What is “Enabling Mobility”?

  • Technology Involved
  • How it works
  • The 5-step Process
  • Technical Steps – Quick walk-through

Mobility” allows your staff to access CRM, NAV and SharePoint from any mobile device as long as they have internet access – this means you get access to your information and systems Anywhere, Anytime from Any Device. This includes:

 

mobilityimage

 

What is the technology involved?

CRM\NAV Mobility uses what is called “Internet Facing Deployment” (IFD).

Internet Facing Deployment – is a secure method of providing access to CRM, NAV and SharePoint via the Public Internet without requiring a VPN.

It gives you full access to CRM and NAV Web, Tablet and Browser Clients as well as SharePoint from anywhere with an internet connection.

IFD is a combination of software (IIS, SSL Certificates, ADFS, CRM\NAV\SharePoint) and Configurations (IIS Bindings, Ports\Firewall settings, DNS entries, etc.).

It uses standard Microsoft software so there is no additional software purchase required.

It does require a Wildcard SSL Certificate which costs approx. $300\yr.

 

There are 3 Possible Connection Scenarios…

Scenario 1: “Normal LAN connections (i.e. within the Office)

In a normal LAN (local office) environment, CRM\NAV authentication is based on the PC communicating directly with the Active Directory (Domain) Server.

The Devices must be on the network and communications are not encrypted. Remote access is not possible unless you use Terminal Services (an additional server and additional cost).

mobilityimage2

 

 

Scenario 2: using a VPN without IFD outside of the Office

In a Non-IFD WAN environment, devices must connect using VPN software. The devices must have special configurations and\or software on them in order to connect to the Domain (Active Directory).

Communication is then still occurring directly between the Domain and the Device.

Devices cannot connect “out of the box”.

 

Scenario 3: IFD – Access is still based upon Active Directory Authentication (Domain) but it provides a secure middle piece called “ADFS” (Active Directory Federation Services).

ADFS functions as a secure go-between between the “outside” connection and the Active Directory Server. All communications are encrypted using the “https” protocol.

No special software or configurations are required on the Devices – you connect out of the box Anywhere, Anytime from Any Device

The 5-step process

1.Purchase a “wildcard” SSL Certificate – used to enable the “Https” protocol, which is the secure version of “http”. It ensures that all communications between the browser and the websites are encrypted.

Available from GoDaddy, and other ISPs – approximately $300 per year – your IT must purchase this.

2.One-time Setup and Configuration of ADFS (Active Directory Federation Services) – Vox works with your IT group to do this.

3.One-time Configurations of IIS, Claims Based Authentication within CRM, IFD and Internal DNS entries – Vox works with your IT group to do this.

4.One-time Configuration of your Firewall to allow certain Ports (typical ones are: 444, 446, 447, 449) – your IT must perform this but Vox will provide the details.

One-time Configuration of External (Public facing) DNS entries under your company’s xxxx.com domain (typical entries are “CRM”, “adfs2016”, “auth2016”, “dev2016”, “NAV2016”, “SP2016”) – your IT must perform this but Vox will provide the details.

Technical Steps – Quick Walk-through

1.Obtain SSL Certificate (GoDaddy, etc.)

2.Install SSL Certificate and Bind to IIS Websites

3.Configure Internal and External (public-facing) DNS entries (typical entries are “CRM”, “adfs2016”, “auth2016”, “dev2016”, “NAV2016”, “SP2016”)

4.Install ADFS (available from Server Manager utility)

5.Configure ADFS

6.Configure Claims Based Authentication and IFD within CRM Deployment Manager

7.Complete ADFS Configuration

8.Open Ports on Firewall (typical ones are: 444, 446, 447, 449)

1.& 2. Obtain and Install\Bind Wildcard SSL Certificate:

a.Generate a CSR (Certificate Signing Request) from the CRM Server (Create Certificate Request)

b.Go to GoDaddy or other similar provider and request a “Wildcard SSL Certificate” (*.company.com) – you will need the CSR you generated

mobilityimage3

 

3.Configure Internal\External DNS:

Add Entries for each of the services with the Internal IP Address of the Servers running the services (when specifying the external DNS you would use the external IP addresses)…

adfs2016 à specifiy the IP of the ADFS Server

auth2016 à specifiy the IP of the CRM Server

dev2016 à specifiy the IP of the CRM Server

NAV2016 à specifiy the IP of the NAV Server

SP2016 à specifiy the IP of the SharePoint Server

“CRM_Org” à specifiy The CRM_Org name must also be added, using the IP of the CRM Server

 

mobilityimage4

 

4.Install ADFS:

a.Usually installed on the CRM Server

b.Installed via the Server Manager Utility

mobilityimage5

5.Configure ADFS:

Use the Wizard (details can be found in http://www.youtube.com/watch?v=cR7ku934x8Q)

mobilityimage6mobilityimage7

6.Configure Claims Based Authentication within CRM:

a.Use the CRM Deployment Manager to launch the Configure Claims Based Authentication Wizard

b.You will be prompted to select the SSL Certificate you installed earlier…

mobilityimage9

mobilityimage8

 

6.Configure IFD within CRM:

a.Use the CRM Deployment Manager to launch the Configure Internet Facing Deployment Wizard

mobilityimage10

 

6.Open Ports on Firewall:

Typical Ports used are 444, 446, 447, 449.

Recommend using Port 444 for ADFS rather than the default 443 as 443 is often already in use by Outlook Web access or other products.

These ports should correspond to the “IFD URLs” you intend to use for your systems:

e.g. a sample “set” of IFD URLs might be:

CRM 2016 IFD URL:

https://CRMORG.Company.com:446

 

NAV 2016 Web Client:

https://NAV2016.Company.com:447/PILOT/WebClient/

 

NAV 2016 Tablet Client:

https://NAV2016.Company.com:447/PILOT/WebClient/Tablet.aspx

NAV 2016 Phone Client:

https://NAV2016.Company.com:447/PILOT/WebClient/Phone.aspx

SharePoint IFD URL:

https://SP2016.Company.com:449/

 

Example of Non-IFD CRM URL (e.g. “internal” URL):

http://SERVER:5555/CRMORG

-Accessible only from devices that are logged onto the Network (LAN)

-NOT Accessible outside of the Network unless using VPN.

-Requires Authentication directly against the Active Directory Server

-CRM Server name appears in the URL

Example of IFD CRM URL (e.g. “external” URL):

https://CRMORG.Company.com:444

-Accessible Anywhere, Anytime from Any Device that has an internet connection and Browser

-Does not require VPN

-Authentication is against Active Directory via the secure ADFS Service and encrypted https protocol

Let’s See it for real

IFD for CRM 2016

https://crmsales2016.voxism.com:444

IFD for CRM 2016 Mobile Client

https://crmsales2016.voxism.com:444/m

IFD for NAV 2016 Web Client

https://NAV2016.voxism.com:447/PILOT/WebClient

IFD for NAV 2016 Tablet Client

https://NAV2016.voxism.com:447/PILOT/WebClient/Tablet.aspx

IFD for NAV 2016 Phone Client

https://NAV2016.voxism.com:447/PILOT/WebClient/Phone.aspx

IFD for SharePoint

https://SPsales2016.voxism.com:446