Exposure of Members in Application Systems
In System Designer, you can selectively expose behavior of applications and systems that are members of a system definition. You can expose their behavior by adding proxy endpoints for endpoints on those members. When proxy endpoints exist on a system definition, you can also connect uses of that system definition when you include them in other system definitions. Within another system definition, the included use of a system definition shows only its proxy endpoints, hiding its members from view and abstracting its details in the context of the outer system. For more information, see Overview of Application Systems on System Diagrams.
When exposing endpoints on members as proxy endpoints, you are defining constraints that Distributed System Designers respect when you define and evaluate deployment for other systems. However, no checks to enforce these rules are performed at run time. Therefore, make sure that the constraints you have defined in the form of limiting proxy endpoints are actually enforced at run time to secure access to the members of a system.
Exposing Behavior of System Members
In System Designer, a system definition defines a specific configuration of these applications and systems as members. This configuration describes how these applications and systems should be connected and provides the capability to override settings if needed. A system also describes which member endpoints, if any, are exposed as proxy endpoints, making it possible to reuse the system in other systems. This configuration of a system is applied to its members upon deployment.
Within a system, each proxy endpoint exposes a single endpoint on a member that requires exposure outside the system. Member endpoints that are not exposed as proxy endpoints do not have access outside the system nor can be accessed from outside the system. For more information, see How to: Add Proxy Endpoints to Application Systems.
A consumer endpoint on a member typically requires a connection to a suitable provider endpoint or a delegation to a proxy endpoint in order for the member to function correctly and for the system to be valid. However, the requirement for a consumer endpoint to be connected can be optional. For more information, see Communication within Application Systems.
For example, suppose you have a system that is composed from an ASP.NET Web service that is connected to external database. You can restrict access to the database from outside the system by exposing only the Web service provider endpoint as a proxy endpoint. The system now only exposes one point of access to the database through the Web service, preventing a direct connection to the database from outside the system.
Delegating Communication to System Members
A system and its proxy endpoints do not exist as tangible entities in the eventual deployment of the system. At deployment, a system delegates all communication to and from its proxy endpoints to the endpoints on its members. All configuration of the system is resolved and leaves only connected application endpoints with any overridden application settings. If any of its members are systems, these members delegate communication to their members, and so on. Through this process, you can delegate communication through any number of system layers. Ultimately, all proxy endpoints delegate communication to application endpoints.
Adding and Connecting Proxy Endpoints
When you add a proxy endpoint, it appears on the edge of the system definition shape and is connected by a delegation line. All endpoints on a system definition shape are proxy endpoints; however, a proxy endpoint always has the same type and role as the endpoint it exposes. Therefore, a proxy endpoint that exposes a provider endpoint has provider type, and the delegation line points away from the proxy endpoint to the provider endpoint. Likewise, a proxy endpoint that exposes a consumer endpoint has consumer type, and the delegation line points away from the consumer endpoint to the proxy endpoint. For more information about endpoints, see Overview of Endpoints on Applications.
Within a system definition, a proxy endpoint on that definition is permitted only one delegation to a single endpoint on a member. Outside its system definition, a proxy endpoint can connect to other endpoints under the same rules that apply to connecting the endpoint type it exposes with the following additional considerations:
For a proxy endpoint with provider type, you can connect it to one or more consumer endpoints outside the system that defines the proxy endpoint. At the same time, you can also expose it as another proxy endpoint on an outer system definition.
For a proxy endpoint with consumer type, you can either connect it to a single provider endpoint or expose it as another proxy endpoint on an outer system definition.