c loud guidance
description
Transcript of c loud guidance
![Page 2: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/2.jpg)
Agenda
Why care
How to think about and exploit the Windows Azure Platform
Real-world walk-through/demo
Discussion
Step 1 - Unlocking the Cloud
![Page 3: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/3.jpg)
“You can have any color Model T so long as it's black.”
Pop Quiz
![Page 4: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/4.jpg)
You can have any colour Model T so long as it's black.
![Page 5: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/5.jpg)
The model of “one size fits all” is now seen by most IT organizations as being flawed.
![Page 6: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/6.jpg)
“Packaged”Application
An application that I buy “off the
shelf” and run myself.
Self Hosted “Home Built”
An application that I develop and
run myself.
Build
vs.
Buy
Build
Buy
Hosted “Home Built”
An application that I develop
myself, but run at a hoster.
Hosted “Packaged”
An application that I buy “off the
shelf” and then run at a hoster.
Cloud Platform
An application that I develop
myself, but run in the cloud.
“Software as a Service”
A hosted application that I
buy from a provider.
On premises vs. CloudOn premises Cloud
Trade-offs
![Page 7: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/7.jpg)
Windows Azure Platform
![Page 8: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/8.jpg)
Windows Azure
Applications
.NET Services
SQL Azure
Applications
OthersWindowsMobile
WindowsVista/XP
WindowsServer
Windows Azure PlatformAn illustration
![Page 9: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/9.jpg)
Windows Azure
![Page 10: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/10.jpg)
Windows Azure Basics
The goal of Windows Azure is to provide a platform that is scalable and available
Windows Azure can run various kinds of Windows applications:
.NET applicationsUnmanaged codePHP. . .
![Page 11: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/11.jpg)
.NET Services
Windows Azure
Applications
Applications
SQL Azure
OthersWindowsMobile
WindowsVista/XP
WindowsServer
Fabric
Storage
Config
Compute
Application
Windows AzureWindows in the cloud
![Page 12: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/12.jpg)
…
Fabric
Compute Storage
Application
VMs VMs
Windows Azure Fabric
main(){ … }
Agent Agent
Windows Azure Compute Service A closer look
Load Balancer
HTTPIIS
ASP.NET,WCF etc.
![Page 13: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/13.jpg)
Windows Azure Compute ServicePoints of interest
The VMs are provided by a cloud-optimized hypervisorFor developers:
Applications see a 64-bit Windows Server 2008 interface
A few things require accessing the Windows Azure Agent, e.g., logging
A desktop facsimile of Windows Azure in the cloud is provided for development
![Page 14: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/14.jpg)
…
Fabric
Compute Storage
Application
Windows Azure Storage ServiceA closer look
Blobs
HTTP/ HTTPS
Tables Queues
![Page 15: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/15.jpg)
Windows Azure StoragePoints of interest
Storage types:Blobs: a simple hierarchy of binary dataTables: entity storage (not relational tables)Queues: allow communication among web and worker role instances
Access:Data is exposed via a RESTful interfaceData can be accessed by:
Windows Azure applicationsOther on-premises or cloud applications
![Page 16: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/16.jpg)
Table . . .TableTable
Entity . . .EntityEntity
Property Property . . .Property
Windows Azure StorageA closer look at tables
Name Type Value
![Page 17: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/17.jpg)
Windows Azure StorageTables: Challenges
Access via RESTYou can’t use ordinary ADO.NET
No SQLNo real joins, aggregates, etc.
An unfamiliar hierarchical structureYou can’t easily move relational data to itSupporting services are scarce, e.g., reporting
No schema
![Page 18: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/18.jpg)
Windows Azure StorageTables: Strengths
Massive scalabilityBy effectively allowing scale-out data
Applied to the right problem, Windows Azure Tables are a beautiful thing
![Page 19: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/19.jpg)
Web RoleInstance
Queue
1) Receive work
3) Dequeue message
4) Do work
2) Enqueue message
5) Delete message
Worker RoleInstance
Using QueuesThe suggested application model
![Page 20: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/20.jpg)
Guidance on Using Windows Azure
![Page 21: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/21.jpg)
Using Windows AzureSome examples
A start-up might create a new Web application on Windows Azure
They can fail fast or scale fastAn ISV might create a SaaS version of an existing .NET application on Windows Azure
It’s .NET, so porting the code is doableAn enterprise might build a new application on Windows Azure
It’s .NET, so developers are plentiful
![Page 22: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/22.jpg)
SQL Azure
![Page 23: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/23.jpg)
SQL Azure
.NET Services
Windows Azure
Applications
Applications
OthersWindowsMobile
WindowsVista/XP
WindowsServer
SQL AzureData services in the cloud
SQL Azure
Others (Future)
![Page 24: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/24.jpg)
SQL AzureToday:
SQL AzureFormerly known as SQL Server Data Services (SSDS)
In the future: ReportingAnalysisExtract/Transform/Load (ETL) servicesMore
![Page 25: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/25.jpg)
TDS Database
Database
Database
SQL Azure
Others (Future)
SQL AzureAn illustration
![Page 26: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/26.jpg)
Guidance on Using SQL Azure
![Page 27: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/27.jpg)
Using SQL AzureSome examples
A Windows Azure application might use SQL Azure for its dataA departmental app could use SQL Azure rather than a local database
For better reliability and availabilityAn organization might make data available to both in-house and partner apps through SQL Azure
Such as a company with a far-flung dealer network
![Page 28: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/28.jpg)
.NET Services
![Page 29: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/29.jpg)
.NET Services
Windows Azure
Applications
Applications
SQL Azure
OthersWindowsMobile
WindowsVista/XP
WindowsServer
Service Bus
Access Control ?
.NET ServicesInfrastructure in the cloud
![Page 30: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/30.jpg)
The Access Control Service
The problem:Different organizations identify users with tokens containing different claimsApplications can be faced with a confusing mess
The solution: The Access Control Service implements a security token service (STS) in the cloudIt accepts one token and issues another
The claims in the outgoing token can differ from those in the incoming token
An administrator can define rules for how this claims transformation is done
![Page 31: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/31.jpg)
Service Bus
The problem: Exposing internal applications on the Internet isn’t easy
Network address translation (NAT) and firewalls get in the way
The solution:Service Bus provides a cloud-based intermediary between clients and internal applicationsIt also provides a service registry that clients can use to find the services they need
![Page 32: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/32.jpg)
Access Control
Service Bus
Service Bus
Registry
Endpoints
Organization YOrganization X
Application Application
Service Bus
2) Discover endpoints
1) Register endpoints3) Access
application
![Page 33: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/33.jpg)
Guidance on Using .NET Services
![Page 34: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/34.jpg)
Using .NET ServicesSome examples
An app that’s accessed over the Internet from different organizations might rely on Access Control to rationalize the identity information it receives
And to do access controlAn enterprise might expose an internal application to its trading partners via Service Bus
![Page 35: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/35.jpg)
Note: this is a bit of a trick question, and it has to do with security….
What are the first two questions an application has to answer?
Pop Quiz
![Page 36: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/36.jpg)
In A Nutshell
Your CustomersYour Application
.NET
Acc
ess
Cont
rol S
ervi
ceAc
coun
t
<Any ID Provider>
Live ID Users
XYZ Domain Users
Who is the caller?
What can they do?
ServiceBus
WorkflowService
SQL DataService
Web UI
![Page 37: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/37.jpg)
Step 1. Unlocking the CloudAuthentication and Authorization
![Page 38: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/38.jpg)
Glaxo Smith Kline – “BigPharma”
![Page 39: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/39.jpg)
A day in the life…John is a scientist doing research @ BigPharmaHas an idea…Needs a new Biological Reagent…
Options:1. Search the web
1. Multiple sources2. Different formats3. Security constraints
2. Call colleagues to see if they have it1. Expensive
3. Go to the Lab and create it1. 2 -3 months2. Expensive
![Page 40: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/40.jpg)
Cloud-Catalog
Firewall
PharmaX
Firewall FirewallFirewall
Access Control & Security
Queries QueriesUploadsUpdatesQueries
UploadsUpdatesQueries
China Subsidiary
LitwareReagent
DB
BigPharmaReagent
DB
PharmaXReagent
DB
![Page 41: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/41.jpg)
Key requirementsDe-centralized managementAccess Control
(Very) fine grained Access ControlOrg Row Field
X-OrgLeveraging existing Identity and AuthZ infrastructureGeo-distributed informationFlexible data schemaInteroperability through standards
![Page 42: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/42.jpg)
a working prototypeProvisioningUsing the catalog
demo
![Page 43: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/43.jpg)
Key requirements – recapDe-centralized management
Self-provisioningMulti-tenant architecture (extensibility, customization, etc)
Access Control(Very) fine grained Access ControlOrg Row FieldCross-Organization
Leveraging existing Identity and AuthZ infrastructureSSO
Flexible data schemaInteroperability through standards:
WS-* WS-Federation, WS-Trust, SAML
Geo-distributed information
![Page 44: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/44.jpg)
Identity & Access ControlFederation & Claims
3
1
2IP-STS
STS
![Page 45: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/45.jpg)
An event analogyTechEd
Operations
TechEdSessions
TechEdParty
Attendee
Speaker
Staff
TechEdSpeakerRoom
![Page 46: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/46.jpg)
Identity & Access ControlFederation & Claims
ADFS
Windows Identity Foundation
![Page 47: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/47.jpg)
a working prototypedemo
More on Access Control
![Page 48: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/48.jpg)
Takeaways
Cloud computing is herepatterns & practices is building guidance
Claims-based Authentication and Authorization‘Cloudlib’
A new world is unfoldingPrepare to be part of it
![Page 49: c loud guidance](https://reader035.fdocuments.in/reader035/viewer/2022062517/56813b8c550346895da4bc3d/html5/thumbnails/49.jpg)
Agenda
Why care
How to think about and exploit the Windows Azure Platform
Real-world walk-through/demo
Discussion
Step 1 - Unlocking the Cloud