Assembly Deployment Security Recommendations
In order to run BizTalk pipelines, orchestrations, maps, schemas, receive and send adapter, you must deploy the assemblies that contain these objects in each computer that run them. For more information about Assembly Deployment, see Deploying BizTalk Server Assemblies. It is recommended you follow these guidelines for deploying assemblies in your environment:
- Each computer has a global assembly cache (GAC), which contains the assemblies that one or more applications share. You must register the assemblies BizTalk uses in the GAC of every computer that uses the components within the assembly (that is, every computer that you selected to run a host instance of that particular host), and in the GAC of the administration computer from which you enlist the assembly components into the BizTalk Hosts.
- Ensure you have the Minimum Security User Rights to deploy assemblies. For more information about the Minimum Security User Rights, see Minimum Security User Rights.
- You should ensure that only BizTalk administrators have access to the assemblies and binding files, as they may contain critical business data such as connectivity and configuration information.
- BizTalk administrators must ensure they trust the source of the assembly they deploy in the system. If they deploy assemblies with code you do not trust, they may expose the BizTalk Server environment to potential attacks.
- If you deploy assemblies through a network share, ensure the share containing the assembly has a strong discretionary access control list (DACL) so that only BizTalk administrators can read the assemblies from the share.
- Whenever you perform deployment operations, BizTalk Server needs to communicate to the Configuration database. You must ensure you open the appropriate ports on the firewall between the processing, services, and data domains. For more information, see Ports for the Processing Servers.
- If you point to a remote location for an assembly or binding file (the latter presenting the larger risk of clear text, sensitive data), you should consider the network between the target file's source computer and the computer you are running deployment from. If the network between these two computers is not fully isolated from potential attackers, it is recommended to copy the target file to a removable media and physically transport it to the computer where you run the deployment tool.
- In order for BizTalk administrators to deploy an assembly from a network share, the the BizTalk administrator must first change the security configuration of the .NET Framework configuration from local intranet to Full Trust. For more information, see Security Requirements for Assembly Deployment.
- When you create a binding file, BizTalk Server removes the passwords from the file. You need to edit the binding file and add the password before you use it. It is recommended you mask or remove the password after you use the binding file.
- The Tracking Profile Editor is a developer tool, and thus you cannot use it to deploy tracking profiles in a production environment. In a production environment, it is recommended you use the BTTdeploy command line from the administration computer to deploy tracking profiles.
See Alsohttp://go.microsoft.com/fwlink/?linkid=20616.Copyright © 2004 Microsoft Corporation.
All rights reserved.