Using SSO for Application Configuration

1,925
-1

Published on

There are many options for application configuration within BizTalk Server. This presentation shows how to use the OOTB features of Enterprise Single Sign-On to host secure, distributed configuration within customised application containers.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,925
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
19
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • EnterpriseSingle Sign-On Credential Management SystemStores and transmits encrypted user credentials across local and network boundariesConsists of a credential database, a master secret server, and one or more Single Sign-On servers.
  • Bundled with BizTalk ServerUsed for securely storing critical information such as secure configuration properties E.g. the proxy user ID, and proxy password for HTTP adapters
  • SSO also serves as a secure Configuration StoreDesigned to work in a distributed environmentUsed by the BizTalk adapters to store configuration data
  • Contains affiliate applications defined by an administratorAffiliate application = logical entity that represents a system or sub-system such as a host, back-end system, or line-of-business application to which you are connectingEach affiliate application has multiple user mappingsUsersAdministrators
  • XML Application Configuration Files:BTSNTSvc.exe.configBTSNTSvc64.exe.configPROS:Easy to implement (esp. on developer machines)Familiar <appSettings> methodology to all Web & Windows Client application developersEasy to update configuration (although host restart req’d)CONS:No security (unless using custom encryption)Not distributed (must be applied to every BizTalk machine)Global (accessible / applicable to all BizTalk services & applications)Changes require host(s) restart
  • XML Application Configuration Files:BTSNTSvc.exe.configBTSNTSvc64.exe.configPROS:Easy to implement (esp. on developer machines)Familiar <appSettings> methodology to all Web & Windows Client application developersEasy to update configuration (although host restart req’d)CONS:No security (unless using custom encryption)Not distributed (must be applied to every BizTalk machine)Global (accessible / applicable to all BizTalk services & applications)Changes require host(s) restart
  • Database:ADO.NETEntity FrameworkWCF-SQL Adapteretc.PROS:Distributed (single repository)Security & access is independently configurableFamiliar development methodologyEasy to update configurationCONS:Not as easy to implement as XML file configurationRequires data access codeApplication segregation & access control must be manually configuredPossible performance issue (unless caching is implemented)
  • BizTalk Rules Engine (BRE):Included with BizTalk ServerCondition is always “true” (e.g. 1 ==1)PROS:Distributed (single repository)Access is controlled by user accountAccessible to BizTalk orchestrations and other components & services via .NET APINo service / host restart required for updatesApplication segregation via policySupports versioning! CONS:Unfamiliar developer environment to most programmersRequires Business Rules Composer to update
  • BizTalk Rules Engine (BRE):Included with BizTalk ServerCondition is always “true” (e.g. 1 ==1)PROS:Distributed (single repository)Access is controlled by user accountAccessible to BizTalk orchestrations and other components & services via .NET APINo service / host restart required for updatesApplication segregation via policySupports versioning! CONS:Unfamiliar developer environment to most programmersRequires Business Rules Composer to update
  • SSO Configuration StoreIncluded with BizTalk ServerPROS:Distributed (single repository)Highly secure (built-in encryption)Accessible to BizTalk orchestrations and other components & services via .NET API (sample available via MSDN)Segregated application containers with independent access controlCONS:Some programming effort requiredEnterprise SSO Services must be restarted upon changesGUI updates require additional tools (but they are free)
  • Using SSO for Application Configuration

    1. 1. Using SSO forApplication Configuration Daniel Toomey, Mexia Consulting Senior Integration Specialist
    2. 2. S S OImages from Microsoft whitepaper: http://download.microsoft.com/download/c/6/5/c65ff9fd-0ed7-47f6-91ab-000e6265ea5b/enterprise_sso_whitepaper.doc 2
    3. 3. S S OImages from Microsoft whitepaper: http://download.microsoft.com/download/c/6/5/c65ff9fd-0ed7-47f6-91ab-000e6265ea5b/enterprise_sso_whitepaper.doc 3
    4. 4. •• Images from Microsoft whitepaper: http://download.microsoft.com/download/c/6/5/c65ff9fd-0ed7-47f6-91ab-000e6265ea5b/enterprise_sso_whitepaper.doc 4
    5. 5. System A Credentials System B Credentials <Username/Password> <Username/Password>App A Configuration App C Configuration<Key/Value>, <Key/Value>, … <Key/Value>, <Key/Value>, … 5
    6. 6. XML Configuration File – – 6
    7. 7. XML Configuration File – – PROS CONS • Easy to implement • No OOTB security • Familiar <appSettings> • Not distributed methodology • No application isolation (Web.config / • Host(s) restart req’d App.config) • Easy to update configuration 7
    8. 8. Custom Database Table(s) – – PROS CONS • Distributed (single • Not as easy to implement repository) as XML file configuration • Security & access is • Requires data access code independently configurable • Application segregation & • Familiar development access control must be methodology manually configured • Easy to update • Possible performance issue configuration (unless caching is implemented) 8
    9. 9. BizTalk Rules Engine (BRE) – – 9
    10. 10. BizTalk Rules Engine (BRE) – – PROS CONS • Distributed (single repository) • Unfamiliar developer environment • Access is controlled by user to most programmers account • Requires Business Rules • Accessible to BizTalk orchestrations Composer to update and other components & services via .NET API • No service / host restart required for updates • Application segregation via policy • Supports versioning! 10
    11. 11. SSO Configuration Store – – PROS CONS • Distributed (single repository) • Some programming effort • Highly secure (built-in required encryption) • Enterprise SSO Services • Segregated application must be restarted upon containers with independent changes access control • GUI updates require • Accessible to BizTalk additional tools (but they are orchestrations and other free) components & services via .NET API 11
    12. 12. XML DB BRE SSOSecure X ? X Distributed X   Granular AccessControl X ?  Ease of Programming   ? Changes w/o Restart X ?  XVersioning X ?  X
    13. 13. 1. ssomanage – – – ssomanage -createapps "MySchema.xml“2. BTSScnSSOApplicationConfig – BTSScnSSOApplicationConfig.exe -set AppName "ConfigProperties" "paramname" "paramvalue“ – – – 13
    14. 14. 14
    15. 15. • – – http://www.microsoft.com/en-au/download/details.aspx?id=14524• Caveat: – Pay attention to “Company Name” when installing – Must match domain in “contact” address 15
    16. 16. • 16
    17. 17. • 17
    18. 18. • – – – – –
    19. 19. SSO App Management
    20. 20. • http://msdn.microsoft.com/en-us/library/aa745042(v=bts.10).aspx• http://seroter.wordpress.com/2010/07/06/updated-ways-to-store-data-in- biztalk-sso-store/• http://msdn.microsoft.com/en-us/library/ee251728(v=bts.10).aspx• http://seroter.wordpress.com/2007/09/21/biztalk-sso-configuration-data- storage-tool/• http://go.microsoft.com/fwlink/?linkid=99741• http://social.technet.microsoft.com/wiki/contents/articles/6494.biztalk- server-application-configuration-options.aspx 20
    21. 21. 21
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×