Using SSO for Application Configuration
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Using SSO for Application Configuration

on

  • 2,073 views

There are many options for application configuration within BizTalk Server. This presentation shows how to use the OOTB features of Enterprise Single Sign-On to host secure, distributed configuration ...

There are many options for application configuration within BizTalk Server. This presentation shows how to use the OOTB features of Enterprise Single Sign-On to host secure, distributed configuration within customised application containers.

Statistics

Views

Total Views
2,073
Views on SlideShare
2,073
Embed Views
0

Actions

Likes
0
Downloads
11
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • EnterpriseSingle Sign-On Credential Management SystemStores and transmits encrypted user credentials across local and network boundariesConsists of a credential database, a master secret server, and one or more Single Sign-On servers.
  • Bundled with BizTalk ServerUsed for securely storing critical information such as secure configuration properties E.g. the proxy user ID, and proxy password for HTTP adapters
  • SSO also serves as a secure Configuration StoreDesigned to work in a distributed environmentUsed by the BizTalk adapters to store configuration data
  • Contains affiliate applications defined by an administratorAffiliate application = logical entity that represents a system or sub-system such as a host, back-end system, or line-of-business application to which you are connectingEach affiliate application has multiple user mappingsUsersAdministrators
  • XML Application Configuration Files:BTSNTSvc.exe.configBTSNTSvc64.exe.configPROS:Easy to implement (esp. on developer machines)Familiar methodology to all Web & Windows Client application developersEasy to update configuration (although host restart req’d)CONS:No security (unless using custom encryption)Not distributed (must be applied to every BizTalk machine)Global (accessible / applicable to all BizTalk services & applications)Changes require host(s) restart
  • XML Application Configuration Files:BTSNTSvc.exe.configBTSNTSvc64.exe.configPROS:Easy to implement (esp. on developer machines)Familiar methodology to all Web & Windows Client application developersEasy to update configuration (although host restart req’d)CONS:No security (unless using custom encryption)Not distributed (must be applied to every BizTalk machine)Global (accessible / applicable to all BizTalk services & applications)Changes require host(s) restart
  • Database:ADO.NETEntity FrameworkWCF-SQL Adapteretc.PROS:Distributed (single repository)Security & access is independently configurableFamiliar development methodologyEasy to update configurationCONS:Not as easy to implement as XML file configurationRequires data access codeApplication segregation & access control must be manually configuredPossible performance issue (unless caching is implemented)
  • BizTalk Rules Engine (BRE):Included with BizTalk ServerCondition is always “true” (e.g. 1 ==1)PROS:Distributed (single repository)Access is controlled by user accountAccessible to BizTalk orchestrations and other components & services via .NET APINo service / host restart required for updatesApplication segregation via policySupports versioning! CONS:Unfamiliar developer environment to most programmersRequires Business Rules Composer to update
  • BizTalk Rules Engine (BRE):Included with BizTalk ServerCondition is always “true” (e.g. 1 ==1)PROS:Distributed (single repository)Access is controlled by user accountAccessible to BizTalk orchestrations and other components & services via .NET APINo service / host restart required for updatesApplication segregation via policySupports versioning! CONS:Unfamiliar developer environment to most programmersRequires Business Rules Composer to update
  • SSO Configuration StoreIncluded with BizTalk ServerPROS:Distributed (single repository)Highly secure (built-in encryption)Accessible to BizTalk orchestrations and other components & services via .NET API (sample available via MSDN)Segregated application containers with independent access controlCONS:Some programming effort requiredEnterprise SSO Services must be restarted upon changesGUI updates require additional tools (but they are free)

Using SSO for Application Configuration Presentation Transcript

  • 1. Using SSO forApplication Configuration Daniel Toomey, Mexia Consulting Senior Integration Specialist
  • 2. S S OImages from Microsoft whitepaper: http://download.microsoft.com/download/c/6/5/c65ff9fd-0ed7-47f6-91ab-000e6265ea5b/enterprise_sso_whitepaper.doc 2
  • 3. S S OImages from Microsoft whitepaper: http://download.microsoft.com/download/c/6/5/c65ff9fd-0ed7-47f6-91ab-000e6265ea5b/enterprise_sso_whitepaper.doc 3
  • 4. •• Images from Microsoft whitepaper: http://download.microsoft.com/download/c/6/5/c65ff9fd-0ed7-47f6-91ab-000e6265ea5b/enterprise_sso_whitepaper.doc 4
  • 5. System A Credentials System B Credentials <Username/Password> <Username/Password>App A Configuration App C Configuration<Key/Value>, <Key/Value>, … <Key/Value>, <Key/Value>, … 5
  • 6. XML Configuration File – – 6
  • 7. XML Configuration File – – PROS CONS • Easy to implement • No OOTB security • Familiar <appSettings> • Not distributed methodology • No application isolation (Web.config / • Host(s) restart req’d App.config) • Easy to update configuration 7
  • 8. Custom Database Table(s) – – PROS CONS • Distributed (single • Not as easy to implement repository) as XML file configuration • Security & access is • Requires data access code independently configurable • Application segregation & • Familiar development access control must be methodology manually configured • Easy to update • Possible performance issue configuration (unless caching is implemented) 8
  • 9. BizTalk Rules Engine (BRE) – – 9
  • 10. BizTalk Rules Engine (BRE) – – PROS CONS • Distributed (single repository) • Unfamiliar developer environment • Access is controlled by user to most programmers account • Requires Business Rules • Accessible to BizTalk orchestrations Composer to update and other components & services via .NET API • No service / host restart required for updates • Application segregation via policy • Supports versioning! 10
  • 11. SSO Configuration Store – – PROS CONS • Distributed (single repository) • Some programming effort • Highly secure (built-in required encryption) • Enterprise SSO Services • Segregated application must be restarted upon containers with independent changes access control • GUI updates require • Accessible to BizTalk additional tools (but they are orchestrations and other free) components & services via .NET API 11
  • 12. XML DB BRE SSOSecure X ? X Distributed X   Granular AccessControl X ?  Ease of Programming   ? Changes w/o Restart X ?  XVersioning X ?  X
  • 13. 1. ssomanage – – – ssomanage -createapps "MySchema.xml“2. BTSScnSSOApplicationConfig – BTSScnSSOApplicationConfig.exe -set AppName "ConfigProperties" "paramname" "paramvalue“ – – – 13
  • 14. 14
  • 15. • – – http://www.microsoft.com/en-au/download/details.aspx?id=14524• Caveat: – Pay attention to “Company Name” when installing – Must match domain in “contact” address 15
  • 16. • 16
  • 17. • 17
  • 18. • – – – – –
  • 19. SSO App Management
  • 20. • http://msdn.microsoft.com/en-us/library/aa745042(v=bts.10).aspx• http://seroter.wordpress.com/2010/07/06/updated-ways-to-store-data-in- biztalk-sso-store/• http://msdn.microsoft.com/en-us/library/ee251728(v=bts.10).aspx• http://seroter.wordpress.com/2007/09/21/biztalk-sso-configuration-data- storage-tool/• http://go.microsoft.com/fwlink/?linkid=99741• http://social.technet.microsoft.com/wiki/contents/articles/6494.biztalk- server-application-configuration-options.aspx 20
  • 21. 21