Monday, November 01, 2010

CRM 2011 and Internet Facing Deployment

I have now had the time to look quite a bit at CRM 2011 beta and it looks really good. The Dynamics CRM team at Microsoft have been really busy.

One of the features I really liked about CRM 4 was Internet Facing Deployment. It opens a lot of doors and my current company offers it quite a lot.

I had a look at this feature in CRM 2011 beta and it is both a really interesting feature and a disappointment. It is based on a completely new architecure, called Claims based authentication which allows any type of authenticator to authenticate users for Dynamics CRM. For example, LinkedIn, Facebook or Windows Live ID could be used to authenticate user in Dynamics CRM.

This is really interesting since it allows for many types of authentication providers, even custom made. However, since the technique is a bit more complex than the old IFD technology in CRM 4.0 it will also require some more configuring. As far as I have understood it is for instance dependant on Active Directory Federation Service 2.0.

I tried setting it up correctly in CRM 2011 beta in a demo environment, with a set up similar to CRM 4.0 with authentication using the AD, which I believe probably still will be mostly used (maybe Live Id will be used quite a lot as well) but after a couple of hours felt that my skills in Active Directory in Windows Server 2008 R2, Federation Service 2.0 and the more technical details of claims based authentication have some rather large white areas, I left it alone.

It is a very interesting technique and I hope that there will be good how-tos around for how to set this up correctly, most preferably a wizard or two, for AD and Live Id authentication.

Another interesting aspect of this is the legacy support of IFD customizations from CRM 4.0. Since this technique is quite different from how this is handled in CRM 4.0, I wonder how Microsoft are going to create full legacy support for old applications, since they are within the "supported" framework which according to Microsofts promises, should mean they are auto-upgradable.

If you have anything to add on this subject, feel free to add a comment. Especially if you know of a good instruction of how to set this up correctly! 

Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB

1 comment:

  1. If you are installing your ADFS service on the same machine as your CRM web server, you must be sure that you do NOT install your CRM organization into the default website in IIS. ASFS must be the default website, so your CRM needs to be in a different site.