Book Image

BizTalk Server 2010 Cookbook

By : Steef-Jan Wiggers
Book Image

BizTalk Server 2010 Cookbook

By: Steef-Jan Wiggers

Overview of this book

BizTalk enables the integration and managment of automated business processes within or across organizational boundaries. To build a solid BizTalk solution, deploy a robust environment, and keep it running smoothly you sometimes need to broaden your spectrum, explore all possibilities, and choose the best solution for your purpose. By following the recipes in this book you will gain required knowledge and succeed in your implementation. With BizTalk Server 2010 Cookbook, you can leverage and hone your skills. More than 50 recipes will guide you in implementing BizTalk solutions, setting up a robust and well performing BizTalk environment, and choosing the right solution for monitoring it. As a developer or administrator you greatly benefit from taking these recipes to work. In this book a developer and administrator will see how to deploy, build, and maintain a BizTalk environment. How to apply patterns for robust orchestrations, messaging and testing. Administrators will learn to set up an environment using Microsoft best practices and tools to deliver a robust, performing and durable BizTalk environment. Besides setting up their environments administrators can also decide through a number of recipes how to monitor and maintain the environment. A developer can contribute to a healthy environment by implementing instrumentation in artefacts, applying well suited pattern(s) and testing the solutions built.
Table of Contents (17 chapters)
BizTalk Server 2010 Cookbook
Credits
About the Author
Acknowledgement
About the Reviewers
www.PacktPub.com
Preface
Index

Managing the SSO system


The BizTalk Server and another Microsoft Server product, Host Integration Server (HIS), both support an extension of the Windows Enterprise Security integration called Enterprise SSO. You will notice that Enterprise SSO is one of the BizTalk features during installation. Enterprise SSO in total is provided by a set of processes that run on network servers to provide the following services for heterogeneous systems:

  • User account and password mapping and caching

  • SSO to multiple Windows domains and host security systems

  • Password synchronization to simplify administration

The services mentioned earlier are mandatory for the BizTalk Server, even if you do not require them. The BizTalk Server uses the SSO to help secure information for the receive locations. When the Enterprise SSO service gets started, it retrieves the encryption key called master secret from the Master Secret Server. The Master Secret Server is another Enterprise SSO service that has an additional subservice that distributes and maintains the master secret. What the Enterprise SSO service does is that it caches the master secret after it has been retrieved. Every 60 seconds the service synchronizes the master secret with the Master Secret Server.

As you can see, the Master Secret Server plays an important role like MSDTC (refer to the Configuring MSDTC for multi-server BizTalk platforms recipe later in this chapter). Regardless of whether you will use the Enterprise SSO service for credential mapping or not, it has to be available in any kind of BizTalk configuration.

Getting ready

With the Microsoft Management Console (MMC) or command line ssomanage utility, you are able to manage the SSO system. With either of these tools, you can update the SSO database, adding, deleting, and managing applications, and administer user mappings. In the MMC, you will find all programs of your operating system. Refer to the following screenshot:

The command line ssomanage is available in C:\Program Files\Common files\Single Sign On. You will also find the ssoconfig command-line tool at the specified location, which is a utility to configure your password synchronization settings.

How to do it...

The following steps describe how to work with the ssomanage and ssoconfig commands:

  1. You can start ssomanage from the command line and with the command ssomanage -?. You will see all the functions, as shown in the following screenshot:

  2. You can change the global information in the SSO database, such as the Master Secret Server identification, the account names, and so on. This information can be updated by using the –update command providing the update file containing this information. Refer to the following command line:

    ssomanage –updatedb <update file>, where <update file> is the path and name of the file
    
  3. The update file (xml) will have the following format:

    <sso>
      <globalnfo>
        <ssoAdminAccount>YourDomain\Accountname</ssoAdminAccount>
        <ssoAffiliateAdminAccount> YourDomain \Accountname</ssoAffiliateAdminAccount>
        <secretServer>ServerName</secretServer>
        <auditDeletedApps>1000</auditDeletedApps>
        <auditDeletedMappings>1000</auditDeletedMappings>
        <auditCredentialLookups>1000</auditCredentialLookups>
        <ticketTimeout>2</ticketTimeout>
        <credCacheTimeout>60</credCacheTimeout>
      </globalInfo>
    </sso>
  4. The ssoconfig command can be started from the command line and with the command ssoconfig -?. You will see all the functions again, as shown in the following screenshot:

  5. One of the common commands used with ssoconfig is the restoreSecret for restoring the SSO master secret as a part of the recovery scenario. For restoring the SSO master secret, you should type the following command:

    ssoconfig –restoreSecret <backup file>
    

The backup file has the name of the master secret file that you backed up during configuration.

See How to Update the SSO database document at http://msdn.microsoft.com/en-us/library/aa559867.aspx.

How it works…

With the ssomanage functions, you can find out, for instance, which SSO server is used, what is the SSO administrator account, and if everything is correctly enabled. ssomanage also plays a role during clustering of the Master Secret Server (http://msdn.microsoft.com/en-us/library/aa561823.aspx ).

With the functions of ssoconfig, you can get to know where SSO database is created or upgraded, and also where the SSO master secret is restored in case it has become unavailable.

There's more...

Besides the ssoconfig command-line tool, now there is also an MMC Snap-in available and you are able to troubleshoot SSO with command-line tools. Finally, you will find high availability options for a multi-machine BizTalk environment on Microsoft TechNet.

See also

  • Refer to the Configuring MSDTC for multi-server BizTalk platforms recipe later in this chapter