web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Blogs / xRMCenter / Microsoft Dynamics xRM IFD ...

Microsoft Dynamics xRM IFD Deployment

Views (699)
nghieppham Profile Picture nghieppham 4,755

 

IFD deployment helps users  access to CRM system without using VPN connection, outside the firewall of company. It is really necessary for global enterprise and systems supply the support for 24/7. 

You can learn how to configure IFD deployment at this link. This article is about to give to you a first approach and basic model for IFD deployment.

Planning your Microsoft Dynamics CRM solution will include defining a solution to support remote access requirements and deployment. This article hope that bring to you best option for the specific scenario, it depend on your business, your requirement and business policy to give the decision for using IFD or NOT.

For example, you deploy MS CRM for banking industry, ensure that IFD cannot be solution,  because of following reasons:

  • Financial Industry Regulatory Authority (FINRA) and may not be permitted to use IFD.
  • Utilize existing VPN connectivity.

Infrastructure and Configuration Requirements

  • Wild card SSL Certificate – imported and assigned
  • Active Directory Federation Service 2.2 Server Installed and Configured
    • Can be installed an any server, but preferably a dedicated server
    • May install two or more ADFS servers and configure with NLB
    • Note: ADFS requires port 80 and https:// port 433
    • Should not be installed on the CRM server
    • ADFS Server farm is also an option including an ADFS proxy server in a DMZ
  • CRM Deployment Manager
  • Used to configure claims-based authentication
    • Ensure IIS Security Role and Performance Roles are enabled
    • List and document all related URLS
  • Configure relaying party trusts

Security considerations

Claims-based authentication Security

  • Windows Identity Foundation (WIF) and industry standard protocols.
  • A security token service responds to requests and issues SAML tokens.
  • It can be used for internal and external users as well as users from other organizations.

Another configuration to consider regarding business data concerns is to configure a minimum of two ADFS servers: one as an internal server and the second as an ADFS Proxy server in a DMZ.

Configure proxy server to point to internal server and enable appropriate firewall changes. This will address security concerns of allowing external access to sensitive data.

Consider the ADFS timeout setting carefully. Users may find the default of 30 minutes as too stringent, so a balance must be reached for the organization.

Hope it is useful for someone.



This was originally posted here.

Comments

*This post is locked for comments