Auditing and Governance
- Updated on 01 May 2018
- 4 minutes to read
Challenges faced by BizTalk Server Administrators There are potential gaps in the BizTalk Server Administration Console (BAC) when it comes to managing BizTalk Server environments.
- Advanced authorization for all users/groups
In BAC, operational security is controlled by 2 NT groups – BizTalk Server Administrators Group and BizTalk Server Operators Group. The BizTalk operator's group is designed to put support people with restricted privileges. In reality, BizTalk operators group is not functional due to its hard-coded security restrictions. This will leave everyone in your BizTalk support team to be part of the BizTalk administrators group, having more than required permission. BizTalk360 addresses this problem by giving users ability to fine tune their BizTalk security requirements.
- BizTalk Server Administration Console — All or Nothing
There is no capability to restrict users to view only specific portions of the environment (example: access to a limited set of applications, read-only access to users, hiding infrastructure details like message boxes etc). If users get access to BizTalk Server Administration Console, they will be able to see all the sections in the environment.
- Lack of Governance/Auditing
In the default BizTalk Admin Console, there is no concept of operational auditing. The support person can perform any task using BAC and there won't be any trace. Example: A user can start a send port, or stop an orchestration or a processing host instance. None of these activities will be audited. BizTalk360 solves this problem by auditing each activity, giving a clear indication of "Who has done What" in the environment.
- Presence of skilled BizTalk people
To support the BizTalk environments in an organization, administrators are in need of experienced staff with BizTalk knowledge. It is practically impossible to bring anyone without prior BizTalk knowledge to support the BizTalk environments. Also, the BAC is way too powerful for a non-BizTalk user to handle and manage the environments. BizTalk360 solves this problem by providing various productivity tools, dashboards, controlled access etc.
- Multiple tools for day-to-day operations
The support personnel responsible for supporting the BizTalk Server environment has to deal with multiple tools for their day-to-day operations. For ex., In addition to BAC, they require SQL Management Studio, BAM Portal, ESB Portal, BizTalk Health Monitor, BizTalk Monitoring Console (SCOM, HPOM, and so on), Event viewer etc., to manage the operations. The problem with this is that they are forced to set up and manage security at different places. BizTalk360 consolidates all these tools and provides security at a single place.
- Lack of sharing ability between business units
The current BAC setup does not support shared usage of environments. For instance, if the environment has 20 applications, it is not possible to allocate, say, 5 applications for group 1, another 5 applications for group 2 and so on. If a particular group gets access to the admin console, they will be able to see all the applications within the environment. Therefore, sharing the environment between different business units is a complex task. Also, once a critical application is deployed in the environment, organization resists themselves from deploying anything else into the same environment even if the environment has the capacity to accommodate. This is a major challenge faced by users using BAC for their day-to-day operations.
How does BizTalk360 solve the above problems?
BizTalk360 solves the above-mentioned security aspects in BizTalk environments by providing the following functionalities:
- Customized User Access Policy
BizTalk360 addresses the security problems of BizTalk Server Administration Console by offering a rich and powerful user access policy management system to support the BizTalk environment(s). The administrators can set up fine-grained authentication and authorization policies for both individual users and NT groups. By doing this, you can make sure only authorized personnel can perform a specific task in the environment.
- Operational Governance and Auditing
BizTalk360 offers additional control to administrators by providing them audit trail of the actions performed by users in the environment. By setting up governance/auditing in the BizTalk environment, you can easily find out who did what and take a corrective action. In BizTalk360, auditing capability is available for:
- Application-level activities
- Host instance related activities
- Service instance related activities
- ESB related activities
- Business Rules related activities
- Security in one single place
BizTalk360 encompasses the different tools that administrators use on a day-to-day basis and brings them "under-the-hood". This addresses the security challenges faced by administrators as they can manage security at a single place.
- Remove RDP into servers and direct database accesses
BizTalk360 comes with all the tools required, example “Advanced Event Viewer”, “Custom SQL Queries”, “SQL Instances details”, “Backup/DR Visualizer” etc., to eliminate any direct remote desktop access (RDP) into live BizTalk servers and it also makes DBA’s happy by eliminating direct SQL server access to your BizTalk support people.