New Online Demo: Introducing FabrikamShipping SaaS

Last June, the beginning of the fiscal year for Microsoft, I’ve been asked to add to my identity for developers mission an additional focus: helping ISVs to take advantage of the Windows Azure Platform for writing Software as a Service solutions.

Rather than devising abstract guidance, we decided to tackle the challenge by walking a mile in YOUR shoes. We picked an existing demo application which was originally designed for a single tenant. We chose FabrikamShipping, which started as an identity demo and later became a showcase for the .NET platform at Bob’s keynote last TechEd.  Together with our good friends at Southworks we worked on bringing the application to the cloud, tackling on the challenges that each of you have to cope with when moving toward a subscription based model: onboarding customers, preserving existing IP, adapting the offering features to different customer types, handling identity and access both from business and web users (surprised? ;-)), user accounts activation, managing notifications, collecting payments and in general handling billing relationships, balance the tradeoffs between isolated resources and multi-tenancy, exposing and securing OData services… the list goes on, but you get the picture. On top of that, we had the further complication derived from the guidance component of the project: not only we had to solve the problem, we had to walk a fine line between having something working and something that developers could easily read and understand.

image

Well, today I am proud to finally unveil the first release of our new sample: meet FabrikamShipping SaaS.

FabrikamShipping SaaS is a complete subscription based solution running on the Windows Azure platform and publicly available thru www.fabrikamshipping.com. It offers a web-based customer onboarding UI, which anybody can use for creating test subscriptions and obtain their very own application instance, dynamically provisioned by a simple but powerful provisioning engine. Thanks to our partnership with our friends evangelists at PayPal, it even demonstrates how to integrate payments and billing via an external provider!

Together with the live web site, we offer a package with the full source code of the solution (which runs in the DevFabric!) and a companion package which can help you to experience those parts of the demo that require some code on the client, such as the OData services secured via OAuth2 (we give you client code for that) and the enterprise edition which require an on-premises identity provider (SelfSTS to the rescue).

image

I have recorded a brief video in which I give an overview of FabrikamShipping SaaS architecture, which you can find here. In the next few hours I will also upload walkthrough videos demonstrating the ways in which you can interact with the demo, however some of them are so simple (and verbosely hand-holding) that I am sure you’ll just go through it without the need of any guidance. Here there’s a list of things to do.

Create a new Small Business subscription

The demo offers 2 subscription levels: enterprise and small business. In order to create a Small Business subscription all you need is a browser and a LiveID (and/or Google) account. That’s what I would suggest to start with.

Use the Companion to explore AdventureWorks

The enterprise subscription offers more advanced features, such as exclusive use of resources (as opposed to the shared resources regimen in multitenant systems: watch the video for more details) and single sign on with on-premises identity providers. As a result, creating and consuming an enterprise edition subscription has some requirements on the client.

In order to help you to experience an enterprise subscription we pre-provisioned a tenant, AdventureWorks, and stored in the companion package all the necessaire for consuming the application instance and call its OData services. Download the companion, read the (brief) instructions and try the thrill of being an AdventureWorks employee for a day!

[limited availability] Use the Companion to create a new Enterprise Subscription

You can also use the companion for creating a new enterprise level subscription: in fact, the onboarding experience is IMO very interesting. If you have an ADFS2 instance available, you can even do that without the need for the companion package. However, be warned. Creating an enterprise subscription takes resources and requires manual steps from us (ie creating a new hosted service and storage account), which means that 1) between the moment in which you submit the request and the moment in which the instance is ready a long time may pass, especially if you do it during the weekend or where here it’s night 2) we may not process your request if we already exhausted the quota for the day. However that should not be a big problem, because not only you can see how an enterprise subscription works by looking at AdventureWorks, but especially because you can…

…Explore the solution in the Source Code package

Ta dah! The entire solution source code is available for you to slice and dice. Download the source code package, run the setup, open the FabrikamShipping solution, hit F5… and you’ll get an enterprise instance, a small business instance and a subscription console instance running in the devfabric. The provisioning worker process does not work in that cloud-less environment, but all the code is there for you to uncover its secrets. In fact, there’s quite a lot of interesting stuff in there! Below there’s a non-exhaustive list of things you can expect to see in action from the FabrikamShipping SaaS solution:

  • A reusable pattern for building subscription based apps on the Windows Azure platform
  • General-purpose onboarding UI engine
  • Full isolation and multi-tenant application deployment styles
  • Integration with PayPal Adaptive Payment APIs for one-time and preapproved continuous payments
  • How to run complex processes in Worker Roles, including compensation logic and handling external events
  • Message-activated task execution
  • Handling notifications
  • Automated provisioning
  • Email notifications
  • Dynamic Source Code customization and creation of Windows Azure packages via CSPACK from a worker role
  • Creation of SQL Azure databases from a worker role
  • Self-service authorization settings
  • Using the Access Control Service (ACS) Management API for automating access and relationship handling
  • A fully functional user onboarding system from multiple web identity providers, including account activation via automated mails
  • Multi-tenant MVC application authentication based on Windows Identity Foundation (WIF)
  • Securing OData services with ACS and full WIF integration
  • ...

Not bad, I would say :-) but you be the judge, of course.

 

Now, as it is in the style of this blog, here comes the disclaimer.

Remember, this is just a demo. We played with this baby quite a bit before releasing it and we are happy with it, but it has no SLA whatsoever. It can go down at any moment. It can occasionally break. It is based on pre-release code, itself without ANY SLA, that from time to time WILL fail. Also, don’t imagine that there’s an operation team maintaining this thing: we are a bunch of dudes with day jobs, that from time to time will look at the administrative side of the solution and smooth things out but that for most of the time will be working on something else (like PDC, TechEd Europe, the next bunch of hands-on labs, more samples… etc). If you find the demo down, don’t assume that there’s anything wrong with Windows Azure, it’s practically certain it will be the demo itself.
Also: this is a demo, not a best practice. This is the way in which we solved some of the problems we faced, but it’s not always necessarily the best way. Some of those things are very, very new and reality is that multiple people will have to go through that before a best practice will emerge.
In fact, I want to take this chance for thanking the Southwork crew (especially Matias, Sebastian, Lito, PC) who tirelessly worked with me on this. Without their special mix of talent and skin in the game, mixed with years of experience working together and infinite patience for handling my (I’m told :-)) “excessive attention to detail”, I don’t think we would have pulled this off. Thank you guys!

 

That said. We are really excited to finally give you the chance to play with the demo. Building this demo on top of the PaaS offered by the Windows Azure Platform gave us the chance to experience firsthand how the right foundation can greatly simplify the development of this new breed of solutions, and I am just giddy at the thought that now you’ll be able to experience this, too! The SaaS model is here to stay: I hope that FabrikamShipping SaaS will help you in your projects!

Comments

  • Anonymous
    October 16, 2010
    Wonderful implementation of WIF/ Azure.I had a small problem though, I registered in the enterprise version and uploaded the federation meta data file of my sample ADFS 2.0. I need then to make ADFS 2.0 trust my RP which is the Azure web site and identify what are the required claim types. In normal scenarios on the WIF training kit and other resources, I can create the Replying Party trust from an existing XML metadata file generated by STS wizard in visual studio, and this will take care of all the small details, but for my case now I do not know how to get this file because I tried to create the Replying Part Trust manually but the accepted claim types seems to be not configurable or I am missing some piece of the puzzle Thanks again for the sample implementation

  • Anonymous
    October 16, 2010
    Hi Yousry, thank you for your kind words! In the notification mail you received when you were informed that the instance is ready, you should have found the following: >If you indicated your ADFS2.0 instance (or equivalent product) at sign-up time, you need to establish Relying Party Trust with your new instance before using it. You can find the federation metadata of the application at the address fabrikamshipping.accesscontrol.appfabriclabs.com/.../FederationMetadata.xml. That is the metadata address you need to refer to for establishing the relying party trust in ADFS. Note, there are no claim types there: you need to provide the claim types you declared in YOUR metadata as uploaded during the onboarding process. Hope this helps, V.

  • Anonymous
    January 26, 2011
    ProvisioningFramework.Worker ( Project Name) WorkerRole.cs (file name) var templateServiceCreationRequest = new StreamReader(resourcesContainer.GetFile("Template.ProvisioningCreateRequest.htm ")).ReadToEnd();            var templateServiceDeletionRequest = new StreamReader(resourcesContainer.GetFile("Template.ProvisioningDeleteRequest.htm ")).ReadToEnd();            var templateServiceDeleted = new StreamReader(resourcesContainer.GetFile("Template.DeprovisioningCompleted.htm ")).ReadToEnd();            var templateActivateAccount = new StreamReader(resourcesContainer.GetFile("Template.ActivateAccount.htm ")).ReadToEnd(); Can anyone please explain me what are those &var templateServiceCreationRequest = new StreamReader(resourcesContainer.GetFile("Template.ProvisioningCreateRequest.htm ")).ReadToEnd();            var templateServiceDeletionRequest = new StreamReader(resourcesContainer.GetFile("Template.ProvisioningDeleteRequest.htm ")).ReadToEnd();            var templateServiceDeleted = new StreamReader(resourcesContainer.GetFile("Template.DeprovisioningCompleted.htm ")).ReadToEnd();            var templateActivateAccount = new StreamReader(resourcesContainer.GetFile("Template.ActivateAccount.htm ")).ReadToEnd(); Can anyone please explain me what are those *.html files? my email id is jitendra@symbi.in

  • Anonymous
    January 26, 2011
    Please provide the documention also so we can understand it entirely. :-)

  • Anonymous
    February 09, 2011
    hi Jitendra, the HTM files there are templates for the notificationmails we send at various points in the instance provisioning. I will put together some deeper blog posts on provisioning