Dev371

Architecting Scalable, Secure, Reliable Applications: a Case StudyGeralyn MillerTechnical EvangelistMicrosoft

Marc KupersteinConsultant

Agenda

Overview

Architecture walkthrough

Demo

Best Practices

Code walkthrough

Summary

Questions and answers

SafeUSA

A nationwide community alert systemLaw Enforcement/Authorities Initiate and Receive Alerts

Public can only receive alerts

Built completely on .NET Technologies

Multi-company collaborative effortMicrosoft, Unisys, SocialTech, United Way of America

videovideo

Visual Studio .NET Case Study: SocialTech, Inc.

Design Goals

Law enforcement and community alerts

25,000 law enforcement workstations

100M entries in electronic address book

24 x 7 availability

Goal of 99.999+% in hosted scenario

Trustworthy computing environment

Technical Overview

Law enforcement work station Windows XP, .NET Framework, MSDE

Image acquisition HW-SW

Server InfrastructureWindows Server 2003, SQL Server 2000, .NET Framework

Unisys ES7000 32-way servers, Slot Appliances

Technical Overview

Public portalInternet Information Server 6.0, ASP .NET

Passport-enabled

XML Web servicesProvider / consumer

Interop into other systems

MapPoint .NET

SafeUSA Demo

Geralyn Miller

Technical Evangelist

Microsoft

demodemo

System Design

Hub instancesHub instances

.NET Remoting.NET Remoting

..NET RemotingNET Remoting

Server instancesServer instances

WorkstationWorkstationapplicationsapplications

ManagementManagementWeb siteWeb site Public Web sitePublic Web site

BrowserBrowser

HTTPSHTTPS HTTPHTTP

MapPointMapPoint .NET.NET

SOAPSOAP

XML WebXML Webservices layerservices layer

Other Other applicationsapplications

SOAPSOAP

Deployment Scenarios

Intranet

Workstation

Workstation Browser

SafeUSA Hosted Server Deployment

USA0911 Governmentand Routing ServerSafeUSA Server

LEA/Govt. Edition

USA0911 Public ServerSafeUSA ServerPublic Edition

SafeUSA Data Center

InternetSafeUSA Server

LEA/Govt. Edition

Workstation

WorkstationBrowser Browser

BrowserBrowser

Public

Terminal ServerSafeUSATerminal Sever

Terminal ServerClient

Terminal ServerClient

Terminal Server Scenario

LEA Self-hosted Deployment

Workstation/Hub Design

Service coreService core

Server message handlerServer message handler

Workstation applicationWorkstation application Tooltray applicationTooltray application

Workstation message handlerWorkstation message handler

.Net remoting.Net remoting

..Net remotingNet remoting

ServerServer

HubHub

Server Design

Link to e-mail hosts -

HotMail,AOL etc.

Users/Addresses/

Subscriptions

Bulletins/Recipient

Lists

ClientInterface

AddressResolvers

Dispatchers

ClientDistribution

ServerDistribution

AddressManagement

Interface

Linkfrom

otherservers

FAXDistribution

E-MailDistribution

Link toother

servers

Link toAT&T FaxBroadcast

System

Link to e-mail hosts -

HotMail,AOL etc.

Users/Addresses/

Subscriptions

Bulletins/Recipient

Lists

ClientInterface

AddressResolvers

Dispatchers

ClientDistribution

ServerDistribution

AddressManagement

Interface

Linkfrom

otherservers

FAXDistribution

E-MailDistribution

Link toother

servers

Link toAT&T FaxBroadcast

System

What’s Important?Scalability

Many simultaneous small-scale alertsOccasional large-scale alerts

SecurityData quality, protection, privacyUser-level access control

ReliabilitySystemsNetworkDenial-of-service attacks

PerformanceNear real-time delivery of alerts

ScalabilityPlatform

ServerWindows Server 2003

.NET Framework 1.1

Unisys ES7000

SQL Server 2000, MSDE

DIBDIBI/OI/O DIBDIBI/OI/O

Server Hardware

CPUCPU

CPUCPU

CPUCPU

CPUCPU

TLCTLC

CPUCPUCPUCPU

CPUCPUCPUCPU

TLCTLC

Crossbar Crossbar Intra-connectIntra-connect

MSUMSU MSUMSUMSUMSU MSUMSU

CPUCPUCPUCPU CPUCPUCPUCPU

Crossbar Crossbar Intra-connectIntra-connect

CPUCPUCPUCPU CPUCPUCPUCPU

TLCTLC TLCTLC

DIBDIBI/OI/ODIBDIBI/OI/O

CPUCPUCPUCPU CPUCPU

Crossbar Crossbar Intra-connectIntra-connect

CPUCPUCPUCPU CPUCPU

CPUCPU

CPUCPU

TLCTLC TLCTLC

DIBDIBI/OI/ODIBDIBI/OI/O

CPUCPUCPUCPU CPUCPUCPUCPU

Crossbar Crossbar Intra-connectIntra-connect

TLCTLC TLCTLC

CPUCPU

CPUCPU

CPUCPU

CPUCPU

CPUCPU

CPUCPU

CPUCPU

CPUCPU

DIBDIBI/OI/ODIBDIBI/OI/O

25.6 25.6 GByte/secGByte/sec

16.8 16.8 GByte/SeGByte/Se

cc

12.8 12.8 GByte/SeGByte/Se

cc

ES7000ES7000

ScalabilityDesign

“Front-end/Back-end” modelServer/Hub .NET Remoting

Server activated objectsClass Factory design pattern

DataPartitioned storeLocalized data ownershipMinimal updates to global dataNo “false sharing” (temporal data locality)

ScalabilityImplementation

ThreadingMinimized synchronization between threads ( no “Bucket Brigade” processing)Used permanent threads or thread poolsMinimized number and size of critical regions

Data accessDedicated connection per threadUsed connection pooling

Heap usageFew, large, long-lived items rather than many, small, volatile items

SecurityPlatform

Windows Server 2003 for serverWindows XP for workstation/hub.NET Framework 1.1

Security

PKI for both Server and Workstation

.NET Remoting endpoints provide centralized access to server and database

Messages in local/server database are encrypted

Laptop scenarios

Outbound e-mail traffic digitally signed

Outbound fax traffic stamped for verification

SecurityUser authentication

Each user has his/her own identity User authenticates thru the hub to the serverIntegrated with Windows security where possible (and desirable)Authentication ultimately the responsibility of the server

Security Authentication

Handshake protocol for authentication between workstation and server

Verification of identity

Verification of code

Establishes session key for encryption of message traffic

Session key has expiration

All traffic is signed and encrypted

Authentication ProcessHelloReq( ConversationID, MyID )[Signed PrivKey, Encrypt PublicKey]HelloRsp( ConversationID, MyID )[Signed PrivKey, Encrypt PublicKey]

VerifyReq( ConversationID, MyID )VerifyRsp( ConversationID, MyID )

MessageReq( ConversationID, MyID )MessageRsp( ConversationID, MyID )

Single ChannelClient

Multi ChannelServer

SecurityData protection

Separate encryption key is used for data protection on the workstationEncryption key is escrowedOnly access to SQL is through stored proceduresApplication code resides on same server as SQL Server (networking disabled)

ReliabilityPlatform

Unisys Unisys ES7000ES7000

EMC EMC SymmetrixSymmetrix

Up to 200kmUp to 200km

Windows Server 2003

.NET Framework 1.1

Microsoft Cluster Services

Unisys Cluster Application Defender

GeoSpan

ReliabilityDesign

No single point-of-failure

Physical isolation

Automated, predicted failover

Fault prevention - verify all input before processing

Fault isolation - “Front-end/back-end” threads

Fault monitoring - reduce MTTR

ReliabilityImplementation

Fault mitigationTransacted operations

Try/catch blocks

MaintainabilityWMI

Enterprise Instrumentation Framework

PerformanceDesign based on .NET Remoting

PerformanceImplementation: Threading Model

Workstation UILong running tasks (initialization)User interactions (keyboard, mouse, etc.).NET RemotingEvent model

Hub/ServerWindows Service.NET RemotingData access (store and forward)

A Glimpse at the Code

Marc Kuperstein

Consultant

demodemo

Summary

Scalability, reliability, security are functions ofPlatform

Design

Implementation

SafeUSA demonstrates that .NET Framework can be used to create mission critical applications that are scalable, reliable, secure, performant

Resources

See SafeUSA technical case study on http://www.microsoft.comBusiness contact

Todd Bower, CEO, SocialTech (todd.bower@trak.org)

Technical contactsGeralyn Miller (gemiller@microsoft.com)Brian Pattinson (brian.pattinson@unisys.com)Marc Kuperstein(marckup@hotmail.com)

Community Resources

Community Resourceshttp://www.microsoft.com/communities/default.mspx

Most Valuable Professional (MVP)http://www.mvp.support.microsoft.com/

NewsgroupsConverse online with Microsoft Newsgroups, including Worldwidehttp://www.microsoft.com/communities/newsgroups/default.mspx

User GroupsMeet and learn with your peershttp://www.microsoft.com/communities/usergroups/default.mspx

Ask The ExpertsGet Your Questions Answered

July 2, 2003 10:00 AM - noon

Community Resources

Community Resourceshttp://www.microsoft.com/communities/default.mspx

Most Valuable Professional (MVP)http://www.mvp.support.microsoft.com/

NewsgroupsConverse online with Microsoft Newsgroups, including Worldwidehttp://www.microsoft.com/communities/newsgroups/default.mspx

User GroupsMeet and learn with your peershttp://www.microsoft.com/communities/usergroups/default.mspx

evaluationsevaluations

© 2003 Microsoft Corporation. All rights reserved.© 2003 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.