February 2008 Entries

To answer this question, a more basic question to ask would be what is a BizTalk host, since a host must exist before an instance of it can exisit!    This distinction may be confusing to BizTalk newcomers because when navigating through the BizTalk Admin Console, hosts and host  instances are viewed separately.

In mid-90's techno-speak, (READ: about the time-frame where the development of the BizTalk/Commerce Server got its start) the host would have been thought of as a container for related adapter handlers, pipelines, receive locations and orchestrations. Since an enterprise's BizTalk configuration or implementation can span over multiple physical servers, grouping logical units of work tied to an abstract host allows instances of defined work to span servers. So, think of a host instance as the physical implementation of the logical grouping of work. For example, if a multi-national retail chain wanted to process its outgoing purchase orders, a likely BizTalk implementation would include instantiating multiple instances of a defined purchasing host across several physcial servers.

To read more about hosts and host instances, check these links out!




Loosely stated, an event storm is a large number of warming, informational and error class occurrances on a given node (or array of nodes) over a relatively short period of time. Since these events  must be detected and addressed to improve the health and reliability of any given system, a whole science and collection of supporting applications exist to best manage these occurrances.

The best academic abstract/whitepaper I've seen on the topic comes from Mouayad Albaghdadi, Bruce Briley and Martha Evens, titled Event Storm Detection and Identification in Communication Systems.


In the Windows Server 200x world, event storms are represented by the number of events that fill the box's event log--visible to administrators) through Event Viewer. Events will fall under general classes; Application, Security and System. Within these classes, events are typed under Information, Error and Warning. A fast and furious collection of them across any category, under any type is considered an event storm.

If you have access to the Microsoft Operations Management (MOM) server in your NT/Windows Server 200x environment, connect to the OnePoint database instance, look under views. An important view is dbo.SDKEventView. You'll see columns like: EventGUID, ComputerName, GeneratedAlert, Message, NTEventID, TimeGenerated, TimeStarted, TimeStored, etc.

Let's say you're interested in determining which boxes on your network have been generating the highest count of events. Type and execute this query:

SELECT ComputerName, COUNT(*) AS myTally
  FROM dbo.SDKEventView
   WHERE (TimeGenerated BETWEEN convert(datetime,'02/04/2008 05:00:00 AM',101) AND convert(datetime,'02/04/2008 05:00:00 PM',101 ))
    GROUP BY ComputerName
     ORDER BY myTally DESC

What you'll see as a result from this query is a listing of each node/server with a tally of events generated for the past 12 hours. Granted, not all the events that tally may be of dire interest to you (e.g. common, or expected IIS related-errors) however it is an acid-test to help determine which nodes on your network are generating a lot of  tagged activity. To dig deeper into MOM event managment and reporting, please visit Justin Harter's web site: http://www.momresources.org . This is an AWESOME resource for developers and admins alike from all levels experience!