Planning Guide for Microsoft Dynamics CRM 2013 and ...



Microsoft Dynamics CRM 2013 Planning GuideVersion 6.0.2This document is provided "as-is". Information and views expressed in this document, including URL and other Internet Web site references, may change without notice.Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or should be inferred. This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes. ? 2014 Microsoft Corporation. All rights reserved.Microsoft, Active Directory, ActiveX, Azure, BizTalk, JScript, Microsoft Dynamics, Outlook, SharePoint, SQL Server, Visual Basic, Visual Studio, Windows, Windows Server, and Windows Vista are trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners.Contents TOC \o "1-5" \h Planning Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online PAGEREF _Toc377980066 \h 12In This Section PAGEREF _Toc377980067 \h 12Related Sections PAGEREF _Toc377980068 \h 12Send us your comments about this document PAGEREF _Toc377980069 \h 12Planning Your Deployment of Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online PAGEREF _Toc377980070 \h 13Resources for planning and preparing users for Microsoft Dynamics CRM PAGEREF _Toc377980071 \h 13Microsoft Dynamics SureStep PAGEREF _Toc377980072 \h 13Manage your Microsoft Dynamics CRM Online subscription PAGEREF _Toc377980073 \h 14User training and adoption PAGEREF _Toc377980074 \h 14See Also PAGEREF _Toc377980075 \h 14Microsoft Dynamics CRM editions and licensing PAGEREF _Toc377980076 \h 14Editions and licensing for on-premises deployments PAGEREF _Toc377980077 \h 14Licensing PAGEREF _Toc377980078 \h 14Client Access License Types PAGEREF _Toc377980079 \h 15Microsoft Dynamics CRM Online licensing PAGEREF _Toc377980080 \h 15See Also PAGEREF _Toc377980081 \h 15What's new in Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online PAGEREF _Toc377980082 \h 15In This Topic PAGEREF _Toc377980083 \h 16What’s changed in this release? PAGEREF _Toc377980084 \h 16New in both Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online PAGEREF _Toc377980085 \h 16New Microsoft Dynamics CRM Online features PAGEREF _Toc377980086 \h 16Expanded licensing plans PAGEREF _Toc377980087 \h 16New Microsoft Dynamics CRM 2013 (on-premises) features PAGEREF _Toc377980088 \h 17Volume Shadow Service (VSS) support PAGEREF _Toc377980089 \h 17Server-side synchronization PAGEREF _Toc377980090 \h 17Microsoft Dynamics CRM 2013 Best Practices Analyzer PAGEREF _Toc377980091 \h 17Defer the base and extension table merge as part of upgrade PAGEREF _Toc377980092 \h 17See Also PAGEREF _Toc377980093 \h 17Microsoft Dynamics CRM system requirements and required technologies PAGEREF _Toc377980094 \h 18In This Section PAGEREF _Toc377980095 \h 19See Also PAGEREF _Toc377980096 \h 19Microsoft Dynamics CRM Server 2013 hardware requirements PAGEREF _Toc377980097 \h 19See Also PAGEREF _Toc377980098 \h 20Microsoft SQL Server hardware requirements for Microsoft Dynamics CRM Server 2013 PAGEREF _Toc377980099 \h 20See Also PAGEREF _Toc377980100 \h 21Software requirements for Microsoft Dynamics CRM Server 2013 PAGEREF _Toc377980101 \h 21In This Topic PAGEREF _Toc377980102 \h 21Windows Server operating system PAGEREF _Toc377980103 \h 22Supported Windows Server 2012 editions PAGEREF _Toc377980104 \h 22Supported Windows Server 2008 editions PAGEREF _Toc377980105 \h 22Server virtualization PAGEREF _Toc377980106 \h 23Active Directory modes PAGEREF _Toc377980107 \h 23Internet Information Services (IIS) PAGEREF _Toc377980108 \h 23SQL Server editions PAGEREF _Toc377980109 \h 24Accessing Microsoft Dynamics CRM from the Internet - Claims-based authentication and IFD requirements PAGEREF _Toc377980110 \h 25SQL Server Reporting Services PAGEREF _Toc377980111 \h 26Software component prerequisites PAGEREF _Toc377980112 \h 27Verify prerequisites PAGEREF _Toc377980113 \h 28See Also PAGEREF _Toc377980114 \h 28Microsoft Dynamics CRM 2013 Reporting Extensions requirements PAGEREF _Toc377980115 \h 29In this topic PAGEREF _Toc377980116 \h 29Microsoft Dynamics CRM Reporting Extensions general requirements PAGEREF _Toc377980117 \h 29Microsoft Dynamics CRM Reporting Authoring Extension general requirements PAGEREF _Toc377980118 \h 30See Also PAGEREF _Toc377980119 \h 30SharePoint Document Management software requirements for Microsoft Dynamics CRM 2013 PAGEREF _Toc377980120 \h 30Microsoft Dynamics CRM 2011 List Component for Microsoft SharePoint PAGEREF _Toc377980121 \h 31See Also PAGEREF _Toc377980122 \h 31Lync and Office Communications Server integration with Microsoft Dynamics CRM 2013 PAGEREF _Toc377980123 \h 31See Also PAGEREF _Toc377980124 \h 32Microsoft Dynamics CRM Email Router hardware requirements PAGEREF _Toc377980125 \h 32See Also PAGEREF _Toc377980126 \h 33Microsoft Dynamics CRM Email Router software requirements PAGEREF _Toc377980127 \h 33In This Topic PAGEREF _Toc377980128 \h 34Exchange Server PAGEREF _Toc377980129 \h 34Messaging and transport protocols PAGEREF _Toc377980130 \h 35Exchange Online PAGEREF _Toc377980131 \h 35Additional Email Router software requirements PAGEREF _Toc377980132 \h 35See Also PAGEREF _Toc377980133 \h 36Microsoft Dynamics CRM for Outlook hardware requirements PAGEREF _Toc377980134 \h 36See Also PAGEREF _Toc377980135 \h 37Microsoft Dynamics CRM for Outlook software requirements PAGEREF _Toc377980136 \h 37In this topic PAGEREF _Toc377980137 \h 37Microsoft Dynamics CRM for Outlook software feature prerequisites PAGEREF _Toc377980138 \h 38Additional Microsoft Dynamics CRM for Outlook software requirements PAGEREF _Toc377980139 \h 39Running Microsoft Dynamics CRM for Outlook on computers that have multiple versions of Outlook installed PAGEREF _Toc377980140 \h 39See Also PAGEREF _Toc377980141 \h 39Web application requirements for Microsoft Dynamics CRM 2013 PAGEREF _Toc377980142 \h 40In This Topic PAGEREF _Toc377980143 \h 40Microsoft Dynamics CRM web application hardware requirements PAGEREF _Toc377980144 \h 40Supported versions of Internet Explorer PAGEREF _Toc377980145 \h 41Supported operating systems when you use Internet Explorer PAGEREF _Toc377980146 \h 41Supported versions of Internet Explorer PAGEREF _Toc377980147 \h 41Supported non-Internet Explorer web browsers PAGEREF _Toc377980148 \h 41Supported versions of Microsoft Office PAGEREF _Toc377980149 \h 42Printing reports PAGEREF _Toc377980150 \h 42See Also PAGEREF _Toc377980151 \h 42Tablet support for Microsoft Dynamics CRM 2013 and CRM Online PAGEREF _Toc377980152 \h 43In This Topic PAGEREF _Toc377980153 \h 43Windows 8 PAGEREF _Toc377980154 \h 43Microsoft Dynamics CRM for Windows 8 minimum requirements PAGEREF _Toc377980155 \h 43Apple iPad PAGEREF _Toc377980156 \h 44Microsoft Dynamics CRM for iPad minimum requirements PAGEREF _Toc377980157 \h 44Google Nexus PAGEREF _Toc377980158 \h 45See Also PAGEREF _Toc377980159 \h 45Mobile phone support for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online PAGEREF _Toc377980160 \h 45In This Topic PAGEREF _Toc377980161 \h 45CRM phone apps PAGEREF _Toc377980162 \h 45CRM for iPhones PAGEREF _Toc377980163 \h 46CRM for Android PAGEREF _Toc377980164 \h 46CRM for Windows Phone 8 PAGEREF _Toc377980165 \h 46BlackBerry PAGEREF _Toc377980166 \h 46CRM for phones PAGEREF _Toc377980167 \h 47See Also PAGEREF _Toc377980168 \h 4764-bit supported configurations for Microsoft Dynamics CRM 2013 PAGEREF _Toc377980169 \h 47See Also PAGEREF _Toc377980170 \h 48Microsoft Dynamics CRM 2013 language support PAGEREF _Toc377980171 \h 48In This Topic PAGEREF _Toc377980172 \h 48Microsoft Dynamics CRM Server language requirements PAGEREF _Toc377980173 \h 48Microsoft Dynamics CRM Server language examples PAGEREF _Toc377980174 \h 49CRM phone app language support PAGEREF _Toc377980175 \h 50See Also PAGEREF _Toc377980176 \h 51Planning Deployment of Microsoft Dynamics CRM 2013 PAGEREF _Toc377980177 \h 52In This Section PAGEREF _Toc377980178 \h 52Related Sections PAGEREF _Toc377980179 \h 52Prerequisites and considerations for planning your deployment of Microsoft Dynamics CRM 2013 PAGEREF _Toc377980180 \h 53See Also PAGEREF _Toc377980181 \h 53Hardware requirements PAGEREF _Toc377980182 \h 54See Also PAGEREF _Toc377980183 \h 54Software requirements PAGEREF _Toc377980184 \h 54See Also PAGEREF _Toc377980185 \h 55Active Directory and network requirements for Microsoft Dynamics CRM 2013 PAGEREF _Toc377980186 \h 55Federation and claims-based authentication support PAGEREF _Toc377980187 \h 55Active Directory Federation Services PAGEREF _Toc377980188 \h 56Digital Certificates PAGEREF _Toc377980189 \h 56IPv6 Support PAGEREF _Toc377980190 \h 57See Also PAGEREF _Toc377980191 \h 57SQL Server installation and configuration PAGEREF _Toc377980192 \h 57In This Section PAGEREF _Toc377980193 \h 58Related Sections PAGEREF _Toc377980194 \h 58SQL Server requirements and recommendations for Microsoft Dynamics CRM PAGEREF _Toc377980195 \h 58See Also PAGEREF _Toc377980196 \h 60SQL Server deployment PAGEREF _Toc377980197 \h 60In This Topic PAGEREF _Toc377980198 \h 61SQL Server deployment considerations PAGEREF _Toc377980199 \h 61Language locale collation and sort order PAGEREF _Toc377980200 \h 62Disk configurations and file locations PAGEREF _Toc377980201 \h 62SQL Server program file location PAGEREF _Toc377980202 \h 63SQL Server data file location PAGEREF _Toc377980203 \h 63Specifying file paths PAGEREF _Toc377980204 \h 65Default-instance file path for program and data files PAGEREF _Toc377980205 \h 65Microsoft Dynamics CRM database renaming considerations PAGEREF _Toc377980206 \h 65Organization database names PAGEREF _Toc377980207 \h 65Organization database renaming PAGEREF _Toc377980208 \h 66SQL Server transparent data encryption PAGEREF _Toc377980209 \h 66See Also PAGEREF _Toc377980210 \h 66Additional resources for SQL Server PAGEREF _Toc377980211 \h 67See Also PAGEREF _Toc377980212 \h 67Planning requirements for Microsoft SQL Server Reporting Services PAGEREF _Toc377980213 \h 67Microsoft Dynamics CRM Reporting Extensions requirements PAGEREF _Toc377980214 \h 68See Also PAGEREF _Toc377980215 \h 69Planning email integration PAGEREF _Toc377980216 \h 69See Also PAGEREF _Toc377980217 \h 70Microsoft Dynamics CRM Email Router PAGEREF _Toc377980218 \h 70Email systems PAGEREF _Toc377980219 \h 71Network topology and email traffic PAGEREF _Toc377980220 \h 71Avoid mailbox storage problems PAGEREF _Toc377980221 \h 72See Also PAGEREF _Toc377980222 \h 72E-mail message filtering and correlation PAGEREF _Toc377980223 \h 72Microsoft Dynamics CRM 2013 tracking tokens PAGEREF _Toc377980224 \h 73Tracking token structure PAGEREF _Toc377980225 \h 74Smart matching PAGEREF _Toc377980226 \h 75See Also PAGEREF _Toc377980227 \h 75Forward mailbox vs. individual mailboxes PAGEREF _Toc377980228 \h 75Forward mailbox monitoring PAGEREF _Toc377980229 \h 76See Also PAGEREF _Toc377980230 \h 76Microsoft Dynamics CRM user options PAGEREF _Toc377980231 \h 77Incoming e-mail messaging options PAGEREF _Toc377980232 \h 77Outgoing e-mail messaging options PAGEREF _Toc377980233 \h 77See Also PAGEREF _Toc377980234 \h 78Additional resources for Exchange Server PAGEREF _Toc377980235 \h 78See Also PAGEREF _Toc377980236 \h 78Operating system and platform technology security considerations for Microsoft Dynamics CRM 2013 PAGEREF _Toc377980237 \h 78In This Topic PAGEREF _Toc377980238 \h 79Securing Windows Server PAGEREF _Toc377980239 \h 79Windows error reporting PAGEREF _Toc377980240 \h 79Virus, malware, and identity protection PAGEREF _Toc377980241 \h 80Update management PAGEREF _Toc377980242 \h 80Securing SQL Server PAGEREF _Toc377980243 \h 80Securing Exchange Server and Outlook PAGEREF _Toc377980244 \h 81Securing mobile devices PAGEREF _Toc377980245 \h 82See Also PAGEREF _Toc377980246 \h 82Security considerations for Microsoft Dynamics CRM 2013 PAGEREF _Toc377980247 \h 82In This Topic PAGEREF _Toc377980248 \h 83What kind of service account should I choose? PAGEREF _Toc377980249 \h 83Minimum permissions required for Microsoft Dynamics CRM Setup and services PAGEREF _Toc377980250 \h 83Microsoft Dynamics CRM Server Setup PAGEREF _Toc377980251 \h 84Microsoft Dynamics CRM services and IIS application pool identity permissions PAGEREF _Toc377980252 \h 84Microsoft Dynamics CRM Sandbox Processing Service PAGEREF _Toc377980253 \h 85Microsoft Dynamics CRM Asynchronous Processing Service and Microsoft Dynamics CRM Asynchronous Processing Service (maintenance) services PAGEREF _Toc377980254 \h 85Microsoft Dynamics CRM Monitoring Service PAGEREF _Toc377980255 \h 85Microsoft Dynamics CRM VSS Writer service PAGEREF _Toc377980256 \h 86Deployment Web Service (CRMDeploymentServiceAppPool Application Pool identity) PAGEREF _Toc377980257 \h 86Application Service (CRMAppPool IIS Application Pool identity) PAGEREF _Toc377980258 \h 86IIS Application Pool identities running under Kernel-Mode authentication and SPNs PAGEREF _Toc377980259 \h 87Microsoft Dynamics CRM installation files PAGEREF _Toc377980260 \h 87See Also PAGEREF _Toc377980261 \h 87Security best practices for Microsoft Dynamics CRM PAGEREF _Toc377980262 \h 88Service principal name management in Microsoft Dynamics CRM 2013 PAGEREF _Toc377980263 \h 88See Also PAGEREF _Toc377980264 \h 89Administration best practices for on-premises deployments of Microsoft Dynamics CRM PAGEREF _Toc377980265 \h 90See Also PAGEREF _Toc377980266 \h 90Network ports for Microsoft Dynamics CRM PAGEREF _Toc377980267 \h 91In This Topic PAGEREF _Toc377980268 \h 91Network ports for the Microsoft Dynamics CRM web application PAGEREF _Toc377980269 \h 91Network ports for the Asynchronous Service, Web Application Server, and Sandbox Processing Service server roles PAGEREF _Toc377980270 \h 93Network ports for the Deployment Web Service server role PAGEREF _Toc377980271 \h 93Network ports that are used by the SQL Server that runs the SQL Server and Microsoft Dynamics CRM Reporting Extensions server roles PAGEREF _Toc377980272 \h 93See Also PAGEREF _Toc377980273 \h 95Known risks and vulnerabilities PAGEREF _Toc377980274 \h 95In This Topic PAGEREF _Toc377980275 \h 95Risks when users connect to CRM over an unsecured network PAGEREF _Toc377980276 \h 95Security recommendations on server role deployments PAGEREF _Toc377980277 \h 95Anonymous authentication PAGEREF _Toc377980278 \h 96Isolate the HelpServer role for Internet-facing deployments PAGEREF _Toc377980279 \h 96Claims-based authentication issues and limitations PAGEREF _Toc377980280 \h 97Verify that the identity provider uses a strong password policy PAGEREF _Toc377980281 \h 97AD FS federation server sessions are valid up to 8 hours even for deactivated or deleted users PAGEREF _Toc377980282 \h 97Secure the PAGEREF _Toc377980283 \h 97Outbound Internet calls from custom code executed by the Sandbox Processing Service are enabled PAGEREF _Toc377980284 \h 98Secure server-to-server communication PAGEREF _Toc377980285 \h 98DNS rebinding attacks PAGEREF _Toc377980286 \h 99See Also PAGEREF _Toc377980287 \h 99Microsoft Dynamics CRM standards compliance and certification PAGEREF _Toc377980288 \h 99Security standards compliance PAGEREF _Toc377980289 \h 99FIPS 140-2 compliance PAGEREF _Toc377980290 \h 99Certification PAGEREF _Toc377980291 \h 100See Also PAGEREF _Toc377980292 \h 100Microsoft Dynamics CRM 2013 supported configurations PAGEREF _Toc377980293 \h 100Active Directory requirements PAGEREF _Toc377980294 \h 100Single-server deployment PAGEREF _Toc377980295 \h 101See Also PAGEREF _Toc377980296 \h 102Microsoft Dynamics CRM multiple-server deployment PAGEREF _Toc377980297 \h 102Install server roles by running Microsoft Dynamics CRM Server Setup PAGEREF _Toc377980298 \h 102Install server roles by running Microsoft Dynamics CRM Server 2013 at the command prompt PAGEREF _Toc377980299 \h 102Microsoft Dynamics CRM Server 2013 placement PAGEREF _Toc377980300 \h 102SQL Server and Active Directory domain controller placement PAGEREF _Toc377980301 \h 103See Also PAGEREF _Toc377980302 \h 103Microsoft Dynamics CRM 2013 server roles PAGEREF _Toc377980303 \h 103In This Topic PAGEREF _Toc377980304 \h 104Available group server roles PAGEREF _Toc377980305 \h 104Available individual server roles PAGEREF _Toc377980306 \h 106Scope definition PAGEREF _Toc377980307 \h 108Installation method definition PAGEREF _Toc377980308 \h 108Microsoft Dynamics CRM Server role requirements PAGEREF _Toc377980309 \h 109See Also PAGEREF _Toc377980310 \h 111Support for Microsoft Dynamics CRM multiple-server topologies PAGEREF _Toc377980311 \h 111In This Topic PAGEREF _Toc377980312 \h 112Five-server topology PAGEREF _Toc377980313 \h 112Multi-forest and multi-domain with Internet access Active Directory topology PAGEREF _Toc377980314 \h 113See Also PAGEREF _Toc377980315 \h 115Upgrading from Microsoft Dynamics CRM 2011 PAGEREF _Toc377980316 \h 116In This Topic PAGEREF _Toc377980317 \h 116Recommended upgrade steps PAGEREF _Toc377980318 \h 116Microsoft Dynamics CRM Server upgrade options PAGEREF _Toc377980319 \h 117Microsoft Dynamics CRM 2011 Server versions supported for upgrade PAGEREF _Toc377980320 \h 118Microsoft Dynamics CRM 2011 for Outlook versions supported for upgrade PAGEREF _Toc377980321 \h 118Microsoft Dynamics CRM software and components not supported for in-place upgrade PAGEREF _Toc377980322 \h 118Upgrade product key PAGEREF _Toc377980323 \h 119User permissions and privileges PAGEREF _Toc377980324 \h 119Sharing a SQL Server PAGEREF _Toc377980325 \h 119Tips for a successful upgrade PAGEREF _Toc377980326 \h 120Do not exceed the maximum number of attributes PAGEREF _Toc377980327 \h 120Remove custom database objects PAGEREF _Toc377980328 \h 120Remove the ignorechecks registry subkey PAGEREF _Toc377980329 \h 120Verify custom indexes before you upgrade PAGEREF _Toc377980330 \h 120Consider rescheduling base and extension table merge PAGEREF _Toc377980331 \h 120Next steps PAGEREF _Toc377980332 \h 121See Also PAGEREF _Toc377980333 \h 121Before you upgrade: issues and considerations PAGEREF _Toc377980334 \h 121In This Topic PAGEREF _Toc377980335 \h 121What has changed in supported products and technologies? PAGEREF _Toc377980336 \h 121End of support for outdated programmability features PAGEREF _Toc377980337 \h 122Delete connections to enable use of access teams PAGEREF _Toc377980338 \h 122Changes to duplicate detection PAGEREF _Toc377980339 \h 122Microsoft Lync presence not supported in some areas PAGEREF _Toc377980340 \h 122Update your customizations for the new user interface PAGEREF _Toc377980341 \h 123See Also PAGEREF _Toc377980342 \h 123Upgrade the Microsoft Dynamics CRM Deployment PAGEREF _Toc377980343 \h 123In This Topic PAGEREF _Toc377980344 \h 123The upgrade process PAGEREF _Toc377980345 \h 123Prepare to upgrade PAGEREF _Toc377980346 \h 124Establish the test environment PAGEREF _Toc377980347 \h 127Upgrade and validate the test environment PAGEREF _Toc377980348 \h 128What to do when you cannot successfully upgrade or migrate? PAGEREF _Toc377980349 \h 128Upgrade Microsoft Dynamics CRM for Outlook PAGEREF _Toc377980350 \h 129In This Topic PAGEREF _Toc377980351 \h 129Microsoft Dynamics CRM for Outlook upgrade requirements PAGEREF _Toc377980352 \h 129Microsoft Dynamics CRM 2011 for Outlook compatibility with Microsoft Dynamics CRM 2013 Server PAGEREF _Toc377980353 \h 131Cross-architecture upgrade of Microsoft Dynamics CRM for Outlook PAGEREF _Toc377980354 \h 132See Also PAGEREF _Toc377980355 \h 132Planning Deployment of Microsoft Dynamics CRM 2013 Advanced Topics PAGEREF _Toc377980356 \h 132In This Section PAGEREF _Toc377980357 \h 132See Also PAGEREF _Toc377980358 \h 133Advanced deployment options for Microsoft Dynamics CRM Server 2013 PAGEREF _Toc377980359 \h 133Update Setup files by using a local package PAGEREF _Toc377980360 \h 133Add or remove server roles PAGEREF _Toc377980361 \h 133Use Windows Powershell to perform deployment tasks PAGEREF _Toc377980362 \h 133In This Section PAGEREF _Toc377980363 \h 133See Also PAGEREF _Toc377980364 \h 134Configure a Microsoft Dynamics CRM Internet-facing deployment PAGEREF _Toc377980365 \h 134In This Topic PAGEREF _Toc377980366 \h 134About claims-based authentication PAGEREF _Toc377980367 \h 135Internet-facing server best practices PAGEREF _Toc377980368 \h 135Implement a strong password policy PAGEREF _Toc377980369 \h 135Internet connection firewall PAGEREF _Toc377980370 \h 135Proxy/firewall server PAGEREF _Toc377980371 \h 136Configure IFD PAGEREF _Toc377980372 \h 136Step 1: Configure Microsoft Dynamics CRM Server 2013 for Internet access PAGEREF _Toc377980373 \h 136Step 2: Configure Microsoft Dynamics CRM for Outlook to connect to the Microsoft Dynamics CRM Server 2013 by using the Internet PAGEREF _Toc377980374 \h 136See Also PAGEREF _Toc377980375 \h 136Key management in Microsoft Dynamics CRM PAGEREF _Toc377980376 \h 137In This Topic PAGEREF _Toc377980377 \h 137Key types PAGEREF _Toc377980378 \h 137Key regeneration and renewal PAGEREF _Toc377980379 \h 137Key-management logging PAGEREF _Toc377980380 \h 137Key storage PAGEREF _Toc377980381 \h 138How to encrypt Microsoft Dynamics CRM keys PAGEREF _Toc377980382 \h 138See Also PAGEREF _Toc377980383 \h 138Multi-organization deployment PAGEREF _Toc377980384 \h 138See Also PAGEREF _Toc377980385 \h 139Accessibility in Microsoft Dynamics CRM PAGEREF _Toc377980386 \h 139Accessibility features in browsers PAGEREF _Toc377980387 \h 139See Also PAGEREF _Toc377980388 \h 140Planning Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM OnlineIT Pros and CRM administrators can use the resources and topics in this guide to help them plan an on-premises deployment of Microsoft Dynamics CRM 2013 and to help in planning to use Microsoft Dynamics CRM Online.In This SectionPlanning Your Deployment of Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM OnlineMicrosoft Dynamics CRM editions and licensingWhat's new in Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM OnlineMicrosoft Dynamics CRM system requirements and required technologiesPlanning Deployment of Microsoft Dynamics CRM 2013Planning Deployment of Microsoft Dynamics CRM 2013 Advanced TopicsRelated SectionsInstalling Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM OnlineAdministration Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM OnlineOperating Guide for Microsoft Dynamics CRM 2013 (on-premises)Customization Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM OnlineReport Writers Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM OnlineSend us your comments about this documentIf you have a question or comment about this document, click to send an e-mail message to the Microsoft Dynamics CRM content team. If your question is about Microsoft Dynamics CRM products, and not about the content of this book, search the Microsoft Help and Support Center or the Microsoft Knowledge Base.Planning Your Deployment of Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM OnlineFor larger organizations, planning Microsoft Dynamics CRM 2013 or Microsoft Dynamics CRM Online, like any enterprise-wide software, is a significant task. This guide is written for the team of people responsible for planning Microsoft Dynamics CRM, and provides information and tools that are needed to design a successful implementation. In smaller organizations, several roles may be filled by one person. In larger organizations, each role may be divided among several people. These roles include the following:?Business managers. Responsible for determining how your business will use Microsoft Dynamics CRM. This includes mapping your processes to Microsoft Dynamics CRM, deciding on default values, and identifying any required customizations.?Customization technical staff. Responsible for implementing the planned customizations.?Network technical staff. Responsible for determining how Microsoft Dynamics CRM will be deployed on the network and how users will access the system.?Project manager. Responsible for managing an enterprise-wide implementation anizations that implement Microsoft Dynamics CRM software may use the services of an independent software vendor (ISV) or value-added reseller, a consultant, or other organization that is partnered with Microsoft and will help you with implementing and maintaining your Microsoft Dynamics CRM installation. Because of this assumption, there may be references in this guide to these "partners" who are expected to provide services to you.Resources for planning and preparing users for Microsoft Dynamics CRMThese resources are available to help you plan a deployment of Microsoft Dynamics CRM 2013 or Microsoft Dynamics CRM Online.Microsoft Dynamics SureStepMicrosoft Dynamics Sure Step is a full customer lifecycle methodology for all Microsoft Dynamics solutions, providing the Microsoft ecosystem with comprehensive sales through delivery guidance, project management discipline alignment and field-driven best practices. Microsoft Dynamics Sure Step is designed for Microsoft Dynamics Partners to successfully and reliably complete customer projects on time and on budget. More information: Microsoft Dynamics CRM Sure Step GuideManage your Microsoft Dynamics CRM Online subscriptionIf you’re an administrator who needs to plan and implement Microsoft Dynamics CRM Online in your organization, the Manage your Microsoft Dynamics CRM Online subscription is designed for you. The guide also helps other users to ramp up with Microsoft Dynamics CRM Online.User training and adoptionMore information: Training and Adoption Kit for Microsoft Dynamics CRM.See AlsoPlanning Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM OnlineMicrosoft Dynamics CRM editions and licensingMicrosoft Dynamics CRM editions and licensingMicrosoft Dynamics CRM offers licensing options that cover implementations for small, to mid-level, to even very large organizations.Editions and licensing for on-premises deployments?Microsoft Dynamics CRM Server 2013. There is no user limit for this edition. Additional features include support for multiple organizations, multiple server instances, and separate role-based service installation. Role-based services let you increase performance by installing component services on different computers. Users of the Professional edition can be granted full access to all features and customization areas. ?Microsoft Dynamics CRM Workgroup Server 2013. This edition is limited to five, or fewer, users. This version is limited to a single organization and a single computer that is running Microsoft Dynamics CRM 2013. Users of the Basic edition have the same access as the Essential edition, plus they can be granted access to accounts, contacts, cases, leads, reporting, personal dashboards, and visualizations.LicensingA Microsoft Dynamics CRM deployment operates by using a single product key. However, each Microsoft Dynamics?CRM Server in a Microsoft Dynamics CRM 2013 deployment requires a server license. Only the Microsoft Dynamics CRM Server 2013 edition is licensed for multiple Microsoft Dynamics CRM 2013 servers or server roles in a deployment. Microsoft Dynamics CRM Workgroup Server 2013 edition is limited to running on a single server in a deployment.You can view and upgrade a license in Deployment Manager. Deployment Manager is a Microsoft Management Console (MMC) snap-in that system administrators can use to manage organizations, servers, and licenses for deployments of Microsoft Dynamics CRM. Client Access License TypesYou can view and modify client access license types for each user in the Users area of the Settings area in the Microsoft Dynamics CRM web client. For more information about Microsoft Dynamics CRM 2013 licensing, see How to buy Microsoft Dynamics.You can view and upgrade a license in Deployment Manager. Deployment Manager is a Microsoft Management Console (MMC) snap-in that deployment administrators can use to manage organizations, servers, and licenses for deployments of Microsoft Dynamics CRM. Microsoft Dynamics CRM Online licensingWith Microsoft Dynamics CRM Online, you get powerful CRM capabilities and features delivered as a cloud service from Microsoft, providing instant-on, anywhere access, and predictable pay-as-you-go pricing. Licensing plans for Microsoft Dynamics CRM Online determine the amount of features and functionality users need and is licensed using a subscription.?Microsoft Dynamics CRM Online Essential. Users who have the Essential subscription can be granted access to the system entities, custom entities, activities, Activity Feeds, and access by using the Microsoft Dynamics?CRM?SDK. ?Microsoft Dynamics CRM Online Basic. Users who have the Basic subscription have the same access as the Essential USL plus can be granted access to accounts, contacts, cases, leads, reporting, personal dashboards and visualizations. ?Microsoft Dynamics CRM Online Professional. Users of who have the Professional subscription can be granted full access to all features and customization areas of Microsoft Dynamics CRM. For more information, see Microsoft Dynamics CRM Online Licensing Guidelines.See AlsoPlanning Your Deployment of Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM OnlineWhat's new in Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM OnlineWhat's new in Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM OnlineMicrosoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online include several new features that offer flexibility, scalability, and ease of use.In This TopicWhat’s changed in this release? New in both Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM OnlineNew Microsoft Dynamics CRM Online featuresNew Microsoft Dynamics CRM 2013 (on-premises) featuresWhat’s changed in this release? In support of the latest technologies and in compliance with the Microsoft Support Lifecycle, obsolete platform products and technologies will no longer be supported in Microsoft Dynamics CRM 2013. More information: What’s changing in the next major releaseNew in both Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM OnlineSome new features included with Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online are the following:?Improved user interface. Much of the user interface has been improved to provide better touch support, drive efficiencies, and minimize the number of window popups. ?Database encryption. Organization database encryption is enabled for a set of default entity attributes that contain sensitive information, such as user names and email passwords. This feature can help organizations meet FIPS 140-2 compliance. Encryption keys can be viewed and changed in Microsoft Dynamics CRM. More information: Data Encryption?Mobile apps. Access important customer information from your phone or tablet with the new smartphone and tablet apps. For more information, see CRM for Tablets and Phones. For device support, see Mobile phone support for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online and Tablet support for Microsoft Dynamics CRM 2013 and CRM Online. New Microsoft Dynamics CRM Online featuresThis section lists the new features available with the Microsoft Dynamics CRM Online Fall ‘13 release.Expanded licensing plansMicrosoft Dynamics CRM Online brings to the online customers a new multi-tiered licensing model that has already been successfully used by the on-premises customers. More information: Microsoft Dynamics CRM editions and licensingNew Microsoft Dynamics CRM 2013 (on-premises) featuresThis section lists new features available with Microsoft Dynamics CRM 2013 (on-premises).Volume Shadow Service (VSS) supportThe Volume Shadow Service (VSS) Writer service provides support for Data Protection Manager to simplify data backup and recovery. More information: Microsoft Dynamics CRM 2013 VSS WriterServer-side synchronizationServer-side synchronization provides server-to-server synchronization of email messages, tasks, contacts, and appointments between Microsoft Dynamics CRM 2013 and Microsoft Exchange Server or POP3/SMTP email systems. To use this functionality you don’t have to install and maintain a separate application. More information: Introducing Server-Side SynchronizationMicrosoft Dynamics CRM 2013 Best Practices AnalyzerThe Microsoft Dynamics CRM 2013 Best Practices Analyzer is a diagnostic tool that gathers information from installed Microsoft Dynamics CRM 2013 server roles and builds a report of best practices and recommended solutions based on the existing deployment. More information: Microsoft Dynamics CRM 2013 Best Practices Analyzer (BPA)Defer the base and extension table merge as part of upgradeAs part of the upgrade from Microsoft Dynamics CRM 2011 to Microsoft Dynamics CRM 2013, all organization databases will have the entitynameBase and entitynameExtensionBase tables merged into a single entitynameBase table. Reducing the number of tables in the organization database can improve overall performance of transactional operations in CRM.However, for enterprise customers with organization databases having large and complex customizations or solutions, the table merge may take several hours to complete. You can perform the merge as a separate operation to reduce application downtime caused by the upgrade. More information: Run the Base and Extension table merge as a separate operationSee AlsoPlanning Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM OnlineMicrosoft Dynamics CRM editions and licensingMicrosoft Dynamics CRM system requirements and required technologiesWhat's new for administrators in Microsoft Dynamics CRM 2013 and CRM OnlineWhat's new for customizationMicrosoft Dynamics CRM system requirements and required technologiesMicrosoft Dynamics CRM Online reduces the system requirements of traditional on-premises deployments by operating all the infrastructure and platform essentials in the cloud. At a glance, the minimum software requirements for users and administrators of Microsoft Dynamics CRM Online includes the following:?Windows operating system when you use CRM for Outlook. Apple Mac, when running Apple Safari, supported tablet, or mobile device.?Supported web browser, such as later versions of Internet Explorer or the latest versions of Apple Safari, Google Chrome and Mozilla Firefox.?Microsoft Office Outlook (optional). Microsoft Dynamics CRM 2013 on-premises versions have a much larger requirement for both hardware and software than Microsoft Dynamics CRM Online. Microsoft Dynamics CRM 2013 on-premises versions require the software listed previously plus the following software:?Microsoft Windows Server?A Microsoft Windows Server Active Directory infrastructure?An Internet Information Services (IIS) website?Microsoft SQL Server 2008 or Microsoft SQL Server 2012?Microsoft SQL Server 2008 Reporting Services or Microsoft SQL Server 2012 Reporting Services?Microsoft Exchange Server or access to a POP3-compliant email server (optional)?SharePoint Server (required for document management)?Claims-based security token service (required for Internet-facing deployments)?Windows operating system when you use CRM for Outlook. Apple Mac, when running Apple Safari, supported tablet, or mobile device.?Supported web browser, such as later versions of Internet Explorer or the latest versions of Apple Safari, Google Chrome and Mozilla Firefox.?Microsoft Office Outlook (optional). Note For detailed hardare and software requirements or specific product versions and service pack levels that are supported, see the links in “In this Section” later in this topic.Important Typically, Microsoft Dynamics CRM applications support the latest version and service pack (SP) for all required components, such as Windows Server, Microsoft SQL Server, and Microsoft Office. However, to fully support the latest version of a required component, you should apply the latest update for Microsoft Dynamics CRM. For information about the latest update, see Microsoft Dynamics CRM 2013 updates and hotfixes.For the compatibility status of the required or optional components that are updated, see Microsoft Dynamics CRM Compatibility List. Microsoft Dynamics CRM 2013 matches the support policy for all dependent products and technologies, such as Microsoft Office or Microsoft Exchange Server. For example, mainstream support for Microsoft Office 2010 ends 10/13/2015; therefore mainstream support for CRM for Outlook running on Microsoft Office 2010 also ends on that date. For more information, see Select a Product for Lifecycle Information.Before you install Microsoft Dynamics CRM 2013, review the following topics, which provide detailed information about the products and technologies that are required or optional for Microsoft Dynamics CRM 2013. In This SectionMicrosoft Dynamics CRM Server 2013 hardware requirementsMicrosoft SQL Server hardware requirements for Microsoft Dynamics CRM Server 2013Software requirements for Microsoft Dynamics CRM Server 2013Microsoft Dynamics CRM 2013 Reporting Extensions requirementsSharePoint Document Management software requirements for Microsoft Dynamics CRM 2013Lync and Office Communications Server integration with Microsoft Dynamics CRM 2013Microsoft Dynamics CRM Email Router hardware requirementsMicrosoft Dynamics CRM Email Router software requirementsMicrosoft Dynamics CRM for Outlook hardware requirementsMicrosoft Dynamics CRM for Outlook software requirementsTablet support for Microsoft Dynamics CRM 2013 and CRM OnlineMobile phone support for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online64-bit supported configurations for Microsoft Dynamics CRM 2013Microsoft Dynamics CRM 2013 language supportSee AlsoWhat's new in Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM OnlinePlanning Deployment of Microsoft Dynamics CRM 2013Microsoft Dynamics CRM Server 2013 hardware requirementsThe following table lists the minimum and recommended hardware requirements for Microsoft Dynamics CRM Server 2013 running in a Full Server configuration. These requirements assume that additional components such as Microsoft SQL Server, Microsoft SQL Server Reporting Services, SharePoint, or Microsoft Exchange Server aren’t installed or running on the ponent*Minimum*RecommendedProcessorx64 architecture or compatible dual-core 1.5 GHz processorQuad-core x64 architecture 2 GHz CPU or higher such as AMD Opteron or Intel Xeon systemsMemory2-GB RAM8-GB RAM or moreHard disk10 GB of available hard disk spaceNote Computers with more than 16GB of RAM will require more disk space for paging, hibernation, and dump files.40 GB or more of available hard disk spaceNote Computers with more than 16GB of RAM will require more disk space for paging, hibernation, and dump files.* Actual requirements and product functionality may vary based on your system configuration and operating system.Running Microsoft Dynamics CRM on a computer that has less than the recommended requirements may result in inadequate performance.The minimum and recommended requirements are based on 320-user load simulation tests.See AlsoMicrosoft Dynamics CRM system requirements and required technologiesMicrosoft SQL Server hardware requirements for Microsoft Dynamics CRM Server 2013Microsoft SQL Server hardware requirements for Microsoft Dynamics CRM Server 2013Microsoft SQL Server database engine and Microsoft SQL Server Reporting Services are required to install and run on-premises versions of Microsoft Dynamics CRM 2013. The following table lists the minimum and recommended hardware requirements for Microsoft SQL Server. These requirements assume that additional components such as Microsoft Dynamics CRM 2013, Microsoft SQL Server Reporting Services, SharePoint, or Microsoft Exchange Server aren’t installed or running on the ponent*Minimum*RecommendedProcessorx64 architecture or compatible dual-core 1.5 GHz processorQuad-core x64 architecture 2 GHz CPU or higher such as AMD Opteron or Intel Xeon systemsMemory4-GB RAM16-GB RAM or moreHard diskSAS RAID 5 or RAID 10 hard disk arraySAS RAID 5 or RAID 10 hard disk array* Actual requirements and product functionality may vary based on your system configuration and operating system.Maintaining Microsoft Dynamics CRM databases on a computer that has less than the recommended requirements may result in inadequate performance.The minimum and recommended requirements are based on 320-user load simulation tests.See AlsoMicrosoft Dynamics CRM system requirements and required technologiesMicrosoft Dynamics CRM Server 2013 hardware requirementsSoftware requirements for Microsoft Dynamics CRM Server 2013Software requirements for Microsoft Dynamics CRM Server 2013This section lists the software and application requirements for Microsoft Dynamics CRM Server 2013.In This TopicWindows Server operating systemSupported Windows Server 2012 editionsSupported Windows Server 2008 editionsServer virtualizationActive Directory modesInternet Information Services (IIS) SQL Server editionsAccessing Microsoft Dynamics CRM from the Internet - Claims-based authentication and IFD requirementsSQL Server Reporting ServicesSoftware component prerequisitesVerify prerequisitesWindows Server operating systemMicrosoft Dynamics CRM Server 2013 can be installed only on Windows Server 2008 or Windows Server 2012 64-bit-based computers. The specific versions and editions of Windows Server that are supported for installing and running Microsoft Dynamics CRM Server 2013 are listed in the following sections.Important The following Windows Server versions are not supported for installing and running Microsoft Dynamics CRM Server 2013:?Windows Server 2012 R2 editions (support pending update rollup)?Windows Server 2012 Foundation?Windows Server 2012 Essentials?Microsoft Windows Small Business Server editions?The Windows Server 2003 family of operating systems Supported Windows Server 2012 editionsThe following editions of the Windows Server 2012 operating system are supported for installing and running Microsoft Dynamics CRM Server 2013:?Windows Server 2012 Datacenter?Windows Server 2012 StandardImportant Windows Server 2012 R2 is currently not supported with this release of Microsoft Dynamics CRM Server 2013.Supported Windows Server 2008 editionsThe following editions of the Windows Server 2008 operating system are supported for installing and running Microsoft Dynamics CRM Server 2013:?Windows Server 2008 Standard SP2 (x64 versions) or Windows Server 2008 Standard R2 SP1?Windows Server 2008 Enterprise SP2 (x64 versions) or Windows Server 2008 Enterprise R2 SP1?Windows Server 2008 Datacenter SP2 (x64 versions) or Windows Server 2008 Datacenter R2 SP1?Windows Web Server 2008 SP2 (x64 versions) or Windows Web Server 2008 R2 SP1Important ?Windows Server 2008 installed by using the Server Core installation option is not supported for installing and running Microsoft Dynamics CRM 2013 Server.?Windows Server 2008 for Itanium-based systems isn’t supported for installing and running Microsoft Dynamics CRM Server 2013.Server virtualizationMicrosoft Dynamics CRM servers can be deployed in a virtualized environment by using Windows Server 2008 or Windows Server 2012 with Hyper-V or virtualization solutions from vendors who participate in the Microsoft Windows Server Virtualization Validation Program (SVVP). You must understand the limitations and best practices of server virtualization before you try to virtualize your installation of Microsoft Dynamics CRM. For information about Hyper-V, see the Microsoft Virtualization website.Active Directory modesThe computer that Microsoft Dynamics CRM Server 2013 is running on must be a member in a domain that is running in one of the following Active Directory directory service forest and domain functional levels:?Windows Server 2003 Interim?Windows Server 2003 Native?Windows Server 2008 Interim?Windows Server 2008 Native?Windows Server 2012For more information about Active Directory domain and forest functional levels, see the Active Directory Domains and Trusts Microsoft Management Console (MMC) snap-in Help.Important ?The computer that Microsoft Dynamics CRM is running on shouldn’t function as an Active Directory domain controller.?When you use the Add Users Wizard, only users from trusted domains in the current forest will be displayed. Users from trusted external forests aren’t supported and don’t appear in the wizard. ?Installing Microsoft Dynamics CRM 2013 Server in an LDAP directory that is running in Active Directory Application Mode (ADAM) is not supported.Internet Information Services (IIS) Microsoft Dynamics CRM Server 2013 supports Internet Information Services (IIS) versions 7, 7.5, and 8.0.We recommend that you install and run IIS in Native Mode before you install Microsoft Dynamics CRM Server 2013. However, if IIS is not installed and it is required for a Microsoft Dynamics CRM server role, Microsoft Dynamics CRM Server Setup will install it.Important Microsoft Dynamics CRM can’t use a website that has more than one http or https binding. Although IIS supports multiple http and https bindings, there is a limitation in using additional bindings with Windows Communication Foundation (WCF). WCF is required when you use CRM for Outlook. Before you install or upgrade, you must remove the additional bindings from the Web site used for Microsoft Dynamics CRM or select a different Web site.SQL Server editionsAny one of the following Microsoft SQL Server editions is required and must be installed on Windows Server 2008 (x64 SP2 or R2) versions or Windows Server 2012 64-bit-based computers, running, and available for Microsoft Dynamics CRM:?Microsoft SQL Server 2008, Standard Edition, x64 SP3 or R2 SP2?Microsoft SQL Server 2008, Enterprise Edition, x64 SP3 or R2 SP2?Microsoft SQL Server 2008 Datacenter x64 SP3 or R2 SP2?Microsoft SQL Server 2008 Developer x64 SP3 or R2 SP2 (for non-production environments only)?Microsoft SQL Server 2012, Enterprise, 64-bit SP1?Microsoft SQL Server 2012, Business Intelligence, 64-bit SP1?Microsoft SQL Server 2012, Standard, 64-bit SP1Important ?32-bit versions of Microsoft SQL Server 2008 or Microsoft SQL Server 2012 database engine are not supported for this version of Microsoft Dynamics CRM.?Microsoft SQL Server 2008 Workgroup, Web, Compact, or Microsoft SQL Server 2008 Express Edition editions are not supported for use with Microsoft Dynamics CRM 2013 Server.?Microsoft SQL Server 2000 and Microsoft SQL Server 2005 editions and are not supported for this version of Microsoft Dynamics CRM.?Running 64-bit Microsoft SQL Server 2008 versions for Itanium (IA-64) systems in conjunction with Microsoft Dynamics CRM will receive commercially reasonable support. Commercially reasonable support is defined as all reasonable support efforts by Microsoft Support that do not require Microsoft Dynamics CRM code fixes. Microsoft Dynamics CRM 2013 supports a named instance of Microsoft SQL Server for configuration and organization databases.Accessing Microsoft Dynamics CRM from the Internet - Claims-based authentication and IFD requirementsThe following items are required or recommended for Internet-facing deployment (IFD). This topic assumes you will be using Active Directory Federation Services (AD FS) as the security token service (STS). For more information about configuring Microsoft Dynamics CRM for claims-based authentication, download the Claims-based Authentication White Paper from the Microsoft Download Center.Important Exposing the Microsoft Dynamics CRM website to the Internet is not supported unless claims-based authentication is used and Microsoft Dynamics CRM is configured for IFD.Similarly, Outlook Anywhere (RPC over HTTP) is not supported as a solution to connect CRM for Outlook to an on-premises deployment of Microsoft Dynamics CRM 2013 over the Internet. The on-premises deployment of Microsoft Dynamics CRM 2013 must be configured for IFD as described in the topic Configure a Microsoft Dynamics CRM Internet-facing deployment. In order for Microsoft Dynamics CRM for tablets to successfully connect to a new deployment of Microsoft Dynamics CRM Server 2013, you must run a Repair of Microsoft Dynamics CRM Server 2013 on the server running IIS where the Web Application Server role is installed after the Internet-Facing Deployment Configuration Wizard is successfully completed. For repair instructions, see Uninstall, change, or repair Microsoft Dynamics CRM Server 2013.?The computer where Microsoft Dynamics CRM 2013 Server is installed must have access to a security token service (STS) service, such as Active Directory Federation Services (AD FS) federation server. Microsoft Dynamics CRM 2013 Server supports Active Directory Federation Services (AD FS) 2.0, 2.1, and 2.2 versions. ?Note the following conditions for the Web components before you configure IFD:?If you are installing Microsoft Dynamics CRM in a single server configuration, be aware that Active Directory Federation Services 2.0 installs on the Default Web Site. Therefore, you must create a new Web site for Microsoft Dynamics CRM.?When you run the Internet-Facing Deployment Configuration Wizard, Microsoft Dynamics CRM 2013 Server must be running on a Web site that is configured to use Secure Sockets Layer (SSL). Microsoft Dynamics CRM Server Setup will not configure the Web site for SSL.?We recommend that the Web site where the Microsoft Dynamics CRM 2013 Web application will be installed has the “Require SSL” setting enabled in IIS.?The Web site should have a single binding. Multiple IIS bindings, such as a Web site with an HTTPS and an HTTP binding or two HTTPS or two HTTP bindings, are not supported for running Microsoft Dynamics CRM.?Access to the Active Directory Federation Services (AD FS) federation metadata file from the computer where the Configure Claims-Based Authentication Wizard is run. Note the following:?The federation metadata endpoint must use the Web services trust model (WS-Trust) 1.3 standard. Endpoints that use a previous standard, such as the WS-Trust 2005 standard, are not supported. In Active Directory Federation Services 2.0, all WS-Trust 1.3 endpoints contain /trust/13/ in the URL path.?Encryption certificates. The following encryption certificates are required. You can use the same encryption certificate for both purposes, such as when you use a wildcard certificate:Important If you use a certificate that is created by using a custom certificate request, the template that was used must be the Legacy key template. Custom certificate requests created by using the CNG key template are incompatible with Microsoft Dynamics CRM. For more information about custom certificate request templates, see Create a Custom Certificate Request.?Claims encryption. claims-based authentication requires identities to provide an encryption certificate for authentication. This certificate should be trusted by the computer where you are installing Microsoft Dynamics CRM 2013 Server so it must be located in the local Personal store where the Configure Claims-Based Authentication Wizard is running.?SSL (HTTPS) encryption. The certificates for SSL encryption should be valid for host names similar to org., auth., and dev.. To satisfy this requirement you can use a single wildcard certificate (*.), a certificate that supports Subject Alternative Names, or individual certificates for each name. Individual certificates for each host name are only valid if you use different servers for each Web server role. Multiple IIS bindings, such as a Web site with two HTTPS or two HTTP bindings, is not supported for running Microsoft Dynamics CRM. For more information about the options that are available to you, contact your certification authority service company or your certification authority administrator.?The CRMAppPool account of each Microsoft Dynamics CRM website must have read permission to the private key of the encryption certificate specified when configuring claims-based authentication. You can use the Certificates snap-in to edit permissions for the encryption certificate found in the Personal store of the local computer account.SQL Server Reporting ServicesSpecific Microsoft SQL Server Reporting Services editions are used for reporting functionality.Any one of the following Microsoft SQL Server editions is required and must be installed on Windows Server 2008 (x64 SP2 or R2) versions or Windows Server 2012 64-bit-based computers, running and available for Microsoft Dynamics CRM:?Microsoft SQL Server 2008, Standard Edition, x64 SP3 or R2 SP2?Microsoft SQL Server 2008, Enterprise Edition, x64 SP3 or R2 SP2?Microsoft SQL Server 2008 Datacenter x64 SP3 or R2 SP2?Microsoft SQL Server 2008 Developer x64 SP3 or R2 SP2 (for non-production environments only)?Microsoft SQL Server 2012, Enterprise, 64-bit SP1?Microsoft SQL Server 2012, Business Intelligence, 64-bit SP1?Microsoft SQL Server 2012, Standard, 64-bit SP1Important ?32-bit versions of Microsoft SQL Server 2008 or Microsoft SQL Server 2012 Reporting Services are not supported for this version of Microsoft Dynamics CRM.?Microsoft SQL Server 2008 Workgroup, Web, Compact, or Microsoft SQL Server 2008 Express Edition editions are not supported for use with Microsoft Dynamics CRM 2013 Server.?Running 64-bit Microsoft SQL Server 2008 versions for Itanium (IA-64) systems in conjunction with Microsoft Dynamics CRM will receive commercially reasonable support. Commercially reasonable support is defined as all reasonable support efforts by Microsoft Support that do not require Microsoft Dynamics CRM code fixes.?Microsoft SQL Server 2008 Workgroup is not supported for running the Microsoft Dynamics CRM Reporting Extensions. This is because Microsoft SQL Server 2008 Workgroup does not support custom data extensions. Therefore, features such as creating, running, or scheduling Fetch-based or SQL-based reports will not work.?Using a Microsoft SQL Server 2012 Reporting Services server running in SharePoint mode is not supported with Microsoft Dynamics CRM. For more information about Microsoft SQL Server 2012 Reporting Services SharePoint mode, see Install Reporting Services SharePoint Mode as a Single Server Farm.Software component prerequisitesThe following SQL Server components must be installed and running on the computer that is running SQL Server before you install Microsoft Dynamics CRM 2013 Server:?SQL word breakersThis is only required for some Microsoft Dynamics CRM language editions. For more information about word breaker versions for languages supported by SQL Server see Word Breakers and Stemmers.?SQL Server Agent service?SQL Server full-text indexingThe following components must be installed and running on the computer where Microsoft Dynamics CRM 2013 Server will be installed:?Services?Indexing ServiceTo install this service, see the Windows Server documentation.?IIS Admin?World Wide Web Publishing?Windows Data Access Components (MDAC) 6.0 (This is the default version of MDAC with Windows Server 2008.)?Microsoft (Must be registered, but does not have to be running.)Verify prerequisitesBefore you install Microsoft Dynamics CRM 2013 Server, you should understand the following:?Microsoft SQL Server can be, but is not required to be, installed on the same computer as Microsoft Dynamics CRM 2013 Server.?If Microsoft Dynamics CRM 2013 Server and Microsoft SQL Server are installed on different computers, both computers must be in the same Active Directory directory service domain.?Microsoft SQL Server can be installed by using either Windows Authentication or mixed-mode authentication. (Windows Authentication is recommended for increased security and Microsoft Dynamics CRM will use only Windows Authentication).?The service account that SQL Server uses to log on to the network must be either a domain user account (recommended) or one of the built-in system accounts supported by SQL Server (Network Service, Local Service, or Local System). Installation of Microsoft Dynamics CRM will fail if the SQL Server service account is the local administrator.. Installation of Microsoft Dynamics CRM will fail if the SQL Server service account is the local administrator.?The SQL Server service must be started and can be configured to automatically start when the computer is started.?The Microsoft SQL Server Reporting Services service must be started and configured to automatically start when the computer is started.?The SQL Server Agent service must be started. This service can be configured to automatically start when the computer is started.?Although it is optional, we recommend that you accept the SQL Server default settings for Collation Designator, Sort Order, and SQL Collation. Microsoft Dynamics CRM supports both case-sensitive and case-insensitive sort orders.?Microsoft Dynamics CRM Server Setup requires at least one network protocol to be enabled to authenticate by using SQL Server. By default, TCP/IP protocol is enabled when you install SQL Server. You can view network protocols in SQL Server Configuration Manager.See AlsoMicrosoft SQL Server hardware requirements for Microsoft Dynamics CRM Server 2013Microsoft Dynamics CRM 2013 Reporting Extensions requirementsMicrosoft Dynamics CRM 2013 Reporting Extensions requirementsMicrosoft Dynamics CRM Reporting Extensions are data processing extensions that are installed on the Microsoft SQL Server Reporting Services server. The Microsoft Dynamics CRM Reporting Extensions accept the authentication information from Microsoft Dynamics CRM Server 2013 and passes it to the Microsoft SQL Server Reporting Services server. Microsoft Dynamics CRM Reporting Extensions Setup includes two data processing extensions: Fetch data processing extension and SQL data processing extension. By default, these extensions are installed during Microsoft Dynamics CRM Reporting Extensions Setup. ?The Fetch data processing extension is required to create, run, and schedule Fetch-based reports. ?The SQL data processing extension is required to run and schedule the default (out-of-box) or SQL-based custom reports in Microsoft Dynamics CRM 2013. You don’t need Microsoft Dynamics CRM Reporting Extensions to run Microsoft Dynamics CRM 2013. However, if you want to create, use, or schedule reports in Microsoft Dynamics CRM, you must install Microsoft Dynamics CRM Reporting Extensions. Additionally, you have to install it if you want to create an organization or import an organization, such as when you migrate from Microsoft Dynamics CRM 2011 to Microsoft Dynamics CRM 2013 by using Deployment Manager.In this topicMicrosoft Dynamics CRM Reporting Extensions general requirementsMicrosoft Dynamics CRM Reporting Authoring Extension general requirementsMicrosoft Dynamics CRM Reporting Extensions general requirementsThe Microsoft Dynamics CRM Reporting Extensions component has the following general requirements:?You must complete Microsoft Dynamics CRM Server Setup before you run Microsoft Dynamics CRM Reporting Extensions Setup.?You can install and run Microsoft Dynamics CRM Reporting Extensions on only one instance of Microsoft SQL Server Reporting Services on a computer.?Separate deployments of Microsoft Dynamics CRM cannot share one Microsoft SQL Server Reporting Services server. However, a single deployment of Microsoft Dynamics CRM that has multiple organizations can use the same Microsoft SQL Server Reporting Services server.?You must run the Microsoft Dynamics CRM Reporting Extensions Setup on a computer that has Microsoft SQL Server 2008 Reporting Services, Microsoft SQL Server 2008 R2 Reporting Services or Microsoft SQL Server 2012 Reporting Services installed. ?For smaller data sets and fewer users, you can use a single-server deployment or a multiple-server deployment. With larger datasets or more users, performance decreases quickly when complex reports are run. Use a multi-server deployment with one computer that is running SQL Server for Microsoft Dynamics CRM, and another server for Microsoft SQL Server Reporting Services.Microsoft Dynamics CRM Reporting Authoring Extension general requirementsThe Microsoft Dynamics CRM Report Authoring Extension has the following general requirements:?Make sure that you install the Microsoft Dynamics CRM Report Authoring Extension on the same computer that has Business Intelligence Development Studio installed.?If your organization uses Microsoft Office 365, make sure that the computer on which the Microsoft Dynamics CRM Report Authoring Extension is installed also has the Microsoft Online Services Sign-in Assistant installed on it. If Microsoft Online Services Sign-in Assistant is already installed, check the registry key SOFTWARE\Microsoft\MSOIdentityCRL and make sure that the TargetDir registry key in MSOIdentityCRL contains msoidcli.dll.Additional Microsoft Dynamics CRM Report Authoring Extension software requirementsIf the following components are missing, they will be installed by Microsoft Dynamics CRM Report Authoring Extension Setup:?Visual Studio 2008 Service Pack 2?Business Intelligence Development StudioSee AlsoMicrosoft Dynamics CRM system requirements and required technologiesSoftware requirements for Microsoft Dynamics CRM Server 2013SharePoint Document Management software requirements for Microsoft Dynamics CRM 2013SharePoint Document Management software requirements for Microsoft Dynamics CRM 2013If you want to use Microsoft SharePoint document management functionality in Microsoft Dynamics CRM Server 2013, you have to have one of the following SharePoint editions installed and running:?Microsoft SharePoint 2013?Microsoft SharePoint Foundation 2013?Microsoft SharePoint 2010 SP1 (all editions)You also have to have at least one site collection configured and available for Microsoft Dynamics CRM.To enable the document management functionality, use the Settings area in the CRM web application.The user who accesses SharePoint from CRM must have appropriate permissions on the SharePoint site collection where the document management components are installed. For more information about how to grant membership on a site collection, see the SharePoint Help. Microsoft Dynamics CRM 2011 List Component for Microsoft SharePointTo use a list view to display documents in Microsoft SharePoint 2010 or Microsoft SharePoint 2013, you have to install the Microsoft Dynamics CRM List Component. If you don’t install the list component, Microsoft SharePoint 2010 displays the data in a windowless inline floating frame (IFrame). Microsoft SharePoint 2013 displays an error message in Internet Explorer. In Google Chrome, Mozilla Firefox, or Apple Safari web browsers, no data or error message are displayed.Important There are two versions of the Microsoft Dynamics CRM List Component: ?Microsoft Dynamics CRM 2011 List Component for Microsoft SharePoint Server 2013. This version doesn’t work with SharePoint 2010.?Microsoft Dynamics CRM 2011 List Component for Microsoft SharePoint Server 2010. This version doesn’t work with SharePoint 2013. You can’t use Internet Explorer 7 with Microsoft Dynamics CRM (on-premises) document management deployments that use SharePoint 2013. For more information, see Plan browser support in SharePoint 2013. See AlsoMicrosoft Dynamics CRM 2013 Reporting Extensions requirementsLync and Office Communications Server integration with Microsoft Dynamics CRM 2013Lync and Office Communications Server integration with Microsoft Dynamics CRM 2013If your organization uses Microsoft Lync or Microsoft Office Communications Server 2007, you may be able to take advantage of some of the features they offer, like sending instant messages or checking user availability, from within Microsoft Dynamics CRM or CRM for Outlook. Your organization must have one of the following products or subscriptions:?Lync Online?Microsoft Lync Server 2013?Microsoft Lync Server 2010?Microsoft Office Communications Server 2007 and Microsoft Office Communications Server 2007 R2See AlsoMicrosoft Dynamics CRM system requirements and required technologiesSharePoint Document Management software requirements for Microsoft Dynamics CRM 2013Microsoft Dynamics CRM Email Router hardware requirementsMicrosoft Dynamics CRM Email Router hardware requirementsThis section applies to Microsoft Dynamics CRM Online and on-premises versions of Microsoft Dynamics CRM 2013. The following table lists the minimum and recommended hardware requirements for Microsoft Dynamics CRM 2013 Email ponent*Minimum*RecommendedProcessor (32-bit)750-MHz CPU or comparableMulti-core 1.8-GHz CPU or higherProcessor (64-bit)x64 architecture or compatible 1.5 GHz processorMulti-core x64 architecture 2GHz CPU or higher such as AMD Opteron or Intel Xeon systemsMemory1-GB RAM2-GB RAM or moreHard disk100 MB of available hard disk space100 MB of available hard disk space*Actual requirements and product functionality may vary based on your system configuration and operating system.Running Microsoft Dynamics CRM Email Router on a computer that has less than the recommended requirements may result in inadequate performance.See AlsoLync and Office Communications Server integration with Microsoft Dynamics CRM 2013Microsoft Dynamics CRM system requirements and required technologiesMicrosoft Dynamics CRM for Outlook hardware requirementsMicrosoft Dynamics CRM Email Router software requirementsMicrosoft Dynamics CRM Email Router software requirementsApplies to: Microsoft Dynamics CRM 2013 Email Router and Microsoft Dynamics CRM OnlineThis section applies to Microsoft Dynamics CRM Online and on-premises versions of Microsoft Dynamics CRM 2013. It lists the software and application software requirements for Microsoft Dynamics CRM 2013 Email Router.Microsoft Dynamics CRM Email Router Setup consists of two main components: the Email Router and the Rule Deployment Wizard. The Email Router component installs the Email Router service and Email Router Configuration Manager. You use the Email Router Configuration Manager to configure the Email Router. The Rule Deployment Wizard component deploys the rules that enables received email messages to be tracked.Important Unless specified otherwise, within the Microsoft Dynamics CRM 2013 Support Lifecycle policy, Microsoft Dynamics CRM applications support the latest version and service pack (SP) for all required components, such as Windows Server, SQL Server, Microsoft Office, Internet Explorer, and Exchange Server. However, to fully support the latest version of a required component you should apply the latest update for Microsoft Dynamics CRM.You can install the Email Router and Rule Deployment Wizard on any computer that is running one of the following operating systems, and that has network access to both Microsoft Dynamics CRM and the email server:?Windows 7 32-bit and 64-bit editions?Windows Server 2008 (x64 versions) or Windows Server 2008 R2?Windows Server 2012 (see requirements below)Important ?After Microsoft Dynamics CRM Server Setup is finished, apply the latest update rollup, if any.?Running Microsoft Dynamics CRM Email Router and Email Router Configuration Manager (32-bit) is not supported on a Windows Server 64-bit operating system, in Windows-On-Windows (WOW) mode. Install and run the 64-bit version of the Microsoft Dynamics CRM Email Router.Rule Deployment Wizard Requires MAPIThe Rule Deployment Wizard requires the Microsoft Exchange Server Messaging API (MAPI) client runtime libraries. To install the MAPI client runtime libraries, see Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1.Important Installing and running the Rule Deployment Wizard on a computer that has Microsoft Office Outlook installed is not supported. Both applications use a different version of MAPI that are incompatible. Note MAPI versions 6.5.8147 (or later) are supported by Microsoft Exchange Server 2010. If you already have a version of the MAPI download installed, you must uninstall it before installing the new version.If you are installing the Rule Deployment Wizard on a system that uses Microsoft Exchange Server 2010 as its email server, you must also have installed Update Rollup 2 (or later) of Microsoft Exchange Server 2010. For more information, see Update Rollup 2 for Exchange Server 2010 (KB979611).In This TopicExchange ServerMessaging and transport protocolsExchange OnlineAdditional Email Router software requirementsExchange ServerMicrosoft Exchange Server is only required if you want to use the Email Router to connect to an Exchange Server email messaging system. To do this, you can install the Email Router on any of the supported Windows or Windows Server operating systems that have a connection to the Exchange Server. The Email Router supports the following versions of Exchange Server:?Exchange Server 2007 Standard Edition?Exchange Server 2007 Enterprise Edition?Exchange Server 2010 Standard Edition?Exchange Server 2010 Enterprise Edition?Microsoft Exchange OnlineImportant Exchange 2000 Server editions aren’t supported when using these versions of Microsoft Dynamics CRM Email Router and Rule Deployment Wizard.If missing, Microsoft Dynamics CRM Email Router Setup installs the Microsoft .NET Framework 4 on the computer where you install the Email Router.The Rule Deployment Wizard component must be installed on a computer that is running any of the supported Windows or Windows Server operating systems and that has the MAPI client runtime libraries installed.Download the MAPI client runtime libraries from the Microsoft Download Center.Messaging and transport protocolsMicrosoft Dynamics CRM Email Router supports a variety of email messaging and transport options.POP3POP3-compliant email systems are supported for incoming email message routing.Important When you use the Forward Mailbox option on the User form, the POP3 email server must provide support where an email message can be sent as an attachment to another email message.If you configure the Microsoft Dynamics CRM Email Router to connect to a POP3-compliant email server, the server must support RFC 1939.Transport protocolsBoth SMTP and Exchange Online with Exchange Web Services (EWS) are messaging transport protocols that are supported for outgoing email message routing. If you configure the Microsoft Dynamics CRM Email Router to use an SMTP-compliant transport service, the server must support RFC 2821 and RFC 2822.Exchange OnlineMicrosoft Exchange Online is a hosted enterprise messaging service from Microsoft. It provides the robust capabilities of Microsoft Exchange Server as a cloud-based service. To learn more, see Exchange Online.Additional Email Router software requirementsIf the following components are missing, they will be installed by Microsoft Dynamics CRM Email Router Setup:?Microsoft .NET Framework 4?Microsoft Visual C++ Redistributable?Microsoft Application Error Reporting?Windows Identity Framework (WIF)?Windows Live ID Sign-in Assistant 6.5?Microsoft Online Services Sign-in Assistant (Required for Microsoft Dynamics CRM Online when you subscribe through Microsoft Office 365.) See AlsoMicrosoft Dynamics CRM system requirements and required technologiesMicrosoft Dynamics CRM Email Router hardware requirementsMicrosoft Dynamics CRM for Outlook software requirementsMicrosoft Dynamics CRM for Outlook hardware requirementsThe following table lists the minimum recommended hardware requirements when you run Microsoft Dynamics CRM 2013 for Microsoft Office Outlook in either online only or go offline enabled ponentOnline only modeGo Offline enabled modeProcessor2.9 gigahertz (GHz) or faster x86- or x64-bit dual core processor with SSE2 instruction set3.3 gigahertz (GHz) or faster x86- or x64-bit dual core processor with SSE2 instruction setMemory2-GB RAM or more4-GB RAM or moreHard disk1.5 GB of available hard disk space2 GB of available hard disk space7200 RPM or moreDisplaySuper VGA with a resolution of 1024 x 768Super VGA with a resolution higher than 1024 x 768Note Actual requirements and product functionality may vary based on your system configuration and operating system.Running Microsoft Dynamics CRM on a computer that has less than the minimum recommended requirements may result in inadequate performance. For the best performance, we recommend running 64-bit versions of Microsoft Windows, Microsoft Office, and CRM for work requirementsMicrosoft Dynamics CRM is designed to work best over networks that have the following elements: ?Bandwidth greater than 50 kbps?Latency under 150 msThese values are recommendations and don’t guarantee satisfactory performance.Note Successful network installation of CRM for Outlook requires a reliable and high-throughput network. Otherwise, installation might fail. The recommended minimum available bandwidth of the network connection is 300 Kbps.See AlsoMicrosoft Dynamics CRM Email Router software requirementsMicrosoft Dynamics CRM for Outlook software requirementsMicrosoft Dynamics CRM system requirements and required technologiesMicrosoft Dynamics CRM for Outlook software requirements CRM for Outlook works the way that you do by providing a seamless combination of Microsoft Dynamics CRM features in the familiar Microsoft Outlook environment. This section lists software and software requirements for CRM for Outlook and Microsoft Dynamics?CRM for Microsoft Office Outlook with Offline Access.Any one of the following operating systems is required:?Windows 8 (64-bit and 32-bit versions)?Windows 7 (64-bit and 32-bit versions)?Windows Vista SP2 (6-bit and 32-bit versions)?Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008 when running as a Remote Desktop Services application.Important Windows XP editions are not supported for installing and running CRM 2013 for Outlook.Windows Server 2003 editions are not supported for installing and running CRM 2013 for Outlook as a Remote Desktop Services application.In this topicMicrosoft Dynamics CRM for Outlook software feature prerequisitesAdditional Microsoft Dynamics CRM for Outlook software requirementsRunning Microsoft Dynamics CRM for Outlook on computers that have multiple versions of Outlook installedMicrosoft Dynamics CRM for Outlook software feature prerequisitesThe following software must be installed and running on the computer before you run Microsoft Dynamics CRM for Outlook Setup:Web Browser. One of the following:?Supported versions of Internet Explorer?Supported non-Internet Explorer web browsersImportant Internet Explorer 7 or earlier versions are not supported for use with Microsoft Dynamics CRM 2013 for Microsoft Office Outlook. Microsoft Office. One of the following:?Microsoft Office 2013?Microsoft Office 2010?Microsoft Office 2007Important Outlook 2003 versions are not supported for installing and running CRM 2013 for Outlook.To install and run the 64-bit version of CRM for Outlook, a 64-bit version of Microsoft Office is required.Before you run the Configuration Wizard to configure CRM for Outlook, a Microsoft Office Outlook profile must exist for the user. Therefore, Microsoft Outlook must be run at least once to create the user's Microsoft Outlook profile.Both the web application and CRM for Outlook require JavaScript enabled for certain features, such as Activity Feeds, dashboard areas, and the display of certain panes or menus. Although the web application displays error messages when JavaScript is disabled, CRM for Outlook doesn’t. To verify if JavaScript is enabled in Internet Explorer 9, start Internet Explorer, on the Tools menu click or tap Internet options. On the Security tab, click or tap Internet, and then click or tap Custom level. In the Security Settings dialog box under Scripting, Active scripting must be set to Enable.The Indexing Service (now known as the Windows Search Service, or WSS) is required by users who will set up and use CRM for Outlook and its Help file in offline mode. Microsoft Dynamics CRM. One of the following editions of Microsoft Dynamics CRM must be available so that CRM for Outlook can connect to it:?On-premises editions of Microsoft Dynamics CRM Server 2013?Microsoft Dynamics CRM OnlineAdditional Microsoft Dynamics CRM for Outlook software requirementsIf needed, the following software will be installed by Microsoft Dynamics CRM for Outlook Setup:?Microsoft SQL Server 2008 Express Edition SP1 or *Microsoft SQL Server 2012 Express Edition Note Installed for Microsoft Dynamics CRM for Outlook with Offline Access only.*Although, Microsoft SQL Server 2012 Express Edition is supported, Microsoft SQL Server 2008 Express Edition SP1 will be installed during Setup.?Microsoft .NET Framework 4.?Microsoft Windows Installer 4.5.?MSXML 4.0.?Microsoft Visual C++ Redistributable.?Microsoft Report Viewer 2010.?Microsoft Application Error Reporting.?Windows Identity Framework (WIF).?Windows Azure AppFabric SDK V1.0.?Windows Live ID Sign-in Assistant 6.5.?Microsoft Online Services Sign-in Assistant 2.1.?Microsoft SQL Server Native Client.?Microsoft SQL Server Compact 4.0.?Reporting Services Microsoft ActiveX control. If not installed on the computer, the user will be prompted to install the software at first attempt to print a report. This installer package is named RSClientPrint.cab and can found on the Microsoft SQL Server Reporting Services server at <drive>:\Program files\Microsoft SQL Server\<MSSQL>\Reporting Services\ReportServer\bin.Running Microsoft Dynamics CRM for Outlook on computers that have multiple versions of Outlook installedIf you run more than one version of Microsoft Office Outlook on your computer, CRM for Outlook will only run in the latest version of Outlook. This behavior is true even if you were previously running Outlook in the earlier version of Microsoft Office. For example, if you run Outlook in Microsoft Outlook 2010 and then install Microsoft Outlook 2013 keeping Microsoft Outlook 2010, CRM for Outlook will only run in Microsoft Outlook 2013. If you uninstall Microsoft Outlook 2013, CRM for Outlook will switch to running in Microsoft Outlook 2010 again.See AlsoMicrosoft Dynamics CRM for Outlook hardware requirementsWeb application requirements for Microsoft Dynamics CRM 2013Web application requirements for Microsoft Dynamics CRM 2013This section lists the hardware and software requirements for the Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online web and mobile device client applications.In This TopicMicrosoft Dynamics CRM web application hardware requirementsSupported versions of Internet ExplorerSupported non-Internet Explorer web browsersSupported versions of Microsoft OfficePrinting reportsMicrosoft Dynamics CRM web application hardware requirementsThe following table lists the minimum and recommended hardware requirements for the Microsoft Dynamics CRM web ponentMinimumRecommendedProcessor2.9 gigahertz (GHz) or faster x86- or x64-bit dual core processor with SSE2 instruction set3.3 gigahertz (GHz) or faster 64-bit dual core processor with SSE2 instruction set and 3 MB or more L3 cacheMemory2-GB RAM4-GB RAM or moreDisplaySuper VGA with a resolution of 1024 x 768Super VGA with a resolution of 1024 x 768Running Microsoft Dynamics CRM on a computer that has less than the recommended requirements may result in inadequate work requirementsMicrosoft Dynamics CRM is designed to work best over networks that have the following elements: ?Bandwidth greater than 400 kbps?Latency under 150 msNotice that these values are recommendations and don’t guarantee satisfactory performance.Supported versions of Internet ExplorerThe following two sections list the supported operating systems and versions for the Microsoft Dynamics CRM web application when you run Internet Explorer.Supported operating systems when you use Internet ExplorerThe following operating systems are supported for the Microsoft Dynamics CRM web application:?Windows 8 and Windows RT supported when you use Internet Explorer 10?Windows 7 (all versions)?Windows Vista (all versions)Important Windows 8.1 has not been tested and isn’t fully supported with this release of Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online.Supported versions of Internet ExplorerThe Microsoft Dynamics CRM web application can run in any of the following Internet Explorer versions:?*Internet Explorer 10 ?Internet Explorer 9?Internet Explorer 8*Internet Explorer 10 that has the new Windows UI optimized for touch devices is only supported for use with the areas of Microsoft Dynamics CRM that have the modern user interface. For more information about Internet Explorer 10 browser experience modes, see Internet Explorer 10 on Windows 8. Important Internet Explorer 7 isn’t supported with Microsoft Dynamics CRM 2013 on-premises versions or Microsoft Dynamics CRM Online. Using plug-ins or other third-party extensions in your browser can increase load times on pages with lists of data.Supported non-Internet Explorer web browsersThe Microsoft Dynamics CRM web application can run in any of the following web browsers running on the specified operating systems.?Mozilla Firefox (latest publicly released version) running on Windows 8, Windows 7, or Windows Vista ?Google Chrome (latest publicly released version) running on Windows 8, Windows 7, Windows Vista, or Nexus 10 tablet?Apple Safari (latest publicly released version) running on 10.8 (Mountain Lion)To find the latest release for these web browsers, visit the software manufacturer’s website.Important Using plug-ins or other third-party extensions in your browser can increase load times on pages with lists of data.Supported versions of Microsoft OfficeTo use Microsoft Dynamics CRM with Microsoft Office integration features, such as Export to Excel and Mail Merge, you must have one of the following Microsoft Office versions on the computer that is running the Microsoft Dynamics CRM web application:?Microsoft Office 2013?Microsoft Office 2010?Microsoft Office 2007Important Microsoft Office 2003 versions aren’t supported for use with Microsoft Dynamics CRM 2013.Printing reportsThe Reporting Services Microsoft ActiveX control is required to print reports. If a user tries to print a report, but the control isn’t installed, the user will be prompted to install it. The installer package is named RSClientPrint.cab and can found on the Microsoft SQL Server Reporting Services server at <drive>:\Program files\Microsoft SQL Server\<MSSQL>\Reporting Services\ReportServer\bin.See AlsoMicrosoft Dynamics CRM 2011 for Outlook software requirements64-bit supported configurationsMicrosoft Dynamics CRM 2011 System Requirements and Required ComponentsTablet support for Microsoft Dynamics CRM 2013 and CRM OnlineYou can access Microsoft Dynamics CRM data from tablet devices in different ways. Apps for Windows 8 and Apple iPad tablets are available to run Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online. Alternatively, CRM can be accessed using the device’s preferred browser for those devices described here. Tablets not specifically mentioned here can typically use Microsoft Dynamics CRM for phones.Note Tablet support requires at least Microsoft Dynamics CRM Online Fall ‘13 Service Update or Microsoft Dynamics CRM 2013 (on-premises).For on-premises deployments of Microsoft Dynamics CRM 2013, the apps for Windows 8 and Apple iPad require an Internet-facing deployment that uses claims-based authentication.The Microsoft Dynamics CRM for Windows 8 app is compatible with devices that run Windows 8, such as Microsoft Surface. The Microsoft Dynamics CRM for iPad app is compatible with iPad 3. These apps aren’t compatible with other mobile devices such as smartphones (Windows Phone , iPhone, or Android-based), or other tablet devices, such as Android-based tablets. More information: Set up CRM for tablets.In This TopicWindows 8Apple iPadGoogle NexusWindows 8You can run Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online on Windows 8 using either the Microsoft Dynamics CRM for Windows 8 app, or by using a supported web browser. For more information about web browser support, see Web application requirements for Microsoft Dynamics CRM 2013.CRM for Windows 8 is designed for PCs and tablets that run Windows 8 using the immersive modern application. However, it isn’t a Windows desktop application and won’t run in Windows 8 desktop mode. Download Microsoft Dynamics CRM for Windows 8 from the Windows 8 Marketplace.Microsoft Dynamics CRM for Windows 8 minimum requirementsOperating System*Windows 8*Windows RTProcessorWindows 8 tablets and PCs: 1.8 gigahertz (GHz) or faster with support for PAE, NX, and SSE2Windows RT tablets: ARM-based Dual Core 1.3 GHz or higherRAMWindows 8 tablets and PCs: 4 GB or moreWindows RT tablets: 2 GB or moreStorage32 GB (64 GB recommended)Resolution1366 x 768 resolution with capacitive touch screen*Not supported in desktop mode.Important Windows 8.1 hasn’t been tested and isn’t fully supported with this release of Microsoft Dynamics CRM.Apple iPadYou can run Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online on an iPad using either the Microsoft Dynamics CRM for iPad app that is designed for iOS iPad tablets, or as indicated in the table below, in the latest version of the Apple Safari on iPad web browser. Download Microsoft Dynamics CRM for iPad from the Apple Store.Microsoft Dynamics CRM for iPad minimum requirementsDeviceiPad 3 with Retina displayMicrosoft Dynamics CRM for iPad App or Browser supportOperating SystemiOS 6App and Safari web browser are both supportedOperating SystemiOS 7 (requires Microsoft Dynamics CRM 2013 Update Rollup 1 for on-premises deployments)App onlyDownload Microsoft Dynamics CRM for iPad.Earlier iOS versions and other iPad models, such as the iPad mini, aren’t supported. For those devices, use CRM for phones.Google NexusYou can run Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online in the latest Google Chrome web browser on a Google Nexus 10 tablet running Android 4.2.2. Important Android versions later than 4.2.2 on tablet devices other than Nexus 10 will attempt to run the full CRM web application. However, this configuration is currently not supported. For those devices, see Set up CRM for phones.See AlsoWeb application requirements for Microsoft Dynamics CRM 2013Mobile phone support for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM OnlineMicrosoft Dynamics CRM system requirements and required technologiesUpdate Rollup 1 for Microsoft Dynamics CRM 2013 (KB 2891271)Mobile phone support for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM OnlineAccess data from Microsoft Dynamics CRM 2013 or Microsoft Dynamics CRM Online with your mobile phone using one of the following methods.?Microsoft Dynamics CRM phone apps. Download the app for your phone. ?Microsoft Dynamics CRM for phones. Use your phone’s preferred web browser. In This TopicCRM phone appsCRM for phonesCRM phone appsSeveral apps are available for popular mobile phones. The following smartphone operating systems are supported with Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online. More information: Set up CRM for phones.CRM for iPhonesiOS versionExample deviceiOS 6iPhone 5iOS 7iPhone 5siPhone 5cDownload Microsoft Dynamics CRM for iPhone.For a list of the supported languages available for this app, see CRM phone app language support.CRM for AndroidAndroid versionExample device4.1 and 4.2 (Jelly Bean)Galaxy S34.0 (Ice Cream Sandwich)Galaxy S3Download Microsoft Dynamics CRM for Android.For a list of the supported languages available for this app, see CRM phone app language support.CRM for Windows Phone 8Windows Phone versionExample deviceWindows Phone 8.0HTC Windows Phone 8X, Nokia Lumia, Samsung ATIVDownload Dynamics CRM for Windows Phone 8.BlackBerryBlackBerry devices don’t have an app but Microsoft Dynamics CRMcan be accessed by using the BlackBerry mobile browser. The following tables lists the devices supported to run Microsoft Dynamics CRM in the BlackBerry mobile browser.BlackBerry versionExample device10BlackBerry Z107BlackBerry Torch 9860, BlackBerry Curve 93706BlackBerry Bold 9780, BlackBerry Bold 9900Many other smartphone operating system versions not mentioned here can use CRM for phones mode.CRM for phonesIn most cases, devices not listed earlier in this topic can use Microsoft Dynamics CRM for phones mode, which runs in your smartphone’s web browser.CRM for phones comes installed with Microsoft Dynamics CRM Server 2013 and is available with Microsoft Dynamics CRM Online. CRM for phones offers great device flexibility because it runs on any web browser that supports common standards, which are HTML 4.0 and JavaScript.More information: Use CRM for phones See AlsoTablet support for Microsoft Dynamics CRM 2013 and CRM Online64-bit supported configurations for Microsoft Dynamics CRM 201364-bit supported configurations for Microsoft Dynamics CRM 2013Installing and running Microsoft Dynamics CRM 2013 and connecting to database, reporting services, and email components running on other 32-bit computers is generally supported. For example:?Microsoft Exchange Server 2007, Microsoft Exchange Server 2010, or Exchange Server 2013 editions, which are available only for 64-bit systems, are supported, and can run 64-bit, or 32-bit, editions of the Microsoft Dynamics CRM Email Router.?CRM for Outlook includes a 64-bit version that can be installed on any of the supported 64-bit Windows operating systems. ?The 32-bit version of CRM for Outlook can be installed and run on a 64-bit Windows operating system but the version of Microsoft Outlook must be 32-bit.Important 32-bit versions of Microsoft SQL Server database engine or Microsoft SQL Server reporting services aren’t supported with Microsoft Dynamics CRM 2013. You can’t use a computer that is running a Microsoft SQL Server 32-bit edition as the database server or reporting services server for Microsoft Dynamics CRM Server 2013. For more information about the supported versions of Microsoft SQL Server, see SQL Server editions and SQL Server Reporting Services.See AlsoWeb application requirements for Microsoft Dynamics CRM 2013Microsoft Dynamics CRM system requirements and required technologiesMicrosoft Dynamics CRM 2013 language supportMicrosoft Dynamics CRM 2013 language supportThis section describes the supported configurations for different language versions of a Microsoft Dynamics CRM 2013 system. This section doesn’t include information about Microsoft Dynamics CRM Language Pack support, but instead explains the supported configurations for the base-language versions. For more information about Microsoft Dynamics CRM Language Pack, see Install and deploy a Language Pack.In This TopicMicrosoft Dynamics CRM Server language requirementsMicrosoft Dynamics CRM Server language examplesCRM phone app language supportMicrosoft Dynamics CRM Server language requirementsThe following requirements must be met when you run Microsoft Dynamics CRM with applications such as SQL Server. Note that all available CRM languages are supported.Microsoft Dynamics CRM productRequirementMicrosoft Dynamics CRM Server 2013The base language of Windows Server, SQL Server, Microsoft .NET Framework, MDAC, and MSXML must be either the same language as Microsoft Dynamics CRM Server 2013 or English. If an application isn’t available in a certain language, the English version can be used.Microsoft Dynamics?CRM for Microsoft Office OutlookThe base language of Windows Server, Microsoft SQL Server 2008 Express Edition, Internet Explorer, Microsoft Office, Microsoft .NET Framework, MDAC, and MSXML don’t have to be the same language as CRM for Outlook.Each client stack in a single deployment can be in a different language.Microsoft Dynamics CRM Server 2013 and Microsoft Dynamics CRM for OutlookThe base language version of Microsoft Dynamics CRM Server 2013 must match that of CRM for Outlook. For example, there can’t be some users who run the German version of CRM for Outlook while other users run the English version. For this scenario, we recommend provisioning the appropriate Microsoft Dynamics CRM Language Pack.For example, you could have the following configuration having German as their base language:?Microsoft Dynamics CRM Server 2013?Windows Server 2008?Microsoft SQL Server 2008?Microsoft Exchange Server 2010?MSXML?.NET FrameworkAs another example, you could have Microsoft Dynamics CRM Server 2013 with Swedish as its base language and it could be configured with the following applications that have English as their base language:?Windows Server 2008?Microsoft SQL Server 2008?Microsoft Exchange Server 2010?MSXML?.NET FrameworkMicrosoft Dynamics CRM Server language examplesThe following table describes an example of a supported language configuration for Microsoft Dynamics CRM Server 2013 where all language editions match.ProgramLanguageWindows Server 2008GermanMicrosoft SQL Server 2008GermanMicrosoft Exchange Server Framework GermanMicrosoft Dynamics CRM Server 2013GermanThe following table describes an example of a supported language configuration for Microsoft Dynamics CRM Server 2013 where not all language editions match.ProgramLanguageWindows Server 2008EnglishMicrosoft SQL Server 2008EnglishMicrosoft Exchange Server FrameworkEnglishMicrosoft Dynamics CRM Server 2013SwedishCRM phone app language supportThe CRM phone apps are available in the following languages. CRM for Windows 8 Phones?English?French?Italian?German?Spanish?Portuguese (Portugal)?Portuguese(Brazil)?Chinese (Simplified)?Chinese (Traditional)?Czech?Danish?Dutch?Finnish?Greek?Hungarian?Japanese?Korean?Norwegian?Polish?Russian?SwedishCRM for iPhone?English?French?Italian?German?Spanish?Portuguese (Portugal)?Chinese Simplified?Chinese Traditional?JapaneseCRM for Android?English?French?German?Italian?Spanish?Portuguese (Portugal)?Chinese Simplified?Chinese Traditional?JapaneseNote BlackBerry devices don’t have a CRM app and are only supported for running Microsoft Dynamics CRM by using the BlackBerry mobile browser. See Also64-bit supported configurations for Microsoft Dynamics CRM 2013Microsoft Dynamics CRM system requirements and required technologiesPlanning Deployment of Microsoft Dynamics CRM 2013Mobile phone support for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM OnlinePlanning Deployment of Microsoft Dynamics CRM 2013The deployment architecture you will use depends on your business needs. This section provides guidelines for planning a Microsoft Dynamics CRM deployment on four representative computer system architectures: a single-computer server deployment based on Windows Small Business Server, a two-server deployment, a five-server deployment, and a multiple-server deployment involving a minimum of six servers. These deployments are discussed in detail in Microsoft Dynamics CRM 2013 supported configurations in this guide.Use this section as a reference if you have no existing Windows Server infrastructure, and you are planning a new Microsoft Dynamics CRM deployment.If most or all the Windows Server infrastructure already exists, we recommend that you read this section to make sure that your current infrastructure meets the prerequisites for a successful Microsoft Dynamics CRM deployment.In This SectionPrerequisites and considerations for planning your deployment of Microsoft Dynamics CRM 2013Operating system and platform technology security considerations for Microsoft Dynamics CRM 2013Security considerations for Microsoft Dynamics CRM 2013Microsoft Dynamics CRM 2013 supported configurationsUpgrading from Microsoft Dynamics CRM 2011Related SectionsMicrosoft Dynamics CRM system requirements and required technologiesPlanning Deployment of Microsoft Dynamics CRM 2013 Advanced TopicsPrerequisites and considerations for planning your deployment of Microsoft Dynamics CRM 2013This section contains lists of what you must have before you install Microsoft Dynamics CRM, such as needed hardware and software. Use this section for preparing your network and to make sure that all requirements are satisfied before you run Microsoft Dynamics CRM Server Setup.In this section, the following topics are discussed:?Hardware and software requirements. A brief overview of the computer hardware and software requirements, and where you can find more information about the requirements.?Active Directory considerations. Supported Active Directory forest and domain modes.?SQL Server and SQL Server Reporting Services installation and configuration. A summary of how Microsoft SQL Server and Microsoft SQL Server Reporting Services must be deployed and configured to install Microsoft Dynamics CRM.?Planning Exchange Server or POP3. A summary of how Exchange Server or a POP3-compliant e-mail server must be deployed to install and use the Email Router to send and receive Microsoft Dynamics CRM e-mail messages.?Security considerations. Information about how you can make the Microsoft Dynamics CRM system more secure.?Supported configurations. Information about the supported network, domain, and server configurations for Microsoft Dynamics CRM.?Upgrading from a previous version of Microsoft Dynamics CRM. How Microsoft Dynamics CRM upgrades your current system and what happens to items such as existing reports and customizations.See AlsoPlanning Deployment of Microsoft Dynamics CRM 2013Hardware requirementsSoftware requirementsActive Directory and network requirements for Microsoft Dynamics CRM 2013SQL Server installation and configurationPlanning email integrationPlanning requirements for Microsoft SQL Server Reporting ServicesSecurity considerations for Microsoft Dynamics CRM 2013Microsoft Dynamics CRM 2013 supported configurationsHardware requirementsDepending on how you plan to deploy the system, as a single-server solution, a multiple-server solution, or a clustered solution, the computer hardware that Microsoft Dynamics CRM and components will run on is important for acceptable application performance.There are many factors that you must consider that can affect the hardware requirements. They include the following:?Number of users the CRM implementation will support and the way the application will be used, such as for intensive reporting.?Number of servers and how they are configured.?Microsoft SQL Server performance and availability.?Integration of Microsoft Dynamics CRM with the Microsoft Exchange Server or POP3 email servers.?Integration with SharePoint Server.?Performance of your servers and the local area network (LAN).?Whether users will be connecting from untrusted domains and forests or from the Internet.For a list of the suggested hardware requirements, see these topics.Microsoft Dynamics CRM Server 2013 hardware requirementsMicrosoft SQL Server hardware requirements for Microsoft Dynamics CRM Server 2013Microsoft Dynamics CRM Email Router hardware requirementsMicrosoft Dynamics CRM for Outlook hardware requirementsSee AlsoPrerequisites and considerations for planning your deployment of Microsoft Dynamics CRM 2013Software requirementsSoftware requirementsBefore you install an on-premises deployment of Microsoft Dynamics CRM 2013, there are several operating system, application, and software features that must be installed, configured, and running either on the computer where Microsoft Dynamics?CRM Server is running or on another computer on your network. Some of these operating system and software components include Windows Server, Microsoft SQL Server, Microsoft SQL Server Reporting Services, and .NET Framework.For a complete list of the software requirements, see Microsoft Dynamics CRM system requirements and required technologies in this guide.See AlsoPrerequisites and considerations for planning your deployment of Microsoft Dynamics CRM 2013Hardware requirementsActive Directory and network requirements for Microsoft Dynamics CRM 2013Active Directory and network requirements for Microsoft Dynamics CRM 2013Active Directory Domain Services (AD DS) is a feature of the Windows Server operating systems. AD DS provides a directory and security structure for network applications such as Microsoft Dynamics CRM.As with most applications that rely on a directory service, Microsoft Dynamics CRM has dependencies that are important for operation, such as use of AD DS to store user and group information and to create application security.Microsoft Dynamics CRM should only be installed on a Windows Server that is a domain member. The domain where the server is located must be running in one of the following Active Directory domain modes:?Windows Server 2003 Native?Windows Server 2003 Interim?Windows Server 2008 Modes?Windows Server 2008 R2 Modes?Windows Server 2012 Modes?For more information about Active Directory domain and forest modes, see:?How to raise Active Directory domain and forest functional levels?Active Directory (Windows Server 2008 R2)Important Windows 2000 Server forest and domain modes are not supported with Microsoft Dynamics CRM 2013.Federation and claims-based authentication supportWhen you configure Microsoft Dynamics CRM for Internet-facing access it requires federated services that support claims-based authentication. We recommend Active Directory Federation Services (AD FS) in Windows Server 2008 or Windows Server 2012.Active Directory Federation ServicesActive Directory Federation Services (AD FS) is a highly secure, highly extensible, and Internet-scalable identity access solution that allows organizations to authenticate users from partner organizations. Using AD FS in Microsoft Windows Server, you can simply and very securely grant external users access to your organization’s domain resources. AD FS can also simplify integration between untrusted resources and domain resources within your own organization. AD FS is available as a server role in Windows Server 2012 and Windows Server 2008 R2. In earlier versions of Windows Server 2008, AD FS can be downloaded and installed (see the Active Directory Federation Services 2.0 RTW download link in the table).Digital CertificatesActive Directory Federation Services (AD FS) requires two types of digital certificates:?Claims encryption. claims-based authentication requires identities to provide an encryption certificate for authentication. This certificate should be trusted by the computer where you are installing Microsoft Dynamics CRM Server 2013 so it must be located in the local Personal store where the Configure Claims-Based Authentication Wizard is running.?SSL (HTTPS) encryption. The certificates for SSL encryption should be valid for host names similar to org., auth., and dev.. To satisfy this requirement you can use a single wildcard certificate (*.), a certificate that supports subject alternative names, or individual certificates for each name. Individual certificates for each host name are only valid if you use different servers for each web server role. Multiple IIS bindings, such as a website with two HTTPS or two HTTP bindings, isn’t supported for running Microsoft Dynamics CRM. For more information about the options that are available to you, contact your certification authority service company or your certification authority administrator.To meet these requirements, your organization should have a public key infrastructure or a contract with a digital certificate provider such as VeriSign, GoDaddy, or Comodo.For more information about Active Directory, see the resources in the following icLinkActive Directory Domain ServicesActive Directory Domain Services for Windows Server 2008 R2Understanding AD DS DesignUnderstanding AD DS DesignDesigning the Site Topology for Windows Server 2008 AD DSDesigning the Site TopologyDomain Controller Role Deploment FSMO placement and optimization on Active Directory domain controllersActive Directory Federation Services (AD FS)AD FS Deployment GuideAccess & Information ProtectionActive Directory Federation Services 2.0AD FS 2.0 RTW DownloadActive Directory Federation Services 2.0 RTWDigital certificates overviewCertificatesIPv6 SupportMicrosoft Dynamics CRM 2013 works with IPv6 either alone or together with IPv4 within environments that have networks where IPv6 is supported. See AlsoPrerequisites and considerations for planning your deployment of Microsoft Dynamics CRM 2013Software requirementsSQL Server installation and configurationSQL Server installation and configurationTo plan your use of Microsoft SQL Server with Microsoft Dynamics?CRM Server, you must understand how Microsoft Dynamics CRM uses SQL Server, and what Microsoft Dynamics CRM Server Setup does and does not do:?Microsoft Dynamics?CRM Server requires SQL Server 64-bit versions for storing the databases that contain Microsoft Dynamics CRM data and metadata. For specific details, see SQL Server editions in this guide.?Reports in Microsoft Dynamics CRM depend on Microsoft SQL Server Reporting Services, a feature in SQL Server. Reporting Services includes two server components that are used to store, display, and manage reports: Report Server and Report Manager. A third component, Report Designer, is used to customize reports and write new reports. The Report Designer component is available with Microsoft Visual Studio and is typically installed on a workstation, instead of on the computer that is running SQL Server.?Microsoft Dynamics CRM Server Setup does not install SQL Server database engine or Microsoft SQL Server Reporting Services.There are many configurations possible based on your expected usage of Microsoft Dynamics CRM. For information about the licensing implications when you install Microsoft SQL Server Reporting Services on a separate computer, see SQL Server 2008 R2 Licensing.?Although we do not recommend it, you can install SQL Server on the same computer as Microsoft Dynamics CRM Server 2013. For better performance, install and run SQL Server on a separate dedicated computer. For better performance and improved availability, install and run SQL Server on separate multiple dedicated computers in a clustered configuration. For more information, see Set configuration and organization databases for SQL Server 2012 AlwaysOn failover.?Similarly, we recommend that you install Microsoft Dynamics CRM Reporting Extensions on a separate SQL Server that is running Microsoft SQL Server Reporting Services. However, if needed you can install Microsoft Dynamics CRM Reporting Extensions on a SQL Server that is running Microsoft SQL Server Reporting Services but also stores the Microsoft Dynamics CRM databases. Notice that, when you run the database engine and Reporting Services on separate SQL Servers, the versions of SQL Server do not have to match. For example, the SQL Server database engine where the Microsoft Dynamics CRM databases are stored can be Microsoft SQL Server 2008 R2 and the Reporting Services server where the Microsoft Dynamics CRM Reporting Extensions are installed can be Microsoft SQL Server 2012.?Although, in a multiple organization deployment of Microsoft Dynamics CRM, you can specify different Reporting Services servers or server instances when you create or edit an organization, only one instance of Reporting Services is supported for all organizations in the deployment. For better load balancing of reports, we recommend configuring Report Server in a Network Load Balancing (NLB) cluster. For more information, see Configure a Report Server on a Network Load Balancing Cluster.?Multiple Microsoft Dynamics CRM front-end servers that run in a network load balancing cluster can use the same computer that is running SQL Server. For more information, see Install Microsoft Dynamics CRM Server 2013 on multiple computers.In This SectionSQL Server requirements and recommendations for Microsoft Dynamics CRMSQL Server deploymentAdditional resources for SQL ServerRelated SectionsPrerequisites and considerations for planning your deployment of Microsoft Dynamics CRM 2013Planning requirements for Microsoft SQL Server Reporting ServicesSQL Server requirements and recommendations for Microsoft Dynamics CRMThese requirements apply to new and existing installations of SQL Server:?Microsoft Dynamics CRM requires an instance of Microsoft SQL Server Reporting Services be installed, running, and available. All installations of the supported SQL Server editions can be used as the reporting server. However, the Reporting Services edition must match the SQL Server edition.?Microsoft Dynamics CRM 2013 isn’t supported on Microsoft SQL Server 2000, Microsoft SQL Server 2005, or 32-bit versions of Microsoft SQL Server 2008 and Microsoft SQL Server 2012.?Microsoft Dynamics CRM Server 2013 is not supported with SQL Server that is running on Windows Server 2003 or Windows 2000 Server.?When Microsoft Dynamics CRM Server 2013 and SQL Server are installed on different computers, they must be in the same Active Directory domain.?Microsoft Dynamics CRM Server Setup and Microsoft Dynamics CRM 2013 Deployment Manager support the default instance or a named instance of SQL Server.?Although you can install SQL Server by using either Windows Authentication or mixed-mode authentication, Windows Authentication is a prerequisite for Microsoft Dynamics CRM.?The service account that SQL Server uses to log on to the network must be either a domain user account (recommended) or the Network Service account (you can’t use a local user account on the server). Using a low-privilege account strategy is recommended to help avoid compromising the security of the server.?The SQL Server service must be started. This service should be configured to automatically start when the computer is started.?SQL Server Agent must be started. This service should be configured to automatically start when the computer is started.?SQL Server Full-Text Search must be installed and started. This service should be configured to automatically start when the computer is started.?Microsoft Dynamics CRM Server Setup requires a network library to authenticate SQL Server. By default, TCP/IP network libraries are enabled when you install Microsoft SQL Server. SQL Server can use both TCP/IP or Named Pipes for authentication. However, the computer that is running SQL Server must be configured for at least one of the two network libraries.?We recommend that the computer that is running SQL Server be located on the same local area network (LAN) as the computer that is running the Microsoft Dynamics CRM Server 2013 Back End Server roles. For a description of the server roles, see Microsoft Dynamics CRM 2013 server roles.?The computer that is running SQL Server must be configured to have sufficient disk space, memory, and processing power to support the Microsoft Dynamics CRM environment. For more information, see Microsoft Dynamics CRM Server 2013 hardware requirements in this guide.?Although it’s optional, consider accepting the SQL Server default settings for Collation Designator, Sort Order, and SQL Collation. Microsoft Dynamics CRM supports the following collation orders:?Case-sensitive?Case-insensitive?Accent-sensitive?Accent-insensitive?Binary sort order (such as Latin1_General_100_BIN)Note Microsoft Dynamics CRM sets the collation order at the database level. This setting might differ from that set at the SQL Server level.?Review all SQL Server installation options and be prepared to make the needed selections when you run Setup. For more information, see Installation for SQL Server 2012.?If you plan to install SQL Server in a location other than the default file location, see File Locations for Default and Named Instances of SQL Server.You should also consider where the Microsoft Dynamics CRM databases are located on the server, and the hard-disk configuration that will support them.Note To achieve the best combination of disk fault tolerance and performance, consider the many specifications for redundant array of independent disks (RAID) available from hardware vendors. Format the disks where the SQL Server database files reside for the fault-tolerance requirements of the application and performance parameters for the I/O activity occurring on that partition.?If you are using an operating system with regional settings other than English (United States), or if you are customizing character-set or sort-order settings, review topics on collation settings. For more information, see International Considerations for SQL Server.See AlsoSQL Server installation and configurationSQL Server deploymentSQL Server deploymentIf your organization uses Microsoft SQL Server for applications other than Microsoft Dynamics CRM, performance may degrade as resources are consumed by other applications. If you use a computer that is running SQL Server that is used for other applications, you must carefully analyze the effect that Microsoft Dynamics CRM will have on the existing installation of SQL Server. For information about monitoring SQL Server, see Performance Monitoring and Tuning How-To Topics.For best results, we recommend that you install the Microsoft Dynamics CRM databases on a computer that is running SQL Server and that will support only Microsoft Dynamics CRM and no other databases or database applications.In This TopicSQL Server deployment considerationsLanguage locale collation and sort orderDisk configurations and file locationsSQL Server program file locationSQL Server data file locationMicrosoft Dynamics CRM database renaming considerationsSQL Server transparent data encryptionSQL Server deployment considerationsMicrosoft Dynamics CRM is a database-intensive application. Before you deploy Microsoft Dynamics CRM to an instance of SQL Server, you should consider the following requirements and database configurations:?Modification of system tables. The SQL Server system tables should not be modified before you install Microsoft Dynamics CRM Server 2013. Some database applications may modify the SQL Server system tables. If this occurs, problems with Microsoft Dynamics CRM and data may result.?Indexing. Full-text indexing must be installed. This is required for Microsoft Dynamics CRM knowledge-base functionality.?Compatibility level. During an upgrade or a new installation, Microsoft Dynamics CRM Server Setup sets the database compatibility level to 100, which is the compatibility level of Microsoft SQL Server 2008.?Autogrowth. By default, Microsoft Dynamics CRM organization database files are created to have an autogrowth setting of 256 megabytes. Earlier versions of Microsoft Dynamics CRM used the default setting of 1 megabyte autogrowth. If you perform intensive database transactions, such as large data imports, consider increasing the autogrowth value to improve performance. For information about how to change the autogrowth setting for a database, see the SQL Server Management Studio Help.?Max server memory. We recommend that, if you run SQL Server on a computer that is also running other applications, that the SQL Server max server memory be set to no more than one half of the installed RAM. By default, max server memory is set to 2147483647 megabytes in Microsoft SQL Server 2008 and Microsoft SQL Server 2012, which has demonstrated resource issues with SQL Server during intensive use of Microsoft Dynamics CRM. More information: Server Memory Options?Max degree of parallelism. We recommend if you experience poor SQL Server performance, which can occur due to complex index statements, that the SQL Server max degree of parallelism be set to 1 to help improve overall application performance on multiprocessor systems. More information: max degree of parallelism Option?RCSI. Running Microsoft Dynamics CRM that uses a SQL Server configured for read committed snapshot isolation (RCSI) will receive commercially reasonable support. Commercially reasonable support is defined as all reasonable support efforts by Microsoft Customer Support Services that do not require Microsoft Dynamics CRM code fixes.Language locale collation and sort orderInstalling SQL Server in a language other than English (U.S.) may require changing the Collation designator. The following table indicates the Collation designator to use for some of the available languages.Windows LocaleLocale Identifier (LCID)Collation DesignatorCode PageDanish0X406Danish_Norwegian1252Dutch (Standard)0X413Latin1_General1252English (United States)0X409Latin1_General1252French (France)0X40CFrench1252German (Germany)0X407Latin1_General1252Italian0X410Latin1_General1252Portuguese (Brazil)0X416Latin1_General1252Spanish (Traditional Sort)0XC0AModern_Spanish1252Disk configurations and file locationsFor the default instance of SQL Server, the default directory for both program and data files is \Program Files\Microsoft SQL Server\MSSQL<ver>.MSSQLSERVER\MSSQL\, where <ver> is the major version of SQL Server, such as 10 for Microsoft SQL Server 2008 or 11 for Microsoft SQL Server 2012. You can specify a file path other than the default for both program and data files.Note The default locations for program and data files are not necessarily the best locations. For the best combination of disk fault tolerance and performance, consider the RAID specifications available from hardware vendors. You can create the Microsoft Dynamics CRM databases on your partitions, especially for these files, and specify the existing databases when you run Microsoft Dynamics CRM Server Setup. The databases created by Microsoft Dynamics CRM are noted in the specified data file location. For more information, see SQL Server data file location later in this topic.By default, Shared Tools are installed in \Program Files\Microsoft SQL Server\100\Tools on the system drive. This folder contains the default and named files shared by all instances of SQL Server. Tools include the T-SQL command line utility and the OSQL SQL query tool. Microsoft SQL Server Setup also installs files in the Windows system directory. The system file location cannot be changed.SQL Server program file locationThe SQL Server program files are located in \Program Files\Microsoft SQL Server\MSSQL<ver>.MSSQLSERVER\MSSQL\Binn.The binary file location is in the root directory where Setup creates the folders that contain program files and other files that typically do not change this path as you use SQL Server. Although these files are not read-only, the folders do not contain data, logs, back-up files, or replication data. Therefore, the space requirements for these files should increase only marginally as SQL Server is used, and over time as updates are applied.Important Program files cannot be installed on a removable disk drive.SQL Server data file locationEach SQL Server database consists of one or more database files and one or more transaction log files. Microsoft Dynamics CRM creates at least two databases:?MSCRM_CONFIG. This database contains Microsoft Dynamics CRM metadata, such as configuration and location information that is specific to each organization database.?OrganizationName_MSCRM. This is the organization database where Microsoft Dynamics CRM data is stored, such as all records and activities. Microsoft Dynamics CRM Server 2013 supports multiple organizations so that you can have multiple-organization databases.Microsoft Dynamics CRM also relies on the SQL Server system databases to store Microsoft Dynamics CRM configuration information. These databases include the master and msdb databases. The database files that accompany a database contain all its data and properties. Transaction log files contain a record of the write activity in the database, such as when a row is added, changed, or removed. Transaction log files are binary and cannot be used for auditing database activity. The transaction log is used for recovery, if a failure occurs, and to roll back (undo) transactions (writes) that cannot be finished. You may also periodically back up the transaction log as a way to perform an incremental backup while users are working in the application, with very low effect on available server resources. To have the best chance of recovery if there is a disk failure, and the best performance for the application, put the database files and transaction log files on separate sets of physical disks. The location that you specify for a file does not have to be the original location for data files specified during Microsoft SQL Server Setup. You can select an alternative location for the database and transaction log files any time that you create or change the database. For more information, see the note about disk fault tolerance and performance in Disk configurations and file locations earlier in this topic.If the partition that contains a database file has failed and the database has become unusable, but the partition that contains the transaction log is still available, you can back up the transaction log for that database. This can be the last backup in your back-up set. When you restore, this transaction log backup, made after the failure, will be the last restored backup. If all transaction log backups in the back-up set are restored successfully, you will have restored all the committed (100 percent successful) transactions up to the moment of the failure. This limits the data loss. When the database files and transaction log files are on separate sets of disks, performance is optimized. Transaction log files can be write-intensive during periods when a lot of data is being added, changed, or removed from the application. For example, you have a server wherein drive C is the system partition (the drive where the Windows and program file folders are located).The Windows pagefile is also located on drive C. Drives D and E are RAID-5 partitions on separate sets of physical disks. Select the partitioning scheme for the database files that will give you the combination of performance and disk fault tolerance that you want. Drive D contains only data files for one or more databases, and drive E contains only log files for one or more databases. If you verify that performance will decrease because one database will have much more hard disk activity than other databases, you should put them all on separate sets of disks. If you estimate that data will significantly grow over time, make sure drive D has at least 100 gigabytes (GB) available for the database files. Because the log files will be truncated every time that a transaction-log backup is performed, make sure drive E has at least 10 GB available. Specify the location of the database file to be on drive D and the transaction log file to be on drive E when you create the database. Note It is best to dedicate a partition to SQL Server data files. We recommend that you do not put a data file on the same partition as a Windows pagefile because of the degree of fragmentation that will occur.By default, the directory where all database files and transaction log files are located is \Program Files\SQL Server\MSSQL<ver>.MSSQLSERVER\MSSQL\Data. When you run Microsoft SQL Server Setup, you can specify a different location as the default location for data files. The data file location is the root directory where Microsoft SQL Server Setup creates the folders that contain database and log files, in addition to directories for the System log, back-up, and replication data. Microsoft SQL Server Setup creates database and log files for the master, model, tempdb, and msdb databases. If you are selecting different locations for each file in the application, you do not have to change the default setting.Note Data files cannot be installed on a file system that uses compression.Specifying file pathsBecause you can install multiple instances of SQL Server on one computer, an instance name is used in addition to the user-specified location for program and data files. For tools and other shared files, instance names are not required.Default-instance file path for program and data filesFor the default instance of SQL Server, the default SQL Server directory name (MSSQL.10) is used as the default instance name, with the directory that you specify.For example, if you specify the SQL Server default instance to be installed on D:\MySqlDir, the file paths are as follows:D:\MySqlDir\MSSQL<ver>.MSSQLSERVER\MSSQL\Binn (for program files)D:\MySqlDir\MSSQL<ver>.MSSQLSERVER\MSSQL\Data (for data files)Note The program and data file locations can be changed, depending on the drive configuration of the computer that is running SQL Server.Microsoft Dynamics CRM database renaming considerationsAs described earlier, a Microsoft Dynamics CRM deployment contains the following databases:?A single MSCRM_CONFIG database?One or more (for multi-tenant deployments) OrganizationName_MSCRM databasesThe configuration database, MSCRM_CONFIG, cannot be renamed. If the MSCRM_CONFIG database is renamed, the Microsoft Dynamics CRM system will not function anization databases, OrganizationName_MSCRM, can be renamed by following the guidelines and considerations described anization database namesMicrosoft Dynamics CRM organization databases use both a display and a unique name.?Display name. This is the name that appears in the Microsoft Dynamics CRM application, such as the upper-right corner of the main application screen. The display name can contain spaces and be up to 250 characters long.?Unique name. This is the name that is used to create the URL to connect to the application and is appended with _MSCRM. It is also the physical name of the database as it appears in SQL Server applications, such as Microsoft SQL Server Management Studio. This name cannot contain spaces and cannot be more than 30 characters anization database renamingThe display name may be changed by using the Edit Organization Wizard in Deployment Manager. The basic steps are to disable the organization, and then run the Edit Organization Wizard. For more information, see the Deployment Manager Help. Although we do not recommend it, you can change the name of an organization’s unique database name (OrganizationName_MSCRM). To change the database unique name, follow these steps:Warning Renaming the unique database name for an organization has not been fully tested by Microsoft and may cause unexpected results. We cannot guarantee that problems caused by performing this procedure can be resolved. Rename the organization database unique name at your own risk.Important Before you start the following procedure, take a full back up of the organization database that you want to rename.The following steps require you to already have a functioning organization database that was created by Microsoft Dynamics CRM Server Setup or imported by a supported Microsoft Dynamics CRM method.1.Restore the backup of the organization database to your SQL Server that uses the name that you want and that is supported by SQL Server.2.Import the renamed organization database to your existing Microsoft Dynamics CRM deployment by using the Import Organization Wizard in Deployment Manager.3.During the import, enter into the organization database a display name and unique name that are unrelated to the original database name.4.Follow the instructions on your screen to complete the import.5.Ensure that Microsoft Dynamics CRM users have the new URL that will be created as a result of the organization rename.SQL Server transparent data encryptionThe Microsoft SQL Server Transparent Data Encryption feature is supported for use with Microsoft Dynamics CRM. However, based on test results conducted internally, using this feature can cause a decrease in overall performance of approximately 10% when run against a compressed database with the same workload.See AlsoSQL Server installation and configurationSQL Server requirements and recommendations for Microsoft Dynamics CRMAdditional resources for SQL ServerAdditional resources for SQL ServerFor more information about how to plan for and install SQL Server, see the following resources: Microsoft SQL Server Web siteSQL Server Books OnlineMicrosoft SQL Server Solution CenterSee AlsoSQL Server installation and configurationSQL Server deploymentPlanning requirements for Microsoft SQL Server Reporting ServicesPlanning requirements for Microsoft SQL Server Reporting ServicesThe Microsoft Dynamics CRM Reporting Extensions are data processing extensions that are installed on the Microsoft SQL Server Reporting Services server. Microsoft Dynamics CRM Reporting Extensions accept the authentication information from the Microsoft Dynamics CRM Server 2013 server and passes it to the Microsoft SQL Server Reporting Services server. Microsoft Dynamics CRM Reporting Extensions Setup includes Fetch data processing extension and SQL data processing extension. The Microsoft Dynamics CRM Reporting Extensions are required for all major reporting tasks in Microsoft Dynamics CRM, such as working with default (out-of-box) Microsoft Dynamics CRM reports, uploading custom reports, creating Report Wizard reports, or scheduling reports. Microsoft Dynamics CRM Reporting Extensions must also be installed before you import or provision new organizations.The Microsoft Dynamics CRM Reporting Extensions Setup does the following:1.Installs Fetch data processing extension and SQL data processing extension on the Microsoft SQL Server Reporting Services server.2.Installs custom assemblies used by default reports and wizard reports on Microsoft SQL Server Reporting Services server.3.Creates default reports (SQL-based) for the default organization both on Microsoft Dynamics CRM Server 2013 and Microsoft SQL Server Reporting Services servers.The following table explains what reporting options will be available to you if you install Microsoft Dynamics CRM Reporting Extensions.What reports will work?Installed?Default reportsCustom SQL-based reportsFetch-based Wizard reportsCustom Fetch-based reportsNoClean installation:Will not be available.?Cannot be scheduled.?Can be uploaded and run if Microsoft Dynamics CRM Server 2013 and SQL Server are installed on one computer or Trust for Delegation is configured.Will not be available.Cannot be uploaded and run.YesWill be published for the default organization.Can be uploaded and run.Can be created, run, and scheduled.Can be uploaded, run, and scheduled.Important Microsoft Dynamics CRM Reporting Extensions should not be installed on an instance of Microsoft SQL Server Reporting Services that is running under an account that is a member of the SQL Access Group. This can occur when Microsoft SQL Server Reporting Services is running under the same account as a Microsoft Dynamics CRM Server 2013 component. This configuration can make the system vulnerable to certain attacks. During installation, Setup detects this scenario. You can click Help for information about how to work around the issue.Note that when you install Microsoft Dynamics CRM Reporting Extensions, you have the option of installing the component on a different server that is running Reporting Services. Therefore, by isolating Microsoft Dynamics CRM Reporting Extensions on a separate instance of SQL Server, which does not store the Microsoft Dynamics CRM databases, report performance may be improved.Microsoft Dynamics CRM Reporting Extensions requirementsMicrosoft Dynamics CRM Reporting Extensions has the following requirements:?You must complete Microsoft Dynamics CRM Server Setup before you run the Microsoft Dynamics CRM Reporting Extensions Setup.?You must run the Microsoft Dynamics CRM Reporting Extensions Setup on a computer that has Microsoft SQL Server 2008 Reporting Services installed. For smaller data sets and fewer users, you can use either a single-server deployment, or a multiple-server deployment with one computer that is running SQL Server for Microsoft Dynamics CRM, and another server for Microsoft SQL Server Reporting Services. With larger datasets or more users, performance will decrease quickly when complex reports are run.See AlsoSQL Server installation and configurationPlanning email integrationPlanning email integrationThis section applies to Microsoft Dynamics CRM Online and on-premises versions of Microsoft Dynamics CRM 2013. To use the Microsoft Dynamics CRM email routing and tracking features, you must use one or both of the following software components to integrate your email system with your Microsoft Dynamics CRM deployment:?The Email Router provides centrally managed email routing for users, queues, and forward mailboxes. This is frequently the better option for on-premises, partner-hosted Microsoft Dynamics CRM, and some Microsoft Dynamics CRM Online deployments. With this method, email is routed to Microsoft Dynamics CRM regardless of whether the recipient is logged on.?Microsoft Dynamics?CRM for Microsoft Office Outlook provides email routing capabilities on a single user basis. This doesn’t require the Email Router, and is frequently the better option for smaller organizations that don’t have a full-time IT staff, or for organizations that use Microsoft Dynamics CRM Online. With this method, the actual email routing for each user occurs only while the user is logged on. If Microsoft Outlook isn’t running, email messages aren’t processed until Microsoft Outlook is started again.Important If your organization uses email queues, you must use the Email Router. Queues aren’t supported in CRM for Outlook.Microsoft Dynamics CRM Server 2013 can operate without Microsoft Exchange Server or a POP3 server. However, you won’t have Microsoft Dynamics CRM incoming email tracking capabilities. Also, Microsoft Dynamics CRM Server 2013 can operate without an SMTP server. However, you won’t have Microsoft Dynamics CRM outgoing email capabilities.Depending on your requirements, you may want to implement a solution that uses both the Email Router and CRM for Outlook. For example, if your Microsoft Dynamics CRM deployment hosts multiple organizations, or a single organization that has users who have varying needs, you may want to configure some users for the CRM for Outlook email routing method, and configure other users and queues for the Email Router.See AlsoPlanning requirements for Microsoft SQL Server Reporting ServicesMicrosoft Dynamics CRM Email RouterAdditional resources for Exchange ServerMicrosoft Dynamics CRM Email RouterThe Email Router is an optional interface component that integrates your email system with Microsoft Dynamics CRM, and routes qualified email messages to and from your Microsoft Dynamics CRM organization. This section provides guidelines for analyzing your organization’s requirements for integrating email with Microsoft Dynamics CRM, and outlines the things to consider when you plan, install, and configure an Email Router deployment.The Email Router enables you to configure an interface between your Microsoft Dynamics CRM deployment and one or more servers running Exchange Server, Exchange Online accounts, or POP3 servers, for incoming email. For outgoing email, one or more SMTP servers, Exchange Web Services (EWS), or Exchange Online accounts are supported. Email messages come into the Microsoft Dynamics CRM system through the Email Router. For more information, see Microsoft Dynamics CRM Email Router software requirements in this guide.Important Although it is supported, we do not recommend that you install the Email Router on a computer that is running Microsoft Exchange Server.Note You can deploy and run the Email Router on multiple computers in a Microsoft cluster to provide high availability and failover functionality. For more information, see Install E-mail Router on multiple computers in the Installing Guide. After you install the Email Router, you must run the Email Router Configuration Manager, an application that is installed during Microsoft Dynamics CRM Email Router Setup. You can use the Email Router Configuration Manager to configure the following:?One or more incoming profiles. An incoming profile contains the information about the email systems that will be used to process incoming email messages. ?One or more outgoing profiles. An outgoing profile contains the information about the email systems that will be used to process outgoing email messages.?One or more deployments. The Deployments area contains information about the Microsoft Dynamics CRM deployment and maps to an incoming and outgoing profile.?Users, queues, and forward mailboxes. This area contains information about each user that will use the Email Router for email tracking. You can also configure email routing for queues and define a forward mailbox. For more information about the Email Router Configuration Manager, see the following resources:?Microsoft Dynamics CRM E-mail Router Installation Instructions in the Installing Guide?Email Router Configuration Manager HelpEmail systemsThe Email Router can connect to one or more email servers running Microsoft Exchange Server or Exchange Online. The Email Router can also connect to POP3-compliant servers to provide incoming email routing. For outgoing email, you can use SMTP and EWS (Exchange Online only). For more information about the email server versions and protocols that Microsoft Dynamics CRM supports, see Microsoft Dynamics CRM Email Router software requirements in this guide.Exchange Server is an enterprise messaging system with the versatility to support various organizations. As with Active Directory and Microsoft Dynamics CRM, Exchange Server requires planning before it is deployed. Many documents are available from Microsoft that explain how to plan, deploy, and operate Exchange Server. For more information, see Additional resources for Exchange Server in this work topology and email trafficThe overall requirements to deploy and configure an effective Microsoft Dynamics CRM email solution for a small business are similar to those of a large enterprise. However, a small business might not have an IT department. As you plan your email solution, consider the details of your particular IT environment, such as who is responsible for network administration, what is allowed for Email Router placement, use of forward mailbox and forwarding rules. To optimize performance, carefully consider the size, complexity, and geographical distribution of your network. The location of your email servers, the number of users who will route email to and from Microsoft Dynamics CRM, expected traffic levels, and the frequency and size of attachments should help guide your decisions. For example, an international enterprise-level Microsoft Dynamics CRM deployment might have user and queue mailboxes in multiple sites, regions, or countries. Such a deployment may accommodate multiple Microsoft Dynamics CRM organizations and multiple email server configurations. The email servers might be located inside or outside the corporate domain, separated by firewalls. A small business deployment, on the other hand, will typically have a relatively small number of users and significantly less email traffic. Frequently, there will be no full-time IT department to configure and maintain an Email Router deployment. Avoid mailbox storage problemsEvery organization has its own unique requirements for email message routing and storage. To avoid problems that can result from overtaxing your system's storage capacity, consider the following when you plan an Email Router deployment:?All email messages?Email messages in response to CRM email?Email messages from CRM Leads, Contacts, and Accounts?Email messages from Microsoft Dynamics CRM records that are email enabledFor more information, see E-mail message filtering and correlation in this guide.?What storage quotas should be applied to each mailbox? For more information about how to apply mailbox storage quotas and managing automated messages that are sent to mailbox owners when their size limit is exceeded, see the documentation for your email system.?How long should email messages be stored? For more information about automatically archiving or deleting email messages, see the documentation for your email system.Like CRM for Outlook, the Microsoft Dynamics CRM Online Email Router lets you track CRM-related information automatically. The email tracking functionality in the Email Router operates in the manner described in the E-mail message filtering and correlation topic. The Email Router also lets you send and receive emails through CRM Online.See AlsoPlanning email integrationE-mail message filtering and correlationForward mailbox vs. individual mailboxesMicrosoft Dynamics CRM user optionsE-mail message filtering and correlationThis section applies to Microsoft Dynamics CRM Online and on-premises versions of Microsoft Dynamics CRM 2013. The Email Router can automatically create e-mail activities in Microsoft Dynamics CRM, which are based on received e-mail messages. This type of automation is known as e-mail message tracking. Users can select a filtering option that determines what e-mail messages will be tracked in Microsoft Dynamics CRM. Filtering is set on the E-mail tab of the Set Personal Options dialog box in the Microsoft Dynamics CRM client applications. The user filtering options are as follows:?All e-mail messages. All e-mail messages that are received by the user will have activities created.?E-mail messages in response to CRM e-mail. Only the replies to an e-mail message that is already tracked will be saved as e-mail activities. This option uses smart matching to relate e-mail messages to activities.?E-mail messages from CRM Leads, Contacts, and Accounts. Only e-mail messages sent from leads, contacts, and accounts that exist in the Microsoft Dynamics CRM database are saved as activities.?E-mail messages from Microsoft Dynamics CRM records that are e-mail enabled. E-mail messages are tracked from any record type, including customized record types, that contain an e-mail address.By default, the E-mail messages in response to CRM e-mail option is enabled. Correlation occurs after an e-mail message is filtered. System administrators can turn off all message tracking for a particular user by setting the E-mail Access Type - Incoming value to None on the General tab on the User form.Microsoft Dynamics CRM 2013 tracking tokensTracking tokens increase the probability for e-mail identification and matching. You can use the tracking token feature to improve e-mail message tracking. A tracking token is an alphanumeric string generated by Microsoft Dynamics CRM and appended to the end of an e-mail subject line. It matches e-mail activities with e-mail messages.You can turn tacking tokens on or off, and configure them to be unique for a specific Microsoft Dynamics CRM organization. This means that a company with a deployment that has multiple Microsoft Dynamics CRM organizations (such as for a large conglomerate), can configure tracking tokens that are unique to each deployment. To configure tracking tokens, do the following:1.On the nav bar, click or tap Microsoft Dynamics CRM > Settings. Then click or tap Administration > System Settings.2.Click or tap the E-mail tab.Tracking tokens add an additional correlation component to smart matching. When Microsoft Dynamics CRM generates an outgoing e-mail activity, a resulting e-mail response arriving in the Microsoft Dynamics CRM system is then correlated to the originating activity.By default, for new installations of Microsoft Dynamics CRM 2013, Microsoft Dynamics CRM 2011, and upgraded Microsoft Dynamics CRM 4.0 organizations, the tracking token feature is turned on. The following figure and table show a tracking token and the parts that make up a tracking token.Tracking token structureThe following table lists tracking-token parts and descriptions.PartDescriptionPrefixConfigurable. Default value = CRM. This can be unique for an organization or for a particular Microsoft Dynamics CRM deployment in an organization with multiple Microsoft Dynamics CRM deployments. We recommend that different Microsoft Dynamics CRM deployments use unique prefixes.Online-offline designatorNot configurable. One digit. 0 for Online. 1 for Offline. This part indicates if the user was online or offline when the e-mail activity was created.IDConfigurable. Default range is three (3) digits. This is a numeric identifier for the Microsoft Dynamics CRM user who generated the e-mail activity.NumberConfigurable. Default range is four (4) digits. This is a numeric identifier for the e-mail activity (not the individual messages that the activity contains). If you configure Microsoft Dynamics CRM to generate a token with a four-digit number, it will increment the number through 9999, and then restart the number at 0000. You can use a larger order of digits to reduce the possibility of assigning duplicate tokens to active e-mail threads.For more information about how to configure the tracking token, see the Microsoft Dynamics CRM Help.Smart matchingWhen an incoming e-mail message is processed by the Email Router, the system extracts information that is associated with the e-mail message subject, sender address, and recipient's addresses that link the e-mail activity to other Microsoft Dynamics CRM records. This correlation process, also known as smart matching, uses the following criteria to match received e-mail message information to e-mail activities:?Subject matching. Prefixes, such as RE: or Re:, and letter case are ignored. For example, e-mail message subjects with Re: hello and Hello would be considered a match.?Sender and recipient matching. The system calculates the number of exact sender and recipient e-mail addresses in common.When the matching process is complete, the system selects the owner and the object of the incoming e-mail message.By default, smart matching is turned on for new installations of Microsoft Dynamics CRM Server 2013 and Microsoft Dynamics CRM Server 2011, and for installations of Microsoft Dynamics CRM Server 2011 that have been upgraded from Microsoft Dynamics CRM 4.0 Server.Note You can disable, enable, and tune smart-matching settings in the System Settings area of the Microsoft Dynamics CRM application.See AlsoMicrosoft Dynamics CRM Email RouterForward mailbox vs. individual mailboxesSystem Settings dialog box - Email tabForward mailbox vs. individual mailboxesThis section applies to Microsoft Dynamics CRM Online and on-premises versions of Microsoft Dynamics CRM 2013. For incoming e-mail messages, you can configure the Email Router to monitor either of the following:?A forward mailbox, also known as a sink mailbox?Each user's or queue's mailboxImportant If your e-mail system does not allow rules where an e-mail message can be forwarded as an attachment, you must select Individual Mailbox Monitoring during Microsoft Dynamics CRM Email Router Setup. If you are using Microsoft Exchange Server, we recommend that you select Forward Mailbox Monitoring.Configuring the Email Router to use a forward mailbox gives Microsoft Dynamics CRM one central mailbox to monitor, instead of monitoring the mailbox of each user who needs Microsoft Dynamics CRM e-mail capabilities. Organizations that have to monitor a large number of mailboxes should consider using a forward mailbox to reduce the administrative effort. Monitoring many mailboxes can sometimes require maintaining access credentials in many incoming configuration profiles. For more information, see “Access credentials” in Configure the E-mail Router in the Installing Guide.By using a forward mailbox, you shift the administrative effort to the task of deploying a server-side forwarding rule to each user mailbox. The forwarding rule forwards all incoming e-mail messages as attachments to the centralized forward mailbox. For Exchange Server only, you can use the Rule Deployment Wizard (installed with the Email Router) to deploy forwarding rules. This can significantly reduce administration and maintenance requirements because the Rule Deployment Wizard can deploy forwarding rules to multiple Microsoft Dynamics CRM users at the same time.Important To use a forward mailbox with a Microsoft Dynamics CRM deployment that interfaces with a POP3-compliant e-mail system, the e-mail system must be able to forward e-mail messages as attachments. Also, for POP3 e-mail servers and Exchange Online, you cannot use the Rule Deployment Wizard. Instead, you must create the rules manually. For instructions, see “Create the rule manually” in Configure the E-mail Router in the Installing Guide.You can configure users and queues in different ways within the same Microsoft Dynamics CRM deployment. For example, you may want to configure some user or queue mailboxes to be monitored directly on one e-mail server, and configure others to use a forward mailbox on a different e-mail server.Forward mailbox monitoringWhen you use forward mailbox monitoring, incoming messages are processed by Microsoft Exchange Server or the POP3 server and the Email Router in the following sequence:1.A message is received by a Microsoft Dynamics CRM user or queue mailbox, on either the Exchange Server or the POP3 server.2.A rule in the user's mailbox sends a copy of the message to the Microsoft Dynamics CRM forward mailbox.3.The Email Router retrieves the message from the Microsoft Dynamics CRM forward mailbox and sends it to the computer that is running Microsoft Dynamics CRM Server 2013.See AlsoMicrosoft Dynamics CRM Email RouterE-mail message filtering and correlationMicrosoft Dynamics CRM user optionsMicrosoft Dynamics CRM user optionsThis section applies to Microsoft Dynamics CRM Online and on-premises versions of Microsoft Dynamics CRM 2013. This section describes the options available in Microsoft Dynamics CRM user records for sending and receiving e-mail messages.Incoming e-mail messaging optionsThe available incoming e-mail configurations that you can use when a user or a queue receives Microsoft Dynamics CRM e-mail messages are as follows:?None. Use this option for users or queues that do not use Microsoft Dynamics CRM to track received e-mail messages.?Microsoft Dynamics CRM for Outlook. This option is available for users and requires that Microsoft Office Outlook be installed on the user's computer. This option does not require the Email Router component and is not available for queues.?Server-Side Synchronization or E-mail Router. When you select this option, the server-side synchronization or Email Router will process Microsoft Dynamics CRM e-mail messages directly from the user's or queue's inbox, without using a forward or a sink mailbox. Although this option does not require a sink mailbox, it does make troubleshooting server-side synchronization or Email Router issues more complex for larger user bases (10 or more users) because each incoming e-mail message is processed by the server-side synchronization or Email Router in every user's mailbox instead of in a single dedicated mailbox.?Forward Mailbox. To use this option, you must install the Email Router. This option requires a sink mailbox, which is a dedicated mailbox that collects e-mail messages transferred from each Microsoft Dynamics CRM user's mailbox by a server-side rule. Although this option does not require users to run Outlook, it does require that the rule be deployed for each user. You use the Rule Deployment Wizard to deploy rules to each Microsoft Dynamics CRM user mailbox.Outgoing e-mail messaging optionsThe available outgoing e-mail configurations that you can use when users or queues send Microsoft Dynamics CRM e-mail messages are as follows:?None. Use this option for users or queues that do not use Microsoft Dynamics CRM to send e-mail messages.?Microsoft Dynamics CRM for Outlook. This option is available for users and requires that Microsoft Office Outlook be installed on the user's computer. This option does not require the Email Router component and is not available for queues.?Server-Side Synchronization or E-mail Router. This option delivers Microsoft Dynamics CRM e-mail messages by using the server-side synchronization or Email Router component. The e-mail system must be SMTP-compliant. The server-side synchronization or Email Router can be installed on the SMTP server or on a different computer that has a connection to the SMTP server.See AlsoMicrosoft Dynamics CRM Email RouterE-mail message filtering and correlationForward mailbox vs. individual mailboxesAdditional resources for Exchange ServerAdditional resources for Exchange ServerFor more information about how to plan to install Microsoft Exchange Server 2007, see the following:?Exchange Server 2007 PlanningFor more information about how to plan to install Microsoft Exchange Server 2010, see the following:?Planning for Exchange 2010See AlsoPlanning email integrationMicrosoft Dynamics CRM Email RouterMicrosoft Dynamics CRM user optionsOperating system and platform technology security considerations for Microsoft Dynamics CRM 2013Operating system and platform technology security considerations for Microsoft Dynamics CRM 2013In the broadest sense, security involves planning and considering tradeoffs between threats and access. For example, a computer can be locked in a vault and available only to one system administrator. This computer may be secure, but it is not very usable because it is not connected to any other computer. If your business users need access to the Internet and your corporate intranet, you must consider how to make the network both secure and usable.The following sections contain links to information about how you can make your computing environment more secure. Ultimately, Microsoft Dynamics CRM data security largely depends on the security of the operating system and the required and optional software components.In This TopicSecuring Windows ServerSecuring SQL ServerSecuring Exchange Server and OutlookSecuring mobile devicesSecuring Windows ServerWindows Server, the foundation of Microsoft Dynamics CRM, provides sophisticated network security. The Kerberos version-5 authentication protocol that is integrated into Active Directory and Active Directory Federation Services (AD FS) allows you to federate Active Directory domains by using claims-based authentication. Both give you powerful standards-based authentication. These authentication standards let users input a single user name and password logon combination for resource access across the network. Windows Server also includes several features that help make the network more secure.The following links take you to information about these features. You can learn how to help make your deployment of Windows Server more secure:?Windows Server 2012 ?Secure Windows Server 2012?Windows Server 2012 Security Baseline?Windows Server 2008?Secure Windows Server ?Windows Server 2008 Security Guide?Windows Server 2008 R2 Security Baseline and Windows Server 2008 Security BaselineWindows error reportingMicrosoft Dynamics CRM requires the Windows Error Reporting (WER) service, which Setup will install if it is missing. The WER service collects information, such as IP addresses. These are not used to identify users. The WER service does not intentionally collect names, addresses, e-mail addresses, computer names, or any other form of personally identifying information. It is possible that such information may be captured in memory or in the data collected from open files, but Microsoft does not use it to identify users. In addition, some information that is transmitted between the Microsoft Dynamics CRM application and Microsoft may not be secure. For more information about the type of information that is transmitted, see Privacy statement for the Microsoft Error Reporting Service.Important By default, automatic error reporting is not enabled in Microsoft Dynamics CRM. For more information about how to enable automatic error reporting for Microsoft Dynamics CRM, see Enable Windows Error Reporting. Virus, malware, and identity protectionTo help protect your identity and your system against malware or viruses, see the following resources:?Microsoft Security. This page is an entry point for tips, training, and guidance about how to keep your computer up-to-date and prevent your computer from being susceptible to exploitation, spyware, and viruses.?Security TechCenter. This page has links to technical bulletins, advisories, updates, tools, and guidance designed to make computers and applications up-to-date and more secure.Update managementMicrosoft Dynamics CRM updates include security, performance, and functional improvements. Making sure that your Microsoft Dynamics CRM applications have the latest updates helps make sure that your system is running as efficiently and reliably as it can.For information about how to manage updates, see the following:?Windows Server Update Services?Update Management in System Center Essentials?Managing Software Updates in Windows Small Business Server 2008?Update Management in Windows Server 2012: Revealing Cluster-Aware Updating and the New Generation of WSUSSecuring SQL ServerBecause Microsoft Dynamics CRM relies on SQL Server, make sure that you take the following measures to improve the security of your SQL Server database:?Make sure that the latest operating system and SQL Server service packs (SP) and updates are applied. Check the Microsoft Security Web site for the latest details.?Make sure that all SQL Server data and system files are installed on NTFS partitions for file system-level security. You should make the files available only to administrative or system-level users through NTFS permissions. This helps to safeguard against users who access those files when the MSSQLSERVER service is not running.?Use a low-privilege domain account. Or, you can specify the Network Service or the Local System Account for SQL Server services. However, we do not recommend that you use these accounts because Domain User accounts can be configured with less permission to run the SQL Server services. The Domain User account should have minimal rights in the domain and should help contain (but will not stop) an attack on the server if there is a compromise. In other words, this account should have only local user-level permissions in the domain. If SQL Server is installed by using a Domain Administrator account to run the services, a compromise of SQL Server will lead to a compromise of the entire domain. If you have to change this setting, use SQL Server Management Studio to make the change, because the access control lists (ACLs) on files, the registry, and user rights will be changed automatically.?SQL Server authenticates users who have either Windows Authentication or SQL Server credentials. We recommend that you use Windows Authentication for single sign-on ease of use and to provide the most secure authentication method.?By default, the auditing of the SQL Server system is disabled so that no conditions are audited. This makes intrusion detection difficult and aids attackers with covering their tracks. At a minimum, you should enable auditing of failed logins.?Report Server administrators can enable RDL Sandboxing to restrict access to the Report Server. More information: Enabling and Disabling RDL Sandboxing?Each SQL login is configured to use the master database as the default database. Although users should not have rights to the master database, as a best practice, you should change the default for every SQL login (except those with the SYSADMIN role) to use OrganizationName_MSCRM as the default database. More information: Securing SQL ServerSecuring Exchange Server and OutlookThe following considerations are for Microsoft Exchange Server, and some are specific to Exchange Server in a Microsoft Dynamics CRM environment:?Exchange Server contains a rich series of mechanisms for precise administrative control of its infrastructure. In particular, you can use administrative groups to collect Exchange Server objects, such as servers, connectors, or policies, and then modify the ACLs on those administrative groups to make sure that only certain users can access them. You may, for example, want to give Microsoft Dynamics CRM administrators some control over servers that directly affect their applications. When you implement efficient use of administrative groups, you can make sure that you give Microsoft Dynamics CRM administrators only the rights that they require to perform their jobs.?Frequently, you may find it convenient to create a separate organizational unit (OU) for Microsoft Dynamics CRM users, and give Microsoft Dynamics CRM administrators limited administrative rights over that OU. They can make the change for any user in that OU, but not for any user outside it.?You should make sure that you adequately protect against unauthorized e-mail relay. E-mail relay is a feature that lets an SMTP client use an SMTP server to forward e-mail messages to a remote domain. By default, Microsoft Exchange Server 2003, Microsoft Exchange Server 2007, and Microsoft Exchange Server 2010 are configured to prevent e-mail relay. The settings that you configure will depend on your message flow and configuration of your Internet service provider's (ISP) e-mail server. However, the best way to approach this problem is to lock down your e-mail relay settings and then gradually open them to allow e-mail to flow successfully. For more information, see the Exchange Server Help.?If you use forward mailbox monitoring, the Email Router requires an Exchange Server or POP3-compliant mailbox. We recommend that the permission on this mailbox be set to prevent other users from adding server-side rules. For more information about Exchange Server mailboxes, see Mailbox Permissions. ?The Microsoft Dynamics CRM Email Router service operates under the Local System Account. This enables the Email Router to access a specified user's mailbox and process e-mail in that mailbox.For more information about how to make Exchange Server more secure, see the following:?Microsoft Exchange Server 2013 or Microsoft Exchange Server 2010, see the Deployment Security Checklist.?Microsoft Exchange Server 2007, see Security and Protection.Securing mobile devicesAs organizations move to support an increasingly mobile workforce, strong security remains essential. The following resources provide information and best practices for mobile devices, such as smartphones and tablets:?How to Manage Mobile Devices by Using Configuration Manager and Windows Intune?Windows Phone for business?Security Considerations (Microsoft Surface)?iOS in Business (iPad and iPhone)See AlsoPlanning Deployment of Microsoft Dynamics CRM 2013Planning email integrationSecurity considerations for Microsoft Dynamics CRM 2013Security considerations for Microsoft Dynamics CRM 2013Microsoft Dynamics CRM 2013 introduces several improvements that help make your deployment more secure. This section provides information and best practices for the Microsoft Dynamics CRM application. More information: Overview of security for Microsoft Dynamics CRMIn This TopicWhat kind of service account should I choose?Minimum permissions required for Microsoft Dynamics CRM Setup and servicesMicrosoft Dynamics CRM installation filesWhat kind of service account should I choose?When you specify an identity to run a Microsoft Dynamics CRM service, you can choose either a domain user account or the Network Service account.If the service interacts with network services, accesses domain resources like file shares or if it uses linked server connections to other computers, you can use a minimally-privileged domain account. Many server-to-server activities can be performed only with a domain user account and can provide the most secure option. This account should be pre-created by domain administration in your environment.Note When you configure a service to use a domain account, you can isolate the privileges for the application, but must manually manage passwords or create a custom solution for managing these passwords. Many server applications use this strategy to enhance security, but this strategy requires additional administration and complexity. In these deployments, service administrators spend a considerable amount of time on maintenance tasks such as managing service passwords and service principal names (SPNs), which are required for Kerberos authentication. In addition, these maintenance tasks can disrupt service.The Network Service account is a built-in account that has more access to resources and objects than members of the Domain Users group. Services that run as the Network Service account access network resources by using the credentials of the computer account in the format <domain_name>\<computer_name>$. The actual name of the account is NT AUTHORITY\NETWORK SERVICE.Minimum permissions required for Microsoft Dynamics CRM Setup and servicesMicrosoft Dynamics CRM is designed so that its features can run under separate identities. By specifying a domain user account that is granted only the permissions necessary to enable a particular feature to function, you help secure the system and reduce the likelihood of exploitation. This topic describes the minimum permissions that are required by the user account for Microsoft Dynamics CRM services and features.Microsoft Dynamics CRM Server SetupThe user account used to run Microsoft Dynamics CRM Server Setup that includes the creation of databases requires the following minimum permissions:?Be a member of the Active Directory Domain Users group. By default, Active Directory Users and Computers adds new users to the Domain Users group.?Be a member of the Administrators group on the local computer where Setup is running. ?Have Local Program Files folder read and write permission. ?Be a member of the Administrators group on the local computer where the instance of SQL Server is located that will be used to store the Microsoft Dynamics CRM databases.?Have sysadmin membership on the instance of SQL Server that will be used to store the Microsoft Dynamics CRM databases.?Have organization and security group creation permission in Active Directory. Alternatively, you can use a Setup XML configuration file to install Microsoft Dynamics CRM Server 2013 when security groups have already been created. For more information, see Use the Command Prompt to Install Microsoft Dynamics CRM in the Installing Guide.?If Microsoft SQL Server Reporting Services is installed on a different server, you must add the Content Manager role at the root level for the installing user account. You must also add the System Administrator Role at the site-wide level for the installing user account.Microsoft Dynamics CRM services and IIS application pool identity permissionsThis section lists the minimum permissions that domain user accounts require for the services and the IIS application pools that Microsoft Dynamics CRM uses.Important ?Microsoft Dynamics CRM services and application pool (CRMAppPool) identity accounts must not be configured as a Microsoft Dynamics CRM user. Doing so can cause authentication issues and unexpected behavior in the application for all Microsoft Dynamics CRM users. More information:Problems in CRM when the CRMAppPool user account is a CRM user ?Managed service accounts (group-managed service accounts (gMSA) or single-managed service accounts) and virtual accounts (NT SERVICE\,<SERVICENAME>) aren’t supported for running Microsoft Dynamics CRM services.The following subsections describe the domain user account permissions required for each service or application pool identity:Microsoft Dynamics CRM Sandbox Processing ServiceMicrosoft Dynamics CRM Asynchronous Processing Service and Microsoft Dynamics CRM Asynchronous Processing Service (maintenance) servicesMicrosoft Dynamics CRM Monitoring ServiceMicrosoft Dynamics CRM VSS Writer serviceDeployment Web Service (CRMDeploymentServiceAppPool Application Pool identity)Application Service (CRMAppPool IIS Application Pool identity)Microsoft Dynamics CRM Sandbox Processing Service?Domain Users membership.?That account must be granted the Logon as service permission in the Local Security Policy.?Folder read and write permission on the Trace, by default located under \Program Files\Microsoft Dynamics CRM\Trace, and user account %AppData% folders on the local computer.?Read permission to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM subkey in the Windows registry.?The service account may need an SPN for the URL used to access the website that is associated with it. To set the SPN for the Sandbox Processing Service account, run the following command at a command prompt on the computer where the service is running.SETSPN –a MSCRMSandboxService/<ComputerName> <service account>Microsoft Dynamics CRM Asynchronous Processing Service and Microsoft Dynamics CRM Asynchronous Processing Service (maintenance) services?Domain Users membership.?PrivUserGroup and SQLAccessGroup membership. By default, these groups are created and appropriate membership is granted during Microsoft Dynamics CRM Server Setup.?Built-in local group Performance Log Users membership.?That account must be granted the Logon as service permission in the Local Security Policy.?Folder read and write permission on the Trace folder, by default located under \Program Files\Microsoft Dynamics CRM\, and user account %AppData% folder on the local computer.?Read and write permission to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM and HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSCRMSandboxService subkeys in the Windows registry.?The service account may need an SPN for the URL used to access the website that is associated with it. To set the SPN for the Asynchronous Service account, run the following command at a command prompt on the computer where the service is running.SETSPN –a MSCRMAsyncService/<ComputerName> <service account>Microsoft Dynamics CRM Monitoring Service?Domain Users membership.?That account must be granted the Logon as service permission in the Local Security Policy.?Read permission to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM?SQLAccessGroup membership. By default, this group is created and appropriate membership is granted during Microsoft Dynamics CRM Server Setup.?The service account may need an SPN for the URL used to access the website that is associated with it. Microsoft Dynamics CRM VSS Writer service?Domain Users membership.?That account must be granted the Logon as service permission in the Local Security Policy.?Read permission to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM?PrivUserGroup and SQLAccessGroup membership. By default, these groups are created and appropriate membership is granted during Microsoft Dynamics CRM Server Setup.Deployment Web Service (CRMDeploymentServiceAppPool Application Pool identity)?Domain Users membership.?That account must be granted the Logon as service permission in the Local Security Policy.?Local administrator group membership on the computer where SQL Server is running is required to perform organization database operations (such as create new or import organization). ?Local administrator group membership on the computer where the Deployment Web Service is running.?Sysadmin permission on the instance of SQL Server to be used for the configuration and organization databases.?Folder read and write permission on the Trace and CRMWeb folders, by default located under \Program Files\Microsoft Dynamics CRM\, and user account %AppData% folder on the local computer.?Read and write permission to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM and HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSCRMSandboxService subkeys in the Windows registry.?PrivUserGroup and SQLAccessGroup membership. By default, these groups are created and appropriate membership is granted during Microsoft Dynamics CRM Server Setup.?CRM_WPG group membership. This group is used for IIS worker processes. The group is created and the membership is added during Microsoft Dynamics CRM Server Setup.?The service account may need an SPN for the URL used to access the website that is associated with it.Application Service (CRMAppPool IIS Application Pool identity)?Domain Users group membership. ?Built-in local group Performance Log Users membership.?Folder read and write permission on the Trace and CRMWeb folders, by default located under \Program Files\Microsoft Dynamics CRM\, and user account %AppData% folder on the local computer.?Read and write permission to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM and HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSCRMSandboxService subkeys in the Windows registry.?CRM_WPG group membership. This group is used for IIS worker processes. The group is created and the membership is added during Microsoft Dynamics CRM Server Setup.?The service account may need an SPN for the URL used to access the website that is associated with it.IIS Application Pool identities running under Kernel-Mode authentication and SPNsBy default, IIS 7.0 and IIS 7.5 websites are configured to use Kernel-Mode authentication. When you run the Microsoft Dynamics CRM website by using Kernel-Mode authentication, you might not need to configure additional service principal names (SPNs) for the CRMAppPool identities. To determine whether your IIS deployment requires SPNs, see Service Principal Name (SPN) checklist for Kerberos authentication with IIS 7.0/7.5.Microsoft Dynamics CRM installation filesIf you plan to install Microsoft Dynamics CRM from a location on the network, such as a network share, you must make sure that the correct permissions are applied to the folder, preferably on an NTFS volume, where the installation files are located. For example, you may want to allow only members of the Domain Admins group permissions for the folder. This practice can help to reduce the risk of attacks on the installation files that may compromise or alter them. For more information about how to set permissions on files and folders on the Windows operating system, see Windows Help.See AlsoPlanning Deployment of Microsoft Dynamics CRM 2013Security best practices for Microsoft Dynamics CRMAdministration best practices for on-premises deployments of Microsoft Dynamics CRMNetwork ports for Microsoft Dynamics CRMKnown risks and vulnerabilitiesMicrosoft Dynamics CRM standards compliance and certificationMicrosoft Dynamics CRM 2013 server rolesSecurity best practices for Microsoft Dynamics CRMInternet Information Services (IIS) is a mature web service that is included with Windows Server. Microsoft Dynamics CRM depends on an efficient and secure IIS web service. Consider the following:?In the machine.config and web.config configuration files you can determine whether debugging is enabled, and also if detailed error messages are sent to the client. You should make sure that debugging is disabled on all production servers, and that a generic error message is sent to the client if a problem occurs. This avoids unnecessary information about the web server configuration being sent to the client.?For file system level security, we recommend that you install the IIS web root on an NTFS partition that doesn’t contain the operating system files. For example, C:\Inetpub is on a typical system partition that contains operating system files, whereas D:\Inetpub is not.?Make sure that the latest operating system and IIS service packs and updates are applied. For the latest information, see the Microsoft Security website.?Microsoft Dynamics CRM Server Setup creates application pools called CRMAppPool and CRMDeploymentServiceAppPool that operate under user credentials that you specify during Setup. To facilitate a least-privileged model, we recommend that you specify separate domain user accounts for these application pools instead of using the Network Service account. Additionally, we recommend that no other -connected application be installed under these application pools. For information about the minimum permissions required for these components, see “Minimum permissions required for Microsoft Dynamics CRM Setup, services, and components” in Security considerations for Microsoft Dynamics CRM 2013 in this guide.Important ?All websites that are running on the same computer as the Microsoft Dynamics CRM website can also have access to the CRM database.?If you use a domain user account, before you run Microsoft Dynamics CRM Server Setup, you may need to verify that the service principal name (SPN) is set correctly for that account, and if necessary, set the correct SPN. For more information about SPNs and how to set them, see How to use SPNs when you configure Web applications that are hosted on IIS.Service principal name management in Microsoft Dynamics CRM 2013The service principal name (SPN) attribute is a multivalued, nonlinked attribute that is built from the DNS host name. The SPN is used during mutual authentication between the client and the server hosting a particular service. The client finds a computer account based on the SPN of the service to which it is trying to connect. The Microsoft Dynamics CRM Server 2013 installer deploys role-specific services and web application pools that operate under user credentials specified during Setup. To review the complete list of these roles and their permission requirements, see Minimum permissions required for Microsoft Dynamics CRM Setup and services. When you deploy a hosted Microsoft Dynamics CRM infrastructure, two of these roles may require additional consideration:?Deployment Web Service?Application ServiceIn web farm scenarios, as is the case for a hosted offering, the recommendation is to leave kernel-mode authentication enabled. In addition, you should closely consider using separate domain user accounts to run these services because:?Having separate service accounts for these server roles facilitates being able to implement hardware load balancing.?The Deployment Web Service server role requires elevated permissions to provision organizations in the CRM database. If you want to adhere to a least-privileged model, the safest approach for implementing SPNs in a hosted Microsoft Dynamics CRM infrastructure involves having the Deployment Web Service run under a different domain user account than the Application Service.If you follow this suggestion to use separate domain accounts for these server roles, you should check to make sure that the SPN is correct for each account before you start Microsoft Dynamics CRM Server Setup. This will make it easier for you to set the correct SPN when necessary. If kernel-mode authentication is enabled, the SPNs will be defined for the machine account, regardless of the specified service account. When you implement a web farm, enable kernel-mode authentication and change the local ApplicationHost.config file. If application and deployment web services are running on the same system, and kernel-mode authentication is disabled, you could configure both services to run under the same domaikuser account to prevent duplicate SPN issues. If you can’t enable kernel-mode authentication, install the Application and Deployment web services on separate systems. The SPNs may still need to be created manually since kernel-mode authentication is disabled.For more information about SPNs and how to set them, see Service Principal Name (SPN) checklist for Kerberos authentication with IIS 7.0/7.5See AlsoSecurity considerations for Microsoft Dynamics CRM 2013Administration best practices for on-premises deployments of Microsoft Dynamics CRMAdministration best practices for on-premises deployments of Microsoft Dynamics CRMBy following some simple rules of administration, you can significantly improve the security of your Microsoft Dynamics CRM on-premises deployment.?Typically, there is no need for CRM users to have administrative privileges over the domain. Therefore, all CRM user accounts should be restricted to Domain Users membership. Also, following the principle of least-privilege, anyone who uses the CRM system should have minimal rights. This starts at the domain level. A domain user account should be created and used to run CRM. Domain Administrator accounts should never be used to run CRM.?Limit the number of Microsoft Dynamics CRM Deployment Administrator and System Administrator roles to a few people who are responsible for rule changes. Others who are SQL Server, Microsoft Exchange Server, or Active Directory administrators do not have to be members of the CRM users group.?Make sure that at least two or three trusted people have the Deployment Administrator role. This avoids system lockout if the primary Deployment Administrator is unavailable.?In some organizations it is a common practice to reuse passwords across systems and domains. For example, an administrator responsible for two domains may create Domain Administrator accounts in each domain that use the same password, and even set local administrator passwords on domain computers that are the same across the domain. In such a case, a compromise of a single account or computer could lead to a compromise of the entire domain. Passwords should never be reused in this manner.?It is also common practice to use Domain Administrator accounts as service accounts for common services such as back-up systems. However, it is a security risk to use Domain Administrator accounts as service accounts. The password can easily be retrieved by anyone who has administrative rights over the computer. In such a case, the compromise could affect the entire domain. Service accounts should never be Domain Administrator accounts, and they should be limited in privilege as much as possible. ?A domain user account that is specified to run a Microsoft Dynamics CRM service must not also be configured as a CRM user. This can cause unexpected behavior in the application.See AlsoSecurity considerations for Microsoft Dynamics CRM 2013Security best practices for Microsoft Dynamics CRMNetwork ports for Microsoft Dynamics CRMMicrosoft Dynamics CRM security modelNetwork ports for Microsoft Dynamics CRMThis section describes the ports that are used for Microsoft Dynamics CRM. This information is helpful as you configure the network when users connect through a firewall.In This TopicNetwork ports for the Microsoft Dynamics CRM web applicationNetwork ports for the Asynchronous Service, Web Application Server, and Sandbox Processing Service server rolesNetwork ports for the Deployment Web Service server roleNetwork ports that are used by the SQL Server that runs the SQL Server and Microsoft Dynamics CRM Reporting Extensions server rolesNetwork ports for the Microsoft Dynamics CRM web applicationThe following table lists the ports used for a server that is running a Full Server installation of Microsoft Dynamics CRM. Moreover, except for the Microsoft SQL Server role, and the Microsoft Dynamics CRM Reporting Extensions server role, all server roles are installed on the same computer.ProtocolPortDescriptionExplanationTCP80HTTPDefault web application port. This port may be different as it can be changed during Microsoft Dynamics CRM Server Setup. For new websites, the default port number is 5555.TCP135MSRPCRPC endpoint resolution.TCP139NETBIOS-SSNNETBIOS session service.TCP443HTTPSDefault secure HTTP port. The port number may differ from the default port. This secure network transport must be manually configured. Although this port is not required to run Microsoft Dynamics CRM, we strongly recommend it. For information about how to configure HTTPS for CRM, see “Make Microsoft Dynamics CRM client-to-server network communications more secure” in Post-Installation and Configuration Guidelines in the Installing Guide. TCP445Microsoft-DSActive Directory service required for Active Directory access and authentication.UDP123NTPNetwork Time Protocol.UDP137NETBIOS-NSNETBIOS name service.UDP138NETBIOS-dgmNETBIOS datagram service.UDP445Microsoft-DSActive Directory service required for Active Directory access and authentication.UDP1025BlackjackDCOM, used as an RPC listener.Important Depending on your domain trust configuration, additional network ports may need to be available for Microsoft Dynamics CRM to work correctly. More information: How to configure a firewall for domains and trustsNetwork ports for the Asynchronous Service, Web Application Server, and Sandbox Processing Service server rolesThe following table lists the additional ports that are used for a deployment where the Sandbox Processing Service is running on a separate computer.ProtocolPortDescriptionExplanationTCP808CRM server role communicationThe Asynchronous Service and Web Application Server services communicate to the Sandbox Processing Service through this channel. The default port is 808, but can be changed in the Windows registry by adding the DWORD registry value TcpPort in the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSCRM\.Network ports for the Deployment Web Service server roleThe following table lists the additional port that is used by the Deployment Web Service server role.ProtocolPortDescriptionExplanationTCP808Used for Fetch-based reports Client computers that are running Fetch-based reports communicate over this port when communicating with the computer that is running the Deployment Web Service server work ports that are used by the SQL Server that runs the SQL Server and Microsoft Dynamics CRM Reporting Extensions server rolesThe following table lists the ports that are used for a computer that is running SQL Server and has only SQL Server and the Microsoft Dynamics CRM Reporting Extensions (SRS Data Connector) server roles installed.ProtocolPortDescriptionExplanationTCP135MSRPCRPC endpoint resolution.TCP139NETBIOS-SSNNETBIOS session service.TCP445Microsoft-DSActive Directory service required for Active Directory access and authentication.TCP1433ms-sql-s SQL Server sockets service. This port is required for access to SQL Server. This number may be different if you have configured your default instance of SQL Server to use a different port number or you are using a named instance.UDP123NTPNetwork Time Protocol.UDP137NETBIOS-NSNETBIOS name service.UDP138NETBIOS-dgmNETBIOS datagram service.UDP445Microsoft-DSActive Directory service required for Active Directory access and authentication.UDP1025BlackjackDCOM, used as an RPC listener.Important In addition to the ports listed previously, UDP port 1434 (SQL Server Browser Service) on the SQL Server is required by Microsoft Dynamics CRM Server Setup to return a list of the computers that are running SQL Server during the installation of Microsoft Dynamics?CRM Server. To work around this, specify the SQLServer\InstanceName during Setup.See AlsoMicrosoft Dynamics CRM security modelKnown risks and vulnerabilitiesKnown risks and vulnerabilitiesThis topic describes the risks and vulnerabilities that may exist when you use Microsoft Dynamics CRM. Mitigations and workarounds are also described when applicable.In This TopicRisks when users connect to CRM over an unsecured networkSecurity recommendations on server role deploymentsAnonymous authenticationIsolate the HelpServer role for Internet-facing deploymentsClaims-based authentication issues and limitationsSecure the <notLocalizable xmlns="">web.config</notLocalizable> fileOutbound Internet calls from custom code executed by the Sandbox Processing Service are enabledSecure server-to-server communicationDNS rebinding attacksRisks when users connect to CRM over an unsecured networkIssues that can occur when you run Microsoft Dynamics CRM without using Secure Sockets Layer (SSL) (HTTPS) are as follows:?Microsoft Dynamics CRM user provided data, including Visual chart definitions, can be altered over an unsecured HTTP connection by using "man in the middle" type attacks. To mitigate this vulnerability, configure Microsoft Dynamics CRM to only use SSL. For more information about how to configure Microsoft Dynamics CRM Server 2013 to use SSL, see Make Microsoft Dynamics CRM client-to-server network communications more secure.Security recommendations on server role deploymentsThe following recommendations can help make your Microsoft Dynamics CRM deployment more reliable and secure.Server roleRecommendationSandbox Processing ServiceInstall this role to a dedicated server on a separate virtual LAN (VLAN) from other computers that are running Microsoft Dynamics CRM roles. Then, if there is a malicious plug-in running in the sandbox that exploits the computer, the network isolation from a separate VLAN can help protect other CRM resources from being compromised.Help ServerInstall this role on a separate computer for both IFD and internally-facing deployments. For more information, see Isolate the HelpServer role for Internet-facing deployments later in this topic.Anonymous authenticationMicrosoft Dynamics CRM Internet-facing deployment (IFD) requires anonymous authentication enabled on IIS for claims-based authentication. Notice that the claims-based authentication token doesn’t contain raw credentials or the connection string to Microsoft Dynamics?CRM Server. However, the web.config file does contain configuration information about the authentication mode. For more information, see Secure the <notLocalizable xmlns="">web.config</notLocalizable> file later in this topic. To secure the Microsoft Dynamics CRM website, use SSL.Isolate the HelpServer role for Internet-facing deploymentsMicrosoft Dynamics CRM Internet-facing deployment (IFD) require anonymous authentication. Because anonymous website authentication is used, the virtual directory used by the Microsoft Dynamics CRM Help site can be targeted for denial of service (DoS) attacks. To isolate the Microsoft Dynamics CRM Help pages, and help protect the other Microsoft Dynamics CRM 2013 roles from potential DoS attacks, consider installing the Help Server role on a separate computer. For more information about the options for installing Microsoft Dynamics CRM roles on separate computers, see Microsoft Dynamics CRM 2013 server roles. For more information about reducing the risk of DoS attacks, see Improving Web Application Security: Threats and Counter-measures.Claims-based authentication issues and limitationsThis topic describes issues and limitations when you use claims-based authentication with Microsoft Dynamics CRM.Verify that the identity provider uses a strong password policyWhen you use claims-based authentication, we recommend that you verify that the identity provider that is trusted by the security token service (STS) and, in turn, Microsoft Dynamics CRM, enforces strong password policies. Microsoft Dynamics CRM itself doesn’t enforce strong passwords. By default, when it is used as an identity provider, Active Directory enforces a strong password policy.AD FS federation server sessions are valid up to 8 hours even for deactivated or deleted usersBy default, Active Directory Federation Services (AD FS) server tokens allocate a web single sign-on (SSO) cookie expiration of eight (8) hours. Therefore, even when a user is deactivated or deleted from an authentication provider, such as AD FS 2.0, as long as the user session is still active the user can continue to be authenticated to secure resources.To work around this issue, choose from the following options. ?Disable the user in Microsoft Dynamics CRM and in Active Directory. For information about how to disable a user in Microsoft Dynamics CRM, see Enable or disable a user record. For information about how to disable a user in Active Directory, see the Active Directory Users and Computers Help.?Reduce the web SSO lifetime. To do this, see the Active Directory Federation Services (AD FS) Management Help.Secure the The web.config file that is created by Microsoft Dynamics CRM does not contain connection strings or encryption keys. However, the file does contain configuration information about the authentication mode and strategy, view state information, and debug error message display. If this file is modified with malicious intent it can threaten the server where Microsoft Dynamics CRM is running. To help secure the web.config file, we recommend the following:?Grant permissions to the folder where the web.config file is located to include only those user accounts that require it, such as administrators. By default, the web.config file is located in the <drive:>Program Files\Microsoft Dynamics CRM\CRMWeb folder.?Limit the number of users who have interactive access to CRM servers, such as console logon permission.?Disable directory browsing on the CRM website. By default, this is disabled. For more information about how to disable directory browsing, see Internet Information Services (IIS) Manager Help.Outbound Internet calls from custom code executed by the Sandbox Processing Service are enabledBy default, outbound calls from custom code executed by the Microsoft Dynamics CRM Sandbox Processing Service that access services on the Internet are enabled. For high-security deployments of Microsoft Dynamics CRM, this could pose a security risk. If you do not want to allow outbound calls from custom code, such as CRM plug-ins or custom workflow activities, you can disable outbound connections from custom code executed by the Sandbox Processing Service by following the procedure here.Instead of blocking all outbound calls, you can enforce web access restrictions on sandboxed plug-ins. More information: Plug-in Isolation, Trusts, and StatisticsNotice that disabling outbound connections for custom code includes disabling calls to cloud platforms such as Windows Azure and Windows Azure SQL Database.Disable outbound connections for custom code on the computer that is running the sandbox processing service1.On the Windows Server computer where the Microsoft Dynamics CRM Sandbox Processing Service server role is installed, start Registry Editor and locate the following subkey: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\MSCRM2.Right-click MSCRM, point to New, click DWORD Value, type SandboxWorkerDisableOutboundCalls, and then press ENTER.3.Right-click SandboxWorkerDisableOutboundCalls, click Modify, type 1, and then press ENTER.4.Close Registry Editor.5.Restart the Sandbox Processing Service. To do this, click Start, type services.msc, and then press ENTER.6.Right-click Microsoft Dynamics CRM Sandbox Processing Service, and then click Restart.7.Close the Microsoft Management Console (MMC) Services snap-in.Secure server-to-server communicationBy default, Microsoft Dynamics CRM server-to-server communication, such as communication between the Web Application Server role and the server that is running Microsoft SQL Server, isn’t executed over a security channel. Therefore, information that is transmitted between servers may be susceptible to certain attacks, such as man-in-the-middle attacks. We recommend that you implement Internet Protocol security (IPsec) to help protect information that is transmitted between servers in your organization. IPsec is a framework of open standards for protecting communications over Internet Protocol (IP) networks through the use of cryptographic security services. More information: IPsecDNS rebinding attacksLike many web-based applications, Microsoft Dynamics CRM may be vulnerable to DNS rebinding attacks. This exploit involves misleading a web browser into retrieving pages from two different servers thereby trusting that the servers are from the same domain and subsequently breaking the Same Origin Policy. Using this technique, an attacker can tamper with CRM data by using the victim’s identity through cross-site scripting attacks on CRM pages.For more information about how to help protect against such attacks, see Protecting Browsers from DNS Rebinding Attacks.See AlsoSecurity considerations for Microsoft Dynamics CRM 2013Network ports for Microsoft Dynamics CRMMicrosoft Dynamics CRM 2013 supported configurationsMicrosoft Dynamics CRM standards compliance and certificationThe topics in this section contain information about Microsoft Dynamics CRM Server 2011 compliance with security standards and certification.Security standards complianceCompliance can affect many organizations, large and small, either through regulatory requirements or organizational policies. FIPS 140-2 complianceMicrosoft Dynamics CRM can be configured to be compliant with the Federal Information Processing Standard (FIPS) 140-2, which is a publication titled "Security Requirements for Cryptographic Modules." It specifies which encryption algorithms and hashing algorithms can be used, and how encryption keys are to be generated and managed. For more information about how to configure Microsoft Dynamics CRM Server 2011 for FIPS 140-2 compliance, see FIPS 140-2 Compliancy with Microsoft Dynamics CRM 2011. CertificationMicrosoft Dynamics CRM Server 2011 is certified for Windows Server 2008 R2. For a list of issues that were identified during logo certification, see MicrosoftDynamicsCRM2011WindowsLogo.doc on the Microsoft Dynamics?CRM?2011 Implementation Guide download page. See AlsoSecurity considerations for Microsoft Dynamics CRM 2013Microsoft Dynamics CRM 2013 supported configurationsMicrosoft Dynamics CRM 2013 supported configurationsThis section describes the supported network, domain, and server configurations for Microsoft Dynamics CRM, which supports multiple domains in either a native- or interim-mode environment.Active Directory requirementsThe Active Directory requirements are as follows:?The computers that run Microsoft Dynamics CRM Server 2013 roles and the computer that runs SQL Server, where the Microsoft Dynamics CRM databases are located, must be in the same Active Directory domain.?The Active Directory domain where a Microsoft Dynamics CRM Server 2013 role is located must run in Windows Server 2003 interim, Windows Server 2003 native, or any Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012 domain modes.?The Active Directory forest where a Microsoft Dynamics CRM Server 2013 role is located can run in Windows Server 2003 interim, Windows Server 2003, Windows Server 2008, or Windows Server 2012 forest functional levels.?The user account that is used to run a Microsoft Dynamics CRM service must be in the same domain as the computer that is running the Microsoft Dynamics CRM Server 2013 role.?The Microsoft Dynamics CRM security groups (PrivUserGroup, SQLAccessGroup, ReportingGroup, and PrivReportingGroup) must be in the same domain as the computer that is running Microsoft Dynamics CRM. These security groups can be located in the same organizational unit (OU) or in different OUs. To use security groups that are located in different OUs, you must install Microsoft Dynamics CRM Server 2013 by using an XML configuration file and specify the correct distinguished name for each pre-existing security group within the <Groups> element. More information: Sample server XML configuration file for installing with pre-created groupsWarning Direct user account membership in the Microsoft Dynamics CRM privusergroup security group is required and group membership nesting under privusergroup currently is not supported. Granting membership to privusergroup through another security group can cause system-wide failures in the CRM web application and reporting features. For example, if you add a security group named mycrmprivgroupusers to privusergroup, members of mycrmprivgroupusers will not resolve as privusergroup members. This includes the CRMAppPool or the SQL Server Reporting Services service identities.?For users who access Microsoft Dynamics CRM from another domain and are not using claims-based authentication, a one-way trust must exist in which the domain where the Microsoft Dynamics CRM Server 2013 is located trusts the domain where the users are located.Important To add users to Microsoft Dynamics CRM that are not authenticated by using claims-based authentication, a two-way forest trust is required.Single-server deploymentFor small user bases, a Microsoft Dynamics?CRM Server (any edition) can be deployed in a single-server configuration, with Microsoft Dynamics CRM Server 2013, SQL Server, Microsoft SQL Server Reporting Services, and optionally Microsoft Exchange Server installed and running on the same computer. Single-server deployments are not recommended for best experience in application performance and disaster recovery. There is one limitation to single-server deployments: the server where Microsoft Dynamics CRM Server 2013 is installed cannot also function as a domain controller. If the computer is a member server (not functioning as a domain controller), you can deploy the Microsoft Dynamics CRM Server 2013 Full Server server role on a single Windows Server that is also running the additional required products. Important Running Microsoft Dynamics CRM Server 2013 in a production environment on an Active Directory domain controller is not supported.Tip To reduce IT administration overhead, consider running Microsoft Dynamics CRM in the cloud. More information: Microsoft DynamicsSee AlsoPlanning Deployment of Microsoft Dynamics CRM 2013Microsoft Dynamics CRM multiple-server deploymentMicrosoft Dynamics CRM multiple-server deploymentMicrosoft Dynamics CRM Server 2013 deployments can include multiple servers, which provide additional performance and scaling benefits. However, with Microsoft Dynamics CRM Workgroup Server 2013, server roles cannot be installed on separate computers. Therefore, all server roles are installed on every computer where you install Microsoft Dynamics CRM Server 2013.Install server roles by running Microsoft Dynamics CRM Server SetupDuring Microsoft Dynamics CRM Server Setup, you can select to install a server role: ?Individually.?As one of the three predefined groups of server roles.?As a full server installation that includes all roles.Server roles let you increase flexibility and scalability of the Microsoft Dynamics CRM deployment. Note that all server roles must be running and available on the network to provide a fully functioning Microsoft Dynamics CRM system.Install server roles by running Microsoft Dynamics CRM Server 2013 at the command promptYou can install Microsoft Dynamics CRM Server roles and Microsoft Dynamics CRM Reporting Extensions from their respective installation disks or file download location unattended by using the command prompt. The required setup information is provided to the Setup program both as command-line parameters and as an XML configuration file that the Setup program references. More information: Use the Command Prompt to Install Microsoft Dynamics CRM.Microsoft Dynamics CRM Server 2013 placementFor improved application performance, the computer or computers that run the Microsoft Dynamics CRM Server 2013 roles and the computer that is running SQL Server should be on the same LAN. This is because of the large amount of network traffic passing between the computers. This is also recommended with Active Directory where the computer or computers on which Microsoft Dynamics CRM Server 2013 and the Active Directory domain controller are running should be on the same LAN to guarantee efficient Active Directory access to Microsoft Dynamics CRM.SQL Server and Active Directory domain controller placementFor each organization, Microsoft Dynamics CRM stores all customer relationship management data in a SQL Server database. Make sure that the computer on which SQL Server is running that maintains the Microsoft Dynamics CRM databases is located near the Microsoft Dynamics CRM Server 2013. This means there should be a high-speed, permanent network connection between the Microsoft Dynamics CRM Server 2013 and the computer that is running SQL Server. A network communications failure between these computers can result in data loss and service becoming unavailable. The same is true for Active Directory because Microsoft Dynamics CRM depends on it for security information. If communication with Active Directory is lost, Microsoft Dynamics CRM will not function correctly. If communication with Active Directory is inefficient, Microsoft Dynamics CRM performance will be affected. Therefore, it is important to put an Active Directory domain controller on the same high-speed, permanent network connection as the Microsoft Dynamics CRM and SQL Server computers.See AlsoMicrosoft Dynamics CRM 2013 supported configurationsMicrosoft Dynamics CRM 2013 server rolesSupport for Microsoft Dynamics CRM multiple-server topologiesMicrosoft Dynamics CRM 2013 server rolesIn Microsoft Dynamics CRM Server 2013, you can install specific server functionality, components, and services on different computers. These components and services correspond to specific server roles. For example, customers who have larger user bases can install the Front End Server role on two or more servers that run Internet Information Services (IIS) to increase throughput performance for users. Or, a Full Server role can be installed on one computer and Microsoft Dynamics CRM Reporting Extensions on another. If a server role is missing, Deployment Manager displays a message in the Messages area. Use one of the following options to install server roles:?Run the Microsoft Dynamics?CRM Server Setup Wizard to select one or more server role groups or one or more individual server roles. If Microsoft Dynamics CRM Server 2013 is already installed, you can use Programs and Features in Control Panel to add or remove server roles.?Configure an XML Setup configuration file and then run Setup at the command prompt to specify a server role group or one or more individual server roles. You cannot explicitly select the SQL Server "role" for installation during Microsoft Dynamics?CRM Server Setup. This is a logical role that SQL Server sets when you specify a particular instance of SQL Server, either local or on another computer (recommended) for use in the Microsoft Dynamics CRM deployment. For more information, see Microsoft Dynamics CRM 2013 Server XML configuration file.Note At any time after the initial installation of server roles, you can add or remove server roles in Control Panel. For more information, see Uninstall, change, or repair instructions.Important If you have a Microsoft Dynamics CRM deployment that includes one or more Front End Server and Back End Server roles, the Language Pack must be installed on the computer that has the Front End Server role. If you have deployed individual server roles, the Language Packs must be installed on the computers that are running the Web Application Server and the Help Server roles.In This TopicAvailable group server rolesAvailable individual server rolesScope definitionInstallation method definitionMicrosoft Dynamics CRM Server role requirementsAvailable group server rolesAlthough these server role groups are recommended for most deployments, any individual server role may be installed during Setup.All server roles must be running in your organization’s network to provide a fully functioning system.Server Role GroupDescriptionScopeInstallation MethodFull ServerContains all roles from Front End Server, Back End Server, and Deployment Administration Server. By default, Microsoft Dynamics?CRM Server Setup deploys the system as Full Server. In a Full Server deployment, server roles are not listed separately in Control Panel. To view the installed roles or make changes, right-click Microsoft Dynamics CRM Server 2013, click Uninstall/Change, and then click Configure.DeploymentFullFront End ServerEnables the server roles for running client applications and applications developed with the Microsoft Dynamics?CRM?SDK.DeploymentGroup or FullBack End ServerIncludes the server roles that handle processing asynchronous events, such as workflows and custom plug-ins, database maintenance, and email routing. These roles are usually not exposed to the Internet.For a list of server roles that are included in this group, see the following table. DeploymentGroup or FullDeployment Administration ServerEnables the server roles for components that are used to manage the Microsoft Dynamics CRM deployment either by using the methods described in the Microsoft Dynamics?CRM?SDK or the deployment tools. Also includes the interface for database disaster recovery support.For a list of server roles that are included in this group, see the following table.DeploymentGroup or FullAvailable individual server rolesServer RoleDescriptionServer GroupScopeInstallation MethodDiscovery Web ServiceFinds the organization that a user belongs to in a multi-tenant deployment.Front End ServerDeploymentIndividual, Group, or FullOrganization Web ServiceSupports running applications that use the methods described in the Microsoft Dynamics?CRM?SDK. Front End ServerDeploymentIndividual, Group, or FullWeb Application ServerRuns the Web Application Server that is used to connect users to Microsoft Dynamics CRM data. The Web Application Server role requires the Organization Web Service role.Front End ServerDeploymentIndividual, Group, or FullHelp ServerMakes Microsoft Dynamics CRM Help available to users.Front End ServerDeploymentIndividual, Group, or FullAsynchronous ServiceProcesses queued asynchronous events, such as workflows, bulk e-mail, or data import.Back End ServerDeploymentIndividual, Group, or FullSandbox Processing ServiceEnables an isolated environment to allow for the execution of custom code, such as plug-ins. This isolated environment reduces the possibility of custom code affecting the operation of the organizations.Back End ServerDeploymentIndividual, Group, or FullEmail Integration ServiceHandles sending and receiving of email messages by connecting to an external email server.Back End ServerDeploymentIndividual, Group, or FullDeployment Web ServiceManages the deployment by using the methods described in the Microsoft Dynamics?CRM?SDK.Deployment Administration ServerDeploymentIndividual, Group, or FullDeployment ToolsConsists of the Deployment Manager and Windows PowerShell cmdlets. Microsoft Dynamics CRM administrators can use the Windows PowerShell cmdlets to automate Deployment Manager tasks.Deployment Manager is a Microsoft Management Console (MMC) snap-in that deployment administrators can use to manage organizations, servers, and licenses for deployments of Microsoft Dynamics CRM. Deployment Administration ServerDeploymentIndividual, Group, or FullMicrosoft Dynamics CRM VSS WriterThe Microsoft Dynamics CRM VSS Writer service provides an interface to backup and restore Dynamics CRM data by using the Windows Server Volume Shadow Copy Service (VSS) infrastructure.Deployment Administration ServerDeploymentIndividual, Group, or FullMicrosoft Dynamics CRM Reporting ExtensionsProvides reporting functionality by interfacing with the Microsoft Dynamics CRM system and Microsoft SQL Server Reporting Services.N/ADeploymentIndividual by using srsDataConnectorSetup.exe.SQL ServerInstalls the MSCRM_CONFIG database on the SQL Server.N/ADeploymentIndividual during Microsoft Dynamics?CRM Server Setup or from Deployment Manager Edit Organization Wizard.Scope definition?Deployment. Each instance of the server role services the entire deployment.?Organization. Each instance of the server role services an organization. Therefore, you can use a different server role instance for a given organization.Installation method definition?Individual, Group, or Full. During Microsoft Dynamics?CRM Server Setup, you can install a server role individually, install one of the three predefined groups of server roles, or perform a Full Server installation that includes all roles. Or, you can select multiple individual server roles.?srsDataConnectorSetup.exe. Install this role on the computer where Microsoft SQL Server Reporting Services is running by using Microsoft SQL Server Reporting Services Setup.For more information about Microsoft Dynamics CRM server roles and multiple server deployment, see Install Microsoft Dynamics CRM Server 2013 on multiple computers in the Microsoft Dynamics CRM Planning Guide.Microsoft Dynamics CRM Server role requirementsThe following table describes the components necessary for each Microsoft Dynamics?CRM Server role. An "X" indicates the component is required for the Microsoft Dynamics?CRM Server role to install and function. Notice that, in most cases if a component is not already installed, Microsoft Dynamics?CRM Server Setup will install it.Microsoft Dynamics CRM Server Role PrerequisitesComponentBack End ServerFront End ServerDeployment Administration ServerMicrosoft SQL Server Reporting Services ReportViewer controlXSQL Server Native ClientXXXMicrosoft Application Error Reporting ToolXXXMicrosoft Visual C++ Runtime Library XXXWindows Identity Foundation (WIF) Framework XXXWindows Server 2008 Web Server RoleXXIndexing ServiceXMicrosoft .NET Framework 4XXXMicrosoft Chart Controls for Microsoft .NET FrameworkXWindows Azure platform AppFabric SDKXXXWindows PowerShellXMicrosoft URL Rewrite Module for IISXFile Server Resource ManagerXThe following table describes the group membership for the Active Directory that is used by Microsoft Dynamics CRM. An “X” indicates the group membership required for the service to function. Group Membership RequirementsServicePrivUserGroupSQLAccessGroupPrivReportingGroupReportingGroupDeployment Web Service service accountXXWeb Application Service*XXAsynchronous Service service accountXXSandbox Processing Service service account**SQL Server service accountXMicrosoft SQL Server Reporting Services server accountXXEmail Router service accountXInstalling User/Service accountXIndividual user accounts in Microsoft Dynamics CRMXUnzip Service service accountXMicrosoft Dynamics CRM VSS Writer service accountXX* The Web Application Service identity is applied to the CRMAppPool application pool. Subsequently, this identity is used by the Organization Service, Web Application, and Microsoft Dynamics CRM platform. ** The Sandbox Service does not need any Microsoft Dynamics CRM group membership. Note Email Router runs as a local system.Important ?The Installing user should be a separate service account, but it should not be used to run any services. ?If any of the service accounts are created as users in Microsoft Dynamics CRM, you may encounter various problems, some of which are potential security issues. See AlsoMicrosoft Dynamics CRM multiple-server deploymentSupport for Microsoft Dynamics CRM multiple-server topologiesSupport for Microsoft Dynamics CRM multiple-server topologiesThis section provides examples of various multiple-server topologies.In This TopicFive-server topologyMulti-forest and multi-domain with Internet access Active Directory topologyFive-server topologyThe five-server topology is for small to midsize user bases, typically 25 or fewer users concurrently using Microsoft Dynamics CRM. The following example depicts a possible configuration running a supported version of Windows Server and the required and optional software technologies. It also includes a Full Server deployment of Microsoft Dynamics?CRM Server that is configured for an Internet-facing deployment (IFD). For a complete list of the supported versions of the required and optional technologies, see Software requirements for Microsoft Dynamics CRM Server 2013.A five server topology can consist of the following configuration:?Server 1: Running on Microsoft Windows Server as a functioning domain controller.?Server 2: Running on Windows Server as a secondary domain controller and Active Directory Federation Services (AD FS) server.?Server 3: Running on Windows Server with IIS and an Active Directory Federation Services (AD FS) proxy.?Server 4: Running on Windows Server with an instance of Microsoft SQL Server the includes the database engine, Microsoft SQL Server Reporting Services, and Microsoft Dynamics CRM Reporting Extensions.?Server 5: Running on Windows Server, IIS, and a Full Server deployment of Microsoft Dynamics?CRM Server configured for Internet-facing deployment (IFD).?CRMWebClient, CRMforOutlook, tablet, and phone devices: These computers and devices are running applications that are available, connecting from the Internet or the LAN-based network, such as CRM for Outlook, Microsoft Dynamics CRM for tablets, and Microsoft Dynamics CRM for phones.Basic Microsoft Dynamics CRM 2013 five-server topology exampleMulti-forest and multi-domain with Internet access Active Directory topologyFor very large user bases that span multiple domains and, in some cases, forests, the following configuration is supported. The following example depicts a possible configuration running a particular version of Windows Server and required software, such as SQL Server and Microsoft SharePoint. The text and diagram show a possible deployment that lets users access Microsoft Dynamics CRM 2013 through the Internet by implementing Active Directory Federation Services (AD FS) supported by Front End Server roles that are isolated from user and resource domains on a perimeter network (also known as DMZ, demilitarized zone, and screened subnet) model. For a complete list of the supported versions of these software technologies, see Software requirements for Microsoft Dynamics CRM Server 2013.Forest X: Domain A: Perimeter subnet?Network Load Balanced (NLB) virtual server consisting of the following two nodes: ?Front End Server: Running Windows Server and Microsoft Dynamics?CRM Server with the Front End Server role.?Front End Server: Another Windows Server running Microsoft Dynamics?CRM Server with the Front End Server role.Note To use Microsoft Dynamics?CRM Server with NLB requires manual configuration. More information: Install Microsoft Dynamics CRM Server 2013 on multiple computers?Active Directory Federation Services (AD FS) Server: Running on Windows Server as the Internet-facing claims-based authentication security token service.Forest X: Domain A: Intranet?NLB virtual server consisting of the following two nodes: ?Windows Server, Microsoft SQL Server Reporting Services, and Microsoft Dynamics CRM Reporting Extensions for SQL Server Reporting Services (Server X).?Windows Server, Microsoft SQL Server Reporting Services, and Microsoft Dynamics CRM Reporting Extensions for SQL Server Reporting Services (Server Y).?NLB virtual server consisting of the following nodes:?Front End Server and Deployment Administration Server: Running Windows Server and Microsoft Dynamics?CRM Server with the Front End Server and Deployment Administration Server roles.?Front End Server and Deployment Administration Server: Another Windows Server running Microsoft Dynamics?CRM Server with the Front End Server and Deployment Administration Server roles.Note To use Microsoft Dynamics?CRM Server with NLB requires manual configuration. More information: Install Microsoft Dynamics CRM Server 2013 on multiple computers?Microsoft SQL Server failover cluster running the following two nodes: ?Windows Server, SQL Server database engine (Server X).?Windows Server, SQL Server database engine (Server Y).Note To use Microsoft Dynamics?CRM Server with SQL Server failover clustering requires manual configuration. More information: Install Microsoft Dynamics CRM Server 2013 to use a Microsoft SQL Server 2008 cluster environment?Windows Server running the Asynchronous Service server role.?Windows Server running the Sandbox Processing Service server role.?Windows Server running the Active Directory Federation Services (AD FS) Windows Server role.?Windows Server running Microsoft SharePoint (required for document management).Forest Y: Domain B: Intranet?Exchange Server failover cluster consisting of the following two nodes:?Windows Server running Exchange Server (Server X).?Windows Server running Exchange Server (Server Y).Multiple forest with Internet access to Microsoft Dynamics CRM 2013 topology exampleSee AlsoMicrosoft Dynamics CRM multiple-server deploymentUpgrading from Microsoft Dynamics CRM 2011Upgrading from Microsoft Dynamics CRM 2011The only supported upgrade path to Microsoft Dynamics CRM 2013 is from Microsoft Dynamics CRM 2011. This section provides guidelines for preparing for an upgrade to Microsoft Dynamics CRM 2013. Performing these tasks in advance can help minimize system downtime and ensure a successful upgrade. Also, this section describes how Microsoft Dynamics CRM 2013 upgrades your current system and what happens to items such as existing reports, customizations, and solutions. Microsoft Dynamics CRM 2011 server roles are not compatible with a Microsoft Dynamics CRM 2013 deployment. Therefore, after you upgrade the first Microsoft Dynamics CRM 2011 server, other Microsoft Dynamics CRM 2011 servers that are running in the deployment will become disabled. As each server is upgraded, the corresponding server will be enabled. You can upgrade Microsoft Dynamics CRM 2011 server roles in any order. However, to have a fully functioning Microsoft Dynamics CRM deployment, all servers and server roles must be upgraded.For an overview of the upgrade process, see the whitepaper: How to Prepare for the Upgrade to Microsoft Dynamics CRM 2013In This TopicRecommended upgrade stepsMicrosoft Dynamics CRM Server upgrade optionsMicrosoft Dynamics CRM 2011 Server versions supported for upgradeMicrosoft Dynamics CRM 2011 for Outlook versions supported for upgradeMicrosoft Dynamics CRM software and components not supported for in-place upgradeUpgrade product keyUser permissions and privilegesSharing a SQL ServerTips for a successful upgradeNext stepsRecommended upgrade stepsTo ease the upgrade process and minimize downtime, we recommend that you use the following order when you upgrade Microsoft Dynamics CRM 2011 to Microsoft Dynamics CRM 2013.1.Make sure all Microsoft Dynamics CRM 2011 for Outlook clients are running Microsoft Dynamics CRM 2011 Update Rollup 12 or a later update rollup. Doing so provides Microsoft Dynamics CRM 2011 for Outlook the capability to connect and use Microsoft Dynamics CRM Server 2013.2.Upgrade all Microsoft Dynamics CRM 2011 servers and organizations to Microsoft Dynamics CRM Server 2013.3.Upgrade Microsoft Dynamics CRM 2011 for Outlook to Microsoft Dynamics CRM 2013 for Microsoft Office Outlook. Upgrading to CRM 2013 for Outlook provides Go offline capability.Microsoft Dynamics CRM Server upgrade optionsThere are three different upgrade options:?Migrate by using a new instance of SQL Server. We recommend this option for upgrading from Microsoft Dynamics CRM 2011 to Microsoft Dynamics CRM 2013. Although this option requires a different computer for Microsoft Dynamics CRM 2013 and a different instance of SQL Server, it provides the least amount of potential downtime for Microsoft Dynamics CRM users since the Microsoft Dynamics CRM 2011 deployment can remain functioning until the upgrade is completed and verified.?Migrate by using the same instance of SQL Server. This option requires a different computer for Microsoft Dynamics CRM Server 2013, but will upgrade in-place the configuration and default organization databases using the same instance of SQL Server. If issues occur during the upgrade, you must roll back to Microsoft Dynamics CRM 2011 to avoid significant downtime.?In-place upgrade. Although this option does not require a different computer for Microsoft Dynamics CRM Server 2013 or a different instance of SQL Server, it poses the greatest risk if upgrade issues occur because a roll back and reinstall of Microsoft Dynamics CRM will be required to avoid potential downtime.For detailed procedures for each of these options, see the Upgrade from Microsoft Dynamics CRM 4.0 topics in the Installing Guide. For the latest product information, see the Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online Readme.Important Always run a full backup of the Microsoft Dynamics CRM databases before you upgrade to a new version of the product. For information about database backups, see Backing Up the Microsoft Dynamics CRM System in the Operating and Maintaining Guide. During an in-place upgrade, only the organization that you specify to upgrade to Microsoft Dynamics CRM 2011 is upgraded. If the Microsoft Dynamics CRM 2011 deployment contains additional organizations, those organizations are disabled and are not upgraded. You must upgrade those organizations using Deployment Manager. For more information, see Deployment Manager Help. For each organization that you upgrade, we recommend that the volume have free space that is at least three times the size of the organization database file (organizationName_MSCRM.mdf) and four times the size of the log file (organizationName_MSCRM.ldf). For example, if a single organization database and log file are located on the same volume where the mdf file is 326 MB and the ldf file is 56 MB, the recommended available space should be at least 1.2 GB to allow for growth ((326 x 3) + (56 x 4)). Notice that the database files that expand during upgrade do not reduce in size after the upgrade is complete.As part of organization upgrade, all entitynameBase and entitynameExtensionBase tables will be merged into a single table. To reduce downtime, consider deferring the table merge of large organization databases that are highly customized so that the table merge process can be run as a separate upgrade operation. For more information, see Run the Base and Extension table merge as a separate operation.Microsoft Dynamics CRM 2011 Server versions supported for upgradeThe following Microsoft Dynamics CRM 2011 update rollup versions are supported for upgrade to Microsoft Dynamics CRM Server 2013. All other update rollup versions will receive an error message resembling the following and will not be upgraded. The installed version of Microsoft Dynamics CRM Server cannot be upgraded to Microsoft Dynamics CRM 2013. For more information, see the Microsoft Dynamics CRM Implementation Guide.?Microsoft Dynamics CRM 2011 Update Rollup 14 or later update rollup. ?Microsoft Dynamics CRM 2011 Update Rollup 6 (Not recommended). Microsoft Dynamics CRM 2011 for Outlook versions supported for upgradeThe following Microsoft Dynamics CRM 2011 update rollup versions are supported for upgrade to Microsoft Dynamics CRM 2013 for Microsoft Office Outlook. ?Microsoft Dynamics CRM 2011 Update Rollup 12 or later update rollup.?Microsoft Dynamics CRM 2011 Update Rollup 6 (Not recommended). Microsoft Dynamics CRM software and components not supported for in-place upgradeThe following products and solutions are not supported by Microsoft Dynamics CRM 2013 and will not be upgraded during Microsoft Dynamics CRM Setup. If you upgrade a Microsoft Dynamics CRM 2011 system that includes the product or solution listed below, or you install these components after you install Microsoft Dynamics CRM, these products or solutions may not function correctly. We recommend that you uninstall or manually remove the component before you upgrade.?Microsoft Dynamics CRM 2011 Reporting Extensions?Microsoft Dynamics CRM 2011 Email Router?Microsoft Dynamics CRM List Component for SharePoint Server?Connector for Microsoft Dynamics Important Microsoft Dynamics CRM 4.0 is not supported for upgrade. However, you can upgrade Microsoft Dynamics CRM 4.0 Server to Microsoft Dynamics CRM Server 2011 by using a trial product key, and then upgrade to Microsoft Dynamics CRM Server 2013. For instructions about how to migrate from Microsoft Dynamics CRM 4.0 to Microsoft Dynamics CRM 2013, see Migrate from Microsoft Dynamics CRM 4.0 Server to Microsoft Dynamics CRM 2013 Server.Upgrade product keyBefore the upgrade, obtain the product key that you will enter during the upgrade. In Microsoft Dynamics CRM 2013, the server and client keys are combined so that you enter only one key. For more information, see Microsoft Dynamics CRM editions and licensing in this guide. If you want to make system changes that require changes to your existing Microsoft Dynamics CRM licensing agreement, see How to buy Microsoft Dynamics.User permissions and privilegesTo perform a successful upgrade, the user who runs Microsoft Dynamics CRM Setup must:?Have an account in the same Active Directory domain as the server or servers that are being upgraded.?Be a member of both the Deployment Administrator Role and the Microsoft Dynamics CRM System Administrator Role for any organizations that will be upgraded.Important The upgrade will fail if the user who is running the upgrade has a disabled System Administrator Role.?Have administrator rights on the SQL Server and Reporting Services server associated with the deployment that is being upgraded.?Have sufficient permissions to create new security groups in the Active Directory organizational unit that contains the existing Microsoft Dynamics CRM groups.Sharing a SQL ServerOnly one Microsoft Dynamics CRM deployment per instance of SQL Server is supported. This is because each Microsoft Dynamics CRM deployment requires its own MSCRM_CONFIG database, and multiple instances of the MSCRM_CONFIG database cannot coexist on the same instance of SQL Server. If you have multiple SQL Server instances running on the same computer, you can host the databases for multiple Microsoft Dynamics CRM deployment on the same computer. However, this might decrease system performance. Tips for a successful upgradeThe following issues, if applicable to your current Microsoft Dynamics CRM 2011 deployment, should be resolved before you start the upgrade:Do not exceed the maximum number of attributesIf you have more than 1023 attributes defined for an entity, you must delete the additional attributes before you run the upgrade. The upgrade will fail with the following message if you have more than 1023 attributes: CREATE VIEW failed because column 'column_name' in view 'view_name' exceeds the maximum of 1024 columns.Remove custom database objectsThe Microsoft Dynamics CRM databases often change from one major release to the next because of database redesign.We suggest that, if you have added custom database objects such as triggers, statistics, stored procedures, and certain indexes, you remove those objects from the configuration and organization databases. In many cases, Microsoft Dynamics CRM Server Setup displays a warning when these objects are detected.Remove the ignorechecks registry subkeyIf you have manually added the ignorechecks registry subkey on the Microsoft Dynamics CRM Server 2011 server, remove it before you start the upgrade. More information: You cannot deploy Microsoft Dynamics CRM by using an account that does not have local administrator permissions on Microsoft SQL ServerVerify custom indexes before you upgrade Microsoft Dynamics CRM 2011 Update Rollup 12 introduced new indexes for entities in the Quick Find Search Optimization feature. Therefore, if you upgrade from Microsoft Dynamics CRM 2011 Update Rollup 6, these indexes will be created during Microsoft Dynamics CRM Server 2013 Setup and you may notice that part of the upgrade will take longer to complete. The reason for this is that the indexes need to be populated and, based on the size of your dataset, the completion time will vary. Additionally, if you have existing custom indexes in the organization database that use the same index name, they will be overwritten during upgrade. For more information, including a list of the indexes added, see Indexes added with Microsoft Dynamics CRM 2011 Update Rollup 12.Consider rescheduling base and extension table mergeBy default, during an organization upgrade, every base and extension table will become merged. For large organization databases that are highly customized the merging may take several hours to complete. More information: Run the Base and Extension table merge as a separate operation Next stepsRead more about upgrade in the following topics:?Before you upgrade: issues and considerations?Upgrade the Microsoft Dynamics CRM Deployment?Upgrade Microsoft Dynamics CRM for OutlookSee AlsoPlanning Deployment of Microsoft Dynamics CRM 2013Planning Deployment of Microsoft Dynamics CRM 2013 Advanced TopicsBefore you upgrade: issues and considerationsThis section describes the changes and known issues that occur as a result of upgrading from Microsoft Dynamics CRM 2011 to Microsoft Dynamics CRM 2013. This section also describes the things that may impact your deployment after the upgrade is complete.In This TopicWhat has changed in supported products and technologies?End of support for outdated programmability featuresDelete connections to enable use of access teamsChanges to duplicate detectionMicrosoft Lync presence not supported in some areasUpdate your customizations for the new user interface What has changed in supported products and technologies?In support of the latest technologies and in compliance with the Microsoft Support Lifecycle, obsolete platform products and technologies will no longer be supported in the next major release of Microsoft Dynamics CRM. For more information, see What’s changing in the next major release.End of support for outdated programmability featuresThere are several Microsoft Dynamics CRM 4.0 features that will be removed or will no longer be supported after the upgrade to Microsoft Dynamics CRM 2013. For more information, see What’s changing in the next major release.You can use the Custom Code Validation Tool to examine your web resources and show you where there might be some problems. The issues that are flagged are either using unsupported coding processes or using the Microsoft Dynamics CRM 4.0 objects and functions. Download this tool and extract the contents. Within the contents, you will find instructions about how to install and use the tool. For more information about this tool, read this blog: Check your JavaScript code to prepare for your upgrade. Delete connections to enable use of access teamsTo be able to add users who have opportunity connections to access teams, the connections must be deleted before you upgrade. If there are connections in your existing Microsoft Dynamics CRM deployment configured between Opportunity and User entities, you should delete them before you upgrade. Deleting these connections will let you add those users to teams that use the Access team type, typically used for team selling. After the upgrade is complete you can re-create the prior connections and, if needed, add those users to access teams. For more information about access teams, see About team templates in the Customer Center.To find all opportunity and user connections, start Advanced Find and set the following query.1.In the Look for list select Connections.2.Click or tap Select and then click or tap Connected From (Opportunity)3.Click or tap Select and then click or tap Connected To (User)4.Click or tap Results.Changes to duplicate detectionTo facilite auto-save on forms, duplicate detection during create and update operations will not be supported in the forms for Microsoft Dynamics CRM updated user interface entities. For more information, see Duplicate Detection during Record Create and Update Operations Not Supported. You can find sample code for adding this support to your forms in the Microsoft Dynamics?CRM?SDK download package. Microsoft Lync presence not supported in some areasMicrosoft Lync presence will not be supported on the updated user interface entity forms and in Activity Feeds. Lync will be present in grids and subgrids.Update your customizations for the new user interface After the upgrade, supported customizations to menus and forms from your previous version will continue to work, though they may appear slightly different to simplify the transition to the new user experience. The forms for entities that are updated to the new user interface have a similar layout as the Microsoft Dynamics CRM 2011 forms. To display the forms in the new layout, system customizers can edit each new form and choose Bring in another form from the ribbon. For more information, see Upgrading Forms. See AlsoUpgrading from Microsoft Dynamics CRM 4.0Upgrade the Microsoft Dynamics CRM DeploymentPlanning Deployment of Microsoft Dynamics CRM 2013 Advanced TopicsUpgrade the Microsoft Dynamics CRM DeploymentMicrosoft Dynamics CRM 2013 presents a significant advancement in features and functionality from Microsoft Dynamics CRM 2011. As such, existing features, solutions, and extensions may be affected as a result of the upgrade. This topic provides a best practices process to minimize downtime while helping determine issues that may occur as a result of the upgrade.In This TopicThe upgrade processPrepare to upgradeEstablish the test environmentUpgrade and validate the test environmentWhat to do when you cannot successfully upgrade or migrate?The upgrade processThe Microsoft Dynamics CRM Server upgrade process can be distilled down into four main areas:1.Prepare to upgrade.2.Establish a test environment.3.Upgrade and validate the test environment.4.Upgrade and validate the production site.There are two separate environments as part of the upgrade process:?Test environment. The test environment represents a restricted deployment of Microsoft Dynamics CRM that is used to validate the upgrade. The test environment must mirror the production environment as closely as possible whereby there are substantial similarities in hardware (processor, disk, memory, and so on), technology platform (Windows Server, SQL Server, and so on), topology (1-server, 2-server, 5-server, and so on) and data Microsoft Dynamics CRM databases). To create an appropriate environment for testing, it may require setting up Windows Network Load Balancing (NLB) or clustering, installing and configuring Microsoft Dynamics CRM components and applications, such as Email Router, workflows, customizations, and connectors, as well as installing any additional add-ons, plug-ins, or solutions particular to the deployment. Establishing a test environment that is running and configured wholly or in part by using virtualization technology, such as Windows Server Hyper-V, can greatly facilitate this process. In this test environment, the administrator performs the upgrade, optimizes for performance, may introduce upgraded code, and tests that the system is running well.?Production deployment. This deployment represents the deployment of Microsoft Dynamics CRM that is used by all Microsoft Dynamics CRM users in the organization. In the production deployment, the upgrade is performed, and the administrator may use strategies that optimize upgrade performance. The upgrade administrator may move upgraded code from the development or test environment to the production environment. The administrator then brings the production environment online, validates that the system is running well, and deploys CRM for Outlook for users as needed.Prepare to upgradeMake sure you have enough staff, resources, and time to dedicate to the upgrade. As part of this phase, you must determine who will be involved in the upgrade, designate the test deployment hardware and software that will be used to validate the upgrade, and plan for potential failures.You should also assess the current production environment for upgrade suitability. This requires reviewing the Microsoft Dynamics CRM 2013 documentation.Important Only Microsoft Dynamics CRM Server 2011 with at least Microsoft Dynamics CRM 2011 Update Rollup 14 (recommended) or Microsoft Dynamics CRM 2011 Update Rollup 6 can be upgraded to Microsoft Dynamics CRM Server 2013.Additionally, you must determine the acceptance criteria that will be used to decide whether to go forward with the production upgrade. Tip Microsoft Dynamics Sure Step is available to Microsoft Dynamics Partners to help reduce risk and guide you through the tasks associated with deployment and configuration of Microsoft Dynamics solutions. For more information about Microsoft Dynamics Sure Step, including training, methodology, and tool downloads, visit the PartnerSource website.Determine the upgrade strategyTo determine the upgrade strategy, you need to answer the following questions:?What will be upgraded? Upgrading the Microsoft Dynamics CRM server may require that you upgrade platform components such as Windows Server or SQL Server. It will also require that other Microsoft Dynamics CRM applications such as CRM for Outlook and Email Router be upgraded.?When? What is the timeline for the upgrade??How? For example, will you upgrade in-place or will you migrate to new hardware before the upgrade? This should also include how the upgrade will be rolled out. Who will validate the upgrade? Will there be a pilot or phased rollout? Based on the outcome of the test upgrade you may need to modify or mitigate your strategy and perform corrective actions to ensure functionality. For example, if some workflows cannot be upgraded, you must plan to re-create those workflows and test them.Plan for failure, backup, and recoverySome components, such as custom reports, workflows, custom JavaScript, or third-party extensions may cause the upgrade to fail or not function correctly. These items should be documented and a contingency plan be established for each issue. Additionally, custom JavaScript and third-party extensions may need to be removed before the upgrade.Therefore, you must be prepared to quickly and completely rollback the system. If you will recover from any scenario, you must back up all needed information and store a copy offsite. A backup plan should be created and rehearsed for all Microsoft Dynamics CRM components and services to make sure that, if a failure occurs, the maximum amount of data is recoverable. To understand the failure-recovery procedures, you must examine several different scenarios to learn how restoration occurs in each case.For more information about how to back up or recover Microsoft Dynamics CRM data, see Data protection and recovery.Review appropriate planning and prerequisite documentationProduct documentation is instrumental in helping you scope the amount of preparation required before you upgrade. The documentation to review should include:?Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM Online Readme?This guide and the Installing Guide for Microsoft Dynamics CRM 2013, which are part of the Microsoft Dynamics CRM 2013 Implementation Guide. Of particular importance are the Upgrading from Microsoft Dynamics CRM 2011, Microsoft Dynamics CRM system requirements and required technologies, and Microsoft Dynamics CRM 2013 supported configurations topics.?Also, if you will be installing additional components, such as CRM for Outlook or Microsoft Dynamics CRM Email Router, download and review the following documents:?Microsoft Dynamics CRM 2013 for Microsoft Office Outlook Readme?Microsoft Dynamics CRM Email Router ReadmeEnsure you have the latest technologiesFor best results, verify that you have applied the latest service packs and update rollups not only for Microsoft Dynamics CRM but for other dependent technologies such as Windows Server, SQL Server, and Exchange Server.Determine an upgrade plan and checklistsIn this task you will determine how to evaluate the overall functionality and production readiness of the upgraded environment. The purpose of these tasks is to validate a production ready and fully operational system suitable for rolling out to the user base.Use the following steps as a checklist for the tasks that are required leading up to the production upgrade or "go-live" day.Verify that the system is functional after the upgrade by performing these basic tests:?Review the Setup log files for issues that may have occurred during the upgrade. By default, Setup creates these files in the C:\Documents and Settings\<username>\Application Data\Microsoft\MSCRM\Logs folder on the computer where Setup is run and where <username> is the name of the user account who ran Setup.?Review the Event Viewer log files. Microsoft Dynamics CRM Server 2013 events are recorded under the sources that begin with MSCRM in Event Viewer.?Start Deployment Manager and verify that all Microsoft Dynamics CRM servers are enabled and that the default organization is enabled. Depending on whether you migrated or performed an in-place upgrade, additional Microsoft Dynamics CRM 2011 organizations are upgraded by using the Import Organization Wizard or the Upgrade Organization Wizard in Deployment Manager.?Start Internet Explorer and connect to the Microsoft Dynamics CRM server. After you have performed the previous tasks, perform a user acceptance test. The following is an example of some of the features to test in a typical organization:?Validate reports against previous version reports.?Print reports in Microsoft Dynamics CRM.?Validate applicable data in the Microsoft Dynamics CRM system, such as creating, editing, deleting, and promoting/converting records for the following entities:?Accounts?Contacts?Opportunities?Cases?Activities?Custom Entities?Verify workflows against previous workflows. Update any workflow items affected by configuration or data model modifications.?Test all custom code, JavaScript, and custom reports (if applicable).?Test all integration processes (if applicable).?Test of third party applications or extensions.Establish the test environmentWe strongly recommend that you plan to run at least one test upgrade before you upgrade your production environment. After you run a test upgrade, verify the product configuration by performing operations that you would typically use in your production environment. For example, for a service organization, you may want to create an e-mail activity related to a case, and then verify the functionality by sending a test e-mail that contains text from an existing case. If you receive any errors while you are using Microsoft Dynamics CRM in a test environment, make sure that you resolve them before you upgrade your production environment.Tip Virtual machine software, such as Windows Server Hyper-V, can ease the deployment time to establish the test environment as well as limit the amount of hardware resources that are required to emulate the production deployment.Determine which computers you will use, or, if you are using virtual machine technology, which virtual machine you will use.Migrate by using a new instance of SQL ServerWe recommend this upgrade option because it lets you maintain a Microsoft Dynamics CRM 2011 deployment at the same time that a new Microsoft Dynamics CRM 2013 system is being deployed. This reduces application down time as the new deployment can be installed, organizations imported, and then verified without effecting the production Microsoft Dynamics CRM 2011 deployment in the event of an issue.Important The Migrate by using a new instance of SQL Server option provides the least amount of potential downtime in the event of an issue as the result of the upgraded deployment.1.Establish a new instance of SQL Server. You can use an existing instance but it must not be the same instance where the Microsoft Dynamics CRM 2011 configuration database is located.2.Run Microsoft Dynamics CRM Server 2013 Setup on a new 64-bit computer that does not already have Microsoft Dynamics CRM Server 2011 installed.3.Back up the production Microsoft Dynamics CRM 2011 configuration and organization databases and restore them to the new instance of SQL Server.4.Run the Import Organization Wizard to import one or more Microsoft Dynamics CRM 2011 organizations to the newly installed Microsoft Dynamics CRM 2013 system. During the import, the Microsoft Dynamics CRM 2011 organization database will be upgraded.5.If you have additional organizations or if you are using a new SQL Server for the migration, you must import the organization databases to the new system. To do this, on the computer where Microsoft Dynamics CRM Server 2013 is installed and running, start Microsoft Dynamics CRM Deployment Manager, right-click Organizations, click Import Organization, and then select the newly restored Microsoft Dynamics CRM 2011 OrganizationName_MSCRM database.6.If customizations were made to .NET assemblies or configuration files, you must copy those customized files to the new system. By default, these files are located under the <drive>:\Program Files\Microsoft Dynamics CRM\Server\bin\assembly\ folder on the existing Microsoft Dynamics CRM 2011 server.Upgrade and validate the test environmentVerify the newly upgraded Microsoft Dynamics CRM 2013 environment for stability and operation. This includes having a select set of users connect by using the Microsoft Dynamics CRM web application and use the system to perform all normal day-to-day tasks. Make sure workflows and reports are functioning correctly. Test that new features from the upgrade are functioning as well.Run acceptance criteria and checklistsExecute the previously mentioned tasks on the new deployment. Based on the tests, a decision will be made to either implement or not implement the upgrade to the production environment.User acceptance testingAfter the test checklist is completed and the quality of the tasks is within acceptable limits, user acceptance testing can start. This involves a subset of all users and typically can involve key users that carry out their normal day-to-day tasks against the system. These key users report any issues or unexpected behavior to the Microsoft Dynamics CRM administration team for action.Go liveAfter user acceptance testing has successfully completed, bring the Microsoft Dynamics CRM 2013 server online. This may require removing the Microsoft Dynamics CRM 2011 server before joining the Microsoft Dynamics CRM 2013 server to the domain, configuring the IIS bindings to use the same bindings as the Microsoft Dynamics CRM 2011 website, and updating DNS records as necessary to correctly resolve to the new Microsoft Dynamics CRM 2013 website.What to do when you cannot successfully upgrade or migrate?If, after following the guidelines in this section, you cannot successfully upgrade the production deployment or migrate, use the following resources to help resolve the issue.Self support?Use the Event Viewer to view events that can help you troubleshoot the issue. Microsoft Dynamics CRM Server 2013 events are recorded under the sources that begin with MSCRM in the Event Viewer.?Turn on platform tracing. For instructions, see the tracing topics under Monitor and troubleshoot Microsoft Dynamics CRM.?Browse or search for knowledge base articles for Microsoft Dynamics CRM in the Microsoft Dynamics CRM Solution Center.?Visit the CustomerSource or the PartnerSource website.Assisted supportContact Microsoft Customer Support Services. For a complete list of Microsoft Customer Support Services telephone numbers and information, visit the Microsoft Customer Support page.Upgrade Microsoft Dynamics CRM for OutlookMicrosoft Dynamics?CRM for Microsoft Office Outlook is a Microsoft Office Outlook add-in that lets Microsoft Dynamics CRM users complete CRM tasks in the familiar Microsoft Outlook environment. In This TopicMicrosoft Dynamics CRM for Outlook upgrade requirementsMicrosoft Dynamics CRM 2011 for Outlook compatibility with Microsoft Dynamics CRM 2013 ServerCross-architecture upgrade of Microsoft Dynamics CRM for OutlookMicrosoft Dynamics CRM for Outlook upgrade requirementsRequirementDescriptionUnderstand Microsoft Dynamics CRM 2013 compatability support CRM 2013 for Outlook is incompatible with earlier versions of Microsoft Dynamics?CRM Server, such as Microsoft Dynamics CRM Server 2011 (on-premises). Therefore, for on-premises deployments, you must upgrade to Microsoft Dynamics CRM Server 2013 before you can use CRM 2013 for Outlook. Notice that, Microsoft Dynamics CRM Server 2013 provides backward compatibility with certain versions of Microsoft Dynamics CRM 2011 for Outlook. More information: Microsoft Dynamics CRM 2011 for Outlook compatibility with Microsoft Dynamics CRM 2013 Server Use a PC that has sufficient hardware and softwareYou need a system capable of running Microsoft Dynamics CRM 2013 for Microsoft Office Outlook. For the best performance when you run CRM 2013 for Outlook, make sure your PC is running 64-bit Windows and Microsoft Office, has sufficient hard disk and RAM, and all the prerequisite software, such as Microsoft Office and Internet Explorer. For information about the hardware and software requirements for CRM 2013 for Outlook, see Microsoft Dynamics CRM for Outlook hardware requirements and Microsoft Dynamics CRM for Outlook software requirements.Make sure you have at least Microsoft Dynamics CRM 2011 Update Rollup 12 appliedOnly Microsoft Dynamics CRM 2011 for Outlook with Microsoft Dynamics CRM 2011 Update Rollup 12 or later update rollup is compatible with Microsoft Dynamics CRM Server 2013.Important Although you can connect to Microsoft Dynamics CRM Server 2013 with Microsoft Dynamics CRM 2011 for Outlook with Microsoft Dynamics CRM 2011 Update Rollup 12 or later update rollup, you cannot take data offline by using Go offline. To take data offline, upgrade to CRM 2013 for Outlook.Although Microsoft Dynamics CRM 2011 for Outlook with Microsoft Dynamics CRM 2011 Update Rollup 6 is supported for upgrade to CRM 2013 for Outlook, Microsoft Dynamics CRM 2011 for Outlook with Microsoft Dynamics CRM 2011 Update Rollup 6 is incompatible with Microsoft Dynamics CRM Server 2013. All other Microsoft Dynamics CRM 2011 for Outlook update rollup versions are not supported for upgrade.Verify that you have appropriate permissionTo install or upgrade CRM for Outlook, you must have local administrator permission on the computer where you perform the installation or upgrade.Verify base languageTo upgrade Microsoft Dynamics CRM 2011 for Outlook, the base language of CRM 2013 for Outlook must match the base language of Microsoft Dynamics CRM 2011 for Outlook.Verify Microsoft Dynamics CRM 2011 for Outlook is in online modeYou cannot upgrade Microsoft Dynamics CRM 2011 for Outlook when it is in Go offline mode. You must bring Microsoft Dynamics CRM 2011 for Outlook online before you can upgrade to CRM 2013 for Outlook.Understand that upgrade is required to use Go offline mode after the Microsoft Dynamics?CRM Server is upgraded to Microsoft Dynamics CRM Server 2013 After the Microsoft Dynamics CRM Server 2011 deployment has been upgraded to Microsoft Dynamics CRM Server 2013, users must upgrade to CRM 2013 for Outlook to continue accessing data offline (Go offline). For example, a particular user runs Microsoft Dynamics CRM 2011 for Outlook and accesses data offline. This user's organization is upgraded from Microsoft Dynamics CRM 2011 to Microsoft Dynamics CRM 2013. Although there now exists a client-server mismatch, users can still connect to the server and access data online if they run Microsoft Dynamics CRM 2011 with at least Microsoft Dynamics CRM 2011 Update Rollup 12. However, to go offline again, the user must upgrade to CRM 2013 for Outlook.Microsoft Dynamics CRM 2011 for Outlook compatibility with Microsoft Dynamics CRM 2013 ServerAs mentioned in the earlier section, Microsoft Dynamics CRM 2011 for Outlook with Microsoft Dynamics CRM 2011 Update Rollup 12 or later update rollup is compatible with Microsoft Dynamics CRM Server 2013. This compatibility eases the upgrade timeline to allow administrators to do a phased rollout without work stoppages for Microsoft Dynamics CRM 2011 for Outlook users who have not been upgraded to CRM 2013 for Outlook.Important Only Microsoft Dynamics CRM 2011 for Outlook with Microsoft Dynamics CRM 2011 Update Rollup 12 or a later update rollup is compatible with Microsoft Dynamics CRM Server 2013. Cross-architecture upgrade of Microsoft Dynamics CRM for OutlookIf you intend to change to a different architecture (move from 32-bit to 64-bit) while upgrading, note the following:?In-place cross-architecture upgrade is not supported. If you are running Microsoft Dynamics CRM 2011 for Outlook 32-bit, you can perform an in-place upgrade only to 32-bit CRM 2013 for Outlook. This also applies to Microsoft Office: If you are running and intend to retain a 32-bit version of Microsoft Office, you can upgrade only to 32-bit CRM 2013 for Outlook.?Cross-architecture upgrade requires uninstalling and reinstalling. If you have a 64-bit PC running a 64-bit version of Microsoft Windows, you can change from 32-bit to 64-bit CRM 2013 for Outlook by performing the following steps in the order listed.a.Make sure that your PC has a 64-bit version of Windows. How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system.b.Uninstall Microsoft Dynamics CRM 2011 for Outlook.c.Uninstall Microsoft Office.d.Install a 64-bit edition of Microsoft Office.e.Install the 64-bit edition of CRM 2013 for Outlook.For more information about installing CRM 2013 for Outlook, see Task 1: Install Microsoft Dynamics CRM for Outlook.See AlsoUpgrading from Microsoft Dynamics CRM 2011Planning Deployment of Microsoft Dynamics CRM 2013 Advanced TopicsPlanning Deployment of Microsoft Dynamics CRM 2013 Advanced TopicsBefore you plan a deployment of Microsoft Dynamics CRM for an enterprise business, such as an Internet-facing deployment (IFD) or multi-organization deployment, read through the topics referenced here.In This SectionPlanning Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM OnlineAdvanced deployment options for Microsoft Dynamics CRM Server 2013See AlsoPlanning Deployment of Microsoft Dynamics CRM 2013Advanced deployment options for Microsoft Dynamics CRM for OutlookInstalling Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM OnlineAdvanced deployment options for Microsoft Dynamics CRM Server 2013This section describes advanced deployment options for Microsoft Dynamics CRM Server 2013.Update Setup files by using a local packageThe update Setup feature can indicate if you have the latest updates to Microsoft Dynamics CRM before you run Setup. With this feature, you can specify where Setup locates the MSP package that is applied to the Setup files. This gives you additional control over the update, and also lets you apply the update package locally without the need of an Internet connection.To specify the location, you must edit the XML configuration file <Patch> element and then run Setup from the command prompt. For more information, see Use the Command Prompt to Install Microsoft Dynamics CRM.Add or remove server rolesUse one of the following options to install server roles:?Run the Microsoft Dynamics CRM Server Setup Wizard to select one or more server role groups or one or more individual server roles. If Microsoft Dynamics CRM Server 2011 is already installed, you can use Programs and Features in Control Panel to add or remove server roles. For more information, see Microsoft Dynamics CRM 2013 server roles.?Configure an XML configuration file and then run Setup at the command prompt to specify a server role group or one or more individual server roles. For more information, see Install Microsoft Dynamics CRM Server 2013 roles.Use Windows Powershell to perform deployment tasksYou can use Windows Powershell to perform many Microsoft Dynamics CRM deployment tasks. For more information, see Administer the deployment using Windows PowerShell.In This SectionConfigure a Microsoft Dynamics CRM Internet-facing deploymentKey management in Microsoft Dynamics CRMMulti-organization deploymentSee AlsoPlanning Deployment of Microsoft Dynamics CRM 2013 Advanced TopicsConfigure a Microsoft Dynamics CRM Internet-facing deploymentKey management in Microsoft Dynamics CRMMulti-organization deploymentInstalling Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM OnlineConfigure a Microsoft Dynamics CRM Internet-facing deploymentYou can deploy Microsoft Dynamics CRM so that remote users can connect to the application through the Internet. The following Internet-facing deployment (IFD) configurations are supported:?Microsoft Dynamics CRM for internal users only?Microsoft Dynamics CRM for internal users and IFD access?Microsoft Dynamics CRM for IFD-only accessConfiguring an IFD enables access to Microsoft Dynamics CRM from the Internet, outside the company firewall, without using a virtual private network (VPN) solution. Microsoft Dynamics CRM configured for Internet access uses claims-based authentication to verify credentials of external users. When you configure Microsoft Dynamics CRM for Internet access, integrated Windows Authentication must remain in place for internal users. To let users access the application over the Internet, the server that is running Internet Information Services (IIS) where the Microsoft Dynamics CRM application is installed must be available over the Internet. For more information, see Accessing Microsoft Dynamics CRM from the Internet - Claims-based authentication and IFD requirements.In This TopicAbout claims-based authenticationInternet-facing server best practicesConfigure IFDAbout claims-based authenticationThe claims-based security model extends traditional authentication models to include other directory sources that contain information about users. This identity federation lets users from various sources, such as Active Directory Domain Services (AD DS), customers via the Internet, or business partners, authenticate with native single sign-on.The claims-based model has three components: the relying party, which needs the claim to decide what it is going to do; the identity provider, which provides the claim; and the user, who decides what if any information they want to provide. Microsoft provides a claims-based access solution called Active Directory Federation Services (AD FS). AD FS enables Active Directory Domain Services (AD DS) to be an identity provider in the claims-based access platform.AD FS consists of the following components:?AD FS Framework provides developers pre-built .NET security logic for building claims-aware applications, enhancing either or WCF applications.?Active Directory Federation Services (AD FS) is a security token service (STS) for issuing and transforming claims, enabling federations, and managing user access. Active Directory Federation Services (AD FS) supports the WS-Trust, WS-Federation, and Security Assertion Markup Language (SAML) protocols. Active Directory Federation Services (AD FS) can also issue manage information cards for AD DS users. For more information about AD FS, see:?Identity & Access ?Active Directory Federation Services Overview (Windows Server 2012 AD FS 2.1)?Download AD FS 2.0 for Windows Server 2008: AD FS 2.0 RTWInternet-facing server best practicesImplement a strong password policyTo reduce the risk of "brute-force attacks" we strongly recommend that you implement a strong password policy for remote users who are accessing the domain where Microsoft Dynamics CRM is installed. For more information about how to implement a strong password policy in Windows Server, see Creating a Strong Password Policy on Microsoft TechNet and the "Understanding User Accounts" topic in Active Directory Users and Computers Help.Internet connection firewallThe Windows Server 2012 and Windows Server 2008 operating systems provide firewall software to prevent unauthorized connections to the server from remote computers. For more information about how to configure the Internet connection firewall for Internet Information Services (IIS) Manager, see the IIS Help.For information about how to make a Web site available on the Internet, see the "Domain Name Resolution" topic in the IIS Help.Proxy/firewall serverIf you do not have a secure proxy and firewall solution on your network, we recommend that you use a dedicated proxy and firewall server, such as Forefront Unified Access Gateway (UAG). Forefront UAG can act as a gateway between the Internet and Microsoft Dynamics?CRM Server. Forefront UAG protects your IT infrastructure while providing users with fast and secure remote access to applications and data. For more information, see Forefront Unified Access Gateway 2010. Configure IFDUse the following steps as configuration guidelines.Step 1: Configure Microsoft Dynamics CRM Server 2013 for Internet accessYou can configure Microsoft Dynamics CRM Server 2013 for Internet access. To do this, run the Configure Claims-Based Authentication Wizard, and then run the Internet-Facing Deployment Configuration Wizard where Microsoft Dynamics CRM Server 2013 the Deployment Administration Server role is installed. For more information, see the Deployment Manager Help.Step 2: Configure Microsoft Dynamics CRM for Outlook to connect to the Microsoft Dynamics CRM Server 2013 by using the InternetFor Microsoft Dynamics?CRM for Microsoft Office Outlook to be able to access the Microsoft Dynamics CRM Server 2013 over the Internet, you must specify the external Web address that will be used to access the Internet-facing Microsoft Dynamics CRM Server 2013. To do this, you must install CRM for Outlook, and then run the Configuration Wizard. Then, during configuration, type the external Web address in the External Web address box. If you install server roles, this Web address must specify where the Discovery Web Service role is installed. For more information about how to configure CRM for Outlook, see Task 2: Configure Microsoft Dynamics CRM for Outlook. See AlsoAdvanced deployment options for Microsoft Dynamics CRM Server 2013Key management in Microsoft Dynamics CRMMulti-organization deploymentKey management in Microsoft Dynamics CRMTo verify the identity of people and organizations, and to guarantee content integrity, Microsoft Dynamics CRM generates digital certificates. These electronic credentials bind the identity of the certificate owner to a pair of electronic keys (public and private) that can be used to digitally encrypt and sign information. The credentials ensure that the keys actually belong to the person or organization specified.In This TopicKey typesKey regeneration and renewalKey-management loggingKey storageHow to encrypt Microsoft Dynamics CRM keysKey typesMicrosoft Dynamics CRM uses two kinds of private encryption keys for deployments accessed over the Internet:?Web remote procedure call (WRPC) token key. This key is used to generate a security token, which helps make sure that the request originated from the user who made the request. This security token decreases the likelihood of certain attacks, such as a cross-site request forgery (one-click) attack.?CRM e-mail credentials key. This key encrypts the credentials for the Email Router, an optional component of Microsoft Dynamics CRM.Key regeneration and renewalCRM ticket keys are automatically generated and renewed and then distributed, or deployed, to all computers running Microsoft Dynamics CRM or running a specific Microsoft Dynamics CRM Server 2013 role. These keys are regenerated periodically and, in turn, replace the previous keys. By default, key regeneration occurs every 24 hours.Key-management loggingMicrosoft Dynamics CRM records encryption-key events in the Application log. By using the Event Viewer, you can filter on the Source column and look for MSCRMKeyServiceName entries, where ServiceName is the key management service, such as MSCRMKeyArchiveManager or MSCRMKeyGenerator.Key storageCryptographic keys are stored in the Microsoft Dynamics CRM configuration database (MSCRM_CONFIG).Warning By default, encryption keys are not stored in the configuration database in an encrypted format. We strongly recommend that you specify encryption when you run Setup as described below.How to encrypt Microsoft Dynamics CRM keysBefore you run Microsoft Dynamics CRM Setup, you can add the <encryptionkeys> entry in the XML configuration file, and then run Microsoft Dynamics CRM Server Setup at the command prompt. During the installation, Setup creates a server master key and database master key, which are used to encrypt Microsoft Dynamics CRM certificates. For more information, see the <encryptionkeys> element in the Microsoft Dynamics CRM 2013 Server XML configuration file topic.See AlsoAdvanced deployment options for Microsoft Dynamics CRM Server 2013Multi-organization deploymentMulti-organization deploymentDeployment Manager is a Microsoft Management Console (MMC) snap-in that you can use to manage organizations, servers, and licenses for deployments of Microsoft Dynamics CRM. Deployment Manager is installed with the Full Server, Deployment Administration Server or Deployment Tools server roles.To use Deployment Manager, you must be a member of the deployment administrators group. This membership can be configured in Deployment Manager. By default, the user who runs Microsoft Dynamics CRM Server Setup is added to the deployment administrators group.In the Organizations area of the Deployment Manager, you import, create, update, enable, disable, or remove organizations. For more information about organization management in CRM, see the Deployment Manager Help. Alternatively, you can perform Microsoft Dynamics CRM deployment tasks, such as organization management, using Windows PowerShell. More information: Administer the deployment using Windows PowerShellImportant There are several names that can’t be used to name an organization. To view a list of reserved names, open the ReservedNames table in the MSCRM_CONFIG database, and review the names in the ReservedName column or use the following SQL query.USE MSCRM_CONFIG SELECT ReservedName FROM ReservedNamesSee AlsoAdvanced deployment options for Microsoft Dynamics CRM Server 2013Installing Guide for Microsoft Dynamics CRM 2013 and Microsoft Dynamics CRM OnlineAccessibility in Microsoft Dynamics CRMAdministrators and users who have administrative responsibilities typically use the Settings area of the Microsoft Dynamics CRM web application to manage Microsoft Dynamics CRM Online. A mouse and keyboard are the typical devices that administrators use to interact with the application.Users who don’t use a mouse can use a keyboard to navigate the user interface and complete actions. The ability to use the keyboard in this way is a result of support for keyboard interactions that a browser provides.For more information, see the following Microsoft Dynamics CRM web application accessibility topics:?Use Keyboard Shortcuts?Accessibility for People with DisabilitiesAdministrators and other users who have administrative responsibilities for on-premises deployments of Microsoft Dynamics CRM 2013 also use Microsoft Dynamics CRM Deployment Manager, a Microsoft Management Console (MMC) application, to manage on-premises deployments of Microsoft Dynamics CRM Server 2013.For more information, see the following Microsoft Management Console (MMC) accessibility topics:?Navigation in MMC Using the Keyboard and Mouse?MMC Keyboard ShortcutsAccessibility features in browsersThe following table contains links to documentation about web browser accessibility.BrowserDocumentationInternet ExplorerAccessibility in Internet ExplorerLanguage Support and Accessibility FeaturesMozilla FirefoxAccessibility features in FirefoxApple SafariSafariGoogle ChromeAccessibility Technical Documentation See AlsoMicrosoft Accessibility Resource CenterManage Your Microsoft Dynamics CRM Online SubscriptionHelp and additional resources for Microsoft Dynamics CRM OnlineManage Your Microsoft Dynamics CRM Online SubscriptionHelp and additional resources for Microsoft Dynamics CRM Online ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download