EDI over AS2 using BizTalk Server
2009/2010
v
IIS 7 Configuration for BizTalk AS2
o Keys
Components
-
ISAPI Filters & Handler Mappings
-
AS2 Web-Site and BizTalk App Pool
-
Test the AS2 Web-site is reachable
-
Step 1. ----------- ISAPI Filters & Handler
Mappings
1.
Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information
Services (IIS) Manager.
2.
Select the root Web
server entry and in the Features View,
double-click Handler Mappings and then in the Actions pane, click Add Script Map.
Note
|
Configuring the script
mapping at the Web server level will cause this mapping to apply to all child
Web sites. Remove this mapping from the AS2 specific Web site or virtual
folder under Default Web-Site
|
3.
In the Add Script Map dialog box, enter BtsHttpReceive.dll in the Request path field.
4.
In the Executable field, click the ellipsis (…) button and browse to drive:\Program Files\Microsoft BizTalk Server
2009\HttpReceive. Select BtsHttpReceive.dll, and then click OK.
5.
Enter BizTalk HTTP Receive in the Name field, and then click Request Restrictions.
6.
In the Request Restrictions dialog box, select the Verbs tab and then select One of the following
verbs. Enter POST as the verb.
7.
On the Access tab, select Script, and then click OK.
8.
Click OK and when prompted to allow the ISAPI extension,
click Yes.
9.
Right-click the
BTSHttpReceive.dll entry, and then select Edit Feature Permissions.
10.
Ensure that Read, Script and Execute are selected, and then
click OK.
11.
Click Features View, and then double-click ISAPI and CGI
Restrictions.
12.
Ensure that an entry for
BTSHTTPReceive.dll exists, and that Restriction is set to Allowed.
-
Step 2. ----------- AS2 Web-Site and BizTalk App
Pool
1.
In IIS Manager,
right-click Application Pools and select Add Application Pool.
2.
In the Add Application Pool dialog box, enter BizTalkAppPool in Name, and then select .NET Framework V2.0.50727 in the .NET Framework version drop-down list.
Click OK.
Note
|
The version number may
vary depending on the version of .NET Framework 2.0 installed on the machine.
|
3.
Select Application Pools, in the Features View select BizTalkApplicationPool, and then click Advanced Settings in the Actions pane.
4.
In the Advanced Settings
dialog box, set Enable 32-Bit Applications to True.
5.
Select Identity and then click the ellipsis (…) button.
6.
In the Application Pool
Identity dialog box, select Custom account and then click Set.
7.
Enter the User name and Password for a user account that is a member of the administrators group
an is the BizTalk Service Account for the host that is running Receive and Send
Handler Host for AS2 Ports/Adapter, enter the password in Confirm password and then click OK three times to return to the IIS Manager.
8.
In IIS Manager, open the
Sites folder. Right-click the Default Web Site, and then select Add Application.
9.
In the Add Application dialog box, enter AS2Test in Alias, and then click Select.
10.
In the Select Application Pool dialog box, select BizTalkAppPool and click OK.
11.
Click the ellipsis (…) button and browse to drive:\Program Files\Microsoft BizTalk Server 2009\HTTPReceive
for the Physical path.
12.
Click Test Settings and verify that there are no errors displayed
in the Test Connection dialog box. Click Close, and then click OK.
13.
In IIS Manager, select
the AS2Test virtual directory and in Features View, double-click Authentication.
14.
In Authentication, select Anonymous Authentication and verify that the Status is Enabled. If the Status is Disabled, click Enable in the Actions pane.
-
Step 3. ----------- Test the AS2 Web-site is
reachable
1. Create
a default.htm in the HTTPReceive Folder under BizTalk Install directory
2. In
IIS Manager right click the AS2 application and browse
3. The
default browser should open and show the default.htm
v
Certificates
1. Install
Certificate Services on Windows Server 2008 by adding Certificates to the
Server Roles
2. Generate
a CSR from the Certificate Manager
3. Generate
the Private certificate on the server
Note
|
Alternatively, a
certificate can be purchased from VeriSign® or other providers so that the CA
Root Authority is more standard and available when dealing with outside
Trading Partners. Especially when Servers are not exposed to the Internet.
|
4. Install
the Private Key on the BizTalk Server Certificate Store under Personal
5. Generate
a Public key and send this off to the External Trading Partners
6. Install
External TP’s Public Certificate under Other People and Trusted People
7. Select
the Private certificate under BizTalk Server Group
8. Select
TP’s Public Certificate under
Send Port
9. Select
self Public Certificate under
Party
Note
|
All Certificate
related activities and configuration above should be performed as BizTalk Service Account
|
v
EDI Approach/Considerations for AS2
o To
Receive EDI over AS2 communication:
There will be one URL given to
Trading Partners to send the AS2 communications to HOME ROLE (SELF). The URL is
public facing on the HOME ROLE (SELF) DMZ. After the message is received, the
URL will be NAT’ed to the IIS Server inside HOME ROLE (SELF) Firewall which is
hosted on local BizTalk Server (AS2 Web-Site).
A Request-Response Type (2-Way)
BizTalk Receive Port is setup to listen to the local IIS URL. The Receive
Location will use AS2EDIReceive Pipeline for receive side and use AS2Send
Pipeline on the send.
The Receive side does AS2 and
EDI resolution. The send side is non-EDI AS2 pipeline to send MDN back to the
sender
Once the message is received
successfully, send ports for each respective party can be created to perform
mapping functions to the canonical etc…. Alternatively if Orchestrations are
used, direct binding can be done using similar or additional set of Context
Properties from the BizTalkMsgBox. Context properties to be used:
a. BTS.MessageType
b. BTS.ReceivePortName
c. EDI.ISA06
d. EDI.ISA08
o
To Send EDI over AS2 communication:
Once a message is ready to be sent
out over AS2, a One Way Solicit Response Send Port is required which will use AS2EDISend
Pipeline for send side and AS2Receive for the receive side of the Send Port
The send side will assemble EDI,
encrypt and sign the message with customer public key and receive side will be
used to AS2 received the MDN sent by the customer
v
Setting up Ports and AS2 Party
o
Receive Port – this should be a
“Request-Response” Receive Port
§
This is a common port that is created keeping in
mind that all customer communications will come to the same port as explained
in the approach above
·
ReceivePort All AS2
o
RecevieLocation All AS2
Adapter Used: HTTP | URI:
/{IIS Virtual Dir. Name under Default Web Site}
Receive Pipeline: AS2EDIReceive
Send Pipieline: ASSend
o
AS2 Send Port for Trading Partner
Create a new Send Port which is one Way Solicit Response Port. Create
Configuration as follows:
·
SP.CustomerName.All.AS2.Out
-Adapter Used: HTTP |
URI: http://PartnerURL}
-Send Pipieline: AS2EDISend
-Receive Pipeline: AS2Receive
-Select the Partner Certificate under Certificates for this
Send Port
o
AS2 Party
·
Create new Party. Right Click on the properties
and then follow the screen shot below: Select the Send Port for AS2 Outbound
created above under this party Send Ports.
·
Also Select the Trading Partner Certificate
under Party Properties-Certificates ection
v
Certificate Setup
Message or MDN
|
Direction
|
Certificate Type
|
Certificate Owner
|
Public or Private
|
Certificate Location
|
Where to configure
|
Message
|
Outbound
|
Signing
|
Home Org
|
Private
|
Personal certificate store of in-proc host user
|
BizTalk Group /
Properties / Certificate
|
Message
|
Outbound
|
Encryption
|
Partner
|
Public
|
Other People certificate store of local computer
|
Send port /
Certificate
|
Message
|
Inbound
|
Signing
|
Partner
|
Public
|
Other People certificate store of local computer
|
Party / Certificate
|
Message
|
Inbound
|
Encryption
|
Home Org
|
Private
|
Personal certificate store of in-proc host user
|
Isolated Host /
Certificates
|
MDN
|
Outbound
|
Signing
|
Home Org
|
Private
|
Synch MDN: Personal
certificate store of isolated
host user
Asynch MDN: Personal
certificate store of in-proc
host user
|
BizTalk Group /
Properties / Certificate
|
MDN
|
Inbound
|
Signing
|
Partner
|
Public
|
Other People certificate store of local computer
|
Party / Certificate
|
