Geeks With Blogs

News View Michael Stephenson's profile on BizTalk Blog Doc View Michael Stephenson's profile on LinkedIn
Michael Stephenson keeping your feet on premise while your heads in the cloud

I was talking to Saravana over drinks about a feature I would like to see in BizTalk 360 and thought id share it to see what people think.


Problem Statement

The problem is that most customers of BTS360 have a load of users who log directly into the BizTalk server and its a bit of a culture change for them to have to stop doing this.  When they start doing things in BizTalk 360 and find there is a task which cant be done in BTS360 and needs the user to access the server they just do it and there isnt really any auditing around this.


Feature Request

My suggestion was that all users should be completely removed from access to the BizTalk servers and removed from the BizTalk admin group.  This means they can not access the server directly and also can not access BizTalk through the admin console.


When the BTS360 user has an action which they need to use the BizTalk Admin console or the local server (eg: a deployment) then the user would use BTS360 to make a request for access.  The user would indicate if they need just BTS Admin access or if they also need access to the servers.  The user would also add a note to say what they are going to do, and a category so BTS360 can track different reasons people are accessing the server (a bit like a windows shut down dialog).  When the request is made BTS360 would then interact with the local or active directory groups to add this user to the appropriate groups.  The auditing feature of BTS360 would record the access request.


The user would then go and perform the activity they need to.


Once complete the user would then come back to BTS360 and mark that the access is no longer required and BTS360 would then go and remove the user from the appropriate groups.


Additional features could also include:

  • Something on the dashboard to indicate a user has access open (eg if a user forgot to revoke access when done)
  • An email alert to the administrators group to tell others that someone has taken access and the reason why
  • For larger teams possibly an approval step (maybe overkill)


I feel that this feature would be significant to getting support teams properly transitioned to the mature support and operations processes offered by BTS360 and not to keep using local logon and the admin console just because thats what they are used to.

Posted on Tuesday, August 27, 2013 11:19 AM BizTalk | Back to top

Comments on this post: Feature Request - BizTalk360 - Control users accessing server directly

# re: Feature Request - BizTalk360 - Control users accessing server directly
Requesting Gravatar...
That would be a really useful feature to include, particularly for customers with strict IT change control management policies. The approval step might sound like overkill but would be necessary for some of the organisations I've worked with.
Left by Colin on Aug 29, 2013 10:19 PM

# re: Feature Request - BizTalk360 - Control users accessing server directly
Requesting Gravatar...
I think it is a great idea and suggestion.

Would still need to avoid some hurdles with IT Security folks as you are potentially by-passing an existing process but this would certainly streamline processes and make people more productive!
Left by Kent Weare on Aug 30, 2013 3:25 AM

Your comment:
 (will show your gravatar)

Copyright © Michael Stephenson | Powered by: | Join free