Download - c loud guidance
Agenda
Why care
How to think about and exploit the Windows Azure Platform
Real-world walk-through/demo
Discussion
Step 1 - Unlocking the Cloud
“You can have any color Model T so long as it's black.”
Pop Quiz
You can have any colour Model T so long as it's black.
The model of “one size fits all” is now seen by most IT organizations as being flawed.
“Packaged”Application
An application that I buy “off the
shelf” and run myself.
Self Hosted “Home Built”
An application that I develop and
run myself.
Build
vs.
Buy
Build
Buy
Hosted “Home Built”
An application that I develop
myself, but run at a hoster.
Hosted “Packaged”
An application that I buy “off the
shelf” and then run at a hoster.
Cloud Platform
An application that I develop
myself, but run in the cloud.
“Software as a Service”
A hosted application that I
buy from a provider.
On premises vs. CloudOn premises Cloud
Trade-offs
Windows Azure Platform
Windows Azure
Applications
.NET Services
SQL Azure
Applications
OthersWindowsMobile
WindowsVista/XP
WindowsServer
Windows Azure PlatformAn illustration
Windows Azure
Windows Azure Basics
The goal of Windows Azure is to provide a platform that is scalable and available
Windows Azure can run various kinds of Windows applications:
.NET applicationsUnmanaged codePHP. . .
.NET Services
Windows Azure
Applications
Applications
SQL Azure
OthersWindowsMobile
WindowsVista/XP
WindowsServer
Fabric
Storage
Config
Compute
Application
Windows AzureWindows in the cloud
…
Fabric
Compute Storage
Application
VMs VMs
Windows Azure Fabric
main(){ … }
Agent Agent
Windows Azure Compute Service A closer look
Load Balancer
HTTPIIS
ASP.NET,WCF etc.
Windows Azure Compute ServicePoints of interest
The VMs are provided by a cloud-optimized hypervisorFor developers:
Applications see a 64-bit Windows Server 2008 interface
A few things require accessing the Windows Azure Agent, e.g., logging
A desktop facsimile of Windows Azure in the cloud is provided for development
…
Fabric
Compute Storage
Application
Windows Azure Storage ServiceA closer look
Blobs
HTTP/ HTTPS
Tables Queues
Windows Azure StoragePoints of interest
Storage types:Blobs: a simple hierarchy of binary dataTables: entity storage (not relational tables)Queues: allow communication among web and worker role instances
Access:Data is exposed via a RESTful interfaceData can be accessed by:
Windows Azure applicationsOther on-premises or cloud applications
Table . . .TableTable
Entity . . .EntityEntity
Property Property . . .Property
Windows Azure StorageA closer look at tables
Name Type Value
Windows Azure StorageTables: Challenges
Access via RESTYou can’t use ordinary ADO.NET
No SQLNo real joins, aggregates, etc.
An unfamiliar hierarchical structureYou can’t easily move relational data to itSupporting services are scarce, e.g., reporting
No schema
Windows Azure StorageTables: Strengths
Massive scalabilityBy effectively allowing scale-out data
Applied to the right problem, Windows Azure Tables are a beautiful thing
Web RoleInstance
Queue
1) Receive work
3) Dequeue message
4) Do work
2) Enqueue message
5) Delete message
Worker RoleInstance
Using QueuesThe suggested application model
Guidance on Using Windows Azure
Using Windows AzureSome examples
A start-up might create a new Web application on Windows Azure
They can fail fast or scale fastAn ISV might create a SaaS version of an existing .NET application on Windows Azure
It’s .NET, so porting the code is doableAn enterprise might build a new application on Windows Azure
It’s .NET, so developers are plentiful
SQL Azure
SQL Azure
.NET Services
Windows Azure
Applications
Applications
OthersWindowsMobile
WindowsVista/XP
WindowsServer
SQL AzureData services in the cloud
SQL Azure
Others (Future)
SQL AzureToday:
SQL AzureFormerly known as SQL Server Data Services (SSDS)
In the future: ReportingAnalysisExtract/Transform/Load (ETL) servicesMore
TDS Database
Database
Database
SQL Azure
Others (Future)
SQL AzureAn illustration
Guidance on Using SQL Azure
Using SQL AzureSome examples
A Windows Azure application might use SQL Azure for its dataA departmental app could use SQL Azure rather than a local database
For better reliability and availabilityAn organization might make data available to both in-house and partner apps through SQL Azure
Such as a company with a far-flung dealer network
.NET Services
.NET Services
Windows Azure
Applications
Applications
SQL Azure
OthersWindowsMobile
WindowsVista/XP
WindowsServer
Service Bus
Access Control ?
.NET ServicesInfrastructure in the cloud
The Access Control Service
The problem:Different organizations identify users with tokens containing different claimsApplications can be faced with a confusing mess
The solution: The Access Control Service implements a security token service (STS) in the cloudIt accepts one token and issues another
The claims in the outgoing token can differ from those in the incoming token
An administrator can define rules for how this claims transformation is done
Service Bus
The problem: Exposing internal applications on the Internet isn’t easy
Network address translation (NAT) and firewalls get in the way
The solution:Service Bus provides a cloud-based intermediary between clients and internal applicationsIt also provides a service registry that clients can use to find the services they need
Access Control
Service Bus
Service Bus
Registry
Endpoints
Organization YOrganization X
Application Application
Service Bus
2) Discover endpoints
1) Register endpoints3) Access
application
Guidance on Using .NET Services
Using .NET ServicesSome examples
An app that’s accessed over the Internet from different organizations might rely on Access Control to rationalize the identity information it receives
And to do access controlAn enterprise might expose an internal application to its trading partners via Service Bus
Note: this is a bit of a trick question, and it has to do with security….
What are the first two questions an application has to answer?
Pop Quiz
In A Nutshell
Your CustomersYour Application
.NET
Acc
ess
Cont
rol S
ervi
ceAc
coun
t
<Any ID Provider>
Live ID Users
XYZ Domain Users
Who is the caller?
What can they do?
ServiceBus
WorkflowService
SQL DataService
Web UI
Step 1. Unlocking the CloudAuthentication and Authorization
Glaxo Smith Kline – “BigPharma”
A day in the life…John is a scientist doing research @ BigPharmaHas an idea…Needs a new Biological Reagent…
Options:1. Search the web
1. Multiple sources2. Different formats3. Security constraints
2. Call colleagues to see if they have it1. Expensive
3. Go to the Lab and create it1. 2 -3 months2. Expensive
Cloud-Catalog
Firewall
PharmaX
Firewall FirewallFirewall
Access Control & Security
Queries QueriesUploadsUpdatesQueries
UploadsUpdatesQueries
China Subsidiary
LitwareReagent
DB
BigPharmaReagent
DB
PharmaXReagent
DB
Key requirementsDe-centralized managementAccess Control
(Very) fine grained Access ControlOrg Row Field
X-OrgLeveraging existing Identity and AuthZ infrastructureGeo-distributed informationFlexible data schemaInteroperability through standards
a working prototypeProvisioningUsing the catalog
demo
Key requirements – recapDe-centralized management
Self-provisioningMulti-tenant architecture (extensibility, customization, etc)
Access Control(Very) fine grained Access ControlOrg Row FieldCross-Organization
Leveraging existing Identity and AuthZ infrastructureSSO
Flexible data schemaInteroperability through standards:
WS-* WS-Federation, WS-Trust, SAML
Geo-distributed information
Identity & Access ControlFederation & Claims
3
1
2IP-STS
STS
An event analogyTechEd
Operations
TechEdSessions
TechEdParty
Attendee
Speaker
Staff
TechEdSpeakerRoom
Identity & Access ControlFederation & Claims
ADFS
Windows Identity Foundation
a working prototypedemo
More on Access Control
Takeaways
Cloud computing is herepatterns & practices is building guidance
Claims-based Authentication and Authorization‘Cloudlib’
A new world is unfoldingPrepare to be part of it
Agenda
Why care
How to think about and exploit the Windows Azure Platform
Real-world walk-through/demo
Discussion
Step 1 - Unlocking the Cloud