Anyone who has attempted to configure Dynamics CRM 2011 with an Internet-Facing Deployment (IFD) knows that it is no trivial task. Where there are blog posts that discuss setting up an IFD, and Microsoft documentation for configuring the IFD, they often assume that ADFS and Dynamics CRM are installed on the same server, and that there is only one Dynamics CRM front-end server. Unfortunately, real-world implementations don’t always follow that.
For example, take the following configuration:
- a Dynamics CRM front-end server on the internal network, providing services to internal clients
- a Dynamics CRM front-end server in an Internet-facing zone, providing services to external clients
- a separate ADFS server accessible to internal and external clients
Dynamics CRM with IFD requires a combination of ADFS relaying party trusts and DNS configuration to get things working. One caveat with IFDs is that the internal and external host names for the Dynamics CRM front-end servers must be different because, externally, the host name includes the CRM organization name. Where, internally, you may have https://icrm.contoso.com/crm, externally you would have https://crm.contoso.com.
Let’s flesh out our sample implementation and requirements:
- icrm.contoso.com is our internal Dynamics CRM front-end server, accessible only on the internal network
- ecrm.contoso.com is our external Dynamics CRM front-end server, accessible to our internal network and the public Internet
- adfs.contoso.com is our ADFS server, accessible to our internal network and the public Internet
- We have two Dynamics CRM organizations: CRM and CRM-Test.
- We want our internal and external (public Internet) clients to access CRM using the same URLs: crm.contoso.com and crm-test.contoso.com. In other words, we don’t want the two-URL problem outlined above.
The last bit has nothing to do with Dynamics CRM: it is all done in IIS. Let me explain how. Continue reading