Sunday, June 29, 2014

BizTalk360 Review and summary

I am going to provide a review and summary of BizTalk 360.

I am approaching this from the point of view, I have not used it and I want to use it, and get it to do what it says on the box, monitor BizTalk.

Let’s start with actually getting it working…..

First blocker, the install, for some reason, even though I am an admin on the box, and I can install BizTalk fully, I need to go to a command prompt and run this as an administrator. I can install a BizTalk MSI which creates a website without needing to be an administrator; however this seems to have problems here.

Now we have it installed, we click the link on BizTalk 360, after a short pause we are greeted with this screen, nothing else to tell us why or what to do, just this screen.  Now the user of whom we selected does not have access to the management database, we selected the isolatedhost user, that can talk to this database…. For some reason it’s not allowing us to? With no detail… great.

We change the user to another user, recycle the app pool, and reload the site….

I don’t quite know what to make of this… so we poke around, and configure the environment.  Now our BizTalk is installed on the machine we are running this on, as it kind of needed it to have all the BizTalk Bits, so it should know where the management database is, as it’s stored in the registry. The default SQL instance and the standard name for the BizTalk Management database needs to be entered here. We press Test Connection, it never returns, we waited for about 10 minutes, and it never came back, just a circle spinning endlessly.

Read the documentation, they want us to use mixed mode authentication and use the BizTalk360 user it tried to covertly create for us, well bad news BizTalk 360, this is in violation of our security policy and not allowed, and this is not uncommon, most organisations have this as their policy. Strike 1.

Refresh the web page after also putting the license key in…. our Licence type is unknown… not sure what this means.

I notice a license icon next to the list, it brings up request new license, so I try and generate a request. Press the button…

Even though the user has permissions…..

I tweak some more, fudge it more….

I can then press the generate license request.  It wants to send some highly confidential information, as part of this request, the domain name, the admin group name, the server name, this I am simply not allowed to give to an external party, and I am unable to go any further with this.

company:WWW|adminGroup:{Domain}\{Removed} BizTalk Server Administrators|mgmtSqlInstance: {Removed Server Name} |mgmtDbName:BizTalkMgmtDb|BizTalkVersion:3.10.229|EnvironmentType:Non-Production

I did have a license key however, and it still comes up unknown….

More tweaking it around…. I get to the dashboard…. Again I’m running as a user who is now the db owner of all of the BizTalk Databases, highly unorthodox, but it is the only way I could get this thing to even get me this far. Then I am blocked again….

Why this occurs? I have no clue; it’s just not going very well for this product.

The fact it’s actually querying the message box does not sit well with me, this database is used by every host instance, every orchestration, almost every second, and it’s a very intense usage database, that you don’t just run queries in a production environment, which are not supported by the product group.

I finally got it to work… well kind of, after giving my app pool user, ownership, which is VERY risky, but this is a sandbox, and I want to make it work… Then I find I need yet another BizTalk Database to be given access… The DTA Database… again, not something you should really be querying.

Continue to click down on the list of things you can do, BAM Views… same problem, my App Pool user does not have access, and why would it?

Looking further, at the advanced event viewer, which basically looks at the event log.

The filter I did, gave 100% BizTalk 360 errors… What’s even stranger is that the errors are about sending emails, of which I have not turned on, and thus not configured to send.

I bypass this, configure it all up.... Next test, all configured, alarms set, and monitoring setup.

I am monitoring a send port, and a receive location for x Number of transactions per hour.

I am also monitoring orchestrations that stop in a particular application.

I am sitting on the monitoring dashboard, which refreshes every 60 seconds.

My environment is saying it’s healthy. I filter for errors.

I stop the orchestrations I am monitoring, I wait….

One refresh, still healthy, two refreshes, still healthy a manual refresh still healthy.

BizTalk 360 is not looking too healthy.  It never tells me it’s not running….. It never tells me later that no transactions went down the port…. BizTalk 360 FAIL, it just does not tell me....

On the whole, BizTalk 360 is trying to be the BizTalk admin console, with insufficient permissions, and bypassing proper administrator permissions, allowing ANYONE to get on here, even people who would otherwise not have permissions to BizTalk. It bypasses all the security of BizTalk Groups, the BizTalk Administrators group, the BizTalk Operators Group.

It bypasses all BAM related permissions for specific users, allowing the user to see things in BAM they would not ordinarily be allowed to see.

It does not monitor, of which one of its key features is, I received not one alert, and not one dashboard said things were bad. It always said my environment was healthy, several hours after I made it quite unhealthy.

It could only monitor things like orchestration running, and send and receive port transactions. We have MANY processes that are ESB processes, which use direct ports, and send messages to the message box, and are routed to other subscribers internally. None of this can be monitored.

It uses queries against the message box, management database, DTA database, BAM database and ESB database. A direct query of these databases is highly unorthodox, and very dangerous. I have several queries that can provide much of the detail, but I am NOT ALLOWED to, and do not run these on production, it’s downright dangerous to run un-supported queries on a production environment, particularly those running with their own permissions.

It tries to be the BizTalk Admin Console, of what the BizTalk Admin console is designed to be and ships free with the product, and can run on an operators desktop.

It tries to be the BAM portal, which comes free with BizTalk, which was built for BAM, and bypasses all permissions of this portal, in a very bad way given the data here can be highly confidential.

It tries to monitor BizTalk, which did not seem to work for me, but it’s running queries, multiple queries against the BizTalk databases, every 60 seconds, these are putting additional load on your BizTalk environment, and possibly blocking queries from BizTalk itself, highly dangerous.

The majority of things it does, come with the product, they actually make it harder to do than in the BizTalk Admin console, which has its own permission set, you can bypass this by granting a user super user access to specific applications only, which is nice, but it’s a bypass of the permission set.

Would I use and thus recommend BizTalk 360?

Do not get me wrong, I looked at this tool, and configured everything and after many problems got it working, and set up all the features, and put it through its paces, I actually wanted it to work, if what’s written on packaging, and in all the hype around this tool.

So would I use it? Absolutely not.

Why Not?

I get better and more precise monitoring from BAM, I get better alerting from BAM. I can see not just that there was a problem with system X which uses port Y, I can see what it is, I can see the number of transactions, the volume, or lack of volume, which transaction is effected, and why. I can do this for ESB to ESB transactions as well. I can better engage the business of whom is the ultimate owner of this and give them such great detail that they are often astounded by the level of knowledge we have about what’s going on.

If I use the System Centre Management pack for BizTalk, I can hook into just about every alert and event that gets raised in BizTalk. There are MANY perfmon counters that expose pretty much most of what’s happening in BizTalk, and you can configure monitoring of this in a much more supported fashion than what is exposed in BizTalk 360.

This puts me in a more supported situation, and 100% of this is free, in that it ships with the product, is supported and works, why would I use something else that does not work, and is not supported, in an organisations production environment that runs its core operations and controls a greater than million or billion dollar business…. I am not going to take a chance like this ever.

There is no way I could even convince the business to do so with risk factors like this.

No comments: