Friday, August 26, 2011

BizTalk: /n Software Read Only (S)FTP Locations

Another /n Software feature that I recently learned about involves Read Only FTP locations.  The idea behind this feature is the the source system does not want you to remove the file once it has been downloaded.  This could be for a variety of reasons including the file may be available to multiple consumers or the source system would like to archive the file once it has been consumed.

Read only FTP locations is a new supported scenario with BizTalk 2010.  /n Software has supported this scenario for at least a few years.  You can enable this feature by simply specifying the Delete Mode as Never on a Receive Location that is using the /n Software adapter.

image

So this is all very intriguing,  I am sure,  but it is pretty obvious so why does this deserve a blog post?  The reason for the blog post is to discuss a lesser known property called DownloadCacheFile. After scanning your receive location you will discover that this property is not visible.  This property is exposed through the Other property.  Within this property we can specify DownloadCacheFile=c:\myCacheFile.txt

image

As files are processed they will be added to this file and a record is kept so that they are not downloaded in subsequent polls of the (S)FTP location.

image

In the BizTalk 2010 implementation, Microsoft is using a database to store this type of information where as /n Software has chosen the file route.  Time will tell how well this feature works.  I would imagine that there is an upper limit where the file becomes so large that it slows performance or potentially corrupts.

Also note that if you are using a Clustered host instance to host your FTP Receive locations, this file should be in a shared storage location so that the Clustered host instance has access to it no matter which Server it is actively running on.

BizTalk: Configuring /n Software’s SFTP Adapter for Public/Private Key Security

I was recently involved in a project that required secure FTP connectivity between my organization and a partner organization.  We continue to leverage /n Software’s SFTP adapter as we are still running BizTalk 2009 in production and we also find that our partners tend to leverage Secure FTP using SSH (SFTP) as opposed to FTP over SSL (FTPS).  BizTalk 2010 now includes an FTP adapter that supports SSL so we are likely to continue to use the /n Software adapter based upon SSH requirements even once we upgrade to BizTalk 2010.

I am very far from being a Security/Certificate expert so I did learn a few things being involved in this project.  Hopefully if you have Secure FTP requirements that you will find this post helpful.

 

Generating Public and Private Keys

In my scenario, our trading partner required us to provide them with our Public key.  They wanted us to generate Private and Public keys.  They would then take our public key and install it in their SFTP server.  To generate these keys I simply used GlobalScape’s CuteFTP 8.3 Professional.

Note: Your mileage may vary here.  There are some requirements that were enforced by our Trading partner including the Key type and the number of bits required for encryption.

1. Click on Tools -> Global Options

image

2. Click on Create identity file

image

3. Use DSA

image

4. Provide a Passphrase

image

5. Enter a location for files to be generated and ensure the key length is set to 1024

image

Configuring BizTalk Receive Location

Since the Receive Location configuration is a little lengthy I am going to break it down into the various sections.

SFTP

Pretty basic settings here dealing with when we want to Delete, what file masks we want to look for and the folder on the remote SFTP server that we want to navigate to once we have successfully established connectivity.

image

SSH

The first area to focus on in the SSH section is the SSH Accept Server Host Key.  When you set the Accept Any  to Yes the SSH Accept Server Host Key property will revert to Any.  I equate this action with when you try to connect to an SFTP server using a client like CuteFTP.  You will get prompted with a dialog asking if you would like to accept the public key being pushed from the SFTP server.  The way I understand how this works is that this public key will get validated against your private key.  Should everything match up you should be able to establish a connection.

image

The next property to focus on is the SSH AuthMode.  We want to set this value to be Public Key.  There are a few different options when it comes to setting the Authentication mode.  One includes setting a password but for this particular partner they wanted to use Public Key authentication.  When we set this value we then need to provide the location of our private key which happens to be called Identity (without a file extension).

image

To provide our Private key we need to click on the ellipse button.

 image

We will now be prompted with a dialog that allows us to select our Private key from a variety of sources.  In my scenario I wanted to select my key from the file system.  In order to do so I needed to select the PEM tab and then browse to my key.  Since I have enabled my key to use a password I need to provide a password and then I can click the Open button.  Once I did this my private key would appear in the TextArea box and I can click Ok.

image

The rest of the configuration deals with some connectivity details including the name of the FICTICOUS Host and a SSH User (a tribute to Steve Jobs who has recently stepped down from being Apple’s CEO) .  The SSH Port is using the default port of 22  and even though it appears as if I have provided a password that is the default mask provided by the adapter.

image

 

Conclusion

So as much as people love to talk about the cloud these days and using the Service Bus and WCF bindings, the bottom line is that companies continue to rely upon “legacy” technologies such as SFTP.  In my scenario, this trading partner is a very large institution so it is not as if they are a little “Mom and Pop” shop. 

Thursday, August 25, 2011

BizTalk 2010 Training Kits now available

Both Developer and Administrator Training Kits have been recently released.  Inside of these training kit you can expect functional Virtual Machines, with the BizTalk software installed, training module documents and PowerPoint presentations.  This is the content that you would typically find in a Microsoft Official Curriculum course.  The best part about these kits is they are made available for free.

I had the opportunity to collaborate with Jerry Anderson from Pluralsight on the Administration course.  My contributions primarily focused on Module 6: Monitoring a BizTalk Environment with System Center Operations Manager (SCOM).

The BizTalk 2010 Developer Training Kit was released back in July and is available here.  The Administration course was released on August 21 and can be found here.

Enjoy!!!