BizTalk Server can play a huge role in integrating applications and systems within your enterprise, or in integrating your business partners’ business applications and data with your own to create business-to-business solutions. Of course, if you haven’t successfully planned for it or if you’ve incorrectly installed it, then all this goes out the window.
Here are the steps you need to take to ensure that BizTalk Server is properly prepared for and correctly installed.
Network and security planning
Planning for and accomplishing network and security reconfiguration can be one of the most time-consuming tasks in a BizTalk Server deployment, so you should start a team on that task early in your planning and deployment stages.
Start by examining the connectivity needs of the systems to be integrated and of the business partners with whom you need to trade documents. Begin planning how you will make your servers available in each case and what physical network changes and additions you need to plan and accomplish. Unless you are planning a BizTalk deployment to integrate only your own company’s internal systems and those servers reside in the same secure subnet, part of your network planning needs to include your firewalls.
Based on the protocols you’ll be using, determine what ports you need to open in your firewalls to accommodate your BizTalk traffic. Where possible, consider configuring access lists in your routers and/or filters in your firewall to restrict access to only the individual IP addresses or subnets in use by your partners. Using filters and access lists in this way will help you better control the traffic flowing between you and your partners and help block unwanted access.
You also need to determine what changes you need to make in terms of domain accounts, groups, rights, and group policies. BizTalk Server installation adds two groups, BizTalk Server Administrators and BizTalk Server Report Users. Members of the BizTalk Server Administrators group can fully administer BizTalk Server, and members of the BizTalk Server Report Users group can access the Tracking database. You need to identify your administrative team and assign group membership as needed. You also need to decide the account under which BizTalk will run and configure the rights accordingly.
SQL Server authentication is another security issue to consider. BizTalk Server requires integrated Windows authentication to SQL Server. This means that you need to configure your SQL Servers to support integrated authentication. If BizTalk Server and SQL Server are installed on the same computer, and the BizTalk Server account already has administrative rights, you don’t need to do anything else to enable it to authenticate against SQL Server. If SQL Server is installed on a remote computer, however, you must create an integrated SQL Server login on the SQL Server for BizTalk.
You also need to give some thought to certificates. You need a certificate on each server running IIS to support secure sockets layer (SSL), which enables servers and partners to exchange data with HTTPS. In addition, you can exchange certificates with partners to support digital signing and encryption for messages exchanged with S/MIME over SMTP. You can opt to set up your own certificate authority (CA) using Windows 2000 or 2003 Server or obtain certificates from a public CA, such as VeriSign. BizTalk Server verifies that a certificate has not expired for S/MIME messages, but it does not check the revocation status of the certificate or whether it has a trusted root certificate. This eliminates the need for your partners to add your certificates to their Trusted Root Certification Authority certificates, and vice versa.
When you obtain certificates for use with BizTalk Server, make sure to request machine-specific certificates rather than user certificates. You can run BizTalk with a user certificate, but doing so requires making registry changes and running BizTalk in the context of the user that requested the certificate. Using a machine certificate is much cleaner. See the BizTalk Server Help documentation for other tips if you need to use a user certificate.
As with any deployment, good planning can go a long way toward eliminating installation problems. A lot of the planning stage involves identifying the applications and processes that you need to tie together. With that out of the way, you can turn your attention to networking and security issues, then focus on defining the logical structure for your BizTalk servers. This step includes defining server groups, identifying the role that each server will play, and nailing down the clustering and load balancing structure you will use to provide reliability and failover capability.
With that planning out of the way—or at least well on the way—you can start looking at physical hardware requirements to help you achieve those goals. The approach you take depends in large part on your budget. At $6,999 per CPU for the Standard Edition and $24,999 per CPU for the Enterprise Edition, hardware prices are almost irrelevant. Even if the servers are free, deployment becomes expensive in a hurry as you add more servers or CPUs. So, you have to balance software costs against your goals and come up with a server/CPU allocation that fits those goals without bankrupting the company.
If your budget allows, it’s a good idea to segregate BizTalk functions across multiple servers. For example, place the Tracking database on its own server with the Messaging Management and Shared Queue databases on a different server. These servers require SQL Server, which fortunately has a much smaller price tag than BizTalk Server, so you can better afford to spin off these functions.
When you develop the specifications for the SQL Servers, you can improve performance considerably with judicious selection of disk hardware. Choose a high-speed SCSI RAID subsystem and separate components onto different disks. The operating system goes on one, the swap file on a second, the databases on a third, and where applicable, the distributed transaction coordinator (DTC) log on a fourth. Unfortunately, disk performance is and will remain a performance buster until some other technology comes along to take the place of hard disks, but you can alleviate much of the problem with fast SCSI solutions.
When you start allocating components and functions to different computers, watch out for one potential problem. Internet Information Server (IIS) needs to run on the same computer as BizTalk Server. What’s more, you can’t allocate BizTalk Messaging Manager, IIS, and SQL Server on three different servers. If you do, you’ll experience authentication problems. Instead, place IIS either on the same server as BizTalk Messaging Manager or with SQL Server. Don’t place Messaging Manager and SQL Server on one server and IIS and BizTalk Server on another, as this will cause authentication problems, as well.
With hardware requirements out of the way, take a look at your software needs. BizTalk Server 2002 requires Windows 2000 Server with Service Pack 2 or later, or Windows 2003 Server, and NTFS in either case. In addition, you must install Microsoft Visio 2002 to support the BizTalk Orchestration Designer. Computers hosting databases will need SQL Server 7.0 with SP3 or later, or SQL Server 2000 with SP1 or later. Servers running BizTalk Messaging Manager must also run IIS and the World Wide Web Service must be running on those servers. Before you start installing additional products, make sure you settle on a computer name for each server. You can’t change the computer name after installing BizTalk Server—you must uninstall BizTalk Server, change the name, then reinstall.
In addition to Windows 2000 or 2003, you also need to install Message Queuing Services IIS. After installing IIS, make sure you configure the World Wide Web Service for automatic startup. Also install Microsoft Visio 2002 on any computer where you will be running the BizTalk Server Orchestration Designer, which requires Visio 2002.
There are some optional products you might need in addition to BizTalk Server and SQL Server. You can optionally use Application Center 2000 to provide clustering and deployment services for BizTalk Server. You should install Application Center before you install BizTalk Server. If not, you will need to manually register the driver and enumerator for BizTalk. The process for this is covered in the BizTalk Server Help documentation.
Microsoft Operations Manager (MOM) is another tool to consider. MOM provides extensive reporting, analysis, and management capability for systems and services across the enterprise. Management Packs provide the definitions and data needed within MOM to manage specific applications. The BizTalk Server 2002 CD includes a Management Pack for BizTalk Server, which you must import into MOM. Install MOM first, followed by other supporting applications (such as SQL Server), and then install BizTalk Server.
SQL Server installation
The final step before installing BizTalk Server 2002 is to install SQL Server on the servers that will support BizTalk Server. As I mentioned before, you can use SQL Server 7.0 with SP3 or later, or SQL Server 2000 with SP1 or later. So, install SQL Server, then install the appropriate service pack. If you’re running in a cluster and BizTalk Server will be on a different computer, you also need to install the SQL Server client tools on the servers where BizTalk Server will be installed. SQL Server must be installed prior to installing BizTalk Server, because BizTalk Server setup creates the BizTalk Messaging Management database, the Shared Queue database, the Tracking database, and the Orchestration Persistence database
After you install SQL Server, make sure you configure security to support Windows integrated authentication. Open the SQL Server Enterprise Manager, open the properties for the server, and configure authentication on the Security tab. In addition, use the Client Network Utility to set the default network library for SQL Server to TCP/IP. Finally, make sure you add a login to the SQL Server for the account you’ll be using as the BizTalk Server service account. This must be in place prior to installing BizTalk Server to enable the Setup wizards to create the necessary databases.
Installing BizTalk Server
BizTalk Server installation is about what you might expect—you pop in the CD and run Setup, or in the case of the demo version, extract the files to a folder on the hard disk and run Setup from there. Setup provides a wizard that steps you through the installation process. In particular, the wizard prompts for the installation location, the installation type (such as complete), and the default server group name. The wizard also prompts for the administrative group name and the BizTalk Server service account. Setup automatically grants Log On As A Service and Act As Part Of The Operating System rights to the specified service account. If you intend to use certificates to secure BizTalk traffic, you must use a service account that is a member of the Administrators group on the local computer.
When it finishes installing files and performing other installation tasks, such as modifying the registry, Setup launches the BizTalk Server Messaging Database Setup Wizard. You can specify a new database or an existing one, depending on your needs and whether you already have other BizTalk Servers installed and the databases created. You also configure the Tracking and Shared Queue databases with this wizard, and verify the server group for the current server. When the Messaging Database Setup Wizard completes, you use the Orchestration Persistence Database Setup Wizard to create a new Persistence database or specify an existing one. At this point, you should have BizTalk Server, SQL Server, and the associated software installed.