Using SSO for Application Configuration

  • 1,454 views
Uploaded on

There are many options for application configuration within BizTalk Server. This presentation shows how to use the OOTB features of Enterprise Single Sign-On to host secure, distributed configuration …

There are many options for application configuration within BizTalk Server. This presentation shows how to use the OOTB features of Enterprise Single Sign-On to host secure, distributed configuration within customised application containers.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,454
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
13
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • EnterpriseSingle Sign-On Credential Management SystemStores and transmits encrypted user credentials across local and network boundariesConsists of a credential database, a master secret server, and one or more Single Sign-On servers.
  • Bundled with BizTalk ServerUsed for securely storing critical information such as secure configuration properties E.g. the proxy user ID, and proxy password for HTTP adapters
  • SSO also serves as a secure Configuration StoreDesigned to work in a distributed environmentUsed by the BizTalk adapters to store configuration data
  • Contains affiliate applications defined by an administratorAffiliate application = logical entity that represents a system or sub-system such as a host, back-end system, or line-of-business application to which you are connectingEach affiliate application has multiple user mappingsUsersAdministrators
  • XML Application Configuration Files:BTSNTSvc.exe.configBTSNTSvc64.exe.configPROS:Easy to implement (esp. on developer machines)Familiar <appSettings> methodology to all Web & Windows Client application developersEasy to update configuration (although host restart req’d)CONS:No security (unless using custom encryption)Not distributed (must be applied to every BizTalk machine)Global (accessible / applicable to all BizTalk services & applications)Changes require host(s) restart
  • XML Application Configuration Files:BTSNTSvc.exe.configBTSNTSvc64.exe.configPROS:Easy to implement (esp. on developer machines)Familiar <appSettings> methodology to all Web & Windows Client application developersEasy to update configuration (although host restart req’d)CONS:No security (unless using custom encryption)Not distributed (must be applied to every BizTalk machine)Global (accessible / applicable to all BizTalk services & applications)Changes require host(s) restart
  • Database:ADO.NETEntity FrameworkWCF-SQL Adapteretc.PROS:Distributed (single repository)Security & access is independently configurableFamiliar development methodologyEasy to update configurationCONS:Not as easy to implement as XML file configurationRequires data access codeApplication segregation & access control must be manually configuredPossible performance issue (unless caching is implemented)
  • BizTalk Rules Engine (BRE):Included with BizTalk ServerCondition is always “true” (e.g. 1 ==1)PROS:Distributed (single repository)Access is controlled by user accountAccessible to BizTalk orchestrations and other components & services via .NET APINo service / host restart required for updatesApplication segregation via policySupports versioning! CONS:Unfamiliar developer environment to most programmersRequires Business Rules Composer to update
  • BizTalk Rules Engine (BRE):Included with BizTalk ServerCondition is always “true” (e.g. 1 ==1)PROS:Distributed (single repository)Access is controlled by user accountAccessible to BizTalk orchestrations and other components & services via .NET APINo service / host restart required for updatesApplication segregation via policySupports versioning! CONS:Unfamiliar developer environment to most programmersRequires Business Rules Composer to update
  • SSO Configuration StoreIncluded with BizTalk ServerPROS:Distributed (single repository)Highly secure (built-in encryption)Accessible to BizTalk orchestrations and other components & services via .NET API (sample available via MSDN)Segregated application containers with independent access controlCONS:Some programming effort requiredEnterprise SSO Services must be restarted upon changesGUI updates require additional tools (but they are free)

Transcript

  • 1. Using SSO forApplication Configuration Daniel Toomey, Mexia Consulting Senior Integration Specialist
  • 2. S S OImages from Microsoft whitepaper: http://download.microsoft.com/download/c/6/5/c65ff9fd-0ed7-47f6-91ab-000e6265ea5b/enterprise_sso_whitepaper.doc 2
  • 3. S S OImages from Microsoft whitepaper: http://download.microsoft.com/download/c/6/5/c65ff9fd-0ed7-47f6-91ab-000e6265ea5b/enterprise_sso_whitepaper.doc 3
  • 4. •• Images from Microsoft whitepaper: http://download.microsoft.com/download/c/6/5/c65ff9fd-0ed7-47f6-91ab-000e6265ea5b/enterprise_sso_whitepaper.doc 4
  • 5. System A Credentials System B Credentials <Username/Password> <Username/Password>App A Configuration App C Configuration<Key/Value>, <Key/Value>, … <Key/Value>, <Key/Value>, … 5
  • 6. XML Configuration File – – 6
  • 7. XML Configuration File – – PROS CONS • Easy to implement • No OOTB security • Familiar <appSettings> • Not distributed methodology • No application isolation (Web.config / • Host(s) restart req’d App.config) • Easy to update configuration 7
  • 8. Custom Database Table(s) – – PROS CONS • Distributed (single • Not as easy to implement repository) as XML file configuration • Security & access is • Requires data access code independently configurable • Application segregation & • Familiar development access control must be methodology manually configured • Easy to update • Possible performance issue configuration (unless caching is implemented) 8
  • 9. BizTalk Rules Engine (BRE) – – 9
  • 10. BizTalk Rules Engine (BRE) – – PROS CONS • Distributed (single repository) • Unfamiliar developer environment • Access is controlled by user to most programmers account • Requires Business Rules • Accessible to BizTalk orchestrations Composer to update and other components & services via .NET API • No service / host restart required for updates • Application segregation via policy • Supports versioning! 10
  • 11. SSO Configuration Store – – PROS CONS • Distributed (single repository) • Some programming effort • Highly secure (built-in required encryption) • Enterprise SSO Services • Segregated application must be restarted upon containers with independent changes access control • GUI updates require • Accessible to BizTalk additional tools (but they are orchestrations and other free) components & services via .NET API 11
  • 12. XML DB BRE SSOSecure X ? X Distributed X   Granular AccessControl X ?  Ease of Programming   ? Changes w/o Restart X ?  XVersioning X ?  X
  • 13. 1. ssomanage – – – ssomanage -createapps "MySchema.xml“2. BTSScnSSOApplicationConfig – BTSScnSSOApplicationConfig.exe -set AppName "ConfigProperties" "paramname" "paramvalue“ – – – 13
  • 14. 14
  • 15. • – – http://www.microsoft.com/en-au/download/details.aspx?id=14524• Caveat: – Pay attention to “Company Name” when installing – Must match domain in “contact” address 15
  • 16. • 16
  • 17. • 17
  • 18. • – – – – –
  • 19. SSO App Management
  • 20. • http://msdn.microsoft.com/en-us/library/aa745042(v=bts.10).aspx• http://seroter.wordpress.com/2010/07/06/updated-ways-to-store-data-in- biztalk-sso-store/• http://msdn.microsoft.com/en-us/library/ee251728(v=bts.10).aspx• http://seroter.wordpress.com/2007/09/21/biztalk-sso-configuration-data- storage-tool/• http://go.microsoft.com/fwlink/?linkid=99741• http://social.technet.microsoft.com/wiki/contents/articles/6494.biztalk- server-application-configuration-options.aspx 20
  • 21. 21