-
1.
Brewing Beer
with Windows Azure
Maarten Balliauw
@maartenballiauw
-
2.
Who am I?
Maarten Balliauw
Technical Evangelist, JetBrains
AZUG
Focus on web
ASP.NET MVC, Windows Azure, SignalR, ...
MVP Windows Azure & ASPInsider
http://blog.maartenballiauw.be
@maartenballiauw
Shameless self promotion: Pro NuGet -
http://amzn.to/pronuget
http://www.myget.org
-
3.
Setting expectations
-
4.
Agenda
Brewing beer
BrewBuddy
Windows Azure Websites
Service Bus & Access Control Service (ACS)
We need an API
Q&A
-
5.
Brewing Beer
Turn water into beer
-
6.
How it started…
-
7.
How it started…
MVP Summit 2011
Wade Wegner talks about his homebrewing hobby
MVP Summit 2012
Wade Wegner talks about his homebrewing hobby
Let’s do it!
-
8.
The process
Get your kettle clean
Add & boil ingredients
Pour in kettle
Add yeast
Rinse
-
9.
Brewing = cleaning!
-
10.
The process
Wait for fermentation to complete
-
11.
The process
Pour into another kettle
Rinse
Wait another week
Bottling time!
-
12.
Difficult part…
Wait at least 6 weeks
for it to age
-
13.
Maarten…
What does this have
to do with Windows Azure?
-
14.
BrewBuddy.net
Social brewing!
-
15.
BrewBuddy
View public recipes
Manage your own recipes
Manage your own brews
Monitor brew fermentation
-
16.
demo
BrewBuddy
Social brewing at a glance
-
17.
Architecture
Public website
Windows Azure Web Sites
Database
SQL Azure database
Sensor data processing
Windows Azure Worker Role
Sensor data
Service Bus topic
Sensor
Whatever…
-
18.
Windows Azure
Web Sites
Scale fast, fail fast
-
19.
Windows Azure Web Sites
Build with ASP.NET, Node.js or PHP
Deploy in seconds with FTP, Git or TFS
Start for free, scale up as your traffic
grows
-
20.
1
SHARED INSTANCES
shared
Windows Azure Web Sites
-
21.
2
SHARED INSTANCES
shared
Windows Azure Web Sites
-
22.
SHARED INSTANCES
1
RESERVED INSTANCE
0reserved
Windows Azure Web Sites
-
23.
2
RESERVED INSTANCERESERVED INSTANCE
reserved
Windows Azure Web Sites
-
24.
2
RESERVED INSTANCE RESERVED INSTANCE
reserved
Windows Azure Web Sites
-
25.
A perfect ramp-up!
Start small
Web Sites are cheap
Start free
Scale from 1 shared instance…
…up to 10 reserved instances!
Grow big!
Hosted Service – PaaS
Scale at will
-
26.
demo
Windows Azure
Web Sites
Creating a new web site in seconds
-
27.
Service Bus &
Access Control Service
Connecting sensors
-
28.
Windows Azure Service Bus
2 features
Relay
Queues, Topics, Subscriptions
-
29.
Windows Azure Service Bus Relay
Client
relay
-
30.
Topics and subscriptions
Sensor
-
31.
Characteristics
Workers can scale independently
Workers can fail independently
Sensors connect to service bus directly
No layer in between
Cheaper
-
32.
What about authN / authZ?
Access Control Service to the rescue!
SB authenticates clients over ACS
ACS provides “Send” claim to sensor
Claims can be granted/revoked easily
-
33.
demo
Access Control
Service
Claims for authZ on Service Bus
-
34.
Public website
Windows Azure Web Sites
Database
SQL Azure database
Sensor data processing
Windows Azure Worker Role
Sensor management
Access Control Service
Sensor data
Service Bus topic
Sensor
Whatever…
Architecture
-
35.
How do you link a sensor?
Every sensor has its sensor ID
Add it as an identity to ACS
Grant a “Send” claim
-
36.
demo
Linking a sensor
to a brew
Registering a sensor with Access Control Service
-
37.
We need an API
-
38.
Consuming the web
2000-2008: Desktop browser
2008-2012: Mobile browser
2008-2012: iPhone and Android apps
2010-2014: Tablets, tablets, tablets
2014-2016: Your fridge (Internet of Things)
-
39.
Twitter & Facebook
By show of hands
-
40.
Make everyone API
(as the French say)
-
41.
What is an API?
Software-to-Software interface
Contract between software and developers
Functionalities, constraints (technical / legal) Programming instructions and
standards
Open services to other software developers (public or private)
-
42.
Expose services to 3rd parties
Valuable
Flexible
Managed
Supported
Have a plan
-
43.
Reach More Clients
-
44.
ASP.NET Web API
Part of ASP.NET MVC 4
Framework to build HTTP Services (REST)
Solid features
Modern HTTP programming model
Content negotiation (e.g. Xml, json, ...)
Query composition (OData query support)
Model binding and validation (conversion to .NET objects)
Routes
Filters (e.g. Validation, exception handling, ...)
And more!
-
45.
demo
Be detailed!Think about RFC 2324 (HTCPCP)
-
46.
demo
ASP.NET Web API
Let’s craft a quick API
-
47.
A lot of public API’s…
“your API consumer isn’t really your user,
but an application acting on behalf of a user”
(or: API consumer != user)
-
48.
So they do this!
-
49.
In our own API, authN / authZ
API access using OAuth2
Access Control Service to the rescue!
Client authorized in BrewBuddy.net
Access/refresh tokens through ACS
-
50.
What about authN / authZ?
Access Control Service
Access/Refresh Token
API Consumer
client_id and client_secret
BrewBuddy.net
Initial authorization (yes/no)
API implementation
authorize
register delegationaccess/refresh token
access API
-
51.
demo
Access Control
Service for API’s
OAuth2 delegation
Install-Package WindowsAzure.Acs.Oauth2 -IncludePrerelease
-
52.
Takeaways
-
53.
Keep in mind…
Web Sites start cheap / scale fast
Combine/grow at will (IaaS, PaaS, SaaS)
Service bus for asynchrony and scale
Access Control for devices
Web API & Access Control
-
54.
Thank you!
http://blog.maartenballiauw.
be
@maartenballiauw
http://amzn.to/pronuget
Maarten
Don’t show everythingyet. Just log in, show themaround the recipes, brewsand public recipes. Feel free to show the monitoring but no needto display the linking of sensors.
Show Windows Azure Web SitesShow scaling / reservedinstances
Show peoplearound the ACS porta. Show identities, claims andrulegroups.
Link a sensor to a brew. Show the effect on ACS. Show the code.
A couple of years ago, having a web-based application was enough. Users would navigate to it using their computer’s browser, do their dance and log out again. Nowadays, a web-based application isn’t enough anymore. People have smartphones, tablets and maybe even a refrigerator with Internet access on which applications can run. Applications or “apps”. We’re moving from the web towards apps.
A great example of an API is Twitter. They have a massive data store containing tweets and data related to that. They have user profiles. And a web site. And an API. Are you using www.twitter.com to post tweets? I am using the website, maybe once a year. All other tweets come either from my Windows Phone 7’s Twitter application or through www.hootsuite.com, a third-party Twitter client which provides added value in the form of statistics and scheduling. Both the app on my phone as well as the third-party service are using the Twitter API. By exposing an API, Twitter has created a rich ecosystem which drives their real value: data.
If you want to expose your data and services to external third-parties, you may want to think about building an API. Having an API gives you a giant advantage on the Internet nowadays. Having an API will allow your web application to reach more users. App developers will jump onto your API and build their app around it. Other websites or apps will integrate with your services by consuming your API. The only thing you have to do is expose a valuable, managed and supported API and get people to know it. Apps will come. Integration will come.
The mainidea of API’s is tobroadenyourreach. Youcan’tcreateappsthatcanbeused on every fridge out there, it’s way toocostly. But ifyou have a valuable service which is supported, peoplewillbuildappsaround it. Andifitmakes sense toanyonetocreate a fridge app on top of your API, itwill happen.
Be detailed! Usegood status code responses. 201 CREATED is probablybetterthanjust 200 OK whencreating a new entity.+ demo Fiddleragainst HTCPCP deployment out there
Link a sensor to a brew. Show the effect on ACS. Show the code.
I want you to remember one sentence: “your API user isn’t really your user, but an application acting on behalf of a user”. It has implications. It means you are “delegating” access to an API to a consuming application.
As anexample, take lanyrd.com. They keep track of conferences you’llbespeaking at and conferences thepeopleyou follow on Twitter are speaking at. To get that data, theyneed access to the list of peopleyou follow on Twitter. Here’swhathappens:You want to log in on Lanyrd, theyredirectyoutoTwitter’s login page. Notice the token in the address bar: itidentifies the callingapplicationtoTwitter.You log in on Twitterandgive consent with a limited scope: Lanyrdwillbeabletoseeyourtimelineand get the list of peopleyou follow. The scope is limitedtothat: Lanyrdcan’ttweet on mybehalf. Theycan’tfavoritetweets. Or sendmessages. Or do anythingelse.Twitterredirects me back toLanyrd, posting back a “refresh” tokenWhatyoudon’tsee:Lanyrdusesthat token torequestan “access token” fromTwitter.Twitter checks the validity of the incoming token and checks the origin, to make sure no otherapplication but Lanyrdcomes in withthat token.Whenvalid, Twitter returns an access token toLanyrd, containing:An access keyA new refresh tokenThe allowed scopeValiditydurationA signature- When the token expires, Lanyrduses the new refresh token to go throughthisprocessagain.
Show peoplearound the ACS porta. Show identities, claims andrulegroups.