AXForum  
Вернуться   AXForum > Microsoft Dynamics CRM > Dynamics CRM: Blogs
All
Забыли пароль?
Зарегистрироваться Правила Справка Пользователи Сообщения за день Поиск

 
 
Опции темы Поиск в этой теме Опции просмотра
Старый 18.08.2009, 11:05   #1  
Blog bot is offline
Blog bot
Участник
 
25,617 / 848 (80) +++++++
Регистрация: 28.10.2006
CRM DE LA CREME! Configuring Microsoft Dynamics CRM 4.0 for Internet-facing deployment
Источник: http://crmdelacreme.blogspot.com/200...cs-crm-40.html
==============

Configuring Microsoft Dynamics CRM 4.0 for Internet-facing deployment
Published: February 13, 2009 Updated: May 15, 2009


This document describes configuring Microsoft Dynamics CRM (On-Premise Edition) for Internet-facing deployment (IFD), and a few of the common issues and resolutions associated with Microsoft Dynamics CRM IFD.
You can deploy Microsoft Dynamics CRM (On-Premise Edition) using one of the following deployment types:
· Microsoft Dynamics CRM for internal users only
· Microsoft Dynamics CRM for internal users and IFD access
· Microsoft Dynamics CRM for IFD-only access
For more information about configuring Microsoft Dynamics CRM for Internet access only, see Internal Network Address under the "IFD configuration properties details" section in this article.
Microsoft Dynamics CRM uses Integrated Windows authentication to authenticate internal users. Integrated Windows authentication implements pass-through authentication functionality so that Microsoft Dynamics CRM users are not prompted a second time to log in to Microsoft Dynamics CRM after their initial sign on to the Active Directory network.
Configuring IFD for Microsoft Dynamics CRM enables access to Microsoft Dynamics CRM from the Internet, outside of the company firewall, without using a VPN solution. Microsoft Dynamics CRM configured for Internet access uses forms authentication to verify credentials of external users. When configuring Microsoft Dynamics CRM for Internet access, Integrated Windows Authentication must remain for internal users.
Configuring IFD sets the Microsoft Dynamics CRM Web site to use anonymous authentication for external users, and provides a sign on page to capture users' credentials and obtain an authentication ticket cookie. Microsoft Dynamics CRM IFD checks for a valid CRM ticket cookie before processing the page request. When a page request does not contain a valid CRM ticket, the page request is redirected to the sign-on page. A page request with an expired CRM ticket is also redirected to the sign-on page. Users access the Microsoft Dynamics CRM Web site by typing the IFD URL in Internet Explorer. Because this type of authentication sends user credentials and passwords using clear text, you should always configure Microsoft Dynamics CRM using a Secure Sockets Layer (SSL). For more information about SSL, see
Make Microsoft Dynamics CRM 4.0 client-to-server network communications more secure. For more information about forms authentication and IFD, see Web Form (IFD) Authentication. For more information about forms authentication with active directory, see Forms Authentication in ASP.NET.
On This Page

Common Issues
Methods available to configure IFD
You can deploy Microsoft Dynamics CRM for IFD by using one of the following methods:
· During Microsoft Dynamics CRM Server installation or upgrade.
o Install a new deployment of Microsoft Dynamics CRM (On-Premise Edition) using command-line options and an XML configuration file that contains IFD configuration information (specified in the following topic).
o Upgrade from Microsoft Dynamics CRM 3.0 to Microsoft Dynamics CRM (On-Premise Edition) using command-line options and an XML configuration file that contains IFD configuration information (described in the following topic).
· Configure an existing deployment using the Microsoft Dynamics CRM Internet Facing Deployment Configuration tool. Configure an existing deployment of Microsoft Dynamics CRM that did not use an XML configuration file that contained IFD configuration information (described in the following topic). To configure the existing deployment, download and run the
Microsoft Dynamics CRM Internet Facing Deployment Configuration Tool (described in the topic below).

Configure during Microsoft Dynamics CRM Server installation or upgrade
</span>
When using the command-line option to deploy a new installation of Microsoft Dynamics CRM or upgrade from Microsoft Dynamics CRM 3.0, you can enable IFD by adding the element to a Microsoft Dynamics CRM Server Setup XML configuration file. The element must be defined under the elements. When the enabled element is set to true (), Microsoft Dynamics CRM Server Setup configures the deployment for access from the Internet. Additional information is required to make the Web site accessible from the Internet. For more information see, "Use the Command Line to Install Microsoft Dynamics CRM" in the Installing Guide in the Microsoft Dynamics CRM 4.0 Implementation Guide. The Microsoft Dynamics CRM Server Setup XML configuration file makes the same changes as the Microsoft Dynamics CRM Internet Facing Deployment Configuration tool, see the table below for the list of properties that are added or updated. The configuration file should look similar to the following example:


157.55.160.202-255.255.255.255
https
mysubDomain.myDomain.com:443
mysubDomain.myDomain.com:443


For more information about the IFD deployment properties in the element see, the IFD Configuration Properties on this post by clicking on the post link.

Configure an existing deployment using Microsoft Dynamics CRM Internet Facing Deployment Configuration tool
The Microsoft Dynamics CRM Internet Facing Deployment Configuration tool adds a node to the web.config file for IFD settings, creates deployment properties in the MSCRM_config database, and adds a registry key to Microsoft Dynamics CRM Server enabling Internet-facing access. You can use the Internet Facing Deployment Configuration tool after installing or upgrading to Microsoft Dynamics CRM. You can also use this tool any time you want to change the IFD configuration properties.
Read the
Microsoft Dynamics CRM 4.0 Internet Facing Deployment Scenarios document for specific configuration scenarios and instructions to help you successfully implement Microsoft Dynamics CRM IFD.
You can also get detailed instructions for using the Microsoft Dynamics CRM Internet Facing Deployment Configuration tool in
How to use the Microsoft Dynamics CRM Internet Facing Deployment Configuration tool.
Note
To update other configuration fields, download and run the Microsoft Dynamics CRM Internet Facing Deployment Configuration tool from
Microsoft Dynamics CRM 4.0: Planning and Deployment Guidance for Service Providers.

IFD configuration properties details
</span>
Internal Network Address

When you configure Microsoft Dynamics CRM for IFD using the Internet Facing Deployment Configuration tool or using an XML configuration file, on initial Microsoft Dynamics CRM installations only, you are adding a new Windows registry key. The IfdInternalNetworkAddress registry key contains the IP addresses and subnet masks for internal computers using Microsoft Dynamics CRM. The registry key location is

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM

When a user submits a page request, the Microsoft Dynamics CRM Server compares the user's IP address and subnet mask with the values in the registry key to determine which authentication type to use, anonymous access authentication for Internet access or Integrated Windows authentication for internal users. For example, the IP addresses and subnet masks of your Microsoft Dynamics CRM users are as follows:

10.10.1.1-255.255.255.0,157.55.164.93-255.255.255.0

When the subnet is 255.255.255.0 and the IP address are 10.10.1.1 or 157.55.164.93 then any IP address that starts with 10.10.1 or 157.55.164 is considered internal.
When a user requests a Microsoft Dynamics CRM page and the user's IP address and subnet masks is 157.55.165.22-255.255.254.0 and the IP address and subnet mask is not found, Microsoft Dynamics CRM uses forms authentication to display a sign on page. Any IP addresses and subnet masks not in the Internal Network Address registry key cause the Microsoft Dynamics CRM Server to respond with the IFD sign on page to request the user's credentials.
If users are accessing Microsoft Dynamics CRM from multiple subnets, you must update the IfdInternalNetworkAddress registry value to reflect the different subnets. When you have more than 1 subnet, you can add multiple values to the IfdInternalNetworkAddress registry key. Separate the values using a comma but do not add a space after the comma.
To configure Microsoft Dynamics CRM for IFD only access, enter the IP address to the Microsoft Dynamics CRM Server and a subnet mask of 255.255.255.255. Then only those page requests from the Microsoft Dynamics CRM Server are considered internal, and all other page requests prompt the sign on page.

IFD Root Domain Scheme

In the Root Domain Scheme or IFD Root Domain when using the Internet Facing Deployment Configuration tool, enter https as the value of this MSCRM_config database property when you have SSL set for the Web site.
Important
SSL is strongly recommended fo Internet-facing deployment of Microsoft Dynamics CRM.

SDK Root Domain

In the SDK Root Domain or the IFD SDK Domain when using the Internet Facing Deployment Configuration tool , enter the domain name where the SDK Server role is installed. This is used for applications that use the methods from the Microsoft Dynamics CRM Software Development Kit(SDK) as the value for this MSCRM_config database property. Add the domain name and the root domain (.com), for example mycompany.com rather than mycompany. If using a port that is not the default, then you need to include the port number in the SDK Root Domain, for example, domain.com:5555.

Web Application Root Domain

In the Web Application Root Domain or the IfdWebApplicationRootDomain when using the Internet Facing Deployment Configuration tool , enter the domain name only for the Microsoft Dynamics CRM Web application as the value for this MSCRM_config database property. Add the domain name and the root domain (.com), for example mycompany.com rather than mycompany. If using a port that is not the default, then you need to include the port number in the Web Application Root Domain, for example, domain.com:5555.
Important
When using server roles divided out to different computers, you must use different domain name values for IfdWebApplicationRootDomain and IfdSdkRootDomain. For more information, see the topic below Using Server Roles.
Service Provide License Agreement
ServiceProviderLicenseAgreement replaces OnPremise as the authentication strategy in the node of the Web.config file.

IFD URL
You must define a URL for the Microsoft Dynamics CRM IFD deployment using the following format:
https://.
For information about changing Microsoft Dynamics CRM port assignment, see
How to update the Microsoft Dynamics CRM Web site port after you install Microsoft Dynamics CRM 4.0.

Common Issues
Use DNS host or alias record with IFD
Create a host or alias record for each organization that plans to access Microsoft Dynamics CRM externally from the Internet. If you use host headers to uniquely identify the Microsoft Dynamics CRM Web site, you should remove the host headers and set up a Domain Name Service (DNS) alias record. This is particularly important because SSL does not work with host headers. The DNS alias record ensures that the URL address for the external and internal organization resolves correctly. The alias record is a name for your Web application that is composed of a subdomain name to identify the organization, second-level domain name to identify your company, and root domain name such as .gov, .tv. or .com. For Microsoft Dynamics CRM IFD, your DNS alias record should resemble the following:
crm_organization_name.domain.com
The Internet Facing Deployment Configuration tool includes a Check DNS option on the Tools menu to test DNS resolution. If you have not defined domain names in DNS, the Internet Facing Deployment Configuration tool displays a message indicating that the domain name cannot be resolved. For specific instructions, see Setup test DNS record in
How to configure an Internet-Facing Deployment for Microsoft Dynamics CRM 4.0.
</span>
Firewall exceptions

If one or more firewalls are running between the clients and the Microsoft Dynamics CRM Server, an exception for the port used by the Microsoft Dynamics CRM Web site must be established to allow clients to connect.

Running reports

To enable complete reporting functionality for a Microsoft Dynamics CRM deployment configured for IFD, the deployment must be running the Microsoft Dynamics CRM Connector for SQL Server Reporting Services.
When a Microsoft Dynamics CRM user runs a report from Microsoft Dynamics CRM, Microsoft SQL Server Reporting Services Viewer requests the report and data from the remote Microsoft SQL Server Reporting Services computer. To access the report, the Microsoft Dynamics CRM user enters the Microsoft Dynamics CRM server URL. Microsoft Dynamics CRM Connector for SQL Server Reporting Services runs as a Microsoft SQL Server Reporting Services data processing extension and handles the authentication in the delegated mode used for reports.
However, the Microsoft Dynamics CRM Connector for SQL Server Reporting Services does not work with the Microsoft SQL Server 2005 Workgroup Edition because it does not support custom data extensions used in the Microsoft Dynamics CRM Connector for SQL Server Reporting Services. To resolve this issue, upgrade Microsoft SQL Server 2005 Workgroup Edition to one of the following editions:
· SQL Server 2005 Standard Edition
· SQL Server 2005 Enterprise Edition
· SQL Server 2008 Enterprise Edition
· SQL Server 2008 Standard Edition
For specific SQL Server 2008 upgrade version information, see
SQL Server 2008 Books Online Version and Edition Upgrades.
</span>
Using Dynamic worksheets or Dynamic PivotTables

To export data to Dynamic worksheets or Dynamic PivotTables for Microsoft Dynamics CRM users connecting to a Microsoft Dynamics CRM IFD deployment, install and configure the Microsoft Dynamics CRM for Microsoft Office Outlook client on the computer of the Microsoft Dynamics CRM user trying to open the Dynamic worksheet. When Microsoft Dynamics CRM is not in the same domain as the client computer, Microsoft Dynamics CRM for Microsoft Office Outlook client handles the Microsoft Dynamics CRM user login credentials for the Microsoft Dynamics CRM database used in the worksheet.
For information about securing data exported to Microsoft Office Excel, see Microsoft Dynamics CRM Team blog article
Dynamic Export to Excel feature – How to protect data over the wire.
</span>
Using server roles

In a Microsoft Dynamics CRM deployment you can split the configuration into two separate server role groups or separate each individual server role across multiple computers. If you configure IFD for a Microsoft Dynamics CRM deployment using server role groups or separate server roles, you must obtain different SSL certificates if the Application server role and the SDK server role are on different computers. You cannot use the same certificate for both server roles. If you did not obtain different SSL certificates defined with root domain names specific to the Application server role and SDK server role, then the DNS server detects duplicate mappings and cannot resolve the domain names. To resolve this duplicate mapping issue, assign different values in the deployment properties for the IFD App Root Domain and IFD SDK Root Domain. The value that you enter in the Internet Facing Deployment Configuration tool for the App Root Domain is the domain associated with the Application server role. The value that you enter in the Internet Facing Deployment Configuration tool for the SDK Root Domain is the domain associated with the SDK server role.
For more information about server roles, see
Making Sense of Server Roles.
</span>
Configure IFD with an ISA server

After you configure Microsoft Dynamics CRM for IFD and you are using an Internet Security and Acceleration (ISA) server, any user attempts to login from the Internet are challenged for a Windows login instead of the Microsoft Dynamics CRM sign on page. This causes the user authentication to fail. You can resolve this issue by changing the configuration setting on the ISA server to Request Appear to come from Original Client. This setting causes the ISA server to interpret the request as coming from the original client IP. For this configuration setting to work, the web server must point to ISA Server's internal IP address as the Default Gateway.
Configure IFD for a multi-forest with a perimeter network model
When you use a perimeter network to isolate Internet-facing resources from your internal corporate network, you have to open the ports to the local area network to successfully deploy Internet-facing Microsoft Dynamics CRM. You can see an example of a perimeter network model in the Planning Guide in the
Microsoft Dynamics CRM 4.0 Implementation Guide under the heading, "Multi-forest with client Internet access."
The following information on how to configure Microsoft Dynamics CRM for IFD with a perimeter network model is from Joel Lindstrom's
CustomerEffective blog. You need to do the following when using a perimeter network model:
1. Install and configure Microsoft Dynamics CRM.
On an initial installation, you can install and configure Microsoft Dynamics CRM for Internet-facing access using the command-line installation options or you can wait until after you have Microsoft Dynamics CRM running and tested before configuring it for IFD.
2. Enable the perimeter network solution.
3. Open the required ports to the local area network:
o Microsoft SQL Server
o Microsoft SQL Server Reporting Services
o Microsoft Exchange Server 2003 or Microsoft Exchange Server 2007
o Domain Controllers
For more information about Microsoft Dynamics CRM ports, see "Network ports used for Microsoft Dynamics CRM 4.0" in the Planning Guide in the
Microsoft Dynamics CRM 4.0 Implementation Guide.
4. Test the Microsoft Dynamics CRM server to ensure that it is working as expected.
5. Obtain and install a wildcard SSL certificate for your Microsoft Dynamics CRM deployment.
6. Use the Internet Facing Deployment Configuration tool to set up the IFD deployment. While using the IFD tool, verify that the DNS values resolve.

</span>


Источник: http://crmdelacreme.blogspot.com/200...cs-crm-40.html
__________________
Расскажите о новых и интересных блогах по Microsoft Dynamics, напишите личное сообщение администратору.
 

Похожие темы
Тема Автор Раздел Ответов Посл. сообщение
Microsoft Dynamics CRM Team Blog: List Web Part for Microsoft Dynamics CRM 4.0 Deployment Scenarios Blog bot Dynamics CRM: Blogs 0 30.01.2009 22:05
Microsoft Dynamics CRM Team Blog: Microsoft Dynamics CRM 4.0 Bookshelf Blog bot Dynamics CRM: Blogs 1 22.01.2009 04:46
Microsoft Dynamics CRM Team Blog: Internet Facing Deployment (IFD) Installation Basics Blog bot Dynamics CRM: Blogs 0 20.09.2008 03:12
axStart: Microsoft Dynamics AX 2009 Hot Topics Web Seminar Series Blog bot DAX Blogs 0 06.08.2008 12:05
Microsoft Dynamics CRM Team Blog: Top 14 Microsoft Dynamics CRM Sites and Downloads Blog bot Dynamics CRM: Blogs 0 14.07.2008 13:05

Ваши права в разделе
Вы не можете создавать новые темы
Вы не можете отвечать в темах
Вы не можете прикреплять вложения
Вы не можете редактировать свои сообщения

BB коды Вкл.
Смайлы Вкл.
[IMG] код Вкл.
HTML код Выкл.
Быстрый переход

Рейтинг@Mail.ru
Часовой пояс GMT +3, время: 00:37.