none
CRM Server & ADFS Server & Public IPs

    Question

  • After a long struggle I finally got (test) CRM up both internally and externally. My joy was short lived, though. In my setup I put both the CRM server and ADFS server directly on a public IP. I have now learned that this is a big no-no and ines, SBS 2008 (which hosts my ADFS) should only be on an private IP address. So I guess I will have to put my host, virtual CRM server and virtual SBS server (with ADFS) behind a router and either configure them with DHCP or set a PRIVATE static IP. Is this how Microsoft was also envisioning it for CRM or do they expect one or both of these servers (CRM & SBS/ADFS) being on public IPs?

    For now I assume they should not be on public IPs. Now according to the guide for claims based authentication I need to have [orgname].[domain].com point to my CRM server and auth.[domain].com point to my SBS/ADFS server. How is that done? Do I have to configure the router so that traffic to these IPs are routed to static private IP addresses associated with those two servers? Or can these servers be on dynamic IPs and the DNS settings (as explained in the aforementioned guide) on the SBS server sort everything out?

    Thursday, March 22, 2012 7:23 AM

Answers

  • The servers should not have public IP addresses. They should have private static IP addresses.  The external DNS records for the CRM and ADFS servers should reference public IP addresses. Your router/firewall should map incoming requests on each of the public IP addresses to the relevant servers (using the private IP address).
    • Marked as answer by hfaun Monday, April 30, 2012 10:07 PM
    Monday, April 16, 2012 7:06 PM

All replies

  • The servers should not have public IP addresses. They should have private static IP addresses.  The external DNS records for the CRM and ADFS servers should reference public IP addresses. Your router/firewall should map incoming requests on each of the public IP addresses to the relevant servers (using the private IP address).
    • Marked as answer by hfaun Monday, April 30, 2012 10:07 PM
    Monday, April 16, 2012 7:06 PM
  • Thank you. That is what I finally ended up doing. All of the subdomains point to the same public and statis IP address through external DNS records. Then on the router I send 443 to the server hosting CRM and 444 to the server hosting ADFS. Both of these servers are on private static IP addresses.
    Monday, April 30, 2012 10:07 PM