Archive for August, 2008

Comparing BizTalk and MOSS SSO Configuration

I was recently working on a SharePoint Business Data Catalog (BDC) project and needed to configure the single sign-on (SSO) functionality of SharePoint. For anyone not familiar with the SSO functions in BizTalk or SharePoint that I am talking about, I will explain it briefly. I am not speaking about SSO in the sense that a website or application user logs in once and only once. I am speaking about SSO functionality in these two server products which enables the secure storage of credentials used for connecting to external systems. There are two types of SSO – authorization and impersonation. So that everyone knows, I am talking about the SSO impersonation capabilities of these two server products.
 
Coming from a BizTalk background I had worked with SSO in BizTalk quite a bit but was not initially prepared with how different the configuration was for SharePoint. This post will attempt to do a thorough comparison of all of the SSO functionality between the BizTalk and SharePoint products.
 
Feature

BizTalk

SharePoint

Configuration Interface

Command-Line and BizTalk Configuration Wizard

SharePoint Central Administration website

Encryption Key Management

Possible only via Command-Line

Possible only via website function "Manage Encryption Key"

Encryption Key Backup

Command-Line File Based, Can backup to any file location

Website Based, Can backup only to a removable drive

SSO MMC Capability?

Exists as an MMC, can be loaded remotely with appropriate BizTalk install

MMC does not exist, cannot be configured remotely.

Requires RDP access for SSO configuration?

No

Yes

Group Setup for SSO

SSO Administrators, SSO Affiliate Administrators, SSO Service Account

SSO Administrators, SSO Administrator Account, SSO Service Account

Requires SSO Service Account to be process identity for configuration?

No

Yes

SSO delegation options

Credential based on port configuration

Credential variability options – Group and Individual options.

Runs as Windows Service?

Yes

Yes

Required on all servers in Farm?

No

Yes

Operates out of an SSO database?

Yes

Yes

Command-line options for SSO?

Yes

Partial

Automatic Credential Update?

Yes

No

The above table shows there are a considerable number of differences in the SSO configuration and functionality options of SSO across the two products. Perhaps in the future the two SSO products can provide a combination of the features in the chart above because both offer valuable options and would make an excellent combination together. A more consolidated SSO experience would also be helpful from a product administration perspective.

Thanks,

 

,

2 Comments

BizTalk and Hyper-V

Yesterday I learned about a resource for configuring virtual BizTalk instances in conjunction with the use of Windows Server 2008 Hyper-V. This guide is available on MSDN (http://msdn.microsoft.com/en-us/library/cc768518.aspx) or via a white paper download. This guide is very interesting because it pushes along the guidance on how to implement a scalable solution with BizTalk in which host instances are spread out on different servers for maximum performance.
 
The general MSDN guide for scaling out is at http://msdn.microsoft.com/en-us/library/aa546759.aspx, and an article for scaling out receiving hosts is at http://msdn.microsoft.com/en-us/library/aa577415.aspx. The benefit of the new Hyper-V guide is it shows much more of the details for different configurations of BizTalk host instances. The general scaling out guide basically makes the assumption that individual host instances will be physical machines. The Hyper-V guide represents the host instances as virtual machines with the guest OS of Windows Server 2003. It is important to note that this guide does not recommend or endorse BizTalk running in a host OS of Windows Server 2008, although this is technically possible. The guide does use Hyper-V included Windows Server 2008 for the host OS. It is important to remember that BizTalk licensing is based on the number of processors, any number of virtual instances may be installed with BizTalk on the same server. Here is a partial picture from the Hyper-V guide showing the relationship between the host with Hyper-V and guest BizTalk virtual machines:
 
hypervpic
 
Another one of the strengths of the Hyper-V guide is it shows a considerable level of detail about how scaling out the SQL Server instances should work, including having SQL Server instances virtualized as well. Interestingly, the SQL Server virtual machines ARE running on Windows Server 2008. Many file-level details such as filegroup organization and the separation of data files for SQL Server is discussed, which is very helpful for people who are planning on using Hyper-V with SQL. Another valuable detail is that specific examples of SAN implementation with RAID modes is also discussed. This extends the information previously available in the scaling out SQL Server for BizTalk installs article (http://msdn.microsoft.com/en-us/library/aa578625.aspx).
 
One of the values of this guide is that it helps reduce the cost and risk of entry for a customer into a Windows Server 2008 environment. Although BizTalk Server 2006 R2 is not officially supported on Windows Server 2008, Hyper-V as discussed in this guide enables some of the major strengths of Windows Server 2008 to be applied indirectly to BizTalk Server 2006 R2 host instances such as utilization of a larger amount of RAM and host OS performance improvements that would not be possible with the previous version of Virtual Server 2005. For companies not willing to run BizTalk Server 2006 R2 due to the risk of not being officially supported, this solution provides a documented workaround.
 
Check out the guide and have fun virtualizing BizTalk with Hyper-V!

, ,

Leave a comment

Windows Server 2008 Roles and Features for BizTalk

I recently wrote a blog post about avoiding some of the pitfalls of installing BizTalk Server 2006 R2 onto Windows Server 2008. One of the gaps in my post was that I did not mention all of the roles and features that I used when configuring Windows Server 2008 prior to installing BizTalk.  Since there is really very little documentation out there on MSDN for BizTalk installs onto Windows Server 2008, I wanted to help clear up the documentation gaps so that others could get this latest version of the Windows Server running for their BizTalk environment.

For this BizTalk project, I was primarily using FILE, MSMQ, and the WebSphere MQ (MQSC) adapters in case you are wondering.  Here is a photo of the roles and features that I configured in order to get BizTalk to run successfully:

Win2K8-RolesAndFeatures

On Windows Server 2008 the initial page that loads is called the Server Manager and includes an excellent overview of the configuration of the server. The screenshot I provided above came from the Server Manager’s section for Windows Server 2008 configured roles and features. This list of roles and features does not cover all BizTalk features so you may be required to add other roles or features for BizTalk adapters other than the ones I used.

Thanks,

,

Leave a comment

Some Tips on BizTalk AS2 Development

Here are a few tips I encountered when working on an AS2 and EDI project.
 
You will want to avoid using an EdiSend on the send side of a 2-way port in which the receive is As2EdiReceive because you will encounter EDI assembler errors where the SOAP messages are being run through the EDI assembler. Make sure to use just the As2Send on the send side of the receive port. The AS2 tutorial at http://technet.microsoft.com/en-us/library/bb245935.aspx mentions creating a 2-way port with As2EdiReceive/As2Send. This is the correct way of doing this.
 
When developing with EDI and AS2, you will eventually want to create a filter for receiving BizTalk NACKs that you may see with AS2 communications. You can create a send port filter using the filter property EDIInt.IsAs2Http200OKRresponse == true. This way if BizTalk does receive a NACK it will not log it as an error. This is a valuable tip for setting up an BizTalk environment for AS2 communications so that low-level AS2 message errors can be filtered out to a separate folder or location.
 
Thanks,

, ,

2 Comments