But now comes the main decision, these users and groups, are unique to BizTalk… which occurs with the application´s users? Suppose an EAI environment, with the three standard host per BizTalk application:
Following the recommendations of Microsoft, each host should be associated with a domain user, in our case, apart from BizTalk users, we need three more users. If we have n-applications in our EAI environment, we need 3 X n-users. This can be a problem when it comes to manage and configure each host. Given that the ideal host in BizTalk Server are approximately 20, we're talking about 20 users per application ... seems rather complicated to handle.
What may be an alternative solution that does not involve security issues for our environment? First, we have a user "BizTalk Administrator" to configure and install the product and also that the user from all groups / users of BizTalk. For applications, you should create a user for each application. Thus, we separate the BizTalk users and application users, fulfilling Microsoft's recommendations, but without an almost infinite list of users.