A customer of mine is running CRM 4 in IFD mode on a Windows Server 2008 R2 and I thought it might be a good idea to activate the Email router and talk to them about sending mail using that instead of the internal email handler to reduce the need for them to be online with their Outlooks for things to work.
Well, as usually I set up the email router on the CRM-server but was baffled when I couldn't connect to it. I just got this weird error of 401 Unauthorized error. I tried everthing, changing the users, adding the user to the privusergroup, changing the ADWebApplicationRootDomain. After some googling I found the solution on this excellent blog.
http://crmwizard.blogspot.com/2010/02/server-2008-and-email-router-with-ifd.html
It turned out that the server was using IPv6 to access itself and the onpremise exceptions set up in the IFD settings were only based on IPv4 hence it tried to access it in the IFD mode. I just switched IPv6 off in the network adpater and everything worked as it should.
If you speak swedish, there are some interesting discussions on http://www.crmforum.se/, the only Swedish CRM-forum dedicated to Dynamics CRM. So head over there and digg in!
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
Tuesday, April 05, 2011
Friday, March 11, 2011
CRM 2011 Online and datawarehousing
I attended a half day presentation by Microsoft yesterday on the subject of Dynamics CRM 2011 and integrations. It seems that many parterners are a bit hesistant to integrating Dynamics CRM 2011 Online and are promoting the on-premise versions when the issues of integration are important.
Microsoft did a good job in showing that they do have sufficient technology to handle integrations to Dynamics CRM 2011 Online including the Azure based technology ACS - Access Control System that together with Active Directory Federation Services 2.0 can be used to allow Dynamics CRM 2011 Online to use a local AD as authenticator. It is probably not as easy as setting up a normal on-premise solution but at least it can be done and there hopefully are some whitepapers or Youtube-clips on how it is done.
One of the issues that were discussed was the issue of integrations in reagards to Business Intelligence and data warehousing. This is usually done using SQL Integration Service (SSIS) with direct SQL communication. Their suggestion on how to address this issue was to use the new OData interface that exists in Dynamics CRM 2011. I am no SQL expert but I do believe that this being a standardized protocol, integrations will be possible. However, there will still be issues with performance as the amounts of data that need to be transfered are quite large and the OData protocol is still a strict pull-protocol which does not allow for trigger-based updates.
Another issue that I asked about was the licensing issue in regards to Dynamics CRM 2011 Online. Take the following example: A large company of about 40 000 employees has about 500 people activly working in with Dynamics CRM 2011 Online for SalesForceAutomation. A data warehouse is created and data is integrated from many different systems, ERP, production systems, quality control systems and CRM. CRM being the customer data master. SharePoint is used as the global Intranet platform and some of the data from the data warehouse is published on the SharePoint portal to all employees. For instance our currently 10 most important customers. So, the 39 500 employees are only viewing a minute part of the customer data, and it indirecty, via the data warehouse, originates from the CRM system. What licenses in CRM are required for these users?
In the case of an on-premise installation, the best licensing option for Dynamics CRM is the Application Platform Agreement (APA) that is sort of a "free-for-all pass" which is negotiated with Microsoft. However, in the Online environment there is no correlating licensing agreement to the APA. I explicitly asked Micrsoft how this was to be licensed and their answer is that 40 000 separate users licenses are required for Dynamics CRM 2011 Online, making it a rather impossible option, in other words forcing the company to either an on-premise solution, removing some of the data from the data warehouse/Intranet or moving to another CRM supplier. Neither of which is in line with showing off the power of Microsofts cloud services.
I hope this is just a temporary flaw since it does limit Microsofts business opportunities with larger companies and I would think it is probable that some similar agreement form that matches the on-premise APA will be introduced.
On the other hand, the External Connector license is not required at all for CRM Online (or SPLA) making it even more interesting for smaller CRM customers as customer/event/portal integrations are more and more common.
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
Microsoft did a good job in showing that they do have sufficient technology to handle integrations to Dynamics CRM 2011 Online including the Azure based technology ACS - Access Control System that together with Active Directory Federation Services 2.0 can be used to allow Dynamics CRM 2011 Online to use a local AD as authenticator. It is probably not as easy as setting up a normal on-premise solution but at least it can be done and there hopefully are some whitepapers or Youtube-clips on how it is done.
One of the issues that were discussed was the issue of integrations in reagards to Business Intelligence and data warehousing. This is usually done using SQL Integration Service (SSIS) with direct SQL communication. Their suggestion on how to address this issue was to use the new OData interface that exists in Dynamics CRM 2011. I am no SQL expert but I do believe that this being a standardized protocol, integrations will be possible. However, there will still be issues with performance as the amounts of data that need to be transfered are quite large and the OData protocol is still a strict pull-protocol which does not allow for trigger-based updates.
Another issue that I asked about was the licensing issue in regards to Dynamics CRM 2011 Online. Take the following example: A large company of about 40 000 employees has about 500 people activly working in with Dynamics CRM 2011 Online for SalesForceAutomation. A data warehouse is created and data is integrated from many different systems, ERP, production systems, quality control systems and CRM. CRM being the customer data master. SharePoint is used as the global Intranet platform and some of the data from the data warehouse is published on the SharePoint portal to all employees. For instance our currently 10 most important customers. So, the 39 500 employees are only viewing a minute part of the customer data, and it indirecty, via the data warehouse, originates from the CRM system. What licenses in CRM are required for these users?
In the case of an on-premise installation, the best licensing option for Dynamics CRM is the Application Platform Agreement (APA) that is sort of a "free-for-all pass" which is negotiated with Microsoft. However, in the Online environment there is no correlating licensing agreement to the APA. I explicitly asked Micrsoft how this was to be licensed and their answer is that 40 000 separate users licenses are required for Dynamics CRM 2011 Online, making it a rather impossible option, in other words forcing the company to either an on-premise solution, removing some of the data from the data warehouse/Intranet or moving to another CRM supplier. Neither of which is in line with showing off the power of Microsofts cloud services.
I hope this is just a temporary flaw since it does limit Microsofts business opportunities with larger companies and I would think it is probable that some similar agreement form that matches the on-premise APA will be introduced.
On the other hand, the External Connector license is not required at all for CRM Online (or SPLA) making it even more interesting for smaller CRM customers as customer/event/portal integrations are more and more common.
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
Tuesday, March 08, 2011
Installing CRM 4.0 on Windows Server 2008 (R2)
Windows Server 2008 (R2) brings a lot of new and nice features. IIS 7 being one of them and fact that you need to install the features you want to use also makes it more slim and generally better.
However, it does add some extra complexity to installing Dynamics CRM since it requires some components. The installation check that Dynamics CRM runs during installation is not complete in this aspect either and it misses out on some critical components.
I am preparing a virtual machine for a customer of mine and it came with everything installed, but not verified. The Dyn CRM installation did not work. After some checking I found that the following role services were missng:
Static Content Handler
Windows Authentication
and I also added
Digest Authentication and
Static Content Compression
Also the SQL Reporting Services (SSRS) was configured to run with an Execution Account, which I found on some bloggs was erroneous. This is not strange since SSRS with Dynamics CRM is designed for sending the user credentials all the way to the SQL-server, which means that SSRS must impersonate the user. So I disabled this.
After fixing these issues, the best way forward is to reinstall Dyn CRM since trying to fix a faulty installation is a lot harder and takes a lot more time. If you have data that you need, try reinstalling and then redeploying the database.
I am also using VirtuaBox as virtualization and I strongly advise against using the snapshot functionality, it seems very unstable.
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
However, it does add some extra complexity to installing Dynamics CRM since it requires some components. The installation check that Dynamics CRM runs during installation is not complete in this aspect either and it misses out on some critical components.
I am preparing a virtual machine for a customer of mine and it came with everything installed, but not verified. The Dyn CRM installation did not work. After some checking I found that the following role services were missng:
Static Content Handler
Windows Authentication
and I also added
Digest Authentication and
Static Content Compression
Also the SQL Reporting Services (SSRS) was configured to run with an Execution Account, which I found on some bloggs was erroneous. This is not strange since SSRS with Dynamics CRM is designed for sending the user credentials all the way to the SQL-server, which means that SSRS must impersonate the user. So I disabled this.
After fixing these issues, the best way forward is to reinstall Dyn CRM since trying to fix a faulty installation is a lot harder and takes a lot more time. If you have data that you need, try reinstalling and then redeploying the database.
I am also using VirtuaBox as virtualization and I strongly advise against using the snapshot functionality, it seems very unstable.
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
Friday, March 04, 2011
Javascript in CRM 2011 - lots of new stuff
CRM 2011 brings lots of new technology, one of the areas being web resources, a very longed for area where general resources like webpages, javascript libraries and silverlight applications can be uploaded in a general area and then selected in certain areas.
Microsoft have also revised the javascript framework for CRM 2011 and it brings a lot of enhancments and and some old stuff has been depracated, but still works.
I found a very interesting grid at this blog: http://inogic.blogspot.com/2011/02/difference-between-crm-40-and-crm2011.html
I have referenced it directly for your pleasure bellow, click it to view it in full size:
Great thanks to the guys behind it at Inogic. A great help!
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
Microsoft have also revised the javascript framework for CRM 2011 and it brings a lot of enhancments and and some old stuff has been depracated, but still works.
I found a very interesting grid at this blog: http://inogic.blogspot.com/2011/02/difference-between-crm-40-and-crm2011.html
I have referenced it directly for your pleasure bellow, click it to view it in full size:
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
Wednesday, March 02, 2011
www.crmforum.se
We have longed for a local Swedish forum dedicated to only Microsoft Dynamics CRM where both consultants, experts, trainers and users can create a community and discuss issues concerning Microsoft Dynamics CRM. Not as big as the official forum hosted by Microsoft, but smaller, in Swedish and maybe a bit more friendly! That is why we have created http://www.crmforum.se/, the Swedish forum for the Dynamics CRM community in Sweden and Scandinavia. So if you are working with Microsoft Dynamics CRM and like to communicate in Swedish, join us. There are no adds and no fees.
http://www.crmforum.se/
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
http://www.crmforum.se/
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
Thursday, February 17, 2011
CRM 2011 is now fully released
Now it is finally here in full! The new, brilliant version of our favorite product, Microsoft Dynamics CRM 2011. If you havn't already tried it, there is no time to loose! Click the link bellow and start downloading:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c3f82c6f-c123-4e80-b9b2-ee422a16b91d
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c3f82c6f-c123-4e80-b9b2-ee422a16b91d
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
Thursday, February 10, 2011
My first apperance as guest blogger
I have been asked by the very well renowned blog at Software Advice, to write a guest post and you can now read it at their site: Software Advice. It is a post concerning the legal problems of cloud based systems and where its data is stored. It is most uncertain which laws apply to the data, and the most probable outcome is that it will be viewed as subject to the country where it is stored. Something that might not always be beneficial to companies and organizations with sensitive data.
Please read it and leave your comment on the subject, it would be very interesting to read your view on the subject. I personally think it is very interesting and that it is one of the aspects of cloud computing that I feel often is neglected by companies.
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
Please read it and leave your comment on the subject, it would be very interesting to read your view on the subject. I personally think it is very interesting and that it is one of the aspects of cloud computing that I feel often is neglected by companies.
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
Monday, January 17, 2011
CRM 2011 IFD
Internet Facing Deployment is one of the most important features of Dynamics CRM 4 and will be so for CRM 2011 aswell. It is the enabler for real multitennancy environments and for accessing Dynamics CRM from the Internet.
As I mentioned previously, in CRM 2011 there have been some major changes to this feature as it is now based on Claims based authentication. I tried setting this up for the Beta release but the AD Federation Services 2.0 requirements were a bit over my head.
Well, Microsoft acknowledged this and have now released a video on how to set this up and they mentioned it on the CRM Team blog aswell.
I havn't tried it yet, but videos are an excellent way of learning how to do these things since you can pause, rewind and do it one step at a time.
If you have any experience of setting up IFD for CRM 2011, please drop a comment.
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
As I mentioned previously, in CRM 2011 there have been some major changes to this feature as it is now based on Claims based authentication. I tried setting this up for the Beta release but the AD Federation Services 2.0 requirements were a bit over my head.
Well, Microsoft acknowledged this and have now released a video on how to set this up and they mentioned it on the CRM Team blog aswell.
I havn't tried it yet, but videos are an excellent way of learning how to do these things since you can pause, rewind and do it one step at a time.
If you have any experience of setting up IFD for CRM 2011, please drop a comment.
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
Wednesday, December 22, 2010
Need to approve email addresses in CRM 2011
As we are running CRM 2011 as dogfood, I found an interesting new feature of CRM 2011. When adding a new user, you have to approve their email for it to work properly, for instance in Outlook where you otherwise will get an error saying that the sending user does not have an email address.
So, if you get this error, just add an email address and press the "Approve Email" button in the ribbon.
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
So, if you get this error, just add an email address and press the "Approve Email" button in the ribbon.
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
Tuesday, December 21, 2010
Interesting blog article on Microsofts Dynamics in the cloud
The Cloud is hot. Everybody seems to be talking cloud computing like it is the holy grail of computing. I try to have a bit more cold headed view of it since I am often faced with the complexities of integrating systems with each other, I often find that it can be very complex to integrate two systems residing in machines next to each other, adding a level of complexity by placing these machines on the internet does make integration more complex and costly.
The cloud does have its advantages though, for smaller companies, like my own, there is no need to own and run large servers. We, at CRM-Konsulterna, do not run any servers at all. The one server that we actually need, our lab environment, is actually hosted aswell, but on a infrastructure level.
I was tipped by Software Advice about an interesting article on Microsofts push on cloud computing for Microsoft Dynamics. You can read it here: http://www.softwareadvice.com/articles/accounting/microsoft-is-all-in-for-the-cloud-but-what-about-dynamics-1121310/. It addresses some quite interesting points from a Dynamics perspective, not only CRM.
I think that you need to understand the background in order to understand why Microsoft are pushing this so hard. The traditional on-premise deployment type of systems has always been Microsofts strongest area and Microsoft has for several reasons, like risk reduction, scalability etc. to have a business that is partner based. It is also heavily focused on adressing the IT part of customers business, which is natural when coming from their background.
The recent years have shown that companies like Google and SalesForce.com deliver very competent cloud based services and this seriously endagers Microsofts core business model since it shortcuts Microsoft offers by adressing the business decions makers directly and circomventing the IT-departments. This is a outspoken stragegy for companies like SalesForce.com.
So, what Microsoft tries to do is to compete on the cloud market and the on-premise market at the same time while still trying to hold on to their partner network and maintain their loyalty. This is of course quite complicated since many Microsoft partners have made a living by installing and selling Microsoft software. There are new models for cloud based service reselling but it does feel like there is going to be a bit of a downside for many partners.
From our perspective, as CRM-consultants, we are happy to offer CRM in any flavor since our main businesses is not selling the licenses but around helping our customers leverage the power of the system by adapting it to their needs. Hence it does not really matter if it on-premise or in the cloud.
However, from a technical perspective, we do recommend either partner hosted or on-premise since that substantially reduces the pains of integrations and adaptions compared to a Microsoft hosted solution. So, our recommendation to our customers is usually to choose partner hosted as that relieves them of the burden of managing the server etc. and at the same time gives us all the advantages of adapting the system to their needs.
The fact that Hunter Richards mentions about the different architectures of the Dynamics ERP products is true but does not really affect Microsoft CRM since it has a good Cloud platform, even though there are some adaptations that only can be done on on-premise or partner hosted systems, it is a very competent and flexible Cloud system and the new version CRM 2011 is even better.
It will also be interesting to see how Microsoft will mange the partner channel in the future. It is something they, with their current business model cannot do without but at the same time something that slows them down a bit since partners naturally are slower to move than inhouse consultants.
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
The cloud does have its advantages though, for smaller companies, like my own, there is no need to own and run large servers. We, at CRM-Konsulterna, do not run any servers at all. The one server that we actually need, our lab environment, is actually hosted aswell, but on a infrastructure level.
I was tipped by Software Advice about an interesting article on Microsofts push on cloud computing for Microsoft Dynamics. You can read it here: http://www.softwareadvice.com/articles/accounting/microsoft-is-all-in-for-the-cloud-but-what-about-dynamics-1121310/. It addresses some quite interesting points from a Dynamics perspective, not only CRM.
I think that you need to understand the background in order to understand why Microsoft are pushing this so hard. The traditional on-premise deployment type of systems has always been Microsofts strongest area and Microsoft has for several reasons, like risk reduction, scalability etc. to have a business that is partner based. It is also heavily focused on adressing the IT part of customers business, which is natural when coming from their background.
The recent years have shown that companies like Google and SalesForce.com deliver very competent cloud based services and this seriously endagers Microsofts core business model since it shortcuts Microsoft offers by adressing the business decions makers directly and circomventing the IT-departments. This is a outspoken stragegy for companies like SalesForce.com.
So, what Microsoft tries to do is to compete on the cloud market and the on-premise market at the same time while still trying to hold on to their partner network and maintain their loyalty. This is of course quite complicated since many Microsoft partners have made a living by installing and selling Microsoft software. There are new models for cloud based service reselling but it does feel like there is going to be a bit of a downside for many partners.
From our perspective, as CRM-consultants, we are happy to offer CRM in any flavor since our main businesses is not selling the licenses but around helping our customers leverage the power of the system by adapting it to their needs. Hence it does not really matter if it on-premise or in the cloud.
However, from a technical perspective, we do recommend either partner hosted or on-premise since that substantially reduces the pains of integrations and adaptions compared to a Microsoft hosted solution. So, our recommendation to our customers is usually to choose partner hosted as that relieves them of the burden of managing the server etc. and at the same time gives us all the advantages of adapting the system to their needs.
The fact that Hunter Richards mentions about the different architectures of the Dynamics ERP products is true but does not really affect Microsoft CRM since it has a good Cloud platform, even though there are some adaptations that only can be done on on-premise or partner hosted systems, it is a very competent and flexible Cloud system and the new version CRM 2011 is even better.
It will also be interesting to see how Microsoft will mange the partner channel in the future. It is something they, with their current business model cannot do without but at the same time something that slows them down a bit since partners naturally are slower to move than inhouse consultants.
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
Thursday, December 16, 2010
CRM 2011 Release Candidate and installation
As most of you dedicated CRM nerds most certainly already know, the Release Candidate for CRM 2011 has been released.
As we at CRM-Konsulterna want to act as we preach, we have of course installed it and are now trying it out.
We are a small company and do not yet have an AD except one for our development environments on our virtual server host that we rent. So, our computers are not part of the domain that the CRM resides in.
An interesting thing about the Outlook client installation was that when we tested the connection, it worked just fine, but when trying to press the OK button in the configuration wizard, it just complained with the following error message "The server address (URL) is not valid.".
After some digging, I found that the reason was that the stored URL that the discovery service returns is actually the computer name, and since our working computers arn't part of the CRM:s AD, it couldn't find it.
The simple fix is to add an entry in the local hosts file located in "C:\Windows\System32\drivers\etc\hosts" (if you installed windows to C:\Windows of course).
There is probably some entry in the database, where this is located as well, I had a quick look but didn't find it. If you know where, please let me know. The registry serverurl in the MSCRM key does not seem to be right. At least it does not change the webservice http://www.blogger.com/s displayed in the customizations pages of CRM.
CRM 2011 looks and feels, really good, there are some minor buggs but it is a large step from CRM 4 which is a very good application as well.
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
As we at CRM-Konsulterna want to act as we preach, we have of course installed it and are now trying it out.
We are a small company and do not yet have an AD except one for our development environments on our virtual server host that we rent. So, our computers are not part of the domain that the CRM resides in.
An interesting thing about the Outlook client installation was that when we tested the connection, it worked just fine, but when trying to press the OK button in the configuration wizard, it just complained with the following error message "The server address (URL) is not valid.".
After some digging, I found that the reason was that the stored URL that the discovery service returns is actually the computer name, and since our working computers arn't part of the CRM:s AD, it couldn't find it.
The simple fix is to add an entry in the local hosts file located in "C:\Windows\System32\drivers\etc\hosts" (if you installed windows to C:\Windows of course).
There is probably some entry in the database, where this is located as well, I had a quick look but didn't find it. If you know where, please let me know. The registry serverurl in the MSCRM key does not seem to be right. At least it does not change the webservice http://www.blogger.com/s displayed in the customizations pages of CRM.
CRM 2011 looks and feels, really good, there are some minor buggs but it is a large step from CRM 4 which is a very good application as well.
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
Tuesday, December 07, 2010
Customer databases and Wikileaks
The latest news concerning wikileaks have some very important implications on CRM systems or xRM systems in general for that matter. How do you set the system up to avoid large information losses? There are some general things to be taken into consideration and some specifics for Microsoft Dynamics CRM.
For many companies, the list of customers, cases, interesting leads and business opportunities are among the most critical information the company has. If it gets into the wrong hands, the effects can be anything from embarssing to fatal. The latest weeks news concerning wikileaks has put this risk into some new light and it is a good time for companies to really put the right focus on this and handle the problem before it is too late. A competent CRM system like Microsoft Dynamics CRM, can, if security issues have not be properly addressed, be a great tool to very quickly export a lot of very business critical information.
There are some general tips that you really should address:
- How critical is the data? Which data is the most critical? Try to focus on the most important data instead of trying to set up fine masked security to cover all data. This will give you a bigger bang for the buck and also get the changes up and running quickly. Remember the fact that the chains often breaks at the weakest link, so focus on this link first.
- What legal aspects of the data do you have? Do all employees sign non-disclosure agreements and do they understand the severity of actually taking along some data to a competitor. In reality it is very hard to drive legal actions based on this but making sure all employees have understood the severity, will act proactivly to reduce the risk.
- Who can access the data? Usually not only the employees, IT-consultants, CRM- and ERP-consultants, and other contracted people might also have access.Trying to reduce the number of contractors, and signing company global NDA:s with contractors is usually a good idea.
- Where is the data stored? In these cloud computing times, this is not always a simple question. Data might be stored in a country with very rigid anti-terrorist or anti-piracy laws allowing government or other agencies to demand access to the data. If these government agencies judge that it be in their contrys best interest to send this information forward, this might also be done. Might sound a bit paranoid, but security policy is more about being paranoid than being naive. I would recommed hosting the system yourself or at a local partner. Preferably a partner of similar size to your own company since this will give you the same amount of flexibility and beaurocracy. This local partner will also be under the same national laws as your own company and have a more intimate relationship with your business than a huge corporation with a global hosting service.
- What is the weak link in the handling of data? It does not really matter if the CRM system in the cloud has astronomical encryption in the database and data transfers, if the people using the system have the same password in the CRM system as they have in all other online services like Facebook or Hotmail. Numerous examples have shown that people do share passwords between sites, and that cracking one site usually unlocks a lot more. An example can be a person using the same password for their local childcare portal as they do for their CRM at the global company they work for. The simple childcare portal, might be easily hacked with normal methods like SQL-injection and the passwords generated from this can then be used to access the global company CRM.
There are still more general principles to follow, I will not list them all here, if you have any you find particulary important, please leave a comment!
So, how do we handle this in Microsoft Dynamics CRM? There are several techniques that can be used but it is a constant battle between giving your users the power to really work with the data and making sure that the data is safe. Bellow are some of the more common ways of handling this:
- Security Roles and business units. The basic security architeture of Microsoft Dynamics CRM is really versatile and has very good support for separating users and data into different business units and then setting user roles to restrict access based on these business units. For instance, a team of telesales personell with a very high turnover of employees, can be set to only have read and write access to their own customers and opportunities and their team manager has the task of delegating the ownership of leads or opportunities to them. By using different roles, the senior sales team can on the other hand have access to all customers and business opportunities in the system. If a good separation of data can be done based on business units and security roles, this is a very good method since it is easy to set up and change, and still has very deep functionality in Dynamics CRM, going all the way down to the Filtered Views in the Dynamics CRM SQL-database.
- Disabling Excel export. Probably the most risky function in Dynamics CRM in regards to data theft from employees, is the Excel button. It can export any data the user has access to. There is a flag in the security roles, where this function can be switched off. It should be for all but powerusers, analysts and management.
- Limiting Excel export size. There is a way of manipulating the Dynamics CRM database to only allow a certain amount of rows in an excel export. As I have understood it, it is really a way of easing the load on the server and not really meant as a means of protecting data. It can only be set on a system wide way, which will limit the use of Excel for all users. You can read more about it in this blog entry, have a look in the comments, since it tells you how to set this for CRM 4. http://ronaldlemmen.blogspot.com/2006/11/maximum-amount-of-records-in-excel.html
- Custom Plugin code. Writing code that uses more complex functionality and filters the data can also be used. It need to trigger on the Retrieve, RetrieveMultiple and Execute methods. This is of course the moste versatile method. Even though it can be used to filter data that is accessed from the Dynamics CRM GUI it does not affect the Filtered Views in the database, so it is not a 100% solution but will work in most cases.
- Unsupported customizations. There is of course the dark side of customizations as well, by rewriting the database with new stored procedures, views, by modifying the existing CRM functionality, very deep changes can be made. This is not something I recommend since it will usually require deep reverse engineering and will seriously affect the upgradablity of the Dynamics CRM system.
This is a complex area and I would be happy to discuss it with you. Please leave a comment with your views on the subject. All comments are moderated to avoid spam.
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
http://www.crmkonsulterna.se/
For many companies, the list of customers, cases, interesting leads and business opportunities are among the most critical information the company has. If it gets into the wrong hands, the effects can be anything from embarssing to fatal. The latest weeks news concerning wikileaks has put this risk into some new light and it is a good time for companies to really put the right focus on this and handle the problem before it is too late. A competent CRM system like Microsoft Dynamics CRM, can, if security issues have not be properly addressed, be a great tool to very quickly export a lot of very business critical information.
There are some general tips that you really should address:
- How critical is the data? Which data is the most critical? Try to focus on the most important data instead of trying to set up fine masked security to cover all data. This will give you a bigger bang for the buck and also get the changes up and running quickly. Remember the fact that the chains often breaks at the weakest link, so focus on this link first.
- What legal aspects of the data do you have? Do all employees sign non-disclosure agreements and do they understand the severity of actually taking along some data to a competitor. In reality it is very hard to drive legal actions based on this but making sure all employees have understood the severity, will act proactivly to reduce the risk.
- Who can access the data? Usually not only the employees, IT-consultants, CRM- and ERP-consultants, and other contracted people might also have access.Trying to reduce the number of contractors, and signing company global NDA:s with contractors is usually a good idea.
- Where is the data stored? In these cloud computing times, this is not always a simple question. Data might be stored in a country with very rigid anti-terrorist or anti-piracy laws allowing government or other agencies to demand access to the data. If these government agencies judge that it be in their contrys best interest to send this information forward, this might also be done. Might sound a bit paranoid, but security policy is more about being paranoid than being naive. I would recommed hosting the system yourself or at a local partner. Preferably a partner of similar size to your own company since this will give you the same amount of flexibility and beaurocracy. This local partner will also be under the same national laws as your own company and have a more intimate relationship with your business than a huge corporation with a global hosting service.
- What is the weak link in the handling of data? It does not really matter if the CRM system in the cloud has astronomical encryption in the database and data transfers, if the people using the system have the same password in the CRM system as they have in all other online services like Facebook or Hotmail. Numerous examples have shown that people do share passwords between sites, and that cracking one site usually unlocks a lot more. An example can be a person using the same password for their local childcare portal as they do for their CRM at the global company they work for. The simple childcare portal, might be easily hacked with normal methods like SQL-injection and the passwords generated from this can then be used to access the global company CRM.
There are still more general principles to follow, I will not list them all here, if you have any you find particulary important, please leave a comment!
So, how do we handle this in Microsoft Dynamics CRM? There are several techniques that can be used but it is a constant battle between giving your users the power to really work with the data and making sure that the data is safe. Bellow are some of the more common ways of handling this:
- Security Roles and business units. The basic security architeture of Microsoft Dynamics CRM is really versatile and has very good support for separating users and data into different business units and then setting user roles to restrict access based on these business units. For instance, a team of telesales personell with a very high turnover of employees, can be set to only have read and write access to their own customers and opportunities and their team manager has the task of delegating the ownership of leads or opportunities to them. By using different roles, the senior sales team can on the other hand have access to all customers and business opportunities in the system. If a good separation of data can be done based on business units and security roles, this is a very good method since it is easy to set up and change, and still has very deep functionality in Dynamics CRM, going all the way down to the Filtered Views in the Dynamics CRM SQL-database.
- Disabling Excel export. Probably the most risky function in Dynamics CRM in regards to data theft from employees, is the Excel button. It can export any data the user has access to. There is a flag in the security roles, where this function can be switched off. It should be for all but powerusers, analysts and management.
- Limiting Excel export size. There is a way of manipulating the Dynamics CRM database to only allow a certain amount of rows in an excel export. As I have understood it, it is really a way of easing the load on the server and not really meant as a means of protecting data. It can only be set on a system wide way, which will limit the use of Excel for all users. You can read more about it in this blog entry, have a look in the comments, since it tells you how to set this for CRM 4. http://ronaldlemmen.blogspot.com/2006/11/maximum-amount-of-records-in-excel.html
- Custom Plugin code. Writing code that uses more complex functionality and filters the data can also be used. It need to trigger on the Retrieve, RetrieveMultiple and Execute methods. This is of course the moste versatile method. Even though it can be used to filter data that is accessed from the Dynamics CRM GUI it does not affect the Filtered Views in the database, so it is not a 100% solution but will work in most cases.
- Unsupported customizations. There is of course the dark side of customizations as well, by rewriting the database with new stored procedures, views, by modifying the existing CRM functionality, very deep changes can be made. This is not something I recommend since it will usually require deep reverse engineering and will seriously affect the upgradablity of the Dynamics CRM system.
This is a complex area and I would be happy to discuss it with you. Please leave a comment with your views on the subject. All comments are moderated to avoid spam.
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
http://www.crmkonsulterna.se/
Tuesday, November 02, 2010
Lecturer at certification preparation courses
CRM-Konsulterna and Informator, have agreed on a partnership and as part of this I will be one of their regular Dynamics CRM lecturers. Since Microsoft are changing their partnership program, with a lot more focus on certification requirements, we are kicking off with two certification preparation courses for the Application and the Customization exam. If the interest is good, we will most certainly arrange courses in Installation & Configuration and Extending Dynamics CRM as well. Later on we are also planning some Microsoft Official Dynamics CRM courses, both CRM 4.0 and CRM 2011.
So, make sure that you and you consultants are up to speed and join me for an instructive and very hands-on course that will certainly prepare you for the types of questions you will be facing in the exam.
The courses will be held at Informator in Stockholm, but if you have interest in attending a course in some other place, please let me or Informator know and we'll see what we can do!
At the following links you can read some more about the courses:
CRM 4.0 Application
CRM 4.0 Customization
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
http://www.crmkonsulterna.se/
So, make sure that you and you consultants are up to speed and join me for an instructive and very hands-on course that will certainly prepare you for the types of questions you will be facing in the exam.
The courses will be held at Informator in Stockholm, but if you have interest in attending a course in some other place, please let me or Informator know and we'll see what we can do!
At the following links you can read some more about the courses:
CRM 4.0 Application
CRM 4.0 Customization
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
http://www.crmkonsulterna.se/
Importing organizations with custom reports
The import organization tool is very useful for setting up test or development environements with full production level data. However, I ran into a problem importing today, when importing the organization, I got the following fatal error:
System.InvalidOperationException: ExecuteNonQuery requires an open and available Connection. The connection's current state is closed.
After a bit of googling I found that this had been discussed in the CRM forums: http://social.microsoft.com/Forums/en/crmdeployment/thread/53c616e8-c454-48ec-9962-759071a82358
Since I imported the organization, mainly to work with duplicates processing, I just removed all custom reports from the CRM database manually and the import went just fine.
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
System.InvalidOperationException: ExecuteNonQuery requires an open and available Connection. The connection's current state is closed.
After a bit of googling I found that this had been discussed in the CRM forums: http://social.microsoft.com/Forums/en/crmdeployment/thread/53c616e8-c454-48ec-9962-759071a82358
Since I imported the organization, mainly to work with duplicates processing, I just removed all custom reports from the CRM database manually and the import went just fine.
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
Monday, November 01, 2010
CRM 2011 and Internet Facing Deployment
I have now had the time to look quite a bit at CRM 2011 beta and it looks really good. The Dynamics CRM team at Microsoft have been really busy.
One of the features I really liked about CRM 4 was Internet Facing Deployment. It opens a lot of doors and my current company offers it quite a lot.
I had a look at this feature in CRM 2011 beta and it is both a really interesting feature and a disappointment. It is based on a completely new architecure, called Claims based authentication which allows any type of authenticator to authenticate users for Dynamics CRM. For example, LinkedIn, Facebook or Windows Live ID could be used to authenticate user in Dynamics CRM.
This is really interesting since it allows for many types of authentication providers, even custom made. However, since the technique is a bit more complex than the old IFD technology in CRM 4.0 it will also require some more configuring. As far as I have understood it is for instance dependant on Active Directory Federation Service 2.0.
I tried setting it up correctly in CRM 2011 beta in a demo environment, with a set up similar to CRM 4.0 with authentication using the AD, which I believe probably still will be mostly used (maybe Live Id will be used quite a lot as well) but after a couple of hours felt that my skills in Active Directory in Windows Server 2008 R2, Federation Service 2.0 and the more technical details of claims based authentication have some rather large white areas, I left it alone.
It is a very interesting technique and I hope that there will be good how-tos around for how to set this up correctly, most preferably a wizard or two, for AD and Live Id authentication.
Another interesting aspect of this is the legacy support of IFD customizations from CRM 4.0. Since this technique is quite different from how this is handled in CRM 4.0, I wonder how Microsoft are going to create full legacy support for old applications, since they are within the "supported" framework which according to Microsofts promises, should mean they are auto-upgradable.
If you have anything to add on this subject, feel free to add a comment. Especially if you know of a good instruction of how to set this up correctly!
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
One of the features I really liked about CRM 4 was Internet Facing Deployment. It opens a lot of doors and my current company offers it quite a lot.
I had a look at this feature in CRM 2011 beta and it is both a really interesting feature and a disappointment. It is based on a completely new architecure, called Claims based authentication which allows any type of authenticator to authenticate users for Dynamics CRM. For example, LinkedIn, Facebook or Windows Live ID could be used to authenticate user in Dynamics CRM.
This is really interesting since it allows for many types of authentication providers, even custom made. However, since the technique is a bit more complex than the old IFD technology in CRM 4.0 it will also require some more configuring. As far as I have understood it is for instance dependant on Active Directory Federation Service 2.0.
I tried setting it up correctly in CRM 2011 beta in a demo environment, with a set up similar to CRM 4.0 with authentication using the AD, which I believe probably still will be mostly used (maybe Live Id will be used quite a lot as well) but after a couple of hours felt that my skills in Active Directory in Windows Server 2008 R2, Federation Service 2.0 and the more technical details of claims based authentication have some rather large white areas, I left it alone.
It is a very interesting technique and I hope that there will be good how-tos around for how to set this up correctly, most preferably a wizard or two, for AD and Live Id authentication.
Another interesting aspect of this is the legacy support of IFD customizations from CRM 4.0. Since this technique is quite different from how this is handled in CRM 4.0, I wonder how Microsoft are going to create full legacy support for old applications, since they are within the "supported" framework which according to Microsofts promises, should mean they are auto-upgradable.
If you have anything to add on this subject, feel free to add a comment. Especially if you know of a good instruction of how to set this up correctly!
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
Wednesday, October 27, 2010
External Connector for SPLA/Hosted CRM
Many of my customers are aquiring Dynamics CRM through the Service Provider License Agreement (SPLA) which more commonly is known as Partner Hosted. We are working closely with Hermelin IT-Partner (http://www.hermelin.com/) for this service as they are an excellent provider of IT-infrastructure.
One of the licensing issues I have been discussing with Hermelin IT-Partner and Crayon, a Swedish Microsoft Licensing specialist partner, is how the External Connector is licensed for SPLA.
The External Connector is, as many of you probably know, a special license that is required to license external users to work with data in Dynamics CRM, without working with the normal GUI (requires full license). Despite the name, it just a license form and does not contain any code at all.
Typical scenarios where the external connector is required is for customer portals, case registrations by customers etc. where the portal or other software works directly with the CRM webservice or database. I have had extensive discussions with Microsoft concerning implicit information, like data warehouses and how these are to be licensed but have as of now only got the answer that as long as there is some interaction with the data, like drill-down, a license is required. If there are many users, the Application Platform Agreement is what is recommended. The external connector cannot be used in internal scenarios as it explicitly only gives accessrights to non-employees and the similar.
For an on premise solution, the external connector is typically priced in the area of €25 000 or $30 000 which is quite hefty and a very large pricetag for a small company making it more or less impossible to buy.
So, when working with Dynamics CRM licensed in SPLA, how does the license agreement work? Crayon sent us the following sections concerning this:
So, surprise, you don't need it at all! This is something I think is great since that really opens up the possibilities of really leveraging the full power of Dynamics CRM for our customers even the smallest with only a couple of users.
It also has some other implications, namely that a customer that currently licenses Dynamics CRM as on-premise via Volume Licensing or by renting the licenses and currently are using the external connector, really should start looking at moving to partner hosted since that will remove the quite hefty cost of the external connector. It typically also comes with a SA of about 1/3 the cost per year so it is an ongoing cost.
I hope that Microsoft will be harmonizing this with the rest of the "power of choice" so that it will be more reasonably priced also for on-premise solutions.
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
http://www.crmkonsulterna.se/
One of the licensing issues I have been discussing with Hermelin IT-Partner and Crayon, a Swedish Microsoft Licensing specialist partner, is how the External Connector is licensed for SPLA.
The External Connector is, as many of you probably know, a special license that is required to license external users to work with data in Dynamics CRM, without working with the normal GUI (requires full license). Despite the name, it just a license form and does not contain any code at all.
Typical scenarios where the external connector is required is for customer portals, case registrations by customers etc. where the portal or other software works directly with the CRM webservice or database. I have had extensive discussions with Microsoft concerning implicit information, like data warehouses and how these are to be licensed but have as of now only got the answer that as long as there is some interaction with the data, like drill-down, a license is required. If there are many users, the Application Platform Agreement is what is recommended. The external connector cannot be used in internal scenarios as it explicitly only gives accessrights to non-employees and the similar.
For an on premise solution, the external connector is typically priced in the area of €25 000 or $30 000 which is quite hefty and a very large pricetag for a small company making it more or less impossible to buy.
So, when working with Dynamics CRM licensed in SPLA, how does the license agreement work? Crayon sent us the following sections concerning this:
For Dynamics CRM 4.0 Service Provider :
You do not need a SAL for external users who access Dynamics CRM 4.0 without using Dynamics CRM 4.0 Client for Microsoft Office Outlook and Microsoft Dynamics CRM 4.0 Web Client software. External users means users that are not (i) a customer’s or a customer’s affiliates’ employees, or (ii) a customer’s or a customer’s affiliates’ contractors and agents.
So, surprise, you don't need it at all! This is something I think is great since that really opens up the possibilities of really leveraging the full power of Dynamics CRM for our customers even the smallest with only a couple of users.
It also has some other implications, namely that a customer that currently licenses Dynamics CRM as on-premise via Volume Licensing or by renting the licenses and currently are using the external connector, really should start looking at moving to partner hosted since that will remove the quite hefty cost of the external connector. It typically also comes with a SA of about 1/3 the cost per year so it is an ongoing cost.
I hope that Microsoft will be harmonizing this with the rest of the "power of choice" so that it will be more reasonably priced also for on-premise solutions.
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
http://www.crmkonsulterna.se/
Thursday, October 21, 2010
Dublicate detection window too small...
Had an interesting error reported by a customer today. It seems that in the Swedish version of CRM 4.0 the duplicate detection window showing found duplicates is too small. You cannot see the buttons:
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
This is a bit trick to fix since this form is not customizable and I think the only supported way of actually fixing it is changing the amount of text at the top by exporting the tags.
There is, however, a very small unsupported change that you can do that will enable the scrollbars which will allow you to scroll down to see and press the buttons.
Open the file: CRMWeb/Tools/DuplicateDetection/ViewDuplicates/ViewDuplicates.aspx
and edit the tag to instead. It will give the following result:
Which will allow the user to scroll down and see and press the buttons.
The risks of this unsupported fix is that it might be overwritten in update rollups, but it would destroy anything and there are no risks when upgrading to 2011.
I really would like Microsoft to fix this bugg though...
If anyone has some other solution to this, that is supported, please leave a comment.
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
Thursday, October 14, 2010
Publishing reports for external use
Recently I have been working quite a lot with reports and I must say that the new GUI in Reportdesigner for SQL RS 2008 is really a nice facelift.
I have been working with autogenerating reports as PDF:s as I have previously blogged about. It is a bit more complex to do in SQL Server 2005 and later since you have to work with two webservices that have similar class names, which I must say is a real stroke of genius. If there is interest, I might be looking into writing some about this.
An interesting thing I noticed about this is that despite the fact that the report previously has been published for external use, each update of the report will require you to republish it in order for the changes to stick. You can otherwise get some really interesting inconsistencies.
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
I have been working with autogenerating reports as PDF:s as I have previously blogged about. It is a bit more complex to do in SQL Server 2005 and later since you have to work with two webservices that have similar class names, which I must say is a real stroke of genius. If there is interest, I might be looking into writing some about this.
An interesting thing I noticed about this is that despite the fact that the report previously has been published for external use, each update of the report will require you to republish it in order for the changes to stick. You can otherwise get some really interesting inconsistencies.
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
Wednesday, September 22, 2010
Problem with installing CRM on machine with Microsoft .NET Framework 4 installed
I was setting up a VPC today and during the checks I got the following error:
"ASP.NET 2.0 is not installed"
Very weird. I had it installed and I tried repairing the installation and running aspnet_regiis -i on the ASP.NET 2.0 framework. After some googling I found that this was due to Microsoft .NET Framework 4.0 installed and this excellent blog explaining what was wrong and how to fix it. I did, however, have to remove the ISAPI filter for .NET Framework 4.0. Check it out here:
http://crm.vdsnickt.eu/2010/05/ms-crm-4-0-setup-error-asp-net-is-not-installed/
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
"ASP.NET 2.0 is not installed"
Very weird. I had it installed and I tried repairing the installation and running aspnet_regiis -i on the ASP.NET 2.0 framework. After some googling I found that this was due to Microsoft .NET Framework 4.0 installed and this excellent blog explaining what was wrong and how to fix it. I did, however, have to remove the ISAPI filter for .NET Framework 4.0. Check it out here:
http://crm.vdsnickt.eu/2010/05/ms-crm-4-0-setup-error-asp-net-is-not-installed/
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
www.crmkonsulterna.se
Thursday, September 09, 2010
New webpage for CRM-Konsulterna
The work with starting the new company is coming along fine. We recently launched the new website where we tell everyone who'd like to know I bit more about the company and what we offer.
It is currently available only in Swedish, but Google Translate will probably work if you really want to read it and feel a bit weak on the Swedish.
We will try to attract the best Microsoft Dynamics CRM consultants in Sweden and hope to build a very interesting company where we can all excel and really bring value to our customers.
Please have a look! http://www.crmkonsulterna.se/
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
http://www.crmkonsulterna.se/
It is currently available only in Swedish, but Google Translate will probably work if you really want to read it and feel a bit weak on the Swedish.
We will try to attract the best Microsoft Dynamics CRM consultants in Sweden and hope to build a very interesting company where we can all excel and really bring value to our customers.
Please have a look! http://www.crmkonsulterna.se/
Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB
http://www.crmkonsulterna.se/
Subscribe to:
Posts (Atom)