There are several ways of storing config info, for example:
- Use the .config file of the service (BTSNTSvc.exe.config) - can only be used in single server environment.
- SSO database - This is a good option considering data is encrypted before saving. Also, SSO comes with admin and client utilities, which are good graphical applications for managing data.
- BRE - This is my favourite option since BizTalk's business rules composer provides an easy-to-use interface to define and modify business policies. You don't need to be a BizTalk expert to make changes in business policies. But, I would agree that it definitely cannot be used for storing sensitive information like connection strings, password etc. BRE can be used for making information, that is not sensitive, configurable. It can be used in numerous scenarios, from configuring email addresses (for SMTP port) to error messages to fixed values (which you would rather keep configurable than hard-coding in your orchestrations, maps, schemas).
For example, below is a simple business rule that sets the subject and recipients of the email. Note, that this rule will always be executed since the condition is 1=1. This is how we can store configuration information, although, this is not the way it was intended to be used :) One may argue that subject and list of recipients for an email can be configured at the send port too, if it does not change with any conditions, but the example here can be easily modified to make it conditional. 1=1 is just used to demonstrate how we can use BRE for storing any configuration information that is not conditional.