by community-syndication | May 13, 2011 | BizTalk Community Blogs via Syndication
Ive recently just setup BizTalk 360 (http://www.biztalk360.com/)to try out the monitoring capabilities. I also thought it would be interesting to see how things go since this given environment was a BizTalk 2006R2 environment and fairly old stuff now.
I had a couple of issues during the install/setup but i was able to solve all of these using the troubleshooting page on the BizTalk 360 website and a little common sense. To be honest a couple of them were me being a bit lazy and not reading the install notes properly.
The changes I had to make were as follows:
1. Changed connection string to the biztalk 360 database as described on the troubleshooting website to integrated security
2. Change the IIS6 virtual directory to .net 4 rather than .net 2
3. Add the full trust element to the web.config file for BizTalk 360
4. Add the IIS NT Authentication providers as described on the troubleshooting page
Bearing in mind this was a CTP release I was very pleased with the support on the website which helped me to get this setup andeven with these problems it still took less than 20 minutes. I would expect BizTalk 2006 to be a slightly less target for the BizTalk 360 team than BizTalk 2010 but it goes to prove it can be installed pretty easily and im not enjoying the management features which I think are a big opportunity for lots of organisations to really get their production operations of biztalk working in secure and effective way
Good job guys
by community-syndication | May 12, 2011 | BizTalk Community Blogs via Syndication
In the past, while testing with large volume of messages in a lab environment in one of my client machines, the processes started to get suspended with the following error: Uncaught exception (see the ‘inner exception’ below) has suspended an instance of service ‘MyAssembley.Orchestrations.Service (6dbc699a-a109-9141-f05e-444b065a1a09)’. The service instance will remain suspended until administratively resumed or […]
Blog Post by: Sandro Pereira
by community-syndication | May 12, 2011 | BizTalk Community Blogs via Syndication
News is a bit old now, but Ihave been awarded an MVP from Microsoft for the second year in a row.
The MVPprogramme is a superb offering from Microsoft, and it’s a great community to be a part of, so thanks again guys!
by community-syndication | May 12, 2011 | BizTalk Community Blogs via Syndication
At the UK Connected Systems User Group meeting yesterday we had a good session from Imran on Azure AppFabric. We ran out of evening before the end of the session, so I didn’t get to raise this question, but it’s a crucial point for me. The Service Bus exists to easily expose internal services to the outside world. It’s an easy sell to tech guys, but I haven’t yet worked with a client’s security team who are open to the concept.
Ithink the security guys have a good point: the status quo for exposing internal services to business partners involves VPNs, DMZs, NAT, firewall exceptions etc. Imran described this as “complex”, and from a delivery point of view it may be. But from a security point of view, it’s not complex, it’s just what they do. And there are two reasons why the security guys are happy with the status quo: 1) they understand the attack surface; 2) they own the attack surface.
Understanding the Attack Surface
Microsoft have a very detailed and approachable whitepaper on how secure Azure is: Windows Azure Security Overview (PDF, login required). There are a lot of familiar and reassuring security technologies and practices in the Azure stack. It’s a shift from the attack surface they know and understand, but there should be enough for security guys to agree that the model is enterprise-grade. I would say the end-to-end is more secure than most enterprises can realistically achieve – but I’m not a security guy.
Owning the Attack Surface
This is far more important. When you’re securing your own infrastructure, the payback for all the effort is that you own the attack surface. If an attack is mounted then you should have the tools and the access needed to deal with it, which means: 1) being able to see that you are under attack; 2) being able to identify the nature of the attack and (eventually) its source; 3) having the ability to contain the attack, routing past weaknesses or (at worst) taking the service down.
With Azure playing Service Bus, the only part of the attack surface you own is your internal endpoint. Hopefully you’d see obvious things like DDOS attacks and certificate hacks, but hopefully they wouldn’t get to you anyway.
What if the attack happens outside of your infrastructure – say an attacker is able to record your service requests and responses as they route through Azure*? And say they gain access to your keys so they can decrypt the content? Ignore for the moment how difficult that would be, and the chain of failures it would need to support that attack. The question is: how do you know about it? Maybe Microsoft will send a friendly email – “hey, your service has been compromised and someone’s reading all of your traffic right now. Do you want us to take the service down or just let it run?”. Maybe it’ll take a couple of hours before they discover the attack, and a series of meetings escalating up the veep chain before clearance is given to send that email. Maybe it would take far longer to identify an attack and identify who’s been compromised.
And that’s what I think is stopping the security guys from signing off this approach. You don’t own the attack surface, so you don’t know if you’re being attacked. And if your provider does get attacked, there’s a massive public relations and commercial incentive for them to keep quiet about it.
So, steer clear of the Service Bus then?
I’d say “no, but think about what you’re exposing”. I don’t imagine we will never see a security exploit in Azure. The same is true for AWS and any other cloud service, and the worst scenarios will have to be supported by poor security practices in the exploited party. What makes the Service Bus different is that you’re dealing with core business functionality.
If someone hacks Dropbox, quietly copies all of my documents and the provider doesn’t know or doesn’t tell me, that’s bad news. But it’s static content and in any case if it’s confidential, I shouldn’t be storing it on the Internet. But if someone hacks Azure AppFabric and can read Service Bus payloads, then they know my contracts and can potentially send in their own requests to my core systems. If that’s a service exposing reference data so a business partner can show my product list, it may not be an issue. If it’s a service for business partners to submit an invoice which my financial system processes, it may be more of an issue.
This isn’t an anti-Azure post and I have no significant concerns about the security model on offer in Azure AppFabric. I use Azure for my own business services and I’m happy to recommend it to clients. The Service Bus gives you a fantastic path to getting properly connected within and between enterprises. The issue is about recognising that no system is 100% secure, understanding the worst case scenario and factoring that into your decision matrix for publishing services on the Internet.
* – relay bindings will use direct connections if possible, but it’s not always possible so you can assume a worst case that all calls will route through Azure
by community-syndication | May 12, 2011 | BizTalk Community Blogs via Syndication
I’m on the Cloud Foundry bandwagon a bit and thought that I’d demonstrate the very easy steps for you all to try out this new platform-as-a-service (PaaS) from VMware that targets multiple programming languages and can (eventually) be used both on-premise and in the cloud. To be sure, I’m not “off” Windows Azure, but the […]
Blog Post by: Richard Seroter
by community-syndication | May 11, 2011 | BizTalk Community Blogs via Syndication
Today after I deploy and configure a new version of an existence solution, I tried to start the application and it gave me the following error: TITLE: BizTalk Server 2006 Administration Console —————————— Could not enlist orchestration ‘MyAssembley, Version=1.0.0.0, Culture=neutral, PublicKeyToken=776eb620b83c3d30′. Could not enlist orchestration ‘MyAssembley, Version=1.0.0.0, Culture=neutral, PublicKeyToken=776eb620b83c3d30′. Object reference not set to an […]
Blog Post by: Sandro Pereira
by community-syndication | May 11, 2011 | BizTalk Community Blogs via Syndication
This blog post is about migrating an EPiServer database from SQL Server 2008 to SQL Server 2005. We’ll also briefly address an issue with LINQ to Entities when going from SQL Server 2008 to SQL…
Daniel Berg’s blog about ASP.NET, EPiServer, SharePoint, BizTalk
by community-syndication | May 11, 2011 | BizTalk Community Blogs via Syndication
If you are in and around London, you got an opportunity to see the potential of BizTalk 360 live demo at London Connected Systems user group meeting tonight. There are still few tickets available for the event, you can register at http://ukcsbugmay2011.eventbrite.com/
Apart from BizTalk 360, there are two more interesting talks
Session 1
Topic: BizTalk Appfabric Connect (the need and the solution) by Imran Shafqat
In this session Imran will talk about the need of using WCF services in an environment already hosting BizTalk Server. Imran will then highlight some of the pain points that developers have to go through using this approach followed by discussion on how App Fabric connect provides a solution to some of these concerns.
Session 2
Topic: Behaviour Driven BizTalk Development by Michael Stephenson
In this session Michael will discuss how BDD can be used to help deliver successful BizTalk projects. Michael will also show how SpecFlow and BizUnit can be combined in your development processes to create testable behaviours to drive your development on BizTalk 2010.
See you all tonight.
Nandri!
Saravana
by community-syndication | May 10, 2011 | BizTalk Community Blogs via Syndication
My second on-demand course for Pluralsight is now online. This course, Solution Modeling with UML in Visual Studio 2010, has three major components: how to build models, how to manage models and why to build models. First, I show how to create both behavioral diagrams (Use Case Diagrams, Activity Diagrams, Sequence Diagrams) and structural diagrams […]
Blog Post by: Richard Seroter
by community-syndication | May 10, 2011 | BizTalk Community Blogs via Syndication
It’s very common to use .NET code for orchestration support. In one of these scenarios I decide to use a class for, in a certain way, validate request and add more information, and to my surprise I was blessed by this error: An unhandled exception (‘<System.StackOverflowException>’) occurred in BTSNTSvc.exe [2756]. Just-In-Time debugging this exception failed […]
Blog Post by: Sandro Pereira
