Ages ago we had a tip on how to apply IP restrictions to your IFD CRM on-premises deployment. Traditional “this is unsupported” disclaimer followed. There is a way, however, to make it a) supported and b) infinitely more flexible and useful.
Enter Application Request Routing. Basically, the idea is to put a small IIS server as your “front” web server and then use ARR to route requests to the “backend” web server. In this configuration your “front” server does not need to have any CRM components installed at all as its sole purpose is to route requests.
- Configure default web site to listen on 443 with your IFD certificate
- Install ARR
- Create a server farm in Application Request Routing and add your CRM server to it
- Check that proxy is set to passthrough
- Make sure external CRM requests are going from your firewall to your “front” server
Well, that was easy. Now, you can
- Apply IP filtering by tweaking web.config on your “front” server. Since we are not touching CRM installation, we are on the supported side.
- Add more CRM web servers to the farm and do load balancing that is more flexible than NLB (network load balancing), traditionally used with CRM web servers.
- Configure URL rewrite and introduce vanity URL for your deployment, e.g. make your internal and external URLs the same; this has been done before but now we are supported as we are not touching CRM servers.
- Anything else?