gregashcom
asked on
CRM 2013 IFD setup
We are looking at implementing CRM 2013 to a small user group of salesman 15-25. As it stands we will have these servers in our internal network. CRM2013 Application server hosting all rules, SQL server, ADFS 2.0 server. We are looking to add ADFS proxy and CRM 2013 IFD services to our perimeter network. The question I'm looking to answer as simple as it sounds is, does the IFD web server need to be joined to the domain?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You certainly can NAT port 443 to the CRM server that has the web application server role.
Personally I'm not that fussed about setting up DMZ. I like to think (perhaps a bit naively) that my router will do a good job of blocking unwanted traffic.
For CRM and IFD, only port 443 needs to be opened to the servers on the LAN. I go with the view that the risk of someone high-jacking an internal server via accessing ADFS and CRM on those ports is rather low.
So I would be fine with a setup of two servers, one for ADFS and one for CRM (server with the Web application role) that are accessible over the Internet via port 443 using NAT on the router. I'm not totally convinced that an ADFS proxy is needed - but I would defer to people more experienced in AD FS than me on that point. I guess it is all down to degrees of risk.
Personally I'm not that fussed about setting up DMZ. I like to think (perhaps a bit naively) that my router will do a good job of blocking unwanted traffic.
For CRM and IFD, only port 443 needs to be opened to the servers on the LAN. I go with the view that the risk of someone high-jacking an internal server via accessing ADFS and CRM on those ports is rather low.
So I would be fine with a setup of two servers, one for ADFS and one for CRM (server with the Web application role) that are accessible over the Internet via port 443 using NAT on the router. I'm not totally convinced that an ADFS proxy is needed - but I would defer to people more experienced in AD FS than me on that point. I guess it is all down to degrees of risk.
ASKER