Bus Peer to PeerUnstructuredRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Architectural Blueprints
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructuredRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Architectural Blueprints
Event BasedTriggered based on events (e.g. document upload)
High ThroughputLow latency, high volume (e.g. trading confirmations)
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Architectural Blueprints
Application Services
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Architectural Blueprints
Application Services
Collaboration
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Architectural Blueprints
SearchText Search, Image Search, Indexing
SocialSocial Graphs, Profiles
Content ManagementIndexing, Retrieval, Conflict Management
Application Services
Collaboration
Search SocialContent Mgt
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Architectural Blueprints
Application Services
Collaboration
Search SocialContent Mgt
Monetization
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Architectural Blueprints
TransactionPay for each transaction
SubscriptionPay per month/period
LicensingPay per user/machine
AdvertisingAdvert funded model
Application Services
Collaboration
Search SocialContent Mgt
Monetization
Subscribe AdvertLicensePer Trans
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Architectural Blueprints
Application Services
Collaboration
Search SocialContent Mgt
Monetization Composition
Subscribe AdvertLicensePer Trans
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Architectural Blueprints
Service CompositionComposition, brokering results, aggregation
Line of Business IntegrationService wrapping of mainframe and other LOB applications
Application Services
Collaboration
Search SocialContent Mgt
Monetization Composition
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Architectural Blueprints
Application Services
Application
Collaboration
Search SocialContent Mgt
Monetization Composition
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Architectural Blueprints
Business Logic (Rules)
Entities (Schema)
Workflow (Process)
Application Services
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
Workflow (Processes)
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Architectural Blueprints
Application ServicesWeb Presentation
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
Workflow (Processes)
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Architectural Blueprints
StaticStatic content, HTML etc
DynamicAsynchronous interaction, AJAX etc.
RIARich Internet Applications, high visuals, limited offline support
StreamingOptimized for content delivery, videos etc.
Application ServicesWeb Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
Workflow (Processes)
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Architectural Blueprints
Application ServicesProgrammatic AccessWeb Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
Workflow (Processes)
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Architectural Blueprints
Web ServicesSOAP based, WS-I compliant, WS-*
RESTCRUD access to services via HTML
RSSSyndication services for subscriptions
Application ServicesProgrammatic AccessWeb Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
Workflow (Processes)
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Architectural Blueprints
VoiceXMLMobile Application Speech API
SIPSession Initiation Protocol – IM Clients
SMTPEmail inbound and outbound delivery
SMSMobile inbound and outbound text messaging
Application ServicesProgrammatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Architectural Blueprints
Application Services
Client Software
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Architectural Blueprints
Application Services
Client SoftwarePC
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Architectural BlueprintsBrowserConsumer of web based content, HTML etc., including RIA plug in
OfficeOffice Suite, including Email and RSS reader capability
Client ApplicationRich (Smart) client applications installed locally on machine
GadgetsLocally installed, desktop based
Instant MessagingLocally installed Instant Messaging client
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Architectural Blueprints
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Architectural Blueprints
BrowserConsumer of web based content, HTML etc., including RIA plug in
OfficeOffice Suite, including Email and RSS reader capability
Client ApplicationRich (Smart) client applications installed locally on machine
SMS / IMText messaging and IM using Mobile Device
SpeechSpeech enabled interface
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Architectural Blueprints
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Architectural Blueprints
DevicesDedicated devices
ConsolesGames Consoles
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Architectural Blueprints
Architectural Trends
Architectural Trends
How can we analyze our architectures using these blueprints?
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Static Web Site, On Premise
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Static Web Site, On Premise (Add Content Mgt)
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Static Web Site, On Premise (Add Search/Social)
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Static Web Site, On Premise (Add Ad Service)
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Static Web Site, On Premise (Move to Hoster)
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Static Web Site, On Premise (Add AJAX)
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Static Web Site, On Premise (Add Mobile RSS)
Architectural Trends
How about the trends we talked about earlier?
Architectural Trends
Trend 1: Service Oriented Architecture (SOA)
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Trend 1: SOA - Single Service, On Premise
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Trend 1: SOA - Single Service, On Premise
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Trend 1: SOA - Single Service, On Premise
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Trend 1: SOA - Single Service, On Premise
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Trend 1: SOA - Single Service, On Premise
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Trend 1: SOA - Single Service, On Premise
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Trend 1: SOA - Single Service, On Premise
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Trend 1: SOA - Single Service, On Premise
Architectural Trends
Trend 2: Software as a Service (SaaS)
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Trend 2: SaaS – Web Based SaaS Provider
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Trend 2: SaaS – Web Based SaaS Provider
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Trend 2: SaaS – Web Based SaaS Provider
Architectural Trends
Trend 3: Web 2.0
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Trend 3: Web 2.0 – Social Networking Site
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Trend 3: Web 2.0 – Social Networking Site
Architectural Trends
Trend 4: Rich Internet Applications
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Trend 4: RIA – eCommerce Site
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Trend 4: RIA – eCommerce Site
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Trend 4: RIA – eCommerce Site
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Trend 4: RIA – eCommerce Site
Architectural Trends
Trend 5: Cloud Computing
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Trend 5: Cloud Computing – Backup Provider
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Trend 5: Cloud Computing – Backup Provider
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Trend 5: Cloud Computing – Backup Provider
Architectural Trends
How about Microsoft’s own products?
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Windows Live Mesh CTP (Current, Primary)
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Exchange Lifecycle (Exchange 4.0, Outlook 97)
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Exchange Lifecycle (Exchange 5.0, Outlook 97)
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Exchange Lifecycle (Exchange 5.0 SP1, Outlook XP)
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Exchange Lifecycle (Exchange 2003, Outlook 2003)
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Exchange Lifecycle (Exchange 2007, Outlook 2007)
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Exchange Lifecycle (Hosted Exchange, Outlook 2007)
Architectural Challenges
On Premise Hoster Cloud Vendor
“Packaged”Application
“Home Built”Application
Big Pharmaceutical Example
Hosted “Home Built”
Hosted “Packaged”
“Home Built”using cloud
“Packaged”using cloud
“Software as a Service”
“Platform as a Service”
Clinical Trial
Molecule Research
CRM
ERP
HR System
Architectural Challenges
Challenge 1 - Identity
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Challenge 1 - Identity
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Challenge 1 - Identity
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Challenge 1 - Identity
• Accessing Hosted Assets with Internal Credentials• AuthN and AuthZ across FW• Credential Storage
• Accessing Hosted Assets with Internal Credentials• AuthN and AuthZ across FW• Credential Storage
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Challenge 1 - Identity
Architectural Challenges
Challenge 2 – Data
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Challenge 2 - Data
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Challenge 2 - Data
• Import and Export of Data• Privacy of External Data• Reporting and Analytics
• Import and Export of Data• Privacy of External Data• Reporting and Analytics
Architectural Challenges
Challenge 3 – Management
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Challenge 3 - Management
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Challenge 3 - Management
• Holistic View of Application?• Integration into existing System Management solutions?• Contracts and SLAs
• Holistic View of Application?• Integration into existing System Management solutions?• Contracts and SLAs
Architectural Blueprints – Next Steps
Architectural Blueprints – Next Steps
Step 1 – Use the “blueprints” to decompose and recompose existing applications
Architectural Blueprints – Next Steps
Step 2 – Get the right people involved
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Architectural Blueprints – Next Steps
Infrastructure Architect / Data Center Operations
Solutions and Infrastructure Architect
Solutions Architect and Development Team
Solutions Architect and Development Team (inc. Web Design)
Solutions Architect and Development Team (inc. Designer)
Ente
rpri
se A
rchit
ect
and C
IO Data
Cente
r Opera
tions
Architectural Blueprints – Next Steps
Step 3 – Understand the Technology Mappings
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Architectural Blueprints – Next Steps
IE8 Windows Mobile 7XBOX 360
IIS 7 SL Streaming WCF
.NET Framework
MOSS 2007 BTS AdaptersMOSS 2007 BDC
AD / ADFS
AdCent
er
.NET Framework 3rd Party
BizTalk 2006 R2
ILMBizTalk / BizTalk.Net Mesh CTP
IIS 7
SQL Server SSDS Windows WF
MOSS 2007Windows WF
BizTalk Server
Windows Server 2008WS 2008
HPCWindows Server 2008 Hyper-
V
Office
WPF Vista OCWin
Embed.NET CF
Architectural Blueprints – Next Steps
Step 4 – Document repeatable patterns
Application Services
Client SoftwarePC
Browser
Programmatic Access
RSS REST Web Services VoiceXML
Web Presentation
Static Dynamic RIA Streaming
Application
Entities (Schema)Business Logic (Rules)
Collaboration
Search SocialContent Mgt
Monetization Composition
SMTP SMSSIP
Workflow (Processes)
Office Client Gadgets IM
Mobile
Speech SMS/IM Browser Office Client
Embedded
Devices Consoles
Subscribe AdvertLicensePer Trans Service Orchestration Line of Business
Infrastructure
On Premise Hoster Cloud Vendor
Infrastructure Services
Identity & AccessMessagingStorage Workflow
Service Bus Peer to PeerUnstructured Event Based High ThroughputRelationalFile
Compute
Physical, Dedicated Physical, Shared Physical, HPC Virtual, Single Virtual, Scalable
Authentication Authorization
Architectural Blueprints – Next Steps
Architectural Blueprints – Next Steps
Architectural Blueprints – Next Steps
Step 5 –Resources
BreakBreak
Please complete an EvalPlease complete an Eval
Session 2Session 2
Making it RealMaking it Real
Look at IdentityLook at Identity
Look at IdentityLook at Identity
Authentication Authentication ŸŸ Authorization Authorization
Look at IdentityLook at Identity
Role Based Access ControlRole Based Access Control
Roles -> Rights -> Resources Roles -> Rights -> Resources
Rights represent actions in the system
Rights are grouped into roles
Roles are assigned to users
User authenticates
User ApplicationUsername, Pwd
System finds all of the users roles, calculates the effective
rights
User Application
RightsStorage
Username, Pwd
Roles: Operator, ManagerRights: vDash, vOrders, …
Attach Principal/Identity to Thread
User Application
RightsStorage
Username, Pwd
Roles: Operator, ManagerRights: vDash, vOrders, …
P Principal & IdentityI
Code Checks for Permission
Defense in Depth!
Evolution of Security Manager
Problems with this Problems with this approach?approach?
Companies have lots of applications
Each with their own silo of identity Each with their own silo of identity datadata
Each system is hardcoded for Each system is hardcoded for Az/AnAz/An
Duplicated Code
Tedious to implement every Tedious to implement every timetime
Leads to greater risk as well
Many companies have 0 or n directories
Username & Password just isn’t enough anymore
An array of accounts for users
Intracompany?
Doesn’t work in the cloudDoesn’t work in the cloud
Hard for calling services
Single hop and Impersonation
ZermattZermatt
Framework for Claims Based Identity
Three geeks walk into a
bar…
What is a Claim?
Web Application/ServiceWeb Application/Service
Username: BrianRoles: Manager, SalesEmail: [email protected]: True
Your app is no longer concerned withYour app is no longer concerned with
• AuthenticationAuthentication• Storing and securing usernames and pwdsStoring and securing usernames and pwds• Connecting to directoriesConnecting to directories• Managing roles/rights/claimsManaging roles/rights/claims
Allows for FederationAllows for Federation
Cloud Storage
(new molecule research in purple)
Cloud Platform
Cloud Compute
•Big Pharma deploys software to cloud
The “Cloud”
employees
Clinical trialsoftware
Firewall
Big Pharma “on premise”
Management
IT
DirectorySTS
InternetService Bus(Identity)
STS
•Employees access cloud software
“A Cloudy World” Example
The “Cloud”
employees
Clinical trialsoftware
Firewall
Big Pharma “on premise”
Management
IT
DirectorySTS
(big pharma data in purple)
“cloud” CRM
•Employees use “cloud” CRM•IT Manages “cloud” CRM
“A Cloudy World” Example
The “Cloud”
employees
Clinical trialsoftware
Clinical trial patients
Firewall
Big Pharma “on premise”
Management
IT
DirectorySTS
Cloud Platform
InternetService Bus
(Connectivity)
InternetService Bus(Identity)
STSRelay
•External Patients using Relay to access “on premise” clinical trial software
“A Cloudy World” Example
The “Cloud”
employees
Clinical trialsoftware
(big pharma data in purple)
(big pharma instance in purple)
Clinical trial patients
Firewall
InternetService Bus
(Connectivity)
Big Pharma “on premise”
Cloud Storage
(new molecule research in purple)
InternetService Bus(Identity)
STSRelay Cloud Compute
Management
IT
Directory
Cloud Platform
CRM Online
Hosted ERP @ Hoster
STS
“A Cloudy World” Example
Claim
• A piece of your identity• A property• Come from issuers. You only trust the
claim as much as the issuer
Zermatt : Claim Object
IdentityIdentity
A set of claims that describes a user A set of claims that describes a user or entityor entity
IClaimsIdentity
Security TokenSecurity Token
• A serialized set of claims that are signed by A serialized set of claims that are signed by the issuerthe issuer
• Presented when system access is requestedPresented when system access is requested• Found in the SOAP envelope for a web Found in the SOAP envelope for a web
service callservice call• Found in the HTTP POST in a web Found in the HTTP POST in a web
applicationapplication
IClaimsPrincipal
Easy Change
Sample Code
Issuing Authority
• Many types:– Kerberos tickets– Certificate authorities– X.509 certificates
• We want one that creates our security tokens.– Knows how to issue the right claims for the
right user– Interacts with AuthN systems, and
authenticates the user
Security Token Service (STS)
• A type of Issuer• Uses standards
– WS-MEX– WS-Trust– Security
Assertion Markup Language (SAML)
Relying Party (RP)
The system that relies on the claim tokensThe system that relies on the claim tokens
YOUR SYSTEMYOUR SYSTEM
(WS-Trust)(WS-Trust)
Basic Scenario – Active Client
Relying Party(Web Service)Relying Party(Web Service)Smart ClientSmart Client
Trusted Authority(Web Service)
Trusted Authority(Web Service)
STS
1. Get Policy1. Get Policy
3. Send Claims3. Send Claims
2. G
et C
laim
s2.
Get
Cla
ims
Directory/Credential
Store
Directory/Credential
StoreBusiness
Rules
Basic Scenario – Passive Client
(WS-Federation)(WS-Federation)
Relying Party(Web App)
Relying Party(Web App)BrowserBrowser
Trusted Authority(Web App)
Trusted Authority(Web App)
STS
1. HTTP GET1. HTTP GET
3. HTTP POST3. HTTP POST
2. R
edire
ct2.
Red
irect
Directory/Credential
Store
Directory/Credential
StoreBusiness
Rules
Federated Scenario
Relying Party(Web Service)Relying Party(Web Service)Smart ClientSmart Client
Trusted Authority(Web Service)
Trusted Authority(Web Service)
STS Business Rules
InternetInternet
Trusted Authority(Web Service)
Trusted Authority(Web Service)
STS Business Rules
11
22
33
(Java?) (.NET?)
Federated Authentication
Module
Zermatt ASP.NET Controls
Wiring Zermatt up to ASP.NET
Calling a Claims Aware Service
Client side WCF already has everything it needs
Wiring Zermatt up to a Service
• WCF handles SAML tokens out of the box
• Needs to be configured with a custom binding
• Zermatt wires in custom behaviors into the WCF config
• This lets you use the simplified Zermatt claims model instead of the normal WCF model
Service IdentityClient / UXClient / UX
ServiceService
Domain ObjectsDomain Objects
Persistence LayerPersistence Layer
Data StoreData Store
User User
Service Account
SSRSSSRS
Delegation and ActAs
Web Front EndWeb Front End
Trusted AuthorityTrusted Authority
STS
3. Get Claims for 3. Get Claims for svcInv ActAs svcInv ActAs
DieterDieter
2. Dieter2. Dieter
1. G
et C
laim
s fo
r Die
ter
1. G
et C
laim
s fo
r Die
ter
Directory/Credential
Store
Directory/Credential
StoreBusiness
Rules
Dieter’sBrowserDieter’sBrowser
ID: DieterID: Dieter ID: svcInvID: svcInv
Back EndWeb Service
Back EndWeb Service
ID: DieterID: Dieter
4. svcInv ActAs 4. svcInv ActAs DieterDieter
Authentication Assurance
Zermatt ResourcesZermatt Resources
http://connect.microsoft.com/site/http://connect.microsoft.com/site/sitehome.aspx?SiteID=642sitehome.aspx?SiteID=642– Download the whitepaper, bits, and samplesDownload the whitepaper, bits, and samples
Resources…Resources…Slide deck:www.slideshare.net/ArcReady
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.