Your SlideShare is downloading. ×
0
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Session 4: Fortgeschrittene Themen
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Session 4: Fortgeschrittene Themen

361

Published on

Präsentation im Rahmen der Windows Azure Starter Roadshow: …

Präsentation im Rahmen der Windows Azure Starter Roadshow:

- Azure Service Bus
--Notification Hub
--Message Relaying
--Queues
- Active Directory, ACS
--Authenfizierung und Single-Sign-on-Lösungen für Applikationen
- SQL Databases

Published in: Software, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
361
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. 2013 © Trivadis BASEL BERN LAUSANNE ZÜRICH DÜSSELDORF FRANKFURT A.M. FREIBURG I.BR. HAMBURG MÜNCHEN STUTTGART WIEN Microsoft Azure Advanced Topics Stefan Geiger Gerry Keune @trivadis.com 12.06.2014 Advanced Topics 1
  • 2. 2013 © Trivadis AGENDA 1. Service Bus 2. Identity 3. SQL Database 12.06.2014 Advanced Topics 2
  • 3. 2013 © Trivadis Azure Service Bus Overview  PaaS Messaging Middleware  All Microsoft Azure Datacenters  Multiple Clusters (Scale-Units) per Datacenter  Provides secure messaging and connectivity across different network topologies  Uses ACS to allow sending messages to and listening on endpoints  Key Features  Pub/Sub Reliable Messaging (Brokered Messaging)  Relay  Notifications 05.06.2014 Advanced Topics 3 *customer preview
  • 4. 2013 © Trivadis Service Bus Relay Service  Enables hybrid applications that span on-premises and the cloud  Implements open format and protocols  Supports REST and WS-*  Exposes Service Endpoints into the Cloud  Accessible for Cloud & On-Premise Services  Relay Service allows communication between the client and services behind firewalls and NAT routers  Communication Patterns  One-way communication,  Publish/Subscribe  Peer-to-Peer  Multicast  Direct Connections 05.06.2014 Advanced Topics 5
  • 5. 2013 © Trivadis Architecture 05.06.2014 Advanced Topics 6
  • 6. 2013 © Trivadis Challenges  Addressability and discoverability  Private addresses and Network Address Translation (NAT)  Dynamic addresses (e.g. ISP)  Connectivity  Firewalls (denial of inbound connections)  Event distribution  Transient connectivity 05.06.2014 Advanced Topics 7
  • 7. 2013 © Trivadis Service Bus Relaying Messages 05.06.2014 Advanced Topics 9
  • 8. 2013 © Trivadis Security  Messages travelling between communication parties can be secured  [Microsoft.ServiceBus.EndToEndSecurityMode]  Message security is independent of relay security  Message Security Types  None - Disables Security  Transport (Default) - Message is sent through a secure channel (e.g HTTPS) to and from the relay service. (Not Secure within AppFabric SB)  Message - Encrypt body of the message (X509)  TransportWithMessageCredentials - Combination of Transport/Message types 05.06.2014 Advanced Topics 10
  • 9. 2013 © Trivadis 05.06.2014 Advanced Topics 11 Demo Service Bus Relay
  • 10. 2013 © Trivadis Service Bus Brokered Messaging  Sophisticated Pub / Sub mechanism  Disconnected communication between producers and consumers  Scales independently of each other since the intermediate message broker buffers any difference  Supports two distinct forms of brokered messages  Queues  Topics & Subscriptions  Features (some not all)  Deadlettering, Sessions, Transaction  Scheduled Messages  Duplicate Detection, Prefetch 05.06.2014 Advanced Topics 12
  • 11. 2013 © Trivadis Message Dimension  Max Message: 256 Kbyte  Max Total Props: 64 Kbyte  Includes sys props, reserve ~4 KByte  Max Prop: No explicit limit  Constrained by de-facto HTTP limits if you use HTTP; ~4KB for a header max  Max Body: 256KByte – sizeof(Props) 05.06.2014 Advanced Topics 13
  • 12. 2013 © Trivadis Delivery Options  Receive and Delete  Fastest. Message lost if receiver crashes or transmission fails  Peek Lock  Message is locked when retrieved. Reappears on broker when not deleted within lock timeout.  Session + Peek Lock  Message is locked along with all subsequent messages w/ same session-id ensuring order 05.06.2014 Advanced Topics 14 Receive and Delete 2. Delete/Unlock 1. Peek/Lock
  • 13. 2013 © Trivadis Service Bus Queues  Ordered Message Log  Ordered by arrival (broker assigns strongly monotonic sequence number to each msg)  Timestamped on arrival (authoritative clock)  Stored in SQL; once accepted, the message is as safe as any data in the SQL deployment  Multiplexing with sessions  Two modes: Pull and Forward  Pull – delivers messages on request, allowing concurrent readers  Forward – delivers message to single forward destination 05.06.2014 Advanced Topics 15
  • 14. 2013 © Trivadis Service Bus Topics  All features of Queues, plus Multiple, Independent Subscriptions  Named, durably created (optional) - Quota: Up to 2000 concurrent subscriptions  Rules with filter conditions on msg headers - Quota: Up to 2000 rules per subscription - Optional action set/modify message props - Each rule hit yields a message  Topic 'tail' and subscription 'head' are fully protocol compatible with Queues 05.06.2014 Advanced Topics 17
  • 15. 2013 © Trivadis Programming Options 05.06.2014 Advanced Topics 19 Apps NetMessagingBinding .NET Service Bus Messaging API .NET WCF Service Model SB Messaging Protocol (net.tcp, proprietary) AMQP 1.0 C/C++ (incl Embedded) Apache Proton-C HTTP(S) PHP client Node.js client Python client Java/JMS Apache Qpid JMS AMQP 1.0 Any HTTP client
  • 16. 2013 © Trivadis AGENDA 1. Service Bus 2. Identity 3. SQL Database 12.06.2014 Advanced Topics 22
  • 17. 2013 © Trivadis Security  Authentication and Authorization  Use Claims-based Identity  Authentication and access management based on open protocols  Reduces infrastructure dependencies - can be hosted on-premises or in the cloud without changes  Factoring authentication out of applications  Identity technologies and services used with Azure  Windows Identity Foundation (WIF)  Active Directory Federation Services 2.0  Azure Access Control Service 05.06.2014 Advanced Topics 23
  • 18. 2013 © Trivadis Claims-based solution  Stop building custom identification and user account databases into every new application  One approach to identity that works in various scenarios  Factoring out authentication of applications  Easy upgrade to stronger authentication methods  Identity Federation  WIF (Windows Identity Foundation) Framework simplifies implementing claims-based identity in your applications 05.06.2014 Advanced Topics 24
  • 19. 2013 © Trivadis Claims-based Identity Model  User’s identity to your application as a set of claims  Claims are attributes made by an issuer (e.g. email adress, username)  Identity data you receive comes from a trusted source  If you trust the issuer you will trust the claim  claim is a statement about a user made from a authority  Releases Application from  Authenticating users, storing user accounts and passwords  Calling to enterprise directories to look up user identity details.  Integrating with identity systems from other platforms or companies. 05.06.2014 Advanced Topics 25 User Name: Email: Roles: IsNETNerd: Stefan stefan.geiger@trivadis.com Consultant, Trainer true
  • 20. 2013 © Trivadis Security Token  The user delivers a set of claims to your application piggybacked along with her request  Token is a Serialized set of claims digitally signed by the issuing authority  Signature assures authenticity of claims  Web-Service carries the claim in the security header of the SOAP envelope.  Browser-based Web application sends claims via an HTTP POST from the user’s browser  Can be cached in a cookie if a session is desired 05.06.2014 Advanced Topics 26
  • 21. 2013 © Trivadis Security Token Service (STS)  STS builds, signs, and issues security tokens  Claims, tokens, and STSs are the foundation of claims-based identity 05.06.2014 Advanced Topics 27 Claim List of Trusted STS Token Token 1 Authenticate user, return token 2 Submit token 3 Verfify token’s signature and STS is trusted 4 Use claims in token
  • 22. 2013 © Trivadis 05.06.2014 Advanced Topics 28 Demo Claims-based Authentication
  • 23. 2013 © Trivadis Identity Federation  Authenticate users across different security domains  SAML (Security Assertion Markup Language )  XML-based standard for exchanging authentication and authorization data between security realms 05.06.2014 Advanced Topics 29 1 2 3 Organisation 1 Organisation 2
  • 24. 2013 © Trivadis Access Control Service  Allows you to integrate single sign on (SSO) and centralized authorization into your web applications 05.06.2014 Advanced Topics 30
  • 25. 2013 © Trivadis Access Control Service  Out-of-the-box support for popular web identity providers including: Windows Live ID, Google, Yahoo, and Facebook  Support for OAuth 2.0 (draft 13), WS-Trust, and WS-Federation protocols  Support for the SAML 1.1, SAML 2.0, and Simple Web Token (SWT) token formats 05.06.2014 Advanced Topics 31
  • 26. 2013 © Trivadis Security Best Practices  Authentication and Authorization  Use Claims-based Identity  Authentication and access management based on open protocols  Reduces infrastructure dependencies - can be hosted on-premises or in the cloud without changes  Factoring authentication out of applications  Identity technologies and services used with Azure  Windows Identity Foundation (WIF)  Active Directory Federation Services 2.0  Azure Access Control Service 05.06.2014 Advanced Topics 32
  • 27. 2013 © Trivadis AGENDA 1. Service Bus 2. Identity 3. SQL Database 12.06.2014 Advanced Topics 33
  • 28. 2013 © Trivadis SQL Database Overview  Relational database engine provided as Service based on SQL Server technology  Many SQL features are supported  Use with On-Premise and Cloud Application  Data access through ADO.NET or other providers  Data manipulation using standard T-SQL statements.  Databases in Azure are limited to either 1/500GB depending on the edition selected  Consider size limitation for migration scenarios  Automatically provides High Availability “out of box”  Transparent failover in case of failure  Load balancing of data to ensure SLA 12.06.2014 Advanced Topics 34
  • 29. 2013 © Trivadis SQL Database Network Topology 12.06.2014 Advanced Topics 35 Application Internet LBTDS (tcp) TDS (tcp) TDS (tcp) Apps use standard SQL client libraries: ODBC, ADO.Net, PHP, … Load balancer forwards ‘sticky’ sessions to TDS protocol tier Gateway Gateway Gateway Gateway Gateway Gateway Availability: Fabric, Failover, Replication, and Load balancing SQL SQL SQL SQL SQLSQL Gateway: TDS protocol gateway, enforces AUTHN/AUTHZ policy; proxy to backend SQL
  • 30. 2013 © Trivadis Database Replicas 12.06.2014 Advanced Topics 36 Replica 1 Replica 2 Replica 3 DB Replica 4
  • 31. 2013 © Trivadis Provisioning 12.06.2014 Advanced Topics 37  Each account has zero or more logical servers  Provisioned via a common portal  Establishes a billing instrument  Each logical server has one or more databases  Contains metadata about database & usage  Unit of authentication, geo-location, billing, reporting  Generated DNS-based name  Each database has standard SQL objects  Users, Tables, Views, Indices, etc  Unit of consistency Account Server Database
  • 32. 2013 © Trivadis 05.06.2014 Advanced Topics 38 Demo SQL Database
  • 33. 2013 © Trivadis SQL Database Management  Microsoft Azure Management Portal  Create and Delete Servers and Databases  Create Credentials  Configure Firewall settings  Maintain databases  Using Master Database  System Procedures for maintaining database  Show data usage -> billing information  Create / Delete Databases 12.06.2014 Advanced Topics 39
  • 34. 2013 © Trivadis Security  Network Access Control  Server is firewall protected (default no access)  Configure using special SP sys.firewall_rule…..  Authentication and Authorisation  SQL Authentication (Username,Password)  Authorisation identical to SQL Server (Roles)  Admin Roles have special privileges - Create / Drop Database - Manage Logins - Change Firewall Rules 12.06.2014 Advanced Topics 40
  • 35. 2013 © Trivadis SQL Database Limitations  Security  SSPI authentication is not supported  No database encryption  Certain users are disallowed (sa, admin, administrator, guest, root)  It isn’t possible to define another listening port rather 1433  Backups  Backup and restore operations are not available - Use Import/Export - Database clones are possible using create database statement  Objects  CLR. The .NET CLR isn’t available in SQL Azure  Tables need Clustered Index 12.06.2014 Advanced Topics 41
  • 36. 2013 © Trivadis SQL Database Limitations  Miscellaneous  No distributed transactions  Database size limited to chosen subscription (max 500GB)  No Service Broker  No SQL Agent  No Database file placement  Reduced subset of system schema objects 12.06.2014 Advanced Topics 42
  • 37. 2013 © Trivadis Data Migration  Existing SQL Server databases cannot be restored or attached to SQL Database  Data migration is a manual task using tools  Generate SQL Scripts  SQL Server Integration Service SSIS  BCP utility  BACPAC Export to Blob 12.06.2014 Advanced Topics 43
  • 38. 2013 © Trivadis Database Backup  Database Copy  Allows you to create a single copy of a source database using the AS COPY OF argument to the CREATE DATABASE statement:  Copy process is background task. Query DMV sys.dm_database_copies  SQL Data Sync  Synchronize on-premise / cloud  Manual  To Blob Storage  Import / Export (bacpac)  Bacpac (schema and data)  Dacpac (schema only) 12.06.2014 Advanced Topics 44
  • 39. 2013 © Trivadis BASEL BERN LAUSANNE ZÜRICH DÜSSELDORF FRANKFURT A.M. FREIBURG I.BR. HAMBURG MÜNCHEN STUTTGART WIEN Thank You Q & A 12.06.2014 Advanced Topics 45

×