christian weyer christian.weyer@thinktecture.com thinktecture

In the CloudConnect Your Services with the Internet Service Bus

Christian Weyerchristian.weyer@thinktecture.comthinktecture

Our Way Through The Sky

Introduction & Motivation for ISBExtending a simple WCF serviceIdentity, Authentication, AuthorizationApplication ScenariosMessaging Options Summary

2

S+S

Service Delivery

SaaS

Service Composition

SOA

Service Experience

Web 2.0

Service ……

Services

Software+

Internet Service Bus – Why Again?

Software+Services seems to me like „SOA done the right way“, franklyIncreasing need to build and enable composite applications in a service-oriented mannerSome solutions look for easy connectivityProvide value add with advanced messaging optionsStrong focus on identity, authentication and authorization required4

Imagine…

5

Bond Price

Form

at A

Form

at B

Ente

rpri

se X

Imagine again…

6

Bond Price Trade

Form

at A

Form

at B

Form

at C

Ente

rpri

se X

Still imagine…

7

Bond Price Trade

Form

at A

Form

at B

Form

at C

Ente

rpri

se X

Enterprise Service Bus Pattern

8

Form

at A

Form

at B

Form

at C

XML XML XML

Enterprise Service Bus

Ente

rpri

se X

Bond Price Trade

And now imagine…

9

Ente

rpri

se X Fo

rmat

A

Form

at B

Form

at C

BOND PRICE TRADE

XML XML XML

Internet Service Bus

Microsoft “Biztalk Services”

Can you still imagine…?

10Application 1 Application 2

Form

at A

Form

at B

XML XML

Internet Service Bus

Microsoft “Biztalk Services”

Bank

A

Bank

A

Finally, imagine…

11Application 1 Application 2

Form

at A

Form

at B

XML XML

Internet Service Bus

Microsoft “Biztalk Services”

Market Data

Publish

SubscribeSubscribe

XML

Bank

A

It looks reasonable, doesn‘t it?

12Application 1 Application 2

Form

at A

Form

at B

XML XML

Internet Service Bus

Microsoft “Biztalk Services”

Market Data

Publish

SubscribeSubscribe

XML

Subscribe

Publish

Possible ISB Usage Scenarios

Syndication

Peer-To-Peer

Callbacks, Notifications

Multicasting, Pub/Sub

Remote Control

Prototyping, Testing

13

C I

AC

on

fidenti

alit

y, In

tegri

ty, A

uth

en

tici

ty

„Biztalk Services“ Demystified

Codename „Biztalk Services“ is the current incarnation of the ISBProvides several services in the cloud, currently

Identity Management, STSConnectivity, RelayingWorkflow (just not yet)

Enter the ISB at http://labs.biztalk.net/Developers (and architects) can grab an SDK

WCF-based, leveraging standardsCustom bindings and behaviors

14

ServiceClient

RelayedConnection

Connect Open

Authenticate

Authenticate

1

3

24

Identity Service

Connectivity Service

Trust

“Biztalk Services”

Relay Binding

15

DirectConnection(optional)

5

6

RelayBinding In Code

ITokenProvider tokenProvider = new CardSpaceTokenProvider();

ServiceEndpoint ehep = echoHost.AddServiceEndpoint( typeof(IEcho), new RelayBinding( RelayConnectionMode.RelayedDuplex), "sb://connect.biztalk.net/ services/thinktecture/Echo");

ehep.Behaviors.Add(tokenProvider);

RelayBinding In Config

<endpoint address="sb://connect.biztalk.net/ services/thinktecture/Echo" contract="IEcho" binding="relayBinding" bindingConfiguration="myRelay" />…<bindings> <relayBinding> <binding name="myRelay" connectionMode="RelayedDuplex" /> </relayBinding></bindings>

Security Risk Model

Frankly, in some big shops the relay binding is to date a reason to get fired

There is a reason for the DMZ

You expose your very own machine to the outsideCustomers need to be aware of this different security risk model

Integrate risk model into analysis phase

IMO, we will need guidance and tools to properly set up and configure networks for working with the relay

Maybe also leverage different technologies, like Teredo or UPnP

18

Identity & Claims-Based Acess Rules

Authentication through username/password or information card„Biztalk Services“ implements a Secure Token Service (STS) based on WS-Trust specification

Feel the future of ADAuthorization based on powerful & flexible claims-based model

Configure through web frontendConfigure through API in SDK

19

Relay & Identity Message Interaction

20

Identity

Relay

ServiceClien

t

GetToken()GetToken()

Connecthttp://relay.biztalk.net/services/tt/

Relay cert registered w/STS

Openhttp://relay.biztalk.net/services/tt/

Scenario I

Duplex Communication & Notifications

ProblemConsumers want to be notified of new dataNo polling, but rather proactive push messaging desiredNATs and firewalls in the way (by design )

SolutionExpose duplex contract through relay bindingService can publish new data through the ISB‘s addressISB securely dispatches messages appropriately to the callback endpoints

21

Scenario II

Multicasting

ProblemMultiple (n) receivers want to receive messagesSender(s) does not want to send n messages and maintain list of receiversNATs and firewalls in the way (by design)

SolutionLet the ISB do the maintenance of receivers Sender send one message to the ISB – the ISB send n messages to n receivers

22

Biztalk Services

(Cloud)

………

Send:sb://.../traffic

Listen:sb://.../traffic

Listen:sb://.../traffic

Multicasting

23

Scenario III

Multicast Publish & Subscribe

ProblemWe have m publishers and n subscribersNeed for infrastructure to handle these message exchangesSimilar to pure multicasting scenarioNATs and firewalls in the way (by design)

Solutionm publishers send to multicast address at ISBn subscribers listen to mulitcast address at ISBISB does the hard work of correlation and dispatching

24

Where Are We? Where Is The ISB?

„Biztalk Services“ is an incubation project

There will be a V1 of the ISB…Of course, there are still missing parts today, e.g.:

Store and forwardBroader platforms supportReally federated identity

I am sure we will see improved feature support in upcoming releases

Keep track and watch http://labs.biztalk.net/25

Summary

Leveraging the cloud for composite applications can be a winner

Powerful messaging optionsEnabling otherwise-hard-to-realize scenarios

Internet Service Bus can handle connectivity, authentication, authorization, messaging and other connected systems aspectsThink about security risk model„Biztalk Services“ incubation project shows the path to a real ISB – with a real name 26

Resources

Email Christian Weyerchristian.weyer@thinktecture.com

Weblog Christian Weyerhttp://blogs.thinktecture.com/cweyer

thinktecturehttp://www.thinktecture.com

27

© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after

the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.