There are many options for application configuration within BizTalk Server. This presentation shows how to use the OOTB features of Enterprise Single Sign-On to host secure, distributed configuration within customised application containers.
1. Using SSO for
Application Configuration
Daniel Toomey, Mexia Consulting
Senior Integration Specialist
2. S S O
Images from Microsoft whitepaper: http://download.microsoft.com/download/c/6/5/c65ff9fd-0ed7-47f6-91ab-000e6265ea5b/enterprise_sso_whitepaper.doc
2
3. S S O
Images from Microsoft whitepaper: http://download.microsoft.com/download/c/6/5/c65ff9fd-0ed7-47f6-91ab-000e6265ea5b/enterprise_sso_whitepaper.doc
3
4. •
•
Images from Microsoft whitepaper: http://download.microsoft.com/download/c/6/5/c65ff9fd-0ed7-47f6-91ab-000e6265ea5b/enterprise_sso_whitepaper.doc
4
5. System A Credentials System B Credentials
<Username/Password> <Username/Password>
App A Configuration App C Configuration
<Key/Value>, <Key/Value>, … <Key/Value>, <Key/Value>, …
5
7. XML Configuration File
–
–
PROS CONS
• Easy to implement • No OOTB security
• Familiar <appSettings> • Not distributed
methodology • No application isolation
(Web.config / • Host(s) restart req’d
App.config)
• Easy to update
configuration
7
8. Custom Database Table(s)
–
–
PROS CONS
• Distributed (single • Not as easy to implement
repository) as XML file configuration
• Security & access is • Requires data access code
independently configurable • Application segregation &
• Familiar development access control must be
methodology manually configured
• Easy to update • Possible performance issue
configuration (unless caching is
implemented)
8
10. BizTalk Rules Engine (BRE)
–
–
PROS CONS
• Distributed (single repository) • Unfamiliar developer environment
• Access is controlled by user to most programmers
account • Requires Business Rules
• Accessible to BizTalk orchestrations Composer to update
and other components & services
via .NET API
• No service / host restart required for
updates
• Application segregation via policy
• Supports versioning!
10
11. SSO Configuration Store
–
–
PROS CONS
• Distributed (single repository) • Some programming effort
• Highly secure (built-in required
encryption) • Enterprise SSO Services
• Segregated application must be restarted upon
containers with independent changes
access control • GUI updates require
• Accessible to BizTalk additional tools (but they are
orchestrations and other free)
components & services via
.NET API
11
12. XML DB BRE SSO
Secure
X ? X
Distributed
X
Granular Access
Control X ?
Ease of Programming
?
Changes w/o Restart
X ? X
Versioning
X ? X
15. •
–
–
http://www.microsoft.com/en-au/download/details.aspx?id=14524
• Caveat:
– Pay attention to “Company Name” when installing
– Must match domain in “contact” address
15
EnterpriseSingle Sign-On Credential Management SystemStores and transmits encrypted user credentials across local and network boundariesConsists of a credential database, a master secret server, and one or more Single Sign-On servers.
Bundled with BizTalk ServerUsed for securely storing critical information such as secure configuration properties E.g. the proxy user ID, and proxy password for HTTP adapters
SSO also serves as a secure Configuration StoreDesigned to work in a distributed environmentUsed by the BizTalk adapters to store configuration data
Contains affiliate applications defined by an administratorAffiliate application = logical entity that represents a system or sub-system such as a host, back-end system, or line-of-business application to which you are connectingEach affiliate application has multiple user mappingsUsersAdministrators
XML Application Configuration Files:BTSNTSvc.exe.configBTSNTSvc64.exe.configPROS:Easy to implement (esp. on developer machines)Familiar <appSettings> methodology to all Web & Windows Client application developersEasy to update configuration (although host restart req’d)CONS:No security (unless using custom encryption)Not distributed (must be applied to every BizTalk machine)Global (accessible / applicable to all BizTalk services & applications)Changes require host(s) restart
XML Application Configuration Files:BTSNTSvc.exe.configBTSNTSvc64.exe.configPROS:Easy to implement (esp. on developer machines)Familiar <appSettings> methodology to all Web & Windows Client application developersEasy to update configuration (although host restart req’d)CONS:No security (unless using custom encryption)Not distributed (must be applied to every BizTalk machine)Global (accessible / applicable to all BizTalk services & applications)Changes require host(s) restart
Database:ADO.NETEntity FrameworkWCF-SQL Adapteretc.PROS:Distributed (single repository)Security & access is independently configurableFamiliar development methodologyEasy to update configurationCONS:Not as easy to implement as XML file configurationRequires data access codeApplication segregation & access control must be manually configuredPossible performance issue (unless caching is implemented)
BizTalk Rules Engine (BRE):Included with BizTalk ServerCondition is always “true” (e.g. 1 ==1)PROS:Distributed (single repository)Access is controlled by user accountAccessible to BizTalk orchestrations and other components & services via .NET APINo service / host restart required for updatesApplication segregation via policySupports versioning! CONS:Unfamiliar developer environment to most programmersRequires Business Rules Composer to update
BizTalk Rules Engine (BRE):Included with BizTalk ServerCondition is always “true” (e.g. 1 ==1)PROS:Distributed (single repository)Access is controlled by user accountAccessible to BizTalk orchestrations and other components & services via .NET APINo service / host restart required for updatesApplication segregation via policySupports versioning! CONS:Unfamiliar developer environment to most programmersRequires Business Rules Composer to update
SSO Configuration StoreIncluded with BizTalk ServerPROS:Distributed (single repository)Highly secure (built-in encryption)Accessible to BizTalk orchestrations and other components & services via .NET API (sample available via MSDN)Segregated application containers with independent access controlCONS:Some programming effort requiredEnterprise SSO Services must be restarted upon changesGUI updates require additional tools (but they are free)