Azure Active Directory integration on BizTalk Portal

BizTalk Portal is now integrated with Azure Active Directory. This feature enables few important scenarios mentioned below - 

Login to BizTalk Portal using organizational accounts

• Users can now use their organizational accounts to manage their BizTalk Services through the BizTalk Portal provided their organizational accounts are associated with Azure Active Directory. Consider an organization 'contoso' which is integrated with Azure Active Directory. Any user from this organization (e.g. bob@contoso.com) can login to the BizTalk Portal and manage BizTalk Services he owns.
• A user logged in to BizTalk Portal using organizational account can add more users from his/her organization using the 'Add User' button in 'Settings' tab to manage the same BizTalk Service. For example, bob@contoso.com can invite mary@contoso.com who is another employee in his organization (i.e. contoso) to manage the same BizTalk Service.

Login to BizTalk Portal using your Microsoft accounts

• Users who don't want to use their organizational accounts or who don't have one can continue to use their Microsoft accounts (hotmail.com, live.com, outlook.com etc.)  to manage their BizTalk Services through the BizTalk Portal. For example, bob@hotmail.com can manage BizTalk Services created in his personal subscriptions.
• A user logged in to BizTalk Portal using a Microsoft account can add other Microsoft accounts using the 'Add User' button in 'Settings' tab to manage the same BizTalk Service. For example. bob@hotmail.com can invite mary@outlook.com to manage the BizTalk Service.

Automatic registration of user who creates the BizTalk Service

• The user who creates the BizTalk Service on Azure Portal is automatically registered as administrator of the same on BizTalk Portal. He/she doesn't need to go through the (painful ? :)) process of copying the ACS secrets from Azure Portal and pasting them in the user registration page provided on the BizTalk Portal.
• A user can add more users through the steps mentioned in above sections. Henceforth users probably won't even need to copy the secrets from Azure Portal. A user needs to do this only if he wants to go through explicit user registration flow on BizTalk Portal.

Gotchas

• Hybrid of Microsoft account and Organizational accounts won't work - A BizTalk Service can be either associated with Microsoft accounts or Organizational accounts. Therefore, all user accounts managing a particular BizTalk Service should either be  Microsoft accounts or Organizational accounts.
• Users from different organizations cannot manage same BizTalk Service - A BizTalk Service can be associated with only one organization. Therefore, all organzational users accounts managing a particular BizTalk Service should belong to the same organization.

You will get following error on the register account page in either of the cases mentioned above -

Microsoft Azure BizTalk Services deployment registration has failed.

Registration has failed..

Related Links

• Azure Active Directory integration on BizTalk Portal on my MSDN blog
• Registering and Updating a BizTalk Service Deployment on the BizTalk Services Portal
• Associating Multiple Login IDs with a BizTalk Services Deployment

Restore BizTalk Services

In my previous post we covered backup of BizTalk Services. In this post we will cover the other part of the story, i.e. restore of BizTalk Services. To re-iterate, backup-restore feature provides solution for following scenarios:

• Disaster Recovery
• Service migration from dev to prod
• Upgrade service edition (basic to standard, basic to premium and standard to premium)

 Note: Backup-restore feature is not provided to Developer edition.

Pre-requisites and Setup

You need to install Windows Azure PowerShell on your machine and download Windows Azure BizTalk Service Management PowerShell Cmdlets. Details about both of these is available here. This link contains a sample for management of BizTalk Services through PowerShell. Follow the description of this sample to setup your machine. Summarizing the steps needed to be performed:

1. Install Windows Azure PowerShell
2. Compile the sample application to generate Microsoft.WindowsAzure.Management.BizTalkService.dll
3. Import Microsoft.WindowsAzure.Management.BizTalkService.dll
4. Set Azure Subscription

Perform Restore

Set Azure Subscription

If you followed the steps mentioned in the sample's description you should have Windows Azure PowerShell command window open with subscription set to the one where your BizTalk Service is provisioned. Execute following commands to set Azure subscription:

C:\PS> $subID = <Subscription ID> C:\PS> $thumbprint = <Certificate Thumbprint> C:\PS> $myCert = Get-Item cert:\\LocalMachine\My\$thumbprint C:\PS> Set-AzureSubscription –SubscriptionName "MySub" -SubscriptionId $subID -Certificate $myCert

Note: Install the management certificate for your subscription in machine's certificate store under Local Machine.

Execute Restore Cmdlet

Execute the Restore-AzureBizTalkService cmdlet to restore a BizTalk Service deployment from a backup. This cmdlet takes following inputs:

1. ResourceName – Name of your biztalk service
2. Location – Region where you want to restore the service
3. BackupName – Container inside storage account where backup is stored
4. BackupStoreConectionString – Storage account connection string where backup is stored
5. Configuration – Configuration file which contains additional input parameters for service restoration. The sample contains couple of configuration files that you can modify. I picked up the sample_create_mandatory.xml file as it only contains the mandatory parameters required to be provided. Another section below covers this configuration file in detail.

C:\PS> Restore-AzureBizTalkService -ResourceName <Biztalk Service name> -Location "<Region>" -BackupName <Backup container name> -BackupStoreConnectionString " BlobEndpoint=https://<account name>.blob.core.windows.net/;QueueEndpoint=https://<account name>.queue.core.windows.net/;TableEndpoint=https://<account name>.table.core.windows.net/;AccountName=<account name>;AccountKey=<account key>;DefaultEndpointsProtocol=https" -ConfigurationFile "Configuration xml file path"

Or...

C:\PS> Restore-AzureBizTalkService -ResourceName <Biztalk Service name> -Location "<Region>" -BackupName <Backup container name> -BackupStoreConnectionString " DefaultEndpointsProtocol=https;AccountName=<your storage account name>;AccountKey=<your storage account key>" -ConfigurationFile "Configuration xml file path"

Note: This may take up around 30 minutes to 1 hour to complete.

Request submission…

Request completion…

On Azure Portal…

Configuration File

Configuration file contains the input parameters required by various management operations like New, Restore, Update etc. Here is a sample configuration file with mandatory parameters:

<?xml version="1.0" encoding="utf-8"?> <ServiceSettings xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">   <ServiceVersion>1.1.0</ServiceVersion>   <Edition>developer</Edition>   <UnitCount>1</UnitCount>   <TrackingStoreConnectionString>Data Source=tcp:{server name}.database.windows.net;Initial Catalog={database name};Integrated Security=False;User ID={user name}@{server name};Password={password};Asynchronous Processing=True;Encrypt=True;TrustServerCertificate=False</TrackingStoreConnectionString>   <MonitoringStoreConnectionString>BlobEndpoint=https://{storage account name}.blob.core.windows.net/;QueueEndpoint=https://{storage account name}.queue.core.windows.net/;TableEndpoint=https://{storage account name}.table.core.windows.net/;AccountName={storage account name};AccountKey={storage account key};DefaultEndpointsProtocol=https</MonitoringStoreConnectionString> </ServiceSettings>

You need to provide appropriate values for following parameters in the configuration:

1. Edition: Possible values for edition are
• developer
• standard
• premium
• basic
2. Tracking store connection string
3. Monitoring/Archiving store connection string

Execute Resume Cmdlet

BizTalk Service gets restored in a suspended state where the service accept only management operations but runtime messages are not processed. Suspended state lets you to change any configuration of the service before message processing can start.

Execute the Resume-AzureBizTalkService cmdlet to resume the BizTalk Service. This cmdlet takes following inputs:

1. ResourceName – Name of your biztalk service

C:\PS> Resume-AzureBizTalkService -ResourceName <Biztalk Service name>

Note: This may take up around 15 minutes to complete.

Request submission…

Request completion…

On Azure Portal…

Related Links

1. Backup BizTalk Service REST API
2. Windows Azure BizTalk Services Management Sample
3. Backup BizTalk Services on my blog
4. BizTalk Services: Backup and Restore
5. Business Continuity in BizTalk Services

Backup BizTalk Services

BizTalk Services lets you create backup of the service to deal with some of the scenarios like

• Disaster recovery
• Service migration from dev to prod
• Upgrade service edition (basic à standard, basic àpremium and standard à premium)

Note: This feature is not provided to Developer edition.

Pre-requisites and Setup

You need to install Windows Azure Powershell on your machine and download Windows Azure BizTalk Service Management PowerShell Cmdlets. Details about both of these is available here. This link contains a sample for management of BizTalk Services through Powershell. Follow the description of this sample to setup your machine. Summarizing the steps needed to be performed:

1. Install Windows Azure PowerShell
2. Compile the sample application to generate Microsoft.WindowsAzure.Management.BizTalkService.dll
3. Import Microsoft.WindowsAzure.Management.BizTalkService.dll
4. Set Azure Subscription

Perform Backup

Set Azure Subscription

If you followed the steps mentioned in the sample's description you should have Windows Azure PowerShell command window open with subscription set to the one where your BizTalk Service is provisioned. Execute following commands to set Azure subscription:

C:\PS> $subID = <Subscription ID> C:\PS> $thumbprint = <Certificate Thumbprint> C:\PS> $myCert = Get-Item cert:\\LocalMachine\My\$thumbprint C:\PS> Set-AzureSubscription –SubscriptionName "MySub" -SubscriptionId $subID -Certificate $myCert

Note: Install the management certificate for your subscription in machine's certificate store under Local Machine.

Execute Backup Cmdlet

Execute the Backup-AzureBizTalkService cmdlet to take backup of the service. This cmdlet takes following inputs:

1. ResourceName – Name of your biztalk service
2. BackupName – Backup gets created in a storage account with this name as container name. Therefore, naming constraints of a storage container apply here as well.
3. BackupStoreConectionString – Storage account connection string where backup gets created

C:\PS> Backup-AzureBizTalkService -ResourceName <Biztalk Service name> -BackupName <Backup container name> -BackupStoreConnectionString " BlobEndpoint=https://<account name>.blob.core.windows.net/;QueueEndpoint=https://<account name>.queue.core.windows.net/;TableEndpoint=https://<account name>.table.core.windows.net/;AccountName=<account name>;AccountKey=<account key>;DefaultEndpointsProtocol=https "

Or...

C:\PS> Backup-AzureBizTalkService -ResourceName <Biztalk Service name> -BackupName <Backup container name> -BackupStoreConnectionString " DefaultEndpointsProtocol=https;AccountName=<your storage account name>;AccountKey=<your storage account key>"

Note: This may take up around 30 minutes to 1 hour to complete.


Request submission…

On Azure Portal…

Inside storage container…

Related Links

1. Backup BizTalk Service REST API
2. Windows Azure BizTalk Services Management Sample
3. Backup BizTalk Services on my MSDN blog
4. BizTalk Services: Backup and Restore
5. Business Continuity in BizTalk Services