Create BizTalk Services using the Azure portal

Important

Microsoft Azure BizTalk Services (MABS) is being retired, and replaced with Azure Logic Apps. If you currently use MABS, then Move from BizTalk Services to Logic Apps provides some guidance on moving your integration solutions to Logic Apps.

If you're brand new to Logic Apps, then we suggest getting started here:

Important

The portal is deprecated. To manage your MABS instances, see REST API for Managing BizTalk Services on Azure.

Tip

To sign in to the Azure portal, you need an Azure account and Azure subscription. If you don't have an account, you can create a free trial account within a few minutes. See Azure Free Trial.

Create a BizTalk Service

Important

The portal is deprecated. To manage your MABS instances, see REST API for Managing BizTalk Services on Azure.

Depending on the state of the BizTalk Service, there are some operations that cannot be completed. For a list of these operations, go to BizTalk Services State Chart.

Post-provisioning steps

Install the certificate on a local computer

Important

The portal is deprecated. To manage your MABS instances, see REST API for Managing BizTalk Services on Azure.

Add a production-ready certificate

Important

The portal is deprecated. To manage your MABS instances, see REST API for Managing BizTalk Services on Azure.

Get the Access Control namespace

Important

The portal is deprecated. To manage your MABS instances, see REST API for Managing BizTalk Services on Azure.

When you deploy a BizTalk Service project from Visual Studio, you enter this Access Control namespace. The Access Control namespace is automatically created for your BizTalk Service.

The Access Control values can be used with any application. When Azure BizTalk Services is created, this Access Control namespace controls the authentication with your BizTalk Service deployment. If you want to change the subscription or manage the namespace, select ACTIVE DIRECTORY in the left navigation pane and then select your namespace. The task bar lists your options.

Clicking Manage opens the Access Control Management Portal. In the Access Control Management Portal, the BizTalk Service uses Service identities:
ACS Service Identities in the Access Control Management Portal

The Access Control service identity is a set of credentials that allow applications or clients to authenticate directly with Access Control and receive a token.

Important

The BizTalk Service uses Owner for the default service identity and the Password value. If you use the Symmetric Key value instead of the Password value, the following error may occur.

Could not connect to the Access Control Management Service account with the specified credentials

Managing Your ACS Namespace lists some guidelines and recommendations.

Requirements explained

These requirements do not apply to the Free Edition.

What you need Why you need it
Azure subscription The subscription determines who can sign in to Azure. The Account holder creates the subscription at Azure Subscriptions.

The Azure account can have multiple subscriptions and can be managed by anyone who is permitted. For example, your Azure account holder creates a subscription named BizTalkServiceSubscription and gives the BizTalk Administrators within your company (for example, ContosoBTSAdmins@live.com) access to this subscription. In this scenario, the BizTalk Administrators sign in to the Azure, and have full Administrator rights to all the hosted services in the subscription, including Azure BizTalk Services. The BizTalk Administrators are not the Azure account holders and therefore don't have access to any billing information.

Manage Subscriptions and Storage Accounts in Azure provides more information.
Azure SQL Database Stores the tables, views, and stored procedures used by the BizTalk Service, including the Tracking data.

When you create a BizTalk Service, you can use an existing Azure SQL Server, Azure SQL Database, or automatically create a new Server or Database.

The SQL Database scale is automatically configured. Typically, the default scale is sufficient for a BizTalk Service. Changing the scale impacts pricing. See Accounts and Billing in Azure SQL Database

Notes
  • When you create a new Azure SQL Server and Database, Azure Services is automatically enabled. The BizTalk Service requires Azure Services be enabled.
  • If you create a new Azure SQL Database on an existing Azure SQL Server, the firewall rules of the Server are not changed. As a result, it's possible other Azure Services are not allowed access to the Server's databases.
Azure Access Control namespace Authenticates with Azure BizTalk Services. When you deploy a BizTalk Service project from Visual Studio, you enter this Access Control namespace. When you create a BizTalk Service, the Access Control namespace is automatically created.
Azure Storage account Gives access to tables, blobs, and queues used by your BizTalk Service to save the following:
  • Log files that monitor the BizTalk Service.
  • When creating an X12 or AS2 agreement between partners, you can enable the Archiving feature to store message properties. This data is saved in the Storage account.

When you create a BizTalk Service, you can use an existing Storage account or automatically create a new Storage account.

The default Storage settings are sufficient for a BizTalk Service.

When you create a Storage account, a Primary Key and Secondary Key are automatically created. These Keys control access to your Storage account. The BizTalk Service automatically uses the Primary Key.

See Storage for more information.
SSL private certificate When an Azure BizTalk Service is created, an HTTPS URL that includes your BizTalk Service name is also created. This URL is automatically configured to use a self-signed development-only certificate. For production, you need a private SSL certificate.

Important SSL Certificate Information

  • The certificate expiration date must be less than 5 years.
  • All private certificates require a password. Know this password and as a best practice, share this password with your administrators.
  • Self-signed certificates are used in a test/development environment. When using self-signed certificates, import the certificate to your Personal certificate store and the Trusted Root Certification Authorities certificate store.

When sending the production certificate request to your certification authority, give the following certificate properties:

  • Enhanced Key Usage: At a minimum, Azure BizTalk Services requires Server Authentication.
  • Common Name: Enter the fully qualified domain name (FQDN) of your Azure BizTalk Service URL. See Create a BizTalk Service in this article.

A new or different certificate can be added after the BizTalk Service is created.

Hybrid Connections

When you create an Azure BizTalk Service, the Hybrid Connections tab is available:

Hybrid Connections Tab

Hybrid Connections are used to connect an Azure website or Azure mobile service to any on-premises resource that uses a static TCP port, such as SQL Server, MySQL, HTTP Web APIs, Mobile Services, and most custom Web Services. Hybrid Connections and the BizTalk Adapter Service are different. The BizTalk Adapter Service is used to connect Azure BizTalk Services to an on-premises Line of Business (LOB) system.

See Hybrid Connections to learn more, including creating and managing Hybrid Connections.

Next steps

Now that a BizTalk Service is created, familiarize yourself with the different BizTalk Services: Dashboard, Monitor and Scale tabs. Your BizTalk Service is ready for your applications. To start creating applications, go to Azure BizTalk Services.

See also