1 / 49

c loud guidance

c loud guidance. j ohn devadoss p roduct unit manager, patterns & practices johnd@microsoft.com DPR 202. Agenda. Why care. How to think about and exploit the Windows Azure Platform. Real-world walk-through/demo. Step 1 - Unlocking the Cloud. Discussion. Pop Quiz.

denna
Download Presentation

c loud guidance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. cloud guidance john devadoss product unit manager, patterns & practices johnd@microsoft.com DPR 202

  2. Agenda • Why care • How to think about and exploit the Windows Azure Platform • Real-world walk-through/demo • Step 1 - Unlocking the Cloud • Discussion

  3. Pop Quiz “You can have any color Model T so long as it's black.”

  4. You can have any colour Model T so long as it's black.

  5. The model of “one size fits all” is now seen by most IT organizations as being flawed.

  6. Trade-offs “Packaged” Application An application that I buy “off the shelf” and run myself. Hosted “Packaged” An application that I buy “off the shelf” and then run at a hoster. “Software as a Service” A hosted application that I buy from a provider. Buy Build vs. Buy Self Hosted “Home Built” An application that I develop and run myself. Hosted “Home Built” An application that I develop myself, but run at a hoster. Cloud Platform An application that I develop myself, but run in the cloud. Build On premises vs. Cloud Cloud On premises

  7. Windows Azure Platform

  8. Windows Azure PlatformAn illustration .NET Services SQL Azure Applications Windows Azure Applications Windows Server Windows Vista/XP Windows Mobile Others

  9. Windows Azure

  10. Windows Azure Basics • The goal of Windows Azure is to provide a platform that is scalable and available • Windows Azure can run various kinds of Windows applications: • .NET applications • Unmanaged code • PHP • . . .

  11. Windows AzureWindows in the cloud Application Compute Storage Fabric Config .NET Services SQL Azure Applications Windows Azure Applications Windows Server Windows Vista/XP Windows Mobile Others

  12. Windows Azure Compute Service A closer look VMs VMs main() { … } ASP.NET, WCF etc. HTTP IIS Load Balancer Agent Agent Windows Azure Fabric Application Storage Compute Fabric …

  13. Windows Azure Compute ServicePoints of interest • The VMs are provided by a cloud-optimized hypervisor • For developers: • Applications see a 64-bit Windows Server 2008 interface • A few things require accessing the Windows Azure Agent, e.g., logging • A desktop facsimile of Windows Azure in the cloud is provided for development

  14. Windows Azure Storage ServiceA closer look HTTP/ HTTPS Blobs Tables Queues Application Storage Compute Fabric …

  15. Windows Azure StoragePoints of interest • Storage types: • Blobs: a simple hierarchy of binary data • Tables: entity storage (not relational tables) • Queues: allow communication among web and worker role instances • Access: • Data is exposed via a RESTful interface • Data can be accessed by: • Windows Azure applications • Other on-premises or cloud applications

  16. Windows Azure StorageA closer look at tables . . . Table Table Table Entity Entity Entity . . . Property Property Property . . . Name Type Value

  17. Windows Azure StorageTables: Challenges • Access via REST • You can’t use ordinary ADO.NET • No SQL • No real joins, aggregates, etc. • An unfamiliar hierarchical structure • You can’t easily move relational data to it • Supporting services are scarce, e.g., reporting • No schema

  18. Windows Azure StorageTables: Strengths • Massive scalability • By effectively allowing scale-out data • Applied to the right problem, Windows Azure Tables are a beautiful thing

  19. Using QueuesThe suggested application model 1) Receive work Web Role Instance Worker Role Instance 4) Do work 3) Dequeue message 2) Enqueue message 5) Delete message Queue

  20. Guidance on Using Windows Azure

  21. Using Windows AzureSome examples • A start-up might create a new Web application on Windows Azure • They can fail fast or scale fast • An ISV might create a SaaS version of an existing .NET application on Windows Azure • It’s .NET, so porting the code is doable • An enterprise might build a new application on Windows Azure • It’s .NET, so developers are plentiful

  22. SQL Azure

  23. SQL AzureData services in the cloud SQL Azure Others (Future) .NET Services SQL Azure Applications Windows Azure Applications Windows Server Windows Vista/XP Windows Mobile Others

  24. SQL Azure • Today: • SQL Azure • Formerly known as SQL Server Data Services (SSDS) • In the future: • Reporting • Analysis • Extract/Transform/Load (ETL) services • More

  25. SQL AzureAn illustration Database TDS Database Database SQL Azure Others (Future)

  26. Guidance on Using SQL Azure

  27. Using SQL AzureSome examples • A Windows Azure application might use SQL Azure for its data • A departmental app could use SQL Azure rather than a local database • For better reliability and availability • An organization might make data available to both in-house and partner apps through SQL Azure • Such as a company with a far-flung dealer network

  28. .NET Services

  29. .NET ServicesInfrastructure in the cloud Access Control Service Bus .NET Services SQL Azure Applications ? Windows Azure Applications Windows Server Windows Vista/XP Windows Mobile Others

  30. The Access Control Service • The problem: • Different organizations identify users with tokens containing different claims • Applications can be faced with a confusing mess • The solution: • The Access Control Service implements a security token service (STS) in the cloud • It accepts one token and issues another • The claims in the outgoing token can differ from those in the incoming token • An administrator can define rules for how this claims transformation is done

  31. Service Bus • The problem: Exposing internal applications on the Internet isn’t easy • Network address translation (NAT) and firewalls get in the way • The solution: • Service Bus provides a cloud-based intermediary between clients and internal applications • It also provides a service registry that clients can use to find the services they need

  32. Service Bus Service Bus 2) Discover endpoints Registry 1) Register endpoints 3) Access application Endpoints Application Application Organization X Organization Y Access Control Service Bus

  33. Guidance on Using .NET Services

  34. Using .NET ServicesSome examples • An app that’s accessed over the Internet from different organizations might rely on Access Control to rationalize the identity information it receives • And to do access control • An enterprise might expose an internal application to its trading partners via Service Bus

  35. Pop Quiz Note: this is a bit of a trick question, and it has to do with security…. What are the first two questions an application has to answer?

  36. In A Nutshell What can they do? Who is the caller? Your Application Your Customers Service Bus <Any ID Provider> Live ID Users .NET Access Control Service Account Web UI Workflow Service XYZ Domain Users SQL Data Service

  37. Step 1. Unlocking the CloudAuthentication and Authorization

  38. Glaxo Smith Kline – “BigPharma”

  39. A day in the life… • John is a scientist doing research @ BigPharma • Has an idea… • Needs a new Biological Reagent… • Options: • Search the web • Multiple sources • Different formats • Security constraints • Call colleagues to see if they have it • Expensive • Go to the Lab and create it • 2 -3 months • Expensive

  40. Cloud-Catalog BigPharma Reagent DB Litware Reagent DB PharmaX Reagent DB Access Control & Security Uploads Updates Queries Uploads Updates Queries Queries Queries Firewall Firewall Firewall Firewall PharmaX China Subsidiary

  41. Key requirements • De-centralized management • Access Control • (Very) fine grained Access Control • Org  Row  Field • X-Org • Leveraging existing Identity and AuthZ infrastructure • Geo-distributed information • Flexible data schema • Interoperability through standards

  42. demo a working prototype Provisioning Using the catalog

  43. Key requirements – recap • De-centralized management • Self-provisioning • Multi-tenant architecture (extensibility, customization, etc) • Access Control • (Very) fine grained Access Control • Org  Row  Field • Cross-Organization • Leveraging existing Identity and AuthZ infrastructure • SSO • Flexible data schema • Interoperability through standards: • WS-* WS-Federation, WS-Trust, SAML • Geo-distributed information

  44. Identity & Access ControlFederation & Claims 3 2 IP-STS 1 STS

  45. An event analogy TechEd Operations TechEd Speaker Room Speaker TechEd Sessions Attendee TechEd Party Staff

  46. Identity & Access ControlFederation & Claims Windows Identity Foundation ADFS

  47. demo a working prototype More on Access Control

  48. Takeaways • Cloud computing is here • patterns & practices is building guidance • Claims-based Authentication and Authorization • ‘Cloudlib’ • A new world is unfolding • Prepare to be part of it

  49. Agenda • Why care • How to think about and exploit the Windows Azure Platform • Real-world walk-through/demo • Step 1 - Unlocking the Cloud • Discussion

More Related