The link BizTalk RosettaNet accelerator talks about its support in BizTalk server 2013. Does BizTalk server 2016 support Rosetta net accelerator?
I can't find any official documentation that in an explicit mode says BizTalk 2016 support Rosettanet, but in What's New in BizTalk Server 2016 there some improvements related to Rosettanet:
Supports the following Advanced Encryption Standard (AES) exchange system for signature keys in AS2, RosettaNet, and the MIME/SMIME encoder
or
Supports the following SHA2-based digest methods in RosettaNet
YES. The RosettaNet Accelerator ships with BizTalk Server 2016 and is fully supported.
Related
I inherited a web app that acts as a corporate dashboard. It's an ASP.NET app. .NET version = 4.7.2
It's running on two Windows 2016 Standard servers running IIS 10. Been in operation for many years.
One of the things the app does is make an HTTP request to a particular https:// URL, grab the data, parse out the JSON, and cache the list of objects. This has been working for many, many months. (Note: the "remote" server we're calling is still "in-house". Another person within my team basically "owns" that.)
Well, on Thanksgiving Weekend, it looks like the Prod App Pool cycled. And immediately that query started erroring with "System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel."
Myself and a few other folks were paged. At the time, we didn't notice (in Event Viewer) that the App Pool had cycled. After a few hours of investigating (and rebooting the app servers), the fellow who "owns" the server we are querying quickly set up a new end point for that same resource...setting it to allow HTTP connections / not require the use of HTTPS. The intention was that this would be a work-around until we could investigate the problem later.
Well, it's now "later".
The remote server that we are calling appears to require the use of TLS 1.3. I confirmed this by using both Firefox and Chrome on my own laptop to pull up a couple of https: urls on that server.
So, Ah-ha, I thought to myself, I had found information earlier this afternoon suggesting that Windows Server 2016 Standard didn't support the use of TLS 1.3! (https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-#tls-protocol-version-support)
But then I remembered: Earlier, I had been able to pull up those https: URLs in Chrome while logged onto my app's webservers! Sure enough, I went over there and retested with Firefox and Chrome. Both said the connections they'd made were using TLS version 1.3 !!
So, what the ???? That makes it seem like Windows Server 2016 Standard DOES support TLS 1.3 !??
And, from everything I've read, since my app is using .NET version 4.7.2, it should default to using whatever the default protocol for the OS is. So, shouldn't it too be using TLS 1.3 ? Why the heck can't it make a connection?
I'm certainly needing some direction on what to do next.
Thanks!
Background
Many statements from your question body above are true, but you need to put the contents into contexts so as to get the whole picture.
First, Chrome/Firefox supports TLS 1.3, but that support comes from the crypto libraries (many options out there, Mozilla NSS, OpenSSL and so on) they ship with themselves, not from Windows native crypto API.
Second, like you found out, Windows Server 2016 does not support TLS 1.3 natively because its underlying crypto API lacks of TLS 1.3 support. TLS 1.3 support is only included in Windows Server 2022 at this moment (and whether it will be back ported to previous Windows versions is unknown).
Third, when you try to analyze Windows components (like .NET Framework) or products, you need to identify what they rely on to perform TLS, Windows native crypto API or their own dependencies (like Chrome/Firefox does).
Answer to your specific ASP.NET question
Sadly it is well known that BCL classes in .NET Framework rely on Windows native crypto API, so on Windows Server 2016 you can go with TLS 1.2 at most.
If your application needs TLS 1.3 badly, you need to upgrade to Windows Server 2022, or switch to a third party crypto API.
Reference
https://www.quora.com/How-does-one-decide-between-OpenSSL-GnuTLS-and-Mozillas-NSS
TLS 1.2 on Windows Server 2003 and XP
We got vulnerabilities on windows server 2008R2, we are using BizTalk server 2010, they are going to disable RC4 ciphers, However how do we check what are all the ciphers our BizTalk server supporting and where do we find those list.
Basically they are going to be disabling TLS 1.0.
What you need to do is install the .NET Framework v4.5.2, as the actually ciphers you are talking about are at the .Net layer rather than in BizTalk.
Then you need to set the registry keys to disable TLS 1.0 and enable it defaulting to a stronger cryptography.
There is a good article about "BizTalk Server 2010 and support for TLS 1.2"
Well, hold on. They are only 'vulnerabilities' if you're actually using them.
If you have no TLS(SSL) 1.0 endpoints (Receive Locations), you don't have a problem.
If you are calling TLS(SSL) 1.0 endpoints (Send Ports), then your trading partner needs to update first, then you can move to TLS >1.0.
I recently entered into some API management tools. I could see these API management tools can do whatever Data-power is doing and these are also placed in front of back-end services to protect the back-end servers.
So,what makes Data-power unique?Or is it fair to compare Data-power with API management tools as its competitors?If yes, why IBM itself brought in a tool named IBM API management?
Ok, so the API solution from IBM, now called IBM API Connect (APIc) is more or less just the GUI to handle, set or view your APIS and statistics about them.
The actual HTTP requests (or IBM MQ requests) when using one of your API's goes through the API run-time.
IBM offers two different run-times today, MicroGateway (former StrongLoop) or IBM DataPower. DataPower comes as either hardware appliance, a virtual appliance or as a Docker container.
If you select to run APIc on DataPower you will be able to use all of the other features of Datapower as well (and there is a ton of them!).
MicroGateway is a Node.js runtime so it requires its own server and cluster obviously.
DataPower has built in cluster support and of course a DataPower appliance is built to sit Internet facing in the DMZ so all security is covered!
You will also have a few more functions/features in APIc using DataPower as the runtime.
So, to answer your question; No, it is not fair to compare APIc on DataPower with the competitors of "just" API solutions as DataPower brings in so much more to the deal. DataPower is a full grown gateway solutions for all your integration needs and it comes with FTP, sFTP, IBM MQ, Node.js runtime, HTTP server, SOAP WS-I, AS1-4, EDI (X12 and EDIFACT), etc.
If you want to compare to other API vendors you should really compare APIc on MicroGateway in my opinion...
You can test both APIc and DataPower (Docker) for free in "non-production" use:
https://developer.ibm.com/apiconnect/getting-started/
https://hub.docker.com/r/ibmcom/datapower/
Is it possible to scale out SignalR using Windows Server Service Bus?
I found sample of doing it with Redis, and I know there are libraries in GitHub for SQL Server (although I couldn't find a working sample for that), but I would like to implement it using the new on-premises Service Bus.
Any ideas / references?
Thanks!
In theory yes. The current stable versions support the Azure Service Bus, the latest source includes a rework of the scaleout providers such that even if it doesn't work out of the box (as the two service bus solutions are designed to have API parity) it should be straightforward to implement.
The service bus scaleout is enabled using its DependencyResolverExtensions class.
NServiceBus and MassTransit are two tools that can be used to implement messaging with MSMQ and other message queues.
I find that once you start using messaging to have applications talk to each other, you don't really want to go back to the old RPC style.
My question is, what other tools are out there? What tools do you use?
Apache ActiveMQ is probably the most popular and powerful open source message broker out there with the most active open source community behind it as well as commercial support, training and tooling if you need it.
One of the more interesting aspects of ActiveMQ is its wide support for a large number of different language bindings and transport protocols
WebSphere Message Broker is IBM's flagship ESB which runs ontop of MQ.
They also produce WebSphere ESB which is a slightly lighter offering which specialises in ESB across web services.
We use WCF services for synchronous message based operations, and nServiceBus for anything asynchronous.
Rogue Wave is very popular [ http://roguewave.com/products/hydra/ ]
So are IBM's Websphere offerings [ http://en.wikipedia.org/wiki/Mqseries ]
WCF is extremely powerful and should be looked into by anyone in the .NET space starting up a message based system.
I would recommend against BizTalk unless you can make a lot of use out of it's adapters (ie. you have a lot of old systems to communicate with).
Nuedesic makes a great WCF based ESB, Neuron, if you are willing to pay a bit.
I use IBM software stack because it has the widest set of features (pub/sub, async, sync) and platform support (60+ combination of platform, languages) and also a great set of free tools provided by IBM
For Operations, I use use the linear log rotation IBM WebSphere MQ supportpac
For development and testing, I like RFHUTIL to generate fake cobol, java, MS objects, other binary and text objects and SOAPUI to invoke HTTP web services. If I need to invoke MQ based web services, I go back to RFHUtil. Of course Websphere MQ Explorer for admin.
We use the old WebSphere Message Broker 6.1 (now IBM Integration Bus) that is fast and reliable once you are acquainted.