using sso for application configuration
DESCRIPTION
There are many options for application configuration within BizTalk Server. This presentation shows how to use the OOTB features of Enterprise Single Sign-On to host secure, distributed configuration within customised application containers.TRANSCRIPT
BizTalk Server 2010Using SSO for Application Configuration
Daniel Toomey, Mexia ConsultingSenior Integration Specialist
What is Enterprise Single Sign-On?
2
Images from Microsoft whitepaper: http://download.microsoft.com/download/c/6/5/c65ff9fd-0ed7-47f6-91ab-000e6265ea5b/enterprise_sso_whitepaper.doc
What is Enterprise Single Sign-On?
3
Images from Microsoft whitepaper: http://download.microsoft.com/download/c/6/5/c65ff9fd-0ed7-47f6-91ab-000e6265ea5b/enterprise_sso_whitepaper.doc
What does this have to do with App Config?• Distributed• Secure
4
Images from Microsoft whitepaper: http://download.microsoft.com/download/c/6/5/c65ff9fd-0ed7-47f6-91ab-000e6265ea5b/enterprise_sso_whitepaper.doc
?
SSO Affiliate Applications
System A Credentials
<Username/Password>
System B Credentials
<Username/Password>
App A Configuration
<Key/Value>, <Key/Value>, …
App C Configuration
<Key/Value>, <Key/Value>, …
5
Application Configuration Options in BizTalk
6
XML Configuration File
– BTSNTSvc.exe.config– BTSNTSvc64.exe.config
PROS• Easy to implement• Familiar
<appSettings> methodology (Web.config / App.config)
• Easy to update configuration
CONS• No OOTB security• Not distributed• No application
isolation• Host(s) restart req’d
Application Configuration Options in BizTalk
7
XML Configuration File
– BTSNTSvc.exe.config– BTSNTSvc64.exe.config
PROS• Distributed (single
repository)• Security & access is
independently configurable
• Familiar development methodology
• Easy to update configuration
CONS• Not as easy to
implement as XML file configuration
• Requires data access code
• Application segregation & access control must be manually configured
• Possible performance issue (unless caching is implemented)
Application Configuration Options in BizTalk
8
Custom Database Table(s)
– ADO.NET, Entity Framework– WCF SQL Adapter
Application Configuration Options in BizTalk
9
BizTalk Rules Engine (BRE)
– Included with BizTalk Server– Condition is always “true” (e.g. 1 ==1)
PROS• Distributed (single repository)• Access is controlled by user account
• Accessible to BizTalk orchestrations and other components & services via .NET API
• No service / host restart required for updates
• Application segregation via policy
• Supports versioning!
CONS• Unfamiliar developer environment to most programmers
• Requires Business Rules Composer to update
Application Configuration Options in BizTalk
10
BizTalk Rules Engine (BRE)
– Included with BizTalk Server– Condition is always “true” (e.g. 1 ==1)
PROS• Distributed (single
repository)• Highly secure (built-in
encryption)• Segregated application
containers with independent access control
• Accessible to BizTalk orchestrations and other components & services via .NET API
CONS• Some programming effort
required• Enterprise SSO Services
must be restarted upon changes
• GUI updates require additional tools (but they are free)
Application Configuration Options in BizTalk
11
SSO Configuration Store
– Included with BizTalk Server– The subject of this talk!!
XML DB BRE SSO
Secure
Distributed
Granular Access Control
Ease of Programming
Changes w/o Restart
Versioning
XML DB BRE SSO
Secure XDistributed XGranular Access Control XEase of Programming Changes w/o Restart XVersioning X
XML DB BRE SSO
Secure X ?Distributed X Granular Access Control X ?Ease of Programming Changes w/o Restart X ?Versioning X ?
XML DB BRE SSO
Secure X ? XDistributed X Granular Access Control X ? Ease of Programming ?Changes w/o Restart X ? Versioning X ?
Options at a Glance
XML DB BRE SSO
Secure X ? X Distributed X Granular Access Control X ? Ease of Programming ? Changes w/o Restart X ? XVersioning X ? X
What’s Out of the Box?
1. ssomanage – command line utility– Create Apps– List Apps– Delete Apps
ssomanage -createapps "MySchema.xml“
2. BTSScnSSOApplicationConfig– Sets config values:
BTSScnSSOApplicationConfig.exe -set AppName "ConfigProperties" "paramname" "paramvalue“
– Available in the Developer installation files:– <BTS2010 Installation Files Path>\Developer Edition\BT
Server\MSI\Program Files\SDK\Scenarios\Common\SSOApplicationConfig
– Need to run “Setup.bat” to generate the EXE in the bin folder13
Example XML Definition File
14
SSO Application Configuration
• MMC Snap-In– GUI allows you to do all of the above– Separate download from Microsoft:
http://www.microsoft.com/en-au/download/details.aspx?id=14524
• Caveat:– Pay attention to “Company Name” when installing– Must match domain in “contact” address
15
.NET Programming API
• Sample class from MSDN:
16
.NET Programming API
• Sample class from MSDN:
17
Demo: App Mgmt Using SSO
• In this demonstration, you will see how to…– Create an application using ssomanage– Add config values using command line utility– Install the SSO Application Configuration MMC Snap-In– Edit & add config values using MMC Snap-In– Create & delete apps using MMC Snap-In
Demo
SSO App Management
Resources
• Understanding Enterprise Single Sign-Onhttp://msdn.microsoft.com/en-us/library/aa745042(v=bts.10).aspx
• Updated Ways to Store Data in BizTalk SSO Storehttp://seroter.wordpress.com/2010/07/06/updated-ways-to-store-data-in-biztalk-sso-store/
• SSO as a Configuration Storehttp://msdn.microsoft.com/en-us/library/ee251728(v=bts.10).aspx
• BizTalk SSO Configuration Data Storage Toolhttp://seroter.wordpress.com/2007/09/21/biztalk-sso-configuration-data-storage-tool/
• Sample Application from MSDNhttp://go.microsoft.com/fwlink/?linkid=99741
• BizTalk Server: Application Configuration Optionshttp://social.technet.microsoft.com/wiki/contents/articles/6494.biztalk-server-application-configuration-options.aspx
20
Brisbane BizTalk User Group
21
www.briztalk.org
https://www.facebook.com/BrisbaneBizTalkUserGroup@briztalk