Learning the New EDI & AS2 Features of BizTalk Server 2009

New EDI Features

Automatic Rollover of Control Numbers

You can edit the control numbers in the following property pages:

·  X12 interchange control number: ISA Segment Definition page (in the Party as Interchange Receiver node) for X12 Properties

·  X12 group or transaction set control number: GS and ST Segment Definition page (in the Party as Interchange Receiver node for X12 Properties)

·  EDIFACT interchange control number: UNB Segment Definition page (in the Party as Interchange Receiver node for EDIFACT Properties)

·  EDIFACT group or transaction set control number: UNG and UNH Segment Definition page (in the Party as Interchange Receiver node for EDIFACT Properties)

2009 ISA Segment Definition / 2006 R2 ISA Segment Definition

Configurable Content Delimiter Character

In BizTalk 2009, you can configure a content delimiter replacement character:

2009 ISA Separators / 2006 R2 ISA Separators

Updated reporting to cover new features

There are not any significant changes to EDI/AS2 reporting. The existing reports have been modified to include details of the AS2 Resend and multiple batches. The reports are based off tables in the BAMPrimaryImport database.

Dynamic EDI Envelope Generation

Customers have asked for a feature where users can use different envelopes for different types of transaction sets (850,820 etc) or based on some business situation, use different envelopes. This would have been too complicated and limited if supported through static PAM settings. As a result, this feature was introduced through context properties. Customers can add a pipeline component prior to Assembler in EDI send pipeline that would set the context properties according to the business needs for the envelope headers that are different. The send pipeline would use these headers instead of the ones configured for the party for the outbound messages.

·  You can override the EDI envelope settings at runtime by setting the EdiOverride.OverrideEdiHeader context property to True. This message context property is defined in edi-properties.xsd in the Microsoft.BizTalk.Edi.BaseArtifacts assembly. The namespace for the properties is http://schemas.microsoft.com/BizTalk/2006/edi-properties. The EdiOverride context properties are also available in an orchestration, as long as a reference to the Microsoft.BizTalk.Edi.BaseArtifacts assembly has been added to the orchestration project. For a list of the EDIOverride context properties, search Help for EDI Override Context Properties.

·  If the values in a party’s Interchange Processing Properties are not specified or cannot be found, then the values configured in the EDI Global Properties party resolution are used.

Multiple Batches per Party

·  Batch lifecycle can be managed individually.

·  When a message fails in a batch, just that message fails. In BizTalk 2006 R2, a single orchestration was needed to handle this but now, BizTalk 2009 does the interchange repair at the message level. So if a single message fails in a batch, than just the message fails, not the whole batch.

·  Multiple batch configurations can be created for each party:

2009 Batch Property / 2006 R2 Batch Property

Ability to suspend the message of non-configured message-type

In BizTalk 2006 R2, it was mandatory for users to mark one of the group headers as the default group header. As a result, documents of an unspecified Type can get serialized using the default header values. Customers wanted the serialization to be strict and only process the document of specified types. When an unspecified document type was received, it should get suspended rather than sent to the partner. This wasn’t possible because of the group header requirement.

In BizTalk 2009, users do not have to specify a default group. So, documents of unspecified types are suspended instead of being sent to the partner. In BizTalk 2006 R2, the Default column must be checked. In BizTalk 2009, it does not have to be checked.

BizTalk Server 2009 Group Header Properties

HIPAA-specific support

HIPAA schemas now support equivalent segments.

New AS2 Features

Send and receive multiple file attachments

The AS2 pipelines (AS2EdiReceive, AS2Receive, AS2EdiSend and AS2Send) support sending and receiving multiple message attachments.

Auto-resend

Auto-resend of a message is now available and configurable. For example, a message can be resent if a MDN has not been received within a specified time frame. This is configurable in the AS2 Properties of a Party.

Resend properties:

2009 AS2 Message Receiver / 2006 R2 AS2 Message Receiver

Preserve attachment file names

File attachment names are preserved end-to-end as part of the AS2 message:

2009 File Name Property / 2006 R2

Check for duplicate incoming messages

BizTalk 2009 now stores the AS2-From, AS2-To and MessageId values of the incoming AS2 messages. There’s also the option to suspend the message if we receive a message with the same AS2-From, AS2-To and MessageId within the specified duration. When the client receives duplicate messages, it will discard one unless Suspend duplicate messages is enabled. The same MsgID is used for the resend, which occurs at the protocol level (e.g. HTTP) and not at the adapter level.

2009 / 2006 R2

·  Reports have been updated to include the details of an AS2 Resend and multiple batches.

·  Drummond Group certified for multi-file attachment support, file name preservation support and interoperability.

·  BizTalk Server enables you to override the default signing certificate for AS2 messages by either defining a certificate per party or by specifying the thumbprint in a context property at runtime.

Receive Pipelines – BizTalk 2006 R2 and BizTalk 2009

Pipeline / Description
AS2EdiReceive / Processes EDI messages received over AS2, including MDNs.
AS2Receive / Processes messages received over AS2 when the messages are not encoded in EDI. These messages are treated as binary messages. It also processes MDNs received over AS2.
EDIReceive / Processes EDI messages received over any transport. It does not process AS2-encoded EDI messages received over HTTP.

Send Pipelines – BizTalk 2006 R2 and BizTalk 2009

Pipeline / Description
AS2EdiSend / Generates and sends EDI messages over AS2. It is not used to generate and send MDNs over AS2, because the MDN does not need to be processed by the EDI Assembler. Use the AS2SendPipeline to send MDNs.
AS2Send / Sends messages over AS2 when the messages are not encoded in EDI. It also sends MDNs over AS2.
EDISend / Generates and sends EDI messages, except for those delivered over the AS2 transport. It does not process AS2-encoded EDI messages received over HTTP.

Certificates

The following table describes the AS2 certificate needs:

Certificate Usage / Certificate Type / Pipeline Component / User Context / Certificate Store / Where Defined
Signature (outbound) / Own private key (.pfx) / MIME/SMIME encoder / Account used by the host instance associated with the send handler. / Current User\
Personal store of each BizTalk Server that hosts a MIME/SMIME encoder pipeline as each host instance service account / Certificate option in the BizTalk Group Properties. This is the default signing certificate used when sending signed documents.
Certificate option in the Party Properties. This is the signing certificate used for when sending documents for a specific party.
EdiIntAS.SignatureCertificate context property. This contains the thumbprint of the certificate that the pipeline will use to sign the document.
Signature verification (inbound) / Trading partner's public key (.cer) / MIME/SMIME decoder / Account used by the host instance associated with the receive handler. / Local computer\Other People store of each BizTalk Server that hosts a MIME/SMIME decoder pipeline as each host instance service account / Certificate option in the Party Properties dialog box.
Note: The certificate used to verify a signature for a party must be unique from the certificates used to verify signatures for other parties. So, every party gets its own certificate.
Encryption (outbound) / Trading partner's public key (.cer) / MIME/SMIME decoder / Account used by the host instance associated with the send handler. / Local computer\Other People store of each BizTalk Server that hosts a MIME/SMIME encoder pipeline / Certificate option in the Send Port Properties.
Decryption (inbound) / Own private key (.pfx) / MIME/SMIME decoder / Account used by the host instance associated with the receive handler. / Current User\Personal store of each BizTalk Server that hosts a MIME/SMIME decoder pipeline as each host instance service account / The AS2 Decoder will determine the certificate based upon certificate information in the message.
For the BizTalk MIME Decoder, the certificate must be in the Certificate option in the properties of the host used for receiving the message. This is not necessary for the AS2 Decoder.

This chart is also available at http://msdn.microsoft.com/en-us/library/bb728096.aspx.

There are four places to install certificates: BizTalk Group properties, Party properties, Send Port properties and HOST properties.

Certificates used for AS2 transport must have the attributes required for their intended use. For signing and signature verification, the Key Usage attribute of the certificate must be Digital Signature. For encryption and decryption, the Key Usage attribute of the certificate must be Data Encipherment or Key Encipherment. You can verify the Key Usage attribute by double-clicking the certificate, clicking the Details tab in the Certificate dialog box, and checking the Key Usage field.

Group Hub and HOST Certificate Import Instructions

The certificate with the private key must be imported to the BizTalk service account’s Personal store. There are 3 options to do this:

Option 1: Login to the BizTalk server as the BizTalk service account.

Option 2: Open the MMC as the BizTalk service account using the RunAs feature: runas /user:BizTalkServiceAccount mmc.exe.

Option 1 and Option 2 steps:

1. Open the MMC on the BizTalk server and add the Certificate snap-in for My User Account.

2. Select Personal, right-click, select All Tasks and then select Import.

3. This opens the Certificate Import Wizard. Select the following:

a) Click Next.

b) Browse to the .pfx file and click Open. Click Next.

c) If you specified a password on Windows 2003, enter it. If not, leave it blank. On Windows 2008, enter the password. Check Mark this key as exportable and click Next.

d) Click Next to import into the Personal store.

e) Click Finish.

4. In BizTalk Administration, open the BizTalk Group properties. Click Certificate and then Browse to your newly-imported certificate. For the BizTalk HOST, open the HOST properties, click Certificates and then Browse to your newly-imported certificate.

Option 3: Use the CertWizard.exe SDK Utility. This option ensures that the certificate is correct imported into the MMC and the BizTalk Group properties. Steps:

1. Build the CertWizard.csproj project in \Program Files (x86)\Microsoft BizTalk Server 2009\SDK\Utilities\Certificate Wizard to create CertWizard.exe in the bin\Debug directory.

2. Open a command window and go to the \Program Files (x86)\Microsoft BizTalk Server 2009\SDK\Utilities\Certificate Wizard\bin\Debug directory.

3. Type the following and press Enter. CertWizard will find the BizTalk service account and ask you for the password for every HOST instance.

certwizard /privatekey Cert.pfx /Filepassword password /Usage both /Exportable true

To confirm the certificate has been successfully imported in the BizTalk Group properties, select the Certificate option. You should see a Thumbprint with no Common Name. The Common Name is not needed by BizTalk.

To confirm the certificate has been successfully imported in the Personal store of the BizTalk service account, use the RunAs feature to open the MMC: runas /user:BizTalkUserAccount mmc.exe.

BizTalk 2009 Help provides more info on the CertWizard utility.

Party and Send Port Certificate Import Instructions

You can trump the certificate at the BizTalk Group level by specifying a certificate in the Party and Send Port properties. You will do this if a partner sends you a certificate or you are sending a partner a certificate. A certificate can only be used by one party. The Party and Send Port certificate must be imported to the Other People store; which can be read by all users. Import steps:

1. Open the MMC on the BizTalk server and add the Certificate snap-in for the Computer Account.

2. Select Other People, right-click, select All Tasks and then select Import.

3. This launches the Certificate Import Wizard. Select the following:

a) Browse to the CertificateName.pfx (private key) or CertificateName.cer (public) file.

b) If you specified a password on Windows 2003, enter it. If not, leave it blank. On Windows 2008, enter the password. Check Mark this key as exportable and click Next.

c) Click Next to import into the Other People store.

d) Click Finish.

4. In BizTalk Administration, open the Party and/or Send Port properties. Click Certificate and click Browse. You should now see the imported certificate.

Scenario A

You are receiving messages from a partner that encrypts data using a certificate. To decrypt the message, you must install the certificate on the BizTalk server.

Solution

The partner must send you the certificate with the public key (CertName.cer). Once received, import the CertName.cer file using the Certificates snap-in in the Other People store. Then, modify the Party properties to use this certificate.

Scenario B

You are sending signed messages to a partner. Your messages are encrypted using a certificate purchased from a 3rd party.

Solution

You will have the certificate with the private key (CertName.pfx) installed on your BizTalk server. You must send the certificate with the public key (CertName.cer) to your partner. Once received, your partner will import the CertName.cer file on their BizTalk server.

7