Windows Azure Building Block ServicesAdam Hoffman - @stratospher_es / http://stratospher.esTechnical EvangelistMicrosoft

• Dedicated / Co-Located Cache• Windows Azure Service Bus• Windows Azure Access

Control Service• Bonus:

CloudConfigurationManager

Agenda

Applicationbuilding blocks

StorageBig data

Caching

CDN

Database

Identity

Media

Service Bus

Networking

Traffic

Applicationbuilding blocks

StorageBig data

Caching

CDN

Database

Identity

Media

Service Bus

Networking

Traffic

What’s the cache?

• Use spare memory on your VMs as high-performance cache

• Distributed cache cluster co-located with existing roles, or use dedicated roles

• Named caches with high availability option

• Notifications• Support Memcached protocol

Why dedicated cache?

FasterNo external service calls (additional network hops)Co-located in roles

CheaperNo external service calls (additional cost)Use spare memory that you already paid for

More reliableYour service is running = cache is availableNo throttling as in co-tenant environment

High availability? How?No code necessaryHigh availability makes duplicate copies of cache objects available on other instances of the caching role.Because of this, you need at least 3 instances of the role for true high availability.Copies can be set to 0 (default, no high availability) or 1 (high availability).

Cache Notifications? How?Simple to configureAfter cache notifications have been enabled, simply subscribe to the events to “listen” to the cache hits, evictions, etc.

Dedicated and CoLocated Cache Demo

Cheat Sheet

Microsoft.ApplicationServer.Caching.DataCache cache = new

Microsoft.ApplicationServer.Caching.DataCache("default");

Get a handle to the cache

Get an item from the cacheObjectType myCachedObject =

(ObjectType)cache.Get("cacheKey");

Put an item into the cachecache.Add("cacheKey", myObjectRequiringCaching);

Notice this?The cache requires a storage account to run against, and by default uses “Development Storage”. This is fine for demos (and in the emulator), but be sure to update that configuration before deploying to the cloud, or the role will suffer startup failures.

Notice this?The appropriate Expiration Type for this sort of cache is Absolute instead of Sliding Window. That way, we refresh our Twitter data every N minutes, regardless of how many people ask for it. If it was Sliding Window, we might not ever refresh and get the latest Tweets.

Notice this?In the autoDiscover attribute of the dataCacheClient, we need to point to the Role Name of the worker role that hosts the cache:

Notice this?For CoLocated caches, you end up pointing back to yourself.

What else can I do with the Cache?Windows Azure Load Balancer uses round-robin allocation. Session state must persist to client or storage on every request

LB

session[“foo”] = 1; session[“foo”] = 2;

What is the value of session[“foo”]?

SQL Azure

Windows Azure Storage

Session State

Solving Session StatePersist to Storage via Session State ProviderWindows Azure CachingSQL AzureWindows Azure Storage

Persist to ClientUse cookiesDon’t forget ASP.NET MVC TempData relies on Session State provider by default

Session State with Cache

Demo

Cheat SheetConfigure the application to use the Cache based State Provider

Notice this?To use the cache as a session state provider, remember to change Expiration Type to “Sliding Window” instead of “Absolute” or your Sessions will evaporate unexpectedly.

What else can I do with the Cache?The Output Cache Provider for Windows Azure Caching is an out-of-process storage mechanism for output cache data. This data is specifically for full HTTP responses (page output caching). The provider plugs into the new output cache provider extensibility point that was introduced in ASP.NET 4.

Page Output Caching.

Cheat SheetConfigure the application to use the Cache based Page Output Provider<caching>

<outputCache defaultProvider="DistributedCache">

<providers> <add name="DistributedCache"

type="Microsoft.Web.DistributedCache.DistributedCacheOutputCacheProvider, Microsoft.Web.DistributedCache"

cacheName="default" dataCacheClientName="default" />

</providers> </outputCache>

</caching>Add an OutputCache directive to pages that you wish to cache output.<%@ OutputCache Duration="60" VaryByParam="*" %>

Memcached support• Host a Memcached

cluster in Work Roles• Access a Memcached

cluster from Web/Worker RolesCache worker role

Memcached Shim

Memcached Client

Web/WorkerRole

Web/WorkerRole

M

M

Web/Worker Role

Memcached Shim

Memcached Server

M

Nuget: Microsoft.WindowsAzure.Caching.MemcacheShim

Applicationbuilding blocks

StorageBig data

Caching

CDN

Database

Identity

Media

Service Bus

Networking

Traffic

Service Bus Relay

Cloud/On-Premise Integration

Cloud-Hosted, reliable asynchronous Messaging Infrastructure with Publish/Subscribe

Cloud-Based Relay enabling NAT/Firewall Traversal for reach into on-premises assets

RelayService Bus Relay solves the challenges of communicating between on-premises applications and the outside world by allowing on-premises web services to project public endpoints. Systems can then access these web services, which continue to run on-premises from anywhere on the planet.

Relay Programming ModelFull WCF Programming ModelBindings functionally symmetric with WCFWebHttpRelayBinding (HTTP/REST)BasicHttpRelayBinding (SOAP 1.1)WS2007HttpRelayBinding (SOAP 1.2)NetTcpRelayBinding (Binary transport)

Special Service Bus BindingsNetOnewayRelayBinding (Multicast one-way)NetEventRelayBinding (Multicast one-way)

Transport binding elements for custom binding stacks

WebHttpRelayBinding provides full interoperability with any HTTP/REST client, BasicHttpRelayBinding with any SOAP client

Service Bus: RelayDemo

We’ll host a service in a console application, and project its TCP endpoint through the Service Bus to make it publicly available.

Notice this?In this case we programatically created the endpoints, instead of doing it through configuration. The relay we used in this case was NetTcpRelayBinding.// the endpoint that is projected back through the service bus (note: NetTcpRelayBinding)// This DNS name will be "sb://[serviceNamespace].servicebus.windows.net/solver"host.AddServiceEndpoint(

typeof(IProblemSolver), new NetTcpRelayBinding(),ServiceBusEnvironment.CreateServiceUri("sb", “metrobus", "solver"))

.Behaviors.Add(new TransportClientEndpointBehavior{TokenProvider = TokenProvider.CreateSharedSecretTokenProvider("owner", Microsoft.WindowsAzure.CloudConfigurationManager.GetSetting("ServiceBusSecret"))});

Notice this?The server has an endpoint behavior which uses the Service Bus shared secret, and so does the client. This is how the client gets access to the relay. These two code samples look the same because the are the same.Client.Behaviors.Add(

new TransportClientEndpointBehavior { TokenProvider =

TokenProvider.CreateSharedSecretTokenProvider("owner", Microsoft.WindowsAzure.CloudConfigurationManager.GetSetting("ServiceBusSecret"))

});

Notice this?

.Behaviors.Add(new TransportClientEndpointBehavior { TokenProvider =

TokenProvider.CreateSharedSecretTokenProvider("owner", Microsoft.WindowsAzure.CloudConfigurationManager

.GetSetting("ServiceBusSecret")) });

Server

Messaging

QueueAsynchronous communicationOffline processingLoad-balancing

Topic & SubscriptionAsynchronous communicationPublish/Subscription patternMessage routing

Queue Queue

Queues - Ways to Pull

Receive and DeleteFastest. Message lost if receiver crashes or transmission fails.

Peek LockMessage is locked when retrieved. Reappears on broker when not deleted within lock timeout.

Receive and Delete

2. Delete/Unlock

1. Peek/Lock

Broker Message

Messages

Brokered messaging properties are not SOAP headers

Properties are key/value pairs that may very well carry payloads

It’s not uncommon to have messages with empty message bodies

Key Value

Key Value

Key Value

Key Value

Body

Queues vs. Queues

Azure Queues• Part of the Windows Azure storage infrastructure• Simple REST-based Get/Put/Peek interface

Message Bus Queues• Part of a broader Windows Azure messaging infrastructure • Built on top of the broader “brokered messaging” infrastructure

designed to integrate applications or application components that may span multiple communication protocols, data contracts, trust domains, and/or network environments (i.e., are side by side with topics, queues, relays and the rest)

http://aka.ms/q-vs-q

Queues vs. Queues, ConsiderationsConsider Azure Queues if:• Your application needs to store over 5 GB worth of messages in a

queue, where the messages have a lifetime shorter than 7 days.• Your application requires flexible leasing to process its messages. This

allows messages to have a very short lease time, so that if a worker crashes, the message can be processed again quickly. It also allows a worker to extend the lease on a message if it needs more time to process it, which helps deal with non-deterministic processing time of messages.

• Your application wants to track progress for processing a message inside of the message. This is useful if the worker processing a message crashes. A subsequent worker can then use that information to continue where the prior worker left off. You can update queue messages “in flight”.

• You require server side logs of all of the transactions executed against your queues (via the Storage Analytics Logging feature).http://aka.ms/q-vs-q

Queues vs. Queues, ConsiderationsConsider Message Bus Queues if:• Your solution needs to be able to support automatic duplicate

detection (e.g. eCommerce)• The time-to-live (TTL) characteristic of the application-specific

workload can exceed the 7-day period.• Your application handles messages that can exceed 64 KB but will not

likely approach the 256 KB limit.• Your solution requires the queue to provide a guaranteed first-in-first-

out (FIFO) ordered delivery.• Your queue size will not grow larger than 5 GB.• Your messaging solution needs to be able to support the “At-Most-

Once” delivery guarantee without the need for you to build the additional infrastructure components.

• You would like to be able to publish batches.http://aka.ms/q-vs-q

Queues vs. Queues, Side by Side

http://aka.ms/q-vs-q

Comparison Criteria Windows Azure Queues Service Bus Queues

Ordering guarantee No

Yes - First-In-First-Out (FIFO) (through the use of messaging sessions)

Delivery guarantee At-Least-Once At-Least-Once At-Most-Once

Transaction support No Yes (through the use of local transactions)

Lease/Lock duration30 seconds (default) 7 days (maximum)

60 seconds (default) 5 minutes (maximum)

Batched send No

Yes (through the use of transactions or client-side batching)

Service Bus: QueuesDemo

Cheat Sheet

namespaceManager = Microsoft.ServiceBus.NamespaceManager

.CreateFromConnectionString(“…”);

NamespaceManager is the root of managing your namespace!

Create the Queue if necessary

if (!namespaceManager.QueueExists(queueName)) namespaceManager.CreateQueue(queueName);

Cheat SheetWhat does a Service Bus connection string look like?Endpoint=

sb://<namespace>.servicebus.windows.net/;

SharedSecretIssuer=<issuer>;SharedSecretValue=<sharedSecret>

Cheat SheetMessagingFactory and MessageSender let you create itemsif (messagingFactory == null)

messagingFactory = MessagingFactory.CreateFromConnectionString(“…”);if (messageSender == null)

messageSender = messagingFactory.CreateMessageSender(queueName);

Cheat SheetNow, with that MessageSender, create some BrokeredMessage(s)BrokeredMessage message = new BrokeredMessage();message.Label = “Hello from your new message.”message.Properties.Add( new KeyValuePair<string,object>(“FirstName", “Adam"));message.Properties.Add( new KeyValuePair<string,object>(“LastName", “Hoffman"));

messageSender.Send(message);

Cheat SheetMessagingFactory and MessageReceiver let you get those itemsif (messagingFactory == null)

messagingFactory = MessagingFactory.CreateFromConnectionString(“…”);if (messageReceiver == null)

messageReceiver = messagingFactory.CreateMessageReceiver(queueName);

Cheat SheetNow, with that MessageReceiver, grab those BrokeredMessage(s)BrokeredMessage message = new BrokeredMessage();// wait only 5 seconds...message = messageReceiver.Receive(new TimeSpan(0, 0, 5)); if (message != null){

try{…// Remove message from queuemessage.Complete();

}catch (Exception){

// Indicate a problem, unlock message in queuemessage.Abandon();

}}

Queues vs. Topics

Sequential Message Log

Competing Consumers

Shared Cursors and Locks over the log

Sequential Message Log

Multiple subscribers over the log, each with own cur/locks

Subscribers can filter with expressions on properties

Competing Consumers on each subscription

SubSubSub

Topic Filters

Filter conditions operate on message properties and are expressed in SQL’92 syntax InvoiceTotal > 10000.00 OR ClientRating <3ShipDestCtry = ‘USA’ AND ShipDestState=‘WA’LastName LIKE ‘V%’

Why Topics?

SubSubSub

Message DistributionEach receiver gets its own copy of each message. Subscriptions are independent. Allows for many independent ‘taps’ into a message stream. Subscriber can filter down by interest.

Constrained Message Distribution (Partitioning)Receiver get mutually exclusive slices of the message stream by creating appropriate filter expressions.

Don’t forget, the sender can be anyone.

Service Bus: Topics and Subscriptions

Demo

Cheat Sheet

namespaceManager = Microsoft.ServiceBus.NamespaceManager

.CreateFromConnectionString(“…”);

NamespaceManager is (again) the root of managing your namespace!

Create the Topic if necessary

if (!namespaceManager.TopicExists(topicName)) namespaceManager.CreateTopic(topicName);

Cheat Sheet – SendingTopicClient let’s you send BrokeredMessage(s)

TopicClient topicClient = TopicClient.CreateFromConnectionString(“…”, topic);

BrokeredMessage message = new BrokeredMessage();message.Label = “Hello from your new message.”message.Properties.Add(

new KeyValuePair<string,object>(“FirstName", “Adam"));message.Properties.Add(

new KeyValuePair<string,object>(“LastName", “Hoffman"));

topicClient.Send(message);

Cheat Sheet - ReceivingNamespaceManager helps create the subscription.

if (!NamespaceManager.SubscriptionExists(topicName, "AllMessages")){NamespaceManager.CreateSubscription(

topicName, "AllMessages");

ListenForMessages(topicName);}

Cheat Sheet - ReceivingMessagingFactory and MessageReceiver let you get the messages.MessagingFactory mf = MessagingFactory.CreateFromConnectionString(“…”);MessageReceiver mr = mf.CreateMessageReceiver(

topicName + "/subscriptions/" + "AllMessages");

BrokeredMessage message = mr.Receive();…// Remove message from subscriptionmessage.Complete();Or…// Indicate a problem, unlock message in subscriptionmessage.Abandon();

Cheat Sheet – Filtering the messagesFilters parameterize the Subscription…SqlFilter highMessagesFilter = new SqlFilter("MessageNumber > 3"); NamespaceManager.CreateSubscription("TestTopic", "HighMessages", highMessagesFilter);SqlFilter highMessagesFilter = new SqlFilter(“FirstName = ‘Adam’"); NamespaceManager.CreateSubscription("TestTopic", “GuysNamedAdam", adamMessageFilter);

MessageReceiver mr = mf.CreateMessageReceiver(topicName + "/subscriptions/" + “GuysNamedAdam");

Applicationbuilding blocks

StorageBig data

Caching

CDN

Database

Identity

Media

Service Bus

Networking

Traffic

Security challenge

Your App

Authentication

Authorization

User store

ManagementUI

Forget password?

Customersupport Data

protection

Integrationwith AD

LDAPUser

mapping

Synchronization

IntegrationWith

Facebook

MoreUser

mapping

FacebookAuth API

MoreSynchronizatio

n

Solution: Claim-based architecture

Your App

?“User is Joe”“Role is Administrator”

ACS +

WIF

Solution: Claim-based architecture

LegendIP = Identity ProviderACS = Access Control ServiceRP = Relying Party (your app)Client = Your Users

Digital identity in a nutshell

Seat is 28A

ACSWIF

IdP

IdP

Token

Token

User

RP Claim:

Home Realm Discovery

ACS

Federated security with ACS

Demo

Notice this?Implementing a “claims transformer”.

public class RoleSetter : ClaimsAuthenticationManager{

public override ClaimsPrincipal Authenticate(string resourceName, ClaimsPrincipal incomingPrincipal)

{if (incomingPrincipal != null &&

incomingPrincipal.Identity.IsAuthenticated == true){

//DECIDE ON SOME CRITERIA IF CURRENT USER DESERVES THE ROLEClaimsIdentity identity =

(ClaimsIdentity)incomingPrincipal.Identity;IEnumerable<Claim> claims = identity.Claims;

if (DoYourCheckHere())((ClaimsIdentity)incomingPrincipal.Identity).AddClaim(new Claim(ClaimTypes.Role, "Admin"));

}return incomingPrincipal;

}

Notice this?Wiring up a “claims transformer”.

<system.identityModel> <identityConfiguration> <claimsAuthenticationManager

type="ClaimsTransformer.RoleSetter, ClaimsTransformer"/>

…

Notice this?Checking for a claim (e.g. a role check):

if (User.IsInRole("Admin"))Response.Write("The code is

42...<br/>");else

Response.Write(“No soup for you.");

Bonus: CloudConfigurationManagerDemo

Notice this?The output window shows the path of trying to get the config values:

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download the Windows Azure SDK!

http://aka.ms/GetAzureNow

SDKs for .NET, Java, PHP, Node.js and PythonSample librariesTutorials and VideosCommunity ForumsMuch, much more!

Sign Up for Windows AzureMSDN Subscription Benefits

Free Windows Azure access for Professional, Premium, and Ultimate subscribers

Designed to accelerate development

Requires credit card at sign-up for any overages beyond free allocation

3 Month Free Trial

ComputeStorageTransactionsBandwidth

DatabasesCachingAccess ControlService Bus

INCLUDES THESE SERVICES: BENEFITS INCLUDE:

http://aka.ms/MSDNAzurehttp://aka.ms/Azure90DayTrial

OnewayNetOnewayRelayBindingAll TCP and HTTP listeners use one-way as internal control channel60KB message-size limitOne-way onlyNo rendezvous overhead

Backend

NamingRouting

Fabric

solution. a b

FrontendNodes

outbound

connect one-way

net.tcp

outbound connect bidi socket

MsgMsg

NATFirewall

Dynamic IP

NLB TCP/SSL HTTP(S)TCP/SSL HTTP(S)

RouteSubscribe

Event•NetEventRelayBinding

•Small-Scale Synchronous Multicast

•60KB message-size limit

•One-way only

•No rendezvous overhead

Backend

NamingRouting

Fabric

solution. a b

FrontendNodes

outbound

connect one-way

net.tcp

outbound connect bidi socket

MsgMsg

TCP/SSL HTTP(S)TCP/SSL HTTP(S)

RouteSubscribe

outbound connect bidi socket

Msg

Rendezvous(TCP & HTTP)

•NetTcpRelayBinding

•WebHttpRelayBinding

•BasicHttpRelayBinding

•WS2007RelayBinding

•Rendezvous Handshake

•Bi-Directional

•Net.Tcp Full Duplex

•No message size limit

solution. a b

NLB

outbound socket rendezvous

HTTP/SocketForwarder

outbound

socket connect

Ctrl

Ctrl

TCP/SSL or HTTP

Backend

NamingRouting

Fabric

FrontendNodes

solution. a bBacken

dNamingRouting

Fabric

FrontendNodes

Hybrid Connect

•Special Mode of NetTcpRelayBinding

•TcpRelayConnection-Mode.Hybrid

•Starts as relayed connection

•Performs NAT probing and behavior prediction

•Establishes direct connection and upgrades if possible

•Upgrade driven by traffic

•Takes large transfers off the Relay

•No transfer charges, lower latency

relayed connect

NAT Probing

CtrlNAT Probing

NAT Traversal Connection

Upgrade

Upgrade

relayed rendezvous

Oneway RendezvousCtrl Msg

TCP/SSL HTTP(S)