Generally, on premise Infor CRM installations are set up as a
combination of servers inside a company's network and behind a firewall.
This configuration provides the tightest security by ensuring that each
user is authenticated via VPN and Active Directory. Sometimes though,
it might be necessary to set up an external facing CRM site to allow
direct access via a simple login — in which case the VPN or network
authentication would not be required. When a client of ours recently
came to us with this request, we discussed the setup with them in detail
and agreed upon the following configuration:
- CRM Web server in the DMZ* for Internet access
- CRM application server and CRM SQL server inside the network & firewall to keep data secure
The server in the DMZ did not have access to the client’s DNS*, which
is good, because an external server can be prone to a security attack
and therefore access to the DNS could compromise the rest of the
network. However, Infor CRM’s connections default to using server names,
so setting up the server in this way this caused an issue. Without
access to the DNS, the server name meant nothing to the CRM, and
therefore connecting to a named server was impossible.
To resolve the issue, the connection manager settings needed to be
modified to use IP addresses only. An alternate option would have been
to modify the SYSTEMINFO table to use the appropriate IP address instead
of a server name. Once the IP addresses were known, the external CRM
server's requests were routed to the appropriate internal servers,
enabling data flow between the CRM website and internal
application/database servers.
*The DMZ is the part of the network that is technically outside of
your “secure” network area. It’s meant for access by any person outside
of the company network. A company’s website, for example, might run on
such a machine. The DNS (discussed below), or Domain Server name, is a
list of names corresponding to your computer IP addresses.
Posted in: