Why do I need IFD?

(0) Share

Report

Posted on by PCR985

Hello,

Our team has been installing and maintaining several On-Premise CRM installations on different networks.

I have a new On-Premise CRM2015 installation in an existing network, and we are running into a lot of difficulties getting IFD to run properly on the network. We have burned several weeks trying to get IFD running on the network, and we are running out of time before we go live.

We were able to get CRM running https, and authenticate by Active Directory outside the firewall.

My question is: with AD authentication, and https in place, why do I still need IFD? Other than controlling session timeout, what benefit is there to get IFD running?

I am interested in your thoughts.

Thanks,

PCR

*This post is locked for comments

I have the same question (0)

All responses (5)

Answers (0)

K.C. Christiansen on at

Like (0)

Report

RE: Why do I need IFD?

I was looking through the answers below and I am not able to see what the exact error is.

Just to be clear, you do not directly use Active Directory from outside the firewall, rather you use ADFS that brokers the authentication. You will need to make sure the following is done:

1. you have ADFS installed on a second server (do not install it on the same server as CRM, too many .net issues can occur)

2. you will need certificates for ADFS, different from your https cert for CRM and ADFS urls.

3. you will need to import the token signing cert on all your CRM Servers, so that the app server (Front End) can perform the Authorization Properly.

4. NLB or some sort of network frontend.

5. Setup all SPN's for all server roles (FrontEnd/BackEnd/Full Server) and SQL Servers.

Why IFD. You would use IFD in order to provide a clean FQDN for the end user and have all other services managed inside your firewall and not accessible from the outside world.

I have 16 deployments, all coming through IFD with ADFS. I am authenticating with configured services for AD and OpenAM all utilizing F5 load balancers. Your first IFD configuration is tricky, however, MS has some very good documentation around IFD configuration, which hasn't really changed since 2011.

Was this reply helpful? Yes No
Suggested answer

Joe Woltering 12,163 on at

Like (0)

Report

RE: Why do I need IFD?

What is the difficulty with getting IFD to work in your environment?

If I remember correctly, making sure you have all the corrects URLs set up in DNS played a big role. As well, we needed to make sure we had a public SSL cert in place in order for authentication to work properly. Self-signed certs just didn't cut it.

Was this reply helpful? Yes No
PCR985 on at

Like (0)

Report

RE: Why do I need IFD?

Adam Vero: Good question.

But first: The network does contain other systems that requires authentication; that we do not have any control over. (That may be part of the problem we are running into).

The main reason that we have not updated the system to CRM2016 is because this project started well before CRM2016 was available, and there is a lot of custom code that connects the CRM to other systems.

The project started off, and then got shelved by the client due to health issues. Then this spring they came back to us and asked us to implement a completely different set of requirements, and wanted us to keep what we had already developed in our DEV and QA environments.

Due to the urgency of what they were looking for, we decided to roll out on CRM2015, and upgrade after implantation.

As far as the need for the mobile app, we have actually written our own mobile portal that allow the users to see CRM data and live information from their other system.

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

RE: Why do I need IFD?

If you are doing this for a customer, then the first and most important reason should probably be that this is not a supported configuration.

Also, you should not need to expose AD authentication directly out to the internet.

You need IFD for the mobile apps (even if used on the LAN). More and more customers are starting to look at the tablet app as a primary option rather than the browser (for some use cases), and lots are looking to the revamped phone client which is now a much richer experience thanks to custom mobile controls, mobile task flows etc.

Out of interest, if this is a new installation, why are you going with CRM 2016 rather than 2016 update 1? Why miss out on lots of great features from day one?

Was this reply helpful? Yes No
Suggested answer

razdynamics 17,308 User Group Leader on at

Like (0)

Report

RE: Why do I need IFD?

Hello my friend

IFD is only required when access to CRM is required from outside your company network, enabling CRM for internet facing deployment will not only allow u to use mobile apps but also levetage on using some of the cloud services such as Azure, social listening, marketing etc so it is worthwhile having ifd enabled for your longterm crm strategy.

Best Wishes, Raz

Was this reply helpful? Yes No