Architecture
[Pages:12]Architecture
Connectivity and Firewall Port Requirements for Microsoft Dynamics CRM 2011
White Paper
Published: October 2012 Updated: September 2013
Feedback
To send comments or suggestions about this document, please click the following link and type your feedback in the message body:
Important: The subject-line information is used to route your feedback. If you remove or modify the subject line, we may be unable to process your feedback.
Microsoft Dynamics is a line of integrated, adaptable business management solutions that enables you and your people to make business decisions with greater confidence. Microsoft Dynamics works like and with familiar Microsoft software, automating and streamlining financial, customer relationship and supply chain processes in a way that helps you drive business success.
U.S. and Canada Toll Free 1-888-477-7989 Worldwide +1-701-281-6500 dynamics
Legal Notice This document is provided "as-is". Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it.
Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or should be inferred.
This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes. You may modify this document for your internal, reference purposes.
? 2013 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, Excel, Hyper-V, Internet Explorer, Microsoft Dynamics, Microsoft Dynamics logo, MSDN, Outlook, Notepad, SharePoint, Silverlight, Visual C++, Windows, Windows Azure, Windows Live, Windows PowerShell, Windows Server, and Windows Vista are trademarks of the Microsoft group of companies.
All other trademarks are property of their respective owners.
2 CONNECTIVITY AND FIREWALL PORT REQUIREMENTS FOR MICROSOFT DYNAMICS CRM 2011
SEPTEMBER 2013
Table of Contents
Overview.................................................................................................................... 4 On Premise with Integrated Windows Authentication ..................................................... 4 On Premise with Claims-Based Authentication .............................................................. 5
Default CRM Connectivity Requirements.......................................................................... 6 Port Recommendations................................................................................................. 8
Network ports for the Microsoft Dynamics CRM Web application ...................................... 8 Network ports for the Asynchronous Service, Web Application Server, and Sandbox Processing Service server roles................................................................................... 9 Network ports that are used by the SQL Server that runs the Microsoft Dynamics CRM Reporting Extensions server roles ............................................................................... 9 Connectivity Requirements for Windows Services ............................................................. 9 Connectivity Requirements for Integrated Windows Authentication ................................... 10 Mail Server Connectivity Requirements ......................................................................... 11 Appendix A: Resources ............................................................................................... 12
SEPTEMBER 2013
3 CONNECTIVITY AND FIREWALL PORT REQUIREMENTS FOR MICROSOFT DYNAMICS CRM 2011
Overview
Many data centers include firewalls between the end users and the servers and other integrated systems that support an implementation of Microsoft Dynamics CRM 2011. This document is designed to provide guidance on the connectivity requirements between Microsoft Dynamics CRM 2011 and other systems to assist readers with proper firewall configuration in customer environments.
On-Premises with Integrated Windows Authentication
An overview of an on-premises implementation that uses Integrated Windows Authentication (IWA) is shown in the following diagram.
On-Premise CRM Solution with Windows Integrated Authentication
CRM Users
HTTP(S) CRM Server(s)
AD Authentication
AD Server(s)
Only required for SQL Filtered View access to provide Dynamic excel Export / pivot tables etc.
AD Authentication
Only required for Server side
Email integration
SQL Access
CRM SQL Server(s)
Only required with the CRM Outlook Client
Exchange Server
In this scenario the user must have a certain level of connectivity to the CRM Server(s), the Active Directory Server(s) and the SQL Server for SQL Filtered View access (if Export to Excel functionality is required). The remainder of this document focuses primarily on this scenario and details the required level of connectivity between these various components as well as further options for integration, Citrix implication, and so on.
4 CONNECTIVITY AND FIREWALL PORT REQUIREMENTS FOR MICROSOFT DYNAMICS CRM 2011
SEPTEMBER 2013
On-Premises with Claims-Based Authentication
An overview of an on-premises implementation that uses claims-based authentication is shown in the following diagram using Active Directory Federation Service (ADFS) as the Security Token Service (STS).
On-Premise CRM Solution with Claims-Based Authentication
CRM Users
HTTPS
HTTPS
HTTPS
ADFS
CRM Server SQL
Only required for Server side
Email integration
AD Server
CRM SQL Server
Only required with the CRM Outlook Client
AD Access
Exchange Server
With claims-based authentication, the Microsoft Dynamics CRM site is accessed anonymously and is then redirected to ADFS. Users enter their credentials, which are validated by ADFS by contacting Active Directory Directory Services (AD-DS). Finally, AFDS issues a SAML token containing the necessary claims for accessing Microsoft Dynamics CRM.
SEPTEMBER 2013
5 CONNECTIVITY AND FIREWALL PORT REQUIREMENTS FOR MICROSOFT DYNAMICS CRM 2011
Default CRM Connectivity Requirements
An overview of the default connectivity requirements for an on-premises deployment of Microsoft Dynamics CRM 2011 is shown in the following graphic:
AD Replication Dependent on approach
See options in section below
AD Servers (CRM User Domains)
AD Server (CRM Server Domain)
AD Authentication
TCP: 25 (SMTP) TCP: (POP3/IMAP/Etc.)
AD Authentication
TCP: 25 (SMTP)
Corporate Exchange Infrastructure
TCP: 110 (POP3)
TCP: 80 (Exchange: HTTP-DAV))
(Exchange: EWS)
CRM Exchange Router
TCP: 80 (443 for SSL)
SRS Service SRS Web Site
TCP: 80 (HTTP) TCP: 443 (SSL)
TCP: 80 (HTTP) TCP: 443 (SSL)
SQL Server
TCP: 1433 (SQL) TCP: 445 (microsoft-ds) UDP: 445 (microsoft-ds)
AD Authentication TCP: 1433 (SQL)
TCP : 445 (microsoft-ds) UDP: 445 (microsoft-ds)
Server AD Authentication
CRM Server (Application Role Group:
Application Server; Help Server; SDK Server)
TCP: 80 (443 for SSL)
Exchange Connectivity
(Outlook Clients Only)
Custom aspx & plugin's TCP: 80 (443 for SSL)
User AD Authentication
CRM Server (Platform Role Group: Asynchronous Processing Service; Deployment Service; Discovery Service; SDK Server)
TCP: 80 (443 for SSL)
Only required for SQL Filtered View access to provide Dynamic excel Export / pivot tables etc.
AD Authentication
TCP: 80 (443 for SSL)
Client Machine: IE / Outlook Online Client
In addition all Servers require the following: DNS name resolution on UDP/TCP: 53 NetBIOS name resolution on TCP: 139, UDP: 137/138 NTP time synchronisation: 123 ? this is a requirement for Kerberos Authentication DCOM and RPC: TCP 135, UDP 1025
Note. Arrow direction depicts source and target of initiating request rather than direction of data flow
Important: Because this diagram is focused on Microsoft Dynamics CRM connectivity requirements, full details about the specific port requirements for Microsoft Exchange Server and the Microsoft Windows Active Directory service are not shown. Additional information and links to related articles about these technologies and their specific requirements are provided in the following sections of this document.
6
CONNECTIVITY AND FIREWALL PORT REQUIREMENTS FOR MICROSOFT DYNAMICS CRM 2011
SEPTEMBER 2013
The default connectivity requirements for components of an on-premises deployment of Microsoft Dynamics CRM 2011 are shown in the following table.
Component CRM Server
Default Connectivity Requirements
AD Connectivity from Microsoft Dynamics CRM Servers RDP Connection to all Servers recommended SQL Server access SQL Reporting Services access
Exchange Router
Exchange Server Connectivity (HTTP DAV / EWS / SMTP) Other Mail Server Connectivity (POP3/SMTP) Optional Connectivity to a Microsoft Dynamics CRM Sink Mailbox HTTP / HTTPS access to CRM Servers / Network Load Balancer AD Authentication
Client
Outlook Connectivity to Exchange Optional Connectivity to SQL Server for views HTTP / HTTPS access to CRM Servers / Network Load Balancer AD Authentication
ALL
DNS name resolution where applicable on UDP/TCP: 53 NetBIOS name resolution where applicable on TCP: 139, UDP: 137/138 NTP: Required on all Servers to Sync Network Time UDP: 123 ? this is a
requirement for Kerberos Authentication
DCOM and RPC: Required on all Servers. TCP 135, UDP 1025
Important: In each case, the port numbers can be configured to run under alternative (nondefault) values, so environments will vary.
SEPTEMBER 2013
7 CONNECTIVITY AND FIREWALL PORT REQUIREMENTS FOR MICROSOFT DYNAMICS CRM 2011
Port Recommendations
Network ports for the Microsoft Dynamics CRM web application
The following table lists the ports used for a server that is running a Full Server installation of Microsoft Dynamics CRM. Moreover, except for the Microsoft SQL Server role, and the Microsoft Dynamics CRM Connector for SQL Server Reporting Services server role, all server roles are installed on the same computer.
Protocol Port
TCP
80
TCP
135
TCP
139
TCP
443
TCP
445
UDP
123
UDP
137
UDP
138
UDP
445
UDP 1025
Description HTTP
MSRPC NETBIOS-SSN
HTTPS
Microsoft-DS NTP
NETBIOS-NS NETBIOS-dgm Microsoft-DS
Blackjack
Explanation Default web application port; may be different as it can be changed during Microsoft Dynamics CRM Setup. For new websites, the default port number is 5555. RPC endpoint resolution NETBIOS session service Default secure HTTP port. The port number may differ from the default port. This secure network transport must be manually configured. Though this port is not required to run Microsoft Dynamics CRM, we strongly recommend it. For information about how to configure HTTPS for Microsoft Dynamics CRM, see "Make Microsoft Dynamics CRM client-to-server network communications more secure" in Post-Installation and Configuration Guidelines in the Installing Guide. Active Directory directory service required for Active Directory access and authentication. Network Time Protocol NETBIOS name service NETBIOS datagram service Active Directory directory service required for Active Directory access and authentication DCOM, used as an RPC listener
Important: Depending on the domain trust configuration, additional network ports may be required for Microsoft Dynamics CRM to work correctly. For more detail, see Knowledge Base article ID 179442, How to configure a firewall for domains and trusts.
8 CONNECTIVITY AND FIREWALL PORT REQUIREMENTS FOR MICROSOFT DYNAMICS CRM 2011
SEPTEMBER 2013
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related searches
- emerging computer architecture technology
- network architecture jobs
- computer architecture tutorial pdf
- computer architecture pdf
- computer architecture and design pdf
- fundamentals of computer architecture pdf
- william stallings computer architecture pdf
- computer organization and architecture stallings
- computer architecture textbook pdf
- computer organization and architecture 10th
- chinese architecture design
- gothic architecture characteristics list