dev371 architecting scalable, secure, reliable applications: a case study geralyn miller technical...
TRANSCRIPT
Dev371
Architecting Scalable, Secure, Reliable Applications: a Case StudyGeralyn MillerTechnical EvangelistMicrosoft
Marc KupersteinConsultant
Agenda
Overview
Architecture walkthrough
Demo
Best Practices
Code walkthrough
Summary
Questions and answers
SafeUSA
A nationwide community alert systemLaw Enforcement/Authorities Initiate and Receive Alerts
Public can only receive alerts
Built completely on .NET Technologies
Multi-company collaborative effortMicrosoft, Unisys, SocialTech, United Way of America
Design Goals
Law enforcement and community alerts
25,000 law enforcement workstations
100M entries in electronic address book
24 x 7 availability
Goal of 99.999+% in hosted scenario
Trustworthy computing environment
Technical Overview
Law enforcement work station Windows XP, .NET Framework, MSDE
Image acquisition HW-SW
Server InfrastructureWindows Server 2003, SQL Server 2000, .NET Framework
Unisys ES7000 32-way servers, Slot Appliances
Technical Overview
Public portalInternet Information Server 6.0, ASP .NET
Passport-enabled
XML Web servicesProvider / consumer
Interop into other systems
MapPoint .NET
System Design
Hub instancesHub instances
.NET Remoting.NET Remoting
..NET RemotingNET Remoting
Server instancesServer instances
WorkstationWorkstationapplicationsapplications
ManagementManagementWeb siteWeb site Public Web sitePublic Web site
BrowserBrowser
HTTPSHTTPS HTTPHTTP
MapPointMapPoint .NET.NET
SOAPSOAP
XML WebXML Webservices layerservices layer
Other Other applicationsapplications
SOAPSOAP
Deployment Scenarios
Intranet
Workstation
Workstation Browser
SafeUSA Hosted Server Deployment
USA0911 Governmentand Routing ServerSafeUSA Server
LEA/Govt. Edition
USA0911 Public ServerSafeUSA ServerPublic Edition
SafeUSA Data Center
InternetSafeUSA Server
LEA/Govt. Edition
Workstation
WorkstationBrowser Browser
BrowserBrowser
Public
Terminal ServerSafeUSATerminal Sever
Terminal ServerClient
Terminal ServerClient
Terminal Server Scenario
LEA Self-hosted Deployment
Workstation/Hub Design
Service coreService core
Server message handlerServer message handler
Workstation applicationWorkstation application Tooltray applicationTooltray application
Workstation message handlerWorkstation message handler
.Net remoting.Net remoting
..Net remotingNet remoting
ServerServer
HubHub
Server Design
Link to e-mail hosts -
HotMail,AOL etc.
Users/Addresses/
Subscriptions
Bulletins/Recipient
Lists
ClientInterface
AddressResolvers
Dispatchers
ClientDistribution
ServerDistribution
AddressManagement
Interface
Linkfrom
otherservers
FAXDistribution
E-MailDistribution
Link toother
servers
Link toAT&T FaxBroadcast
System
Link to e-mail hosts -
HotMail,AOL etc.
Users/Addresses/
Subscriptions
Bulletins/Recipient
Lists
ClientInterface
AddressResolvers
Dispatchers
ClientDistribution
ServerDistribution
AddressManagement
Interface
Linkfrom
otherservers
FAXDistribution
E-MailDistribution
Link toother
servers
Link toAT&T FaxBroadcast
System
What’s Important?Scalability
Many simultaneous small-scale alertsOccasional large-scale alerts
SecurityData quality, protection, privacyUser-level access control
ReliabilitySystemsNetworkDenial-of-service attacks
PerformanceNear real-time delivery of alerts
ScalabilityPlatform
ServerWindows Server 2003
.NET Framework 1.1
Unisys ES7000
SQL Server 2000, MSDE
DIBDIBI/OI/O DIBDIBI/OI/O
Server Hardware
CPUCPU
CPUCPU
CPUCPU
CPUCPU
TLCTLC
CPUCPUCPUCPU
CPUCPUCPUCPU
TLCTLC
Crossbar Crossbar Intra-connectIntra-connect
MSUMSU MSUMSUMSUMSU MSUMSU
CPUCPUCPUCPU CPUCPUCPUCPU
Crossbar Crossbar Intra-connectIntra-connect
CPUCPUCPUCPU CPUCPUCPUCPU
TLCTLC TLCTLC
DIBDIBI/OI/ODIBDIBI/OI/O
CPUCPUCPUCPU CPUCPU
Crossbar Crossbar Intra-connectIntra-connect
CPUCPUCPUCPU CPUCPU
CPUCPU
CPUCPU
TLCTLC TLCTLC
DIBDIBI/OI/ODIBDIBI/OI/O
CPUCPUCPUCPU CPUCPUCPUCPU
Crossbar Crossbar Intra-connectIntra-connect
TLCTLC TLCTLC
CPUCPU
CPUCPU
CPUCPU
CPUCPU
CPUCPU
CPUCPU
CPUCPU
CPUCPU
DIBDIBI/OI/ODIBDIBI/OI/O
25.6 25.6 GByte/secGByte/sec
16.8 16.8 GByte/SeGByte/Se
cc
12.8 12.8 GByte/SeGByte/Se
cc
ES7000ES7000
ScalabilityDesign
“Front-end/Back-end” modelServer/Hub .NET Remoting
Server activated objectsClass Factory design pattern
DataPartitioned storeLocalized data ownershipMinimal updates to global dataNo “false sharing” (temporal data locality)
ScalabilityImplementation
ThreadingMinimized synchronization between threads ( no “Bucket Brigade” processing)Used permanent threads or thread poolsMinimized number and size of critical regions
Data accessDedicated connection per threadUsed connection pooling
Heap usageFew, large, long-lived items rather than many, small, volatile items
Security
PKI for both Server and Workstation
.NET Remoting endpoints provide centralized access to server and database
Messages in local/server database are encrypted
Laptop scenarios
Outbound e-mail traffic digitally signed
Outbound fax traffic stamped for verification
SecurityUser authentication
Each user has his/her own identity User authenticates thru the hub to the serverIntegrated with Windows security where possible (and desirable)Authentication ultimately the responsibility of the server
Security Authentication
Handshake protocol for authentication between workstation and server
Verification of identity
Verification of code
Establishes session key for encryption of message traffic
Session key has expiration
All traffic is signed and encrypted
Authentication ProcessHelloReq( ConversationID, MyID )[Signed PrivKey, Encrypt PublicKey]HelloRsp( ConversationID, MyID )[Signed PrivKey, Encrypt PublicKey]
VerifyReq( ConversationID, MyID )VerifyRsp( ConversationID, MyID )
MessageReq( ConversationID, MyID )MessageRsp( ConversationID, MyID )
Single ChannelClient
Multi ChannelServer
SecurityData protection
Separate encryption key is used for data protection on the workstationEncryption key is escrowedOnly access to SQL is through stored proceduresApplication code resides on same server as SQL Server (networking disabled)
ReliabilityPlatform
Unisys Unisys ES7000ES7000
EMC EMC SymmetrixSymmetrix
Up to 200kmUp to 200km
Windows Server 2003
.NET Framework 1.1
Microsoft Cluster Services
Unisys Cluster Application Defender
GeoSpan
ReliabilityDesign
No single point-of-failure
Physical isolation
Automated, predicted failover
Fault prevention - verify all input before processing
Fault isolation - “Front-end/back-end” threads
Fault monitoring - reduce MTTR
ReliabilityImplementation
Fault mitigationTransacted operations
Try/catch blocks
MaintainabilityWMI
Enterprise Instrumentation Framework
PerformanceImplementation: Threading Model
Workstation UILong running tasks (initialization)User interactions (keyboard, mouse, etc.).NET RemotingEvent model
Hub/ServerWindows Service.NET RemotingData access (store and forward)
Summary
Scalability, reliability, security are functions ofPlatform
Design
Implementation
SafeUSA demonstrates that .NET Framework can be used to create mission critical applications that are scalable, reliable, secure, performant
Resources
See SafeUSA technical case study on http://www.microsoft.comBusiness contact
Todd Bower, CEO, SocialTech ([email protected])
Technical contactsGeralyn Miller ([email protected])Brian Pattinson ([email protected])Marc Kuperstein([email protected])
Community Resources
Community Resourceshttp://www.microsoft.com/communities/default.mspx
Most Valuable Professional (MVP)http://www.mvp.support.microsoft.com/
NewsgroupsConverse online with Microsoft Newsgroups, including Worldwidehttp://www.microsoft.com/communities/newsgroups/default.mspx
User GroupsMeet and learn with your peershttp://www.microsoft.com/communities/usergroups/default.mspx
Community Resources
Community Resourceshttp://www.microsoft.com/communities/default.mspx
Most Valuable Professional (MVP)http://www.mvp.support.microsoft.com/
NewsgroupsConverse online with Microsoft Newsgroups, including Worldwidehttp://www.microsoft.com/communities/newsgroups/default.mspx
User GroupsMeet and learn with your peershttp://www.microsoft.com/communities/usergroups/default.mspx
© 2003 Microsoft Corporation. All rights reserved.© 2003 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.