Using SSO for Application Configuration
•Als PPTX, PDF herunterladen•
0 gefällt mir•2,701 views
There are many options for application configuration within BizTalk Server. This presentation shows how to use the OOTB features of Enterprise Single Sign-On to host secure, distributed configuration within customised application containers.
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (18)
Ähnlich wie Using SSO for Application Configuration
Ähnlich wie Using SSO for Application Configuration (20)
Mehr von Daniel Toomey
Mehr von Daniel Toomey (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Using SSO for Application Configuration
- 1. Using SSO for Application Configuration Daniel Toomey, Mexia Consulting Senior Integration Specialist
- 2. S S O Images from Microsoft whitepaper: http://download.microsoft.com/download/c/6/5/c65ff9fd-0ed7-47f6-91ab-000e6265ea5b/enterprise_sso_whitepaper.doc 2
- 3. S S O Images from Microsoft whitepaper: http://download.microsoft.com/download/c/6/5/c65ff9fd-0ed7-47f6-91ab-000e6265ea5b/enterprise_sso_whitepaper.doc 3
- 4. • • Images from Microsoft whitepaper: http://download.microsoft.com/download/c/6/5/c65ff9fd-0ed7-47f6-91ab-000e6265ea5b/enterprise_sso_whitepaper.doc 4
- 5. System A Credentials System B Credentials <Username/Password> <Username/Password> App A Configuration App C Configuration <Key/Value>, <Key/Value>, … <Key/Value>, <Key/Value>, … 5
- 6. XML Configuration File – – 6
- 7. XML Configuration File – – PROS CONS • Easy to implement • No OOTB security • Familiar <appSettings> • Not distributed methodology • No application isolation (Web.config / • Host(s) restart req’d App.config) • Easy to update configuration 7
- 8. Custom Database Table(s) – – PROS CONS • Distributed (single • Not as easy to implement repository) as XML file configuration • Security & access is • Requires data access code independently configurable • Application segregation & • Familiar development access control must be methodology manually configured • Easy to update • Possible performance issue configuration (unless caching is implemented) 8
- 9. BizTalk Rules Engine (BRE) – – 9
- 10. BizTalk Rules Engine (BRE) – – PROS CONS • Distributed (single repository) • Unfamiliar developer environment • Access is controlled by user to most programmers account • Requires Business Rules • Accessible to BizTalk orchestrations Composer to update and other components & services via .NET API • No service / host restart required for updates • Application segregation via policy • Supports versioning! 10
- 11. SSO Configuration Store – – PROS CONS • Distributed (single repository) • Some programming effort • Highly secure (built-in required encryption) • Enterprise SSO Services • Segregated application must be restarted upon containers with independent changes access control • GUI updates require • Accessible to BizTalk additional tools (but they are orchestrations and other free) components & services via .NET API 11
- 12. XML DB BRE SSO Secure X ? X Distributed X Granular Access Control X ? Ease of Programming ? Changes w/o Restart X ? X Versioning X ? X
- 13. 1. ssomanage – – – ssomanage -createapps "MySchema.xml“ 2. BTSScnSSOApplicationConfig – BTSScnSSOApplicationConfig.exe -set AppName "ConfigProperties" "paramname" "paramvalue“ – – – 13
- 14. 14
- 15. • – – http://www.microsoft.com/en-au/download/details.aspx?id=14524 • Caveat: – Pay attention to “Company Name” when installing – Must match domain in “contact” address 15
- 16. • 16
- 17. • 17
- 18. • – – – – –
- 20. • http://msdn.microsoft.com/en-us/library/aa745042(v=bts.10).aspx • http://seroter.wordpress.com/2010/07/06/updated-ways-to-store-data-in- biztalk-sso-store/ • http://msdn.microsoft.com/en-us/library/ee251728(v=bts.10).aspx • http://seroter.wordpress.com/2007/09/21/biztalk-sso-configuration-data- storage-tool/ • http://go.microsoft.com/fwlink/?linkid=99741 • http://social.technet.microsoft.com/wiki/contents/articles/6494.biztalk- server-application-configuration-options.aspx 20
- 21. 21
Hinweis der Redaktion
- EnterpriseSingle Sign-On Credential Management SystemStores and transmits encrypted user credentials across local and network boundariesConsists of a credential database, a master secret server, and one or more Single Sign-On servers.
- Bundled with BizTalk ServerUsed for securely storing critical information such as secure configuration properties E.g. the proxy user ID, and proxy password for HTTP adapters
- SSO also serves as a secure Configuration StoreDesigned to work in a distributed environmentUsed by the BizTalk adapters to store configuration data
- Contains affiliate applications defined by an administratorAffiliate application = logical entity that represents a system or sub-system such as a host, back-end system, or line-of-business application to which you are connectingEach affiliate application has multiple user mappingsUsersAdministrators
- XML Application Configuration Files:BTSNTSvc.exe.configBTSNTSvc64.exe.configPROS:Easy to implement (esp. on developer machines)Familiar <appSettings> methodology to all Web & Windows Client application developersEasy to update configuration (although host restart req’d)CONS:No security (unless using custom encryption)Not distributed (must be applied to every BizTalk machine)Global (accessible / applicable to all BizTalk services & applications)Changes require host(s) restart
- XML Application Configuration Files:BTSNTSvc.exe.configBTSNTSvc64.exe.configPROS:Easy to implement (esp. on developer machines)Familiar <appSettings> methodology to all Web & Windows Client application developersEasy to update configuration (although host restart req’d)CONS:No security (unless using custom encryption)Not distributed (must be applied to every BizTalk machine)Global (accessible / applicable to all BizTalk services & applications)Changes require host(s) restart
- Database:ADO.NETEntity FrameworkWCF-SQL Adapteretc.PROS:Distributed (single repository)Security & access is independently configurableFamiliar development methodologyEasy to update configurationCONS:Not as easy to implement as XML file configurationRequires data access codeApplication segregation & access control must be manually configuredPossible performance issue (unless caching is implemented)
- BizTalk Rules Engine (BRE):Included with BizTalk ServerCondition is always “true” (e.g. 1 ==1)PROS:Distributed (single repository)Access is controlled by user accountAccessible to BizTalk orchestrations and other components & services via .NET APINo service / host restart required for updatesApplication segregation via policySupports versioning! CONS:Unfamiliar developer environment to most programmersRequires Business Rules Composer to update
- BizTalk Rules Engine (BRE):Included with BizTalk ServerCondition is always “true” (e.g. 1 ==1)PROS:Distributed (single repository)Access is controlled by user accountAccessible to BizTalk orchestrations and other components & services via .NET APINo service / host restart required for updatesApplication segregation via policySupports versioning! CONS:Unfamiliar developer environment to most programmersRequires Business Rules Composer to update
- SSO Configuration StoreIncluded with BizTalk ServerPROS:Distributed (single repository)Highly secure (built-in encryption)Accessible to BizTalk orchestrations and other components & services via .NET API (sample available via MSDN)Segregated application containers with independent access controlCONS:Some programming effort requiredEnterprise SSO Services must be restarted upon changesGUI updates require additional tools (but they are free)