Configure using BizTalk Provisioning Tool | Azure Virtual Machine

Use the Provisioning Tool to configure a BizTalk Group on Microsoft Azure.

The BizTalk Provisioning Tool is automatically installed on every BizTalk Server virtual machine. The Provisioning Tool is considered the “fast” method to configure a BizTalk Group that includes multiple BizTalk Server virtual machines. It’s a command-line tool that uses an XML input file that includes database names, BizTalk Server virtual machine names, service accounts, and other configuration information. Currently, the Provisioning Tool uses local groups. The Provisioning Tool does not support domain groups.

This topic discusses the following:

Important Notes

Create the Local User Groups and Accounts

Create the XML file

Run the Provisioning tool

Important Notes

  • In this release, Domain Groups cannot be used with the Provisioning Tool. Local Groups must be manually created on all virtual machines in the Group, including the SQL Server virtual machine. Add the BizTalk Server domain accounts to the appropriate local groups on all virtual machines in the Group, including the SQL Server virtual machine.

  • The tools in the C:\BizTalk_Provisioning folder must always reside in the C:\BizTalk_Provisioning folder. Do not change the path.

  • The Client.exe tool with XML File can be executed from any BizTalk Server virtual machine created in Microsoft Azure. The C:\BizTalk_Provisioning folder is automatically created on these images.

  • If you change the XML file and run the Microsoft.Cloud.BizTalk.Provisioning.Client.exe tool on an existing configuration, BizTalk Server is unconfigured. For example:

    • If you modify the XML file to add a virtual machine to the existing Group and run the Microsoft.Cloud.BizTalk.Provisioning.Client.exe tool, BizTalk Server is unconfigured and then reconfigured.

    • If you modify the XML file to change a database name and run the Microsoft.Cloud.BizTalk.Provisioning.Client.exe tool, BizTalk is unconfigured and then reconfigured.

  • If you reconfigure BizTalk Server and use the same database names, the configuration fails because the databases exist. In the XML file, enter new unique database names. Or, delete the existing databases.

  • In this release, there is no unconfigure option with the Provisioning Tool. Any configuration changes made when running the Microsoft.Cloud.BizTalk.Provisioning.Client.exe tool does not delete the BizTalk Server artifacts, including the databases and the EDI BAM SSIS activities.

  • The Enterprise Single Sign-On (SSO) Master Secret is automatically configured. It cannot be customized.

Create the Local User Groups and Accounts

In this release, Domain Groups cannot be used with the Provisioning Tool. Local Groups must be manually created on all virtual machines in the Group, including the SQL Server virtual machine. Add the BizTalk Server domain accounts to the appropriate local groups on all virtual machines in the Group, including the SQL Server virtual machine.

Create the following local groups and user accounts:

  1. BizTalk Server uses different groups for different tasks. On all the BizTalk Server virtual machines and the SQL Server virtual machine, create the following local groups:

    BizTalk Application Users

    Contains accounts that run the in-process BizTalk host instances.

    Users are not automatically added to this group.

    BizTalk Isolated Host Users

    Contains accounts that run the isolated BizTalk host instances that run as processed in IIS.

    Users are not automatically added to this group.

    BizTalk Server Administrators

    Users in this group perform some administrative tasks, like configuring BizTalk, deploying applications and adding adapters. For additional tasks, go to Minimum Security User Rights.

    To perform administrative tasks for adapters, receive and send handlers, and receive locations, add the BizTalk Server Administrators to the Single Sign-On Affiliate Administrators group.

    Users are not automatically added to this group.

    BizTalk Server B2B Operators

    The BizTalk Server B2B Operators Group has the least privileges necessary to perform tasks required for operating the BizTalk Server B2B environment after installation.

    By default, no users are automatically added to this group.

    BizTalk Server Operators

    Users in the group can monitor and troubleshoot. For specific tasks, go to Minimum Security User Rights and Managing BizTalk Server Security.

    Users are not automatically added to this group.

    SSO Administrators

    Users in this group can administer SSO, including configuring, backing up master secret and making SSO changes. Users can also configure BizTalk. For specific tasks, go to Minimum Security User Rights.

    Users are not automatically added to this group.

    SSO Affiliate Administrators

    Every BizTalk adapter has four affiliate applications: one for the receive handler, the send handler, the send port and the receive locations.

    Users in this group can modify SSO affiliate applications in addition to other administrative tasks. For specific tasks, go to Minimum Security User Rights.

    Users are not automatically added to this group.

    Minimum Security User Rights describes the tasks that the different groups perform.

  2. The SQL Server services can run as domain user accounts. You can use the same domain user account for all services, like the SQL Server service and SQL Server Agent. Or, you can use different domain user accounts for all services. You can also use local accounts on the SQL Server to run the services. The choice is yours.

  3. When BizTalk Server is configured, several services are created. You can use the same domain user account to run all the services. Or, you can use different user accounts to run all the services. The choice is yours.

    The domain user accounts do the following:

    • Run the BizTalk Server host instances and other BizTalk Server services.

    • Connect to the SQL Server to execute BizTalk commands.

    Important

    When creating the domain user accounts, uncheck the Password expires option. The domain user accounts run the BizTalk Server services. BizTalk Server processing fails when the password expires.

  4. Add the BizTalk Server domain user accounts to the appropriate local groups on all virtual machines in the Group, including the SQL Server virtual machine:

    BizTalk Application Users

    Contains accounts that run the in-process BizTalk host instances. Add the domain user accounts that run the BizTalk host instances to this group.

    BizTalk Isolated Host Users

    Contains accounts that run the isolated BizTalk host instances that run as processed in IIS. Add the domain user accounts that run the BizTalk host instances to this group.

    BizTalk Server Administrators

    Users in this group perform some administrative tasks, like configuring BizTalk, deploying applications and adding adapters. For additional tasks, go to Minimum Security User Rights.

    To perform administrative tasks for adapters, receive and send handlers, and receive locations, add the BizTalk Server Administrators to the Single Sign-On Affiliate Administrators group.

    Add the domain user accounts that you want to administer BizTalk to this group.

    BizTalk Server B2B Operators

    The BizTalk Server B2B Operators Group has the least privileges necessary to perform tasks required for operating the BizTalk Server B2B environment after installation.

    Add the domain user accounts that you want to monitor EDI to this group. In some environments, no users are added to this group.

    BizTalk Server Operators

    Users in the group can monitor and troubleshoot. For specific tasks, go to Minimum Security User Rights and Managing BizTalk Server Security.

    Add the domain user accounts that you want to monitor and troubleshoot BizTalk to this group.

    SSO Administrators

    Users in this group can administer SSO, including configuring, backing up master secret and making SSO changes. Users can also configure BizTalk. For specific tasks, go to Minimum Security User Rights.

    Add the domain user accounts that you want to administer BizTalk to this group. Also add the local Administrator account and user accounts that run the BizTalk host instances.

    SSO Affiliate Administrators

    Every BizTalk adapter has four affiliate applications: one for the receive handler, the send handler, the send port and the receive locations.

    Users in this group can modify SSO affiliate applications in addition to other administrative tasks. For specific tasks, go to Minimum Security User Rights.

    Add the domain user accounts that you want to administer the SSO Affiliate applications to this group. Also add the local Administrator account.

Create the XML file

To configure the BizTalk Group, an input XML file is used. The input XML file specifies the BizTalk Server database names, the SQL Server virtual machine name, the BizTalk Server virtual machine names, and the domain account(s) to run the BizTalk Server services.

To create the XML file

  1. Copy and paste the following XML into Notepad:

    <GlobalConfigurationData xmlns="https://schemas.microsoft.com/biztalk/utilities/azure" xmlns:i="https://www.w3.org/2001/XMLSchema-instance">
      <DatabaseData>
        <BAMArchiveDatabaseName>%BAMArchive%</BAMArchiveDatabaseName>
        <BAMArchiveDatabaseServer>%SQLMACHINE%</BAMArchiveDatabaseServer>
        <BAMPrimaryImportDatabaseName>%BAMPrimaryImport%</BAMPrimaryImportDatabaseName>
        <BAMPrimaryImportDatabaseServer>%SQLMACHINE%</BAMPrimaryImportDatabaseServer>
        <BusinessRulesDatabaseName>%BusinessRulesDB%</BusinessRulesDatabaseName>
        <BusinessRulesDatabaseServer>%SQLMACHINE%</BusinessRulesDatabaseServer>
        <ManagementDatabaseName>%BizTalkMgmtDB%</ManagementDatabaseName>
        <ManagementDatabaseServer>%SQLMACHINE%</ManagementDatabaseServer>
        <MessageBoxDatabaseName>%BizTalkMsgBoxDB%</MessageBoxDatabaseName>
        <MessageBoxDatabaseServer>%SQLMACHINE%</MessageBoxDatabaseServer>
        <SSODatabaseName>%SSODB%</SSODatabaseName>
        <SSODatabaseServer>%SQLMACHINE%</SSODatabaseServer>
        <TrackingDatabaseName>%BizTalkDTADB%</TrackingDatabaseName>
        <TrackingDatabaseServer>%SQLMACHINE%</TrackingDatabaseServer>
      </DatabaseData>
      <FeatureData>
        <B2B>%B2B%</B2B>
        <BAM>%BAM%</BAM>
        <BRE>%BRE%</BRE>
      </FeatureData>
      <Hosts>
        <HostData>
          <AuthenticationTrusted>false</AuthenticationTrusted>
          <DoTracking>true</DoTracking>
          <HostName>%HostName%</HostName>
          <Is32Bit>false</Is32Bit>
          <IsDefault>true</IsDefault>
          <Isolated>false</Isolated>
          <ServerNames xmlns:a="https://schemas.microsoft.com/2003/10/Serialization/Arrays">
            <a:string>%BIZTALKMACHINE1%</a:string>
            <a:string>%BIZTALKMACHINE2%</a:string>
          </ServerNames>
          <ServiceAccountPassword>%PASSWORD%</ServiceAccountPassword>
          <ServiceAccountUserName>%USER%</ServiceAccountUserName>
        </HostData>
        <HostData>
          <AuthenticationTrusted>false</AuthenticationTrusted>
          <DoTracking>false</DoTracking>
          <HostName>%HostName%</HostName>
          <Is32Bit>false</Is32Bit>
          <IsDefault>false</IsDefault>
          <Isolated>true</Isolated>
          <ServerNames xmlns:a="https://schemas.microsoft.com/2003/10/Serialization/Arrays">
            <a:string>%BIZTALKMACHINE2%</a:string>
            <a:string>%BIZTALKMACHINE1%</a:string>
          </ServerNames>
          <ServiceAccountPassword>%PASSWORD%</ServiceAccountPassword>
          <ServiceAccountUserName>%USER%</ServiceAccountUserName>
        </HostData>
      </Hosts>
      <ServersForDefaultHosts xmlns:a="https://schemas.microsoft.com/2003/10/Serialization/Arrays">
        <a:string>%BIZTALKMACHINE1%</a:string>
      </ServersForDefaultHosts>
      <ServiceAccountData>
        <BREServiceAccountPassword>%PASSWORD%</BREServiceAccountPassword>
        <BREServiceAccountUserName>%USER%</BREServiceAccountUserName>
        <DefaultInProcHostPassword>%PASSWORD%</DefaultInProcHostPassword>
        <DefaultInProcHostUserName>%USER%</DefaultInProcHostUserName>
        <DefaultIsolatedHostPassword>%PASSWORD%</DefaultIsolatedHostPassword>
        <DefaultIsolatedHostUserName>%USER%</DefaultIsolatedHostUserName>
        <SSOServiceAccountPassword>%PASSWORD%</SSOServiceAccountPassword>
        <SSOServiceAccountUserName>%USER%</SSOServiceAccountUserName>
      </ServiceAccountData>
    </GlobalConfigurationData>
    
  2. Save the file as Azure_BTSXMLTemplateMultiNode.xml in the C:\BizTalk_Provisioning folder. When BizTalk Server is installed, this folder is created and used only to configure multiple BizTalk Server virtual machines in a Group. It is not used to configure BizTalk Server on a single virtual machine.

  3. Open the XML file in Notepad. Modify any %value% with your values, which includes the following sections:

    Section Action Items

    <DatabaseData>

    Lists the BizTalk Server database names and the SQL Server virtual machine name.

    Action Items:

    • Optional: Customize the database names.

    • Required. Replace %SQLMACHINE1% with the correct SQL Server fully qualified domain name (FQDN).

    Important

    When entering the virtual machine name, always enter the fully qualified domain name (FQDN). For example, enter YourVMName.cloudapp.net.

    <FeatureData>

    EDI (B2B), Business Activity Monitoring (BAM), and Business Rules Engine (BRE) can also be configured.

    Action Item:

    Required. Enter true or false to configure the feature. For example, enter:

    <B2B>true</B2B>
    <BAM>false</BAM>
    <BRE>true</BRE>

    <Hosts>

    Add a <HostData> section for every host. If you want five hosts, there should be five <HostData> sections. By default, an in-process Host and an Isolated Host are created.

    In-process Host

    <HostData> 
    <AuthenticationTrusted>false</AuthenticationTrusted> 
    <DoTracking>true</DoTracking> 
    <HostName>%HostName%</HostName> 
    <Is32Bit>false</Is32Bit> 
    <IsDefault>true</IsDefault> 
    <Isolated>false</Isolated> 
       -<ServerNames xmlns:a="https://schemas.microsoft.com/2003/10/Serialization/Arrays"> 
       <a:string>%BIZTALKMACHINE1%</a:string> 
       <a:string>%BIZTALKMACHINE2%</a:string> 
       </ServerNames> 
    <ServiceAccountPassword>%PASSWORD%</ServiceAccountPassword> 
    <ServiceAccountUserName>%USER%</ServiceAccountUserName> 
    </HostData>

    Isolated Host

    <HostData> 
    <AuthenticationTrusted>false</AuthenticationTrusted> 
    <DoTracking>false</DoTracking> 
    <HostName>%HostName%</HostName> 
    <Is32Bit>false</Is32Bit> 
    <IsDefault>false</IsDefault> 
    <Isolated>true</Isolated> 
       -<ServerNames xmlns:a="https://schemas.microsoft.com/2003/10/Serialization/Arrays"> 
       <a:string>%BIZTALKMACHINE2%</a:string> 
       <a:string>%BIZTALKMACHINE1%</a:string> 
       </ServerNames> 
    <ServiceAccountPassword>%PASSWORD%</ServiceAccountPassword> 
    <ServiceAccountUserName>%USER%</ServiceAccountUserName> 
    </HostData>

    Action Items:

    • Required. In the <HostName> section, enter your host name.

    • Required. In the <ServerNames> section, enter the BizTalk Server virtual machine fully qualified domain names (FQDN). For example, enter:

      <a:string>BTS2013Test1.YourDomain.com</a:string>
      <a:string>BTS2013Test2.YourDomain.com</a:string>

      Important

      When entering virtual machine information, always enter the fully qualified domain name (FQDN).

    • Required. In <ServiceAccountPassword>%PASSWORD%</ServiceAccountPassword>, enter the BizTalk domain account password.

    • Required. In <ServiceAccountUserName>%USER%</ServiceAccountUserName>, enter the BizTalk domain account user name as Domain\UserName.

    To create more hosts, add another <HostData> section with the options lists previously.

    <ServersForDefaultHosts>

    Enter the BizTalk Server virtual machine fully qualified domain name (FQDN) that is the default/master virtual machine in the BizTalk Group.

    Action Item:

    Required. Enter the FQDN of the master BizTalk Server virtual machine. For example, enter:

    <ServersForDefaultHosts xmlns:a="https://schemas.microsoft.com/2003/10/Serialization/Arrays">
       <a:string>BTS2013Test1.YourDomain.com</a:string>
    </ServersForDefaultHosts>

    Important

    When entering virtual machine information, always enter the fully qualified domain name (FQDN).

    <ServiceAccountData>

    Enter the domain account (Domain\UserName) and its password to run the services. In this release, the password is in clear text.

    Action Item:

    Required. Enter the domain user name (Domain\UserName) and its password to run the individual services. The same domain account can be used for all services or a different domain account can be used for all services. For example, enter:

    <ServiceAccountData>
       <BREServiceAccountPassword>BizTalkAccountPASSWORD</BREServiceAccountPassword>
       <BREServiceAccountUserName>myDomain\BizTalkAccount</BREServiceAccountUserName>
       <DefaultInProcHostPassword>BizTalkAccountPASSWORD</DefaultInProcHostPassword>
       <DefaultInProcHostUserName>myDomain\BizTalkAccount</DefaultInProcHostUserName>
       <DefaultIsolatedHostPassword>BizTalkAccountPASSWORD</DefaultIsolatedHostPassword>
       <DefaultIsolatedHostUserName>myDomain\BizTalkAccount</DefaultIsolatedHostUserName>
       <SSOServiceAccountPassword>BizTalkAccountPASSWORD</SSOServiceAccountPassword>
       <SSOServiceAccountUserName>myDomain\BizTalkAccount</SSOServiceAccountUserName>
    </ServiceAccountData>
  4. Save the file in the C:\BizTalk_Provisioning folder. Any file name can be used. Give it a unique name so you know what the file is for. Also consider adding the date to the file. For example, name it Azure_myBTSConfigMulti_073113.xml.

When the XML file is created, you are ready to run the provisioning tool to configure the BizTalk Group.

Run the Provisioning tool

When the BizTalk Server virtual machine is created, the C:\BizTalk_Provisioning folder is automatically created. This folder contains the Provisioning tools to configure a BizTalk Group using multiple virtual machines.

Important

The tools in the C:\BizTalk_Provisioning folder must always reside in the C:\BizTalk_Provisioning folder. Do not change the path.

To run the Provisioning tool

  1. In the C:\BizTalk_Provisioning folder, the Microsoft.Cloud.BizTalk.Provisioning.Client.exe.config file specifies “none” as the security mode:

    <bindings>
          <basicHttpBinding>
            <binding name="provisioningServiceBindingConfiguration">
              <security mode="None"/>
            </binding>
          </basicHttpBinding>
        </bindings>
    

    Any WCF security mode can be used. WCF Security Fundamentals provides more information on WCF Security. Specifically, go to the Transfer Security section. Security Mode options include:

    None

    No security is provided; all information is passed in clear text.

    Transport

    Mutual authentication and message protection are provided at the transport level.

    Message

    Mutual authentication and message protection are provided at the message level.

    Both

    Mutual authentication and message protection are provided at both the transport and message levels. This option is far more than is necessary for most scenarios.

    TransportWithMessageCredential

    Client authentication is provided at the message level, and message protection and service authentication are provided at the transport level.

    TransportCredentialOnly

    Mutual authentication is provided at the transport level; no message protection is provided. This option is available only on basicHttpBinding.

  2. On all BizTalk Server virtual machines in the Group, do the following:

    1. Open Windows PowerShell as an Administrator.

    2. Go to the C:\BizTalk_Provisioning folder. For example, type:

      cd C:\BizTalk_Provisioning
      

      Hit Enter.

    3. Enter the following to start LocalService.exe:

      .\Microsoft.Cloud.BizTalk.Provisioning.LocalService.exe
      

      Hit Enter.

    Microsoft.Cloud.BizTalk.Provisioning.LocalService.exe is running and listed as a process in Task Manager. To confirm, open Task Manager and click the Processes tab. Microsoft.Cloud.BizTalk.Provisioning.LocalService.exe is listed and using the logged-on user name.

  3. On only one BizTalk Server virtual machine, do the following:

    1. Open Windows PowerShell as an Administrator.

    2. Go to the C:\BizTalk_Provisioning folder. For example, type:

      cd C:\BizTalk_Provisioning
      

      Hit Enter.

    3. Enter the following to run Client.exe:

      .\Microsoft.Cloud.BizTalk.Provisioning.Client.exe YourXMLFileName
      

      For example, enter:

      .\Microsoft.Cloud.BizTalk.Provisioning.Client.exe Azure_myBTSConfigMulti_073112.xml
      

      Hit Enter.

    The Client tool configures the virtual machines listed in the XML file. The progress of each configuration task is displayed in the Windows PowerShell window.

When the configuration tasks complete, BizTalk Server is automatically configured on all virtual machines in the Group.

You can also open BizTalk Server Configuration from the Start menu to see the options you configured. If you change the BizTalk Server configuration, you must use the Client.exe tool with the XML file. Do not make changes in BizTalk Server Configuration on the Start menu.

Previous Topics

Create a BizTalk Virtual Machine in Azure

Create the BizTalk Group Prerequisites | Azure Virtual Machine

Configure the BizTalk Group | Azure Virtual Machine

See Also

Concepts

Configure using BizTalk Configuration | Azure Virtual Machine