Architecture TrackArchitecture TrackSession 2 Session 2

Designing Enterprise Designing Enterprise Applications for Applications for MicrosoftMicrosoft®® Windows Windows®® Server 2003Server 2003

AudienceAudience

Application architects, developers, and Application architects, developers, and infrastructure professionalsinfrastructure professionals

Responsible for designing, developing, Responsible for designing, developing, and/or managing enterprise systemsand/or managing enterprise systems

Building applications to take advantage of Building applications to take advantage of Windows Server 2003Windows Server 2003

Interested in Microsoft technical position Interested in Microsoft technical position on application architectureon application architecture

Interested in building applications for a Interested in building applications for a service-oriented architecture (SOA)service-oriented architecture (SOA)

Realistic ExpectationsRealistic Expectations

Architecture is a complex domain with Architecture is a complex domain with multiple perspectives and many viewpoints.multiple perspectives and many viewpoints.

This track strives to address a small subset.This track strives to address a small subset.By no means is it comprehensive in its coverage.By no means is it comprehensive in its coverage.

Technical resources are available for many Technical resources are available for many of the areas not covered today.of the areas not covered today.

A detailed white paper accompanies this track.A detailed white paper accompanies this track.

Event DVDEvent DVD

MSDNMSDN®® .NET Architecture Center .NET Architecture Center

Microsoft patterns & practices Web siteMicrosoft patterns & practices Web site

Session ObjectivesSession Objectives

Examine security from the standpoint Examine security from the standpoint of how it impacts the architecture of of how it impacts the architecture of an application.an application.

Review the impact of advanced Review the impact of advanced MicrosoftMicrosoft®® .NET caching capabilities. .NET caching capabilities.

Discuss reliability and scalability.Discuss reliability and scalability.

Review data access methodologies.Review data access methodologies.

Discuss planning for transaction Discuss planning for transaction management.management.

Session AgendaSession Agenda

ServicesServices

SecuritySecurity

State and transaction managementState and transaction management

Availability and scalabilityAvailability and scalability

Building Services:Building Services:Design ConsiderationsDesign Considerations

Partitioning and establishing boundariesPartitioning and establishing boundariesTrust / securityTrust / security

Transactions and stateTransactions and state

Availability and scalabilityAvailability and scalability

Credit authorizationCredit authorizationOrdersOrders

SupplierSupplier

SecuritySecurity

Establishing and enforcing trust boundariesEstablishing and enforcing trust boundaries

Key areasKey areasAuthenticationAuthentication

AuthorizationAuthorization

Secure communicationsSecure communications

SecuritySecurity

Trustworthy designTrustworthy design

AuthenticationAuthenticationCustom or platform?Custom or platform?

AuthorizationAuthorizationCommon infrastructure and managementCommon infrastructure and managementOperations couplingOperations coupling

Secure communicationSecure communicationIntra-applicationIntra-applicationInter-serviceInter-service

AuditingAuditingPreserving identityPreserving identity

Profile managementProfile managementFederation, scalabilityFederation, scalability

Kerberos

Kerberos

CertificatesSSLWS-Security

PresentationPresentation

BusinessBusiness

DataData

Pro

file

Pro

file

ma

na

ge

me

nt

ma

na

ge

me

nt

Au

ditin

gA

ud

iting

Se

cu

re

Se

cu

re

co

mm

un

ica

tion

co

mm

un

ica

tion

Au

the

ntic

atio

nA

uth

en

tica

tion

Au

tho

rizatio

nA

uth

oriza

tion

Secu

rityS

ecurity

Op

era

tion

O

pe

ratio

n

ma

na

ge

me

nt

ma

na

ge

me

nt

Co

mm

un

ica

tion

Co

mm

un

ica

tion

AD

AD

Other

Designing for SecurityDesigning for Security

UI componentsUI components

UI process componentsUI process components

Data access componentsData access components

Business workflows

Business components

UsersUsers

Business entities

Service agentsService agents

Service interfacesService interfaces

Data Data sourcessources

ServicesServices

Trust boundaries enforced by

authentication

Using caller impersonation or service accounts at boundaries for

outgoing calls

Trust boundaries enforced by

authentication

Secure communication between services and

within application

Authorizing actions at the

right granularity

SecuritySecurityAuthenticationAuthentication

Where will authentication occur?Where will authentication occur?Microsoft Internet Information Server (IIS) Microsoft Internet Information Server (IIS) for intranet applicationsfor intranet applications

Forms-based authentication within Forms-based authentication within MicrosoftMicrosoft®® ASP.NET ASP.NET

MicrosoftMicrosoft®® .NET Passport .NET Passport authenticationauthentication

ASP.NET

IIS

Forms Forms authenticationauthentication

Anonymous Anonymous authenticationauthentication

MicrosoftMicrosoft®® SQL Server SQL Server™™

authenticationauthentication

SecuritySecurityAuthorizationAuthorization

Role-based ASP.NETRole-based ASP.NETCompatible with both forms and Compatible with both forms and .NET Passport.NET Passport

Generic and Windows objects availableGeneric and Windows objects available

Customizable with IPrincipal and IIdentityCustomizable with IPrincipal and IIdentity

ASP.NET

IIS

File authorization File authorization URL URL

authorization .NET authorization .NET roles roles

(authorization)(authorization)

NTFS NTFS permissions permissions

(authorization)(authorization)

User-defined role User-defined role (authorization)(authorization)

SecuritySecurityDatabase AuthorizationDatabase Authorization

Role-based ASP.NETRole-based ASP.NETSQL Server user-defined database rolesSQL Server user-defined database roles

SQL Server application rolesSQL Server application roles

Role 1Role 1

Role 2Role 2

Web or Application ServerWeb or Application Server Database ServerDatabase Server

Trusted Identity 1Trusted Identity 1

Trusted Identity 2Trusted Identity 2

Identity 1 has read permissions Identity 1 has read permissions Identity 2 has read / write Identity 2 has read / write permissionspermissions

Role MappingRole Mapping

Trust BoundaryTrust Boundary

A A B B C C D D EE

SecuritySecurityTwo-tier ScenarioTwo-tier Scenario

SSL used for secure WANSSL used for secure WAN

Firewall + IPSec used for LANFirewall + IPSec used for LAN

ASP.NET

IIS

Forms Forms authenticationauthentication

Anonymous Anonymous authenticationauthentication

SQL Server SQL Server authenticationauthentication

File authorization File authorization URL URL

authorization .NET authorization .NET roles roles

(authorization)(authorization)

NTFS NTFS permissions permissions

(authorization)(authorization)

User-defined role User-defined role (authorization)(authorization)

SSL SSL (privacy / integrity) (privacy / integrity)

IPSec IPSec (privacy / integrity) (privacy / integrity)

ASP.NET ASP.NET (process identity)(process identity)

SecuritySecurityInternet Security SolutionsInternet Security Solutions

Baseline Internet ArchitectureBaseline Internet Architecture.NET forms-based authentication.NET forms-based authentication

IPrincipal role-based authorizationIPrincipal role-based authorization

SSL and IPSecSSL and IPSec

Two-tiered model has limited database Two-tiered model has limited database authentication options.authentication options.

SecuritySecurityApplication Server SecurityApplication Server Security

More robust, adaptable, scalableMore robust, adaptable, scalableTiers are loosely coupled via SOAP and Tiers are loosely coupled via SOAP and other Internet protocols.other Internet protocols.

Additional security available: Additional security available: MicrosoftMicrosoft®® Active Directory Active Directory® ® -- based based authentication and roles, and AuthzMan.authentication and roles, and AuthzMan.

Additional scalability via physical tier.Additional scalability via physical tier.

IIS

Security with Application ServerSecurity with Application ServerDeployment with Three TiersDeployment with Three Tiers

ASP.NET

Forms Forms authenticationauthentication

Anonymous Anonymous authenticationauthentication

URL authorization URL authorization (authorization)(authorization)

NTFS NTFS permissions permissions

(authorization)(authorization)

SSL SSL (privacy / (privacy /

integrity)integrity)

IPSec IPSec (privacy / (privacy /

integrity) integrity)

ASP.NET ASP.NET (process (process identity)identity)

IIS ASP.NET

(Web (Web services services fafaççade)ade)

Windows Windows (authentication)(authentication)

Integrated Windows Integrated Windows (authentication) (authentication)

require SSL require SSL (privacy / integrity)(privacy / integrity)

Web serverWeb serverEnterprise

Services server application dllhost.exe

Application serverApplication server

Database Database serverserver

IPSec IPSec (privacy / (privacy /

integrity)integrity)

ES process ES process

identityidentity

User-defined database roles (authentication)

Windows (authentication)

RPC packet RPC packet privacyprivacy

(Authentication)(Authentication)

Summary Recommendations:Summary Recommendations: SecuritySecurity

Make use of the guidance available in Make use of the guidance available in “Building Secure ASP.NET Applications”.“Building Secure ASP.NET Applications”.

Make use of Service Accounts when user Make use of Service Accounts when user identity isn’t needed for database access.identity isn’t needed for database access.

Make use of enhanced security and Active Make use of enhanced security and Active Directory within the business layer.Directory within the business layer.

Use the Authorization Manager for advanced Use the Authorization Manager for advanced authorization features.authorization features.

Best practices available:Best practices available:““Building Secure ASP.NET Applications”Building Secure ASP.NET Applications”

http:// msdn.microsoft.com/library/en-us/dnnetsec/html/secnetlpMSDN.asphttp:// msdn.microsoft.com/library/en-us/dnnetsec/html/secnetlpMSDN.asp

Session AgendaSession Agenda

ServicesServices

SecuritySecurity

State and transaction managementState and transaction management

Availability and scalabilityAvailability and scalability

Challenges in Service-Challenges in Service-Oriented Architecture (SOA)Oriented Architecture (SOA)

Services encapsulate all state management.Services encapsulate all state management.

Talk via messages over unreliable protocols.Talk via messages over unreliable protocols.

Challenges:Challenges:Maintaining conversation stateMaintaining conversation state

Managing transactionsManaging transactions

Managing concurrent access to dataManaging concurrent access to data

Caching of data for performance, scalability, and Caching of data for performance, scalability, and availabilityavailability

UI componentsUI components

UI process componentsUI process components

Data access componentsData access components

Business workflows

Business components

UsersUsers

Business entities

Service agentsService agents

Service interfaces

Data Data SourcesSources

ServicesServices

Co

mm

un

ication

Co

mm

un

ication

Op

eration

al O

peratio

nal

man

agem

ent

man

agem

ent

Sec

urity

Sec

urity

State and TransactionsState and Transactions

Caching for ASP.NET

pages and Web services

Caching across all tiers

Session state

management

Web user state management

State for conversations

between services

Message-based CommunicationsMessage-based Communications

Messages are business documents Messages are business documents exchanged to execute a business exchanged to execute a business process.process.

Services may expect other services to Services may expect other services to remember conversations.remember conversations.

Example: purchase customer IDExample: purchase customer ID

A message-based conversation A message-based conversation requires state to be kept and re-requires state to be kept and re-hydrated as needed for business hydrated as needed for business operations.operations.

Just like a conversation between peopleJust like a conversation between people

Conversation StateConversation State

Isolate conversation state management in Isolate conversation state management in business workflows.business workflows.

Not in business database or service interfaceNot in business database or service interface

MicrosoftMicrosoft®® BizTalk BizTalk®® Server schedules Server schedules

Keep business components stateless.Keep business components stateless.Finer business activitiesFiner business activities

Assume messages can be lost or can Assume messages can be lost or can arrive twice.arrive twice.

Unless you have a transactional S & F protocolUnless you have a transactional S & F protocol

SOAP in MSMQ 3.0 over HTTPSOAP in MSMQ 3.0 over HTTP

WS-Reliability long-term visionWS-Reliability long-term vision

Transaction ManagementTransaction ManagementServices are boundary around state.Services are boundary around state.Services interoperate through business transactions.Services interoperate through business transactions.Business transaction <> commit/rollback Business transaction <> commit/rollback

Not ACID!Not ACID!

Business transactions are better suited for message-Business transactions are better suited for message-based systems.based systems.

Cancel orderCancel order

Order confirmedOrder confirmed

Order cancelled—cancellation fee Order cancelled—cancellation fee

Cancel delivery Cancel delivery (“Compensation” messages and business logic)(“Compensation” messages and business logic)

CommittedCommittedRollbackRollback

ACID transaction boundaryACID transaction boundary

Business conversation boundaryBusiness conversation boundary

Transaction ModelTransaction ModelBusiness workflows Business workflows implement business implement business processes.processes.

Finer-grained business Finer-grained business components initiate components initiate and manage atomic and manage atomic transactions.transactions.

Transactional resource Transactional resource managers participate managers participate in atomic transactions.in atomic transactions.

Atomic transactionAtomic transaction

You should assume You should assume other services are not other services are not part of ACID transaction part of ACID transaction (unless using MSMQ).(unless using MSMQ).

Rollbacks handled with Rollbacks handled with compensations.compensations.

WorkflowWorkflow Biz compBiz comp DAL DAL

Service agent Service agent

DTCDTC

Transaction ManagementTransaction ManagementUsing ACID TransactionsUsing ACID Transactions

Only use a transaction when needed.Only use a transaction when needed.Not every update requires the cost of a Not every update requires the cost of a transaction.transaction.

Reads for user interfaces don’t need Reads for user interfaces don’t need transactions.transactions.

Data exchange outside of transaction Data exchange outside of transaction boundary is disconnected and potentially boundary is disconnected and potentially stale.stale.

Need to consider the type of concurrency.Need to consider the type of concurrency.Optimistic—disconnected environmentOptimistic—disconnected environment

Pessimistic—connected environmentPessimistic—connected environment

Atomic Transaction ManagementAtomic Transaction ManagementSelecting the Atomic Transaction ModelSelecting the Atomic Transaction Model

Need Need transaction?transaction?

Operating Operating with multiplewith multiple

resource managers?resource managers?

Using stored Using stored procedures?procedures?

Need two Need two stage commit?stage commit?

Use ADO.NET Use ADO.NET transactionstransactions

Push transaction Push transaction to the databaseto the database

Use Enterprise Use Enterprise ServicesServices

Do not implementDo not implementtransactionstransactions

NoNoYesYes

YesYes

YesYes

YesYes

NoNo

NoNo

NoNo

Optimistic LockingOptimistic LockingDealing with Disconnected Concurrent Data AccessDealing with Disconnected Concurrent Data Access

Consistency vs. concurrency vs. scalabilityConsistency vs. concurrency vs. scalability

Efficient for disconnected environmentsEfficient for disconnected environments

Assume data is potentially staleAssume data is potentially staleTime (time-out or time stamps)Time (time-out or time stamps)

Comparing the data or certain partsComparing the data or certain partsExample: submitting an order with old catalog pricesExample: submitting an order with old catalog prices

Need to resolve conflictsNeed to resolve conflictsComparing which fields changedComparing which fields changed

Automatic or manualAutomatic or manualExample: updating customer recordsExample: updating customer records

Summary Recommendations:Summary Recommendations: Transaction ManagementTransaction Management

Guidance on transactions availableGuidance on transactions available““How to Code ADO.NET Manual How to Code ADO.NET Manual Transactions” in the .NET Data Access Transactions” in the .NET Data Access Architecture GuideArchitecture Guide

““Designing Data Tier Components and Designing Data Tier Components and Passing Data Through Tiers”Passing Data Through Tiers”

http://msdn.microsoft.com/practices/http://msdn.microsoft.com/practices/

CachingCachingRoles of Caches in Service-Oriented Roles of Caches in Service-Oriented ArchitecturesArchitectures

Why cache?Why cache?Performance? Scalability? Availability?Performance? Scalability? Availability?

Where to cache?Where to cache?ASP.NET cache—page and fragmentASP.NET cache—page and fragmentSQL Server—persistent cachesSQL Server—persistent cachesMMF—sharing across processes in memory MMF—sharing across processes in memory Memory-static hash tables—within an application Memory-static hash tables—within an application domaindomain

What to cache? What to cache? Non-transactional, reference dataNon-transactional, reference dataInfrequently changing dataInfrequently changing dataApplicable to as many users as possibleApplicable to as many users as possible

CachingCachingPresentation Tier and Service InterfacesPresentation Tier and Service Interfaces

ASP.NETASP.NETOutput page cachingOutput page caching

Very fast, but no user customization.Very fast, but no user customization.

Think of as formatted business data. Think of as formatted business data.

Page fragment cachingPage fragment cachingAllows overall customization of page.Allows overall customization of page.

Not as fast, but excellent for heavilyNot as fast, but excellent for heavilyformatted data.formatted data.

Windows FormsWindows FormsReduce round trips to Web servicesReduce round trips to Web services

CachingCachingData Access ComponentsData Access Components

Three main scenariosThree main scenarios

Application domain-wide cacheApplication domain-wide cacheCache in static variables Cache in static variables (such as ASP.NET)(such as ASP.NET)

Machine-wide cacheMachine-wide cacheCache in memory-mapped filesCache in memory-mapped files

Interop issuesInterop issues

Data center-wide cacheData center-wide cacheSQL ServerSQL Server

Session State ManagementSession State Management

Facility to handle transient state Facility to handle transient state between Web request on the serverbetween Web request on the server

ASP.NET Allows three locationsASP.NET Allows three locationsIn-memory: single boxIn-memory: single box

Session service: in-memory for Web farmSession service: in-memory for Web farm

SQL Server: persistent for Web farmSQL Server: persistent for Web farm

Session AgendaSession Agenda

ServicesServices

SecuritySecurity

State and transaction managementState and transaction management

Availability and scalabilityAvailability and scalability

High AvailabilityHigh Availability The Problem DomainThe Problem Domain

Design ConsiderationsDesign ConsiderationsNo single point of failureNo single point of failure Load balancing Load balancing

ClusteringClustering

Service-oriented architecture Service-oriented architecture and message-based and message-based communicationscommunications

Isolate failuresIsolate failures

Time to recoverTime to recover System that recovers System that recovers automatically may appear to automatically may appear to have greater availabilityhave greater availability

Queuing and cachingQueuing and caching Improves availabilityImproves availability

Improves perceived performanceImproves perceived performance

Improves perceived availabilityImproves perceived availability

Data partitioningData partitioning Required to resolve database Required to resolve database scalingscaling

High AvailabilityHigh Availability

Principle: plan for failuresPrinciple: plan for failuresApplicationApplication

State managementState managementResiliency—fast recoveryResiliency—fast recovery

InfrastructureInfrastructureNo single point of failureNo single point of failure

Both servers and network elementsBoth servers and network elements

Microsoft Systems ArchitectureMicrosoft Systems Architecture

DataDataReplication, log shipping, partitioningReplication, log shipping, partitioning

High AvailabilityHigh AvailabilityNetwork Load BalancingNetwork Load Balancing

For cloned, “stateless” servicesFor cloned, “stateless” servicessuch as ASP.NET, Enterprise Services (COM+)such as ASP.NET, Enterprise Services (COM+)

Scale out the application server farmScale out the application server farm

Built-in support for NLB in .NET ServerBuilt-in support for NLB in .NET ServerManages sharing the load.Manages sharing the load.

Supports cluster, node, and port management.Supports cluster, node, and port management.

May be layered with presentation and business May be layered with presentation and business services balanced separately.services balanced separately.

Management simplified with Management simplified with Application CenterApplication Center

High AvailabilityHigh AvailabilityClusteringClustering

For services that require storageFor services that require storage

Automatic failover managementAutomatic failover managementProvides for resilience and reliabilityProvides for resilience and reliability

Scalability: up and partitioningScalability: up and partitioning

Not just for database serversNot just for database serversAnything that maintains persistent stateAnything that maintains persistent state

Exchange serversExchange servers

BizTalk serversBizTalk servers

MSMQMSMQ

High AvailabilityHigh AvailabilitySoftware SolutionsSoftware Solutions

Availability and scalability are achieved by Availability and scalability are achieved by composing infrastructure and application.composing infrastructure and application.

Message Queuing and Message Queuing and asynchronous operationsasynchronous operations

Move bulk of work away from client.Move bulk of work away from client.

Back-end elements may be offline without Back-end elements may be offline without impacting client’s view of application.impacting client’s view of application.

Data partitioningData partitioningNot recommended, but available when a Not recommended, but available when a database needs greater scalability.database needs greater scalability.

Summary Recommendations: Summary Recommendations: High AvailabilityHigh Availability

Load balancing and clustering both impact Load balancing and clustering both impact reliability and availability.reliability and availability.

Increase scalability by designing software Increase scalability by designing software that optimizes resource use.that optimizes resource use.

Highly available systems are the result of People – Highly available systems are the result of People – Process – Technology.Process – Technology.

The people who build an application, the The people who build an application, the technology used to implement it, and the process technology used to implement it, and the process of creating a highly available system.of creating a highly available system.

Microsoft Systems ArchitectureMicrosoft Systems Architecture

Session SummarySession Summary

Microsoft Windows Server 2003 + Microsoft Microsoft Windows Server 2003 + Microsoft VisualVisual®® Studio Studio®® .NET 2003 + practices = a .NET 2003 + practices = a complete application platformcomplete application platform

Security, management, and communicationsSecurity, management, and communications

Performance, availability, and scalabilityPerformance, availability, and scalability

Robust development platform for many app Robust development platform for many app scenariosscenarios

Resources for architects:Resources for architects: http://http://msdn.microsoft.com/architecture/msdn.microsoft.com/architecture/

Guidance and best practices:Guidance and best practices: http://http://msdn.microsoft.com/practices/msdn.microsoft.com/practices/

Important Web ResourcesImportant Web Resources

Microsoft patterns & practicesMicrosoft patterns & practiceshttp://http://msdn.microsoft.commsdn.microsoft.com/practices//practices/

MSDN .NET Architecture CenterMSDN .NET Architecture Centerhttp://http://msdn.microsoft.commsdn.microsoft.com/architecture/architecture//

Microsoft Visual Studio .NET 2003Microsoft Visual Studio .NET 2003http://http://msdn.microsoft.com/vstudiomsdn.microsoft.com/vstudio//

Microsoft Windows Server 2003Microsoft Windows Server 2003http://www.microsoft.com/windowshttp://www.microsoft.com/windows//

© 2003 Microsoft Corporation. All rights reserved.© 2003 Microsoft Corporation. All rights reserved.

Microsoft, Visual Studio, the Visual Studio logo, Windows, the Windows logo, BizTalk, Active Directory, SQL Server, and MSDN are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.