• Like

Session 4: Fortgeschrittene Themen

  • 294 views
Uploaded on

Präsentation im Rahmen der Windows Azure Starter Roadshow: …

Präsentation im Rahmen der Windows Azure Starter Roadshow:

- Azure Service Bus
--Notification Hub
--Message Relaying
--Queues
- Active Directory, ACS
--Authenfizierung und Single-Sign-on-Lösungen für Applikationen
- SQL Databases

More in: Software , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
294
On Slideshare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
2
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. 2013 © Trivadis BASEL BERN LAUSANNE ZÜRICH DÜSSELDORF FRANKFURT A.M. FREIBURG I.BR. HAMBURG MÜNCHEN STUTTGART WIEN Microsoft Azure Advanced Topics Stefan Geiger Gerry Keune @trivadis.com 12.06.2014 Advanced Topics 1
  • 2. 2013 © Trivadis AGENDA 1. Service Bus 2. Identity 3. SQL Database 12.06.2014 Advanced Topics 2
  • 3. 2013 © Trivadis Azure Service Bus Overview  PaaS Messaging Middleware  All Microsoft Azure Datacenters  Multiple Clusters (Scale-Units) per Datacenter  Provides secure messaging and connectivity across different network topologies  Uses ACS to allow sending messages to and listening on endpoints  Key Features  Pub/Sub Reliable Messaging (Brokered Messaging)  Relay  Notifications 05.06.2014 Advanced Topics 3 *customer preview
  • 4. 2013 © Trivadis Service Bus Relay Service  Enables hybrid applications that span on-premises and the cloud  Implements open format and protocols  Supports REST and WS-*  Exposes Service Endpoints into the Cloud  Accessible for Cloud & On-Premise Services  Relay Service allows communication between the client and services behind firewalls and NAT routers  Communication Patterns  One-way communication,  Publish/Subscribe  Peer-to-Peer  Multicast  Direct Connections 05.06.2014 Advanced Topics 5
  • 5. 2013 © Trivadis Architecture 05.06.2014 Advanced Topics 6
  • 6. 2013 © Trivadis Challenges  Addressability and discoverability  Private addresses and Network Address Translation (NAT)  Dynamic addresses (e.g. ISP)  Connectivity  Firewalls (denial of inbound connections)  Event distribution  Transient connectivity 05.06.2014 Advanced Topics 7
  • 7. 2013 © Trivadis Service Bus Relaying Messages 05.06.2014 Advanced Topics 9
  • 8. 2013 © Trivadis Security  Messages travelling between communication parties can be secured  [Microsoft.ServiceBus.EndToEndSecurityMode]  Message security is independent of relay security  Message Security Types  None - Disables Security  Transport (Default) - Message is sent through a secure channel (e.g HTTPS) to and from the relay service. (Not Secure within AppFabric SB)  Message - Encrypt body of the message (X509)  TransportWithMessageCredentials - Combination of Transport/Message types 05.06.2014 Advanced Topics 10
  • 9. 2013 © Trivadis 05.06.2014 Advanced Topics 11 Demo Service Bus Relay
  • 10. 2013 © Trivadis Service Bus Brokered Messaging  Sophisticated Pub / Sub mechanism  Disconnected communication between producers and consumers  Scales independently of each other since the intermediate message broker buffers any difference  Supports two distinct forms of brokered messages  Queues  Topics & Subscriptions  Features (some not all)  Deadlettering, Sessions, Transaction  Scheduled Messages  Duplicate Detection, Prefetch 05.06.2014 Advanced Topics 12
  • 11. 2013 © Trivadis Message Dimension  Max Message: 256 Kbyte  Max Total Props: 64 Kbyte  Includes sys props, reserve ~4 KByte  Max Prop: No explicit limit  Constrained by de-facto HTTP limits if you use HTTP; ~4KB for a header max  Max Body: 256KByte – sizeof(Props) 05.06.2014 Advanced Topics 13
  • 12. 2013 © Trivadis Delivery Options  Receive and Delete  Fastest. Message lost if receiver crashes or transmission fails  Peek Lock  Message is locked when retrieved. Reappears on broker when not deleted within lock timeout.  Session + Peek Lock  Message is locked along with all subsequent messages w/ same session-id ensuring order 05.06.2014 Advanced Topics 14 Receive and Delete 2. Delete/Unlock 1. Peek/Lock
  • 13. 2013 © Trivadis Service Bus Queues  Ordered Message Log  Ordered by arrival (broker assigns strongly monotonic sequence number to each msg)  Timestamped on arrival (authoritative clock)  Stored in SQL; once accepted, the message is as safe as any data in the SQL deployment  Multiplexing with sessions  Two modes: Pull and Forward  Pull – delivers messages on request, allowing concurrent readers  Forward – delivers message to single forward destination 05.06.2014 Advanced Topics 15
  • 14. 2013 © Trivadis Service Bus Topics  All features of Queues, plus Multiple, Independent Subscriptions  Named, durably created (optional) - Quota: Up to 2000 concurrent subscriptions  Rules with filter conditions on msg headers - Quota: Up to 2000 rules per subscription - Optional action set/modify message props - Each rule hit yields a message  Topic 'tail' and subscription 'head' are fully protocol compatible with Queues 05.06.2014 Advanced Topics 17
  • 15. 2013 © Trivadis Programming Options 05.06.2014 Advanced Topics 19 Apps NetMessagingBinding .NET Service Bus Messaging API .NET WCF Service Model SB Messaging Protocol (net.tcp, proprietary) AMQP 1.0 C/C++ (incl Embedded) Apache Proton-C HTTP(S) PHP client Node.js client Python client Java/JMS Apache Qpid JMS AMQP 1.0 Any HTTP client
  • 16. 2013 © Trivadis AGENDA 1. Service Bus 2. Identity 3. SQL Database 12.06.2014 Advanced Topics 22
  • 17. 2013 © Trivadis Security  Authentication and Authorization  Use Claims-based Identity  Authentication and access management based on open protocols  Reduces infrastructure dependencies - can be hosted on-premises or in the cloud without changes  Factoring authentication out of applications  Identity technologies and services used with Azure  Windows Identity Foundation (WIF)  Active Directory Federation Services 2.0  Azure Access Control Service 05.06.2014 Advanced Topics 23
  • 18. 2013 © Trivadis Claims-based solution  Stop building custom identification and user account databases into every new application  One approach to identity that works in various scenarios  Factoring out authentication of applications  Easy upgrade to stronger authentication methods  Identity Federation  WIF (Windows Identity Foundation) Framework simplifies implementing claims-based identity in your applications 05.06.2014 Advanced Topics 24
  • 19. 2013 © Trivadis Claims-based Identity Model  User’s identity to your application as a set of claims  Claims are attributes made by an issuer (e.g. email adress, username)  Identity data you receive comes from a trusted source  If you trust the issuer you will trust the claim  claim is a statement about a user made from a authority  Releases Application from  Authenticating users, storing user accounts and passwords  Calling to enterprise directories to look up user identity details.  Integrating with identity systems from other platforms or companies. 05.06.2014 Advanced Topics 25 User Name: Email: Roles: IsNETNerd: Stefan stefan.geiger@trivadis.com Consultant, Trainer true
  • 20. 2013 © Trivadis Security Token  The user delivers a set of claims to your application piggybacked along with her request  Token is a Serialized set of claims digitally signed by the issuing authority  Signature assures authenticity of claims  Web-Service carries the claim in the security header of the SOAP envelope.  Browser-based Web application sends claims via an HTTP POST from the user’s browser  Can be cached in a cookie if a session is desired 05.06.2014 Advanced Topics 26
  • 21. 2013 © Trivadis Security Token Service (STS)  STS builds, signs, and issues security tokens  Claims, tokens, and STSs are the foundation of claims-based identity 05.06.2014 Advanced Topics 27 Claim List of Trusted STS Token Token 1 Authenticate user, return token 2 Submit token 3 Verfify token’s signature and STS is trusted 4 Use claims in token
  • 22. 2013 © Trivadis 05.06.2014 Advanced Topics 28 Demo Claims-based Authentication
  • 23. 2013 © Trivadis Identity Federation  Authenticate users across different security domains  SAML (Security Assertion Markup Language )  XML-based standard for exchanging authentication and authorization data between security realms 05.06.2014 Advanced Topics 29 1 2 3 Organisation 1 Organisation 2
  • 24. 2013 © Trivadis Access Control Service  Allows you to integrate single sign on (SSO) and centralized authorization into your web applications 05.06.2014 Advanced Topics 30
  • 25. 2013 © Trivadis Access Control Service  Out-of-the-box support for popular web identity providers including: Windows Live ID, Google, Yahoo, and Facebook  Support for OAuth 2.0 (draft 13), WS-Trust, and WS-Federation protocols  Support for the SAML 1.1, SAML 2.0, and Simple Web Token (SWT) token formats 05.06.2014 Advanced Topics 31
  • 26. 2013 © Trivadis Security Best Practices  Authentication and Authorization  Use Claims-based Identity  Authentication and access management based on open protocols  Reduces infrastructure dependencies - can be hosted on-premises or in the cloud without changes  Factoring authentication out of applications  Identity technologies and services used with Azure  Windows Identity Foundation (WIF)  Active Directory Federation Services 2.0  Azure Access Control Service 05.06.2014 Advanced Topics 32
  • 27. 2013 © Trivadis AGENDA 1. Service Bus 2. Identity 3. SQL Database 12.06.2014 Advanced Topics 33
  • 28. 2013 © Trivadis SQL Database Overview  Relational database engine provided as Service based on SQL Server technology  Many SQL features are supported  Use with On-Premise and Cloud Application  Data access through ADO.NET or other providers  Data manipulation using standard T-SQL statements.  Databases in Azure are limited to either 1/500GB depending on the edition selected  Consider size limitation for migration scenarios  Automatically provides High Availability “out of box”  Transparent failover in case of failure  Load balancing of data to ensure SLA 12.06.2014 Advanced Topics 34
  • 29. 2013 © Trivadis SQL Database Network Topology 12.06.2014 Advanced Topics 35 Application Internet LBTDS (tcp) TDS (tcp) TDS (tcp) Apps use standard SQL client libraries: ODBC, ADO.Net, PHP, … Load balancer forwards ‘sticky’ sessions to TDS protocol tier Gateway Gateway Gateway Gateway Gateway Gateway Availability: Fabric, Failover, Replication, and Load balancing SQL SQL SQL SQL SQLSQL Gateway: TDS protocol gateway, enforces AUTHN/AUTHZ policy; proxy to backend SQL
  • 30. 2013 © Trivadis Database Replicas 12.06.2014 Advanced Topics 36 Replica 1 Replica 2 Replica 3 DB Replica 4
  • 31. 2013 © Trivadis Provisioning 12.06.2014 Advanced Topics 37  Each account has zero or more logical servers  Provisioned via a common portal  Establishes a billing instrument  Each logical server has one or more databases  Contains metadata about database & usage  Unit of authentication, geo-location, billing, reporting  Generated DNS-based name  Each database has standard SQL objects  Users, Tables, Views, Indices, etc  Unit of consistency Account Server Database
  • 32. 2013 © Trivadis 05.06.2014 Advanced Topics 38 Demo SQL Database
  • 33. 2013 © Trivadis SQL Database Management  Microsoft Azure Management Portal  Create and Delete Servers and Databases  Create Credentials  Configure Firewall settings  Maintain databases  Using Master Database  System Procedures for maintaining database  Show data usage -> billing information  Create / Delete Databases 12.06.2014 Advanced Topics 39
  • 34. 2013 © Trivadis Security  Network Access Control  Server is firewall protected (default no access)  Configure using special SP sys.firewall_rule…..  Authentication and Authorisation  SQL Authentication (Username,Password)  Authorisation identical to SQL Server (Roles)  Admin Roles have special privileges - Create / Drop Database - Manage Logins - Change Firewall Rules 12.06.2014 Advanced Topics 40
  • 35. 2013 © Trivadis SQL Database Limitations  Security  SSPI authentication is not supported  No database encryption  Certain users are disallowed (sa, admin, administrator, guest, root)  It isn’t possible to define another listening port rather 1433  Backups  Backup and restore operations are not available - Use Import/Export - Database clones are possible using create database statement  Objects  CLR. The .NET CLR isn’t available in SQL Azure  Tables need Clustered Index 12.06.2014 Advanced Topics 41
  • 36. 2013 © Trivadis SQL Database Limitations  Miscellaneous  No distributed transactions  Database size limited to chosen subscription (max 500GB)  No Service Broker  No SQL Agent  No Database file placement  Reduced subset of system schema objects 12.06.2014 Advanced Topics 42
  • 37. 2013 © Trivadis Data Migration  Existing SQL Server databases cannot be restored or attached to SQL Database  Data migration is a manual task using tools  Generate SQL Scripts  SQL Server Integration Service SSIS  BCP utility  BACPAC Export to Blob 12.06.2014 Advanced Topics 43
  • 38. 2013 © Trivadis Database Backup  Database Copy  Allows you to create a single copy of a source database using the AS COPY OF argument to the CREATE DATABASE statement:  Copy process is background task. Query DMV sys.dm_database_copies  SQL Data Sync  Synchronize on-premise / cloud  Manual  To Blob Storage  Import / Export (bacpac)  Bacpac (schema and data)  Dacpac (schema only) 12.06.2014 Advanced Topics 44
  • 39. 2013 © Trivadis BASEL BERN LAUSANNE ZÜRICH DÜSSELDORF FRANKFURT A.M. FREIBURG I.BR. HAMBURG MÜNCHEN STUTTGART WIEN Thank You Q & A 12.06.2014 Advanced Topics 45