Create the BizTalk Group Prerequisites
In Windows Azure, you can create a BizTalk Group that consists of a single BizTalk Server or multiple BizTalk Servers, just like on-premise. This topic lists the steps to create BizTalk Server and SQL Server virtual machines that are used in the BizTalk Group.
To create a BizTalk Group, a domain account is required. This domain account runs the BizTalk services that connect to the SQL Server.
These steps assume you already have a domain. The domain must be created before creating the virtual machines. Create a BizTalk Virtual Machine in Windows Azure lists this requirement.
Create the Domain User Accounts and Groups
BizTalk Server uses domain user accounts to run the BizTalk Server services. Domain groups are used to perform different tasks within BizTalk Server. These domain user accounts and domain groups are created before configuring BizTalk Server. The SQL Server services can run as a domain user account or a local user account.
|Only domain administrators can create domain user accounts and domain groups.|
Create the following domain user accounts and groups:
If your SQL Server services will run as domain user accounts, create the domain user accounts. You can use the same domain user account for all services, like the SQL Server service and SQL Server Agent. Or, you can use different domain user accounts for all services. You can also use local accounts on the SQL Server to run the services. The choice is yours.
When BizTalk Server is configured, several services are created. You can use the same domain user account to run all the services. Or, you can use different user accounts to run all the services. The choice is yours.
The domain user accounts do the following:
Run the BizTalk Server host instances and other BizTalk Server services.
Connect to the SQL Server to execute BizTalk commands.
Important When creating the domain user accounts, uncheck the Password expires option. The domain user accounts run the BizTalk Server services. BizTalk Server processing fails when the password expires.
- Run the BizTalk Server host instances and other BizTalk Server services.
BizTalk Server uses different domain groups for different tasks. Create the following domain groups:
Minimum Security User Rights describes the tasks that the different groups perform.
BizTalk Application Users
Contains accounts that run the in-process BizTalk host instances. Accounts running the BizTalk host instance are automatically added to this group.
BizTalk Isolated Host Users
Contains accounts that run the isolated BizTalk host instances that run as processed in IIS. Accounts running the BizTalk host instance are automatically added to this group.
BizTalk Server Administrators
Users in this group perform some administrative tasks, like configuring BizTalk, deploying applications and adding adapters. For additional tasks, go to Minimum Security User Rights.
To perform administrative tasks for adapters, receive and send handlers, and receive locations, add the BizTalk Server Administrators to the Single Sign-On Affiliate Administrators group.
Users are not automatically added to this group.
BizTalk Server B2B Operators
The BizTalk Server B2B Operators Group has the least privileges necessary to perform tasks required for operating the BizTalk Server B2B environment after installation.
By default, no users are automatically added to this group.
BizTalk Server Operators
Users are not automatically added to this group.
Users in this group can administer SSO, including configuring, backing up master secret and making SSO changes. Users can also configure BizTalk. For specific tasks, go to Minimum Security User Rights.
The Administrator account and host account are automatically added to this group.
SSO Affiliate Administrators
Every BizTalk adapter has four affiliate applications: one for the receive handler, the send handler, the send port and the receive locations.
Users in this group can modify SSO affiliate applications in addition to other administrative tasks. For specific tasks, go to Minimum Security User Rights.
The Administrator account is automatically added to this group.
Create the BizTalk virtual machines
Depending on the BizTalk Server edition you choose, you can create one BizTalk Server virtual machine or multiple BizTalk Server virtual machines in the Group, just like on-premise. To create the BizTalk Server virtual machine, refer to the following link:
If your Group will have multiple BizTalk Servers, then consider the following:
BizTalk Server 1
This BizTalk Server virtual machine is the Master. It creates the group and hosts the SSO master secret.
BizTalk Server x
This BizTalk Server virtual machine joins the existing group.
When the virtual machines are created, BizTalk Server is installed and ready to be configured. Additional requirements, including Internet Information Services (IIS) and MS Distributed Transaction Coordinator (MSDTC) are also installed and ready to use.
Create a SQL Server virtual machine
The next step is to create the SQL Server 2012 or SQL Server 2008 R2 SP1 virtual machine in Windows Azure. This virtual machine hosts the BizTalk Server databases used for message processing, including the BizTalkMsgBoxDb and BizTalkDTADb databases. To create the SQL Server virtual machine, refer to the following link:
When the virtual machine is created, SQL Server is installed. Additional requirements, including the Default Instance and MS Distributed Transaction Coordinator (MSDTC) are also installed and ready to use.
Log into the virtual machines
Next, log in to all virtual machines and add your account to the security roles:
In the Windows Azure Management Portal, click Virtual Machines and then click your virtual machine Instance. If you click the virtual machine Instance Name, the Quick Start tab is opened. You can click the back arrow to return to the list of Virtual Machines.
In the task bar at the bottom, click Connect. If Connect is not listed, you may be in the Quick Start tab. You can click the Dashboard tab and click Connect. Or, click the back arrow and click Connect.
You are prompted to open or save the RDP file. Click Save to create an RDP file shortcut that opens the RDP session. If you don’t want a shortcut, click Open.
A security warning may also display. The warning is normal. Click Connect.
Log in with the Administrator account and password you created when the virtual machine was provisioned. A certificate warning may display. The warning is normal. Click Yes.
On the SQL Server virtual machine, add the local Administrator account to the SysAdmin role in SQL Server. This allows the local Administrator account to control the security on the SQL Server. For example, you can add additional users to the SysAdmin role, add logins, and manage the SQL Server.
Optional. Join the BizTalk Server and SQL Server virtual machines to your domain. If you are not joining the virtual machines to your domain, skip this step.
To join the virtual machines to your domain, the following is required:
All connectivity between the virtual machines and your domain is through a Router in the Virtual Network your Network Administrator creates.
A Virtual Network in Windows Azure.
A Virtual Network is your private network inside Windows Azure and must be created before creating the BizTalk Server and SQL Server virtual machines. Go to Create a Virtual Network in Windows Azure to create a Virtual Network. A Network Administrator creates the Virtual Networkbefore you create the BizTalk virtual machine. Create a BizTalk Virtual Machine in Windows Azure lists this requirement.
The BizTalk Server and SQL Server virtual machines are provisioned to use this Virtual Network.
Warning If the BizTalk Server and SQL Server virtual machines are not created using a Virtual Network, the virtual machines cannot be added to your domain. In this situation, you must create new virtual machines and specify the Virtual Network.
After you join the virtual machine to your domain, login with the local Administrator account and do the following:
Adding your domain account gives you full control over the virtual machines, full control in SQL Server, and you can access network resources.
Add your domain account to the local Administrators group.
Add your domain account to SQL Server with the SysAdmin role.
- A Virtual Network in Windows Azure.
At this point, the BizTalk Server virtual machine(s) are ready to be configured. The SQL Server virtual machine is used by the BizTalk Server virtual machine(s) to host the BizTalk Server databases.
© 2013 Microsoft Corporation. All rights reserved.