Create the BizTalk Group Prerequisites | Azure Virtual Machine
In Microsoft Azure, you can create a BizTalk Group that consists of a single BizTalk Server or multiple BizTalk Servers, just like on-premises. This topic lists the steps to create BizTalk Server and SQL Server virtual machines that are used in the BizTalk Group.
To create a BizTalk Group, a domain account is required. This domain account runs the BizTalk services that connect to the SQL Server.
Steps include:
Create the Domain User Accounts and Groups
Create the BizTalk virtual machines
Create a SQL Server virtual machine
Log into the virtual machines
Before you Begin
A BizTalk group typically consists of more than one BizTalk Server sharing the same backend SQL Server. When BizTalk and SQL Server are on separate computers (or virtual machines), you must use domain groups on the BizTalk Server. On-premises, the Domain Administrator creates the domain groups and the servers are part of a network.
In Azure, the same requirements apply. Meaning, the servers must be in the same network and domain groups are required. Azure gives you the option to create a Virtual Network that can connect to your on-premises network or you can create an Azure-hosted network. This network must be configured and available within Azure before you create the virtual machines. See Create a Virtual Network in Azure.
To join the virtual machines to your domain, the following is required:
The BizTalk Server and SQL Server virtual machines are created and are members of the Virtual Network in Microsoft Azure.
A domain is created before configured the BizTalk Server group.
This topic does not list the steps to create the Virtual Network. It assumes the virtual machines are members of an existing Virtual Network and assumes you already have a domain to join.
Create the Domain User Accounts and Groups
BizTalk Server uses domain user accounts to run the BizTalk Server services. Domain groups are used to perform different tasks within BizTalk Server. These domain user accounts and domain groups are created before configuring BizTalk Server. The SQL Server services can run as a domain user account or a local user account.
Important
Only domain administrators can create domain user accounts and domain groups.
Create the following domain user accounts and groups:
If your SQL Server services will run as domain user accounts, create the domain user accounts. You can use the same domain user account for all services, like the SQL Server service and SQL Server Agent. Or, you can use different domain user accounts for all services. You can also use local accounts on the SQL Server to run the services. The choice is yours.
When BizTalk Server is configured, several services are created. You can use the same domain user account to run all the services. Or, you can use different user accounts to run all the services. The choice is yours.
The domain user accounts do the following:
Run the BizTalk Server host instances and other BizTalk Server services.
Connect to the SQL Server to execute BizTalk commands.
Important
When creating the domain user accounts, uncheck the Password expires option. The domain user accounts run the BizTalk Server services. BizTalk Server processing fails when the password expires.
BizTalk Server uses different domain groups for different tasks. Create the following domain groups:
BizTalk Application Users
Contains accounts that run the in-process BizTalk host instances. Accounts running the BizTalk host instance are automatically added to this group.
BizTalk Isolated Host Users
Contains accounts that run the isolated BizTalk host instances that run as processed in IIS. Accounts running the BizTalk host instance are automatically added to this group.
BizTalk Server Administrators
Users in this group perform some administrative tasks, like configuring BizTalk, deploying applications and adding adapters. For additional tasks, go to Minimum Security User Rights.
To perform administrative tasks for adapters, receive and send handlers, and receive locations, add the BizTalk Server Administrators to the Single Sign-On Affiliate Administrators group.
Users are not automatically added to this group.
BizTalk Server B2B Operators
The BizTalk Server B2B Operators Group has the least privileges necessary to perform tasks required for operating the BizTalk Server B2B environment after installation.
By default, no users are automatically added to this group.
BizTalk Server Operators
Users in the group can monitor and troubleshoot. For specific tasks, go to Minimum Security User Rights and Managing BizTalk Server Security.
Users are not automatically added to this group.
SSO Administrators
Users in this group can administer SSO, including configuring, backing up master secret and making SSO changes. Users can also configure BizTalk. For specific tasks, go to Minimum Security User Rights.
The Administrator account and host account are automatically added to this group.
SSO Affiliate Administrators
Every BizTalk adapter has four affiliate applications: one for the receive handler, the send handler, the send port and the receive locations.
Users in this group can modify SSO affiliate applications in addition to other administrative tasks. For specific tasks, go to Minimum Security User Rights.
The Administrator account is automatically added to this group.
Minimum Security User Rights describes the tasks that the different groups perform.
Create the BizTalk virtual machines
Depending on the BizTalk Server edition you choose, you can create one BizTalk Server virtual machine or multiple BizTalk Server virtual machines in the Group, just like on-premises. To create the BizTalk Server virtual machine, refer to the following link:
Create a BizTalk Virtual Machine in Azure
If your Group will have multiple BizTalk Servers, then consider the following:
BizTalk Server 1 |
This BizTalk Server virtual machine is the Master. It creates the group and hosts the SSO master secret. |
BizTalk Server x |
This BizTalk Server virtual machine joins the existing group. |
When the virtual machines are created, BizTalk Server is installed and ready to be configured. Additional requirements, including Internet Information Services (IIS) and MS Distributed Transaction Coordinator (MSDTC) are also installed and ready to use.
Create a SQL Server virtual machine
The next step is to create the SQL Server virtual machine in Microsoft Azure. This virtual machine hosts the BizTalk Server databases used for message processing, including the BizTalkMsgBoxDb and BizTalkDTADb databases. To create the SQL Server virtual machine, see:
Provisioning a SQL Server Virtual Machine on Azure
When the virtual machine is created, SQL Server is installed. Additional requirements, including the Default Instance and MS Distributed Transaction Coordinator (MSDTC) are also installed and ready to use.
Log into the virtual machines
Next, log in to all virtual machines and add your account to the security roles:
In the Azure Management Portal, click Virtual Machines and then click your virtual machine Instance. If you click the virtual machine Instance Name, the Quick Start tab is opened. You can click the back arrow to return to the list of Virtual Machines.
In the task bar at the bottom, click Connect. If Connect is not listed, you may be in the Quick Start tab. You can click the Dashboard tab and click Connect. Or, click the back arrow and click Connect.
You are prompted to open or save the RDP file. Click Save to create an RDP file shortcut that opens the RDP session. If you don’t want a shortcut, click Open.
A security warning may also display. The warning is normal. Click Connect.
Log in with the Administrator account and password you created when the virtual machine was created. A certificate warning may display. The warning is normal. Click Yes.
On the SQL Server virtual machine, add the local Administrator account to the SysAdmin role in SQL Server. This allows the local Administrator account to control the security on the SQL Server. For example, you can add additional users to the SysAdmin role, add logins, and manage the SQL Server.
Optional. Join the BizTalk Server and SQL Server virtual machines to your domain. If you are not joining the virtual machines to your domain, skip this step.
Warning
If the BizTalk Server and SQL Server virtual machines are not created using a Virtual Network, the virtual machines cannot be added to your domain. In this situation, you must create new virtual machines and enter the Virtual Network.
All connectivity between the virtual machines and your domain is through a Router in the Virtual Network your Network Administrator creates.
After you join the virtual machine to your domain, login with the local Administrator account and do the following:
Add your domain account to the local Administrators group.
Add your domain account to SQL Server with the SysAdmin role.
Adding your domain account gives you full control over the virtual machines, full control in SQL Server, and you can access network resources.
At this point, the BizTalk Server virtual machine(s) are ready to be configured. The SQL Server virtual machine is used by the BizTalk Server virtual machine(s) to host the BizTalk Server databases.
Next
Configure the BizTalk Group | Azure Virtual Machine
See Also
Concepts
Create a BizTalk Virtual Machine in Azure
Configuring BizTalk Server 2013 and 2013 R2 on an Azure VM