SecureBlackbox for BizTalk lets you add support for SSH, SFTP, FTPS, OpenPGP, S/MIME, PKI, PDF, XML security to your BizTalk orchestrations.

Pros: Microsoft BizTalk Server is used to connect systems both inside and across organizations. This includes exchanging data and orchestrating business processes which require multiple systems. BizTalk Server is a positioned as a trusted solution for SOA and Business Process Management. Building applications that span organizational and system boundaries presents significant challenges related to authentication, naming, security, and cross-organizational firewall traversal. BizTalk Services provide these capabilities as a hosted offering. This reduces complexity and allows developers to focus on differentiating features for their product. Business applications now must not just use and transfer valuable information, they must protect this information from various threats and attacks coming from both inside and outside. Document security during processing and transfer is the vital part of the modern business process. SecureBlackbox for Business Servers lets you add an additional level of data security to your business processes quickly. SecureBlackbox for BizTalk lets you secure the data, which is stored and transferred via your BizTalk orchestrations.

It includes several adapters that help secure transfer the data securely via SFTP, FTPS or SMTP protocol. FTPS transport module lets you transfer the data over Internet using FTP and FTPS (FTP-over-SSL) protocols. SFTP transport module lets you securely transfer the data over Internet using SFTP (SSH File Transfer Protocol). SSH transport this transport lets you securely execute commands on remote systems via SSH (Secure Shell) protocol and retrieve execution results and SMTP transport lets you send e-mail messages using standard SMTP protocol. The transport supports SSL/TLS to secure the connection. MIME pipeline with security enhancements (S/MIME and PGP/MIME) allows you to easily send e-mail from BizTalk. PGP, PKI, PDF, XML pipelines let you perform various cryptographic operations such as encryption, decryption, digital signing (including time-stamping) and signature verification on your data.

PGP compatible file security functions. The OpenPGP processor is conformant to OpenPGP standards (RFC 2440 and RFC 4880). PDF processor lets you perform signing, time-stamping, encryption, decryption and verification of PDF documents. XML processor lets you sign, encrypt, timestamp, decrypt and verify the XML documents or their parts using X.509 certificates or OpenPGP keys. Security operations are conformant to XMLDSig, XMLEnc and XAdES specifications. PKI processor is PKCS#7-conformant and lets you sign, encrypt, timestamp, decrypt and verify any generic data using X.509 certificates.

Cons: How good the security is difficult to find without rigorous tests or certification.

Overall: With that constraint, the application has the set of functionality that’s required. It is good for at least 3 stars, possibly more.