View
220
Download
1
Category
Tags:
Preview:
Citation preview
Microsoft .NET Service BusProtocols, Protection, and How We Scale
Clemens VastersTechnical Lead, Service Bus .NET Services
BB12
Azure™ Services Platform
Recap for those who didn’t attend BB38 Service Bus Binding Primitives HTTP and SOAP Protocol Details Firewall/NAT Traversal Details Security Guidance How We Scale
Agenda
Service Bus
Service Orchestration
Service Registry
NamingFederated Identity and
Access Control Messaging Fabric
Clients MS/3rd Party ServicesOn-Premise ESB
ESBDesktop, RIA, Web
Desktop, RIA, & Web
Your Services
IPv4 Address Shortage Dynamic IP address allocation Network Address Translation (NAT)
Internet is pwn3d by the bad guys Firewalls layered over firewalls over firewalls
Connectivity Challenges
Sender Receiver?Machine Firewall
Network FirewallNetwork Address Translation
Dynamic IP
Service Bus – Messaging Drilldown
Service Registry
NamingFederated
Identity and Access Control
Messaging Fabric
Primary Programming Model: WCF Family of Bindings for the Service Bus
Service Bus – Messaging
Corresponding WCF Binding Service Bus Relay Binding
BasicHttpBinding BasicHttpRelayBinding
WebHttpBinding WebHttpRelayBinding
WSHttpBinding WSHttpRelayBinding
WS2007HttpBinding WS2007HttpRelayBinding
WSHttpContextBinding WSHttpRelayContextBinding
WS2007HttpFederationBinding WS2007HttpRelayFederationBinding
NetTcpBinding NetTcpRelayBinding
NetTcpContextBinding NetTcpRelayContextBinding
n/a [loosely related to NetMsmqBinding] NetOnewayRelayBinding
n/a [loosely related to NetTcpPeerBinding] NetEventRelayBinding
All Bindings are based on a set of transport primitives
Service Bus – Binding Primitives
Service Bus Relay Binding Transport Binding Element
BasicHttpRelayBinding Http(s)RelayTransportBindingElement
WebHttpRelayBinding Http(s)RelayTransportBindingElement
WSHttpRelayBinding Http(s)RelayTransportBindingElement
WS2007HttpRelayBinding Http(s)RelayTransportBindingElement
WSHttpRelayContextBinding Http(s)RelayTransportBindingElement
WS2007HttpRelayFederationBinding Http(s)RelayTransportBindingElement
NetTcpRelayBinding TcpRelayTransportBindingElement
NetTcpRelayContextBinding TcpRelayTransportBindingElement
NetOnewayRelayBinding OnewayRelayTransportBindingElement
NetEventRelayBinding OnewayRelayTransportBindingElement
Binding Stacks Compared
HttpTransportBindingElement HttpRelayTransportBindingElement
SymmetricSecurity-BindingElement
TextMessageEncoding-BindingElement
ReliableSessionBindingElement
SymmetricSecurity-BindingElement
TextMessageEncoding-BindingElement
ReliableSessionBindingElement
WSHttpBinding WSHttpRelayBinding
Listener:SB Internal
Socket Binding
Client Channel:HttpTransport-
BindingElement
Listener:System.Net.HttpListener
Client Channel:System.Net.WebRequest
Sam
e bi
ndin
g el
emen
ts D
iffer
ent T
rans
port
Oneway Unicast TCP
Service Bus
Sender Receiver
sb://servicebus.windows.net/services/solution/a/b/
outb
ound
conn
ect o
ne-w
ay n
et.tc
p TCP/SSL 828
BackendNamingRoutingFabric
Frontend Nodes
TCP/SSL 808/828
outbound connect bidi socket
Msg Msg
NATFirewallDynamic IP
SubscribeRoute
NLB
Listener Oneway Connection
Service Bus
Sender Receiver
sb://servicebus.windows.net/services/solution/a/b/
outb
ound
conn
ect o
ne-w
ay n
et.tc
p TCP/SSL 828
BackendNamingRoutingFabric
Frontend Nodes
TCP/SSL 808/828
outbound connect bidi socket
Msg Msg
NATFirewallDynamic IP
SubscribeRoute
NLB
Listener Socket ConnectionSimilar to WCF NetTcpBinding
Full-duplex communication path .NET Framing message delineation .NET Binary encodingSSL channel overlaid on socket
Always connects to port 828 on SBPort # will change before V1
OnewayRelayTransportBindingElement tries to reconnect as needed when connection drops
Sender Oneway Connection
Service Bus
Sender Receiver
sb://servicebus.windows.net/services/solution/a/b/
outb
ound
conn
ect o
ne-w
ay n
et.tc
p TCP/SSL 828
BackendNamingRoutingFabric
Frontend Nodes
TCP/SSL 808/828
outbound connect bidi socket
Msg Msg
NATFirewallDynamic IP
SubscribeRoute
NLB
Sender Socket ConnectionUses NetTcpBinding underneath
Full-duplex communication path.NET Framing message
delineation.NET Binary encodingSSL channel overlaid on socket
Connects to port 808 on SB: OpenConnects to port 828 on SB: SSL
Port #s will change before V1Oneway transport tries to reconnect
as needed when connection drops
Oneway Unicast HTTP
Service Bus
Sender Receiver
http://servicebus.windows.net/services/solution/a/b/
outb
ound
conn
ect o
ne-w
ay n
et.tc
p HTTPS443
BackendNamingRoutingFabric
Frontend Nodes
TCP/SSL 808/828
crea
te b
uffer
Msg
SubscribeRoute
NLB
Message Buffer
Msg
subs
crib
e
subs
crib
e
poll +demux
BackendNamingRoutingFabric
Frontend Nodes
Message Buffer Details – Factory
Receiver
http://servicebus.windows.net/services/solution/buf/
Relay HTTP Listener
HTTP Socket Forwarder
MB Factory Extender
MessageBuffer
Create
Subscribe
SOAP <sb:ProcessAt> <sb:RelayAccessToken> CreateMessageBuffer Operation
Plain HTTP POST X-Process-At X-MS-Identity-Token X-Http-Method-Equiv: X-CREATEMB
<sb:ProcessAt>
Check Token
Create
BackendNamingRoutingFabric
Frontend Nodes
Message Buffer Details – Scale Out
Service Bus
Receiver
sb://servicebus.windows.net/services/solution/a/b/
1HTTP-Socket Forwarder
HTTPS443
NLB
Message Buffer
2
3
5
Ctrl
4
HTTPS
request 6
Message Buffer resides on the Service Bus node that received the ‘Create’ request.
Message Buffer Details – Subscribe
Service Bus
Receiver
sb://servicebus.windows.net/services/solution/buf/BackendNamingRoutingFabric
Frontend Nodes
HTTPS443
NLB
Message Buffer
HTTP
Sre
ques
tSubscribe
SOAP Subscribe <sb:ProcessAt> <sb:RelayAccessToken>
Plain HTTP POST X-Process-At X-MS-Identity-Token X-Http-Method-Equiv: X-SUBSCRIBE
Message Buffer Details – Submit
Service Bus
sb|http://servicebus.windows.net/services/solution/*/BackendNamingRoutingFabric
Frontend Nodes
Message Buffer
4
Sender
TCP/SSL 808/828
Msg
HTTPS 80/443
any o
ne-w
ay se
nder
mod
e
Route
SOAP Relayed Oneway <sb:RelayAccessToken> Any Operation
HTTP Relayed Oneway X-MS-Identity-Token Any method (except GET)
Message Buffer Details – Polling
Service Bus
Receiver
http://servicebus.windows.net/services/solution/buf/BackendNamingRoutingFabric
Frontend Nodes
HTTPS443
NLB
Message Buffer
HTTP
Sre
ques
t
Request is “parked” until(a) Timeout expires (30s max) or(b) At least one message available
SOAP RetrieveMessages <sb:ProcessAt> <sb:RelayAccessToken>
Plain HTTP POST X-Process-At X-MS-Identity-Token X-Http-Method-Equiv:
X-RETRIEVE
Options Timeout Encoding MaxMessages
Message Buffer Details – Polling Encoding
Service Bus
Receiver
sb://servicebus.windows.net/services/solution/buf/BackendNamingRoutingFabric
Frontend Nodes
HTTPS443
NLB
Message Buffer
HTTP
Sre
ques
t
Available Response Encodings SOAP
BareEnvelopeSequenceBare envelopes inside response body
WrappedEnvelopeSequenceEnvelopes wrapped in inside body
HTTP MimeMultipart
multipart/mixed with application/http (complete incoming requests)
MimeApplicationHttpapplication/http (complete incoming requests)
RequestAsResponseIncoming request mapped onto retrieval response.
Response
Message Buffer Details – Renewal/Delete
Service Bus
Receiver
sb://servicebus.windows.net/services/solution/buf/BackendNamingRoutingFabric
Frontend Nodes
HTTPS443
NLB
Message Buffer
HTTP
Sre
ques
t
Renew <sb:ProcessAt> <sb:RelayAccessToken> Renew Operation
Plain HTTP POST X-Process-At X-MS-Identity-Token
Options Timeout
Renewal follows WS-* patterns MB expires after <30 minutes Requires explicit renewal
GetStatus <sb:ProcessAt> <sb:RelayAccessToken> GetStatus Operation
Plain HTTP GET X-Process-At X-MS-Identity-Token
Returns Expiration
Delete <sb:ProcessAt> <sb:RelayAccessToken> Delete Operation
Plain HTTP DELETE X-Process-At X-MS-Identity-Token
Oneway HTTP with REST
Clemens VastersService Bus Technical Lead.NET Services
demo
ServiceBusEnvironment.OnewayConnectivity Mode
ConnectivityMode.Tcp Always uses socket listener mode (default)
ConnectivityMode.Http Always uses Message Buffer
ConnectivityMode.AutoDetect Auto-selects based on availability of outbound ports
HttpModeMessageBufferLocation Sets the URI for the shared message buffer instance
HttpModeMessageBufferCredentials Credentials used to create/manage message buffer
Oneway Control Knobs For Bindings
Custom binding option Use WCF
CompositeDuplex-BindingElement
Pairs two oneway-connections into bi-di connection
Composite Duplex Over Oneway
OnewayRelayTransport-BindingElement
CompositeDuplexBindingElement
BinaryMessageEncoding-BindingElement
…
Custom Binding
Listener:SB Internal
Socket Binding
Client Channel:TcpTransport-
BindingElement
Composite Duplex over Oneway Clemens Vasters
Service Bus Technical Lead.NET Services
demo
Use if … you need event distribution … you need very aggressive NAT/FW traversal
Constraints Maximum message size: 60KB HTTP: Maximum message buffer size – 256KB
In doubt, prefer Tcp/Relayed connections Higher message rates, lower latency
Firewall requirements Outbound ports 808/818/828, 80/443
Oneway Guidance
Tcp/Relayed
Service Bus
Sender Receiver
sb://servicebus.windows.net/services/solution/a/b/BackendNamingRoutingFabric
Frontend Nodes
Ctrl
1
2
3
4
Socket-SocketForwarderoutbound
socke
t
connect
outbound socket
rendezvous
Ctrl
TCP/SSL 818
OnewayRendezvous
Ctrl Msg
NLB
Preferred communication mode Most compact wire-format Lowest latency, highest throughput Supports streaming (no size limits)
Firewall requirements Outbound ports 808/818/828
Constraints No WAS activation (yet)
Tcp/Relayed Guidance
Tcp/Hybrid
Service Bus
Sender Receiver
sb://servicebus.windows.net/services/solution/a/b/BackendNamingRoutingFabric
Frontend Nodes
Ctrl
rela
yed
conn
ect
OnewayRendezvous
Ctrl Msg
relayed
rendezvous
TCP/SSL 818, 819
NAT
Prob
ing NAT
Probing
NAT Traversal Connection
upgr
ade
upgrade
Preferred for large P2P data transfers Direct socket connection when possible Compact wire-format Low latency, high throughput Supports streaming (no size limits)
Constraints Lower success rate for direct on busy NATs No WAS activation (yet) PDC: Can’t use with certain channels
WS-RM/WS-Sec; any channel with ‘side-channel’ Firewall requirements
Outbound ports 808/818/819/828
Tcp/Hybrid Guidance
Http
Service Bus
Sender Receiver
sb://servicebus.windows.net/services/solution/a/b/BackendNamingRoutingFabric
Frontend Nodes
Ctrl
1
2
3
4
HTTP-SocketForwarder
HTTP
HTTPS
request
outbound socket
rendezvous
Ctrl
HTTP/S80/443
OnewayRendezvous
Ctrl Msg
NLB
Most interoperable option for clients Basis for WS/Basic/WebHttpRelayBinding Transparent ‘reverse proxy’ for HTTP services
Constraints PDC: Significantly higher stress for your service Recommendation: Prefer Tcp No WAS activation, IIS integration (yet)
Firewall requirements Receiver: Outbound ports 818/828 Sender: Outbound ports 80/443
Http Guidance
Service Bus – Access Control Deep Dive
Service Registry
NamingFederated
Identity and Access Control
Messaging Fabric
End-To-End Access Control
Clemens VastersService Bus Technical Lead.NET Services
demo
How We Scale
Service Bus
sb://servicebus.windows.net/services/solution/a/b/BackendNamingRoutingFabric
Frontend Nodes
How does this part work?
The Backend – Physical
Lots of racks, lots of servers, lots of wire.
The Backend – Virtual
8+ cores per server 1,2,4 cores per VM 1 SB Node per VM
“Lights out” model VM reimaged on failure Server retired on failure
Quick deployment 100 VMs in ~20 minutes “Go” to “System Up”
Management & Deployment Fabric
The Backend – Messaging Overlay
Volatile Storage Distributed Naming Uni-/Multicast Routing
SB SBSB
SB
SB
SB
SB
SBSB
SBSBSBSBSB
SB
SB
SB
SB
SBSB
SB
Replication Neighborhood
Unicast: Point to point
Multicast: Routed along ring
Distributed Hash TableNames hash to nodes
Summary
Pervasive, Secure Connectivity for Services Secure NAT Traversal, “DMZ in the sky”
SOAP and HTTP Protocol Options Not only for .NET clients
Watch Recording of Session BB38
Evals & Recordings
Please fill
out your
evaluation for
this session at:
This session will be available as a recording at:
www.microsoftpdc.com
Please use the microphones provided
Q&A
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Recommended