final microsoft cloud summit - windows azure building block services
DESCRIPTION
This is my presentation from the Dallas Cloud Summit on July 10th, 2012. It covers ACS and WIF, Cache, and Service Bus topics.TRANSCRIPT
Windows Azure Building Block ServicesAdam Hoffman - @stratospher_es / http://stratospher.esTechnical EvangelistMicrosoft
• Dedicated / Co-Located Cache• Windows Azure Service Bus• Windows Azure Access
Control Service• Bonus:
CloudConfigurationManager
Agenda
Applicationbuilding blocks
StorageBig data
Caching
CDN
Database
Identity
Media
Service Bus
Networking
Traffic
Applicationbuilding blocks
StorageBig data
Caching
CDN
Database
Identity
Media
Service Bus
Networking
Traffic
What’s the cache?
• Use spare memory on your VMs as high-performance cache
• Distributed cache cluster co-located with existing roles, or use dedicated roles
• Named caches with high availability option
• Notifications• Support Memcached protocol
Why dedicated cache?
FasterNo external service calls (additional network hops)Co-located in roles
CheaperNo external service calls (additional cost)Use spare memory that you already paid for
More reliableYour service is running = cache is availableNo throttling as in co-tenant environment
High availability? How?No code necessaryHigh availability makes duplicate copies of cache objects available on other instances of the caching role.Because of this, you need at least 3 instances of the role for true high availability.Copies can be set to 0 (default, no high availability) or 1 (high availability).
Cache Notifications? How?Simple to configureAfter cache notifications have been enabled, simply subscribe to the events to “listen” to the cache hits, evictions, etc.
Dedicated and CoLocated Cache Demo
Cheat Sheet
Microsoft.ApplicationServer.Caching.DataCache cache = new
Microsoft.ApplicationServer.Caching.DataCache("default");
Get a handle to the cache
Get an item from the cacheObjectType myCachedObject =
(ObjectType)cache.Get("cacheKey");
Put an item into the cachecache.Add("cacheKey", myObjectRequiringCaching);
Notice this?The cache requires a storage account to run against, and by default uses “Development Storage”. This is fine for demos (and in the emulator), but be sure to update that configuration before deploying to the cloud, or the role will suffer startup failures.
Notice this?The appropriate Expiration Type for this sort of cache is Absolute instead of Sliding Window. That way, we refresh our Twitter data every N minutes, regardless of how many people ask for it. If it was Sliding Window, we might not ever refresh and get the latest Tweets.
Notice this?In the autoDiscover attribute of the dataCacheClient, we need to point to the Role Name of the worker role that hosts the cache:
Notice this?For CoLocated caches, you end up pointing back to yourself.
What else can I do with the Cache?Windows Azure Load Balancer uses round-robin allocation. Session state must persist to client or storage on every request
LB
session[“foo”] = 1; session[“foo”] = 2;
What is the value of session[“foo”]?
SQL Azure
Windows Azure Storage
Session State
Solving Session StatePersist to Storage via Session State ProviderWindows Azure CachingSQL AzureWindows Azure Storage
Persist to ClientUse cookiesDon’t forget ASP.NET MVC TempData relies on Session State provider by default
Session State with Cache
Demo
Cheat SheetConfigure the application to use the Cache based State Provider
Notice this?To use the cache as a session state provider, remember to change Expiration Type to “Sliding Window” instead of “Absolute” or your Sessions will evaporate unexpectedly.
What else can I do with the Cache?The Output Cache Provider for Windows Azure Caching is an out-of-process storage mechanism for output cache data. This data is specifically for full HTTP responses (page output caching). The provider plugs into the new output cache provider extensibility point that was introduced in ASP.NET 4.
Page Output Caching.
Cheat SheetConfigure the application to use the Cache based Page Output Provider<caching>
<outputCache defaultProvider="DistributedCache">
<providers> <add name="DistributedCache"
type="Microsoft.Web.DistributedCache.DistributedCacheOutputCacheProvider, Microsoft.Web.DistributedCache"
cacheName="default" dataCacheClientName="default" />
</providers> </outputCache>
</caching>Add an OutputCache directive to pages that you wish to cache output.<%@ OutputCache Duration="60" VaryByParam="*" %>
Memcached support• Host a Memcached
cluster in Work Roles• Access a Memcached
cluster from Web/Worker RolesCache worker role
Memcached Shim
Memcached Client
Web/WorkerRole
Web/WorkerRole
M
M
Web/Worker Role
Memcached Shim
Memcached Server
M
Nuget: Microsoft.WindowsAzure.Caching.MemcacheShim
Applicationbuilding blocks
StorageBig data
Caching
CDN
Database
Identity
Media
Service Bus
Networking
Traffic
Service Bus Relay
Cloud/On-Premise Integration
Cloud-Hosted, reliable asynchronous Messaging Infrastructure with Publish/Subscribe
Cloud-Based Relay enabling NAT/Firewall Traversal for reach into on-premises assets
RelayService Bus Relay solves the challenges of communicating between on-premises applications and the outside world by allowing on-premises web services to project public endpoints. Systems can then access these web services, which continue to run on-premises from anywhere on the planet.
Relay Programming ModelFull WCF Programming ModelBindings functionally symmetric with WCFWebHttpRelayBinding (HTTP/REST)BasicHttpRelayBinding (SOAP 1.1)WS2007HttpRelayBinding (SOAP 1.2)NetTcpRelayBinding (Binary transport)
Special Service Bus BindingsNetOnewayRelayBinding (Multicast one-way)NetEventRelayBinding (Multicast one-way)
Transport binding elements for custom binding stacks
WebHttpRelayBinding provides full interoperability with any HTTP/REST client, BasicHttpRelayBinding with any SOAP client
Service Bus: RelayDemo
We’ll host a service in a console application, and project its TCP endpoint through the Service Bus to make it publicly available.
Notice this?In this case we programatically created the endpoints, instead of doing it through configuration. The relay we used in this case was NetTcpRelayBinding.// the endpoint that is projected back through the service bus (note: NetTcpRelayBinding)// This DNS name will be "sb://[serviceNamespace].servicebus.windows.net/solver"host.AddServiceEndpoint(
typeof(IProblemSolver), new NetTcpRelayBinding(),ServiceBusEnvironment.CreateServiceUri("sb", “metrobus", "solver"))
.Behaviors.Add(new TransportClientEndpointBehavior{TokenProvider = TokenProvider.CreateSharedSecretTokenProvider("owner", Microsoft.WindowsAzure.CloudConfigurationManager.GetSetting("ServiceBusSecret"))});
Notice this?The server has an endpoint behavior which uses the Service Bus shared secret, and so does the client. This is how the client gets access to the relay. These two code samples look the same because the are the same.Client.Behaviors.Add(
new TransportClientEndpointBehavior { TokenProvider =
TokenProvider.CreateSharedSecretTokenProvider("owner", Microsoft.WindowsAzure.CloudConfigurationManager.GetSetting("ServiceBusSecret"))
});
Notice this?
.Behaviors.Add(new TransportClientEndpointBehavior { TokenProvider =
TokenProvider.CreateSharedSecretTokenProvider("owner", Microsoft.WindowsAzure.CloudConfigurationManager
.GetSetting("ServiceBusSecret")) });
Server
Messaging
QueueAsynchronous communicationOffline processingLoad-balancing
Topic & SubscriptionAsynchronous communicationPublish/Subscription patternMessage routing
Queue Queue
Queues - Ways to Pull
Receive and DeleteFastest. Message lost if receiver crashes or transmission fails.
Peek LockMessage is locked when retrieved. Reappears on broker when not deleted within lock timeout.
Receive and Delete
2. Delete/Unlock
1. Peek/Lock
Broker Message
Messages
Brokered messaging properties are not SOAP headers
Properties are key/value pairs that may very well carry payloads
It’s not uncommon to have messages with empty message bodies
Key Value
Key Value
Key Value
Key Value
Body
Queues vs. Queues
Azure Queues• Part of the Windows Azure storage infrastructure• Simple REST-based Get/Put/Peek interface
Message Bus Queues• Part of a broader Windows Azure messaging infrastructure • Built on top of the broader “brokered messaging” infrastructure
designed to integrate applications or application components that may span multiple communication protocols, data contracts, trust domains, and/or network environments (i.e., are side by side with topics, queues, relays and the rest)
http://aka.ms/q-vs-q
Queues vs. Queues, ConsiderationsConsider Azure Queues if:• Your application needs to store over 5 GB worth of messages in a
queue, where the messages have a lifetime shorter than 7 days.• Your application requires flexible leasing to process its messages. This
allows messages to have a very short lease time, so that if a worker crashes, the message can be processed again quickly. It also allows a worker to extend the lease on a message if it needs more time to process it, which helps deal with non-deterministic processing time of messages.
• Your application wants to track progress for processing a message inside of the message. This is useful if the worker processing a message crashes. A subsequent worker can then use that information to continue where the prior worker left off. You can update queue messages “in flight”.
• You require server side logs of all of the transactions executed against your queues (via the Storage Analytics Logging feature).http://aka.ms/q-vs-q
Queues vs. Queues, ConsiderationsConsider Message Bus Queues if:• Your solution needs to be able to support automatic duplicate
detection (e.g. eCommerce)• The time-to-live (TTL) characteristic of the application-specific
workload can exceed the 7-day period.• Your application handles messages that can exceed 64 KB but will not
likely approach the 256 KB limit.• Your solution requires the queue to provide a guaranteed first-in-first-
out (FIFO) ordered delivery.• Your queue size will not grow larger than 5 GB.• Your messaging solution needs to be able to support the “At-Most-
Once” delivery guarantee without the need for you to build the additional infrastructure components.
• You would like to be able to publish batches.http://aka.ms/q-vs-q
Queues vs. Queues, Side by Side
http://aka.ms/q-vs-q
Comparison Criteria Windows Azure Queues Service Bus Queues
Ordering guarantee No
Yes - First-In-First-Out (FIFO) (through the use of messaging sessions)
Delivery guarantee At-Least-Once At-Least-Once At-Most-Once
Transaction support No Yes (through the use of local transactions)
Lease/Lock duration30 seconds (default) 7 days (maximum)
60 seconds (default) 5 minutes (maximum)
Batched send No
Yes (through the use of transactions or client-side batching)
Service Bus: QueuesDemo
Cheat Sheet
namespaceManager = Microsoft.ServiceBus.NamespaceManager
.CreateFromConnectionString(“…”);
NamespaceManager is the root of managing your namespace!
Create the Queue if necessary
if (!namespaceManager.QueueExists(queueName)) namespaceManager.CreateQueue(queueName);
Cheat SheetWhat does a Service Bus connection string look like?Endpoint=
sb://<namespace>.servicebus.windows.net/;
SharedSecretIssuer=<issuer>;SharedSecretValue=<sharedSecret>
Cheat SheetMessagingFactory and MessageSender let you create itemsif (messagingFactory == null)
messagingFactory = MessagingFactory.CreateFromConnectionString(“…”);if (messageSender == null)
messageSender = messagingFactory.CreateMessageSender(queueName);
Cheat SheetNow, with that MessageSender, create some BrokeredMessage(s)BrokeredMessage message = new BrokeredMessage();message.Label = “Hello from your new message.”message.Properties.Add( new KeyValuePair<string,object>(“FirstName", “Adam"));message.Properties.Add( new KeyValuePair<string,object>(“LastName", “Hoffman"));
messageSender.Send(message);
Cheat SheetMessagingFactory and MessageReceiver let you get those itemsif (messagingFactory == null)
messagingFactory = MessagingFactory.CreateFromConnectionString(“…”);if (messageReceiver == null)
messageReceiver = messagingFactory.CreateMessageReceiver(queueName);
Cheat SheetNow, with that MessageReceiver, grab those BrokeredMessage(s)BrokeredMessage message = new BrokeredMessage();// wait only 5 seconds...message = messageReceiver.Receive(new TimeSpan(0, 0, 5)); if (message != null){
try{…// Remove message from queuemessage.Complete();
}catch (Exception){
// Indicate a problem, unlock message in queuemessage.Abandon();
}}
Queues vs. Topics
Sequential Message Log
Competing Consumers
Shared Cursors and Locks over the log
Sequential Message Log
Multiple subscribers over the log, each with own cur/locks
Subscribers can filter with expressions on properties
Competing Consumers on each subscription
SubSubSub
Topic Filters
Filter conditions operate on message properties and are expressed in SQL’92 syntax InvoiceTotal > 10000.00 OR ClientRating <3ShipDestCtry = ‘USA’ AND ShipDestState=‘WA’LastName LIKE ‘V%’
Why Topics?
SubSubSub
Message DistributionEach receiver gets its own copy of each message. Subscriptions are independent. Allows for many independent ‘taps’ into a message stream. Subscriber can filter down by interest.
Constrained Message Distribution (Partitioning)Receiver get mutually exclusive slices of the message stream by creating appropriate filter expressions.
Don’t forget, the sender can be anyone.
Service Bus: Topics and Subscriptions
Demo
Cheat Sheet
namespaceManager = Microsoft.ServiceBus.NamespaceManager
.CreateFromConnectionString(“…”);
NamespaceManager is (again) the root of managing your namespace!
Create the Topic if necessary
if (!namespaceManager.TopicExists(topicName)) namespaceManager.CreateTopic(topicName);
Cheat Sheet – SendingTopicClient let’s you send BrokeredMessage(s)
TopicClient topicClient = TopicClient.CreateFromConnectionString(“…”, topic);
BrokeredMessage message = new BrokeredMessage();message.Label = “Hello from your new message.”message.Properties.Add(
new KeyValuePair<string,object>(“FirstName", “Adam"));message.Properties.Add(
new KeyValuePair<string,object>(“LastName", “Hoffman"));
topicClient.Send(message);
Cheat Sheet - ReceivingNamespaceManager helps create the subscription.
if (!NamespaceManager.SubscriptionExists(topicName, "AllMessages")){NamespaceManager.CreateSubscription(
topicName, "AllMessages");
ListenForMessages(topicName);}
Cheat Sheet - ReceivingMessagingFactory and MessageReceiver let you get the messages.MessagingFactory mf = MessagingFactory.CreateFromConnectionString(“…”);MessageReceiver mr = mf.CreateMessageReceiver(
topicName + "/subscriptions/" + "AllMessages");
BrokeredMessage message = mr.Receive();…// Remove message from subscriptionmessage.Complete();Or…// Indicate a problem, unlock message in subscriptionmessage.Abandon();
Cheat Sheet – Filtering the messagesFilters parameterize the Subscription…SqlFilter highMessagesFilter = new SqlFilter("MessageNumber > 3"); NamespaceManager.CreateSubscription("TestTopic", "HighMessages", highMessagesFilter);SqlFilter highMessagesFilter = new SqlFilter(“FirstName = ‘Adam’"); NamespaceManager.CreateSubscription("TestTopic", “GuysNamedAdam", adamMessageFilter);
MessageReceiver mr = mf.CreateMessageReceiver(topicName + "/subscriptions/" + “GuysNamedAdam");
Applicationbuilding blocks
StorageBig data
Caching
CDN
Database
Identity
Media
Service Bus
Networking
Traffic
Security challenge
Your App
Authentication
Authorization
User store
ManagementUI
Forget password?
Customersupport Data
protection
Integrationwith AD
LDAPUser
mapping
Synchronization
IntegrationWith
MoreUser
mapping
FacebookAuth API
MoreSynchronizatio
n
Solution: Claim-based architecture
Your App
?“User is Joe”“Role is Administrator”
ACS +
WIF
Solution: Claim-based architecture
LegendIP = Identity ProviderACS = Access Control ServiceRP = Relying Party (your app)Client = Your Users
Digital identity in a nutshell
Seat is 28A
ACSWIF
IdP
IdP
Token
Token
User
RP Claim:
Home Realm Discovery
ACS
Federated security with ACS
Demo
Notice this?Implementing a “claims transformer”.
public class RoleSetter : ClaimsAuthenticationManager{
public override ClaimsPrincipal Authenticate(string resourceName, ClaimsPrincipal incomingPrincipal)
{if (incomingPrincipal != null &&
incomingPrincipal.Identity.IsAuthenticated == true){
//DECIDE ON SOME CRITERIA IF CURRENT USER DESERVES THE ROLEClaimsIdentity identity =
(ClaimsIdentity)incomingPrincipal.Identity;IEnumerable<Claim> claims = identity.Claims;
if (DoYourCheckHere())((ClaimsIdentity)incomingPrincipal.Identity).AddClaim(new Claim(ClaimTypes.Role, "Admin"));
}return incomingPrincipal;
}
Notice this?Wiring up a “claims transformer”.
<system.identityModel> <identityConfiguration> <claimsAuthenticationManager
type="ClaimsTransformer.RoleSetter, ClaimsTransformer"/>
…
Notice this?Checking for a claim (e.g. a role check):
if (User.IsInRole("Admin"))Response.Write("The code is
42...<br/>");else
Response.Write(“No soup for you.");
Bonus: CloudConfigurationManagerDemo
Notice this?The output window shows the path of trying to get the config values:
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Download the Windows Azure SDK!
http://aka.ms/GetAzureNow
SDKs for .NET, Java, PHP, Node.js and PythonSample librariesTutorials and VideosCommunity ForumsMuch, much more!
Sign Up for Windows AzureMSDN Subscription Benefits
Free Windows Azure access for Professional, Premium, and Ultimate subscribers
Designed to accelerate development
Requires credit card at sign-up for any overages beyond free allocation
3 Month Free Trial
ComputeStorageTransactionsBandwidth
DatabasesCachingAccess ControlService Bus
INCLUDES THESE SERVICES: BENEFITS INCLUDE:
http://aka.ms/MSDNAzurehttp://aka.ms/Azure90DayTrial
OnewayNetOnewayRelayBindingAll TCP and HTTP listeners use one-way as internal control channel60KB message-size limitOne-way onlyNo rendezvous overhead
Backend
NamingRouting
Fabric
solution. a b
FrontendNodes
outbound
connect one-way
net.tcp
outbound connect bidi socket
MsgMsg
NATFirewall
Dynamic IP
NLB TCP/SSL HTTP(S)TCP/SSL HTTP(S)
RouteSubscribe
Event•NetEventRelayBinding
•Small-Scale Synchronous Multicast
•60KB message-size limit
•One-way only
•No rendezvous overhead
Backend
NamingRouting
Fabric
solution. a b
FrontendNodes
outbound
connect one-way
net.tcp
outbound connect bidi socket
MsgMsg
TCP/SSL HTTP(S)TCP/SSL HTTP(S)
RouteSubscribe
outbound connect bidi socket
Msg
Rendezvous(TCP & HTTP)
•NetTcpRelayBinding
•WebHttpRelayBinding
•BasicHttpRelayBinding
•WS2007RelayBinding
•Rendezvous Handshake
•Bi-Directional
•Net.Tcp Full Duplex
•No message size limit
solution. a b
NLB
outbound socket rendezvous
HTTP/SocketForwarder
outbound
socket connect
Ctrl
Ctrl
TCP/SSL or HTTP
Backend
NamingRouting
Fabric
FrontendNodes
solution. a bBacken
dNamingRouting
Fabric
FrontendNodes
Hybrid Connect
•Special Mode of NetTcpRelayBinding
•TcpRelayConnection-Mode.Hybrid
•Starts as relayed connection
•Performs NAT probing and behavior prediction
•Establishes direct connection and upgrades if possible
•Upgrade driven by traffic
•Takes large transfers off the Relay
•No transfer charges, lower latency
relayed connect
NAT Probing
CtrlNAT Probing
NAT Traversal Connection
Upgrade
Upgrade
relayed rendezvous
Oneway RendezvousCtrl Msg
TCP/SSL HTTP(S)