BizTalk360 for Managed Services

We are super excited to bring this new feature in version 7.1 of BizTalk360 called "BizTalk360 for managed services". One of the key users of BizTalk360 is consulting companies that specializes (experts) in BizTalk server implementation and support. Typically the consulting companies will manage multiple customer BizTalk environments across various locations. Currently they manage their […]

The post BizTalk360 for Managed Services appeared first on BizTalk360 Blog.

Blog Post by: Saravana Kumar

Azure: Notorious 9 Cloud Computing Top Threats in 2013

My take and some answers on ithttp://www.cloudsecurityalliance.org/topthreats/

Welcome back folks to a beautiful 2014 and I had an interesting one while going through
a Cloud Solution Design
I came across this document The Notorious Nine Cloud Computing Top Threats
in 2013
and I thought I’d talk through these concerns one by one.

  1. Data Breaches –  this issue can occur on many levels and I don’t
    think it’s just limited to ’Cloud’ per se – it could be your insurance company down
    the road,

    the doctor, dentist etc. and we’ve all seen those TV shows where the ’hustlers’ go
    through someone’s trash to pull out key gems of information to unlock the scam.

    Interestingly in the paper, the university of North Carolina Chapel Hill came up with
    a technique to steal data from a VM running as one of many within the same host, with
    the ’unis VM’ able
    to steal data being transmitted through the other VMs. This was performed through
    a combination of monitoring various known factors of the host,

    such as thread scheduling, L1 cache and power. The paper highlighted that currently
    the virtualisation technologies need to do more about isolation.

  2. Data Loss – Cloud and non-cloud users fall foul of this with Cloud
    typically being a target for hackers. Geo-Replication, backups and Government policies
    on data and it’s storage all help here.
    Encryption could be something that you may want to employ to ensure some protection
    over the copies of data now present.
  3. Account Hijacking – gaining unlawful access to account details such
    as user/pass combination. Amazon in 2010 was foul to a cross site scripting bug that
    allowed 3rd parties to get access
    to user/pass credentials. With the explosion on the Cloud keeping your credentials
    safe becomes that much more important. Also changing passwords frequently would be
    a good habit
    to get into.

    The other interesting point here to note is that if your account is indeed hijacked
    then it maybe sometime until the hackers exploit this.

    Gaining access to someone’s account doesn’t have to be a hi-tech solution either.
    As in the movie Sneakers all that was required was a dinner conversation for the voice
    password
    ”My voice is my passport”

  4. Insecure APIs – Cloud based APIs form the under pinning of many software
    and services available today. Essentially ensure these APIs are secure to the best
    possible effort and

    while they may not be compromised, are they able to stand DDOS attacks for e.g.
  5. Denial of Service – With the advent of the Cloud and cloud services,
    these attacks could for e.g. hit your Cloud based website causing it to be unresponsive,
    but you’re still being
    billed for the usage. Also within Microsoft Azure web site configurations we can now
    add DDOS settings to indicate when the underlying load balancer should throttle the
    requests coming
    from a particular rogue client.
  6. Malicious Insiders – the focus here is both internal, hosted and
    Cloud based solutions. Policies and procedures are more important within the Cloud
    space – what procedures does your

    provider follow? Who can access the encryption keys? where are they stored? etc.
  7. Abuse of Cloud Services – The Cloud possesses many servers, elastic
    scale and dynamic compute power, making it the perfect platform
    for a bot-net to spin up in and get to work. Azure limits default subscriptions to
    20 cores, more are available upon request.
  8. Insufficient Due Diligence – Don’t jump into the Cloud platform without
    examining the offer. Many hosting providers have added the word ’Cloud’ to the front
    of their names as in ’Cloud Hosting Providers’ with the underlying process and infrastructure
    the same, with the same vulnerabilities.

    In this space Azure has many ratified processes that get re-certified each year with
    some of these processes available to military grade specification.

    Cloud is big business for Microsoft and getting things like this wrong would be a
    true achilles heel.

  9. Shared Technology Issues – as Cloud providers share underlying technologies
    from CPUs, Services, Storage and other services. If these are exposed then so is your
    platform potentially.

Talk to you soon.

Mick.

Blog Post by: Mick Badran

Export BizTalk Server MSI packages directly from Visual Studio using BtsMsiTask

Getting a full Continuous Integration (CI) process working with BizTalk Server is hard! One of the big advantages in a working CI process is to always have tested and verified artifacts from the build server to deploy into test and production. Packaging these build resources into a deployable unit is however notorious hard in BizTalk […]
Blog Post by: Richard

Export BizTalk Server MSI packages directly from Visual Studio using BtsMsiTask

Export BizTalk Server MSI packages directly from Visual Studio using BtsMsiTask

Getting a full Continuous Integration (CI) process working with BizTalk Server is hard!

One of the big advantages in a working CI process is to always have tested and verified artifacts from the build server to deploy into test and production. Packaging these build resources into a deployable unit is however notorious hard in BizTalk Server as a Visual Studio build will not provide a deployable artifact (only raw dlls). The only way to get a deployable MSI package for BizTalk Server is to first install everything into the server and then export – until now.

Why Continuous Integration?

Continuous Integration is a concept first described by Martin Fowler back in 2006. At its core its about team communication and fast feedback but also often leads to better quality software and more efficient processes.

A CI process usually works something like the above picture.

  1. A developer checks in code to the source control server.

  2. The build server detects that a check in has occurred, gets all the new code and initiates a new build while also running all the relevant unit tests.

  3. The result from the build and the tests are sent back to the team of developers and provides them with a up to date view of the “health” in the project.

  4. If the build and all the test are successful the built and tested resources are written to a deploy area.

As one can see the CI build server acts as another developer on the team but always builds everything on a fresh machine and bases everything on what is actually checked in to source control – guaranteeing that nothing is build using artifacts that for some reasons is not in source control or that some special setting etc is required to achieve a successful build.

In step 4 above the CI server also writes everything to a deploy area. A golden rule for a CI workflow is to use artifacts and packages from this area for further deployment to test and production environments – and never directly build and move artifacts from developer machines!
As all resources from each successful build is stored safely and labeled one automatically achieves versioning and the possibility to roll back to previous versions and packages if needed.

What is the problem with CI and BizTalk?

It is important to have the build and feedback process as efficient as possible to enable frequent checkins and to catch possible errors and mistake directly. As mentioned it is equally as important that the resources are written to the deploy area are the ones used to deploy to test and production so one gets all the advantages with versioning and roll back possibilities etc.

The problem with BizTalk Server is however that only building a project in Visual Studio does not gives us a deployable package (only raw dlls)!

There are a number of different ways to get around this. One popular option is to automate the whole installation of the dlls generated in the build. This not only requires a whole lot of scripting and work, it also requires a full BizTalk Server installation on the build server. The automated process of installation also takes time and slows down the feedback loop back to development team. There are however great frameworks as for example the BizTalk Deployment Framework to help with this (this solution of course also enables integration testing using BizUnit and other framework).

Some people would also argue that the whole script package and the raw dlls could be moved onto test and production and viewed on as a deployment package. But MSI is a powerful packaging tool and BizTalk Server has a number of specialized features around MSI. As MSI also is so simple and flexible it usually the preferred solution by IT operations.

A final possibility is of course to directly add the resources one by one using BizTalk Server Administration console. In more complex solutions this however takes time and requires deeper knowledge into the solution as one manually has to know in what order the different resources should be added.

Another option in BtsMsiTask

Another option is then to use BtsMsiTask to directly generate a BizTalk Server MSI from the Visual Studio build and MsBuild.

The BtsMsiTask uses same approach and tools as the MSI export process implemented into BizTalk Server but extracts it into a MSBuild task that can be directly executed as part of the build process.

BtsMsiTask enables the CI server to generate a deployable MSI package directly from the Visual Studio based build without having to first install into BizTalk Server!

BizTalk360 and a BizTalk Summit 2013 Re-cap, Stockholm – 14th Jan 2014

On 14th January 2014 we are invited to present Monitoring and Management capabilities of BizTalk360 in Stockholm. The event is organised by Sweden BizTalk User Group (SBUG) at Microsoft office in Akalla, Stockholm. In the first part of the presentation Johan Hedberg (Microsoft Integration MVP) will do a re-cap of what was announced in November […]

The post BizTalk360 and a BizTalk Summit 2013 Re-cap, Stockholm – 14th Jan 2014 appeared first on BizTalk360 Blog.

Blog Post by: Saravana Kumar

Windows Azure BizTalk Services: TNWiki Articles

Last year in November the Windows Azure BizTalk Service (WABS) were made general available for the public. From that moment I have started to explorer the technology further, which resulted in a few articles I published on the TechNet Wiki.

The following list is the recent articles I have published on the TechNet Wiki about WABS:

Provisioning Windows Azure BizTalk Services – GA
Windows Azure

Our new TFS 2013 training curriculum kicks off on Jan 27th

Our new TFS 2013 training curriculum kicks off on Jan 27th

Since the official release of Visual Studio Team Foundation Server 2013 in November we’ve been testing our newest course updates and we’re pleased to be launching our new 2013 courses at the end of this month. If you either working with, or thinking of working with Microsoft’s latest release then you should take a look […]
Blog Post by: Anthony Borton (TFS Instructor)