Make Microsoft Dynamics CRM client-to-server network communications more secure

Previous Topic

Next Topic

With any network design, it is important to consider the security of your organization's client-to-server communications. When making necessary decisions that can help protect data, we recommend that you understand the following information about Microsoft Dynamics CRM network communication and about the technology options that are available to you that provide more secure data transmissions.

If you installed Microsoft Dynamics CRM or upgraded to Microsoft Dynamics CRM 2011 to an internally-facing Web site that is not already configured for HTTPS, Microsoft Dynamics CRM client-to-server communications are not encrypted. When using a Web site that supports only HTTP, information from Microsoft Dynamics CRM clients is transmitted in clear text and, therefore, possibly vulnerable to malicious intent, such as "man-in-the-middle" type attacks that could compromise content by adding scripts to perform harmful actions.

Configuring Microsoft Dynamics CRM for HTTPS

Configuring a site for HTTPS will cause a disruption in the Microsoft Dynamics CRM application so plan the configuration when it will result in minimal disruption to users. The high-level steps for configuring Microsoft Dynamics CRM for HTTPS are as follows:

  1. In Microsoft Dynamics CRM Deployment Manager, disable the server where the Web Application Server, Organization Web Service, Discovery Web Service, and Deployment Web Service roles are running. If this is a Full Server deployment, all server roles are running on the same computer. For information about how to disable a server, see Microsoft Dynamics CRM Deployment Manager Help.
  2. Configure the Web site where the Web Application Server role is installed to use HTTPS. For more information about how to do this, see Internet Information Services (IIS) Help.
  3. Set the binding in Microsoft Dynamics CRM Deployment Manager. This is done on the Web Address tab of the Properties page for the deployment. For more information about how change the bindings see the "Microsoft Dynamics CRM deployment properties" topic in Microsoft Dynamics CRM Deployment Manager Help.
  4. If you want to make other Microsoft Dynamics CRM services more secure and Microsoft Dynamics CRM is installed by using separate server roles, repeat the previous steps for the additional server roles.