BizTalk Server: Security
BizTalk Server features a variety of built-in security functions, providing the framework for businesses to securely exchange data with trading partners.
BizTalk Server controls access to SQL Server by leveraging SQL Server integrated security. With SQL Server integrated security, SQL Server relies on Windows Authentication to grant access to SQL Server resources. By default, all accounts that need to access one of the SQL Server databases required by BizTalk Server must be given a SQL Server integrated logon and be granted access to the database.
BizTalk Server takes advantage of the following security features offered through Microsoft Windows 2000 security:
• Windows account security and local policies
• Integrated Windows and SQL Server logon security
• Microsoft Component Services security and roles
• Public-key infrastructure (PKI)
• CryptoAPI
• Smart cards
• Kerberos protocol
BizTalk Server controls security between trading partners through the use of PKI and Secure Multipurpose Internet Mail Extensions (S/MIME). By exchanging public and private key certificates, trading partners can authenticate each other and encrypt communications through the use of X.509 digitally signed messages and S/MIME (or custom encryption using their own components).
Because BizTalk Server takes advantage of Windows 2000 Secure Sockets Layer (SSL), trading partners can create and use Web pages to securely exchange data over the Internet. SSL, which is implemented in Internet Information Services (IIS), is a protocol that provides privacy between a Web client and a Web server. The protocol begins with a handshake phase that negotiates an encryption algorithm, checks the keys (public and private), and authenticates the server to the client. After the handshake is complete and application data transmission begins, all data is encrypted by using the session keys negotiated during the handshake. Support for open PKI standards and secure protocols, such as IPSec, L2TP, SSL/TLS, and S/MIME, enables a network to be extended to suppliers and partners quickly, while protecting against impostors, data theft, and malicious hackers.