Microsoft Dynamics CRM 2013 Planning Guide

Total Page:16

File Type:pdf, Size:1020Kb

Microsoft Dynamics CRM 2013 Planning Guide

Microsoft Dynamics CRM 2013 Planning Guide

Version 6.0 This document is provided "as-is". Information and views expressed in this document, including URL and other Internet Web site references, may change without notice.

Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or should be inferred.

This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.

© 2013 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, ActiveX, Azure, BizTalk, JScript, Microsoft Dynamics, Outlook, SharePoint, SQL Server, Visual Basic, Visual Studio, Windows, Windows Server, and Windows Vista are trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners. Contents a. Planning Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online

IT Pros and CRM administrators can use the resources and topics in this guide to help them plan an on-premises deployment of Microsoft Dynamics CRM 2013 and to help in planning to use Microsoft Dynamics CRM Online.

In This Section Planning Your Deployment of Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online

Microsoft Dynamics CRM editions and licensing

What's new in Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online

Microsoft Dynamics CRM 2013 system requirements and required technologies

Planning Deployment of Microsoft Dynamics CRM 2013

Planning Deployment of Microsoft Dynamics CRM 2013 Advanced Topics

Related Sections Installing Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online

Administration Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online

Operating Guide for Microsoft Dynamics CRM 2013 (on-premises)

Customization Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online

Report Writers Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online

4 b.Send us your comments about this document

If you have a question or comment about this document, click to send an e-mail message to the Microsoft Dynamics CRM content team.

If your question is about Microsoft Dynamics CRM products, and not about the content of this book, search the Microsoft Help and Support Center or the Microsoft Knowledge Base.

c. Planning Your Deployment of Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online

For larger organizations, planning Microsoft Dynamics CRM 2013 or Microsoft Dynamics CRM Online, like any enterprise-wide software, is a significant task. This guide is written for the team of people responsible for planning Microsoft Dynamics CRM, and provides information and tools that are needed to design a successful implementation. In smaller organizations, several roles may be filled by one person. In larger organizations, each role may be divided among several people. These roles include the following:

 Business managers. Responsible for determining how your business will use Microsoft Dynamics CRM. This includes mapping your processes to Microsoft Dynamics CRM, deciding on default values, and identifying any required customizations.  Customization technical staff. Responsible for implementing the planned customizations.  Network technical staff. Responsible for determining how Microsoft Dynamics CRM will be deployed on the network and how users will access the system.  Project manager. Responsible for managing an enterprise-wide implementation project. Organizations that implement Microsoft Dynamics CRM software may use the services of an independent software vendor (ISV) or value-added reseller, a consultant, or other organization that is partnered with Microsoft and will help you with implementing and maintaining your Microsoft Dynamics CRM installation. Because of this assumption, there may be references in this guide to these "partners" who are expected to provide services to you.

Resources for planning Microsoft Dynamics CRM These resources are available to help you plan a deployment of Microsoft Dynamics CRM 2013 or Microsoft Dynamics CRM Online. 5 Microsoft Dynamics SureStep Microsoft Dynamics Sure Step is a full customer lifecycle methodology for all Microsoft Dynamics solutions, providing the Microsoft ecosystem with comprehensive sales through delivery guidance, project management discipline alignment and field-driven best practices. Microsoft Dynamics Sure Step is designed for Microsoft Dynamics Partners to successfully and reliably complete customer projects on time and on budget. More information: Microsoft Dynamics CRM Sure Step Guide

Manage your Microsoft Dynamics CRM Online subscription If you’re an administrator who needs to plan and implement Microsoft Dynamics CRM Online in your organization, the Manage your Microsoft Dynamics CRM Online subscription is designed for you. The guide also helps other users to ramp up with Microsoft Dynamics CRM Online.

See Also Planning Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online

Microsoft Dynamics CRM editions and licensing

d.Microsoft Dynamics CRM editions and licensing

Microsoft Dynamics CRM offers licensing options that cover implementations for small, to mid- level, to even very large organizations.

Editions and licensing for on-premises deployments  Microsoft Dynamics CRM Server 2013. There is no user limit for this edition. Additional features include support for multiple organizations, multiple server instances, and separate role-based service installation. Role-based services let you increase performance by installing component services on different computers. Users of the Professional edition can be granted full access to all features and customization areas.  Microsoft Dynamics CRM Workgroup Server 2013. This edition is limited to five, or fewer, users. This version is limited to a single organization and a single computer that is running Microsoft Dynamics CRM 2013. Users of the Basic edition have the same access as the Essential edition, plus they can be granted access to accounts, contacts, cases, leads, reporting, personal dashboards, and visualizations.

6 Licensing A Microsoft Dynamics CRM deployment operates by using a single product key. However, each Microsoft Dynamics CRM Server in a Microsoft Dynamics CRM 2013 deployment requires a server license. Only the Microsoft Dynamics CRM Server 2013 edition is licensed for multiple Microsoft Dynamics CRM 2013 servers or server roles in a deployment. Microsoft Dynamics CRM Workgroup Server 2013 edition is limited to running on a single server in a deployment.

You can view and upgrade a license in Deployment Manager. Deployment Manager is a Microsoft Management Console (MMC) snap-in that system administrators can use to manage organizations, servers, and licenses for deployments of Microsoft Dynamics CRM.

Client Access License Types You can view and modify client access license types for each user in the Users area of the Settings area in the Microsoft Dynamics CRM web client. For more information about Microsoft Dynamics CRM 2013 licensing, see How to buy Microsoft Dynamics.

You can view and upgrade a license in Deployment Manager. Deployment Manager is a Microsoft Management Console (MMC) snap-in that deployment administrators can use to manage organizations, servers, and licenses for deployments of Microsoft Dynamics CRM.

Microsoft Dynamics CRM Online licensing With Microsoft Dynamics CRM Online, you get powerful CRM capabilities and features delivered as a cloud service from Microsoft, providing instant-on, anywhere access, and predictable pay- as-you-go pricing. Licensing plans for Microsoft Dynamics CRM Online determine the amount of features and functionality users need and is licensed using a subscription.

 Microsoft Dynamics CRM Online Essential. Users who have the Essential subscription can be granted access to the system entities, custom entities, activities, Activity Feeds, and access by using the Microsoft Dynamics CRM SDK.  Microsoft Dynamics CRM Online Basic. Users who have the Basic subscription have the same access as the Essential USL plus can be granted access to accounts, contacts, cases, leads, reporting, personal dashboards and visualizations.  Microsoft Dynamics CRM Online Professional. Users of who have the Professional subscription can be granted full access to all features and customization areas of Microsoft Dynamics CRM. For more information, see Microsoft Dynamics CRM Online Licensing Guidelines.

See Also Planning Your Deployment of Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online

7 What's new in Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online

e.What's new in Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online

Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online include several new features that offer flexibility, scalability, and ease of use.

In This Topic What’s changed in this release?

New in both Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online

New Microsoft Dynamics CRM Online features

New Microsoft Dynamics CRM 2013 (on-premises) features

What’s changed in this release? In support of the latest technologies and in compliance with the Microsoft Support Lifecycle, obsolete platform products and technologies will no longer be supported in Microsoft Dynamics CRM 2013. More information: What’s changing in the next major release

New in both Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online Some new features included with Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online are the following:

 Improved user interface. Much of the user interface has been improved to provide better touch support, drive efficiencies, and minimize the number of window popups.  Database encryption. Organization database encryption is enabled for a set of default entity attributes that contain sensitive information, such as user names and email passwords. This feature can help organizations meet FIPS 140-2 compliance. Encryption keys can be viewed and changed in Microsoft Dynamics CRM. More information: Data Encryption

8 New Microsoft Dynamics CRM Online features This section lists the new features available with the Microsoft Dynamics CRM Online Fall ‘13 release.

Expanded licensing plans Microsoft Dynamics CRM Online brings to the online customers a new multi-tiered licensing model that has already been successfully used by the on-premises customers. More information: Microsoft Dynamics CRM editions and licensing

New Microsoft Dynamics CRM 2013 (on-premises) features This section lists new features available with Microsoft Dynamics CRM 2013 (on-premises).

Volume Shadow Service (VSS) support The Volume Shadow Service (VSS) Writer service provides support for Data Protection Manager to simplify data backup and recovery. More information: Microsoft Dynamics CRM 2013 VSS Writer

Server-side synchronization Server-side synchronization provides server-to-server synchronization of email messages, tasks, contacts, and appointments between Microsoft Dynamics CRM 2013 and Microsoft Exchange Server or POP3/SMTP email systems. To use this functionality you don’t have to install and maintain a separate application. More information: Introducing Server-Side Synchronization

Microsoft Dynamics CRM 2013 Best Practices Analyzer The Microsoft Dynamics CRM 2013 Best Practices Analyzer is a diagnostic tool that gathers information from installed Microsoft Dynamics CRM 2013 server roles and builds a report of best practices and recommended solutions based on the existing deployment. More information: Microsoft Dynamics CRM 2013 Best Practices Analyzer (BPA)

Defer the base and extension table merge as part of upgrade As part of the upgrade from Microsoft Dynamics CRM 2011 to Microsoft Dynamics CRM 2013, all organization databases will have the entitynameBase and entitynameExtensionBase tables

9 merged into a single entitynameBase table. Reducing the number of tables in the organization database can improve overall performance of transactional operations in CRM.

However, for enterprise customers with organization databases having large and complex customizations or solutions, the table merge may take several hours to complete. You can perform the merge as a separate operation to reduce application downtime caused by the upgrade. More information: Run the Base and Extension table merge as a separate operation

See Also Planning Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online

Microsoft Dynamics CRM editions and licensing

Microsoft Dynamics CRM 2013 system requirements and required technologies

What's new for administrators in Microsoft Dynamics CRM 2013 and CRM Online

What's new for customization

f. Microsoft Dynamics CRM 2013 system requirements and required technologies

Microsoft Dynamics CRM Online reduces the system requirements of traditional on-premises deployments by operating all the infrastructure and platform essentials in the cloud. At a glance, the minimum software requirements for users and administrators of Microsoft Dynamics CRM Online includes the following:

 Windows operating system when you use CRM for Outlook. Apple Mac, when running Apple Safari, supported tablet, or mobile device.  Supported web browser, such as later versions of Internet Explorer or the latest versions of Apple Safari, Google Chrome and Mozilla Firefox.  Microsoft Office Outlook (optional). Microsoft Dynamics CRM 2013 on-premises versions have a much larger requirement for both hardware and software than Microsoft Dynamics CRM Online. Microsoft Dynamics CRM 2013 on-premises versions require the software listed previously plus the following software:

 Microsoft Windows Server  A Microsoft Windows Server Active Directory infrastructure 10  An Internet Information Services (IIS) website  Microsoft SQL Server 2008 or Microsoft SQL Server 2012  Microsoft SQL Server 2008 Reporting Services or Microsoft SQL Server 2012 Reporting Services  Microsoft Exchange Server or access to a POP3-compliant email server (optional)  SharePoint Server (required for document management)  Claims-based security token service (required for Internet-facing deployments)  Windows operating system when you use CRM for Outlook. Apple Mac, when running Apple Safari, supported tablet, or mobile device.  Supported web browser, such as later versions of Internet Explorer or the latest versions of Apple Safari, Google Chrome and Mozilla Firefox.  Microsoft Office Outlook (optional). Note For detailed hardare and software requirements or specific product versions and service pack levels that are supported, see the links in “In this Section” later in this topic.

Important Typically, Microsoft Dynamics CRM applications support the latest version and service pack (SP) for all required components, such as Windows Server, Microsoft SQL Server, and Microsoft Office. However, to fully support the latest version of a required component, you should apply the latest update for Microsoft Dynamics CRM. For information about the latest update, see Microsoft Dynamics CRM 2013 updates and hotfixes.

For the compatibility status of the required or optional components that are updated, see Microsoft Dynamics CRM Compatibility List.

Microsoft Dynamics CRM 2013 matches the support policy for all dependent products and technologies, such as Microsoft Office or Microsoft Exchange Server. For example, mainstream support for Microsoft Office 2010 ends 10/13/2015; therefore mainstream support for CRM for Outlook running on Microsoft Office 2010 also ends on that date. For more information, see Select a Product for Lifecycle Information.

Before you install Microsoft Dynamics CRM 2013, review the following topics, which provide detailed information about the products and technologies that are required or optional for Microsoft Dynamics CRM 2013.

In This Section Microsoft Dynamics CRM Server 2013 hardware requirements

Microsoft SQL Server hardware requirements for Microsoft Dynamics CRM Server 2013

11 Software requirements for Microsoft Dynamics CRM Server 2013

Microsoft Dynamics CRM 2013 Reporting Extensions requirements

SharePoint Document Management software requirements for Microsoft Dynamics CRM 2013

Lync and Office Communications Server integration with Microsoft Dynamics CRM 2013

Microsoft Dynamics CRM 2013 Email Router hardware requirements

Microsoft Dynamics CRM 2013 Email Router software requirements

Microsoft Dynamics CRM 2013 for Outlook hardware requirements

Microsoft Dynamics CRM 2013 for Outlook software requirements

Web application requirements for Microsoft Dynamics CRM 2013 web application requirements

64-bit supported configurations for Microsoft Dynamics CRM 2013

Microsoft Dynamics CRM 2013 language support

See Also What's new in Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online

Planning Deployment of Microsoft Dynamics CRM 2013

g. Microsoft Dynamics CRM Server 2013 hardware requirements

The following table lists the minimum and recommended hardware requirements for Microsoft Dynamics CRM Server 2013 running in a Full Server configuration. These requirements assume that additional components such as Microsoft SQL Server, Microsoft SQL Server Reporting Services, SharePoint, or Microsoft Exchange Server aren’t installed or running on the system.

Component *Minimum *Recommended

Processor x64 architecture or compatible Quad-core x64 architecture 2 dual-core 1.5 GHz processor GHz CPU or higher such as AMD Opteron or Intel Xeon systems

Memory 2-GB RAM 8-GB RAM or more 12 Hard disk 10 GB of available hard disk 40 GB or more of available hard space disk space

Note Note Computers with more Computers with more than 16GB of RAM will than 16GB of RAM will require more disk require more disk space for paging, space for paging, hibernation, and dump hibernation, and dump files. files.

* Actual requirements and product functionality may vary based on your system configuration and operating system.

Running Microsoft Dynamics CRM on a computer that has less than the recommended requirements may result in inadequate performance.

The minimum and recommended requirements are based on 320-user load simulation tests.

See Also Microsoft Dynamics CRM 2013 system requirements and required technologies

Microsoft SQL Server hardware requirements for Microsoft Dynamics CRM Server 2013

h.Microsoft SQL Server hardware requirements for Microsoft Dynamics CRM Server 2013

Microsoft SQL Server database engine and Microsoft SQL Server Reporting Services are required to install and run on-premises versions of Microsoft Dynamics CRM 2013. The following table lists the minimum and recommended hardware requirements for Microsoft SQL Server. These requirements assume that additional components such as Microsoft Dynamics CRM 2013, Microsoft SQL Server Reporting Services, SharePoint, or Microsoft Exchange Server aren’t installed or running on the system.

13 Component *Minimum *Recommended

Processor x64 architecture or Quad-core x64 architecture 2 compatible dual-core 1.5 GHz GHz CPU or higher such as AMD processor Opteron or Intel Xeon systems

Memory 4-GB RAM 16-GB RAM or more

Hard disk SAS RAID 5 or RAID 10 hard SAS RAID 5 or RAID 10 hard disk disk array array

* Actual requirements and product functionality may vary based on your system configuration and operating system.

Maintaining Microsoft Dynamics CRM databases on a computer that has less than the recommended requirements may result in inadequate performance.

The minimum and recommended requirements are based on 320-user load simulation tests.

See Also Microsoft Dynamics CRM Server 2013 hardware requirements

Software requirements for Microsoft Dynamics CRM Server 2013

i. Software requirements for Microsoft Dynamics CRM Server 2013

This section lists the software and application requirements for Microsoft Dynamics CRM Server 2013.

In This Topic Windows Server operating system

Supported Windows Server 2012 editions

Supported Windows Server 2008 editions

Server virtualization

14 Active Directory modes

Internet Information Services (IIS)

SQL Server editions

Accessing Microsoft Dynamics CRM from the Internet - Claims-based authentication and IFD requirements

SQL Server Reporting Services

Software component prerequisites

Verify prerequisites

Windows Server operating system Microsoft Dynamics CRM Server 2013 can be installed only on Windows Server 2008 or Windows Server 2012 64-bit-based computers. The specific versions and editions of Windows Server that are supported for installing and running Microsoft Dynamics CRM Server 2013 are listed in the following sections.

Important

 The Windows Server 2003 family of operating systems aren’t supported for installing and running Microsoft Dynamics CRM Server 2013.  Microsoft Windows Small Business Server editions aren’t supported for installing and running Microsoft Dynamics CRM Server 2013.

Supported Windows Server 2012 editions The following editions of the Windows Server 2012 operating system are supported for installing and running Microsoft Dynamics CRM Server 2013:

 Windows Server 2012 Datacenter  Windows Server 2012 Standard Important Windows Server 2012 R2 is currently not supported with this release of Microsoft Dynamics CRM Server 2013.

Supported Windows Server 2008 editions The following editions of the Windows Server 2008 operating system are supported for installing and running Microsoft Dynamics CRM Server 2013:

15  Windows Server 2008 Standard SP2 (x64 versions) or Windows Server 2008 Standard R2 SP1  Windows Server 2008 Enterprise SP2 (x64 versions) or Windows Server 2008 Enterprise R2 SP1  Windows Server 2008 Datacenter SP2 (x64 versions) or Windows Server 2008 Datacenter R2 SP1  Windows Web Server 2008 SP2 (x64 versions) or Windows Web Server 2008 R2 SP1 Important

 Windows Server 2008 installed by using the Server Core installation option is not supported for installing and running Microsoft Dynamics CRM 2013 Server.  Windows Server 2008 for Itanium-based systems isn’t supported for installing and running Microsoft Dynamics CRM Server 2013.

Server virtualization Microsoft Dynamics CRM servers can be deployed in a virtualized environment by using Windows Server 2008 or Windows Server 2012 with Hyper-V or virtualization solutions from vendors who participate in the Microsoft Windows Server Virtualization Validation Program (SVVP). You must understand the limitations and best practices of server virtualization before you try to virtualize your installation of Microsoft Dynamics CRM. For information about Hyper- V, see the Microsoft Virtualization website.

Active Directory modes The computer that Microsoft Dynamics CRM Server 2013 is running on must be a member in a domain that is running in one of the following Active Directory directory service forest and domain functional levels:

 Windows Server 2003 Interim  Windows Server 2003 Native  Windows Server 2008 Interim  Windows Server 2008 Native  Windows Server 2012 For more information about Active Directory domain and forest functional levels, see the Active Directory Domains and Trusts Microsoft Management Console (MMC) snap-in Help.

Important

 The computer that Microsoft Dynamics CRM is running on shouldn’t function as an Active Directory domain controller.  When you use the Add Users Wizard, only users from trusted domains in the current forest will be displayed. Users from trusted external forests aren’t supported and don’t appear in the wizard.  Installing Microsoft Dynamics CRM 2013 Server in an LDAP directory that is running in Active Directory Application Mode (ADAM) is not supported. 16 Internet Information Services (IIS) Microsoft Dynamics CRM Server 2013 supports Internet Information Services (IIS) versions 7, 7.5, and 8.0.

We recommend that you install and run IIS in Native Mode before you install Microsoft Dynamics CRM Server 2013. However, if IIS is not installed and it is required for a Microsoft Dynamics CRM server role, Microsoft Dynamics CRM Server Setup will install it.

Important Microsoft Dynamics CRM can’t use a website that has more than one http or https binding. Although IIS supports multiple http and https bindings, there is a limitation in using additional bindings with Windows Communication Foundation (WCF). WCF is required when you use CRM for Outlook. Before you install or upgrade, you must remove the additional bindings from the Web site used for Microsoft Dynamics CRM or select a different Web site.

SQL Server editions Any one of the following Microsoft SQL Server editions is required and must be installed on Windows Server 2008 (x64 SP2 or R2) versions or Windows Server 2012 64-bit-based computers, running, and available for Microsoft Dynamics CRM:

 Microsoft SQL Server 2008, Standard Edition, x64 SP3 or R2 SP2  Microsoft SQL Server 2008, Enterprise Edition, x64 SP3 or R2 SP2  Microsoft SQL Server 2008 Datacenter x64 SP3 or R2 SP2  Microsoft SQL Server 2008 Developer x64 SP3 or R2 SP2 (for non-production environments only)  Microsoft SQL Server 2012, Enterprise, 64-bit SP1  Microsoft SQL Server 2012, Business Intelligence, 64-bit SP1  Microsoft SQL Server 2012, Standard, 64-bit SP1 Important

 32-bit versions of Microsoft SQL Server 2008 or Microsoft SQL Server 2012 database engine are not supported for this version of Microsoft Dynamics CRM.  Microsoft SQL Server 2008 Workgroup, Web, Compact, or Microsoft SQL Server 2008 Express Edition editions are not supported for use with Microsoft Dynamics CRM 2013 Server.  Microsoft SQL Server 2000 and Microsoft SQL Server 2005 editions and are not supported for this version of Microsoft Dynamics CRM.  Running 64-bit Microsoft SQL Server 2008 versions for Itanium (IA-64) systems in conjunction with Microsoft Dynamics CRM will receive commercially reasonable support. Commercially reasonable support is defined as all reasonable support efforts by Microsoft Support that do not require Microsoft Dynamics CRM code fixes. Microsoft Dynamics CRM 2013 supports a named instance of Microsoft 17 SQL Server for configuration and organization databases.

Accessing Microsoft Dynamics CRM from the Internet - Claims-based authentication and IFD requirements The following items are required or recommended for Internet-facing deployment (IFD). This topic assumes you will be using Active Directory Federation Services (AD FS) as the security token service (STS). For more information about configuring Microsoft Dynamics CRM for claims-based authentication, download the Claims-based Authentication White Paper from the Microsoft Download Center.

Important Exposing the Microsoft Dynamics CRM website to the Internet is not supported unless claims-based authentication is used and Microsoft Dynamics CRM is configured for IFD.

Similarly, Outlook Anywhere (RPC over HTTP) is not supported as a solution to connect CRM for Outlook to an on-premises deployment of Microsoft Dynamics CRM 2013 over the Internet. The on-premises deployment of Microsoft Dynamics CRM 2013 must be configured for IFD as described in the topic Configure a Microsoft Dynamics CRM Internet- facing deployment.

In order for Microsoft Dynamics CRM for tablets to successfully connect to a new deployment of Microsoft Dynamics CRM Server 2013, you must run a Repair of Microsoft Dynamics CRM Server 2013 on the server running IIS where the Web Application Server role is installed after the Internet-Facing Deployment Configuration Wizard is successfully completed. For repair instructions, see Uninstall, change, or repair Microsoft Dynamics CRM Server 2013.

 The computer where Microsoft Dynamics CRM 2013 Server is installed must have access to a security token service (STS) service, such as Active Directory Federation Services (AD FS) federation server. Microsoft Dynamics CRM 2013 Server supports Active Directory Federation Services (AD FS) 2.0, 2.1, and 2.2 versions.  Note the following conditions for the Web components before you configure IFD:  If you are installing Microsoft Dynamics CRM in a single server configuration, be aware that Active Directory Federation Services 2.0 installs on the Default Web Site. Therefore, you must create a new Web site for Microsoft Dynamics CRM.  When you run the Internet-Facing Deployment Configuration Wizard, Microsoft Dynamics CRM 2013 Server must be running on a Web site that is configured to use Secure Sockets Layer (SSL). Microsoft Dynamics CRM Server Setup will not configure the Web site for SSL.  We recommend that the Web site where the Microsoft Dynamics CRM 2013 Web application will be installed has the “Require SSL” setting enabled in IIS. 18  The Web site should have a single binding. Multiple IIS bindings, such as a Web site with an HTTPS and an HTTP binding or two HTTPS or two HTTP bindings, are not supported for running Microsoft Dynamics CRM.  Access to the Active Directory Federation Services (AD FS) federation metadata file from the computer where the Configure Claims-Based Authentication Wizard is run. Note the following:  The federation metadata endpoint must use the Web services trust model (WS- Trust) 1.3 standard. Endpoints that use a previous standard, such as the WS-Trust 2005 standard, are not supported. In Active Directory Federation Services 2.0, all WS-Trust 1.3 endpoints contain /trust/13/ in the URL path.

 Encryption certificates. The following encryption certificates are required. You can use the same

Important

encryption certificate for both purposes, such as when you use a wildcard certificate: If you use a certificate that is created by using a custom certificate request, the template that was used must be the Legacy key template. Custom certificate requests created by using the CNG key template are incompatible with Microsoft Dynamics CRM. For more information about custom certificate request templates, see Create a Custom Certificate Request.

 Claims encryption. claims-based authentication requires identities to provide an encryption certificate for authentication. This certificate should be trusted by the computer where you are installing Microsoft Dynamics CRM 2013 Server so it must be located in the local Personal store where the Configure Claims-Based Authentication Wizard is running.

 SSL (HTTPS) encryption. The certificates for SSL encryption should be valid for host names similar to org.contoso.com, auth.contoso.com, and dev.contoso.com. To satisfy this requirement you can use a single wildcard certificate (*.contoso.com), a certificate that supports Subject Alternative Names, or individual certificates for each name. Individual certificates for each host name are only valid if you use different servers for each Web server role. Multiple IIS bindings, such as a Web site with two HTTPS or two HTTP bindings, is not supported for running Microsoft Dynamics CRM. For more information about the options that are available to you, contact your certification authority service company or your certification authority administrator.

 The CRMAppPool account of each Microsoft Dynamics CRM website must have read permission to the private key of the encryption certificate specified when configuring claims-based authentication. You can use the Certificates snap-in to edit permissions for the encryption certificate found in the Personal store of the local computer account.

19 SQL Server Reporting Services Specific Microsoft SQL Server Reporting Services editions are used for reporting functionality.

Any one of the following Microsoft SQL Server editions is required and must be installed on Windows Server 2008 (x64 SP2 or R2) versions or Windows Server 2012 64-bit-based computers, running and available for Microsoft Dynamics CRM:

 Microsoft SQL Server 2008, Standard Edition, x64 SP3 or R2 SP2  Microsoft SQL Server 2008, Enterprise Edition, x64 SP3 or R2 SP2  Microsoft SQL Server 2008 Datacenter x64 SP3 or R2 SP2  Microsoft SQL Server 2008 Developer x64 SP3 or R2 SP2 (for non-production environments only)  Microsoft SQL Server 2012, Enterprise, 64-bit SP1  Microsoft SQL Server 2012, Business Intelligence, 64-bit SP1  Microsoft SQL Server 2012, Standard, 64-bit SP1 Important

 32-bit versions of Microsoft SQL Server 2008 or Microsoft SQL Server 2012 Reporting Services are not supported for this version of Microsoft Dynamics CRM.  Microsoft SQL Server 2008 Workgroup, Web, Compact, or Microsoft SQL Server 2008 Express Edition editions are not supported for use with Microsoft Dynamics CRM 2013 Server.  Running 64-bit Microsoft SQL Server 2008 versions for Itanium (IA-64) systems in conjunction with Microsoft Dynamics CRM will receive commercially reasonable support. Commercially reasonable support is defined as all reasonable support efforts by Microsoft Support that do not require Microsoft Dynamics CRM code fixes.  Microsoft SQL Server 2008 Workgroup is not supported for running the Microsoft Dynamics CRM Reporting Extensions. This is because Microsoft SQL Server 2008 Workgroup does not support custom data extensions. Therefore, features such as creating, running, or scheduling Fetch-based or SQL-based reports will not work.  Using a Microsoft SQL Server 2012 Reporting Services server running in SharePoint mode is not supported with Microsoft Dynamics CRM. For more information about Microsoft SQL Server 2012 Reporting Services SharePoint mode, see Install Reporting Services SharePoint Mode as a Single Server Farm.

Software component prerequisites The following SQL Server components must be installed and running on the computer that is running SQL Server before you install Microsoft Dynamics CRM 2013 Server:

 SQL word breakers This is only required for some Microsoft Dynamics CRM language editions. For more information about word breaker versions for languages supported by SQL Server see Word Breakers and Stemmers.

20  SQL Server Agent service  SQL Server full-text indexing The following components must be installed and running on the computer where Microsoft Dynamics CRM 2013 Server will be installed:

 Services  Indexing Service To install this service, see the Windows Server documentation.

 IIS Admin  World Wide Web Publishing  Windows Data Access Components (MDAC) 6.0 (This is the default version of MDAC with Windows Server 2008.)  Microsoft ASP.NET (Must be registered, but does not have to be running.)

Verify prerequisites Before you install Microsoft Dynamics CRM 2013 Server, you should understand the following:

 Microsoft SQL Server can be, but is not required to be, installed on the same computer as Microsoft Dynamics CRM 2013 Server.  If Microsoft Dynamics CRM 2013 Server and Microsoft SQL Server are installed on different computers, both computers must be in the same Active Directory directory service domain.  Microsoft SQL Server can be installed by using either Windows Authentication or mixed-mode authentication. (Windows Authentication is recommended for increased security and Microsoft Dynamics CRM will use only Windows Authentication).  The service account that SQL Server uses to log on to the network must be either a domain user account (recommended) or one of the built-in system accounts supported by SQL Server (Network Service, Local Service, or Local System). Installation of Microsoft Dynamics CRM will fail if the SQL Server service account is the local administrator.. Installation of Microsoft Dynamics CRM will fail if the SQL Server service account is the local administrator.  The SQL Server service must be started and can be configured to automatically start when the computer is started.  The Microsoft SQL Server Reporting Services service must be started and configured to automatically start when the computer is started.  The SQL Server Agent service must be started. This service can be configured to automatically start when the computer is started.  Although it is optional, we recommend that you accept the SQL Server default settings for Collation Designator, Sort Order, and SQL Collation. Microsoft Dynamics CRM supports both case-sensitive and case-insensitive sort orders.  Microsoft Dynamics CRM Server Setup requires at least one network protocol to be enabled to authenticate by using SQL Server. By default, TCP/IP protocol is enabled when you install SQL Server. You can view network protocols in SQL Server Configuration Manager.

21 See Also Microsoft SQL Server hardware requirements for Microsoft Dynamics CRM Server 2013

Microsoft Dynamics CRM 2013 Reporting Extensions requirements

j. Microsoft Dynamics CRM 2013 Reporting Extensions requirements

Microsoft Dynamics CRM Reporting Extensions is not required to run Microsoft Dynamics CRM 2013. However, to create, use, or schedule reports in Microsoft Dynamics CRM, you must install Microsoft Dynamics CRM Reporting Extensions. Additionally, to create an organization or import an organization, such as when you migrate from Microsoft Dynamics CRM 2011 to Microsoft Dynamics CRM 2013 by using Deployment Manager, you must install Microsoft Dynamics CRM Reporting Extensions.

In this topic Microsoft Dynamics CRM Reporting Extensions general requirements

Microsoft Dynamics CRM Reporting Authoring Extension General Requirements

Microsoft Dynamics CRM Reporting Extensions are data processing extensions that are installed on the Microsoft SQL Server Reporting Services server. The Microsoft Dynamics CRM Reporting Extensions accept the authentication information from the Microsoft Dynamics CRM Server 2013 and passes it to the Microsoft SQL Server Reporting Services server.

Microsoft Dynamics CRM Reporting Extensions Setup includes two data processing extensions: Fetch data processing extension and SQL data processing extension. These extensions are installed by default during Microsoft Dynamics CRM Reporting Extensions Setup.

 The Fetch data processing extension is required to create, run, and schedule Fetch-based reports.  The SQL data processing extension is required to run and schedule the default (out-of-box) or SQL- based custom reports in Microsoft Dynamics CRM 2013.

Microsoft Dynamics CRM Reporting Extensions general requirements The Microsoft Dynamics CRM Reporting Extensions component has the following general requirements:

22  You must complete Microsoft Dynamics CRM Server Setup before you run Microsoft Dynamics CRM Reporting Extensions Setup.  You can install and run Microsoft Dynamics CRM Reporting Extensions on only one instance of Microsoft SQL Server Reporting Services on a computer.  Separate deployments of Microsoft Dynamics CRM cannot share one Microsoft SQL Server Reporting Services server. However, a single deployment of Microsoft Dynamics CRM that has multiple organizations can use the same Microsoft SQL Server Reporting Services server.  You must run the Microsoft Dynamics CRM Reporting Extensions Setup on a computer that has Microsoft SQL Server 2008 Reporting Services, Microsoft SQL Server 2008 R2 Reporting Services or Microsoft SQL Server 2012 Reporting Services installed.  For smaller data sets and fewer users, you can use a single-server deployment or a multiple-server deployment. With larger datasets or more users, performance decreases quickly when complex reports are run. Use a multi-server deployment with one computer that is running SQL Server for Microsoft Dynamics CRM, and another server for Microsoft SQL Server Reporting Services.

Microsoft Dynamics CRM Reporting Authoring Extension General Requirements The Microsoft Dynamics CRM Report Authoring Extension has the following general requirements:

 Make sure that you install the Microsoft Dynamics CRM Report Authoring Extension on the same computer that has Business Intelligence Development Studio installed.  If your organization uses Microsoft Office 365, make sure that the computer on which the Microsoft Dynamics CRM Report Authoring Extension is installed also has the Microsoft Online Services Sign- in Assistant (MSOSIA) installed on it. Organizations in the Online Service Delivery Platform have dependency on MSOSIA. If Microsoft Online Services Sign-in Assistant is already installed, check the registry key SOFTWARE\Microsoft\MSOIdentityCRL and make sure that the TargetDir registry key in MSOIdentityCRL contains msoidcli.dll. Additional Microsoft Dynamics CRM Report Authoring Extension software requirements

If the following components are missing, they will be installed by Microsoft Dynamics CRM Report Authoring Extension Setup:

 Visual Studio 2008 Service Pack 2  Business Intelligence Development Studio

See Also Software requirements for Microsoft Dynamics CRM Server 2013

SharePoint Document Management software requirements for Microsoft Dynamics CRM 2013

23 k. SharePoint Document Management software requirements for Microsoft Dynamics CRM 2013

If you want to use Microsoft SharePoint document management functionality in Microsoft Dynamics CRM Server 2013, you have to have one of the following SharePoint editions installed and running:

 Microsoft SharePoint 2013  Microsoft SharePoint 2010 SP1 (all editions) You also have to have at least one site collection configured and available for Microsoft Dynamics CRM.

To enable the document management functionality, use the Settings area in the CRM web application.

The user who accesses SharePoint from CRM must have appropriate permissions on the SharePoint site collection where the document management components are installed. For more information about how to grant membership on a site collection, see the SharePoint Help.

Microsoft Dynamics CRM 2011 List Component for Microsoft SharePoint To use a list view to display documents in Microsoft SharePoint 2010 or Microsoft SharePoint 2013, you have to install the Microsoft Dynamics CRM List Component.

If you don’t install the list component, Microsoft SharePoint 2010 displays the data in a windowless inline floating frame (IFrame). Microsoft SharePoint 2013 displays an error message in Internet Explorer. In Google Chrome, Mozilla Firefox, or Apple Safari web browsers, no data or error message are displayed.

Important There are two versions of the Microsoft Dynamics CRM List Component:

 Microsoft Dynamics CRM 2011 List Component for Microsoft SharePoint Server 2013. This version doesn’t work with SharePoint 2010.  Microsoft Dynamics CRM 2011 List Component for Microsoft SharePoint Server 2010. This version doesn’t work with SharePoint 2013.

24 You can’t use Internet Explorer 7 with Microsoft Dynamics CRM (on-premises) document management deployments that use SharePoint 2013. For more information, see Plan browser support in SharePoint 2013.

See Also Microsoft Dynamics CRM 2013 Reporting Extensions requirements

Lync and Office Communications Server integration with Microsoft Dynamics CRM 2013

l. Lync and Office Communications Server integration with Microsoft Dynamics CRM 2013

If your organization uses Microsoft Lync or Microsoft Office Communications Server 2007, you may be able to take advantage of some of the features they offer, like sending instant messages or checking user availability, from within Microsoft Dynamics CRM or CRM for Outlook. Your organization must have one of the following products or subscriptions:

 Lync Online  Microsoft Lync Server 2013  Microsoft Lync Server 2010  Microsoft Office Communications Server 2007 and Microsoft Office Communications Server 2007 R2

See Also SharePoint Document Management software requirements for Microsoft Dynamics CRM 2013

Microsoft Dynamics CRM 2013 Email Router hardware requirements

m. Microsoft Dynamics CRM 2013 Email Router hardware requirements

This section applies to Microsoft Dynamics CRM Online and on-premises versions of Microsoft Dynamics CRM 2013. The following table lists the minimum and recommended hardware requirements for Microsoft Dynamics CRM 2013 Email Router.

25 Component *Minimum *Recommended

Processor (32-bit) 750-MHz CPU or comparable Multi-core 1.8-GHz CPU or higher

Processor (64-bit) x64 architecture or Multi-core x64 architecture compatible 1.5 GHz 2GHz CPU or higher such as processor AMD Opteron or Intel Xeon systems

Memory 1-GB RAM 2-GB RAM or more

Hard disk 100 MB of available hard disk 100 MB of available hard disk space space

*Actual requirements and product functionality may vary based on your system configuration and operating system.

Running Microsoft Dynamics CRM Email Router on a computer that has less than the recommended requirements may result in inadequate performance.

See Also Lync and Office Communications Server integration with Microsoft Dynamics CRM 2013

Microsoft Dynamics CRM 2013 Email Router software requirements

n.Microsoft Dynamics CRM 2013 Email Router software requirements

Applies to: Microsoft Dynamics CRM 2013 Email Router and Microsoft Dynamics CRM Online

This section applies to Microsoft Dynamics CRM Online and on-premises versions of Microsoft Dynamics CRM 2013. It lists the software and application software requirements for Microsoft Dynamics CRM 2013 Email Router.

Microsoft Dynamics CRM Email Router Setup consists of two main components: the Email Router and the Rule Deployment Wizard. The Email Router component installs the Email Router service and Email Router Configuration Manager. You use the Email Router Configuration

26 Manager to configure the Email Router. The Rule Deployment Wizard component deploys the rules that enables received email messages to be tracked.

Important Unless specified otherwise, within the Microsoft Dynamics CRM 2013 Support Lifecycle policy, Microsoft Dynamics CRM applications support the latest version and service pack (SP) for all required components, such as Windows Server, SQL Server, Microsoft Office, Internet Explorer, and Exchange Server. However, to fully support the latest version of a required component you should apply the latest update for Microsoft Dynamics CRM.

You can install the Email Router and Rule Deployment Wizard on any computer that is running one of the following operating systems, and that has network access to both Microsoft Dynamics CRM and the email server:

 Windows 7 32-bit and 64-bit editions  Windows Server 2008 (x64 versions) or Windows Server 2008 R2  Windows Server 2012 (see requirements below) Important

 After Microsoft Dynamics CRM Server Setup is finished, apply the latest update rollup, if any.  Running Microsoft Dynamics CRM Email Router and Email Router Configuration Manager (32-bit) is not supported on a Windows Server 64-bit operating system, in Windows-On-Windows (WOW) mode. Install and run the 64-bit version of the Microsoft Dynamics CRM Email Router. Rule Deployment Wizard Requires MAPI The Rule Deployment Wizard requires the Microsoft Exchange Server Messaging API (MAPI) client runtime libraries. To install the MAPI client runtime libraries, see Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1.

Important Installing and running the Rule Deployment Wizard on a computer that has Microsoft Office Outlook installed is not supported. Both applications use a different version of MAPI that are incompatible.

Note MAPI versions 6.5.8147 (or later) are supported by Microsoft Exchange Server 2010.

If you already have a version of the MAPI download installed, you must uninstall it before installing the new version.

27 If you are installing the Rule Deployment Wizard on a system that uses Microsoft Exchange Server 2010 as its email server, you must also have installed Update Rollup 2 (or later) of Microsoft Exchange Server 2010. For more information, see Update Rollup 2 for Exchange Server 2010 (KB979611).

In This Topic Exchange Server

Messaging and transport protocols

Exchange Online

Additional Email Router software requirements

Exchange Server Microsoft Exchange Server is only required if you want to use the Email Router to connect to an Exchange Server email messaging system. To do this, you can install the Email Router on any of the supported Windows or Windows Server operating systems that have a connection to the Exchange Server. The Email Router supports the following versions of Exchange Server:

 Exchange Server 2007 Standard Edition  Exchange Server 2007 Enterprise Edition  Exchange Server 2010 Standard Edition  Exchange Server 2010 Enterprise Edition  Microsoft Exchange Online Important Exchange 2000 Server editions aren’t supported when using these versions of Microsoft Dynamics CRM Email Router and Rule Deployment Wizard.

If missing, Microsoft Dynamics CRM Email Router Setup installs the Microsoft .NET Framework 4 on the computer where you install the Email Router.

The Rule Deployment Wizard component must be installed on a computer that is running any of the supported Windows or Windows Server operating systems and that has the MAPI client runtime libraries installed.

Download the MAPI client runtime libraries from the Microsoft Download Center.

28 Messaging and transport protocols Microsoft Dynamics CRM Email Router supports a variety of email messaging and transport options.

POP3 POP3-compliant email systems are supported for incoming email message routing.

Important When you use the Forward Mailbox option on the User form, the POP3 email server must provide support where an email message can be sent as an attachment to another email message.

If you configure the Microsoft Dynamics CRM Email Router to connect to a POP3-compliant email server, the server must support RFC 1939.

Transport protocols Both SMTP and Exchange Online with Exchange Web Services (EWS) are messaging transport protocols that are supported for outgoing email message routing.

If you configure the Microsoft Dynamics CRM Email Router to use an SMTP-compliant transport service, the server must support RFC 2821 and RFC 2822.

Exchange Online Microsoft Exchange Online is a hosted enterprise messaging service from Microsoft. It provides the robust capabilities of Microsoft Exchange Server as a cloud-based service. To learn more, see Exchange Online.

Additional Email Router software requirements If the following components are missing, they will be installed by Microsoft Dynamics CRM Email Router Setup:

 Microsoft .NET Framework 4  Microsoft Visual C++ Redistributable  Microsoft Application Error Reporting  Windows Identity Framework (WIF)  Windows Live ID Sign-in Assistant 6.5  Microsoft Online Services Sign-in Assistant (Required for Microsoft Dynamics CRM Online when you subscribe through Microsoft Office 365.)

29 See Also Microsoft Dynamics CRM 2013 Email Router hardware requirements

Microsoft Dynamics CRM 2013 for Outlook hardware requirements

o.Microsoft Dynamics CRM 2013 for Outlook hardware requirements

The following table lists the minimum recommended hardware requirements when you run Microsoft Dynamics CRM 2013 for Microsoft Office Outlook in either online only or go offline enabled modes.

Component Online only mode Go Offline enabled mode

Processor 2.9 gigahertz (GHz) or faster 3.3 gigahertz (GHz) or faster x86- or x64-bit dual core x86- or x64-bit dual core processor with SSE2 processor with SSE2 instruction set instruction set

Memory 2-GB RAM or more 4-GB RAM or more

Hard disk 1.5 GB of available hard disk 2 GB of available hard disk space space

7200 RPM or more

Display Super VGA with a resolution Super VGA with a resolution of 1024 x 768 higher than 1024 x 768

Note Actual requirements and product functionality may vary based on your system configuration and operating system.

Running Microsoft Dynamics CRM on a computer that has less than the minimum recommended requirements may result in inadequate performance. For the best performance, we recommend running 64-bit versions of Microsoft Windows, Microsoft Office, and CRM for Outlook.

30 Network requirements

Microsoft Dynamics CRM is designed to work best over networks that have the following elements:

 Bandwidth greater than 50 kbps  Latency under 150 ms These values are recommendations and don’t guarantee satisfactory performance.

Note Successful network installation of CRM for Outlook requires a reliable and high- throughput network. Otherwise, installation might fail. The recommended minimum available bandwidth of the network connection is 300 Kbps.

See Also Microsoft Dynamics CRM 2013 Email Router software requirements

Microsoft Dynamics CRM 2013 for Outlook software requirements

Microsoft Dynamics CRM 2013 system requirements and required technologies

p.Microsoft Dynamics CRM 2013 for Outlook software requirements

CRM for Outlook works the way that you do by providing a seamless combination of Microsoft Dynamics CRM features in the familiar Microsoft Outlook environment. This section lists software and software requirements for CRM for Outlook and Microsoft Dynamics CRM for Microsoft Office Outlook with Offline Access.

Any one of the following operating systems is required:

 Windows 8 (64-bit and 32-bit versions)  Windows 7 (64-bit and 32-bit versions)  Windows Vista SP2 (6-bit and 32-bit versions)  Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008 when running as a Remote Desktop Services application. Important Windows XP editions are not supported for installing and running CRM 2013 for Outlook. 31 Windows Server 2003 editions are not supported for installing and running CRM 2013 for Outlook as a Remote Desktop Services application.

In this topic Microsoft Dynamics CRM for Outlook software feature prerequisites

Additional Microsoft Dynamics CRM for Outlook software requirements

Running Microsoft Dynamics CRM for Outlook on computers that have multiple versions of Outlook installed

Microsoft Dynamics CRM for Outlook software feature prerequisites The following software must be installed and running on the computer before you run Microsoft Dynamics CRM for Outlook Setup:

Web Browser. One of the following:

 Supported versions of Internet Explorer  Supported non-Internet Explorer web browsers Important Internet Explorer 7 or earlier versions are not supported for use with Microsoft Dynamics CRM 2013 for Microsoft Office Outlook.

Microsoft Office. One of the following:

 Microsoft Office 2013  Microsoft Office 2010  Microsoft Office 2007 Important Outlook 2003 versions are not supported for installing and running CRM 2013 for Outlook.

To install and run the 64-bit version of CRM for Outlook, a 64-bit version of Microsoft Office is required.

Before you run the Configuration Wizard to configure CRM for Outlook, a Microsoft Office Outlook profile must exist for the user. Therefore, Microsoft Outlook must be run at least once to create the user's Microsoft Outlook profile.

32 Both the web application and CRM for Outlook require JavaScript enabled for certain features, such as Activity Feeds, dashboard areas, and the display of certain panes or menus. Although the web application displays error messages when JavaScript is disabled, CRM for Outlook doesn’t. To verify if JavaScript is enabled in Internet Explorer 9, start Internet Explorer, on the Tools menu click or tap Internet options. On the Security tab, click or tap Internet, and then click or tap Custom level. In the Security Settings dialog box under Scripting, Active scripting must be set to Enable.

The Indexing Service (now known as the Windows Search Service, or WSS) is required by users who will set up and use CRM for Outlook and its Help file in offline mode.

Microsoft Dynamics CRM. One of the following editions of Microsoft Dynamics CRM must be available so that CRM for Outlook can connect to it:

 On-premises editions of Microsoft Dynamics CRM Server 2013  Microsoft Dynamics CRM Online

Additional Microsoft Dynamics CRM for Outlook software requirements If needed, the following software will be installed by Microsoft Dynamics CRM for Outlook Setup:

Note

 Microsoft SQL Server 2008 Express Edition SP1 or *Microsoft SQL Server 2012 Express Edition Installed for Microsoft Dynamics CRM for Outlook with Offline Access only.

*Although, Microsoft SQL Server 2012 Express Edition is supported, Microsoft SQL Server 2008 Express Edition SP1 will be installed during Setup.

 Microsoft .NET Framework 4.  Microsoft Windows Installer 4.5.  MSXML 4.0.  Microsoft Visual C++ Redistributable.  Microsoft Report Viewer 2010.  Microsoft Application Error Reporting.  Windows Identity Framework (WIF).  Windows Azure AppFabric SDK V1.0.  Windows Live ID Sign-in Assistant 6.5.  Microsoft Online Services Sign-in Assistant 2.1.  Microsoft SQL Server Native Client.  Microsoft SQL Server Compact 4.0. 33  Reporting Services Microsoft ActiveX control. If not installed on the computer, the user will be prompted to install the software at first attempt to print a report. This installer package is named RSClientPrint.cab and can found on the Microsoft SQL Server Reporting Services server at :\Program files\Microsoft SQL Server\\Reporting Services\ReportServer\bin.

Running Microsoft Dynamics CRM for Outlook on computers that have multiple versions of Outlook installed If you run more than one version of Microsoft Office Outlook on your computer, CRM for Outlook will only run in the latest version of Outlook. This behavior is true even if you were previously running Outlook in the earlier version of Microsoft Office. For example, if you run Outlook in Microsoft Outlook 2010 and then install Microsoft Outlook 2013 keeping Microsoft Outlook 2010, CRM for Outlook will only run in Microsoft Outlook 2013. If you uninstall Microsoft Outlook 2013, CRM for Outlook will switch to running in Microsoft Outlook 2010 again.

See Also Microsoft Dynamics CRM 2013 for Outlook hardware requirements

Web application requirements for Microsoft Dynamics CRM 2013 web application requirements

q.Web application requirements for Microsoft Dynamics CRM 2013 web application requirements

This section lists the hardware and software requirements for the Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online web and mobile device client applications.

In This Topic Microsoft Dynamics CRM web application hardware requirements

Supported versions of Internet Explorer

Supported non-Internet Explorer web browsers

Supported versions of Microsoft Office

Printing reports 34 Microsoft Dynamics CRM web application hardware requirements The following table lists the minimum and recommended hardware requirements for the Microsoft Dynamics CRM web application.

Component Minimum Recommended

Processor 2.9 gigahertz (GHz) or faster 3.3 gigahertz (GHz) or faster x86- or x64-bit dual core 64-bit dual core processor with processor with SSE2 SSE2 instruction set and 3 MB instruction set or more L3 cache

Memory 2-GB RAM 4-GB RAM or more

Display Super VGA with a resolution Super VGA with a resolution of of 1024 x 768 1024 x 768

Running Microsoft Dynamics CRM on a computer that has less than the recommended requirements may result in inadequate performance.

Network requirements

Microsoft Dynamics CRM is designed to work best over networks that have the following elements:

 Bandwidth greater than 400 kbps  Latency under 150 ms Notice that these values are recommendations and don’t guarantee satisfactory performance.

Supported versions of Internet Explorer The following two sections list the supported operating systems and versions for the Microsoft Dynamics CRM web application when you run Internet Explorer.

Supported operating systems when you use Internet Explorer The following operating systems are supported for the Microsoft Dynamics CRM web application:

35  Windows 8 and Windows RT supported when you use Internet Explorer 10  Windows 7 (all versions)  Windows Vista (all versions) Important Windows 8.1 has not been tested and isn’t fully supported with this release of Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online.

Supported versions of Internet Explorer The Microsoft Dynamics CRM web application can run in any of the following Internet Explorer versions:

 *Internet Explorer 10  Internet Explorer 9  Internet Explorer 8 *Internet Explorer 10 that has the new Windows UI optimized for touch devices is only supported for use with the areas of Microsoft Dynamics CRM that have the modern user interface. For more information about Internet Explorer 10 browser experience modes, see Internet Explorer 10 on Windows 8.

Important Internet Explorer 7 isn’t supported with Microsoft Dynamics CRM 2013 on-premises versions or Microsoft Dynamics CRM Online.

Using plug-ins or other third-party extensions in your browser can increase load times on pages with lists of data.

Supported non-Internet Explorer web browsers The Microsoft Dynamics CRM web application can run in any of the following web browsers running on the specified operating systems.

 Mozilla Firefox (latest publicly released version) running on Windows 8, Windows 7, or Windows Vista  Google Chrome (latest publicly released version) running on Windows 8, Windows 7, Windows Vista, or Nexus 10 tablet  Apple Safari (latest publicly released version) running on 10.8 (Mountain Lion) To find the latest release for these web browsers, visit the software manufacturer’s website.

Important

36 Using plug-ins or other third-party extensions in your browser can increase load times on pages with lists of data.

Supported versions of Microsoft Office To use Microsoft Dynamics CRM with Microsoft Office integration features, such as Export to Excel and Mail Merge, you must have one of the following Microsoft Office versions on the computer that is running the Microsoft Dynamics CRM web application:

 Microsoft Office 2013  Microsoft Office 2010  Microsoft Office 2007 Important Microsoft Office 2003 versions aren’t supported for use with Microsoft Dynamics CRM 2013.

Printing reports The Reporting Services Microsoft ActiveX control is required to print reports. If a user tries to print a report, but the control isn’t installed, the user will be prompted to install it. The installer package is named RSClientPrint.cab and can found on the Microsoft SQL Server Reporting Services server at :\Program files\Microsoft SQL Server\\Reporting Services\ReportServer\bin.

See Also Microsoft Dynamics CRM 2011 for Outlook software requirements

64-bit supported configurations

Microsoft Dynamics CRM 2011 System Requirements and Required Components

r. Tablet support for Microsoft Dynamics CRM 2013 and CRM Online

You can access Microsoft Dynamics CRM data from tablet devices in different ways. Apps for Windows 8 and Apple iPad tablets are available to run Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online. Alternatively, CRM can be accessed using the device’s

37 preferred browser for those devices described here. Tablets not specifically mentioned here can typically use Microsoft Dynamics CRM for phones.

Note For on-premises deployments of Microsoft Dynamics CRM 2013, the apps for Windows 8 and Apple iPad require an Internet-facing deployment that uses claims-based authentication.

The Microsoft Dynamics CRM for Windows 8 app is compatible with devices that run Windows 8, such as Microsoft Surface. The Microsoft Dynamics CRM for iPad app is compatible with iPad 3. These apps aren’t compatible with other mobile devices such as smartphones (Windows Phone , iPhone, or Android-based), or other tablet devices, such as Android-based tablets. More information: Set up CRM for tablets.

In This Topic Windows 8

Apple iPad

Google Nexus

Windows 8 You can run Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online on Windows 8 using either the Microsoft Dynamics CRM for Windows 8 app, or by using a supported web browser. For more information about web browser support, see Web application requirements for Microsoft Dynamics CRM 2013 web application requirements.

CRM for Windows 8 is designed for PCs and tablets that run Windows 8 using the immersive modern application. However, it isn’t a Windows desktop application and won’t run in Windows 8 desktop mode.

Download Microsoft Dynamics CRM for Windows 8 from the Windows 8 Marketplace.

Microsoft Dynamics CRM for Windows 8 minimum requirements

Operating System *Windows 8 *Windows RT Processor Windows 8 tablets and PCs: 1.8 gigahertz 38 (GHz) or faster with support for PAE, NX, and SSE2 Windows RT tablets: ARM-based Dual Core 1.3 GHz or higher RAM Windows 8 tablets and PCs: 4 GB or more Windows RT tablets: 2 GB or more Storage 32 GB (64 GB recommended) Resolution 1366 x 768 resolution with capacitive touch screen

*Not supported in desktop mode.

Important Windows 8.1 hasn’t been tested and isn’t fully supported with this release of Microsoft Dynamics CRM.

Apple iPad You can run Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online on an iPad using either the Microsoft Dynamics CRM for iPad app that is designed for iOS iPad tablets, or in the latest version of the Apple Safari on iPad web browser.

Download Microsoft Dynamics CRM for iPad from the Apple Store.

Microsoft Dynamics CRM for iPad minimum requirements

Device iPad 3 with Retina display Operating System iOS 6

Earlier iOS versions and other iPad models, such as the iPad mini, aren’t supported. For those devices, use Microsoft Dynamics CRM for Phones.

Google Nexus You can run Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online in the latest Google Chrome web browser on a Google Nexus 10 tablet running Android 4.2.2.

39 Important Android versions later than 4.2.2 on tablet devices other than Nexus 10 will attempt to run the full CRM web application. However, this configuration is currently not supported. For those devices, see Microsoft Dynamics CRM for Phones in this topic.

See Also Web application requirements for Microsoft Dynamics CRM 2013 web application requirements

Mobile phone support for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online

Microsoft Dynamics CRM 2013 system requirements and required technologies

s. Mobile phone support for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online

Access data from Microsoft Dynamics CRM 2013 or Microsoft Dynamics CRM Online with your mobile phone using one of the following methods.

 Microsoft Dynamics CRM phone apps. Download the app for your phone.  Microsoft Dynamics CRM for phones. Use your phone’s preferred web browser.

In This Topic CRM phone apps

CRM for phones

CRM phone apps Several apps are available for popular mobile phones. The following smartphone operating systems are supported with Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online. More information: Set up CRM for phones.

CRM for iPhones iOS version Example device

40 iOS 6 iPhone 5

For a list of the supported languages available for this app, see CRM phone app language support.

CRM for Android

Android version Example device

4.1 and 4.2 (Jelly Bean) Galaxy S3

4.0 (Ice Cream Sandwich) Galaxy S3

For a list of the supported languages available for this app, see CRM phone app language support.

CRM for Windows Phone 8

Windows Phone version Example device

Windows Phone 8.0 HTC Windows Phone 8X, Nokia Lumia, Samsung ATIV

BlackBerry BlackBerry devices don’t have an app specific for the device but are supported for running Microsoft Dynamics CRM by using the BlackBerrymobile browser. The following tables lists the devices supported to run Microsoft Dynamics CRM in the BlackBerry mobile browser.

BlackBerry version Example device

10 BlackBerry Z10

7 BlackBerry Torch 9860, BlackBerry Curve 9370

6 BlackBerry Bold 9780, BlackBerry Bold 9900

41 Many other smartphone operating system versions not mentioned here can use CRM for phones mode.

CRM for phones In most cases, devices not listed earlier in this topic can use Microsoft Dynamics CRM for phones mode, which runs in your smartphone’s web browser.

CRM for phones comes installed with Microsoft Dynamics CRM Server 2013 and is available with Microsoft Dynamics CRM Online. CRM for phones offers great device flexibility because it runs on any web browser that supports common standards, which are HTML 4.0 and JavaScript.

More information: Use CRM for phones

See Also Tablet support for Microsoft Dynamics CRM 2013 and CRM Online

64-bit supported configurations for Microsoft Dynamics CRM 2013

t. 64-bit supported configurations for Microsoft Dynamics CRM 2013

Installing and running Microsoft Dynamics CRM 2013 and connecting to database, reporting services, and email components running on other 32-bit computers is generally supported. For example:

 Microsoft Exchange Server 2007, Microsoft Exchange Server 2010, or Exchange Server 2013 editions, which are available only for 64-bit systems, are supported, and can run 64-bit, or 32-bit, editions of the Microsoft Dynamics CRM Email Router.  CRM for Outlook includes a 64-bit version that can be installed on any of the supported 64-bit Windows operating systems.  The 32-bit version of CRM for Outlook can be installed and run on a 64-bit Windows operating system but the version of Microsoft Outlook must be 32-bit. Important 32-bit versions of Microsoft SQL Server database engine or Microsoft SQL Server reporting services aren’t supported with Microsoft Dynamics CRM 2013. You can’t use a computer that is running a Microsoft SQL Server 32-bit edition as the database server or reporting services server for Microsoft Dynamics CRM Server 2013. For more

42 information about the supported versions of Microsoft SQL Server, see SQL Server editions and SQL Server Reporting Services.

See Also Web application requirements for Microsoft Dynamics CRM 2013 web application requirements

Microsoft Dynamics CRM 2013 language support

u.Microsoft Dynamics CRM 2013 language support

This section describes the supported configurations for different language versions of a Microsoft Dynamics CRM 2013 system. This section doesn’t include information about Microsoft Dynamics CRM Language Pack support, but instead explains the supported configurations for the base-language versions. For more information about Microsoft Dynamics CRM Language Pack, see Install and deploy a Language Pack.

In This Topic Microsoft Dynamics CRM Server language requirements

Microsoft Dynamics CRM Server language examples

CRM phone app language support

Microsoft Dynamics CRM Server language requirements The following requirements must be met when you run Microsoft Dynamics CRM with applications such as SQL Server. Note that all available CRM languages are supported.

Microsoft Dynamics CRM product Requirement

Microsoft Dynamics CRM Server 2013 The base language of Windows Server, SQL Server, Microsoft .NET Framework, MDAC, and MSXML must be either the same language as Microsoft Dynamics CRM Server 2013 or English. If an application isn’t available in a certain language, the English version can be

43 used.

Microsoft Dynamics CRM for Microsoft Office The base language of Windows Server, Outlook Microsoft SQL Server 2008 Express Edition, Internet Explorer, Microsoft Office, Microsoft .NET Framework, MDAC, and MSXML don’t have to be the same language as CRM for Outlook.

Each client stack in a single deployment can be in a different language.

Microsoft Dynamics CRM Server 2013 and The base language version of Microsoft Microsoft Dynamics CRM for Outlook Dynamics CRM Server 2013 must match that of CRM for Outlook.

For example, there can’t be some users who run the German version of CRM for Outlook while other users run the English version. For this scenario, we recommend provisioning the appropriate Microsoft Dynamics CRM Language Pack.

For example, you could have the following configuration having German as their base language:

 Microsoft Dynamics CRM Server 2013  Windows Server 2008  Microsoft SQL Server 2008  Microsoft Exchange Server 2010  MSXML  .NET Framework As another example, you could have Microsoft Dynamics CRM Server 2013 with Swedish as its base language and it could be configured with the following applications that have English as their base language:

 Windows Server 2008  Microsoft SQL Server 2008  Microsoft Exchange Server 2010  MSXML  .NET Framework

44 Microsoft Dynamics CRM Server language examples The following table describes an example of a supported language configuration for Microsoft Dynamics CRM Server 2013 where all language editions match.

Program Language

Windows Server 2008 German

Microsoft SQL Server 2008 German

Microsoft Exchange Server 2010 German

MSXML German

.NET Framework German

Microsoft Dynamics CRM Server 2013 German

The following table describes an example of a supported language configuration for Microsoft Dynamics CRM Server 2013 where not all language editions match.

Program Language

Windows Server 2008 English

Microsoft SQL Server 2008 English

Microsoft Exchange Server 2010 English

MSXML English

.NET Framework English

Microsoft Dynamics CRM Server 2013 Swedish

CRM phone app language support The CRM phone apps are available in the following languages.

CRM for Windows 8 Phones

 English  French 45  Italian  German  Spanish  Portuguese (Portugal)  Portuguese(Brazil)  Chinese (Simplified)  Chinese (Traditional)  Czech  Danish  Dutch  Finnish  Greek  Hungarian  Japanese  Korean  Norwegian  Polish  Russian  Swedish CRM for iPhone

 English  French  Italian  German  Spanish  Portuguese (Portugal)  Chinese Simplified  Chinese Traditional  Japanese CRM for Android

 English  French  German  Italian  Spanish  Portuguese (Portugal)  Chinese Simplified  Chinese Traditional  Japanese Note BlackBerry devices don’t have a CRM app and are only supported for running Microsoft Dynamics CRM by using the BlackBerry mobile browser.

46 See Also 64-bit supported configurations for Microsoft Dynamics CRM 2013

Planning Deployment of Microsoft Dynamics CRM 2013

Mobile phone support for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online

v. Planning Deployment of Microsoft Dynamics CRM 2013

The deployment architecture you will use depends on your business needs. This section provides guidelines for planning a Microsoft Dynamics CRM deployment on four representative computer system architectures: a single-computer server deployment based on Windows Small Business Server, a two-server deployment, a five-server deployment, and a multiple-server deployment involving a minimum of six servers. These deployments are discussed in detail in Microsoft Dynamics CRM 2013 supported configurations in this guide.

Use this section as a reference if you have no existing Windows Server infrastructure, and you are planning a new Microsoft Dynamics CRM deployment.

If most or all the Windows Server infrastructure already exists, we recommend that you read this section to make sure that your current infrastructure meets the prerequisites for a successful Microsoft Dynamics CRM deployment.

In This Section Prerequisites and considerations for planning your deployment of Microsoft Dynamics CRM 2013

Operating system and platform technology security considerations for Microsoft Dynamics CRM 2013

Security considerations for Microsoft Dynamics CRM 2013

Microsoft Dynamics CRM 2013 supported configurations

Upgrading from Microsoft Dynamics CRM 2011

Related Sections Microsoft Dynamics CRM 2013 system requirements and required technologies

47 Planning Deployment of Microsoft Dynamics CRM 2013 Advanced Topics

w. Prerequisites and considerations for planning your deployment of Microsoft Dynamics CRM 2013

This section contains lists of what you must have before you install Microsoft Dynamics CRM, such as needed hardware and software. Use this section for preparing your network and to make sure that all requirements are satisfied before you run Microsoft Dynamics CRM Server Setup.

In this section, the following topics are discussed:

 Hardware and software requirements. A brief overview of the computer hardware and software requirements, and where you can find more information about the requirements.  Active Directory considerations. Supported Active Directory forest and domain modes.  SQL Server and SQL Server Reporting Services installation and configuration. A summary of how Microsoft SQL Server and Microsoft SQL Server Reporting Services must be deployed and configured to install Microsoft Dynamics CRM.  Planning Exchange Server or POP3. A summary of how Exchange Server or a POP3-compliant e- mail server must be deployed to install and use the Email Router to send and receive Microsoft Dynamics CRM e-mail messages.  Security considerations. Information about how you can make the Microsoft Dynamics CRM system more secure.  Supported configurations. Information about the supported network, domain, and server configurations for Microsoft Dynamics CRM.  Upgrading from a previous version of Microsoft Dynamics CRM. How Microsoft Dynamics CRM upgrades your current system and what happens to items such as existing reports and customizations.

See Also Hardware requirements

Software requirements

Active Directory and network requirements for Microsoft Dynamics CRM 2013

SQL Server installation and configuration

Planning email integration

Security considerations for Microsoft Dynamics CRM 2013 48 Microsoft Dynamics CRM 2013 supported configurations

x. Hardware requirements

Depending on how you plan to deploy the system, as a single-server solution, a multiple-server solution, or a clustered solution, the computer hardware that Microsoft Dynamics CRM and components will run on is important for acceptable application performance.

There are many factors that you must consider that can affect the hardware requirements. They include the following:

 Number of users the Microsoft Dynamics CRM implementation will support and the way the application will be used, such as for intensive reporting.  Number of servers and how they are configured.  Microsoft SQL Server performance and availability.  Integration of Microsoft Dynamics CRM with the Microsoft Exchange Server or POP3 e-mail servers.  Integration with SharePoint Server.  Performance of your servers and the local area network (LAN).  Whether users will be connecting from untrusted domains and forests or from the Internet. For a list of the suggested hardware requirements, see these topics.

Microsoft Dynamics CRM Server 2013 hardware requirements

Microsoft SQL Server hardware requirements for Microsoft Dynamics CRM Server 2013

Microsoft Dynamics CRM 2013 Email Router hardware requirements

Microsoft Dynamics CRM 2013 for Outlook hardware requirements

See Also Prerequisites and considerations for planning your deployment of Microsoft Dynamics CRM 2013

Software requirements

y. Software requirements

Before you install an on-premises deployment of Microsoft Dynamics CRM 2013, there are several operating system, application, and software features that must be installed, configured, and running either on the computer where Microsoft Dynamics CRM Server is running or on another computer on your network. Some of these operating system and software components 49 include Windows Server, Microsoft SQL Server, Microsoft SQL Server Reporting Services, and .NET Framework.

For a complete list of the software requirements, see Microsoft Dynamics CRM 2013 system requirements and required technologies in this guide.

See Also Hardware requirements

Active Directory and network requirements for Microsoft Dynamics CRM 2013

z. Active Directory and network requirements for Microsoft Dynamics CRM 2013

Active Directory Domain Services (AD DS) is a feature of the Windows Server operating systems. AD DS provides a directory and security structure for network applications such as Microsoft Dynamics CRM.

As with most applications that rely on a directory service, Microsoft Dynamics CRM has dependencies that are important for operation, such as use of AD DS to store user and group information and to create application security.

Microsoft Dynamics CRM should only be installed on a Windows Server that is a domain member or, if you are installing on Windows Small Business Server, a domain controller. The domain where the server is located must be running in one of the following Active Directory modes:

 Windows Server 2003 Native  Windows Server 2003 Interim  Windows Server 2008 Modes  Windows Server 2012 Modes  For more information about Active Directory domain and forest modes, see:  How to raise Active Directory domain and forest functional levels  Active Directory (Windows Server 2008 R2) Important Windows 2000 Server forest and domain modes are not supported with Microsoft Dynamics CRM 2013. 50 Federation and claims-based authentication support When you configure Microsoft Dynamics CRM for Internet-facing access it requires federated services that support claims-based authentication. We recommend Active Directory Federation Services (AD FS) in Windows Server 2008 or Windows Server 2012.

Active Directory Federation Services Active Directory Federation Services (AD FS) is a highly secure, highly extensible, and Internet- scalable identity access solution that allows organizations to authenticate users from partner organizations. Using AD FS in Microsoft Windows Server, you can simply and very securely grant external users access to your organization’s domain resources. AD FS can also simplify integration between untrusted resources and domain resources within your own organization.

AD FS is available as a server role in Windows Server 2012 and Windows Server 2008 R2. In earlier versions of Windows Server 2008, AD FS can be downloaded and installed (see the Active Directory Federation Services 2.0 RTW download link in the table).

Digital Certificates Active Directory Federation Services (AD FS) requires two types of digital certificates:

 Claims encryption. claims-based authentication requires identities to provide an encryption certificate for authentication. This certificate should be trusted by the computer where you are installing Microsoft Dynamics CRM Server 2013 so it must be located in the local Personal store where the Configure Claims-Based Authentication Wizard is running.  SSL (HTTPS) encryption. The certificates for SSL encryption should be valid for host names similar to org.contoso.com, auth.contoso.com, and dev.contoso.com. To satisfy this requirement you can use a single wildcard certificate (*.contoso.com), a certificate that supports subject alternative names, or individual certificates for each name. Individual certificates for each host name are only valid if you use different servers for each web server role. Multiple IIS bindings, such as a website with two HTTPS or two HTTP bindings, isn’t supported for running Microsoft Dynamics CRM. For more information about the options that are available to you, contact your certification authority service company or your certification authority administrator. To meet these requirements, your organization should have a public key infrastructure or a contract with a digital certificate provider such as VeriSign, GoDaddy, or Comodo.

For more information about Active Directory, see the resources in the following table.

Topic Link

Active Directory Domain Services Active Directory Domain Services for Windows

51 Server 2008 R2

Understanding AD DS Design Understanding AD DS Design

Designing the Site Topology for Windows Designing the Site Topology Server 2008 AD DS

Domain Controller Role Deploment FSMO placement and optimization on Active Directory domain controllers

Active Directory Federation Services (AD FS) AD FS Deployment Guide

Access & Information Protection

Active Directory Federation Services 2.0AD FS Active Directory Federation Services 2.0 RTW 2.0 RTW Download

Digital certificates overview Certificates

IPv6 Support Microsoft Dynamics CRM 2013 works with IPv6 either alone or together with IPv4 within environments that have networks where IPv6 is supported.

See Also Software requirements

SQL Server installation and configuration

aa. SQL Server installation and configuration

To plan your use of Microsoft SQL Server with Microsoft Dynamics CRM Server, you must understand how Microsoft Dynamics CRM uses SQL Server, and what Microsoft Dynamics CRM Server Setup does and does not do:

 Microsoft Dynamics CRM Server requires SQL Server 64-bit versions for storing the databases that contain Microsoft Dynamics CRM data and metadata. For specific details, see SQL Server editions in this guide.  Reports in Microsoft Dynamics CRM depend on Microsoft SQL Server Reporting Services, a feature 52 in SQL Server. Reporting Services includes two server components that are used to store, display, and manage reports: Report Server and Report Manager. A third component, Report Designer, is used to customize reports and write new reports. The Report Designer component is available with Microsoft Visual Studio and is typically installed on a workstation, instead of on the computer that is running SQL Server.  Microsoft Dynamics CRM Server Setup does not install SQL Server database engine or Microsoft SQL Server Reporting Services. There are many configurations possible based on your expected usage of Microsoft Dynamics CRM. For information about the licensing implications when you install Microsoft SQL Server Reporting Services on a separate computer, see SQL Server 2008 R2 Licensing.

 Although we do not recommend it, you can install SQL Server on the same computer as Microsoft Dynamics CRM Server 2013. For better performance, install and run SQL Server on a separate dedicated computer. For better performance and improved availability, install and run SQL Server on separate multiple dedicated computers in a clustered configuration. For more information, see Set configuration and organization databases for SQL Server 2012 AlwaysOn failover.  Similarly, we recommend that you install Microsoft Dynamics CRM Reporting Extensions on a separate SQL Server that is running Microsoft SQL Server Reporting Services. However, if needed you can install Microsoft Dynamics CRM Reporting Extensions on a SQL Server that is running Microsoft SQL Server Reporting Services but also stores the Microsoft Dynamics CRM databases. Notice that, when you run the database engine and Reporting Services on separate SQL Servers, the versions of SQL Server do not have to match. For example, the SQL Server database engine where the Microsoft Dynamics CRM databases are stored can be Microsoft SQL Server 2008 R2 and the Reporting Services server where the Microsoft Dynamics CRM Reporting Extensions are installed can be Microsoft SQL Server 2012.

 Although, in a multiple organization deployment of Microsoft Dynamics CRM, you can specify different Reporting Services servers or server instances when you create or edit an organization, only one instance of Reporting Services is supported for all organizations in the deployment. For better load balancing of reports, we recommend configuring Report Server in a Network Load Balancing (NLB) cluster. For more information, see Configure a Report Server on a Network Load Balancing Cluster.  Multiple Microsoft Dynamics CRM front-end servers that run in a network load balancing cluster can use the same computer that is running SQL Server. For more information, see Install Microsoft Dynamics CRM Server 2013 on multiple computers.

In This Section SQL Server requirements and recommendations for Microsoft Dynamics CRM

SQL Server deployment

Additional resources for SQL Server

53 Related Sections Prerequisites and considerations for planning your deployment of Microsoft Dynamics CRM 2013

Planning requirements for Microsoft SQL Server Reporting Services

ab. SQL Server requirements and recommendations for Microsoft Dynamics CRM

These requirements apply to new and existing installations of SQL Server:

 Microsoft Dynamics CRM requires an instance of Microsoft SQL Server Reporting Services be installed, running, and available. All installations of the supported SQL Server editions can be used as the reporting server. However, the Reporting Services edition must match the SQL Server edition.  Microsoft Dynamics CRM 2013 isn’t supported on Microsoft SQL Server 2000, Microsoft SQL Server 2005, or 32-bit versions of Microsoft SQL Server 2008 and Microsoft SQL Server 2012.  Microsoft Dynamics CRM Server 2013 is not supported with SQL Server that is running on Windows Server 2003 or Windows 2000 Server.  When Microsoft Dynamics CRM Server 2013 and SQL Server are installed on different computers, they must be in the same Active Directory domain.  Microsoft Dynamics CRM Server Setup and Microsoft Dynamics CRM 2013 Deployment Manager support the default instance or a named instance of SQL Server.  Although you can install SQL Server by using either Windows Authentication or mixed-mode authentication, Windows Authentication is a prerequisite for Microsoft Dynamics CRM.  The service account that SQL Server uses to log on to the network must be either a domain user account (recommended) or the Network Service account (you can’t use a local user account on the server). Using a low-privilege account strategy is recommended to help avoid compromising the security of the server.  The SQL Server service must be started. This service should be configured to automatically start when the computer is started.  SQL Server Agent must be started. This service should be configured to automatically start when the computer is started.  SQL Server Full-Text Search must be installed and started. This service should be configured to automatically start when the computer is started.  Microsoft Dynamics CRM Server Setup requires a network library to authenticate SQL Server. By default, TCP/IP network libraries are enabled when you install Microsoft SQL Server. SQL Server can use both TCP/IP or Named Pipes for authentication. However, the computer that is running SQL Server must be configured for at least one of the two network libraries.  We recommend that the computer that is running SQL Server be located on the same local area network (LAN) as the computer that is running the Microsoft Dynamics CRM Server 2013 Back End Server roles. For a description of the server roles, see Microsoft Dynamics CRM 2013 server roles. 54  The computer that is running SQL Server must be configured to have sufficient disk space, memory, and processing power to support the Microsoft Dynamics CRM environment. For more information, see Microsoft Dynamics CRM Server 2013 hardware requirements in this guide.  Although it’s optional, consider accepting the SQL Server default settings for Collation Designator, Sort Order, and SQL Collation. Microsoft Dynamics CRM supports the following collation orders:  Case-sensitive  Case-insensitive  Accent-sensitive  Accent-insensitive

Note

 Binary sort order (such as Latin1_General_100_BIN) Microsoft Dynamics CRM sets the collation order at the database level. This setting might differ from that set at the SQL Server level.

 Review all SQL Server installation options and be prepared to make the needed selections when you run Setup. For more information, see Installation for SQL Server 2012.  If you plan to install SQL Server in a location other than the default file location, see File Locations for Default and Named Instances of SQL Server. You should also consider where the Microsoft Dynamics CRM databases are located on the server, and the hard-disk configuration that will support them.

Note To achieve the best combination of disk fault tolerance and performance, consider the many specifications for redundant array of independent disks (RAID) available from hardware vendors. Format the disks where the SQL Server database files reside for the fault-tolerance requirements of the application and performance parameters for the I/O activity occurring on that partition.

 If you are using an operating system with regional settings other than English (United States), or if you are customizing character-set or sort-order settings, review topics on collation settings. For more information, see International Considerations for SQL Server.

See Also SQL Server installation and configuration

SQL Server deployment

55 ac. SQL Server deployment

If your organization uses Microsoft SQL Server for applications other than Microsoft Dynamics CRM, performance may degrade as resources are consumed by other applications. If you use a computer that is running SQL Server that is used for other applications, you must carefully analyze the effect that Microsoft Dynamics CRM will have on the existing installation of SQL Server. For information about monitoring SQL Server, see Performance Monitoring and Tuning How- To Topics.

For best results, we recommend that you install the Microsoft Dynamics CRM databases on a computer that is running SQL Server and that will support only Microsoft Dynamics CRM and no other databases or database applications.

In This Topic SQL Server deployment considerations

Language locale collation and sort order

Disk configurations and file locations

SQL Server program file location

SQL Server data file location

Microsoft Dynamics CRM database renaming considerations

SQL Server transparent data encryption

SQL Server deployment considerations Microsoft Dynamics CRM is a database-intensive application. Before you deploy Microsoft Dynamics CRM to an instance of SQL Server, you should consider the following requirements and database configurations:

 Modification of system tables. The SQL Server system tables should not be modified before you install Microsoft Dynamics CRM Server 2013. Some database applications may modify the SQL Server system tables. If this occurs, problems with Microsoft Dynamics CRM and data may result.  Indexing. Full-text indexing must be installed. This is required for Microsoft Dynamics CRM knowledge-base functionality.  Compatibility level. During an upgrade or a new installation, Microsoft Dynamics CRM Server Setup sets the database compatibility level to 100, which is the compatibility level of Microsoft SQL Server 2008. 56  Autogrowth. By default, Microsoft Dynamics CRM organization database files are created to have an autogrowth setting of 256 megabytes. Earlier versions of Microsoft Dynamics CRM used the default setting of 1 megabyte autogrowth. If you perform intensive database transactions, such as large data imports, consider increasing the autogrowth value to improve performance. For information about how to change the autogrowth setting for a database, see the SQL Server Management Studio Help.  Max server memory. We recommend that, if you run SQL Server on a computer that is also running other applications, that the SQL Server max server memory be set to no more than one half of the installed RAM. By default, max server memory is set to 2147483647 megabytes in Microsoft SQL Server 2008 and Microsoft SQL Server 2012, which has demonstrated resource issues with SQL Server during intensive use of Microsoft Dynamics CRM. More information: Server Memory Options  Max degree of parallelism. We recommend if you experience poor SQL Server performance, which can occur due to complex index statements, that the SQL Server max degree of parallelism be set to 1 to help improve overall application performance on multiprocessor systems. More information: max degree of parallelism Option  RCSI. Running Microsoft Dynamics CRM that uses a SQL Server configured for read committed snapshot isolation (RCSI) will receive commercially reasonable support. Commercially reasonable support is defined as all reasonable support efforts by Microsoft Customer Support Services that do not require Microsoft Dynamics CRM code fixes.

Language locale collation and sort order Installing SQL Server in a language other than English (U.S.) may require changing the Collation designator. The following table indicates the Collation designator to use for some of the available languages.

Windows Locale Locale Identifier Collation Designator Code Page (LCID)

Danish 0X406 Danish_Norwegian 1252

Dutch (Standard) 0X413 Latin1_General 1252

English (United 0X409 Latin1_General 1252 States)

French (France) 0X40C French 1252

German (Germany) 0X407 Latin1_General 1252

Italian 0X410 Latin1_General 1252

Portuguese (Brazil) 0X416 Latin1_General 1252

57 Spanish (Traditional 0XC0A Modern_Spanish 1252 Sort)

Disk configurations and file locations For the default instance of SQL Server, the default directory for both program and data files is \Program Files\Microsoft SQL Server\MSSQL.MSSQLSERVER\MSSQL\, where is the major version of SQL Server, such as 10 for Microsoft SQL Server 2008 or 11 for Microsoft SQL Server 2012. You can specify a file path other than the default for both program and data files.

Note The default locations for program and data files are not necessarily the best locations. For the best combination of disk fault tolerance and performance, consider the RAID specifications available from hardware vendors. You can create the Microsoft Dynamics CRM databases on your partitions, especially for these files, and specify the existing databases when you run Microsoft Dynamics CRM Server Setup. The databases created by Microsoft Dynamics CRM are noted in the specified data file location. For more information, see SQL Server data file location later in this topic.

By default, Shared Tools are installed in \Program Files\Microsoft SQL Server\100\Tools on the system drive. This folder contains the default and named files shared by all instances of SQL Server. Tools include the T-SQL command line utility and the OSQL SQL query tool.

Microsoft SQL Server Setup also installs files in the Windows system directory. The system file location cannot be changed.

SQL Server program file location The SQL Server program files are located in \Program Files\Microsoft SQL Server\MSSQL.MSSQLSERVER\MSSQL\Binn.

The binary file location is in the root directory where Setup creates the folders that contain program files and other files that typically do not change this path as you use SQL Server. Although these files are not read-only, the folders do not contain data, logs, back-up files, or replication data. Therefore, the space requirements for these files should increase only marginally as SQL Server is used, and over time as updates are applied.

Important

58 Program files cannot be installed on a removable disk drive.

SQL Server data file location Each SQL Server database consists of one or more database files and one or more transaction log files. Microsoft Dynamics CRM creates at least two databases:

 MSCRM_CONFIG. This database contains Microsoft Dynamics CRM metadata, such as configuration and location information that is specific to each organization database.  OrganizationName_MSCRM. This is the organization database where Microsoft Dynamics CRM data is stored, such as all records and activities. Microsoft Dynamics CRM Server 2013 supports multiple organizations so that you can have multiple-organization databases. Microsoft Dynamics CRM also relies on the SQL Server system databases to store Microsoft Dynamics CRM configuration information. These databases include the master and msdb databases. The database files that accompany a database contain all its data and properties. Transaction log files contain a record of the write activity in the database, such as when a row is added, changed, or removed. Transaction log files are binary and cannot be used for auditing database activity.

The transaction log is used for recovery, if a failure occurs, and to roll back (undo) transactions (writes) that cannot be finished. You may also periodically back up the transaction log as a way to perform an incremental backup while users are working in the application, with very low effect on available server resources.

To have the best chance of recovery if there is a disk failure, and the best performance for the application, put the database files and transaction log files on separate sets of physical disks. The location that you specify for a file does not have to be the original location for data files specified during Microsoft SQL Server Setup. You can select an alternative location for the database and transaction log files any time that you create or change the database. For more information, see the note about disk fault tolerance and performance in Disk configurations and file locations earlier in this topic.

If the partition that contains a database file has failed and the database has become unusable, but the partition that contains the transaction log is still available, you can back up the transaction log for that database. This can be the last backup in your back-up set. When you restore, this transaction log backup, made after the failure, will be the last restored backup. If all transaction log backups in the back-up set are restored successfully, you will have restored all the committed (100 percent successful) transactions up to the moment of the failure. This limits the data loss.

59 When the database files and transaction log files are on separate sets of disks, performance is optimized. Transaction log files can be write-intensive during periods when a lot of data is being added, changed, or removed from the application.

For example, you have a server wherein drive C is the system partition (the drive where the Windows and program file folders are located).The Windows pagefile is also located on drive C. Drives D and E are RAID-5 partitions on separate sets of physical disks. Select the partitioning scheme for the database files that will give you the combination of performance and disk fault tolerance that you want. Drive D contains only data files for one or more databases, and drive E contains only log files for one or more databases. If you verify that performance will decrease because one database will have much more hard disk activity than other databases, you should put them all on separate sets of disks. If you estimate that data will significantly grow over time, make sure drive D has at least 100 gigabytes (GB) available for the database files. Because the log files will be truncated every time that a transaction-log backup is performed, make sure drive E has at least 10 GB available. Specify the location of the database file to be on drive D and the transaction log file to be on drive E when you create the database.

Note It is best to dedicate a partition to SQL Server data files. We recommend that you do not put a data file on the same partition as a Windows pagefile because of the degree of fragmentation that will occur.

By default, the directory where all database files and transaction log files are located is \Program Files\SQL Server\MSSQL.MSSQLSERVER\MSSQL\Data. When you run Microsoft SQL Server Setup, you can specify a different location as the default location for data files. The data file location is the root directory where Microsoft SQL Server Setup creates the folders that contain database and log files, in addition to directories for the System log, back-up, and replication data. Microsoft SQL Server Setup creates database and log files for the master, model, tempdb, and msdb databases. If you are selecting different locations for each file in the application, you do not have to change the default setting.

Note Data files cannot be installed on a file system that uses compression.

Specifying file paths Because you can install multiple instances of SQL Server on one computer, an instance name is used in addition to the user-specified location for program and data files. For tools and other shared files, instance names are not required. 60 Default-instance file path for program and data files For the default instance of SQL Server, the default SQL Server directory name (MSSQL.10) is used as the default instance name, with the directory that you specify.

For example, if you specify the SQL Server default instance to be installed on D:\MySqlDir, the file paths are as follows:

D:\MySqlDir\MSSQL.MSSQLSERVER\MSSQL\Binn (for program files)

D:\MySqlDir\MSSQL.MSSQLSERVER\MSSQL\Data (for data files)

Note The program and data file locations can be changed, depending on the drive configuration of the computer that is running SQL Server.

Microsoft Dynamics CRM database renaming considerations As described earlier, a Microsoft Dynamics CRM deployment contains the following databases:

 A single MSCRM_CONFIG database  One or more (for multi-tenant deployments) ORGANIZATIONNAME_MSCRM databases The configuration database, MSCRM_CONFIG, cannot be renamed. If the MSCRM_CONFIG database is renamed, the Microsoft Dynamics CRM system will not function correctly.

Organization databases, OrganizationName_MSCRM, can be renamed by following the guidelines and considerations described here.

Organization database names Microsoft Dynamics CRM organization databases use both a display and a unique name.

 Display name. This is the name that appears in the Microsoft Dynamics CRM application, such as the upper-right corner of the main application screen. The display name can contain spaces and be up to 250 characters long.  Unique name. This is the name that is used to create the URL to connect to the application and is appended with _MSCRM. It is also the physical name of the database as it appears in SQL Server applications, such as Microsoft SQL Server Management Studio. This name cannot contain spaces and cannot be more than 30 characters long.

61 Organization database renaming The display name may be changed by using the Edit Organization Wizard in Deployment Manager. The basic steps are to disable the organization, and then run the Edit Organization Wizard. For more information, see the Deployment Manager Help.

Although we do not recommend it, you can change the name of an organization’s unique database name (ORGANIZATIONNAME_MSCRM). To change the database unique name, follow these steps:

Warning Renaming the unique database name for an organization has not been fully tested by Microsoft and may cause unexpected results. We cannot guarantee that problems caused by performing this procedure can be resolved. Rename the organization database unique name at your own risk.

Important Before you start the following procedure, take a full back up of the organization database that you want to rename.

The following steps require you to already have a functioning organization database that was created by Microsoft Dynamics CRM Server Setup or imported by a supported Microsoft Dynamics CRM method.

1. Restore the backup of the organization database to your SQL Server that uses the name that you want and that is supported by SQL Server. 2. Import the renamed organization database to your existing Microsoft Dynamics CRM deployment by using the Import Organization Wizard in Deployment Manager. 3. During the import, enter into the organization database a display name and unique name that are unrelated to the original database name. 4. Follow the instructions on your screen to complete the import. 5. Ensure that Microsoft Dynamics CRM users have the new URL that will be created as a result of the organization rename.

SQL Server transparent data encryption The Microsoft SQL Server Transparent Data Encryption feature is supported for use with Microsoft Dynamics CRM. However, based on test results conducted internally, using this feature can cause a decrease in overall performance of approximately 10% when run against a compressed database with the same workload.

62 See Also SQL Server requirements and recommendations for Microsoft Dynamics CRM

Additional resources for SQL Server

ad. Additional resources for SQL Server

For more information about how to plan for and install SQL Server, see the following resources:

Microsoft SQL Server Web site

SQL Server Books Online

Microsoft SQL Server Solution Center

See Also SQL Server deployment

Planning requirements for Microsoft SQL Server Reporting Services

ae. Planning requirements for Microsoft SQL Server Reporting Services

The Microsoft Dynamics CRM Reporting Extensions are data processing extensions that are installed on the Microsoft SQL Server Reporting Services server. Microsoft Dynamics CRM Reporting Extensions accept the authentication information from the Microsoft Dynamics CRM Server 2013 and passes it to the Microsoft SQL Server Reporting Services server. Microsoft Dynamics CRM Reporting Extensions Setup includes Fetch data processing extension and SQL data processing extension.

The Microsoft Dynamics CRM Reporting Extensions are required for all major reporting tasks in Microsoft Dynamics CRM such as, working with default (out-of-box) Microsoft Dynamics CRM reports, uploading custom reports, creating Report Wizard reports, or scheduling reports. Microsoft Dynamics CRM Reporting Extensions must also be installed before you import or provision new organizations.

The Microsoft Dynamics CRM Reporting Extensions Setup does the following:

63 1. Installs Fetch data processing extensionand SQL data processing extension on the Microsoft SQL Server Reporting Services server. 2. Installs custom assemblies used by default reports and wizard reports on Microsoft SQL Server Reporting Services server. 3. Creates default reports (SQL-based) for the default organization both on Microsoft Dynamics CRM Server 2013 and Microsoft SQL Server Reporting Services server. The following table explains what reporting options will be available to you if you install Microsoft Dynamics CRM Reporting Extensions.

What reports will work?

Installed? Default reports Custom SQL- Fetch-based Custom Fetch- based reports Wizard reports based reports

No Clean installation:  Cannot be Will not be Cannot be scheduled. available. uploaded and Will not be  Can be run. available. uploaded and run if Microsoft Dynamics CRM Server 2013 and SQL Server are installed on one computer or Trust for Delegation is configured. Yes Will be published Can be uploaded Can be created, Can be for the default and run. run, and uploaded, run, organization. scheduled. and scheduled.

Important Microsoft Dynamics CRM Reporting Extensions should not be installed on an instance of Microsoft SQL Server Reporting Services that is running under an account that is a member of the SQL Access Group. This can occur when Microsoft SQL Server Reporting Services is running under the same account as a Microsoft Dynamics CRM Server 2013 component. This configuration can make the system vulnerable to certain attacks. During installation, Setup detects this scenario. You can click Help for information about how to work around the issue.

64 Note that when you install Microsoft Dynamics CRM Reporting Extensions, you have the option of installing the component on a different server that is running Reporting Services. Therefore, by isolating Microsoft Dynamics CRM Reporting Extensions on a separate instance of SQL Server, which does not store the Microsoft Dynamics CRM databases, report performance may be improved.

Microsoft Dynamics CRM Reporting Extensions requirements Microsoft Dynamics CRM Reporting Extensions has the following requirements:

 You must complete Microsoft Dynamics CRM Server Setup before you run the Microsoft Dynamics CRM Reporting Extensions Setup.  You must run the Microsoft Dynamics CRM Reporting Extensions Setup on a computer that has Microsoft SQL Server 2008 Reporting Services installed. For smaller data sets and fewer users, you can use either a single-server deployment, or a multiple-server deployment with one computer that is running SQL Server for Microsoft Dynamics CRM, and another server for Microsoft SQL Server Reporting Services. With larger datasets or more users, performance will decrease quickly when complex reports are run.

See Also SQL Server installation and configuration

Planning email integration

af. Planning email integration

This section applies to Microsoft Dynamics CRM Online and on-premises versions of Microsoft Dynamics CRM 2013. To use the Microsoft Dynamics CRM email routing and tracking features, you must use one or both of the following software components to integrate your email system with your Microsoft Dynamics CRM deployment:

 The Email Router provides centrally managed email routing for users, queues, and forward mailboxes. This is frequently the better option for on-premises, partner-hosted Microsoft Dynamics CRM, and some Microsoft Dynamics CRM Online deployments. With this method, email is routed to Microsoft Dynamics CRM regardless of whether the recipient is logged on.  Microsoft Dynamics CRM for Microsoft Office Outlook provides email routing capabilities on a single user basis. This doesn’t require the Email Router, and is frequently the better option for smaller organizations that don’t have a full-time IT staff, or for organizations that use Microsoft Dynamics CRM Online. With this method, the actual email routing for each user occurs only while the user is 65 logged on. If Microsoft Outlook isn’t running, email messages aren’t processed until Microsoft Outlook is started again. Important If your organization uses email queues, you must use the Email Router. Queues aren’t supported in CRM for Outlook.

Microsoft Dynamics CRM Server 2013 can operate without Microsoft Exchange Server or a POP3 server. However, you won’t have Microsoft Dynamics CRM incoming email tracking capabilities. Also, Microsoft Dynamics CRM Server 2013 can operate without an SMTP server. However, you won’t have Microsoft Dynamics CRM outgoing email capabilities.

Depending on your requirements, you may want to implement a solution that uses both the Email Router and CRM for Outlook. For example, if your Microsoft Dynamics CRM deployment hosts multiple organizations, or a single organization that has users who have varying needs, you may want to configure some users for the CRM for Outlook email routing method, and configure other users and queues for the Email Router.

See Also Planning requirements for Microsoft SQL Server Reporting Services

Microsoft Dynamics CRM Email Router

ag. Microsoft Dynamics CRM Email Router

The Email Router is an optional interface component that integrates your email system with Microsoft Dynamics CRM, and routes qualified email messages to and from your Microsoft Dynamics CRM organization. This section provides guidelines for analyzing your organization’s requirements for integrating email with Microsoft Dynamics CRM, and outlines the things to consider when you plan, install, and configure an Email Router deployment.

The Email Router enables you to configure an interface between your Microsoft Dynamics CRM deployment and one or more servers running Exchange Server, Exchange Online accounts, or POP3 servers, for incoming email. For outgoing email, one or more SMTP servers, Exchange Web Services (EWS), or Exchange Online accounts are supported. Email messages come into the

66 Microsoft Dynamics CRM system through the Email Router. For more information, see Microsoft Dynamics CRM 2013 Email Router software requirements in this guide.

Important Although it is supported, we do not recommend that you install the Email Router on a computer that is running Microsoft Exchange Server.

Note You can deploy and run the Email Router on multiple computers in a Microsoft cluster to provide high availability and failover functionality. For more information, see Install E- mail Router on multiple computers in the Installing Guide.

After you install the Email Router, you must run the Email Router Configuration Manager, an application that is installed during Microsoft Dynamics CRM Email Router Setup. You can use the Email Router Configuration Manager to configure the following:

 One or more incoming profiles. An incoming profile contains the information about the email systems that will be used to process incoming email messages.  One or more outgoing profiles. An outgoing profile contains the information about the email systems that will be used to process outgoing email messages.  One or more deployments. The Deployments area contains information about the Microsoft Dynamics CRM deployment and maps to an incoming and outgoing profile.  Users, queues, and forward mailboxes. This area contains information about each user that will use the Email Router for email tracking. You can also configure email routing for queues and define a forward mailbox. For more information about the Email Router Configuration Manager, see the following resources:

 Microsoft Dynamics CRM E-mail Router Installation Instructions in the Installing Guide  Email Router Configuration Manager Help

Email systems The Email Router can connect to one or more email servers running Microsoft Exchange Server or Exchange Online. The Email Router can also connect to POP3-compliant servers to provide incoming email routing. For outgoing email, you can use SMTP and EWS (Exchange Online only). For more information about the email server versions and protocols that Microsoft Dynamics CRM supports, see Microsoft Dynamics CRM 2013 Email Router software requirements in this guide.

Exchange Server is an enterprise messaging system with the versatility to support various organizations. As with Active Directory and Microsoft Dynamics CRM, Exchange Server requires

67 planning before it is deployed. Many documents are available from Microsoft that explain how to plan, deploy, and operate Exchange Server. For more information, see Additional resources for Exchange Server in this guide.

Network topology and email traffic The overall requirements to deploy and configure an effective Microsoft Dynamics CRM email solution for a small business are similar to those of a large enterprise. However, a small business might not have an IT department. As you plan your email solution, consider the details of your particular IT environment, such as who is responsible for network administration, what is allowed for Email Router placement, use of forward mailbox and forwarding rules.

To optimize performance, carefully consider the size, complexity, and geographical distribution of your network. The location of your email servers, the number of users who will route email to and from Microsoft Dynamics CRM, expected traffic levels, and the frequency and size of attachments should help guide your decisions.

For example, an international enterprise-level Microsoft Dynamics CRM deployment might have user and queue mailboxes in multiple sites, regions, or countries. Such a deployment may accommodate multiple Microsoft Dynamics CRM organizations and multiple email server configurations. The email servers might be located inside or outside the corporate domain, separated by firewalls.

A small business deployment, on the other hand, will typically have a relatively small number of users and significantly less email traffic. Frequently, there will be no full-time IT department to configure and maintain an Email Router deployment.

Avoid mailbox storage problems Every organization has its own unique requirements for email message routing and storage. To avoid problems that can result from overtaxing your system's storage capacity, consider the following when you plan an Email Router deployment:

 All email messages  Email messages in response to CRM email  Email messages from CRM Leads, Contacts, and Accounts  Email messages from Microsoft Dynamics CRM records that are email enabled For more information, see E-mail message filtering and correlation in this guide.

 What storage quotas should be applied to each mailbox? For more information about how to apply mailbox storage quotas and managing automated messages that are sent to mailbox owners when their size limit is exceeded, see the documentation for your email system. 68  How long should email messages be stored? For more information about automatically archiving or deleting email messages, see the documentation for your email system. Like CRM for Outlook, the Microsoft Dynamics CRM Online Email Router lets you track CRM- related information automatically. The email tracking functionality in the Email Router operates in the manner described in the CRM for Outlook section. The Email Router also lets you send and receive emails through CRM Online.

See Also Planning email integration

E-mail message filtering and correlation

ah. E-mail message filtering and correlation

This section applies to Microsoft Dynamics CRM Online and on-premises versions of Microsoft Dynamics CRM 2013. The Email Router can automatically create e-mail activities in Microsoft Dynamics CRM, which are based on received e-mail messages. This type of automation is known as e-mail message tracking. Users can select a filtering option that determines what e-mail messages will be tracked in Microsoft Dynamics CRM. Filtering is set on the E-mail tab of the Set Personal Options dialog box in the Microsoft Dynamics CRM client applications. The user filtering options are as follows:

 All e-mail messages. All e-mail messages that are received by the user will have activities created.  E-mail messages in response to CRM e-mail. Only the replies to an e-mail message that is already tracked will be saved as e-mail activities. This option uses smart matching to relate e-mail messages to activities.  E-mail messages from CRM Leads, Contacts, and Accounts. Only e-mail messages sent from leads, contacts, and accounts that exist in the Microsoft Dynamics CRM database are saved as activities.  E-mail messages from Microsoft Dynamics CRM records that are e-mail enabled. E-mail messages are tracked from any record type, including customized record types, that contain an e-mail address. By default, the E-mail messages in response to CRM e-mail option is enabled. Correlation occurs after an e-mail message is filtered. System administrators can turn off all message tracking for a particular user by setting the E-mail Access Type - Incoming value to None on the General tab on the User form.

69 Microsoft Dynamics CRM 2013 tracking tokens Tracking tokens increase the probability for e-mail identification and matching. You can use the tracking token feature to improve e-mail message tracking. A tracking token is an alphanumeric string generated by Microsoft Dynamics CRM and appended to the end of an e-mail subject line. It matches e-mail activities with e-mail messages.

You can turn tacking tokens on or off, and configure them to be unique for a specific Microsoft Dynamics CRM organization. This means that a company with a deployment that has multiple Microsoft Dynamics CRM organizations (such as for a large conglomerate), can configure tracking tokens that are unique to each deployment. To configure tracking tokens, do the following:

1. On the nav bar, click or tap Microsoft Dynamics CRM > Settings. Then click or tap Administration > System Settings. 2. Click the E-mail tab. Tracking tokens add an additional correlation component to smart matching. When Microsoft Dynamics CRM generates an outgoing e-mail activity, a resulting e-mail response arriving in the Microsoft Dynamics CRM system is then correlated to the originating activity.

By default, for new installations of Microsoft Dynamics CRM 2013, Microsoft Dynamics CRM 2011, and upgraded Microsoft Dynamics CRM 4.0 organizations, the tracking token feature is turned on. The following figure and table show a tracking token and the parts that make up a tracking token.

Tracking token structure The following table lists tracking-token parts and descriptions.

Part Description

Prefix Configurable. Default value = CRM. This can be 70 unique for an organization or for a particular Microsoft Dynamics CRM deployment in an organization with multiple Microsoft Dynamics CRM deployments. We recommend that different Microsoft Dynamics CRM deployments use unique prefixes.

Online-offline designator Not configurable. One digit. 0 for Online. 1 for Offline. This part indicates if the user was online or offline when the e-mail activity was created.

ID Configurable. Default range is three (3) digits. This is a numeric identifier for the Microsoft Dynamics CRM user who generated the e-mail activity.

Number Configurable. Default range is four (4) digits. This is a numeric identifier for the e-mail activity (not the individual messages that the activity contains). If you configure Microsoft Dynamics CRM to generate a token with a four-digit number, it will increment the number through 9999, and then restart the number at 0000. You can use a larger order of digits to reduce the possibility of assigning duplicate tokens to active e-mail threads.

For more information about how to configure the tracking token, see the Microsoft Dynamics CRM Help.

Smart matching When an incoming e-mail message is processed by the Email Router, the system extracts information that is associated with the e-mail message subject, sender address, and recipient's addresses that link the e-mail activity to other Microsoft Dynamics CRM records. This correlation process, also known as smart matching, uses the following criteria to match received e-mail message information to e-mail activities:

 Subject matching. Prefixes, such as RE: or Re:, and letter case are ignored. For example, e-mail 71 message subjects with RE: HELLO and HELLO would be considered a match.  Sender and recipient matching. The system calculates the number of exact sender and recipient e- mail addresses in common. When the matching process is complete, the system selects the owner and the object of the incoming e-mail message.

By default, smart matching is turned on for new installations of Microsoft Dynamics CRM Server 2013 and Microsoft Dynamics CRM Server 2011, and for installations of Microsoft Dynamics CRM Server 2011 that have been upgraded from Microsoft Dynamics CRM 4.0 Server.

Note You can disable, enable, and tune smart-matching settings in the System Settings area of the Microsoft Dynamics CRM application.

See Also Microsoft Dynamics CRM Email Router

Forward mailbox vs. individual mailboxes

System Settings dialog box - Email tab

ai. Forward mailbox vs. individual mailboxes

This section applies to Microsoft Dynamics CRM Online and on-premises versions of Microsoft Dynamics CRM 2013. For incoming e-mail messages, you can configure the Email Router to monitor either of the following:

 A forward mailbox, also known as a sink mailbox  Each user's or queue's mailbox Important If your e-mail system does not allow rules where an e-mail message can be forwarded as an attachment, you must select Individual Mailbox Monitoring during Microsoft Dynamics CRM Email Router Setup. If you are using Microsoft Exchange Server, we recommend that you select Forward Mailbox Monitoring.

72 Configuring the Email Router to use a forward mailbox gives Microsoft Dynamics CRM one central mailbox to monitor, instead of monitoring the mailbox of each user who needs Microsoft Dynamics CRM e-mail capabilities.

Organizations that have to monitor a large number of mailboxes should consider using a forward mailbox to reduce the administrative effort. Monitoring many mailboxes can sometimes require maintaining access credentials in many incoming configuration profiles. For more information, see “Access credentials” in Configure the E-mail Router in the Installing Guide.

By using a forward mailbox, you shift the administrative effort to the task of deploying a server- side forwarding rule to each user mailbox. The forwarding rule forwards all incoming e-mail messages as attachments to the centralized forward mailbox. For Exchange Server only, you can use the Rule Deployment Wizard (installed with the Email Router) to deploy forwarding rules. This can significantly reduce administration and maintenance requirements because the Rule Deployment Wizard can deploy forwarding rules to multiple Microsoft Dynamics CRM users at the same time.

Important To use a forward mailbox with a Microsoft Dynamics CRM deployment that interfaces with a POP3-compliant e-mail system, the e-mail system must be able to forward e-mail messages as attachments. Also, for POP3 e-mail servers and Exchange Online, you cannot use the Rule Deployment Wizard. Instead, you must create the rules manually. For instructions, see “Create the rule manually” in Configure the E-mail Router in the Installing Guide.

You can configure users and queues in different ways within the same Microsoft Dynamics CRM deployment. For example, you may want to configure some user or queue mailboxes to be monitored directly on one e-mail server, and configure others to use a forward mailbox on a different e-mail server.

Forward mailbox monitoring When you use forward mailbox monitoring, incoming messages are processed by Microsoft Exchange Server or the POP3 server and the Email Router in the following sequence:

1. A message is received by a Microsoft Dynamics CRM user or queue mailbox, on either the Exchange Server or the POP3 server. 2. A rule in the user's mailbox sends a copy of the message to the Microsoft Dynamics CRM forward mailbox. 3. The Email Router retrieves the message from the Microsoft Dynamics CRM forward mailbox and

73 sends it to the computer that is running Microsoft Dynamics CRM Server 2013.

See Also E-mail message filtering and correlation

Microsoft Dynamics CRM user options

aj. Microsoft Dynamics CRM user options

This section applies to Microsoft Dynamics CRM Online and on-premises versions of Microsoft Dynamics CRM 2013. This section describes the options available in Microsoft Dynamics CRM user records for sending and receiving e-mail messages.

Incoming e-mail messaging options The available incoming e-mail configurations that you can use when a user or a queue receives Microsoft Dynamics CRM e-mail messages are as follows:

 None. Use this option for users or queues that do not use Microsoft Dynamics CRM to track received e-mail messages.  Microsoft Dynamics CRM for Outlook. This option is available for users and requires that Microsoft Office Outlook be installed on the user's computer. This option does not require the Email Router component and is not available for queues.  Server-Side Synchronization or E-mail Router. When you select this option, the server-side synchronization or Email Router will process Microsoft Dynamics CRM e-mail messages directly from the user's or queue's inbox, without using a forward or a sink mailbox. Although this option does not require a sink mailbox, it does make troubleshooting server-side synchronization or Email Router issues more complex for larger user bases (10 or more users) because each incoming e-mail message is processed by the server-side synchronization or Email Router in every user's mailbox instead of in a single dedicated mailbox.  Forward Mailbox. To use this option, you must install the Email Router. This option requires a sink mailbox, which is a dedicated mailbox that collects e-mail messages transferred from each Microsoft Dynamics CRM user's mailbox by a server-side rule. Although this option does not require users to run Microsoft Outlook, it does require that the rule be deployed for each user. You use the Rule Deployment Wizard to deploy rules to each Microsoft Dynamics CRM user mailbox.

74 Outgoing e-mail messaging options The available outgoing e-mail configurations that you can use when users or queues send Microsoft Dynamics CRM e-mail messages are as follows:

 None. Use this option for users or queues that do not use Microsoft Dynamics CRM to send e-mail messages.  Microsoft Dynamics CRM for Outlook. This option is available for users and requires that Microsoft Office Outlook be installed on the user's computer. This option does not require the Email Router component and is not available for queues.  Server-Side Synchronization or E-mail Router. This option delivers Microsoft Dynamics CRM e- mail messages by using the server-side synchronization or Email Router component. The e-mail system must be SMTP-compliant. The server-side synchronization or Email Router can be installed on the SMTP server or on a different computer that has a connection to the SMTP server.

See Also Forward mailbox vs. individual mailboxes

Additional resources for Exchange Server

ak. Additional resources for Exchange Server

For more information about how to plan to install Microsoft Exchange Server 2007, see the following:

 Exchange Server 2007 Planning For more information about how to plan to install Microsoft Exchange Server 2010, see the following:

 Planning for Exchange 2010

See Also Microsoft Dynamics CRM user options

Operating system and platform technology security considerations for Microsoft Dynamics CRM 2013

75 al. Operating system and platform technology security considerations for Microsoft Dynamics CRM 2013

In the broadest sense, security involves planning and considering tradeoffs between threats and access. For example, a computer can be locked in a vault and available only to one system administrator. This computer may be secure, but it is not very usable because it is not connected to any other computer. If your business users need access to the Internet and your corporate intranet, you must consider how to make the network both secure and usable.

The following sections contain links to information about how you can make your computing environment more secure. Ultimately, Microsoft Dynamics CRM data security largely depends on the security of the operating system and the required and optional software components.

In This Topic

Securing Windows Server

Securing SQL Server

Securing Exchange Server and Outlook

Securing mobile devices

Securing Windows Server Windows Server, the foundation of Microsoft Dynamics CRM, provides sophisticated network security. The Kerberos version-5 authentication protocol that is integrated into Active Directory and Active Directory Federation Services (AD FS) allows you to federate Active Directory domains by using claims-based authentication. Both give you powerful standards-based authentication. These authentication standards let users input a single user name and password logon combination for resource access across the network. Windows Server also includes several features that help make the network more secure.

The following links take you to information about these features. You can learn how to help make your deployment of Windows Server more secure:

 Windows Server 2012 76  Secure Windows Server 2012  Windows Server 2012 Security Baseline  Windows Server 2008  Secure Windows Server  Windows Server 2008 Security Guide  Windows Server 2008 R2 Security Baseline and Windows Server 2008 Security Baseline

Windows error reporting Microsoft Dynamics CRM requires the Windows Error Reporting (WER) service, which Setup will install if it is missing. The WER service collects information, such as IP addresses. These are not used to identify users. The WER service does not intentionally collect names, addresses, e-mail addresses, computer names, or any other form of personally identifying information. It is possible that such information may be captured in memory or in the data collected from open files, but Microsoft does not use it to identify users. In addition, some information that is transmitted between the Microsoft Dynamics CRM application and Microsoft may not be secure. For more information about the type of information that is transmitted, see Privacy statement for the Microsoft Error Reporting Service.

Important By default, automatic error reporting is not enabled in Microsoft Dynamics CRM. For more information about how to enable automatic error reporting for Microsoft Dynamics CRM, see Enable Windows Error Reporting.

Virus, malware, and identity protection To help protect your identity and your system against malware or viruses, see the following resources:

 Microsoft Security. This page is an entry point for tips, training, and guidance about how to keep your computer up-to-date and prevent your computer from being susceptible to exploitation, spyware, and viruses.  Security TechCenter. This page has links to technical bulletins, advisories, updates, tools, and guidance designed to make computers and applications up-to-date and more secure.

Update management Microsoft Dynamics CRM updates include security, performance, and functional improvements. Making sure that your Microsoft Dynamics CRM applications have the latest updates helps make sure that your system is running as efficiently and reliably as it can.

For information about how to manage updates, see the following: 77  Windows Server Update Services  Update Management in System Center Essentials  Managing Software Updates in Windows Small Business Server 2008  Update Management in Windows Server 2012: Revealing Cluster-Aware Updating and the New Generation of WSUS

Securing SQL Server Because Microsoft Dynamics CRM relies on SQL Server, make sure that you take the following measures to improve the security of your SQL Server database:

 Make sure that the latest operating system and SQL Server service packs (SP) and updates are applied. Check the Microsoft Security Web site for the latest details.  Make sure that all SQL Server data and system files are installed on NTFS partitions for file system- level security. You should make the files available only to administrative or system-level users through NTFS permissions. This helps to safeguard against users who access those files when the MSSQLSERVER service is not running.  Use a low-privilege domain account. Or, you can specify the Network Service or the Local System Account for SQL Server services. However, we do not recommend that you use these accounts because Domain User accounts can be configured with less permission to run the SQL Server services. The Domain User account should have minimal rights in the domain and should help contain (but will not stop) an attack on the server if there is a compromise. In other words, this account should have only local user-level permissions in the domain. If SQL Server is installed by using a Domain Administrator account to run the services, a compromise of SQL Server will lead to a compromise of the entire domain. If you have to change this setting, use SQL Server Management Studio to make the change, because the access control lists (ACLs) on files, the registry, and user rights will be changed automatically.  SQL Server authenticates users who have either Windows Authentication or SQL Server credentials. We recommend that you use Windows Authentication for single sign-on ease of use and to provide the most secure authentication method.  By default, the auditing of the SQL Server system is disabled so that no conditions are audited. This makes intrusion detection difficult and aids attackers with covering their tracks. At a minimum, you should enable auditing of failed logins.  Report Server administrators can enable RDL Sandboxing to restrict access to the Report Server. More information: Enabling and Disabling RDL Sandboxing  Each SQL login is configured to use the master database as the default database. Although users should not have rights to the master database, as a best practice, you should change the default for every SQL login (except those with the SYSADMIN role) to use OrganizationName_MSCRM as the default database. More information: Securing SQL Server

Securing Exchange Server and Outlook The following considerations are for Microsoft Exchange Server, and some are specific to Exchange Server in a Microsoft Dynamics CRM environment:

78  Exchange Server contains a rich series of mechanisms for precise administrative control of its infrastructure. In particular, you can use administrative groups to collect Exchange Server objects, such as servers, connectors, or policies, and then modify the ACLs on those administrative groups to make sure that only certain users can access them. You may, for example, want to give Microsoft Dynamics CRM administrators some control over servers that directly affect their applications. When you implement efficient use of administrative groups, you can make sure that you give Microsoft Dynamics CRM administrators only the rights that they require to perform their jobs.  Frequently, you may find it convenient to create a separate organizational unit (OU) for Microsoft Dynamics CRM users, and give Microsoft Dynamics CRM administrators limited administrative rights over that OU. They can make the change for any user in that OU, but not for any user outside it.  You should make sure that you adequately protect against unauthorized e-mail relay. E-mail relay is a feature that lets an SMTP client use an SMTP server to forward e-mail messages to a remote domain. By default, Microsoft Exchange Server 2003, Microsoft Exchange Server 2007, and Microsoft Exchange Server 2010 are configured to prevent e-mail relay. The settings that you configure will depend on your message flow and configuration of your Internet service provider's (ISP) e-mail server. However, the best way to approach this problem is to lock down your e-mail relay settings and then gradually open them to allow e-mail to flow successfully. For more information, see the Exchange Server Help.  If you use forward mailbox monitoring, the Email Router requires an Exchange Server or POP3- compliant mailbox. We recommend that the permission on this mailbox be set to prevent other users from adding server-side rules. For more information about Exchange Server mailboxes, see Mailbox Permissions.  The Microsoft Dynamics CRM Email Router service operates under the Local System Account. This enables the Email Router to access a specified user's mailbox and process e-mail in that mailbox. For more information about how to make Exchange Server more secure, see the following:

 Microsoft Exchange Server 2013 or Microsoft Exchange Server 2010, see the Deployment Security Checklist.  Microsoft Exchange Server 2007, see Security and Protection.

Securing mobile devices As organizations move to support an increasingly mobile workforce, strong security remains essential. The following resources provide information and best practices for mobile devices, such as smartphones and tablets:

 How to Manage Mobile Devices by Using Configuration Manager and Windows Intune  Windows Phone for business  Security Considerations (Microsoft Surface)  iOS in Business (iPad and iPhone)

See Also Planning email integration

79 Security considerations for Microsoft Dynamics CRM 2013

am. Security considerations for Microsoft Dynamics CRM 2013

Microsoft Dynamics CRM 2013 introduces several improvements that help make your deployment more secure. This section provides information and best practices for the Microsoft Dynamics CRM application. For more information, see Overview of security for Microsoft Dynamics CRM.

In This Topic Minimum permissions required for Microsoft Dynamics CRM Setup and services

What kind of service account should I choose?

Microsoft Dynamics CRM installation files

Minimum permissions required for Microsoft Dynamics CRM Setup and services Microsoft Dynamics CRM is designed so that its features can run under separate identities. By specifying a domain user account that is granted only the permissions necessary to enable a particular feature to function, you help secure the system and reduce the likelihood of exploitation.

This topic describes the minimum permissions that are required by the user account for Microsoft Dynamics CRM services and features.

Microsoft Dynamics CRM Server Setup The user account used to run Microsoft Dynamics CRM Server Setup that includes the creation of databases requires the following minimum permissions:

 Be a member of the Active Directory Domain Users group. By default, Active Directory Users and Computers adds new users to the Domain Users group.  Be a member of the Administrators group on the local computer where Setup is running.  Have Local Program Files folder read and write permission.  Be a member of the Administrators group on the local computer where the instance of SQL Server is located that will be used to store the Microsoft Dynamics CRM databases. 80  Have sysadmin membership on the instance of SQL Server that will be used to store the Microsoft Dynamics CRM databases.  Have organization and security group creation permission in Active Directory. Alternatively, you can use a Setup XML configuration file to install Microsoft Dynamics CRM Server 2013 when security groups have already been created. For more information, see Use the Command Prompt to Install Microsoft Dynamics CRM in the Installing Guide.  If Microsoft SQL Server Reporting Services is installed on a different server, you must add the Content Manager role at the root level for the installing user account. You must also add the System Administrator Role at the site-wide level for the installing user account.

Services and CRMAppPool IIS application pool identity permissions The user account that is used for the Microsoft Dynamics CRM services and IIS application pools require the following permissions:

Important

 Microsoft Dynamics CRM services and application pool (CRMAppPool) identity accounts must not be configured as a Microsoft Dynamics CRM user. Doing so can cause authentication issues and unexpected behavior in the application for all Microsoft Dynamics CRM users. For more information, see Problems in CRM when the CRMAppPool user account is a CRM user.  Managed service accounts, introduced in Windows Server 2008 R2, aren’t supported for running Microsoft Dynamics CRM services.

Microsoft Dynamics CRM Sandbox Processing Service  Domain Users membership.  That account must be granted the Logon as service permission in the Local Security Policy.  Folder read and write permission on the Trace, by default located under \Program Files\Microsoft Dynamics CRM\Trace, and user account %AppData% folders on the local computer.  Read permission to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM subkey in the Windows registry.  The service account may need an SPN for the URL used to access the website that is associated with it. To set the SPN for the Sandbox Processing Service account, run the following command at a command prompt on the computer where the service is running. SETSPN –a MSCRMSandboxService/

Microsoft Dynamics CRM Asynchronous Processing Service and Microsoft Dynamics CRM Asynchronous Processing Service (maintenance) services  Domain Users membership.  PrivUserGroup and SQLAccessGroup membership. By default, these groups are created and appropriate membership is granted during Microsoft Dynamics CRM Server Setup.  Performance Log Users membership. 81  That account must be granted the Logon as service permission in the Local Security Policy.  Folder read and write permission on the Trace folder, by default located under \Program Files\Microsoft Dynamics CRM\, and user account %AppData% folder on the local computer.  Read and write permission to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM and HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSCRMSandboxService subkeys in the Windows registry.  The service account may need an SPN for the URL used to access the website that is associated with it. To set the SPN for the Asynchronous Service account, run the following command at a command prompt on the computer where the service is running. SETSPN –a MSCRMAsyncService/

Microsoft Dynamics CRM Monitoring Service  Domain Users membership.  That account must be granted the Logon as service permission in the Local Security Policy.  Read permission to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM  SQLAccessGroup membership. By default, this group is created and appropriate membership is granted during Microsoft Dynamics CRM Server Setup.  The service account may need an SPN for the URL used to access the website that is associated with it.

Microsoft Dynamics CRM VSS Writer service  Domain Users membership.  That account must be granted the Logon as service permission in the Local Security Policy.  Read permission to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM  PrivUserGroup and SQLAccessGroup membership. By default, these groups are created and appropriate membership is granted during Microsoft Dynamics CRM Server Setup.

Deployment Web Service (CRMDeploymentServiceAppPool Application Pool identity)  Domain Users membership.  That account must be granted the Logon as service permission in the Local Security Policy.  Local administrator group membership is required to perform organization database operations (such as create new or import organization) only if the following conditions are true:  The Microsoft SQL Server specified for the organization database is on the same computer as the Deployment Web Service server role.  The Web Application Server server role is running on the same computer as the Deployment Web Service server role.  Local administrator group membership on the computer where the Deployment Web Service is running.  Local administrator group membership on the computer where SQL Server is running.  Sysadmin permission on the instance of SQL Server to be used for the configuration and organization

82 databases.  Folder read and write permission on the Trace and CRMWeb folders, by default located under \Program Files\Microsoft Dynamics CRM\, and user account %AppData% folder on the local computer.  Read and write permission to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM and HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSCRMSandboxService subkeys in the Windows registry.  PrivUserGroup and SQLAccessGroup membership. By default, these groups are created and appropriate membership is granted during Microsoft Dynamics CRM Server Setup.  CRM_WPG group membership. This group is used for IIS worker processes. The group is created and the membership is added during Microsoft Dynamics CRM Server Setup.  The service account may need an SPN for the URL used to access the website that is associated with it.

Application Service (CRMAppPool IIS Application Pool identity)  Member of the Active Directory Domain Users group.  Member of the Active Directory Performance Log Users group.  Folder read and write permission on the Trace and CRMWeb folders, by default located under \Program Files\Microsoft Dynamics CRM\, and user account %AppData% folder on the local computer.  Read and write permission to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM and HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSCRMSandboxService subkeys in the Windows registry.  CRM_WPG group membership. This group is used for IIS worker processes. The group is created and the membership is added during Microsoft Dynamics CRM Server Setup.  The service account may need an SPN for the URL used to access the website that is associated with it.

IIS Application Pool identities running under Kernel-Mode authentication and SPNs By default, IIS 7.0 and IIS 7.5 websites are configured to use Kernel-Mode authentication. When you run the Microsoft Dynamics CRM website by using Kernel-Mode authentication, you might not need to configure additional service principal names (SPNs) for the CRMAppPool identities.

To determine whether your IIS deployment requires SPNs, see Service Principal Name (SPN) checklist for Kerberos authentication with IIS 7.0/7.5.

What kind of service account should I choose? When you specify an identity to run a Microsoft Dynamics CRM service, you can choose either a domain user account or the Network Service account.

83 If the service interacts with network services, accesses domain resources like file shares or if it uses linked server connections to other computers, you can use a minimally-privileged domain account. Many server-to-server activities can be performed only with a domain user account and can provide the most secure option. This account should be pre-created by domain administration in your environment.

Note When you configure a service to use a domain account, you can isolate the privileges for the application, but must manually manage passwords or create a custom solution for managing these passwords. Many server applications use this strategy to enhance security, but this strategy requires additional administration and complexity. In these deployments, service administrators spend a considerable amount of time on maintenance tasks such as managing service passwords and service principal names (SPNs), which are required for Kerberos authentication. In addition, these maintenance tasks can disrupt service.

The Network Service account is a built-in account that has more access to resources and objects than members of the Domain Users group. Services that run as the Network Service account access network resources by using the credentials of the computer account in the format \$. The actual name of the account is NT AUTHORITY\NETWORK SERVICE.

Microsoft Dynamics CRM installation files If you plan to install Microsoft Dynamics CRM from a location on the network, such as a network share, you must make sure that the correct permissions are applied to the folder, preferably on an NTFS volume, where the installation files are located. For example, you may want to allow only members of the Domain Admins group permissions for the folder. This practice can help to reduce the risk of attacks on the installation files that may compromise or alter them. For more information about how to set permissions on files and folders on the Windows operating system, see Windows Help.

See Also Microsoft Dynamics CRM 2013 server roles

Operating system and platform technology security considerations for Microsoft Dynamics CRM 2013

Security best practices for Microsoft Dynamics CRM

84 Administration best practices for on-premises deployments of Microsoft Dynamics CRM

Network ports for Microsoft Dynamics CRM

Known risks and vulnerabilities

Microsoft Dynamics CRM standards compliance and certification

an. Security best practices for Microsoft Dynamics CRM

Internet Information Services (IIS) is a mature web service that is included with Windows Server. Microsoft Dynamics CRM depends on an efficient and secure IIS web service. Consider the following:

 In the machine.config and web.config configuration files you can determine whether debugging is enabled, and also if detailed error messages are sent to the client. You should make sure that debugging is disabled on all production servers, and that a generic error message is sent to the client if a problem occurs. This avoids unnecessary information about the web server configuration being sent to the client.  For file system level security, we recommend that you install the IIS web root on an NTFS partition that doesn’t contain the operating system files. For example, C:\Inetpub is on a typical system partition that contains operating system files, whereas D:\Inetpub is not.  Make sure that the latest operating system and IIS service packs and updates are applied. For the latest information, see the Microsoft Security website.  Microsoft Dynamics CRM Server Setup creates application pools called CRMAppPool and CRMDeploymentServiceAppPool that operate under user credentials that you specify during Setup. To facilitate a least-privileged model, we recommend that you specify separate domain user accounts for these application pools instead of using the Network Service account. Additionally, we recommend that no other ASP.NET-connected application be installed under these application pools. For information about the minimum permissions required for these components, see “Minimum permissions required for Microsoft Dynamics CRM Setup, services, and components” in Security considerations for Microsoft Dynamics CRM 2013 in this guide. Important

 All websites that are running on the same computer as the Microsoft Dynamics CRM website can also have access to the CRM database.  If you use a domain user account, before you run Microsoft Dynamics CRM Server Setup, you may need to verify that the service principal name (SPN) is set correctly for that account, and if necessary, set the correct SPN. For more information about SPNs and how to set them, see How to use SPNs when you configure Web applications that are hosted on IIS.

85 Service principal name management in Microsoft Dynamics CRM 2013 The service principal name (SPN) attribute is a multivalued, nonlinked attribute that is built from the DNS host name. The SPN is used during mutual authentication between the client and the server hosting a particular service. The client finds a computer account based on the SPN of the service to which it is trying to connect.

The Microsoft Dynamics CRM Server 2013 installer deploys role-specific services and web application pools that operate under user credentials specified during Setup. To review the complete list of these roles and their permission requirements, see Minimum permissions required for Microsoft Dynamics CRM Setup and services.

When you deploy a hosted Microsoft Dynamics CRM infrastructure, two of these roles may require additional consideration:

 Deployment Web Service  Application Service In web farm scenarios, as is the case for a hosted offering, the recommendation is to leave kernel-mode authentication enabled. In addition, you should closely consider using separate domain user accounts to run these services because:

 Having separate service accounts for these server roles facilitates being able to implement hardware load balancing.  The Deployment Web Service server role requires elevated permissions to provision organizations in the CRM database. If you want to adhere to a least-privileged model, the safest approach for implementing SPNs in a hosted Microsoft Dynamics CRM infrastructure involves having the Deployment Web Service run under a different domain user account than the Application Service. If you follow this suggestion to use separate domain accounts for these server roles, you should check to make sure that the SPN is correct for each account before you start Microsoft Dynamics CRM Server Setup. This will make it easier for you to set the correct SPN when necessary.

If kernel-mode authentication is enabled, the SPNs will be defined for the machine account, regardless of the specified service account. When you implement a web farm, enable kernel- mode authentication and change the local ApplicationHost.config file.

If application and deployment web services are running on the same system, and kernel-mode authentication is disabled, you could configure both services to run under the same domaikuser account to prevent duplicate SPN issues. If you can’t enable kernel-mode authentication, install the Application and Deployment web services on separate systems. The SPNs may still need to be created manually since kernel-mode authentication is disabled.

86 For more information about SPNs and how to set them, see Service Principal Name (SPN) checklist for Kerberos authentication with IIS 7.0/7.5

See Also Security considerations for Microsoft Dynamics CRM 2013

Administration best practices for on-premises deployments of Microsoft Dynamics CRM

ao. Administration best practices for on- premises deployments of Microsoft Dynamics CRM

By following some simple rules of administration, you can significantly improve the security of your Microsoft Dynamics CRM on-premises deployment.

 Typically, there is no need for CRM users to have administrative privileges over the domain. Therefore, all CRM user accounts should be restricted to Domain Users membership. Also, following the principle of least-privilege, anyone who uses the CRM system should have minimal rights. This starts at the domain level. A domain user account should be created and used to run CRM. Domain Administrator accounts should never be used to run CRM.  Limit the number of Microsoft Dynamics CRM Deployment Administrator and System Administrator roles to a few people who are responsible for rule changes. Others who are SQL Server, Microsoft Exchange Server, or Active Directory administrators do not have to be members of the CRM users group.  Make sure that at least two or three trusted people have the Deployment Administrator role. This avoids system lockout if the primary Deployment Administrator is unavailable.  In some organizations it is a common practice to reuse passwords across systems and domains. For example, an administrator responsible for two domains may create Domain Administrator accounts in each domain that use the same password, and even set local administrator passwords on domain computers that are the same across the domain. In such a case, a compromise of a single account or computer could lead to a compromise of the entire domain. Passwords should never be reused in this manner.  It is also common practice to use Domain Administrator accounts as service accounts for common services such as back-up systems. However, it is a security risk to use Domain Administrator accounts as service accounts. The password can easily be retrieved by anyone who has administrative rights over the computer. In such a case, the compromise could affect the entire domain. Service accounts should never be Domain Administrator accounts, and they should be limited in privilege as much as possible.  A domain user account that is specified to run a Microsoft Dynamics CRM service must not also be configured as a CRM user. This can cause unexpected behavior in the application. 87 See Also Security best practices for Microsoft Dynamics CRM

Microsoft Dynamics CRM security model

ap. Network ports for Microsoft Dynamics CRM

This section describes the ports that are used for Microsoft Dynamics CRM. This information is helpful as you configure the network when users connect through a firewall.

In This Topic Network ports for the Microsoft Dynamics CRM web application

Network ports for the Asynchronous Service, Web Application Server, and Sandbox Processing Service server roles

Network ports for the Deployment Web Service server role

Network ports that are used by the SQL Server that runs the SQL Server and Microsoft Dynamics CRM Reporting Extensions server roles

Network ports for the Microsoft Dynamics CRM web application The following table lists the ports used for a server that is running a Full Server installation of Microsoft Dynamics CRM. Moreover, except for the Microsoft SQL Server role, and the Microsoft Dynamics CRM Reporting Extensions server role, all server roles are installed on the same computer.

Protocol Port Description Explanation

TCP 80 HTTP Default web application port. This port may be different as it can be changed during Microsoft Dynamics CRM Server

88 Setup. For new websites, the default port number is 5555.

TCP 135 MSRPC RPC endpoint resolution.

TCP 139 NETBIOS-SSN NETBIOS session service.

TCP 443 HTTPS Default secure HTTP port. The port number may differ from the default port. This secure network transport must be manually configured. Although this port is not required to run Microsoft Dynamics CRM, we strongly recommend it. For information about how to configure HTTPS for CRM, see “Make Microsoft Dynamics CRM client-to-server network communications more secure” in Post- Installation and Configuration Guidelines in the Installing Guide.

TCP 445 Microsoft-DS Active Directory service required for Active Directory access and authentication.

UDP 123 NTP Network Time Protocol.

UDP 137 NETBIOS-NS NETBIOS name service.

UDP 138 NETBIOS-dgm NETBIOS datagram service.

UDP 445 Microsoft-DS Active Directory service 89 required for Active Directory access and authentication.

UDP 1025 Blackjack DCOM, used as an RPC listener.

Important Depending on your domain trust configuration, additional network ports may need to be available for Microsoft Dynamics CRM to work correctly. More information: How to configure a firewall for domains and trusts

Network ports for the Asynchronous Service, Web Application Server, and Sandbox Processing Service server roles The following table lists the additional ports that are used for a deployment where the Sandbox Processing Service is running on a separate computer.

Protocol Port Description Explanation

TCP 808 CRM server role The Asynchronous Service and Web Application Server communication services communicate to the Sandbox Processing Service through this channel. The default port is 808, but can be changed in the Windows registry by adding the DWORD registry value TcpPort in the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM\ .

Network ports for the Deployment Web Service server role The following table lists the additional port that is used by the Deployment Web Service server role.

Protocol Port Description Explanation 90 TCP 808 Used for Fetch-based Client computers that are reports running Fetch-based reports communicate over this port when communicating with the computer that is running the Deployment Web Service server role.

Network ports that are used by the SQL Server that runs the SQL Server and Microsoft Dynamics CRM Reporting Extensions server roles The following table lists the ports that are used for a computer that is running SQL Server and has only SQL Server and the Microsoft Dynamics CRM Reporting Extensions (SRS Data Connector) server roles installed.

Protocol Port Description Explanation

TCP 135 MSRPC RPC endpoint resolution.

TCP 139 NETBIOS-SSN NETBIOS session service.

TCP 445 Microsoft-DS Active Directory service required for Active Directory access and authentication.

TCP 1433 ms-sql-s SQL Server sockets service. This port is required for access to SQL Server. This number may be different if you have configured your default instance of SQL Server to use a different port number or you are 91 using a named instance.

UDP 123 NTP Network Time Protocol.

UDP 137 NETBIOS-NS NETBIOS name service.

UDP 138 NETBIOS-dgm NETBIOS datagram service.

UDP 445 Microsoft-DS Active Directory service required for Active Directory access and authentication.

UDP 1025 Blackjack DCOM, used as an RPC listener.

Important In addition to the ports listed previously, UDP port 1434 (SQL Server Browser Service) on the SQL Server is required by Microsoft Dynamics CRM Server Setup to return a list of the computers that are running SQL Server during the installation of Microsoft Dynamics CRM Server. To work around this, specify the SQLSERVER\INSTANCENAME during Setup.

See Also Microsoft Dynamics CRM security model

Known risks and vulnerabilities

aq. Known risks and vulnerabilities

This topic describes the risks and vulnerabilities that may exist when you use Microsoft Dynamics CRM. Mitigations and workarounds are also described when applicable.

In This Topic Risks when users connect to CRM over an unsecured network

Security recommendations on server role deployments

92 Anonymous authentication

Isolate the HelpServer role for Internet-facing deployments

Claims-based authentication issues and limitations

Secure the web.config file

Outbound Internet calls from custom code executed by the Sandbox Processing Service are enabled

Secure server-to-server communication

DNS rebinding attacks

Risks when users connect to CRM over an unsecured network Issues that can occur when you run Microsoft Dynamics CRM without using Secure Sockets Layer (SSL) (HTTPS) are as follows:

 Microsoft Dynamics CRM user provided data, including Visual chart definitions, can be altered over an unsecured HTTP connection by using "man in the middle" type attacks. To mitigate this vulnerability, configure Microsoft Dynamics CRM to only use SSL. For more information about how to configure Microsoft Dynamics CRM Server 2013 to use SSL, see Make Microsoft Dynamics CRM client-to-server network communications more secure.

Security recommendations on server role deployments The following recommendations can help make your Microsoft Dynamics CRM deployment more reliable and secure.

Server role Recommendation

Sandbox Processing Service Install this role to a dedicated server on a separate virtual LAN (VLAN) from other computers that are running Microsoft Dynamics CRM roles. Then, if there is a malicious plug-in running in the sandbox that exploits the computer, the network isolation from a separate VLAN can help protect other CRM resources from being compromised.

93 Help Server Install this role on a separate computer for both IFD and internally-facing deployments. For more information, see Isolate the HelpServer role for Internet-facing deployments later in this topic.

Anonymous authentication Microsoft Dynamics CRM Internet-facing deployment (IFD) requires anonymous authentication enabled on IIS for claims-based authentication. Notice that the claims-based authentication token doesn’t contain raw credentials or the connection string to Microsoft Dynamics CRM Server. However, the web.config file does contain configuration information about the authentication mode. For more information, see Secure the web.config file later in this topic. To secure the Microsoft Dynamics CRM website, use SSL.

Isolate the HelpServer role for Internet-facing deployments Microsoft Dynamics CRM Internet-facing deployment (IFD) require anonymous authentication. Because anonymous website authentication is used, the virtual directory used by the Microsoft Dynamics CRM Help site can be targeted for denial of service (DoS) attacks.

To isolate the Microsoft Dynamics CRM Help pages, and help protect the other Microsoft Dynamics CRM 2013 roles from potential DoS attacks, consider installing the Help Server role on a separate computer.

For more information about the options for installing Microsoft Dynamics CRM roles on separate computers, see Microsoft Dynamics CRM 2013 server roles.

For more information about reducing the risk of DoS attacks, see Improving Web Application Security: Threats and Counter-measures.

Claims-based authentication issues and limitations This topic describes issues and limitations when you use claims-based authentication with Microsoft Dynamics CRM.

94 Verify that the identity provider uses a strong password policy When you use claims-based authentication, we recommend that you verify that the identity provider that is trusted by the security token service (STS) and, in turn, Microsoft Dynamics CRM, enforces strong password policies. Microsoft Dynamics CRM itself doesn’t enforce strong passwords. By default, when it is used as an identity provider, Active Directory enforces a strong password policy.

AD FS federation server sessions are valid up to 8 hours even for deactivated or deleted users By default, Active Directory Federation Services (AD FS) server tokens allocate a web single sign- on (SSO) cookie expiration of eight (8) hours. Therefore, even when a user is deactivated or deleted from an authentication provider, such as AD FS 2.0, as long as the user session is still active the user can continue to be authenticated to secure resources.

To work around this issue, choose from the following options.

 Disable the user in Microsoft Dynamics CRM and in Active Directory. For information about how to disable a user in Microsoft Dynamics CRM, see Enable or disable a user record. For information about how to disable a user in Active Directory, see the Active Directory Users and Computers Help.  Reduce the web SSO lifetime. To do this, see the Active Directory Federation Services (AD FS) Management Help.

Secure the The web.config file that is created by Microsoft Dynamics CRM does not contain connection strings or encryption keys. However, the file does contain configuration information about the authentication mode and strategy, ASP.NET view state information, and debug error message display. If this file is modified with malicious intent it can threaten the server where Microsoft Dynamics CRM is running. To help secure the web.config file, we recommend the following:

 Grant permissions to the folder where the web.config file is located to include only those user accounts that require it, such as administrators. By default, the web.config file is located in the Program Files\Microsoft Dynamics CRM\CRMWeb folder.  Limit the number of users who have interactive access to CRM servers, such as console logon permission.  Disable directory browsing on the CRM website. By default, this is disabled. For more information about how to disable directory browsing, see Internet Information Services (IIS) Manager Help.

95 Outbound Internet calls from custom code executed by the Sandbox Processing Service are enabled By default, outbound calls from custom code executed by the Microsoft Dynamics CRM Sandbox Processing Service that access services on the Internet are enabled. For high-security deployments of Microsoft Dynamics CRM, this could pose a security risk. If you do not want to allow outbound calls from custom code, such as CRM plug-ins or custom workflow activities, you can disable outbound connections from custom code executed by the Sandbox Processing Service by following the procedure here.

Instead of blocking all outbound calls, you can enforce web access restrictions on sandboxed plug-ins. More information: Plug-in Isolation, Trusts, and Statistics

Notice that disabling outbound connections for custom code includes disabling calls to cloud platforms such as Windows Azure and Windows Azure SQL Database.

Disable outbound connections for custom code on the computer that is running the sandbox processing service

1. On the Windows Server computer where the Microsoft Dynamics CRM Sandbox Processing Service server role is installed, start Registry Editor and locate the following subkey: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\MSCRM 2. Right-click MSCRM, point to New, click DWORD Value, type SandboxWorkerDisableOutboundCalls, and then press ENTER. 3. Right-click SandboxWorkerDisableOutboundCalls, click Modify, type 1, and then press ENTER. 4. Close Registry Editor. 5. Restart the Sandbox Processing Service. To do this, click Start, type services.msc, and then press ENTER. 6. Right-click Microsoft Dynamics CRM Sandbox Processing Service, and then click Restart. 7. Close the Microsoft Management Console (MMC) Services snap-in.

Secure server-to-server communication By default, Microsoft Dynamics CRM server-to-server communication, such as communication between the Web Application Server role and the server that is running Microsoft SQL Server, isn’t executed over a security channel. Therefore, information that is transmitted between servers may be susceptible to certain attacks, such as man-in-the-middle attacks.

96 We recommend that you implement Internet Protocol security (IPsec) to help protect information that is transmitted between servers in your organization. IPsec is a framework of open standards for protecting communications over Internet Protocol (IP) networks through the use of cryptographic security services. More information: IPsec

DNS rebinding attacks Like many web-based applications, Microsoft Dynamics CRM may be vulnerable to DNS rebinding attacks. This exploit involves misleading a web browser into retrieving pages from two different servers thereby trusting that the servers are from the same domain and subsequently breaking the Same Origin Policy. Using this technique, an attacker can tamper with CRM data by using the victim’s identity through cross-site scripting attacks on CRM pages.

For more information about how to help protect against such attacks, see Protecting Browsers from DNS Rebinding Attacks.

See Also Network ports for Microsoft Dynamics CRM

Microsoft Dynamics CRM 2013 supported configurations

ar. Microsoft Dynamics CRM standards compliance and certification

The topics in this section contain information about Microsoft Dynamics CRM Server 2011 compliance with security standards and certification.

Security standards compliance Compliance can affect many organizations, large and small, either through regulatory requirements or organizational policies.

FIPS 140-2 compliance Microsoft Dynamics CRM can be configured to be compliant with the Federal Information Processing Standard (FIPS) 140-2, which is a publication titled "Security Requirements for Cryptographic Modules." It specifies which encryption algorithms and hashing algorithms can be used, and how encryption keys are to be generated and managed. For more information about 97 how to configure Microsoft Dynamics CRM Server 2011 for FIPS 140-2 compliance, see FIPS 140-2 Compliancy with Microsoft Dynamics CRM 2011.

Certification Microsoft Dynamics CRM Server 2011 is certified for Windows Server 2008 R2. For a list of issues that were identified during logo certification, see MicrosoftDynamicsCRM2011WindowsLogo.doc on the Microsoft Dynamics CRM 2011 Implementation Guide download page.

See Also Security considerations for Microsoft Dynamics CRM 2013

Microsoft Dynamics CRM 2013 supported configurations

as. Microsoft Dynamics CRM 2013 supported configurations

This section describes the supported network, domain, and server configurations for Microsoft Dynamics CRM, which supports multiple domains in either a native- or interim-mode environment.

Active Directory requirements The Active Directory requirements are as follows:

 The computers that run Microsoft Dynamics CRM Server 2013 roles and the computer that runs SQL Server, where the Microsoft Dynamics CRM databases are located, must be in the same Active Directory domain.  The Active Directory domain where a Microsoft Dynamics CRM Server 2013 role is located must run in Windows Server 2003 interim, Windows Server 2003 native, or any Windows Server 2008 or Windows Server 2012 domain modes.  The Active Directory forest where a Microsoft Dynamics CRM Server 2013 role is located can run in Windows Server 2003 interim, Windows Server 2003, Windows Server 2008, or Windows Server 2012 forest functional levels.  The user account that is used to run a Microsoft Dynamics CRM service must be in the same domain as the computer that is running the Microsoft Dynamics CRM Server 2013 role.  The Microsoft Dynamics CRM security groups (PrivUserGroup, SQLAccessGroup, ReportingGroup, and PrivReportingGroup) must be in the same domain as the computer that is running Microsoft Dynamics CRM. These security groups can be located in the same organizational unit (OU) or in

98 different OUs. To use security groups that are located in different OUs, you must install Microsoft Dynamics CRM Server 2013 by using an XML configuration file and specify the correct distinguished name for each pre-existing security group within the element. More information: Sample

Important

server XML configuration file for installing with pre-created groups Direct user account membership to the Microsoft Dynamics CRM privusergroup security group is required and group membership nesting under privusergroup currently is not supported. For example, if you add a security group named mycrmprivgroupusers to privusergroup, members of mycrmprivgroupusers will not resolve as privusergroup members. This includes the CRMAppPool or the SQL Server Reporting Services service identities, which if granted membership to privusergroup through another security group, can cause system-wide failures in the Microsoft Dynamics CRM web application and reporting features.

 For users who access Microsoft Dynamics CRM from another domain and are not using claims-based authentication, a one-way trust must exist in which the domain where the Microsoft Dynamics CRM Server 2013 is located trusts the domain where the users are located.  For users who access Microsoft Dynamics CRM from another forest and are not using claims-based authentication, a two-way trust must exist between the forests. Important

 When you add multiple users who are located in a domain that is a different one than the domain where the Microsoft Dynamics CRM Server is located, you must have one of the following conditions:  A one-way trust in which the domain where the users are located trusts the domain where the Microsoft Dynamics CRM Server is located.  A two-way trust between the user’s domain and the domain where the Microsoft Dynamics CRM Server is located.  The user information will not appear on the User form when you add users to Microsoft Dynamics CRM who are located in a remote domain that does not have a trust to the domain where Microsoft Dynamics CRM Server is located. More information: The user information is not automatically populated in the required fields when you add a user to Microsoft Dynamics CRM

Single-server deployment For small user bases, a Microsoft Dynamics CRM Server (any edition) can be deployed in a single-server configuration, with Microsoft Dynamics CRM Server 2013, SQL Server, Microsoft SQL Server Reporting Services, and optionally Microsoft Exchange Server installed and running on the same computer.

99 Single-server deployments are not recommended for best experience in application performance and disaster recovery.

There is one limitation to single-server deployments: the server where Microsoft Dynamics CRM Server 2013 is installed cannot also function as a domain controller, unless it is running Windows Small Business Server. If the computer is a member server (not functioning as a domain controller), you can deploy a single-server Microsoft Dynamics CRM solution on any other supported version of Windows Server.

Important Except for Windows Small Business Server, Microsoft Dynamics CRM is not supported when you install it on an Active Directory domain controller.

See Also Security considerations for Microsoft Dynamics CRM 2013

Microsoft Dynamics CRM multiple-server deployment

at. Microsoft Dynamics CRM multiple- server deployment

Microsoft Dynamics CRM Server 2013 deployments can include multiple servers, which provide additional performance and scaling benefits. However, with Microsoft Dynamics CRM Workgroup Server 2013, server roles cannot be installed on separate computers. Therefore, all server roles are installed on every computer where you install Microsoft Dynamics CRM Server 2013.

Install server roles by running Microsoft Dynamics CRM Server Setup During Microsoft Dynamics CRM Server Setup, you can select to install a server role:

 Individually.  As one of the three predefined groups of server roles.  As a full server installation that includes all roles.

100 Server roles let you increase flexibility and scalability of the Microsoft Dynamics CRM deployment. Note that all server roles must be running and available on the network to provide a fully functioning Microsoft Dynamics CRM system.

Install server roles by running Microsoft Dynamics CRM Server 2013 at the command prompt You can install Microsoft Dynamics CRM Server roles and Microsoft Dynamics CRM Reporting Extensions from their respective installation disks or file download location unattended by using the command prompt. The required setup information is provided to the Setup program both as command-line parameters and as an XML configuration file that the Setup program references. More information: Use the Command Prompt to Install Microsoft Dynamics CRM.

Microsoft Dynamics CRM Server 2013 placement For improved application performance, the computer or computers that run the Microsoft Dynamics CRM Server 2013 roles and the computer that is running SQL Server should be on the same LAN. This is because of the large amount of network traffic passing between the computers. This is also recommended with Active Directory where the computer or computers on which Microsoft Dynamics CRM Server 2013 and the Active Directory domain controller are running should be on the same LAN to guarantee efficient Active Directory access to Microsoft Dynamics CRM.

SQL Server and Active Directory domain controller placement For each organization, Microsoft Dynamics CRM stores all customer relationship management data in a SQL Server database. Make sure that the computer on which SQL Server is running that maintains the Microsoft Dynamics CRM databases is located near the Microsoft Dynamics CRM Server 2013. This means there should be a high-speed, permanent network connection between the Microsoft Dynamics CRM Server 2013 and the computer that is running SQL Server. A network communications failure between these computers can result in data loss and service becoming unavailable.

The same is true for Active Directory because Microsoft Dynamics CRM depends on it for security information. If communication with Active Directory is lost, Microsoft Dynamics CRM will not function correctly. If communication with Active Directory is inefficient, Microsoft Dynamics CRM performance will be affected. Therefore, it is important to put an Active

101 Directory domain controller on the same high-speed, permanent network connection as the Microsoft Dynamics CRM and SQL Server computers.

See Also Microsoft Dynamics CRM 2013 supported configurations

Microsoft Dynamics CRM 2013 server roles

au. Microsoft Dynamics CRM 2013 server roles

In Microsoft Dynamics CRM Server 2013, you can install specific server functionality, components, and services on different computers. These components and services correspond to specific server roles. For example, customers who have larger user bases can install the Front End Server role on two or more servers that run Internet Information Services (IIS) to increase throughput performance for users. Or, a Full Server role can be installed on one computer and Microsoft Dynamics CRM Reporting Extensions on another. If a server role is missing, Deployment Manager displays a message in the Messages area.

Use one of the following options to install server roles:

 Run the Microsoft Dynamics CRM Server Setup Wizard to select one or more server role groups or one or more individual server roles. If Microsoft Dynamics CRM Server 2013 is already installed, you can use Programs and Features in Control Panel to add or remove server roles.  Configure an XML Setup configuration file and then run Setup at the command prompt to specify a server role group or one or more individual server roles. You cannot explicitly select the SQL Server "role" for installation during Microsoft Dynamics CRM Server Setup. This is a logical role that SQL Server sets when you specify a particular instance of SQL Server, either local or on another computer (recommended) for use in the Microsoft Dynamics CRM deployment. For more information, see Microsoft Dynamics CRM 2013 Server XML configuration file. Note At any time after the initial installation of server roles, you can add or remove server roles in Control Panel. For more information, see Uninstall, change, or repair instructions.

Important If you have a Microsoft Dynamics CRM deployment that includes one or more Front End Server and Back End Server roles, the Language Pack must be installed on the computer that has the Front End Server role. If you have deployed individual server roles, the 102 Language Packs must be installed on the computers that are running the Web Application Server and the Help Server roles.

In This Topic Available group server roles

Available individual server roles

Scope definition

Installation method definition

Microsoft Dynamics CRM Server role requirements

Available group server roles Although these server role groups are recommended for most deployments, any individual server role may be installed during Setup.

All server roles must be running in your organization’s network to provide a fully functioning system.

Server Role Group Description Scope Installation Method

Full Server Contains all roles from Deployment Full Front End Server, Back End Server, and Deployment Administration Server. By default, Microsoft Dynamics CRM Server Setup deploys the system as Full Server. In a Full Server deployment, server roles are not listed separately in Control Panel. To view the installed roles or make changes, right-click Microsoft Dynamics CRM 103 Server 2013, click Uninstall/Change, and then click Configure.

Front End Server Enables the server roles Deployment Group or Full for running client applications and applications developed with the Microsoft Dynamics CRM SDK.

Back End Server Includes the server roles Deployment Group or Full that handle processing asynchronous events, such as workflows and custom plug-ins, database maintenance, and email routing. These roles are usually not exposed to the Internet.

For a list of server roles that are included in this group, see the following table.

Deployment Enables the server roles Deployment Group or Full Administration Server for components that are used to manage the Microsoft Dynamics CRM deployment either by using the methods described in the Microsoft Dynamics CRM SDK or the deployment tools. Also includes the interface for database disaster recovery support.

104 For a list of server roles that are included in this group, see the following table.

Available individual server roles

Server Role Description Server Group Scope Installation Method

Discovery Finds the Front End Deploymen Individual, Group, or Full Web Service organization that a Server t user belongs to in a multi-tenant deployment.

Organization Supports running Front End Deploymen Individual, Group, or Full Web Service applications that Server t use the methods described in the Microsoft Dynamics CRM SD K.

Web Runs the Web Front End Deploymen Individual, Group, or Full Application Application Server Server t Server that is used to connect users to Microsoft Dynamics CRM data. The Web Application Server role requires the Organization Web Service role.

Help Server Makes Microsoft Front End Deploymen Individual, Group, or Full Dynamics CRM Server t Help available to

105 users.

Asynchronou Processes queued Back End Deploymen Individual, Group, or Full s Service asynchronous Server t events, such as workflows, bulk e- mail, or data import.

Sandbox Enables an isolated Back End Deploymen Individual, Group, or Full Processing environment to Server t Service allow for the execution of custom code, such as plug-ins. This isolated environment reduces the possibility of custom code affecting the operation of the organizations.

Email Handles sending Back End Deploymen Individual, Group, or Full Integration and receiving of Server t Service email messages by connecting to an external email server.

Deployment Manages the Deployment Deploymen Individual, Group, or Full Web Service deployment by Administratio t using the methods n Server described in the Microsoft Dynamics CRM SD K.

Deployment Consists of the Deployment Deploymen Individual, Group, or Full

106 Tools Deployment Administratio t Manager and n Server Windows PowerShell cmdlets. Microsoft Dynamics CRM administrators can use the Windows PowerShell cmdlets to automate Deployment Manager tasks.

Deployment Manager is a Microsoft Management Console (MMC) snap-in that system administrators can use to manage organizations, servers, and licenses for deployments of Microsoft Dynamics CRM.

Microsoft The Microsoft Deployment Deploymen Individual, Group, or Full Dynamics Dynamics CRM VSS Administratio t CRM VSS Writer service n Server Writer provides an interface to backup and restore Dynamics CRM data by using the Windows 107 Server Volume Shadow Copy Service (VSS) infrastructure.

Microsoft Provides reporting N/A Deploymen Individual by using Dynamics functionality by t srsDataConnectorSetup.ex CRM interfacing with e. Reporting the Microsoft Extensions Dynamics CRM system and Microsoft SQL Server Reporting Services.

SQL Server Installs the N/A Deploymen Individual during Microsoft MSCRM_CONFIG t Dynamics CRM Server database on the Setup or from Deployment SQL Server. Manager Edit Organization Wizard.

Scope definition  Deployment. Each instance of the server role services the entire deployment.  Organization. Each instance of the server role services an organization. Therefore, you can use a different server role instance for a given organization.

Installation method definition  Individual, Group, or Full. During Microsoft Dynamics CRM Server Setup, you can install a server role individually, install one of the three predefined groups of server roles, or perform a Full Server installation that includes all roles. Or, you can select multiple individual server roles.  srsDataConnectorSetup.exe. Install this role on the computer where Microsoft SQL Server Reporting Services is running by using Microsoft SQL Server Reporting Services Setup. For more information about Microsoft Dynamics CRM server roles and multiple server deployment, see Install Microsoft Dynamics CRM Server 2013 on multiple computers in the Microsoft Dynamics CRM Planning Guide.

108 Microsoft Dynamics CRM Server role requirements The following table describes the components necessary for each Microsoft Dynamics CRM Server role. An "X" indicates the component is required for the Microsoft Dynamics CRM Server role to install and function. Notice that, in most cases if a component is not already installed, Microsoft Dynamics CRM Server Setup will install it.

Microsoft Dynamics CRM Server Role Prerequisites

Component Back End Server Front End Server Deployment Administration Server

Microsoft SQL Server X Reporting Services ReportViewer control

SQL Server Native Client X X X

Microsoft Application X X X Error Reporting Tool

Microsoft Visual C++ X X X Runtime Library

Windows Identity X X X Foundation (WIF) Framework

Windows Server 2008 X X Web Server Role

Indexing Service X

Microsoft .NET X X X Framework 4

Microsoft Chart X Controls for Microsoft .NET Framework

Windows Azure X X X platform AppFabric SDK

109 Windows PowerShell X

Microsoft URL Rewrite X Module for IIS

File Server Resource X Manager

The following table describes the group membership for the Active Directory that is used by Microsoft Dynamics CRM. An “X” indicates the group membership required for the service to function.

Group Membership Requirements

Service PrivUserGroup SQLAccessGroup PrivReportingGroup ReportingGroup

Deployment X X Web Service service account

Web X X Application Service*

Asynchronous X X Service service account

Sandbox Processing Service service account**

SQL Server X service account

Microsoft SQL X X Server Reporting Services

110 server account

Email Router X service account

Installing X User/Service account

Individual user X accounts in Microsoft Dynamics CRM

Unzip Service X service account

Microsoft X X Dynamics CRM VSS Writer service account

* The Web Application Service identity is applied to the CRMAppPool application pool. Subsequently, this identity is used by the Organization Service, Web Application, and Microsoft Dynamics CRM platform.

** The Sandbox Service does not need any Microsoft Dynamics CRM group membership.

Note Email Router runs as a local system.

Important

 The Installing user should be a separate service account, but it should not be used to run any services.  If any of the service accounts are created as users in Microsoft Dynamics CRM, you may encounter various problems, some of which are potential security issues.

111 See Also Microsoft Dynamics CRM multiple-server deployment

Support for Microsoft Dynamics CRM multiple-server topologies

av. Support for Microsoft Dynamics CRM multiple-server topologies

This section provides examples of various multiple-server topologies.

In This Topic Six-server topology

Multi-forest and multi-domain with Internet access Active Directory topology

Six-server topology The six-server topology is for small to midsize user bases, typically 25 or fewer users concurrently using Microsoft Dynamics CRM. The following example depicts a possible configuration running a supported version of Windows Server and the required and optional software technologies. It also includes a Full Server deployment of Microsoft Dynamics CRM Server that is configured for an Internet-facing deployment (IFD). For a complete list of the supported versions of these components, see Software requirements for Microsoft Dynamics CRM Server 2013.

A five server topology can consist of the following configuration:

 Server 1: Running on Microsoft Windows Server as a functioning domain controller.  Server 2: Running on Windows Server as a secondary domain controller.  Server 3: Running on Windows Server, running IIS with a Full Server installation of Microsoft Dynamics CRM, where all Microsoft Dynamics CRM server roles are installed on the same computer.  Server 4: Running on Windows Server with an instance of Microsoft SQL Server and running Microsoft Dynamics CRM Reporting Extensions.  Server 5: Running on Windows Server with Microsoft Exchange Server for email message routing.  Server 6: Running on Windows Server with Active Directory Federation Services (AD FS) (required for Microsoft Dynamics CRM IFD).  CRMClient, tablet and phone devices. These computers and devices are running applications that are available, such as CRM for Outlook, Microsoft Dynamics CRM for tablets, and Microsoft Dynamics CRM for phones. 112 Basic Microsoft Dynamics CRM 2013 six-server topology

Multi-forest and multi-domain with Internet access Active Directory topology For very large user bases that span multiple domains and, in some cases, forests, the following configuration is supported. The following example depicts a possible configuration running a particular version of Windows Server and required software such as SQL Server and Microsoft SharePoint.

The text and diagram show a possible deployment that lets users access Microsoft Dynamics CRM 2013 through the Internet by implementing Active Directory Federation Services (AD FS) supported by Front End Server roles that are isolated from user and resource domains on a perimeter network (also known as DMZ, demilitarized zone, and screened subnet) model.

113 For a complete list of the supported versions of these software technologies, see Software requirements for Microsoft Dynamics CRM Server 2013.

Forest X: Domain A: Perimeter subnet

 Network Load Balanced (NLB) virtual server consisting of the following two nodes.  Front End Server: Running Windows Server and Microsoft Dynamics CRM Server with the Front End Server role.  Front End Server: Another Windows Server running Microsoft Dynamics CRM Server with the Front End Server role.  Active Directory Federation Services (AD FS) Server: Running on Windows Server as the Internet- facing claims-based authentication security token service. Forest X: Domain A: Intranet

 NLB virtual server consisting of the following two nodes.  Windows Server, Microsoft SQL Server Reporting Services, and Microsoft Dynamics CRM Reporting Extensions for SQL Server Reporting Services (Server X).  Windows Server, Microsoft SQL Server Reporting Services, and Microsoft Dynamics CRM Reporting Extensions for SQL Server Reporting Services (Server Y).  NLB virtual server consisting of the following nodes.  Front End Server: Running Windows Server and Microsoft Dynamics CRM Server with the Front End Server role.  Front End Server: Another Windows Server running Microsoft Dynamics CRM Server with the Front End Server role.  Microsoft SQL Server failover cluster running the following two nodes.  Windows Server, SQL Server database engine (Server X).  Windows Server, SQL Server database engine (Server Y).  Windows Server running the Asynchronous Service server role.  Windows Server running the Sandbox Processing Service server role.  Windows Server running the Active Directory Federation Services (AD FS) Windows Server role.  Windows Server running Microsoft SharePoint (required for document management). Forest Y: Domain B: Intranet

 Exchange Server failover cluster consisting of the following two nodes.  Windows Server running Exchange Server (Server X).  Windows Server running Exchange Server (Server Y).

114 Internet access to Microsoft Dynamics CRM 2013 topology example

See Also Microsoft Dynamics CRM multiple-server deployment

Upgrading from Microsoft Dynamics CRM 2011

aw. Upgrading from Microsoft Dynamics CRM 2011

The only supported upgrade path to Microsoft Dynamics CRM 2013 is from Microsoft Dynamics CRM 2011. This section provides guidelines for preparing for an upgrade to Microsoft Dynamics

115 CRM 2013. Performing these tasks in advance can help minimize system downtime and ensure a successful upgrade. Also, this section describes how Microsoft Dynamics CRM 2013 upgrades your current system and what happens to items such as existing reports, customizations, and solutions.

Microsoft Dynamics CRM 2011 server roles are not compatible with a Microsoft Dynamics CRM 2013 deployment. Therefore, after you upgrade the first Microsoft Dynamics CRM 2011 server, other Microsoft Dynamics CRM 2011 servers that are running in the deployment will become disabled. As each server is upgraded, the corresponding server will be enabled.

You can upgrade Microsoft Dynamics CRM 2011 server roles in any order. However, to have a fully functioning Microsoft Dynamics CRM deployment, all servers and server roles must be upgraded.

For an overview of the upgrade process, see the whitepaper: How to Prepare for the Upgrade to Microsoft Dynamics CRM 2013

In This Topic Recommended upgrade steps

Microsoft Dynamics CRM Server upgrade options

Microsoft Dynamics CRM 2011 Server versions supported for upgrade

Microsoft Dynamics CRM 2011 for Outlook versions supported for upgrade

Microsoft Dynamics CRM software and components not supported for in-place upgrade

Upgrade product key

User permissions and privileges

Sharing a SQL Server

Tips for a successful upgrade

Next steps

Recommended upgrade steps To ease the upgrade process and minimize downtime, we recommend that you use the following order when you upgrade Microsoft Dynamics CRM 2011 to Microsoft Dynamics CRM 2013. 116 1. Make sure all Microsoft Dynamics CRM 2011 for Outlook clients are running Microsoft Dynamics CRM 2011 Update Rollup 12 or a later update rollup. Doing so provides Microsoft Dynamics CRM 2011 for Outlook the capability to connect and use Microsoft Dynamics CRM Server 2013. 2. Upgrade all Microsoft Dynamics CRM 2011 servers and organizations to Microsoft Dynamics CRM Server 2013. 3. Upgrade Microsoft Dynamics CRM 2011 for Outlook to Microsoft Dynamics CRM 2013 for Microsoft Office Outlook. Upgrading to CRM 2013 for Outlook provides Go offline capability.

Microsoft Dynamics CRM Server upgrade options There are three different upgrade options:

 Migrate by using a new instance of SQL Server. We recommend this option for upgrading from Microsoft Dynamics CRM 2011 to Microsoft Dynamics CRM 2013. Although this option requires a different computer for Microsoft Dynamics CRM 2013 and a different instance of SQL Server, it provides the least amount of potential downtime for Microsoft Dynamics CRM users since the Microsoft Dynamics CRM 2011 deployment can remain functioning until the upgrade is completed and verified.  Migrate by using the same instance of SQL Server. This option requires a different computer for Microsoft Dynamics CRM Server 2013, but will upgrade in-place the configuration and default organization databases using the same instance of SQL Server. If issues occur during the upgrade, you must roll back to Microsoft Dynamics CRM 2011 to avoid significant downtime.  In-place upgrade. Although this option does not require a different computer for Microsoft Dynamics CRM Server 2013 or a different instance of SQL Server, it poses the greatest risk if upgrade issues occur because a roll back and reinstall of Microsoft Dynamics CRM will be required to avoid potential downtime. For detailed procedures for each of these options, see the Upgrade from Microsoft Dynamics CRM 4.0 topics in the Installing Guide.

For the latest product information, see the Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online Readme.

Important Always run a full backup of the Microsoft Dynamics CRM databases before you upgrade to a new version of the product. For information about database backups, see Backing Up the Microsoft Dynamics CRM System in the Operating and Maintaining Guide.

During an in-place upgrade, only the organization that you specify to upgrade to Microsoft Dynamics CRM 2011 is upgraded. If the Microsoft Dynamics CRM 2011 deployment contains additional organizations, those organizations are disabled and are not upgraded. You must upgrade those organizations using Deployment Manager. For more information, see Deployment Manager Help.

117 For each organization that you upgrade, we recommend that the volume have free space that is at least three times the size of the organization database file (organizationName_MSCRM.mdf) and four times the size of the log file (organizationName_MSCRM.ldf). For example, if a single organization database and log file are located on the same volume where the mdf file is 326 MB and the ldf file is 56 MB, the recommended available space should be at least 1.2 GB to allow for growth ((326 x 3) + (56 x 4)). Notice that the database files that expand during upgrade do not reduce in size after the upgrade is complete.

As part of organization upgrade, all ENTITYNAMEBase and ENTITYNAMEExtensionBase tables will be merged into a single table. To reduce downtime, consider deferring the table merge of large organization databases that are highly customized so that the table merge process can be run as a separate upgrade operation. For more information, see Run the Base and Extension table merge as a separate operation.

Microsoft Dynamics CRM 2011 Server versions supported for upgrade The following Microsoft Dynamics CRM 2011 update rollup versions are supported for upgrade to Microsoft Dynamics CRM Server 2013. All other update rollup versions will receive an error message resembling the following and will not be upgraded.

The installed version of Microsoft Dynamics CRM Server cannot be upgraded to Microsoft Dynamics CRM 2013. For more information, see the Microsoft Dynamics CRM Implementation Guide.

 Microsoft Dynamics CRM 2011 Update Rollup 14 or later update rollup.  Microsoft Dynamics CRM 2011 Update Rollup 6 (Not recommended).

Microsoft Dynamics CRM 2011 for Outlook versions supported for upgrade The following Microsoft Dynamics CRM 2011 update rollup versions are supported for upgrade to Microsoft Dynamics CRM 2013 for Microsoft Office Outlook.

 Microsoft Dynamics CRM 2011 Update Rollup 12  Microsoft Dynamics CRM 2011 Update Rollup 6 (Not recommended).

118 Microsoft Dynamics CRM software and components not supported for in-place upgrade The following products and solutions are not supported by Microsoft Dynamics CRM 2013 and will not be upgraded during Microsoft Dynamics CRM Setup. If you upgrade a Microsoft Dynamics CRM 2011 system that includes the product or solution listed below, or you install these components after you install Microsoft Dynamics CRM, these products or solutions may not function correctly. We recommend that you uninstall or manually remove the component before you upgrade.

 Microsoft Dynamics CRM 2011 Reporting Extensions  Microsoft Dynamics CRM 2011 Email Router  Microsoft Dynamics CRM List Component for SharePoint Server  Connector for Microsoft Dynamics Important Microsoft Dynamics CRM 4.0 is not supported for upgrade. However, you can upgrade Microsoft Dynamics CRM 4.0 Server to Microsoft Dynamics CRM Server 2011 by using a trial product key, and then upgrade to Microsoft Dynamics CRM Server 2013. For instructions about how to migrate from Microsoft Dynamics CRM 4.0 to Microsoft Dynamics CRM 2013, see Migrate from Microsoft Dynamics CRM 4.0 Server to Microsoft Dynamics CRM 2013 Server.

Upgrade product key Before the upgrade, obtain the product key that you will enter during the upgrade. In Microsoft Dynamics CRM 2013, the server and client keys are combined so that you enter only one key.

For more information, see Microsoft Dynamics CRM editions and licensing in this guide.

If you want to make system changes that require changes to your existing Microsoft Dynamics CRM licensing agreement, see How to buy Microsoft Dynamics.

User permissions and privileges To perform a successful upgrade, the user who runs Microsoft Dynamics CRM Setup must:

 Have an account in the same Active Directory domain as the server or servers that are being upgraded.  Be a member of both the Deployment Administrator Role and the Microsoft Dynamics CRM System Administrator Role.  Have administrator rights on the SQL Server and Reporting Services server associated with the deployment that is being upgraded. 119  Have sufficient permissions to create new security groups in the Active Directory organizational unit that contains the existing Microsoft Dynamics CRM groups.

Sharing a SQL Server Only one Microsoft Dynamics CRM deployment per instance of SQL Server is supported. This is because each Microsoft Dynamics CRM deployment requires its own MSCRM_CONFIG database, and multiple instances of the MSCRM_CONFIG database cannot coexist on the same instance of SQL Server. If you have multiple SQL Server instances running on the same computer, you can host the databases for multiple Microsoft Dynamics CRM deployment on the same computer. However, this might decrease system performance.

Tips for a successful upgrade The following issues, if applicable to your current Microsoft Dynamics CRM 2011 deployment, should be resolved before you start the upgrade.

Maximum number of attributes exceeded If you have more than 1023 attributes defined for an entity, you must delete the additional attributes before you run the upgrade. The upgrade will fail with the following message if you have more than 1023 attributes.

CREATE VIEW failed because column 'column_name' in view 'view_name' exceeds the maximum of 1024 columns.

Remove custom database objects The Microsoft Dynamics CRM databases often change from one major release to the next because of database redesign.

We suggest that, if you have added custom database objects such as triggers, statistics, stored procedures, and certain indexes, you remove those objects from the configuration and organization databases. In many cases, Microsoft Dynamics CRM Server Setup displays a warning when these objects are detected.

Remove the ignorechecks registry subkey If you have manually added the ignorechecks registry subkey on the Microsoft Dynamics CRM Server 2011 remove it before you start the upgrade. For more information, see You cannot deploy

120 Microsoft Dynamics CRM by using an account that does not have local administrator permissions on Microsoft SQL Server.

If you are upgrading from Microsoft Dynamics CRM 2011 Update Rollup 6, indexes will be added during upgrade Microsoft Dynamics CRM 2011 Update Rollup 12 introduced new indexes for entities in the Quick Find Search Optimization feature. Therefore, if you upgrade from Microsoft Dynamics CRM 2011 Update Rollup 6, these indexes will be created during Microsoft Dynamics CRM Server 2013 Setup and you may notice that part of the upgrade will take longer to complete. The reason for this is that the indexes need to be populated and based on the size of your dataset the completion time will vary. Additionally, if you have existing custom indexes in the organization database that use the same index name, they will be overwritten during upgrade. For more information including a list of the indexes added, see Indexes added with Microsoft Dynamics CRM 2011 Update Rollup 12.

Consider rescheduling base and extension table merge By default, during an organization upgrade, every base and extension table will become merged. For large organization databases that are highly customized the merging may take several hours to complete. For more information, see Run the Base and Extension table merge as a separate operation.

Next steps Read more about upgrade in the following topics:

 Before you upgrade: issues and considerations  Upgrade the Microsoft Dynamics CRM Deployment  Upgrade Microsoft Dynamics CRM for Outlook

See Also Microsoft Dynamics CRM 2013 supported configurations

Upgrade Microsoft Dynamics CRM for Outlook

121 ax. Before you upgrade: issues and considerations

This section describes the changes and known issues that occur as a result of upgrading from Microsoft Dynamics CRM 2011 to Microsoft Dynamics CRM 2013. This section also describes the things that may impact your deployment after the upgrade is complete.

In This Topic What has changed in supported products and technologies?

End of support for outdated programmability features

Delete connections to enable use of access teams

Changes to duplicate detection

Microsoft Lync presence not supported in some areas

Update your customizations for the new user interface

What has changed in supported products and technologies? In support of the latest technologies and in compliance with the Microsoft Support Lifecycle, obsolete platform products and technologies will no longer be supported in the next major release of Microsoft Dynamics CRM. For more information, see What’s changing in the next major release.

End of support for outdated programmability features There are several Microsoft Dynamics CRM 4.0 features that will be removed or will no longer be supported after the upgrade to Microsoft Dynamics CRM 2013. For more information, see What’s changing in the next major release.

You can use the Custom Code Validation Tool to examine your web resources and show you where there might be some problems. The issues that are flagged are either using unsupported coding processes or using the Microsoft Dynamics CRM 4.0 objects and functions. Download this tool and extract the contents. Within the contents, you will find instructions about how to install

122 and use the tool. For more information about this tool, read this blog: Check your JavaScript code to prepare for your upgrade.

Delete connections to enable use of access teams To be able to add users who have opportunity connections to access teams, the connections must be deleted before you upgrade. If there are connections in your existing Microsoft Dynamics CRM deployment configured between Opportunity and User entities, you should delete them before you upgrade. Deleting these connections will let you add those users to teams that use the Access team type, typically used for team selling. After the upgrade is complete you can re-create the prior connections and, if needed, add those users to access teams. For more information about access teams, see About team templates in the Customer Center.

To find all opportunity and user connections, start Advanced Find and set the following query.

1. In the Look for list select Connections. 2. Click or tap Select and then click or tap Connected From (Opportunity) 3. Click or tap Select and then click or tap Connected To (User) 4. Click or tap Results.

Changes to duplicate detection To facilite auto-save on forms, duplicate detection during create and update operations will not be supported in the forms for Microsoft Dynamics CRM updated user interface entities. For more information, see Duplicate Detection during Record Create and Update Operations Not Supported. You can find sample code for adding this support to your forms in the Microsoft Dynamics CRM SDK download package.

Microsoft Lync presence not supported in some areas Microsoft Lync presence will not be supported on the updated user interface entity forms and in Activity Feeds. Lync will be present in grids and subgrids.

Update your customizations for the new user interface After the upgrade, supported customizations to menus and forms from your previous version will continue to work, though they may appear slightly different to simplify the transition to the new user experience. The forms for entities that are updated to the new user interface have a similar layout as the Microsoft Dynamics CRM 2011 forms. To display the forms in the new

123 layout, system customizers can edit each new form and choose Bring in another form from the ribbon. For more information, see Upgrading Forms.

See Also Upgrading from Microsoft Dynamics CRM 4.0

Planning Deployment of Microsoft Dynamics CRM 2013 Advanced Topics

ay. Upgrade the Microsoft Dynamics CRM Deployment

Microsoft Dynamics CRM 2013 presents a significant advancement in features and functionality from Microsoft Dynamics CRM 2011. As such, existing features, solutions, and extensions may be affected as a result of the upgrade. This topic provides a best practices process to minimize downtime while helping determine issues that may occur as a result of the upgrade.

In This Topic The upgrade process

Prepare to upgrade

Establish the test environment

Upgrade and validate the test environment

What to do when you cannot successfully upgrade or migrate?

The upgrade process The Microsoft Dynamics CRM Server upgrade process can be distilled down into four main areas:

1. Prepare to upgrade. 2. Establish a test environment. 3. Upgrade and validate the test environment. 4. Upgrade and validate the production site.

124 There are two separate environments as part of the upgrade process:

 Test environment. The test environment represents a restricted deployment of Microsoft Dynamics CRM that is used to validate the upgrade. The test environment must mirror the production environment as closely as possible whereby there are substantial similarities in hardware (processor, disk, memory, and so on), technology platform (Windows Server, SQL Server, and so on), topology (1-server, 2-server, 5-server, and so on) and data Microsoft Dynamics CRM databases). To create an appropriate environment for testing, it may require setting up Windows Network Load Balancing (NLB) or clustering, installing and configuring Microsoft Dynamics CRM components and applications, such as Email Router, workflows, customizations, and connectors, as well as installing any additional add-ons, plug-ins, or solutions particular to the deployment. Establishing a test environment that is running and configured wholly or in part by using virtualization technology, such as Windows Server Hyper-V, can greatly facilitate this process. In this test environment, the administrator performs the upgrade, optimizes for performance, may introduce upgraded code, and tests that the system is running well.  Production deployment. This deployment represents the deployment of Microsoft Dynamics CRM that is used by all Microsoft Dynamics CRM users in the organization. In the production deployment, the upgrade is performed, and the administrator may use strategies that optimize upgrade performance. The upgrade administrator may move upgraded code from the development or test environment to the production environment. The administrator then brings the production environment online, validates that the system is running well, and deploys CRM for Outlook for users as needed.

Prepare to upgrade Make sure you have enough staff, resources, and time to dedicate to the upgrade. As part of this phase, you must determine who will be involved in the upgrade, designate the test deployment hardware and software that will be used to validate the upgrade, and plan for potential failures.

You should also assess the current production environment for upgrade suitability. This requires reviewing the Microsoft Dynamics CRM 2013 documentation.

Important Only Microsoft Dynamics CRM Server 2011 with at least Microsoft Dynamics CRM 2011 Update Rollup 14 (recommended) or Microsoft Dynamics CRM 2011 Update Rollup 6 can be upgraded to Microsoft Dynamics CRM Server 2013.

Additionally, you must determine the acceptance criteria that will be used to decide whether to go forward with the production upgrade.

Tip Microsoft Dynamics Sure Step is available to Microsoft Dynamics Partners to help reduce risk and guide you through the tasks associated with deployment and

125 configuration of Microsoft Dynamics solutions. For more information about Microsoft Dynamics Sure Step, including training, methodology, and tool downloads, visit the PartnerSource website.

Determine the upgrade strategy

To determine the upgrade strategy, you need to answer the following questions:

 What will be upgraded? Upgrading the Microsoft Dynamics CRM server may require that you upgrade platform components such as Windows Server or SQL Server. It will also require that other Microsoft Dynamics CRM applications such as CRM for Outlook and Email Router be upgraded.  When? What is the timeline for the upgrade?  How? For example, will you upgrade in-place or will you migrate to new hardware before the upgrade? This should also include how the upgrade will be rolled out. Who will validate the upgrade? Will there be a pilot or phased rollout? Based on the outcome of the test upgrade you may need to modify or mitigate your strategy and perform corrective actions to ensure functionality. For example, if some workflows cannot be upgraded, you must plan to re-create those workflows and test them. Plan for failure, backup, and recovery

Some components, such as custom reports, workflows, custom JavaScript, or third-party extensions may cause the upgrade to fail or not function correctly. These items should be documented and a contingency plan be established for each issue. Additionally, custom JavaScript and third-party extensions may need to be removed before the upgrade.

Therefore, you must be prepared to quickly and completely rollback the system. If you will recover from any scenario, you must back up all needed information and store a copy offsite. A backup plan should be created and rehearsed for all Microsoft Dynamics CRM components and services to make sure that, if a failure occurs, the maximum amount of data is recoverable. To understand the failure-recovery procedures, you must examine several different scenarios to learn how restoration occurs in each case.

For more information about how to back up or recover Microsoft Dynamics CRM data, see Data protection and recovery.

Review appropriate planning and prerequisite documentation

Product documentation is instrumental in helping you scope the amount of preparation required before you upgrade. The documentation to review should include:

 Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online Readme  This guide and the Installing Guide for Microsoft Dynamics CRM 2013, which are part of the Microsoft Dynamics CRM 2013 Implementation Guide. Of particular importance are the Upgrading from Microsoft Dynamics CRM 2011, Microsoft Dynamics CRM 2013 system requirements and

126 required technologies, and Microsoft Dynamics CRM 2013 supported configurations topics.  Also, if you will be installing additional components, such as CRM for Outlook or Microsoft Dynamics CRM Email Router, download and review the following documents:  Microsoft Dynamics CRM 2013 for Microsoft Office Outlook Readme  Microsoft Dynamics CRM Email Router Readme Ensure you have the latest technologies

For best results, verify that you have applied the latest service packs and update rollups not only for Microsoft Dynamics CRM but for other dependent technologies such as Windows Server, SQL Server, and Exchange Server.

Determine an upgrade plan and checklists

In this task you will determine how to evaluate the overall functionality and production readiness of the upgraded environment. The purpose of these tasks is to validate a production ready and fully operational system suitable for rolling out to the user base.

Use the following steps as a checklist for the tasks that are required leading up to the production upgrade or "go-live" day.

Verify that the system is functional after the upgrade by performing these basic tests:

 Review the Setup log files for issues that may have occurred during the upgrade. By default, Setup creates these files in the C:\Documents and Settings\\Application Data\Microsoft\MSCRM\Logs folder on the computer where Setup is run and where is the name of the user account who ran Setup.  Review the Event Viewer log files. Microsoft Dynamics CRM Server 2013 events are recorded under the sources that begin with MSCRM in Event Viewer.  Start Deployment Manager and verify that all Microsoft Dynamics CRM servers are enabled and that the default organization is enabled. Depending on whether you migrated or performed an in-place upgrade, additional Microsoft Dynamics CRM 2011 organizations are upgraded by using the Import Organization Wizard or the Upgrade Organization Wizard in Deployment Manager.  Start Internet Explorer and connect to the Microsoft Dynamics CRM server. After you have performed the previous tasks, perform a user acceptance test. The following is an example of some of the features to test in a typical organization:  Validate reports against previous version reports.  Print reports in Microsoft Dynamics CRM.  Validate applicable data in the Microsoft Dynamics CRM system, such as creating, editing, deleting, and promoting/converting records for the following entities:  Accounts

 Contacts

 Opportunities

127  Cases

 Activities

 Custom Entities

 Verify workflows against previous workflows. Update any workflow items affected by configuration or data model modifications.  Test all custom code, JavaScript, and custom reports (if applicable).  Test all integration processes (if applicable).  Test of third party applications or extensions.

Establish the test environment We strongly recommend that you plan to run at least one test upgrade before you upgrade your production environment. After you run a test upgrade, verify the product configuration by performing operations that you would typically use in your production environment. For example, for a service organization, you may want to create an e-mail activity related to a case, and then verify the functionality by sending a test e-mail that contains text from an existing case. If you receive any errors while you are using Microsoft Dynamics CRM in a test environment, make sure that you resolve them before you upgrade your production environment.

Tip Virtual machine software, such as Windows Server Hyper-V, can ease the deployment time to establish the test environment as well as limit the amount of hardware resources that are required to emulate the production deployment.

Determine which computers you will use, or, if you are using virtual machine technology, which virtual machine you will use.

Migrate by using a new instance of SQL Server

We recommend this upgrade option because it lets you maintain a Microsoft Dynamics CRM 2011 deployment at the same time that a new Microsoft Dynamics CRM 2013 system is being deployed. This reduces application down time as the new deployment can be installed, organizations imported, and then verified without effecting the production Microsoft Dynamics CRM 2011 deployment in the event of an issue.

Important

128 The Migrate by using a new instance of SQL Server option provides the least amount of potential downtime in the event of an issue as the result of the upgraded deployment.

1. Establish a new instance of SQL Server. You can use an existing instance but it must not be the same instance where the Microsoft Dynamics CRM 2011 configuration database is located. 2. Run Microsoft Dynamics CRM Server 2013 Setup on a new 64-bit computer that does not already have Microsoft Dynamics CRM Server 2011 installed. 3. Back up the production Microsoft Dynamics CRM 2011 configuration and organization databases and restore them to the new instance of SQL Server. 4. Run the Import Organization Wizard to import one or more Microsoft Dynamics CRM 2011 organizations to the newly installed Microsoft Dynamics CRM 2013 system. During the import, the Microsoft Dynamics CRM 2011 organization database will be upgraded. 5. If you have additional organizations or if you are using a new SQL Server for the migration, you must import the organization databases to the new system. To do this, on the computer where Microsoft Dynamics CRM Server 2013 is installed and running, start Microsoft Dynamics CRM Deployment Manager, right-click Organizations, click Import Organization, and then select the newly restored Microsoft Dynamics CRM 2011 OrganizationName_MSCRM database. 6. If customizations were made to .NET assemblies or configuration files, you must copy those customized files to the new system. By default, these files are located under the :\Program Files\Microsoft Dynamics CRM\Server\bin\assembly\ folder on the existing Microsoft Dynamics CRM 2011 server.

Upgrade and validate the test environment Verify the newly upgraded Microsoft Dynamics CRM 2013 environment for stability and operation. This includes having a select set of users connect by using the Microsoft Dynamics CRM web application and use the system to perform all normal day-to-day tasks. Make sure workflows and reports are functioning correctly. Test that new features from the upgrade are functioning as well.

Run acceptance criteria and checklists

Execute the previously mentioned tasks on the new deployment. Based on the tests, a decision will be made to either implement or not implement the upgrade to the production environment.

User acceptance testing

After the test checklist is completed and the quality of the tasks is within acceptable limits, user acceptance testing can start. This involves a subset of all users and typically can involve key users that carry out their normal day-to-day tasks against the system. These key users report any issues or unexpected behavior to the Microsoft Dynamics CRM administration team for action. 129 Go live

After user acceptance testing has successfully completed, bring the Microsoft Dynamics CRM 2013 server online. This may require removing the Microsoft Dynamics CRM 2011 server before joining the Microsoft Dynamics CRM 2013 server to the domain, configuring the IIS bindings to use the same bindings as the Microsoft Dynamics CRM 2011 website, and updating DNS records as necessary to correctly resolve to the new Microsoft Dynamics CRM 2013 website.

What to do when you cannot successfully upgrade or migrate? If, after following the guidelines in this section, you cannot successfully upgrade the production deployment or migrate, use the following resources to help resolve the issue.

Self support

 Use the Event Viewer to view events that can help you troubleshoot the issue. Microsoft Dynamics CRM Server 2013 events are recorded under the sources that begin with MSCRM in the Event Viewer.  Turn on platform tracing. For instructions, see the tracing topics under Monitor and troubleshoot Microsoft Dynamics CRM.  Browse or search for knowledge base articles for Microsoft Dynamics CRM in the Microsoft Dynamics CRM Solution Center.  Visit the CustomerSource or the PartnerSource website. Assisted support

Contact Microsoft Customer Support Services. For a complete list of Microsoft Customer Support Services telephone numbers and information, visit the Microsoft Customer Support page.

az. Upgrade Microsoft Dynamics CRM for Outlook

Microsoft Dynamics CRM for Microsoft Office Outlook is a Microsoft Office Outlook add-in that lets Microsoft Dynamics CRM users complete CRM tasks in the familiar Microsoft Outlook environment.

In This Topic Microsoft Dynamics CRM for Outlook upgrade requirements

130 Cross-architecture upgrade of Microsoft Dynamics CRM for Outlook

Microsoft Dynamics CRM 2011 for Outlook compatibility with Microsoft Dynamics CRM 2013 Server

Microsoft Dynamics CRM for Outlook upgrade requirements A system capable of running Microsoft Dynamics CRM 2013 for Microsoft Office Outlook. For the best performance when you run CRM 2013 for Outlook, make sure your PC is running 64-bit Windows and Microsoft Office, has sufficient hard disk and RAM, and all the prerequisite software, such as Microsoft Office and Internet Explorer. For information about the hardware and software requirements for CRM 2013 for Outlook, see Microsoft Dynamics CRM 2013 for Outlook hardware requirements and Microsoft Dynamics CRM 2013 for Outlook software requirements.

Make sure you have at least Microsoft Dynamics CRM 2011 Update Rollup 12 applied. Only Microsoft Dynamics CRM 2011 for Outlook with Microsoft Dynamics CRM 2011 Update Rollup 12 or later update rollup is compatible with Microsoft Dynamics CRM Server 2013.

Important Although you can connect to Microsoft Dynamics CRM Server 2013 with Microsoft Dynamics CRM 2011 for Outlook with Microsoft Dynamics CRM 2011 Update Rollup 12 or later update rollup, you cannot take data offline by using Go offline. To take data offline, upgrade to CRM 2013 for Outlook.

Although Microsoft Dynamics CRM 2011 for Outlook with Microsoft Dynamics CRM 2011 Update Rollup 6 is supported for upgrade to CRM 2013 for Outlook, Microsoft Dynamics CRM 2011 for Outlook with Microsoft Dynamics CRM 2011 Update Rollup 6 is incompatible with Microsoft Dynamics CRM Server 2013.

All other Microsoft Dynamics CRM 2011 for Outlook update rollup versions are not supported for upgrade.

Admin permission required. To install or upgrade CRM for Outlook, you must have local administrator permission on the computer where you perform the installation or upgrade.

Base languages must match. To upgrade Microsoft Dynamics CRM 2011 for Outlook, the base language of CRM 2013 for Outlook must match the base language of Microsoft Dynamics CRM 2011 for Outlook.

131 Cannot upgrade when you are in Go offline mode. You cannot upgrade Microsoft Dynamics CRM 2011 for Outlook when it is in Go offline mode. You must bring Microsoft Dynamics CRM 2011 for Outlook online before you can upgrade to CRM 2013 for Outlook.

Upgrade is required to continue offline access after server upgrade. After the Microsoft Dynamics CRM Server 2011 deployment has been upgraded to Microsoft Dynamics CRM Server 2013, users must upgrade to CRM 2013 for Outlook to continue accessing data offline (Go offline). For example, a particular user runs Microsoft Dynamics CRM 2011 for Outlook and accesses data offline. This user's organization is upgraded from Microsoft Dynamics CRM 2011 to Microsoft Dynamics CRM 2013. Although there now exists a client-server mismatch, users can still connect to the server and access data online if they run Microsoft Dynamics CRM 2011 with at least Microsoft Dynamics CRM 2011 Update Rollup 12. However, to go offline again, the user must upgrade to CRM 2013 for Outlook.

Cross-architecture upgrade of Microsoft Dynamics CRM for Outlook If you intend to change to a different architecture (move from 32-bit to 64-bit) while upgrading, note the following.

 In-place cross-architecture upgrade is not supported. If you are running Microsoft Dynamics CRM 2011 for Outlook 32-bit, you can perform an in-place upgrade only to 32-bit CRM 2013 for Outlook. This also applies to Microsoft Office: If you are running and intend to retain a 32-bit version of Microsoft Office, you can upgrade only to 32-bit CRM 2013 for Outlook.  Cross-architecture upgrade requires uninstalling and reinstalling. If you have a 64-bit PC running a 64-bit version of Microsoft Windows, you can change from 32-bit to 64-bit CRM 2013 for Outlook by performing the following steps in the order listed. a. Make sure that your PC has a 64-bit version of Windows. How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system. b. Uninstall Microsoft Dynamics CRM 2011 for Outlook. c. Uninstall Microsoft Office. d. Install a 64-bit edition of Microsoft Office. e. Install the 64-bit edition of CRM 2013 for Outlook. For more information about installing CRM 2013 for Outlook, see Task 1: Install Microsoft Dynamics CRM for Outlook.

132 Microsoft Dynamics CRM 2011 for Outlook compatibility with Microsoft Dynamics CRM 2013 Server Microsoft Dynamics CRM 2011 for Outlook with Microsoft Dynamics CRM 2011 Update Rollup 12 or later update rollup is compatible with Microsoft Dynamics CRM Server 2013. This compatibility eases the upgrade timeline to allow administrators to do a phased rollout without work stoppages for Microsoft Dynamics CRM 2011 for Outlook users who have not been upgraded to CRM 2013 for Outlook.

Important Only Microsoft Dynamics CRM 2011 for Outlook with Microsoft Dynamics CRM 2011 Update Rollup 12 or a later update rollup is compatible with Microsoft Dynamics CRM Server 2013.

See Also Upgrading from Microsoft Dynamics CRM 2011

Before you upgrade: issues and considerations

ba. Planning Deployment of Microsoft Dynamics CRM 2013 Advanced Topics

Before you plan a deployment of Microsoft Dynamics CRM for an enterprise business, such as an Internet-facing deployment (IFD) or multi-organization deployment, read through the topics referenced here.

In This Section Advanced deployment options for Microsoft Dynamics CRM Server 2013

See Also Planning Deployment of Microsoft Dynamics CRM 2013

Advanced deployment options for Microsoft Dynamics CRM for Outlook

Installing Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online

133 bb. Advanced deployment options for Microsoft Dynamics CRM Server 2013

This section describes advanced deployment options for Microsoft Dynamics CRM Server 2013.

Update Setup files by using a local package The update Setup feature can indicate if you have the latest updates to Microsoft Dynamics CRM before you run Setup. With this feature, you can specify where Setup locates the MSP package that is applied to the Setup files. This gives you additional control over the update, and also lets you apply the update package locally without the need of an Internet connection.

To specify the location, you must edit the XML configuration file element and then run Setup from the command prompt. For more information, see Use the Command Prompt to Install Microsoft Dynamics CRM.

Add or remove server roles Use one of the following options to install server roles:

 Run the Microsoft Dynamics CRM Server Setup Wizard to select one or more server role groups or one or more individual server roles. If Microsoft Dynamics CRM Server 2011 is already installed, you can use Programs and Features in Control Panel to add or remove server roles. For more information, see Microsoft Dynamics CRM 2013 server roles.  Configure an XML configuration file and then run Setup at the command prompt to specify a server role group or one or more individual server roles. For more information, see Install Microsoft Dynamics CRM Server 2013 roles.

Use Windows Powershell to perform deployment tasks You can use Windows Powershell to perform many Microsoft Dynamics CRM deployment tasks. For more information, see Administer the deployment using Windows PowerShell.

See Also Planning Deployment of Microsoft Dynamics CRM 2013 Advanced Topics

Configure a Microsoft Dynamics CRM Internet-facing deployment

134 bc. Configure a Microsoft Dynamics CRM Internet-facing deployment

You can deploy Microsoft Dynamics CRM so that remote users can connect to the application through the Internet. The following Internet-facing deployment (IFD) configurations are supported:

 Microsoft Dynamics CRM for internal users only  Microsoft Dynamics CRM for internal users and IFD access  Microsoft Dynamics CRM for IFD-only access Configuring an IFD enables access to Microsoft Dynamics CRM from the Internet, outside the company firewall, without using a virtual private network (VPN) solution. Microsoft Dynamics CRM configured for Internet access uses claims-based authentication to verify credentials of external users. When you configure Microsoft Dynamics CRM for Internet access, integrated Windows Authentication must remain in place for internal users.

To let users access the application over the Internet, the server that is running Internet Information Services (IIS) where the Microsoft Dynamics CRM application is installed must be available over the Internet.

For more information, see Accessing Microsoft Dynamics CRM from the Internet - Claims-based authentication and IFD requirements.

In This Topic About claims-based authentication

Internet-facing server best practices

Configure IFD

About claims-based authentication The claims-based security model extends traditional authentication models to include other directory sources that contain information about users. This identity federation lets users from various sources, such as Active Directory Domain Services (AD DS), customers via the Internet, or business partners, authenticate with native single sign-on.

The claims-based model has three components: the relying party, which needs the claim to decide what it is going to do; the identity provider, which provides the claim; and the user, who

135 decides what if any information they want to provide. Microsoft provides a claims-based access solution called Active Directory Federation Services (AD FS). AD FS enables Active Directory Domain Services (AD DS) to be an identity provider in the claims-based access platform.

AD FS consists of the following components:

 AD FS Framework provides developers pre-built .NET security logic for building claims-aware applications, enhancing either ASP.NET or WCF applications.  Active Directory Federation Services (AD FS) is a security token service (STS) for issuing and transforming claims, enabling federations, and managing user access. Active Directory Federation Services (AD FS) supports the WS-Trust, WS-Federation, and Security Assertion Markup Language (SAML) protocols. Active Directory Federation Services (AD FS) can also issue manage information cards for AD DS users. For more information about AD FS, see:

 Identity & Access  Active Directory Federation Services Overview (Windows Server 2012 AD FS 2.1)  Download AD FS 2.0 for Windows Server 2008: AD FS 2.0 RTW

Internet-facing server best practices

Implement a strong password policy To reduce the risk of "brute-force attacks" we strongly recommend that you implement a strong password policy for remote users who are accessing the domain where Microsoft Dynamics CRM is installed. For more information about how to implement a strong password policy in Windows Server, see Creating a Strong Password Policy on Microsoft TechNet and the "Understanding User Accounts" topic in Active Directory Users and Computers Help.

Internet connection firewall The Windows Server 2012 and Windows Server 2008 operating systems provide firewall software to prevent unauthorized connections to the server from remote computers. For more information about how to configure the Internet connection firewall for Internet Information Services (IIS) Manager, see the IIS Help.

For information about how to make a Web site available on the Internet, see the "Domain Name Resolution" topic in the IIS Help.

136 Proxy/firewall server If you do not have a secure proxy and firewall solution on your network, we recommend that you use a dedicated proxy and firewall server, such as Forefront Unified Access Gateway (UAG). Forefront UAG can act as a gateway between the Internet and Microsoft Dynamics CRM Server. Forefront UAG protects your IT infrastructure while providing users with fast and secure remote access to applications and data. For more information, see Forefront Unified Access Gateway 2010.

Configure IFD Use the following steps as configuration guidelines.

Step 1: Configure Microsoft Dynamics CRM Server 2013 for Internet access You can configure Microsoft Dynamics CRM Server 2013 for Internet access. To do this, run the Configure Claims-Based Authentication Wizard, and then run the Internet-Facing Deployment Configuration Wizard where Microsoft Dynamics CRM Server 2013 the Deployment Administration Server role is installed. For more information, see the Deployment Manager Help.

Step 2: Configure Microsoft Dynamics CRM for Outlook to connect to the Microsoft Dynamics CRM Server 2013 by using the Internet For Microsoft Dynamics CRM for Microsoft Office Outlook to be able to access the Microsoft Dynamics CRM Server 2013 over the Internet, you must specify the external Web address that will be used to access the Internet-facing Microsoft Dynamics CRM Server 2013. To do this, you must install CRM for Outlook, and then run the Configuration Wizard. Then, during configuration, type the external Web address in the External Web address box. If you install server roles, this Web address must specify where the Discovery Web Service role is installed. For more information about how to configure CRM for Outlook, see Task 2: Configure Microsoft Dynamics CRM for Outlook.

See Also Advanced deployment options for Microsoft Dynamics CRM Server 2013

Key management in Microsoft Dynamics CRM

137 bd. Key management in Microsoft Dynamics CRM

To verify the identity of people and organizations, and to guarantee content integrity, Microsoft Dynamics CRM generates digital certificates. These electronic credentials bind the identity of the certificate owner to a pair of electronic keys (public and private) that can be used to digitally encrypt and sign information. The credentials ensure that the keys actually belong to the person or organization specified.

In This Topic Key types

Key regeneration and renewal

Key-management logging

Key storage

How to encrypt Microsoft Dynamics CRM keys

Key types Microsoft Dynamics CRM uses two kinds of private encryption keys for deployments accessed over the Internet:

 Web remote procedure call (WRPC) token key. This key is used to generate a security token, which helps make sure that the request originated from the user who made the request. This security token decreases the likelihood of certain attacks, such as a cross-site request forgery (one-click) attack.  CRM e-mail credentials key. This key encrypts the credentials for the Email Router, an optional component of Microsoft Dynamics CRM.

Key regeneration and renewal CRM ticket keys are automatically generated and renewed and then distributed, or deployed, to all computers running Microsoft Dynamics CRM or running a specific Microsoft Dynamics CRM Server 2013 role. These keys are regenerated periodically and, in turn, replace the previous keys. By default, key regeneration occurs every 24 hours.

138 Key-management logging Microsoft Dynamics CRM records encryption-key events in the Application log. By using the Event Viewer, you can filter on the Source column and look for MSCRMKeySERVICENAME entries, where SERVICENAME is the key management service, such as MSCRMKeyArchiveManager or MSCRMKeyGenerator.

Key storage Cryptographic keys are stored in the Microsoft Dynamics CRM configuration database (MSCRM_CONFIG).

Warning By default, encryption keys are not stored in the configuration database in an encrypted format. We strongly recommend that you specify encryption when you run Setup as described below.

How to encrypt Microsoft Dynamics CRM keys Before you run Microsoft Dynamics CRM Setup, you can add the entry in the XML configuration file, and then run Microsoft Dynamics CRM Server Setup at the command prompt. During the installation, Setup creates a server master key and database master key, which are used to encrypt Microsoft Dynamics CRM certificates.

For more information, see the element in the Microsoft Dynamics CRM 2013 Server XML configuration file topic.

See Also Advanced deployment options for Microsoft Dynamics CRM Server 2013

Multi-organization deployment

be. Multi-organization deployment

Deployment Manager is a Microsoft Management Console (MMC) snap-in that deployment administrators can use to manage organizations, servers, and licenses for deployments of Microsoft Dynamics CRM. Deployment Manager is installed with the Full Server, Deployment Administration Server or Deployment Tools server roles. 139 In the Organizations area of the Deployment Manager, you import, create, update, enable, disable, or remove organizations. For more information about organization management in Microsoft Dynamics CRM, see the Deployment Manager Help.

Alternatively, you can perform Microsoft Dynamics CRM deployment tasks, such as organization management, using Windows PowerShell. For more information about PowerShell, see Administer the deployment using Windows PowerShell.

Important There are several names that cannot be used to name an organization. To view a list of reserved names, open the ReservedNames table in the MSCRM_CONFIG database, and review the names in the ReservedName column or use the following SQL query.

USE MSCRM_CONFIG SELECT ReservedName FROM ReservedNames

See Also Advanced deployment options for Microsoft Dynamics CRM Server 2013

Advanced deployment options for Microsoft Dynamics CRM for Outlook

bf. Accessibility in Microsoft Dynamics CRM

Administrators and users who have administrative responsibilities typically use the Settings area of the Microsoft Dynamics CRM web application to manage Microsoft Dynamics CRM Online. A mouse and keyboard are the typical devices that administrators use to interact with the application.

Users who don’t use a mouse can use a keyboard to navigate the user interface and complete actions. The ability to use the keyboard in this way is a result of support for keyboard interactions that a browser provides.

For more information, see the following Microsoft Dynamics CRM web application accessibility topics:

 Use Keyboard Shortcuts  Accessibility for People with Disabilities 140 Administrators and other users who have administrative responsibilities for on-premises deployments of Microsoft Dynamics CRM 2013 also use Microsoft Dynamics CRM Deployment Manager, a Microsoft Management Console (MMC) application, to manage on-premises deployments of Microsoft Dynamics CRM Server 2013.

For more information, see the following Microsoft Management Console (MMC) accessibility topics:

 Navigation in MMC Using the Keyboard and Mouse  MMC Keyboard Shortcuts

Accessibility features in browsers The following table contains links to documentation about web browser accessibility.

Browser Documentation

Internet Explorer Accessibility in Internet Explorer

Language Support and Accessibility Features

Mozilla Firefox Accessibility features in Firefox

Apple Safari Safari

Google Chrome Accessibility Technical Documentation

See Also Microsoft Accessibility Resource Center

141

Recommended publications