我的雇主是特定市场的软件供应商。我们的客户使用网络服务将我们的系统与其他系统集成。我们使用 Microsoft 技术,我们的 Web 服务是在 ASP.NET 和 WCF 中实现的。
现在是时候审查我们当前的服务集,并为未来的集成制定公司标准了。我正在阅读“企业集成模式”,并且还了解了一些 nServiceBus 和 Mass Transit。这些可能会简化合同版本控制和单元测试等问题,但它们似乎对于提供内部服务总线最有用,而不是向外部客户端公开服务。
我们的客户位于许多不同的平台上,并要求我们的服务符合标准。这对不同的人来说可能意味着不同的事情,但我认为可以安全地假设他们想要访问用 WSDL 描述的 Web 服务。
在这种情况下,WCF 是可行的方法吗?
My employer is a software vendor for a specific market. Our customers integrate our system with others using web services. We use Microsoft technology, and our web services are implemented in ASP.NET and WCF.
The time has come to review our current set of services, and come up with company standards for future integrations. I am reading "Enterprise Integration Patterns," and I've also been looking a little bit at nServiceBus and Mass Transit. These may simplify issues like contract versioning and unit testing, but they seem to be most useful for providing an internal service bus, not for exposing services to external clients.
Our customers are on many different platforms, and require our services to be standards compliant. That may mean different things to different people, but I think it is safe to assume that they want to access web services described with WSDL.
In this scenario, is WCF the way to go?
发布评论
评论(2)
WCF 是迄今为止 Microsoft 平台上最符合标准的堆栈。好处是,它对于不同的客户端来说非常灵活,“开箱即用”,如果有一些事情让你悲伤,其中大多数都可以通过自定义行为进行更改,而不需要太多麻烦。
WCF is by far the most standards-compliant stack on the Microsoft platform. The nice thing is that it's very flexible for different clients "out of the box", and if there are things that cause you grief, most of them can be changed via custom behaviors without too much trouble.
我通常推荐的另一种选择是在消息代理之间通过 AMQP 进行集成。也就是说,您可以使用推送范例而不是轮询范例(相比之下,轮询范例非常强大且可扩展)!
您可以在本地设置自己的代理,例如 RabbitMQ。然后您可以让您的集成合作伙伴设置一个。 (简单:只需下载)。
如果您的合作伙伴从同一个数据中心进行集成,您就可以避免假设很少的网络分割 - 这意味着您可以共享代理。另一方面,如果您位于不同的网络上,则可以在联合模式中设置代理< /a>。 (运行
rabbitmq-plugins启用rabbitmq_federation
并指向到另一个代理)现在您可以使用例如 MassTransit:
,就像不进行任何集成时所做的那样。
如果您查看 http://rabbitmq.mydomain.local:55672/ 现在您会发现管理RabbitMQ 的接口。 MassTransit 为每种消息类型创建一个交换(将此类消息发送到该交换将分发给所有订阅者),您可以在其上放置授权规则。
授权规则可以采用每个用户正则表达式的形式,也可以集成到 LDAP 中。请参阅相关文档。
如果您要通过 WAN 并且没有 IPSec 隧道,您还需要 SSL - 该文档位于:http://www.rabbitmq.com/ssl.html 并且启用 像这样。
就是这样!享受!
后记:如果您想要进行一次冒险,以帮助您管理所有基础设施作为副作用,您可以看看 木偶。 Puppet 是服务器的配置者和配置管理器;在这种情况下,您可能有兴趣使用 puppet 设置 SSL。首先,为您的域订购通配符子域证书,然后使用该证书签署其他证书:您可以委托该证书 - 请参阅rabbitmq指南,其中指出“现在我们可以生成我们的测试证书颁发机构将使用的密钥和证书”。 - 生成证书的证书签名请求,而不是创建新的颁发机构 - 并让 RMQ 将其用于 SSL - 它将对互联网有效。
An alternative that I normally recommend is integration over AMQP between your message brokers. That was you can use the push paradigm instead of the polling one (which is very powerful and scalable in comparison)!
You'd set up your own broker, such as RabbitMQ, locally. Then you'd let your integration partner set up one. (Easy: just download it).
If your partner is integrating from the same data center, you'd be save to assume few network splits - meaning you could share the broker. On the other hand, if you are on different networks, you can set up the broker in federation mode. (Run
rabbitmq-plugins enable rabbitmq_federation
and point to the other broker)Now you can use e.g. MassTransit:
, like you would do when not doing any integration.
If you look at http://rabbitmq.mydomain.local:55672/ now you will find the administration interface for RabbitMQ. MassTransit creates an exchange for each message type (sending such a message to that exchange will fan out to all subscribers), which you can put authorization rules on.
Authorization rules can be in the form of regex per user or it can be integrated into LDAP. Consult the documentation for this.
You'd also need SSL in the case that you're going over the WAN and you don't have an IPSec tunnel - that documentation is here: http://www.rabbitmq.com/ssl.html and you enable it like this.
That's it! Enjoy!
Post scriptum: if you are feeling up for an adventure that will help you manage all of your infrastructure as a side-effect, you can have a look at puppet. Puppet is a provisioner and configuration manager of servers; in this case you'd be interested in setting up SSL with puppet. First, order a wild-card subdomain certificate for your domain, then use that cert to sign other certificates: you can delegate that - see the rabbitmq guide where it states "Now we can generate the key and certificates that our test Certificate Authority will use." - generate a certificate-signing-request for the certificate instead of creating a new authority - and let RMQ use this for SSL - it will be valid for the internet.