Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Setting up MSDynamics 2013 IFD setup

Posted on 2014-04-14
4
Medium Priority
?
538 Views
Last Modified: 2014-04-15
i'm currently looking at setting up remote access to our recently upgraded MSDynamics CRM platorm, we have upgraded from 2011 to 2013.

All of our internal users have access and we have the Dynamics servers sat on the internal network which is protected by the company firewall.

My question is this. I want to implement Internet Facing Deployment using Claims Based Authentication to verify credentiials of external users. We also have a Domain Controller in our DMZ with ADFS on it and a un-used web server in the DMZ.

I need to know if I can setup IFD on the DC and Web Server in the DMZ, then have them point to the internal Dynamics Application?

It seems that the preference or recommendation is for the IFD to be configured with external users connection directly to the IIS service on the internal Dynamics servers. I'm not keep on this direct connection and would like to know the best solution.
0
Comment
Question by:CTCRM
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 30

Expert Comment

by:Feridun Kadir
ID: 39999322
Configuring IFD for CRM 2013 (and 2011) means that you have to expose the CRM web-site to the Internet. Users sign-in using ADFS which redirects incoming access to the CRM web-site.

IFD is configured for a CRM deployment which can have more than one CRM server.

You might be able to do this (but this is supposition on my part - I have not tried this). You could have an internal CRM server that has all CRM roles and then a second CRM server with the Front End roles (which include the CRM web site). Then you configure claims-based authentication and IFD which will apply to all users. But you can arrange for the external URL for external users to land users on the second CRM Server (in your DMZ). However, this second server will need to be able to communicate directly with the SQL server that has the CRM databases so I'm not sure if this helps your requirement.
0
 
LVL 2

Author Comment

by:CTCRM
ID: 40000961
So, I currently have 3 CRM servers (1xSQL and 2xCRM App/IIS servers) on the internal network.
I also have a Web server in the DMZ that was built and then put on hold until a decision was made.

Would the second Front End server in the DMZ  configured to have CRM Front End Roles have any impact on the internal users access to CRM?

Just to clarify then; Remote users would authenticate via AD FS on the DC in the DMZ, which would then point to the CRM FE Web Server in the DMZ, which needs to be able to see the CRM SQL b DB?
0
 
LVL 30

Accepted Solution

by:
Feridun Kadir earned 1500 total points
ID: 40000975
To your last point, external users browse to a URL of the form https://orgname.companyname.com where orgname is the name of the CRM organization. You must create a DNS entry for orgname in the external DNS for your company domain. The name would resolve to an IP address on your network, the CRM FE Web server in the DMZ.  That web server would then redirect users to AD FS, which must also be accessible over the Internet, which in turn will contact a domain controller to verify the username and password. I'm not sure how to constrain the AD FS server to work with a specific DC. After the user is authenticated they are then taken back to the CRM FE web server which renders the CRM application - this server needs to communicate with the SQL server.

Internal users will browse to a URL that lands them on the internal CRM web server.

I don't see that having two CRM FE web servers would impact either audience set.

I must point out that I have not tried the above configuration so please test it if you can before launching into a production scenario.
0
 
LVL 2

Author Closing Comment

by:CTCRM
ID: 40001156
Thanks for the advice provided and I will set this up in development first to test.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question