Dev 371 Architecting Scalable Secure Reliable Applications a

Dev 371 Architecting Scalable, Secure, Reliable Applications: a Case Study Geralyn Miller Technical Evangelist Microsoft Marc Kuperstein Consultant

Agenda Overview Architecture walkthrough Demo Best Practices Code walkthrough Summary Questions and answers

Safe. USA A nationwide community alert system Law Enforcement/Authorities Initiate and Receive Alerts Public can only receive alerts Built completely on. NET Technologies Multi-company collaborative effort Microsoft, Unisys, Social. Tech, United Way of America

video Visual Studio. NET Case Study: Social. Tech, Inc.

Design Goals Law enforcement and community alerts 25, 000 law enforcement workstations 100 M entries in electronic address book 24 x 7 availability Goal of 99. 999+% in hosted scenario Trustworthy computing environment

Technical Overview Law enforcement work station Windows XP, . NET Framework, MSDE Image acquisition HW-SW Server Infrastructure Windows Server 2003, SQL Server 2000, . NET Framework Unisys ES 7000 32 -way servers, Slot Appliances

Technical Overview Public portal Internet Information Server 6. 0, ASP. NET Passport-enabled XML Web services Provider / consumer Interop into other systems Map. Point. NET

demo Safe. USA Demo Geralyn Miller Technical Evangelist Microsoft

System Design Map. Point. NET SOAP Workstation applications Other applications Browser HTTPS Management Web site HTTP SOAP Public Web site XML Web services layer . NET Remoting Hub instances. NET Remoting Server instances

Deployment Scenarios

Workstation/Hub Design Workstation application Tooltray application . Net remoting Workstation message handler Hub Service core Server message handler. Net remoting Server

Server Design

What’s Important? Scalability Many simultaneous small-scale alerts Occasional large-scale alerts Security Data quality, protection, privacy User-level access control Reliability Systems Network Denial-of-service attacks Performance Near real-time delivery of alerts

Scalability Platform Server Windows Server 2003. NET Framework 1. 1 Unisys ES 7000 SQL Server 2000, MSDE

Server Hardware ES 7000 MSU MSU 25. 6 GByte/sec Crossbar Intra-connect 16. 8 GByte/Sec TLC TLC TLC CPU CPU CPU CPU I/O DIB Crossbar Intra-connect TLC TLC CPU CPU CPU CPU I/O DIB 12. 8 GByte/Sec I/O DIB

Scalability Design “Front-end/Back-end” model Server/Hub. NET Remoting Server activated objects Class Factory design pattern Data Partitioned store Localized data ownership Minimal updates to global data No “false sharing” (temporal data locality)

Scalability Implementation Threading Minimized synchronization between threads ( no “Bucket Brigade” processing) Used permanent threads or thread pools Minimized number and size of critical regions Data access Dedicated connection per thread Used connection pooling Heap usage Few, large, long-lived items rather than many, small, volatile items

Security Platform Windows Server 2003 for server Windows XP for workstation/hub. NET Framework 1. 1

Security PKI for both Server and Workstation. NET Remoting endpoints provide centralized access to server and database Messages in local/server database are encrypted Laptop scenarios Outbound e-mail traffic digitally signed Outbound fax traffic stamped for verification

Security User authentication Each user has his/her own identity User authenticates thru the hub to the server Integrated with Windows security where possible (and desirable) Authentication ultimately the responsibility of the server

Security Authentication Handshake protocol for authentication between workstation and server Verification of identity Verification of code Establishes session key for encryption of message traffic Session key has expiration All traffic is signed and encrypted

Authentication Process Hello. Req( Conversation. ID, My. ID ) [Signed Priv. Key, Encrypt Public. Key] Hello. Rsp( Conversation. ID, My. ID ) [Signed Priv. Key, Encrypt Public. Key] Verify. Req( Conversation. ID, My. ID ) Verify. Rsp( Conversation. ID, My. ID ) Message. Req( Conversation. ID, My. ID ) Message. Rsp( Conversation. ID, My. ID ) Single Channel Client Multi Channel Server

Security Data protection Separate encryption key is used for data protection on the workstation Encryption key is escrowed Only access to SQL is through stored procedures Application code resides on same server as SQL Server (networking disabled)

Reliability Platform Unisys ES 7000 Up to 200 km Windows Server 2003. NET Framework 1. 1 Microsoft Cluster Services Unisys Cluster Application Defender Geo. Span EMC Symmetrix

Reliability Design No single point-of-failure Physical isolation Automated, predicted failover Fault prevention - verify all input before processing Fault isolation - “Front-end/back-end” threads Fault monitoring - reduce MTTR

Reliability Implementation Fault mitigation Transacted operations Try/catch blocks Maintainability WMI Enterprise Instrumentation Framework

Performance Design based on. NET Remoting

Performance Implementation: Threading Model Workstation UI Long running tasks (initialization) User interactions (keyboard, mouse, etc. ). NET Remoting Event model Hub/Server Windows Service. NET Remoting Data access (store and forward)

demo A Glimpse at the Code Marc Kuperstein Consultant

Summary Scalability, reliability, security are functions of Platform Design Implementation Safe. USA demonstrates that. NET Framework can be used to create mission critical applications that are scalable, reliable, secure, performant

Resources See Safe. USA technical case study on http: //www. microsoft. com Business contact Todd Bower, CEO, Social. Tech (todd. bower@trak. org) Technical contacts Geralyn Miller (gemiller@microsoft. com) Brian Pattinson (brian. pattinson@unisys. com) Marc Kuperstein (marckup@hotmail. com)

Community Resources http: //www. microsoft. com/communities/default. mspx Most Valuable Professional (MVP) http: //www. mvp. support. microsoft. com/ Newsgroups Converse online with Microsoft Newsgroups, including Worldwide http: //www. microsoft. com/communities/newsgroups/default. mspx User Groups Meet and learn with your peers http: //www. microsoft. com/communities/usergroups/default. mspx

Ask The Experts Get Your Questions Answered July 2, 2003 10: 00 AM - noon

Community Resources http: //www. microsoft. com/communities/default. mspx Most Valuable Professional (MVP) http: //www. mvp. support. microsoft. com/ Newsgroups Converse online with Microsoft Newsgroups, including Worldwide http: //www. microsoft. com/communities/newsgroups/default. mspx User Groups Meet and learn with your peers http: //www. microsoft. com/communities/usergroups/default. mspx

evaluations

© 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.