locked
Questions about deployment options RRS feed

  • Question

  • My company is starting a MS CRM project and I need some information about the various deployment options. First, some information about its usage.

    The users are both remote (not logged into the company domain or on the company network). We have no control over any of the external networks that are being used. Most of the core CRM workers will regularily be both in the office (thus on the domain) and remote, as most telecomute. Some, such as myself are always remote. Initially, we are not going to use the Outlook client and don't see a need for the offline outlook client, but that could change. The final bit of information is that we'd like to embedd links to entities within emails, as may of the users will not be living within the CRM. (The business need for implementing the CRM is to manage some very long running processes with little or no activity, except the franic activity in the beginning and at the end, thus the users have a hard time tracking what needs to be done.)

    So far there seems to be three deployment options to allow the remote users access:

    1. Use a VPN. This is not a viable option. We've used it for other apps and there are way too many firewall issues (with other firewalls).

    2. Use IFD. Because we want to embedd links in emails, and, as I understand it, the normal onsite deployment and the IFD deployment use different URLs, likely if we used IFD, we'd have all users use IFD.

    3. Make CRM site public. Expose the CRM site to the internet, use SSL to encrypt it, users prompted to login with domain credentials (all users will have domain credentials, even if they've never been to the office). We do this with sharepoint already.

    I'm wondering how chooising option #2 or #3 affects security, performance, the outlook client and the offline client, customizations, etc.

    Thanks!

    Friday, April 16, 2010 9:59 PM

Answers

  • I would prioritize your options like this:

    2, 1, 3

    No. 3 is out of the question - you don't make MS CRM public, even if you use SSL.

    No. 2 is my favorite. With IFD Deployment and SSL, you wil have the perfect solution, since you will not use Outlook.


    Henrik Jensen Instructor / Consultant MCP, MCAD, MCSD, MCTS, MCPD, MCITP, MBSS, MBSP, MCT www.crmblog.dk and mscrm.easyconsult.dk (Danish only)
    Sunday, April 18, 2010 10:04 PM
  • Hi Greg, the only real option here is to use the Internet Facing Deployment. It's the only option supported by Microsoft that will allow users outside your domain to access your CRM system. You could try another option, but you'd be unsupported. You're other might work, but if it doesn't and there is a big problem, it could cost you a lot to workaround and then fix it. And I don't just mean officially unsupported. If you're running a custom configuration and ask a question in the forums, you're going to get no responses because no one else has experience of that configuration.

    I ran the UK's leading Dynamics CRM hosting partner and we ran all our CRM servers in the IFD configuration. The only issue we had sometimes was supporting dynamic Excel worksheets. It's the only option you should consider. In fact, you should really consider having it hosted by a partner or Microsoft (Dynamics CRM Online), then all the complexities of hosting will fall on someone else's shoulders. With hosted CRM 4.0, if you have more than 50 users, I'd recommend running CRM on your own hosted web platform(e.g. a couple of hosted Hyper-V CRM servers rather than a completely shared platform); although a shared database platform will be fine.

    You don't need an External Connector license as Henrick has already pointed out. All users that are company employees or acting like company employees (e.g. agents, subcontractors, temporary workers, consultants, or anyone working with CRM on your behalf) need a client access license regardless of how they connect to the CRM system -- using web client, Outlook client, custom client (Silverlight or through SharePoint or a web portal). The External Connector cannot be used to license your company's users; it's only required if you intend to provide third-parties with read/write access to your CRM data (e.g. your customers, suppliers or partners through a portal).

    Regards,


    Neil Benson, CRM Addict at Customery Ltd.You can reach me on LinkedIn or Twitter, and you're welcome to sign up to Customery, an online community for UK-based Dynamics CRM people.

    Wednesday, April 21, 2010 8:08 AM
    Moderator
  • Even if you use Outlook, you can use IFD...

    IFD + Internet publication is the best solution


    My blog : http://mscrmtools.blogspot.com

    All my tools on my new dedicated site: MSCRMTools Repository
    Monday, April 19, 2010 6:52 AM
    Moderator

All replies

  • I would prioritize your options like this:

    2, 1, 3

    No. 3 is out of the question - you don't make MS CRM public, even if you use SSL.

    No. 2 is my favorite. With IFD Deployment and SSL, you wil have the perfect solution, since you will not use Outlook.


    Henrik Jensen Instructor / Consultant MCP, MCAD, MCSD, MCTS, MCPD, MCITP, MBSS, MBSP, MCT www.crmblog.dk and mscrm.easyconsult.dk (Danish only)
    Sunday, April 18, 2010 10:04 PM
  • Even if you use Outlook, you can use IFD...

    IFD + Internet publication is the best solution


    My blog : http://mscrmtools.blogspot.com

    All my tools on my new dedicated site: MSCRMTools Repository
    Monday, April 19, 2010 6:52 AM
    Moderator
  • you will need to buy crm external connector to allow users from outside your network to connect to your crm installation
    Thanks for any help :) my blog is: http://www.waelk.com
    Monday, April 19, 2010 7:08 AM
  • Only when you wan't external users to connect to MS CRM, as i read it the users are all in the company.

    If this is not the case, and you wan't external users to connect til MS CRM, remember to purcase external connectors for every server connected to MS CRM. This because external connectors are per server.


    Henrik Jensen Instructor / Consultant MCP, MCAD, MCSD, MCTS, MCPD, MCITP, MBSS, MBSP, MCT www.crmblog.dk and mscrm.easyconsult.dk (Danish only)
    Monday, April 19, 2010 7:36 AM
  • I appreciate you're answers.  However, I really need the reasons for them. Henrik, why is #3 out of the question, specifically?

    Wael_e, all the users are in the company, they just aren't in the office. They are remote.

    Thanks again!

    Tuesday, April 20, 2010 4:41 PM
  • Hi Greg,

    #3 is out of the question because there are no reason to make MS CRM public. Why not use IFD Deployment? Doing so, your users can connect to MS CRM via Forms Authentication ans SSL. This is also the recommendations from Microsoft.

    I hope this is the answer you are looking for. Otherwise contact me again.


    Henrik Jensen Instructor / Consultant MCP, MCAD, MCSD, MCTS, MCPD, MCITP, MBSS, MBSP, MCT www.crmblog.dk and mscrm.easyconsult.dk (Danish only)
    Tuesday, April 20, 2010 5:47 PM
  • There are two reasons that #3 is being investigated.

    1. We currently use this same method to access sharepoint portals and it works great. Thus, there is reduced learning curve for our users, as they already know how to access the portal(s).  While this might not seem significant, training and support are an issue when 80% of the users are remote...keep it simple.

    2. Of the users who do work in the office, all of them also work remotely frequently. Having two different URLs and two different login methods would again be suboptimal (assuming we did normal windows auth when in office and IFD when remote).  That leads to either using option #3 or to use #2 (IFD) everywhere, including in the office.

    I'm not seeing the difference between #3 and #2 yet in terms of security, or maintenance or usability. With option #3, they are prompted by IE for their domain credentials. It is using SSL.  It is accessable via the Internet, but not "public".  Option #2 is also accessible via the Internet and as near as I can figure out, simply provides form's authentication, which behind the scenes just uses domain authentication anyway.

    So, unless there is some security hole present with option #3 or maybe IFD provides some options for additional security or there is some functionality that is available via IFD when over the Internet, then I'm not seeing any reasons to choose IFD over #3, other than MS recommends it. Sorry to be a pain, just I'm a curious guy...and I have to explain it to my boss too. ;-)

    Thanks for you continued support with this!

    Tuesday, April 20, 2010 8:53 PM
  • user is remotry that mean the user open crm from internet not from inside your network if i right that mean you need external connector for crm
    Thanks for any help :) my blog is: http://www.waelk.com
    Wednesday, April 21, 2010 7:00 AM
  • Hi Greg, the only real option here is to use the Internet Facing Deployment. It's the only option supported by Microsoft that will allow users outside your domain to access your CRM system. You could try another option, but you'd be unsupported. You're other might work, but if it doesn't and there is a big problem, it could cost you a lot to workaround and then fix it. And I don't just mean officially unsupported. If you're running a custom configuration and ask a question in the forums, you're going to get no responses because no one else has experience of that configuration.

    I ran the UK's leading Dynamics CRM hosting partner and we ran all our CRM servers in the IFD configuration. The only issue we had sometimes was supporting dynamic Excel worksheets. It's the only option you should consider. In fact, you should really consider having it hosted by a partner or Microsoft (Dynamics CRM Online), then all the complexities of hosting will fall on someone else's shoulders. With hosted CRM 4.0, if you have more than 50 users, I'd recommend running CRM on your own hosted web platform(e.g. a couple of hosted Hyper-V CRM servers rather than a completely shared platform); although a shared database platform will be fine.

    You don't need an External Connector license as Henrick has already pointed out. All users that are company employees or acting like company employees (e.g. agents, subcontractors, temporary workers, consultants, or anyone working with CRM on your behalf) need a client access license regardless of how they connect to the CRM system -- using web client, Outlook client, custom client (Silverlight or through SharePoint or a web portal). The External Connector cannot be used to license your company's users; it's only required if you intend to provide third-parties with read/write access to your CRM data (e.g. your customers, suppliers or partners through a portal).

    Regards,


    Neil Benson, CRM Addict at Customery Ltd.You can reach me on LinkedIn or Twitter, and you're welcome to sign up to Customery, an online community for UK-based Dynamics CRM people.

    Wednesday, April 21, 2010 8:08 AM
    Moderator
  • Thursday, April 22, 2010 1:53 PM
  • Thanks Neil. I'm going to get IFD up and test it. Thanks for you time and the information.
    Tuesday, April 27, 2010 6:46 PM
  • Thanks Jerry!
    Tuesday, April 27, 2010 6:47 PM