Dev 371 Architecting Scalable Secure Reliable Applications a
Dev 371 Architecting Scalable, Secure, Reliable Applications: a Case Study Geralyn Miller Technical Evangelist Microsoft Marc Kuperstein Consultant
Agenda Overview Architecture walkthrough Demo Best Practices Code walkthrough Summary Questions and answers
Safe. USA A nationwide community alert system Law Enforcement/Authorities Initiate and Receive Alerts Public can only receive alerts Built completely on. NET Technologies Multi-company collaborative effort Microsoft, Unisys, Social. Tech, United Way of America
video Visual Studio. NET Case Study: Social. Tech, Inc.
Design Goals Law enforcement and community alerts 25, 000 law enforcement workstations 100 M entries in electronic address book 24 x 7 availability Goal of 99. 999+% in hosted scenario Trustworthy computing environment
Technical Overview Law enforcement work station Windows XP, . NET Framework, MSDE Image acquisition HW-SW Server Infrastructure Windows Server 2003, SQL Server 2000, . NET Framework Unisys ES 7000 32 -way servers, Slot Appliances
Technical Overview Public portal Internet Information Server 6. 0, ASP. NET Passport-enabled XML Web services Provider / consumer Interop into other systems Map. Point. NET
demo Safe. USA Demo Geralyn Miller Technical Evangelist Microsoft
System Design Map. Point. NET SOAP Workstation applications Other applications Browser HTTPS Management Web site HTTP SOAP Public Web site XML Web services layer . NET Remoting Hub instances. NET Remoting Server instances
Deployment Scenarios
Workstation/Hub Design Workstation application Tooltray application . Net remoting Workstation message handler Hub Service core Server message handler. Net remoting Server
Server Design
What’s Important? Scalability Many simultaneous small-scale alerts Occasional large-scale alerts Security Data quality, protection, privacy User-level access control Reliability Systems Network Denial-of-service attacks Performance Near real-time delivery of alerts
Scalability Platform Server Windows Server 2003. NET Framework 1. 1 Unisys ES 7000 SQL Server 2000, MSDE
Server Hardware ES 7000 MSU MSU 25. 6 GByte/sec Crossbar Intra-connect 16. 8 GByte/Sec TLC TLC TLC CPU CPU CPU CPU I/O DIB Crossbar Intra-connect TLC TLC CPU CPU CPU CPU I/O DIB 12. 8 GByte/Sec I/O DIB
Scalability Design “Front-end/Back-end” model Server/Hub. NET Remoting Server activated objects Class Factory design pattern Data Partitioned store Localized data ownership Minimal updates to global data No “false sharing” (temporal data locality)
Scalability Implementation Threading Minimized synchronization between threads ( no “Bucket Brigade” processing) Used permanent threads or thread pools Minimized number and size of critical regions Data access Dedicated connection per thread Used connection pooling Heap usage Few, large, long-lived items rather than many, small, volatile items
Security Platform Windows Server 2003 for server Windows XP for workstation/hub. NET Framework 1. 1
Security PKI for both Server and Workstation. NET Remoting endpoints provide centralized access to server and database Messages in local/server database are encrypted Laptop scenarios Outbound e-mail traffic digitally signed Outbound fax traffic stamped for verification
Security User authentication Each user has his/her own identity User authenticates thru the hub to the server Integrated with Windows security where possible (and desirable) Authentication ultimately the responsibility of the server
Security Authentication Handshake protocol for authentication between workstation and server Verification of identity Verification of code Establishes session key for encryption of message traffic Session key has expiration All traffic is signed and encrypted
Authentication Process Hello. Req( Conversation. ID, My. ID ) [Signed Priv. Key, Encrypt Public. Key] Hello. Rsp( Conversation. ID, My. ID ) [Signed Priv. Key, Encrypt Public. Key] Verify. Req( Conversation. ID, My. ID ) Verify. Rsp( Conversation. ID, My. ID ) Message. Req( Conversation. ID, My. ID ) Message. Rsp( Conversation. ID, My. ID ) Single Channel Client Multi Channel Server
Security Data protection Separate encryption key is used for data protection on the workstation Encryption key is escrowed Only access to SQL is through stored procedures Application code resides on same server as SQL Server (networking disabled)
Reliability Platform Unisys ES 7000 Up to 200 km Windows Server 2003. NET Framework 1. 1 Microsoft Cluster Services Unisys Cluster Application Defender Geo. Span EMC Symmetrix
Reliability Design No single point-of-failure Physical isolation Automated, predicted failover Fault prevention - verify all input before processing Fault isolation - “Front-end/back-end” threads Fault monitoring - reduce MTTR
Reliability Implementation Fault mitigation Transacted operations Try/catch blocks Maintainability WMI Enterprise Instrumentation Framework
Performance Design based on. NET Remoting
Performance Implementation: Threading Model Workstation UI Long running tasks (initialization) User interactions (keyboard, mouse, etc. ). NET Remoting Event model Hub/Server Windows Service. NET Remoting Data access (store and forward)
demo A Glimpse at the Code Marc Kuperstein Consultant
Summary Scalability, reliability, security are functions of Platform Design Implementation Safe. USA demonstrates that. NET Framework can be used to create mission critical applications that are scalable, reliable, secure, performant
Resources See Safe. USA technical case study on http: //www. microsoft. com Business contact Todd Bower, CEO, Social. Tech (todd. bower@trak. org) Technical contacts Geralyn Miller (gemiller@microsoft. com) Brian Pattinson (brian. pattinson@unisys. com) Marc Kuperstein (marckup@hotmail. com)
Community Resources http: //www. microsoft. com/communities/default. mspx Most Valuable Professional (MVP) http: //www. mvp. support. microsoft. com/ Newsgroups Converse online with Microsoft Newsgroups, including Worldwide http: //www. microsoft. com/communities/newsgroups/default. mspx User Groups Meet and learn with your peers http: //www. microsoft. com/communities/usergroups/default. mspx
Ask The Experts Get Your Questions Answered July 2, 2003 10: 00 AM - noon
Community Resources http: //www. microsoft. com/communities/default. mspx Most Valuable Professional (MVP) http: //www. mvp. support. microsoft. com/ Newsgroups Converse online with Microsoft Newsgroups, including Worldwide http: //www. microsoft. com/communities/newsgroups/default. mspx User Groups Meet and learn with your peers http: //www. microsoft. com/communities/usergroups/default. mspx
evaluations
© 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
- Slides: 36