I am approaching this from the point of view, I have not
used it and I want to use it, and get it to do what it says on the box, monitor
BizTalk.
Let’s start with actually getting it working…..
First blocker, the install, for some reason, even though I
am an admin on the box, and I can install BizTalk fully, I need to go to a
command prompt and run this as an administrator. I can install a BizTalk MSI
which creates a website without needing to be an administrator; however this
seems to have problems here.
Now we have it installed, we click the link on BizTalk 360,
after a short pause we are greeted with this screen, nothing else to tell us
why or what to do, just this screen. Now
the user of whom we selected does not have access to the management database,
we selected the isolatedhost user, that can talk to this database…. For some
reason it’s not allowing us to? With no detail… great.
We change the user to another user, recycle the app pool,
and reload the site….
I don’t quite know what to make of this… so we poke around,
and configure the environment. Now our
BizTalk is installed on the machine we are running this on, as it kind of
needed it to have all the BizTalk Bits, so it should know where the management
database is, as it’s stored in the registry. The default SQL instance and the
standard name for the BizTalk Management database needs to be entered here. We
press Test Connection, it never returns, we waited for about 10 minutes, and it
never came back, just a circle spinning endlessly.
Read the documentation, they want us to use mixed mode
authentication and use the BizTalk360 user it tried to covertly create for us,
well bad news BizTalk 360, this is in violation of our security policy and not
allowed, and this is not uncommon, most organisations have this as their policy.
Strike 1.
Refresh the web page after also putting the license key in….
our Licence type is unknown… not sure what this means.
I notice a license icon next to the list, it brings up
request new license, so I try and generate a request. Press the button…
Even though the user has permissions…..
I tweak some more, fudge it more….
I can then press the generate license request. It wants to send some highly confidential
information, as part of this request, the domain name, the admin group name,
the server name, this I am simply not allowed to give to an external party, and
I am unable to go any further with this.
company:WWW|adminGroup:{Domain}\{Removed} BizTalk Server
Administrators|mgmtSqlInstance: {Removed Server Name} |mgmtDbName:BizTalkMgmtDb|BizTalkVersion:3.10.229|EnvironmentType:Non-Production
I did have a license key however, and it still comes up
unknown….
More tweaking it around…. I get to the dashboard…. Again I’m
running as a user who is now the db owner of all of the BizTalk Databases,
highly unorthodox, but it is the only way I could get this thing to even get me
this far. Then I am blocked again….
Why this occurs? I have no clue; it’s just not going very
well for this product.
The fact it’s actually querying the message box does not sit
well with me, this database is used by every host instance, every
orchestration, almost every second, and it’s a very intense usage database,
that you don’t just run queries in a production environment, which are not
supported by the product group.
I finally got it to work… well kind of, after giving my app
pool user, ownership, which is VERY risky, but this is a sandbox, and I want to
make it work… Then I find I need yet another BizTalk Database to be given
access… The DTA Database… again, not something you should really be querying.
Continue to click down on the list of things you can do, BAM
Views… same problem, my App Pool user does not have access, and why would it?
Looking further, at the advanced event viewer, which
basically looks at the event log.
The filter I did, gave 100% BizTalk 360 errors… What’s even
stranger is that the errors are about sending emails, of which I have not
turned on, and thus not configured to send.
I bypass this, configure it all up.... Next test, all configured, alarms set, and monitoring setup.
I am monitoring a send port, and a receive location for x Number
of transactions per hour.
I am also monitoring orchestrations that stop in a particular application.
I am sitting on the monitoring dashboard, which refreshes
every 60 seconds.
My environment is saying it’s healthy. I filter for errors.
I stop the orchestrations I am monitoring, I wait….
One refresh, still healthy, two refreshes, still healthy a
manual refresh still healthy.
BizTalk 360 is not looking too healthy. It never tells me it’s not running….. It never
tells me later that no transactions went down the port…. BizTalk 360 FAIL, it just does not tell me....
On the whole, BizTalk 360 is trying to be the BizTalk admin
console, with insufficient permissions, and bypassing proper administrator
permissions, allowing ANYONE to get on here, even people who would otherwise
not have permissions to BizTalk. It bypasses all the security of BizTalk
Groups, the BizTalk Administrators group, the BizTalk Operators Group.
It bypasses all BAM related permissions for specific users,
allowing the user to see things in BAM they would not ordinarily be allowed to
see.
It does not monitor, of which one of its key features is, I
received not one alert, and not one dashboard said things were bad. It always
said my environment was healthy, several hours after I made it quite unhealthy.
It could only monitor things like orchestration running, and
send and receive port transactions. We have MANY processes that are ESB processes,
which use direct ports, and send messages to the message box, and are routed to
other subscribers internally. None of this can be monitored.
It uses queries against the message box, management
database, DTA database, BAM database and ESB database. A direct query of these
databases is highly unorthodox, and very dangerous. I have several queries that
can provide much of the detail, but I am NOT ALLOWED to, and do not run these
on production, it’s downright dangerous to run un-supported queries on a
production environment, particularly those running with their own permissions.
It tries to be the BizTalk Admin Console, of what the
BizTalk Admin console is designed to be and ships free with the product, and
can run on an operators desktop.
It tries to be the BAM portal, which comes free with
BizTalk, which was built for BAM, and bypasses all permissions of this portal,
in a very bad way given the data here can be highly confidential.
It tries to monitor BizTalk, which did not seem to work for
me, but it’s running queries, multiple queries against the BizTalk databases,
every 60 seconds, these are putting additional load on your BizTalk environment,
and possibly blocking queries from BizTalk itself, highly dangerous.
The majority of things it does, come with the product, they
actually make it harder to do than in the BizTalk Admin console, which has its
own permission set, you can bypass this by granting a user super user access to
specific applications only, which is nice, but it’s a bypass of the permission
set.
Would I use and thus recommend BizTalk 360?
Do not get me wrong, I looked at this tool, and configured
everything and after many problems got it working, and set up all the features,
and put it through its paces, I actually wanted it to work, if what’s written
on packaging, and in all the hype around this tool.
So would I use it? Absolutely not.
Why Not?
I get better and more precise monitoring from BAM, I get better
alerting from BAM. I can see not just that there was a problem with system X
which uses port Y, I can see what it is, I can see the number of transactions,
the volume, or lack of volume, which transaction is effected, and why. I can do
this for ESB to ESB transactions as well. I can better engage the business of
whom is the ultimate owner of this and give them such great detail that they
are often astounded by the level of knowledge we have about what’s going on.
If I use the System Centre Management pack for BizTalk, I
can hook into just about every alert and event that gets raised in BizTalk.
There are MANY perfmon counters that expose pretty much most of what’s
happening in BizTalk, and you can configure monitoring of this in a much more
supported fashion than what is exposed in BizTalk 360.
This puts me in a more supported situation, and 100% of this
is free, in that it ships with the product, is supported and works, why would I
use something else that does not work, and is not supported, in an organisations
production environment that runs its core operations and controls a greater
than million or billion dollar business…. I am not going to take a chance like
this ever.
There is no way I could even convince the business to do so
with risk factors like this.
