Your SlideShare is downloading. ×
0
Using SSO forApplication Configuration   Daniel Toomey, Mexia Consulting     Senior Integration Specialist
S                        S                  OImages from Microsoft whitepaper: http://download.microsoft.com/download/c/6/...
S                        S                  OImages from Microsoft whitepaper: http://download.microsoft.com/download/c/6/...
••    Images from Microsoft whitepaper: http://download.microsoft.com/download/c/6/5/c65ff9fd-0ed7-47f6-91ab-000e6265ea5b/...
System A Credentials          System B Credentials   <Username/Password>           <Username/Password>App A Configuration ...
XML Configuration File           –           –                         6
XML Configuration File           –           –      PROS                       CONS      • Easy to implement        •   No...
Custom Database Table(s)            –            –     PROS                           CONS     • Distributed (single      ...
BizTalk Rules Engine (BRE)           –           –                             9
BizTalk Rules Engine (BRE)               –               –      PROS                                   CONS      • Distrib...
SSO Configuration Store             –             –      PROS                              CONS      • Distributed (single...
XML   DB   BRE   SSOSecure                       X    ?    X     Distributed                       X             Gran...
1. ssomanage – – –         ssomanage -createapps "MySchema.xml“2. BTSScnSSOApplicationConfig –     BTSScnSSOApplicationCon...
14
•    –    –        http://www.microsoft.com/en-au/download/details.aspx?id=14524• Caveat:    – Pay attention to “Company N...
•    16
•    17
•    –    –    –    –    –
SSO App Management
•    http://msdn.microsoft.com/en-us/library/aa745042(v=bts.10).aspx•    http://seroter.wordpress.com/2010/07/06/updated-w...
21
Upcoming SlideShare
Loading in...5
×

Using SSO for Application Configuration

1,722

Published on

There are many options for application configuration within BizTalk Server. This presentation shows how to use the OOTB features of Enterprise Single Sign-On to host secure, distributed configuration within customised application containers.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,722
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • EnterpriseSingle Sign-On Credential Management SystemStores and transmits encrypted user credentials across local and network boundariesConsists of a credential database, a master secret server, and one or more Single Sign-On servers.
  • Bundled with BizTalk ServerUsed for securely storing critical information such as secure configuration properties E.g. the proxy user ID, and proxy password for HTTP adapters
  • SSO also serves as a secure Configuration StoreDesigned to work in a distributed environmentUsed by the BizTalk adapters to store configuration data
  • Contains affiliate applications defined by an administratorAffiliate application = logical entity that represents a system or sub-system such as a host, back-end system, or line-of-business application to which you are connectingEach affiliate application has multiple user mappingsUsersAdministrators
  • XML Application Configuration Files:BTSNTSvc.exe.configBTSNTSvc64.exe.configPROS:Easy to implement (esp. on developer machines)Familiar &lt;appSettings&gt; methodology to all Web &amp; Windows Client application developersEasy to update configuration (although host restart req’d)CONS:No security (unless using custom encryption)Not distributed (must be applied to every BizTalk machine)Global (accessible / applicable to all BizTalk services &amp; applications)Changes require host(s) restart
  • XML Application Configuration Files:BTSNTSvc.exe.configBTSNTSvc64.exe.configPROS:Easy to implement (esp. on developer machines)Familiar &lt;appSettings&gt; methodology to all Web &amp; Windows Client application developersEasy to update configuration (although host restart req’d)CONS:No security (unless using custom encryption)Not distributed (must be applied to every BizTalk machine)Global (accessible / applicable to all BizTalk services &amp; applications)Changes require host(s) restart
  • Database:ADO.NETEntity FrameworkWCF-SQL Adapteretc.PROS:Distributed (single repository)Security &amp; access is independently configurableFamiliar development methodologyEasy to update configurationCONS:Not as easy to implement as XML file configurationRequires data access codeApplication segregation &amp; access control must be manually configuredPossible performance issue (unless caching is implemented)
  • BizTalk Rules Engine (BRE):Included with BizTalk ServerCondition is always “true” (e.g. 1 ==1)PROS:Distributed (single repository)Access is controlled by user accountAccessible to BizTalk orchestrations and other components &amp; services via .NET APINo service / host restart required for updatesApplication segregation via policySupports versioning! CONS:Unfamiliar developer environment to most programmersRequires Business Rules Composer to update
  • BizTalk Rules Engine (BRE):Included with BizTalk ServerCondition is always “true” (e.g. 1 ==1)PROS:Distributed (single repository)Access is controlled by user accountAccessible to BizTalk orchestrations and other components &amp; services via .NET APINo service / host restart required for updatesApplication segregation via policySupports versioning! CONS:Unfamiliar developer environment to most programmersRequires Business Rules Composer to update
  • SSO Configuration StoreIncluded with BizTalk ServerPROS:Distributed (single repository)Highly secure (built-in encryption)Accessible to BizTalk orchestrations and other components &amp; services via .NET API (sample available via MSDN)Segregated application containers with independent access controlCONS:Some programming effort requiredEnterprise SSO Services must be restarted upon changesGUI updates require additional tools (but they are free)
  • Transcript of "Using SSO for Application Configuration"

    1. 1. Using SSO forApplication Configuration Daniel Toomey, Mexia Consulting Senior Integration Specialist
    2. 2. S S OImages from Microsoft whitepaper: http://download.microsoft.com/download/c/6/5/c65ff9fd-0ed7-47f6-91ab-000e6265ea5b/enterprise_sso_whitepaper.doc 2
    3. 3. S S OImages from Microsoft whitepaper: http://download.microsoft.com/download/c/6/5/c65ff9fd-0ed7-47f6-91ab-000e6265ea5b/enterprise_sso_whitepaper.doc 3
    4. 4. •• Images from Microsoft whitepaper: http://download.microsoft.com/download/c/6/5/c65ff9fd-0ed7-47f6-91ab-000e6265ea5b/enterprise_sso_whitepaper.doc 4
    5. 5. System A Credentials System B Credentials <Username/Password> <Username/Password>App A Configuration App C Configuration<Key/Value>, <Key/Value>, … <Key/Value>, <Key/Value>, … 5
    6. 6. XML Configuration File – – 6
    7. 7. XML Configuration File – – PROS CONS • Easy to implement • No OOTB security • Familiar <appSettings> • Not distributed methodology • No application isolation (Web.config / • Host(s) restart req’d App.config) • Easy to update configuration 7
    8. 8. Custom Database Table(s) – – PROS CONS • Distributed (single • Not as easy to implement repository) as XML file configuration • Security & access is • Requires data access code independently configurable • Application segregation & • Familiar development access control must be methodology manually configured • Easy to update • Possible performance issue configuration (unless caching is implemented) 8
    9. 9. BizTalk Rules Engine (BRE) – – 9
    10. 10. BizTalk Rules Engine (BRE) – – PROS CONS • Distributed (single repository) • Unfamiliar developer environment • Access is controlled by user to most programmers account • Requires Business Rules • Accessible to BizTalk orchestrations Composer to update and other components & services via .NET API • No service / host restart required for updates • Application segregation via policy • Supports versioning! 10
    11. 11. SSO Configuration Store – – PROS CONS • Distributed (single repository) • Some programming effort • Highly secure (built-in required encryption) • Enterprise SSO Services • Segregated application must be restarted upon containers with independent changes access control • GUI updates require • Accessible to BizTalk additional tools (but they are orchestrations and other free) components & services via .NET API 11
    12. 12. XML DB BRE SSOSecure X ? X Distributed X   Granular AccessControl X ?  Ease of Programming   ? Changes w/o Restart X ?  XVersioning X ?  X
    13. 13. 1. ssomanage – – – ssomanage -createapps "MySchema.xml“2. BTSScnSSOApplicationConfig – BTSScnSSOApplicationConfig.exe -set AppName "ConfigProperties" "paramname" "paramvalue“ – – – 13
    14. 14. 14
    15. 15. • – – http://www.microsoft.com/en-au/download/details.aspx?id=14524• Caveat: – Pay attention to “Company Name” when installing – Must match domain in “contact” address 15
    16. 16. • 16
    17. 17. • 17
    18. 18. • – – – – –
    19. 19. SSO App Management
    20. 20. • http://msdn.microsoft.com/en-us/library/aa745042(v=bts.10).aspx• http://seroter.wordpress.com/2010/07/06/updated-ways-to-store-data-in- biztalk-sso-store/• http://msdn.microsoft.com/en-us/library/ee251728(v=bts.10).aspx• http://seroter.wordpress.com/2007/09/21/biztalk-sso-configuration-data- storage-tool/• http://go.microsoft.com/fwlink/?linkid=99741• http://social.technet.microsoft.com/wiki/contents/articles/6494.biztalk- server-application-configuration-options.aspx 20
    21. 21. 21
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×