Mark Minasi's Tech Forum
Sign up Calendar Latest Topics
 
 
 


Reply
  Author   Comment  
ranjb

Still Checking the Forum Out
Registered:
Posts: 2
Reply with quote  #1 
  • Hi All

    My company are looking to implement an internet facing deployment (IFD) with CRM Dynamics 2013 on premise.

    From my research I understand that a pre req is having ADFS setup within the domain.

    As we use Windows 2008 R2 Active Directory domain services, am I best using ADFS 2.0 or could we use ADFS 3.0 (based on Windows 2012 R2) if I built a separate server just for ADFS and then integrate this within our existing 2008 R2 AD environment?

    Our intention for using IFD maybe different from the usual cases. We need to use IFD to be able to talk to a cloud based solution. At the moment we don't have a requirement for external users accessing CRM or any other application on the intranet however I am aware in the near future we are planning on making our SharePoint available to the outside world. Currently this is achieved using a VPN connection and my understanding is SharePoint also utilizes ADFS.

    Any advice on this would be most appreciated.

    Thanks

0
jsclmedave

Administrator
Registered:
Posts: 506
Reply with quote  #2 
Hello Curt..!
__________________
Tim Bolton @jsclmedave
Email: [string](0..20|%{[char][int](32+('527377347976847978324785847679797514357977').substring(($_*2),2))}) -replace ' '  

New to the forum? Please Read this
0
wobble_wobble

Avatar / Picture

Associate Troublemaker Apprentice
Registered:
Posts: 940
Reply with quote  #3 
First off I've not deployed ADFS into production but we have used it in our test for the migration.
So all should be good.
Mixing 2012R2 into your existing mix isn't an issue.

I assume the CRM users will need access to other info on the other SaaS provider hence the need for ADFS.

Small thing I've found is to make sure the ADFS logon works with all of your browsers. Cert issues can be annoying Chrome specifically.
Also ADFS and some apps have compatibility issues. So declare your supported app matrix in advance. You don't want the difficult conversation post rollout when they say 'but we want this app on an iPad/ kindle etc to work'

Good luck, its fun.
Start looking at fiddler

__________________
Have you tried turning it off and walking away? The next person can fix it!

New to the forum? Read this
0
wobble_wobble

Avatar / Picture

Associate Troublemaker Apprentice
Registered:
Posts: 940
Reply with quote  #4 
Won't let me edit for some reason.
We use ADFS 2.
Tested ADFS3 for the migration.

__________________
Have you tried turning it off and walking away? The next person can fix it!

New to the forum? Read this
0
cspanburgh

Avatar / Picture

Senior Member
Registered:
Posts: 264
Reply with quote  #5 
For integration with the cloud app are you planning to use a SOAP connection or a REST connection?

You can see your CRM 2013 options for connections from the Settings | Customizations | Developer Resources area.

The Link:
https://msdn.microsoft.com/library/gg309721.aspx#BKMK_Authentication

Will give you some guidance on authentication methods since if the app is a cloud app you may have several ideas already of moving data back and forth.  If it's Sales Force, let us know.


__________________
Curt Spanburgh
0
Infradeploy

Avatar / Picture

Senior Member
Registered:
Posts: 186
Reply with quote  #6 
You can use a 2012R2 ADFS deployment in a 2008r2 domain. 
__________________
Have SpaceSuit, Will Travel

0
JetzeMellema

Still Checking the Forum Out
Registered:
Posts: 6
Reply with quote  #7 
Quote:
As we use Windows 2008 R2 Active Directory domain services, am I best using ADFS 2.0 or could we use ADFS 3.0 (based on Windows 2012 R2) if I built a separate server just for ADFS and then integrate this within our existing 2008 R2 AD environment?

Always install applications on a different server, it's seldom a good idea to install additional software on your domain controllers. That being said, ADFS Server 2012 R2 is the more modern version of ADFS and in fact ADFS in Server 2016 may be already available by the time you’re about to install.

Also please consider high availability. If the CRM application has no specific availability requirements It’s recommended to make ADFS as HA as you did with Active Directory. So if you deployed two domain controllers because you want the users to be able to keep accessing their applications when a server fails, you should do the same for ADFS. This requires at minimum two servers with ADFS and a load balancer.

And think about external access, you may need to deploy ADFS Proxy (Server 2008 R2) or Web Application Proxy (Server 2012, 2012 R2 and 2016) servers for internet users. And the same HA applies to those servers too.

0
Previous Topic | Next Topic
Print
Reply

Quick Navigation:

Easily create a Forum Website with Website Toolbox.