May 2009 Blog Posts

BizTalk is one of those unusual products that doesn’t quite fit the usual server paradigm. Let me explain.

  • It uses webservices, but its not IIS.
  • Its uses SQL Server but its not a typical three tier app.
  • It does enterprise application integration (deep in the corporate network) but its also a B2B server as well (on the edge of the network).

So when people look to place BizTalk in the network it can be a tricky task.

But I want to give you one axiom to live by. BizTalk doesn’t belong in the DMZ. This is because by the time you’ve opened up all the ports to make BizTalk work, its no longer a DMZ. Its a just a subnet with a firewall.

Here’s why…

Description

Port

LDAP

389

LDAP SSL

636

RPC

135

RPC Internet ports (auto ports or user defined in dcomcnfg)

5000-5199

Global Catalog DCs

3268, 3269

IPSec

500

VPN-L2TP

1701

VPN-PPTP

1723

NAT-T

4500

Kerberos

88

DNS

53

HTTP

80

HTTPS (SSL)

443

SQL

1433-1434

FTP

20-21 + passive mode ports

Telnet

23

SSH

22

SMTP

25

POP3

110

MSMQ

1801, 2101, 2103, 2105, 2107, 3527

WINS

42

My contention here is that by the time you’ve opened up all those ports, its not really a DMZ anymore. Feel free to discuss this in the comments.

Here’s another lesser axiom. Don’t put a firewall between BizTalk and the messagebox unless you really really have to. Why? BizTalk’s use of SQL Server isn’t the typical 3 tier user of its messagebox. Any network latency between the BizTalk hosts and the messagebox is going to hurt you in performance. But more importantly than that, if there is a firewall in the middle it implies BizTalk hasn’t been positioned in the network using the correct paradigm.

I talked about these two axioms in my Tech.Ed presentation last year. You can see the slide deck from that presentation here

The solution that you should fight tooth and nail for is to have BizTalk deep in the corp network in the same subnet as the messagebox and expose all the endpoints via a reverse proxy (such as ISA Server). Don’t let the security guys tell you it has to be in the DMZ because it has webservices (its not the same as IIS) and don’t let them tell you it should be in its own subnet separated from SQL Server (its not a typical 3 tier app).

This is a vast over simplification of course and there are alternatives to be considered, but I do believe this is the principle and paradigm we should be using to place BizTalk in the network.

 

One of the privileges of writing a blog is that people send you free stuff. Well that's not really true, that never happens. Except very occasionally when someone wants something in return. Last week the folks at Packt Publishing emailed me and asked if I would review their latest BizTalk book on my blog. And because I’m not the kind of person that knocks back free stuff I said hell yeah.

So the book is called SOA Patterns with BizTalk Server 2009 and its by Richard Seroter.

When I saw this was by Richard my expectations were set high. He’s been around the BizTalk space forever and his blog is one of the more prolific and cogent around so expected it to be good.

I like the way this book is positioned. It is  “Targeted at individuals already familiar with BizTalk Server”  which suits me fine because I skip over introductory BizTalk materials a page at a time. But then the first two chapters are introductions to BizTalk, the BizTalk Visual Studio IDE and WCF. Which seemed unnecessary to me. But I guess no publisher could allow a book to be published with out *some*  introductory material. I was also amused to see Richard invoke the memory of BizTalk Server 2000 to show how far BizTalk has come…which is something I do from time to time and I guess when you’ve been around this stuff so long, you can’t help yourself.

But the bulk of this book is about BizTalk from a SOA perspective – not BizTalk.  And this is where the book comes into its own.  I particularly enjoyed chapter 7 which showed “Through the use of dynamic ports and direct binding, we can create very loosely-coupled processes that are capable of reuse”. Reuse is something a bit, shall we say, tricky with BizTalk so I learned a lot. Chapter 7, also talks about Complex Event Processing (CEP) with BizTalk which I haven’t seen anywhere else (although I just did a quick google for BizTalk and CEP and it seems there is some late breaking news).

Here is a link (free online) to Chapter 9: New SOA Capabilities in BizTalk Server 2009: WCF SQL Server Adapter

So, in conclusion, I would say, if you’re doing SOA type things with BizTalk go ahead and buy this book. But if you’re after a book that will show the general capabilities of BizTalk, this isn’t it.

And next week on this blog, I will be reviewing the Ferrari 599 GTB after they send me a free demo model to try out…oh wait, that's my Jeremy Clarkson daydream again…

I’ve been holding off on writing this post as I wanted to get some things clear first. You probably will have seen the news stories last week about 3500 layoffs Microsoft did around the world? Well sure enough, I got headshotted in that go around. I’m going to miss working at Microsoft on two counts. 1. I’m going to miss all the talented colleagues I got to associate with. Hanging around smart people naturally causes you to be smarter…  2. I’m going to miss techready. Techready is the Microsoft readiness event for FTEs..its like Tech.Ed but even more awesome. Its like disneyland for software nerds and I looked forward to it every year.

But you’re wondering what comes next…at this stage my plan is to keep doing what I’ve been doing the last few years…that is, helping my clients with their BizTalk systems. I’m going to continue to leverage my successful consulting track record and provide thought leadership, BizTalk know how, and development skills to my clients. I will be more specific about this over the next little while as things unfold.

If you’re a client I’ve worked with previously and you’re interested in having a chat, lets talk. Contact details at the bottom. What ever you paid for time before, I can assure you I’m now much cheaper.

If you’re a recruiter and have something interesting for me give me a call.

Contacting Mark Burch.

Phone +61 438 259060

Hit the contact button on my blog.

email me at…I’m not going to just type my email address because I’m already over run with spam so this is a small IQ test: My email address  is: myfirstname AT myfirstname mylastname DOT net

 

Hi everyone,

I’m building up my professional network. So I’ve signed up to Linkedin. I’m still getting settled in over there but I wanted to give a call out to all my blog readers to say ‘connect me’. Is that what you say on linkedin? I usually say “friend me” but that's on facebook and I don’t want to  be acting all newbie on a professional site.

My profile is at http://www.linkedin.com/in/biztorque

Looking forward to connecting with you.

Mark