I’ve seen this happen a couple of times. Where security is not enforced good enough. So I wanted to dedicate a blog post to talk more about this.
In most enterprise companies security is important and get a lot of focus. However BizTalk is often left to itself since the structure around it may be in the hands of someone with little or no BizTalk experience, as it grows so may the support team and the tasks to resolve all errors have to commence. I hope this blog post highlights some of the benefits, to help avoid the possible scenario of processing test data in production.
So here we go. It’s vital to enforce good password policy. Not only the password policy but ensuring that you have good control or the different environments and operation in BizTalk. So what do I mean by this?
We are moving into “user naming convention”. So we make sure to split up users as test users, quality assurance users and production users. But this is not all. We should also ensure to have different users for different tasks. Remember that the users you make never have full admin rights to the machine, they don’t need it and shouldn’t have it.
A good example would be something like this
Sending for my Test, QA and Production environment this would be the users, but you can make groups and go even more in-depth but in this scenario we focus on the users:
The same would go for receiving and processing (which would be orchestration etc).
so BizTalk_xx_ReceiveUser, BizTalk_xx_ProcUser. and one of the most important users would be for the dedicated tracking host. BizTalk_xx_TrackingUser.
This is common sense but you may forget it every now and then. So I’ve seen a few environments where a good user policy is not enforced good enough, that is why I’ve written this post. This will prevent test data to reach production and the other way around since the production users shouldn’t have access to test shares, servers, databases etc. and vice-versa.