Managing BizTalk Server Security
Maintaining a secure Microsoft® BizTalk® Server 2004 environment requires that you manage accounts, certificates, and passwords.
To ensure the security of the business documents handled by BizTalk Server, BizTalk administrators must manage the following accounts and certificates:
- BizTalk Administrators group. For users to perform administrative tasks either through the BizTalk Administration console or directly by using the Microsoft Windows® Management Instrumentation (WMI) provider, they must be granted the proper privileges in Microsoft SQL Server™ and Microsoft Windows®. The BizTalk Administrators group has the minimum privileges necessary to perform most administrative tasks. To perform administrative tasks for adapters, receive and send handlers, and receive locations, the BizTalk Administrators group must be added to the Single Sign-On Affiliate Administrators group.
For information about adding users to the BizTalk Administrators group, and removing users from the BizTalk Administration Group, see Managing the BizTalk Administrators Group.
- Hosts and service accounts. When creating a host and host instances of that host, you must provide the Windows group for the host and the service account credentials for each host instance. You must ensure that the host instance service accounts are members of the Windows group for the host.
Therefore, before creating a host and host instances you must:
- Create the Windows group for the host.
- Create service accounts for each host instance.
- Add the service accounts to the host Windows group.
- Signing certificates. Signing certificates (private key certificates) are specified for the BizTalk group. These are optional and can be changed at any time by a BizTalk administrator.
This section contains:
- Managing BizTalk Windows Groups and User Accounts
- Best Practices for Security, Accounts, and Certificates
All rights reserved.