This section describes which prerequisites should be meet to be able to install and work with BizTalk360. This consists of the following parts:
- What Versions Of BizTalk Servers Are Supported By BizTalk360
- What Are The Prerequisites For Smooth Installation Of BizTalk360
- BizTalk360 Database And Memory Requirements
- How To Enable SSL / HTTPS
- Firewall Ports And Protocols Required for BizTalk360
- Enable MSDTC For BizTalk360 Stand-Alone (Separate) Server Configuration
- BizTalk360 Supported Browser Versions
- What happens when you don't provide Admin permissions to BizTalk360 service account
What Versions Of BizTalk Servers Are Supported By BizTalk360
BizTalk360 supports the following versions of BizTalk servers:
- Microsoft BizTalk Server 2009
- Microsoft BizTalk Server 2010
- Microsoft BizTalk Server 2013
- Microsoft BizTalk Server 2013 R2
- Microsoft BizTalk Server 2016 (including Feature Packs)
From BizTalk360 version 8.1 onwards, if you are installing BizTalk360 on Microsoft BizTalk Server 2010 or 2009, we recommend you to install BizTalk360 in a separate machine (not on the BizTalk Server 2010 or 2009 machine).
What Are The Prerequisites For Smooth Installation Of BizTalk360
For a successful installation of BizTalk360, it is important to check whether your environment meets the following prerequisite condition:
- Supported OS (Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows 8, Windows 8.1, and Windows 10)
- Minimum .Net version 4.5 is recommended for BizTalk360 version 8.1 and above for smooth functioning of Azure services.
- Supported BizTalk Servers – Microsoft BizTalk Server 2009, Microsoft BizTalk Server 2010, Microsoft BizTalk Server 2013, Microsoft BizTalk Server 2013 R2, Microsoft BizTalk Server 2016
- BizTalk Admin component
- IIS Server availability
- Administrator rights for the user
- ASP.Net Registered
- Windows Authentication component for IIS (7.0 and above)
- SQL Server (any version including express is supported)
- Make sure user able to connect to SQL server instance and database from the server where BizTalk360 is to be installed
The following table shows the hardware requirements that need to be available to install BizTalk360.
|Computer and Processor||A computer with an Intel Pentium-compatible CPU that is 1 GHz or higher for single processors.900 MHz or higher for double processors. 700 MHz or higher for quad processors The 64-bit versions of BizTalk Server require a 64-bit operating system running on an x64 based system. Computers based on CPUs that are compatible with the AMD64 (x86-64) and Extended Memory 64-bit Technology (EM64T) processor architecture are considered x64 based system.Hyper-Threading and Dual-Core processors are supported.|
|Memory||8 GB or higher|
|Hard Disk (Database)||20 GB of available hard disk space for a complete installation including the operating system and all prerequisite software. The hard disk must be NTFS formatted.|
The following table lists the software required for installing and running BizTalk360.
|Software requirement||supported versions|
|Operating System||Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows 10|
|Microsoft .NET Framework||Minimum requirement of Microsoft .Net Framework 4.0 Minimum .Net version 4.5 is recommended for BizTalk360 version 8.1 and above for smooth functioning of Azure services.|
|BizTalk Servers||Microsoft BizTalk Server 2009, Microsoft BizTalk Server 2010, Microsoft BizTalk Server 2013, Microsoft BizTalk Server 2013 R2, Microsoft BizTalk Server 2016|
|Internet Information Services (IIS)||IIS 7.0 and above|
|Microsoft SQL Servers||Microsoft SQL Server 2008 onwards (Express Edition is also supported).|
|General||Administrative rights for the user ASP.NET Registered|
The BizTalk360 MSI Installer is automated to the extent of being able to detect the prerequisite connections. It will not allow you to continue further if any missing components are detected. If any errors are highlighted, you need to stop the installation process, correct the highlighted error, and then rerun the installer.
In addition to ensuring the above prerequisite conditions, you need to ensure the following:
Create a Service Account for BizTalk360
You need to create a service account for BizTalk360 to run the IIS Application pool and monitoring service. You can create a new Windows account for the service account (say, SvcBizTalk360). Once you have created the service account, you need to add it to the following NT groups:
- Local Administrators Group, this access is required on:
- All BizTalk Servers from the licensed BizTalk360 group
- The SQL Server which contains the BizTalk databases
- In case BizTalk360 is installed on separate server(s), the server(s) on which BizTalk360 is installed
- BizTalk Server Administrators Group
- BizTalk Application Users Group
- BizTalk Isolated Host Users Group
- SSO Administrators Group
- IIS_IUSRS group
Note: You also need to make sure you make these settings across the multiple environments where you install BizTalk360. You also need to provide SQL Server SYSADMIN access to the service account. Read this to know more about the necessity to give SYSADMIN access.
Important: Please make sure that you login to BizTalk360 server with the service account and proceed with the new installation or upgrade. This is to ensure that all permissions are in place and that you are able to login to BizTalk360 without any issues.
To add, view, or manage users and groups, you need to follow the below steps (for Windows 2012 server):
- Navigate to 'Computer Management' in the Windows Metro UI view
- In the tree view, expand the 'System Tools' and 'Local Users and Groups' option
Post Installation Requirements
Grant access to BTS_ADMIN_USERS SQL Role in the BizTalk Management Database
To grant access to 'BTS_ADMIN_USERS_SQL' role (on Windows 2012 server),
- Navigate to 'SQL Server Management Studio' in the Windows Metro UI view
- In the Object Explorer panel, connect to SQL Server Instance and expand the tree view on the left side. Expand the SQL Server and 'Databases' and click 'BizTalkMgmtDb' database.
- Right click on BizTalkMgmtDb database and select the 'New Query' option.
- Copy and paste the following values and click 'Execute' to execute the query
- GRANT SELECT ON dbo.adm_OtherDatabases TO BTS_ADMIN_USERS
- GRANT SELECT ON dbo.adm_Server2HostMapping TO BTS_ADMIN_USERS
- GRANT SELECT ON dbo.adm_ServiceClass TO BTS_ADMIN_USERS
- GRANT SELECT ON dbo.BizTalkDbVersion TO BTS_ADMIN_USERS
- GRANT SELECT ON dbo.adm_BackupHistory TO BTS_ADMIN_USERS
Microsoft SQL Server Authentication Modes
The SQL Server database engine has two types of authentication modes — Windows authentication mode and SQL Server and Windows Authentication mode (mixed mode). BizTalk360 supports both SQL authentication modes to connect to the SQL Server, however BizTalk360, by default, uses SQL server and Windows authentication mode (mixed) mode.
If in case the SQL server is configured for Windows Authentication mode, you will see an error when you launch the application for the first time:
Default BizTalk360 installation creates and uses a SQL server for authentication
Make sure either both Windows and SQL authentication is enabled on the SQL instance, where BizTalk360 database is hosted, or Change the config files (web.config and monitoring service.config) to use Windows Authentication.
If you still want to use Windows Authentication mode, you need to make changes to BizTalk360ConnectionString in the web.config in the BizTalk360 Web Installation folder:
- You will find the Web.config file in BizTalk360 Web Installation folder (C:\Program Files (x86)\Kovai Ltd\BizTalk360\Web)
To use Windows authentication mode, change the above connection strings by uncommenting (removing ) the first line and commenting the second line (adding )
In addition to making the changes to BizTalk360ConnectionString in web.config file, you need to make the changes in BizTalk360.monitor.exe.config file in the BizTalk360 Service Installation folder. To change the security SQL server authentication mode:
- In SQL Server Management Studio Object Explorer, right-click the server, and then click Properties
- On the Security page, under Server authentication, select the new server authentication mode, and then click OK
- In the SQL Server Management Studio dialog box, click OK to acknowledge the requirement to restart SQL Server
- In Object Explorer, right-click your server, and then click Restart. If SQL Server Agent is running, it must also be restarted, Post BizTalk360 installation, a user profile has to be created for the Service account with Super User access privileges. Only then, BizTalk360 can perform operation automation capabilities (such as Resume/Suspend/Terminate) in Message Box data monitor.
BizTalk360 Database And Memory Requirements
We recommend you start off by provisioning 10 GB for this purpose. The reason for this is that there are 2 features in BizTalk360 - Advanced Event Viewer and Throttling Analyzer that will cause the database to grow in size since they collect the data and persist the information. If the purge policy in BizTalk360 is set to the default values and you do not have too many hosts and host instances, then database size of 10 GB should be sufficient.
If you are installing BizTalk360 on a standalone server, we recommend you to have memory of 8 GB or higher to serve the purpose.
How To Enable SSL / HTTPS
Steps To Enable SSL / HTTPS For BizTalk360
In order to deploy BizTalk360 on HTTPS, your IIS must be enabled for HTTPS/SSL. The below links explain how to setup SSL on IIS 6/7. Please consult your IIS administrator before changing anything in your IIS as it may affect other critical sites running on that IIS.
IIS 7: http://www.iis.net/learn/manage/configuring-security/how-to-set-up-ssl-on-iis
Once you have setup SSL on your IIS, you will need to enable HTTPS for BizTalk360. Follow the steps as shown below:
- Open Web.config from
- Change security mode for basicHttpBinding (refer screenshot below)
- Change security mode for webHttpBinding (refer screenshot below)
- Enable HTTPS for serviceMetaData (refer screenshot below)
- The above steps will disable HTTP and enable HTTPS for BizTalk360. Depending on you IIS version and setup, you may need to reset IIS or recycle AppPool. Please consult your IIS administrator for more information.
What & Where To Change In Web.config
Once after the change
Firewall Ports And Protocols Required for BizTalk360
BizTalk360 basically requires the same configuration as BizTalk Server Administration. For complete list of ports utilized by BizTalk Server as admin server, please use the below link:
Basically you need to have SQL, WMI, DTC, IIS destination services configured.
Enable MSDTC For BizTalk360 Stand-Alone (Separate) Server Configuration
Configuring MSDTC is key in multi server BizTalk server environment configuration. Typically the following procedure should be followed in all BizTalk servers in a multi server environment. When you are installing BizTalk360 on a stand-alone (separate) server, you need to follow the exact procedures, since the underlying admin API's will rely on MSDTC.
To enable MSDTC on Windows Server 2008 and above:
- Click Start, click Run, type dcomcnfg and then click OK to open Component Services
- In the console tree, click to expand Component Services, click to expand Computers, click to expand My Computer, and click to expand Distributed Transaction Coordinator
- Right click Local DTC, and click Properties to display the Local DTC Properties dialog box.
- Click the Security tab
- In the Security Settings section, click Network DTC Access
- In the Client and Administration section, select Allow Remote Clients and Allow Remote Administration
- In the Transaction Manager Communication section, select Allow Inbound and Allow Outbound
- In the Transaction Manager Communication section, select Mutual Authentication Required (if all remote machines are running Windows Server 2003 SP1 or Windows XP SP2 or higher), select Incoming Caller Authentication Required (if running MSDTC in a cluster), or select No Authentication Required if some of the remote machines are pre-Windows Server 2003 SP1 or pre-Windows XP SP2. No Authentication Required is the recommended selection
- Select Enable XA Transactions, and then click OK
If you experience any MSDTC issues, you can use DTCPing.exe to validate the connection between the BizTalk360 server and server in the remote BizTalk environment. To obtain the DTCPing.exe tool, see http://go.microsoft.com/fwlink/?LinkId=72166.
BizTalk360 Supported Browser Versions
We have tested BizTalk360 against the following browser versions. We also support other browser versions on the best effort.
- Google Chrome - 38.0.2125.104
- Firefox - 33.0
- Internet Explorer - 9.0.8112.16421, 10.0.9200.17116, 11.0.9600.17351
What happens when you don't provide Admin permissions to BizTalk360 service account
The service account will have powerful access, but all other users who access BizTalk360 will have very limited access, they don't even need to belong to any BizTalk groups, BizTalk360 abstracts all the security requirements.
BizTalk360 service account user without Local (Windows) Admin permission
BizTalk360 installation will not be proceeded using the service account user privileges.Service account should have local (Windows) admin privileges in the all the servers (BizTalk Server, SQL Server).
Considerations while installing BizTalk360: Login to the machine with the service account which has Local Admin privileges. Open command prompt with Admin privileges and navigate to the downloaded BizTalk360.msi file to proceed with the installation
Note: If the BizTalk360 installation is started with no admin privileges it will encounter the runtime access issue
If the service account is not been provided with the local admin privilege, the following functionalities will not work as expected:
- In Advanced event viewer, only the installed machine details were fetched
- BizTalk Server and SQL server system related details will not be displayed under Operations, BizTalk360 UI -> Operations -> Infrastructure Settings -> BizTalk Services/SQL Services. It will just spin for a long time
- BizTalk Server and SQL server system related details will not be displayed and exceptions will be thrown under BizTalk360 UI -> Monitoring -> Manage Mapping -> BizTalkServers/SQLServers
- File monitoring will become “Orphaned” if you configure
Analytics will work partially; for some of the counters, details are fetched from the database directly; another system related information like CPU, Available Memory will not be shown as it requires elevated permissions
BizTalk360 service account user without SYSADMIN permission
When the BizTalk360 service account (domain user account) which doesn’t have SYSADMIN privileges on the BizTalk360 Database, you will not able to open BizTalk360 web page, it will throw a login failed exception
To solve this, the user must be provided "db_owner" permission or SYSADMIN access in the BizTalk360 Database security.
When the BizTalk360 service account (domain user account) which doesn’t have Sysadmin privileges on the BizTalk Database (BizTalkMgmtDb), you might face the below exception during the activation of license.
BizTalk360 makes a direct query to some of the BizTalk databases for performance reasons. For that, you need to provide SELECT/EXECUTE permission for the BizTalk360 service account.
When you attempt to enable/disable a receive location that uses the WCF-SQL adapter, or when you attempt to start/stop a send port, you may experience this error "Failed to create 'WCF-SQL' Transport Component".
Once after installing BizTalk360, install the BizTalk Server Enterprise Adapter Pack in the server where BizTalk360 is installed.
If you are using any 3rd party adapters like 'nSoftware', you have to install the nSoftware Adapter Pack as well on the server where BizTalk360 is installed.
Some of our customers hesitate to provide the higher level permissions like Local Admin and System Admin due to security reasons. So we recommend to create a separate account for the BizTalk360 service and provide all the necessary permissions to isolate the credentials.