- 11 Apr 2022
- 1 Minute to read
- Updated on 11 Apr 2022
- 1 Minute to read
One of the important aspects that’s more closely related to security is governance & auditing. In a nutshell, Governance and Auditing simply mean recording all the activities performed by a BizTalk Administrator or Operations person in your BizTalk Server environments. Auditing is such a crucial part for any enterprise software. Let’s take some example scenarios and see how the impact of such activities can cause huge business disruption. Let’s imagine you have an integration scenario picking up purchase orders from a FTP location, processing it via a BizTalk Orchestration and finally sending it to the SAP system. In this simplest scenario, a BizTalk Administrator can potentially do the following 5 activities intentionally or accidentally —
- Disabling the BizTalk FTP Receive Location
- Unenlisting the BizTalk Orchestration
- Stopping the BizTalk SAP Send Port
- Stopping the Host Instances that run receive location, send port and orchestration
- Terminate a BizTalk Service Instance that’s processing the purchase order
Any one of the above activities would have resulted in a business impact of not processing that purchase order. When such incidents happen, you must have the system in place to look at the audit logs to see who actually performed such activity and take the necessary steps.
Once we built the web-based BizTalk Server Admin console, the first topmost priority we addressed in the product is sorting out the Security and Audit capabilities for administrative activities.
As a first step, you need to configure what needs to be audited. To configure auditing navigate to Environment Settings ->Governance and Audit .
In BizTalk360 both administration activities and BizTalk360 configurations can be audited. The following sections are covered in detail.
- Administration Activities - Application activities, Service Instance activities, Host Instance activities, BizTalk/SQL Server activities, ESB Message activities, Business Rules activities. Captures from both BizTalk(If auditing is enabled in BizTalk Server 2020 ) and BizTalk360
- Configuration activities - Alarm activities, Secure SQL Query activities, Artifact Mapping activities, License activities, User Access Policy activities