close

Вход

Забыли?

вход по аккаунту

код для вставкиСкачать
WEB302
An End-to-End Web Services
Application: Architecture, Clients,
Security and Analysis
Eric Schmidt & Ray Stephenson
Platform Strategy & Partner Group
Microsoft Corporation
Some SOAP here, some XML
there…
Goals for this session
Enable you to implement realistic Web
Service based applications
Enable you to think holistically about the
application of Web Services
Provide answers about Web Services in
relation to building clients, security and
analysis
Agenda
Demo
Architecture
Clients
Security
Analysis
Note: There are many other things to talk about regarding Web
Services - we only have 75 minutes. That’s why we have the Web
Services track.
Where does your
business make
money?
5 steps to a successful Web
Services implementation
1.
2.
3.
4.
5.
What problem(s) are you trying to solve?
What system(s) are involved?
What data do you need?
How will you secure this?
How will you quantify business value?
Web Services translation
1.
2.
3.
4.
5.
What are your current business
processes? How do you articulate them?
Where would the services live?
What types of messages will they
process?
Who can call the services, how will you
identify them, how will you authorize
them?
How will you quantify business value?
The Demo
The Company – Legacy ridden
Bobbi Buffe – Purchasing Supervisor
The Process – Tied to applications
The Implementation
The Company
Mid-size distributor
Business processes are bound by
applications
Excel
Warehouse Management
Accounting
…
Meet Bobbi Buffe
Requisitions manager for a mid-size
distributor
Bobbi “controls” the purchasing process
Her company makes about $10 million per
year
Business Processes
Distribution
Verification
Start, Create PO, Check Credit, End
Shipping
Start, Pull Inventory, Ship, End
Accounting
Invoicing
Start, Create Invoice, Send, End
Payment
Start, Apply Payment, End
Implementation
Clients
InfoPath, WinForms, Excel
Security
WS-Security, Authorization Manager
Services
ASP.NET, WSE v2, BizTalk Server
Analysis
Business Activity Monitoring (BAM)
Demo Topology
Demo Notes
Use InfoPath to drive business process
Schema is the key
Drive process via schema
Services are coarse grained
Process typed XML
Veneers over underlying systems
TCP listener using WSEv2
Security is role based
Message driven - not transport based
Can process different types tokens
Firing Bobby with AZMan
Analysis is business process driven
Dependant upon message granularity
Same process will have multiple views
Getting a real view via BAM
Business Process
Orchestrating simple process is easy
Use BizTalk for services that cross processes
Web Services translation
1.
2.
3.
4.
5.
What are your current business
processes? How do you articulate them?
Where would the services live?
What types of messages will they
process?
Who can call the services, how will you
identify them, how will you authorize
them?
How will you quantify business value?
(#1) Identifying the problem
We need a system that will streamline our
purchasing process. Vs. We need a new
reporting system that will give us cool
reports.
What are the artifacts that drive your
development?
8 Artifacts To Burn Into Your
Head When Modeling
Business Processes
Services
Schemas
Policies
Rules
Users
Roles
Views
Business Processes
Process
Stage
Action/Event
Process
Stage
Action/Event
Relationship
Views on Architecture
Business Architecture
Constraints
Data Access
Models
Application
Architecture
SLAs
Process Flows
Schematization
Information
Architecture
Operational
Requirements
Deployment
Models
Constraints
Functional
Requirements
Constraints
Information
Requirements
Technology
Architecture
Map the process to an architecture
Functional Requirements
Operational Requirements
Application Architecture
Technology Architecture
Conceptual
Views
Logical
Views
Implementation
Views
Application Development
Patterns &
Concepts
Deployment
Packages &
Policies
Conceptual
Views
Logical
Views
Implementation
Views
Setup & Operations of Data Center
Network of
Devices
Standard Data
Center
Configurations
SOA
Service Oriented Architecture (SOA): A development and
management architecture for loosely-coupled applications
Promotes interoperability
Promotes federation
Process Service
Process
Service
Business
Service
Business
Service
Service Façade
Process Service
Business Entity
Business
Business
Data
Entities
Data Layer Entities
Data
Representation
Accessors
Accessors
Layer
Business
Service
Business
Service
Service
Service
Message
Logic
State
Policy
Short-circuit Corollaries
SOA is goodness
Web Services is the messaging fabric for
SOA
.NET is the programming model for Web
Services
Windows and server platform is the
hosting platform for Web Services
Security
Reliability
Transactions
…
Metadata
Connected Applications
Business
Process
Management
Web Services Architecture
Applications &
Application Structure
Foundation
Messaging
XML
HTTP, TCP, UDP, SMTP…..
Transports
Recap
I don’t care what you use to model – just
do it.
Address all of the artifacts.
Embrace SOA.
XWS is very real.
More Info
WEB301 : Service Oriented Architecture
and Web Services : Friend or Foe?
Application Architecture for .NET :
Designing Applications and Services
(Microsoft)
(#2) Where do Web Services
live?
Client, Server, Everywhere?
It depends…
Push messages from applications
Intercept messages
Veneer over application
Core application
Why push messages?
Host application controls the messaging;
acts as transducer
Reuse of existing system
Think eventing
One-way
Why veneers?
Existing application satisfies existing
business processes
Leverage investment
What do you map?
Why intermediaries?
Caller incapable of providing certain
services (not so smart client)
Virtualization of ultimate service (promotes
loose-coupling)
Factor out common services (logging)
Why core applications?
Promotes reuse
More agile
Enables implicit integration
What is a Smart Client?
Utilizes local
processing power
Consumes web
services
May support online /
offline scenarios
May adapt to hosting
device
WS
WS
WS
Benefits of Smart Clients
Rich user experience
Online / Offline operation
Strong integration
with client-side APIs
No compromise interactivity
Utilizes local processing power
Friction free deployment & versioning
How does InfoPath fit in?
Easily gather and reuse XML data
A natural client for XML web services
User-friendly environment for entering data
Rich-text editing, spell check, AutoComplete
Data validation, multiple views & forms
Workgroup & organizational processes
Offline & email support
Flexible, dynamic authoring environment
Dozens of ready-to-use sample forms
Web model for form deployment
Recap
Intermediary and core application model is
preferred
Programming model availability will also be
determining factor on service role
More Info
WEB312 - Integrating Applications with UDDI
Services
WEB402 - Cross-Platform Interoperability : How
to Get Along with Others
WEB309 - Registry, Discovery and Inspection
Patterns : Are You Right for Me?
WEB308 - Web Services Enhancements for
Microsoft .NET V2 : Drilldown
WEBHOL1 & 2 – New Messaging Model
OFC307 - Office 2003: Solution Case Studies
(#3) What types of messages
will they process?
Fine grained vs. coarse grained
Service Granularity
Coarser Looser coupling
Grained required
Granularity
Looser coupling
desired
Add Order
Release Order
Order Process
Manager
Add Order Header
Release Order Item
Order Process
Manager
Looser coupling ?
Address
Manager
Location.Validate
Location
Component
Finer
Grained
Postcode
Component
3 Different Choices
public void process(int customerid)
{
/* Do you have what you need ?*/
}
public void process(XmlNode customer)
{
/* Parse what you need */
/* Deserialize based on schema */
}
public void process(Customer customer)
{
}
Recap
If you can’t explain the reason for a message to
the business person, you better rethink it. It is
the business sense that counts, not the
granularity.
Services loosely couple tightly coupled systems
More Info
WEB400 - Loose Coupling and
Serialization Patterns : The Holy Grail of
Service Design
WEB310 - XML Schema : What You Need
to Know and Why
(#4) How will you secure this?
How secure do you need to be?
End-points should always focus on
Authentication
Authorization
Confidentiality
Security
Policy
• Only accept
Kerberos Tokens
• Only callers
who are in the
Manager role
• Messages must
be encrypted
Security
Policy
• Only accept
Kerberos Tokens
• Only callers
who are in the
Manager role
Policy
• Only accept
x509 tokens from
trusted CA
• Token must
contain known
subject
Recap
Build a Threat Model
Strive to settle on one identity that services
will use for authentication and
authorization
Promote requirements via policy
More Info
WEB305 - Security Practices for Web
Services (Part 1): Now I Understand
WEB401 - Security Practices for Web
Services (Part 2) : Now My Brain Hurts
DEV354 - Distributed Security Practices
SEC401/2 - Building Secure Multi-Platform
Applications with the MSFT Identify
Platform (Part 1/2)
(#5) How will you prove
business value?
Reduced time to implementation is nice for
accounting.
Health monitoring is nice for operations.
Business process visibility is nice for the
business.
Get closer to the business rhythm
Business Process Visibility
What is the
Sales trend
(orders received)
for product X
over the past
couple of hours?
Order Management
Confirmed Delivery
Receive Order
Cancelled
What is the
average Cycle
Time Duration
per order?
How many orders
are currently
being processed
in our Order
Management
system that are
over $100,000?
Mapping processes to
services (Dev View)
You need to
understand how
business process
maps across
systems
This will impact
message structure
and service
topology
Recap
Drive the concept of monitoring into the
business process spectrum
Solve the business questions – KPI’s
Having a strong relationship with the
business analyst is key
More Info
WEB306 - Health and Business Activity
Monitoring : Are You Ok?
EBZ343 - Business Activity Monitoring
and Configuration with 'Jupiter'
Conclusion
SOA is where its at
XWS implementation is maturing nicely
Windows platform is best of breed for
hosting services
Go build something real and answer find
out where your business is making
money…
Ask The Experts
Get Your Questions Answered
I will be available in the ATE area after
this session
Suggested Reading And Resources
The tools you need to put technology to work!
TITLE
Writing Secure Code, Second
Edition:0-7356-1722-8
Available
Today
Microsoft Press books are 20% off at the TechEd Bookstore
Also buy any TWO Microsoft Press books and get a FREE T-Shirt
Community Resources
Community Resources
http://www.microsoft.com/communities/default.mspx
Most Valuable Professional (MVP)
http://www.mvp.support.microsoft.com/
Newsgroups
Converse online with Microsoft Newsgroups, including Worldwide
http://www.microsoft.com/communities/newsgroups/default.mspx
User Groups
Meet and learn with your peers
http://www.microsoft.com/communities/usergroups/default.mspx
evaluations
© 2003 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
1/--страниц
Пожаловаться на содержимое документа