Overview

The scenario outlined in this document gives you a basic example of how to setup BAM (Business Activity Monitoring) in a multi-computer environment. This articles applies to BizTalk Server 2010 and BizTalk Server 2013.

Scenario

This scenario uses a single physical server that runs on Windows Server Hyper-V. On this platform, you host three virtual machines (Server 1, Server 2 and Server 3) having the same operating system.  The following table describes the roles of three servers that are used in this scenario.

 Server  Description

Server1

BizTalk Runtime Server

Server2

BizTalk BAM Server

Server3

SQL Server

BizTalk Runtime Server (Server 1): The BizTalk Runtime Server configuration consists of the following:
  • Creating a new SSO system by creating a new SSO database
  • Creating a new BizTalk Group

When you configure SSO server settings and BizTalk Group in the BizTalk Server Configuration tool, BizTalk Server typically creates four databases (BizTalk Server Management database, MessageBox databases, Tracking database, and SSO database) on the SQL Server that hosts the configuration database.

BizTalk BAM Server (Server 2): The BizTalk BAM Server has the major BizTalk Server BAM components installed and configured. The BAM components depend on SQL Server components. Therefore, they must also be installed on this server. One important thing to note is that the BAM Server has to be a BizTalk member server in a BizTalk Group. This means that it has to join a BizTalk group.

Installing BizTalk Server and SQL Server Components

The following table describes the BizTalk Server 2010 and SQL Server 2008 R2 software components that you have to install in Server 1, Server 2 and Server 3.

 Server  Description  Software Components 

Server1

BizTalk Runtime Server

Install BizTalk Server with the following components:
  • Server Runtime
    • BizTalk EDI/AS2 Runtime
    • Windows Communication Foundation
  • Additional Software
    • Enterprise Single Sign-On Administration
    • Enterprise Single Sign-On Master Secret

Server2

BizTalk BAM Server

Install BizTalk Server with the following components: 
  • Portal Components
    • Enable Business Activity Monitoring
  • Developer Tools and SDK (Optional)
  • Documentation (Optional)
  • Additional Software
    • BAM Alert Provider for SQL Notification Services
    • BAM Client
    • BAM-Eventing
    • Enterprise Single Sign-On Administration
    • Enterprise Single Sign-On Master Secret
  • Install SQL Server Enterprise Edition with the following component
    • SQL Server Management Tools (Basic and Complete)
  • Install SQL Server 2005 Notifications Services. This includes the following files:
  • Install Visual Studio 2010 (Optional)

Server3

SQL Server

Install SQL Server Enterprise Edition which includes the following components:

  • SQL Server core engine
  • SQL  Server SSIS
  • SQL Server SSAS
To install BizTalk Server 2010 and SQL Server 2008 R2 software components as listed in this table, see Installing BizTalk Server 2010 on Windows Server 2008 R2 and 2008 SP2 (http://go.microsoft.com/fwlink/?LinkID=191321&clcid=0x409).

Configuring BAM

As a part of multi-computer environment, while configuring BizTalk Runtime Server (Server 1) and BizTalk BAM Server (Server 2) you need to select the Custom Configuration option in the BizTalk Server Configuration tool.

Prerequisites

Consider the following before you configure BAM:

  • Security and Accounts
  • Domain Accounts 
  • Enable Microsoft Distributed Transaction Coordinator (MS DTC) and configure Windows Firewall with Advanced Security
  • The account that you are logged on as must be a part of the local administrators group and have System Administrator rights on all servers

Security and Accounts

You must use domain accounts for a multi-server BizTalk Server configuration. BizTalk Server supports domain group and user accounts in both single and multiple computer configurations.

To use domain accounts for a multi-server BizTalk Server configuration, you must do that following: 

  • You must manually create the groups and the user accounts before you configure BizTalk Server. The BizTalk Server Configuration Manager cannot create domain groups.
  • After you create domain groups and/or user accounts, add user accounts to the correct groups according to the group affiliations in Windows Groups and User Accounts.
  • Use <DomainName>\<UserName> when specifying domain account information in the BizTalk Server Configuration Manager.

To make it easier to explain the security configuration, this document uses a fictitious domain name called “Contoso”, and the password is pass@word1 for all the accounts. You must replace them with the actual domain name and password during the installation and configuration. A default installer account called “BTSlabs” is used to configure the servers/workstations.

Domain Accounts

The following table lists the Windows groups the domain administrator needs to create for the SQL Server configuration in Server 3. These group accounts can be either global domain accounts or universal domain accounts.



Group Name (suggested)  Purpose
 SSO Administrators The SSO administrator account is a highly privileged account in the BizTalk SSO system.
 SSO Affiliate Administrators This group account includes the administrators of certain SSO affiliate applications. This group is only used if you use the account mapping function of SSO. However, the account is required during SSO configuration.
 BizTalk Server Administrators
  • Has the least privileges necessary to perform administrative tasks.
  • Can deploy solutions, manage applications, and resolve message processing issues.
  • To perform administrative tasks for adapters, receive and send handlers, and receive locations, the BizTalk Server Administrators must be added to the Single Sign-On Affiliate Administrators.
 BizTalk Server Operators Has a low privilege role with access only to monitoring and troubleshooting actions.
 BizTalk Application Users
  • The default name of the first In-Process BizTalk Host Group created by Configuration Manager.
  • Use one BizTalk Host Group for each In-Process host in your environment.
  • Includes accounts with access to In-Process BizTalk Hosts (hosts processes in BizTalk Server, BTSNTSvc.exe).
 BizTalk Isolated Host Users
  • The default name of the first Isolated BizTalk Host Group that Is created by Configuration Manager. Isolated BizTalk hosts not running on BizTalk Server, such as HTTP and SOAP.
  • Use one BizTalk Isolated Host Group for each Isolated Host in your environment.
 BAM Portal Users Has access to BAM Portal Website
The following table lists the domain accounts for the domain administrator to create for the SQL Server configuration. The domain administrator must make sure that the accounts are members of the group indicated.

Account Name (suggested) Type   Member of Group  Purpose
BTSlabs User User
  • SSO Administrators
  • Domain Users
  • Local Administrators
 
This account with administrative rights is required for installing and configuring SQL Server. Rights can be revoked or the account disabled as soon as setup and configuration are complete.
SQLService  Service  

Domain Users

This is the service account for running SQL Server Database Services. This account needs to be granted the “Log on as service user right.” The SQL Server installer program grants the permissions automatically during the installation.

There are 4 services that come with the Databases Services component and the Analysis Services component: SQL Server, SQL Server Agent, Analysis Services, and SQL Browser. For more information about these services, see SQL Server Books Online (http://go.microsoft.com/fwlink/?LinkId=120004). In this article, the SQLService account is used as the service account for all 4 services.
SSOService  Service  
  • SSO Administrators
  • Domain Users
This is the service account for running the SSO service.
BTService  Service  

Domain Users

This is a generic BizTalk Server service account. If you do not want to create dedicated accounts for the various BizTalk Server services, you can use it.
BTServiceHost  Service
  • BizTalk Application User
  • Domain users
This is the service account for running BizTalk Server service.  

 

BTServiceHostIso  User
  • BizTalk Isolated Host Users
  • Domain Users

This is the service account for running BizTalk Server service.

 

BizTalk Server service. 

BAMMgmtWSUser  User
  • Domain Users
  • IIS_WPG
User account for BAM Management Web service (BAMManagementService) to access various BAM resources. BAM Portal calls BAMManagementService to retrieve information about user credentials, activities, views, alerts, and configuration information. BAM metadata is thus secured by restricting back-end access to the account used by the BAM Management Web service logon.
 BAMAppPoolUser  User
  • Domain Users
  • IIS_WPG
Application pool account for BAMAppPool which hosts BAM Portal Website

Enable TCP/IP and Named Pipes

To facilitate transactions between SQL Server and BizTalk Server, you must enable TCP/IP and Named Pipes in SQL Server (Server 3). To enable TCP/IP and Named Pipes

  1. Click Start, click All Programs, click Microsoft SQL Server, click Configuration Tools, and then click SQL Server Configuration Manager.
  2. In the left pane, expand SQL Server Network Configuration.
  3. Click Protocols for MSSQLSERVER.
  4. Verify that both TCP/IP and Named Pipes are enabled. If they are, go to Step 5. If either is not, follow these steps:
    1. Right-click the protocol, and then click Enable.
    2. Repeat to enable the other protocol if it is necessary.
    3. In the left pane, click SQL Server Services.
    4. In the right pane, right-click SQL Server (MSSQLSERVER), and then click Stop.
    5. When the service has stopped, right-click SQL Server (MSSQLSERVER) again, and then click Start.
  5. The steps above stops the NS$BAMAlerts service. You must restart the service
  6. Close the Configuration Manager.

Enable Microsoft Distributed Transaction Coordinator (MS DTC) and configure Windows Firewall with Advanced Security

To facilitate transactions between all the three servers (Server 1, Server 2 and Server 3), you must enable Microsoft Distributed Transaction Coordinator (MS DTC) and configure Windows Firewall with Advanced Security on all the three servers. To enable MS DTC and configure Windows Firewall with Advanced Security: 

  1. Click Start, click Run, type dcomcnfg and then click OK to open Component Services.
  2. In the console tree, expand Component Services, expand Computers, expand My Computer, expand Distributed Transaction Coordinator, and then click Local DTC.
  3. Right-click Local DTC and then click Properties to display the Local DTC Properties dialog box.
  4. Click the Security tab.
  5. Ensure that the following four options is selected, and all others are cleared:
    • Network DTC Access
    • Allow Inbound
    • Allow Outbound
    • No Authentication Required
  6. Click OK to close the Local DTC Properties dialog box. If you are prompted to restart the MSDTC service, click Yes.
  7. Close Component Services.
  8. Click Start, point to Administrative Tools, and then click Windows Firewall with Advanced Security.
  9. In Windows Firewall with Advanced Security, click Inbound Rules.
  10. In the Inbound Rules pane, right-click Distributed Transaction Coordinator * (as appropriate), and then click Enable Rule.
  11. In Windows Firewall with Advanced Security, click Outbound Rules.
  12. In the Outbound Rules pane, right-click Distributed Transaction Coordinator * (as appropriate), and then click Enable Rule.
  13. On the Control Panel (View by: Large/Small icons), double-click Administrative Tools.
  14. In the right pane, double-click Services.
  15. In the right pane of Services (Local), right-click COM+ System Application, click Restart, and wait for the service to restart.
  16. Right-click and restart the Distributed Transaction Coordinator service.
  17. Right-click and restart the SQL Server (MSSQLSERVER) service.
  18. Close Services (Local), and then close Administrative Tools.
  19. Restart your computer.

Configuring BizTalk Runtime Server (Server 1)

To configure BizTalk Runtime Server (Server 1)

  1. Click Start, point to All Programs, point to Microsoft BizTalk Server, and then click BizTalk Server Configuration.
  2. On the Microsoft BizTalk Server Configuration page, select Custom Configuration, enter the following values, and then click Configure.        
     Name     Value

    Database server name

    Server 3 (the host name of the SQL Server)

    User name

    Contoso\SSOService (Typically a generic BizTalk Server service account is used here. Because you only configure SSO, the SSO Service account is used here.)

    Password

    pass@word1

  3. In the left pane, click Enterprise SSO.
  4. In the right pane, enter or select the following values:
  5.  Name     Value
    Enable Enterprise Single Sign-ON on this computer (Checked)
     Create a new SSO system (selected)
    SSO Database: Server Name Server 3 (the host name of the SQL Server)

    Database server name

    Server 3 (the host name of the SQL Server)

    SSO Database: Database Name (the default name is SSODB) 

    Enterprise Single Sign-ON Service: Account

    Contoso\SSOService

    SSO Administrator(s): Windows Group

    Contoso\SSO Administrators

    In the left pane, click Enterprise SSO Secret Backup. The Enterprise SSO secret is very critical. You must back it up to a file. It is a good practice to burn the key into a CD and store the CD in a safe place.
  6. In the right pane, enter the password and the backup file location. In the left pane, click Group. In the details pane, enter the following values:
  7.  Name     Value
    Enable Enterprise Single Sign-ON on this computer (checked)
    Create a new SSO system (selected)
    SSO Database: Server Name Server 3 (the host name of the SQL Server)

    Database server name

    Server 3 (the host name of the SQL Server)

    SSO Database: Database Name (the default name is SSODB) 

    Enterprise Single Sign-ON Service: Account

    Contoso\SSOService

    SSO Administrator(s): Windows Group

    Contoso\SSO Administrators

    You select the Create a new BizTalk Group option to create a new group and its Configuration database.
  8. In the left pane, click BizTalk Runtime, and then enter or select the following values:
  9.  Name     Value
    Register the BizTalk Server runtime components (selected)

    Create In-Process Host and Instance

    Trusted

     

    (selected)

    (selected)

    Host name: (the default name is BizTalkServerApplication)

    Create In-Process Host and Instance

    Trusted

    (selected)

    (selected)

    Isolated Host name: (the default name is BizTalkServerIsolatedHost)

    BizTalk Host Instance Account 

    Contoso\BTServiceHost

    BizTalk Host Instance Account: password 

    pass@word1

    BizTalk Isolated Host Instance Account Contoso\BTServiceHostIso
    BizTalk Isolated Host Instance Account: password pass@word1
    BizTalk Host Users Group Contoso\BizTalk Application Users
     BizTalk Isolated Host Users Group Contoso\BizTalk Isolated Host Users
    Click Apply Configuration.
  10. On the Summary page, to apply the configuration, click Next.
  11. Verify that the Configuration Result is Success, and then click Finish.

Configuring BizTalk BAM Server (Server 2)

To configure BizTalk BAM Server (Server 2)  

  1. Click Start, point to All Programs, point to Microsoft BizTalk Server, and then click BizTalk Server Configuration.
  2. On the Microsoft BizTalk Server Configuration page, choose Custom Configuration, enter the following values, and then click Configure.
  3.  Name     Value

    Database server name

    Server 3 (the host name of the SQL Server where the master secret server is configured)

    Service credential: User name

    Contoso\BTService

    Service credential: Password

    pass@word1

    In the left pane, click Enterprise SSO. In the details pane, enter or select the following values:
  4.  Name     Value

    Enable Enterprise Single Sign-On on this computer

    (checked)

    Join an existing SSO system

    (selected)

    Data stores: Server Name

    pass@word1

    Data stores: Database Name Server 3 (the host name of the SQL Server for BizTalk Server)

     (the default SSO database name is SSODB) 
    Windows service: Account Contoso\SSOService 
    Windows service: password  pass@word1
    In the left pane, click Group. In the details pane, enter the following values:

     Name     Value

    Enable BizTalk Server Group on this computer

     (checked)

    Join an existing BizTalk Group 

    (selected)

    BizTalk Management Database: Server Name

    Server 3 (the host name of the SQL Server)

    BizTalk Management Database: Database Name (the default name is BizTalkMgmtDb)
  5. In the left pane, click BizTalk Runtime, and then enter or select the following values:
     Name     Value

    Register the BizTalk Server runtime components 

    (cleared)

  6. In the left pane, click BAM Tools, and then enter or select the following values:
     Name     Value

    Enable Business Activity Monitoring tools

    (selected)

    Enable Analysis Services for BAM aggregations

    (selected)

    BAM Primary Import Database: Server Name

    Server 3 (the SQL Server host name)

    BAM Primary Import Database: Database Name (the default name is BAMPrimaryImport)
    BAM Archive Database: Server Name Server 3 (the SQL Server host name)
    BAM Archive Database: Database Name (the default name is BAMArchive)
    BAM Analysis Database: Server Name   Server 3 (the SQL Server host name) 
    BAM Analysis Database: Database Name (the default name is BAMAnalysis) 
    BAM Star Schema Database: Server Name  Server 3 (the SQL Server host name) 
    BAM Star Schema Database: Database Name   (the default name is BAMStarSchema) 
  7. In the left pane, click BAM Alerts, and then enter or select the following values:

    Note

    BAM alerts require SSNS installed on the local computer, and BAM tools to be enabled.
     Name     Value

    Enable SQL Notification Services for BAM alerts

    (selected)

    Windows service

    Contoso\BTService

    BAM Alerts SMTP Server

    (the SMTP server that will be used to send the BAM alerts.)

    BAM Alerts File Location (the network share that will be used to store the BAM alerts.)

    Note

    You must manually create this share before BAM alerts can store the files.
    SQL Server for Alerts Databases

    Server 3 (the name of the SQL Server)
    Prefix for Alerts Database Names (a prefix that will be used for the alerts databases)
  8. In the left pane, click BAM Portal, and then enter or select the following values:
     Name     Value

    Enable BAM Portal

    (selected)

    BAM Management Web Service user 

    (domain)\BAMMgmtWSUser

    BAM Application Pool Account

    (domain)\BAMAppPoolUser

    BAM Portal Users (domain)\BAM Portal Users
    BAM Portal Web Site

    Default Web Site
  9. Click Apply Configuration.
  10. On the Summary page, to apply the configuration, click Next.
  11. Verify that the Configuration Result is Success, and then click Finish.
  12. Close Microsoft BizTalk Server 2010 Configuration.

Additional Resources

See Also

Read suggested related topics:

Another important place to find a huge amount of BizTalk related articles is the TechNet Wiki itself. The best entry point is BizTalk Server Resources on the TechNet Wiki.