BizTalk Server is a widely used integration product in the market. It comes with variety of inbuilt features to help organisations ease their integration challenges. Once the BizTalk applications are built and deployed into production environments (or any controlled environments like UAT, SIT etc), BizTalk administrators and support people need to actively manage them on a day to day basis. On a regular basis they will perform activities like keeping an eye on the instances suspending, state of the receive locations, send ports, host instances etc, perform some activities on the artifacts like starting host instance, stopping send port etc. BizTalk server by default comes with a tool called "BizTalk Administration Console" (lets call it for short as BAC) to perform all these operational activities. Even though BAC is very powerful, it possess lot of gaps. First it's not web based, the operational security model is very week, these are few of them. In this section we will see how BizTalk360 helps BizTalk Server customers to address all the challenges around biztalk security and audit, for their BizTalk environment(s).
Challenges faced by BizTalk Server administrators
There are potential gaps in the BizTalk Server Administration Console (BAC) when it comes to managing BizTalk server environments.
1. Advanced authorization for all users/groups
In BAC, operational security is controlled by 2 NT groups – BizTalk Server Administrators Group and BizTalk Server Operators Group. The BizTalk operator's group is designed to put support people with restricted privileges. In reality BizTalk operators group is not functional due to it's hard-coded security restrictions. This will leave everyone in your BizTalk support team to be part of the BizTalk administrators group, having more than required permission. BizTalk360 address this problem by giving users ability to fine tune their BizTalk security requirements.
2. BizTalk Server Administration Console — All or Nothing
There is no capability to restrict users to view only specific portions of the environment (example: access to limited set of applications, read only access to users, hiding infrastructure details like message boxes etc) . If an user gets access to BizTalk Server Administration Console, they will be able to see all the sections in the environment.
3. Lack of Governance/Auditing
In the default BizTalk Admin Console there is no concept of operational auditing. The support person can perform any task using BAC and there won't be any trace. Example: A user can start a send port, or stop a business process orchestration or a processing host instance. None of these activities will be audited. BizTalk360 solves this problem by auditing each activity, giving a clear indication of "Who has done What" in the environment.
4. Presence of skilled BizTalk people
To support the BizTalk environments in an organization, administrators are in need of experienced staff with BizTalk knowledge. It is practically impossible to bring anyone without prior BizTalk knowledge to support the BizTalk environments. Also the BAC is way too powerful for a non-BizTalk user to handle and manage the environments. BizTalk360 solves this problem by providing various productivity tools, dashboards, controlled access etc.
5. Multiple tools for day-to-day operations
The support personnel responsible for supporting the BizTalk server environment, has to deal with multiple tools for their day-to-day operations. For ex., In addition to BAC, they require SQL Management Studio, BAM Portal, ESB Portal, Message Box Viewer, BizTalk Monitoring Console (SCOM, HPOM, and so on), Event viewer etc., to manage the operations. The problem with this is that they are forced to set up and manage security at different places. BizTalk360 consolidates all these tools and provides security at a single place.
6. Lack of sharing ability between business units
The current BAC setup does not support shared usage of environments. For instance, if the environment has 20 applications, it is not possible to allocate, say, 5 applications for group 1, another 5 applications for group 2 and so on. If a particular group gets access to the admin console, they will be able to see all the applications within the environment. Therefore sharing the environment between different business units is a complex task. Also, once a critical application is deployed in the environment, organization resist themselves from deploying anything else into the same environment even if the environment has the capacity to accommodate. This is a major challenge faced by users using BAC for their day-to-day operations.
How does BizTalk360 solve the above problems?
BizTalk360 solves the above mentioned security aspects in BizTalk environments by providing the following functionalities:
- Customized User Access Policy
- Operational Governance and Auditing
- Security in one single place
- Remove direct RDP access to the environment and SQL server
BizTalk360 addresses the security problems of BizTalk Server Administration Console by offering a rich and powerful user access policy management system to support the BizTalk environment(s). The administrators can set up fine grained authentication and authorization policies for both individual users and NT groups. By doing this, you can make sure only authorized personnel can perform a specific task in the environment.
BizTalk360 offers additional control to administrators by allowing them to set up audit trail of the actions performed by users in the environment. By setting up governance/auditing in the BizTalk environment, you can easily find out who did what and take a corrective action. In BizTalk360, auditing capability is available for the three major areas of BizTalk environment: all application level activities, all host instance related activities, and all service instance related activities.
Security in one place
BizTalk360 encompasses the different tools that administrators use on a day-to-day basis and brings them "under-the-hood". This addresses the security challenges faced by administrators as they can manage security at a single place.