Generally, on premise Infor CRM installations are set up as a combination of servers inside a company's network and behind a firewall. This configuration provides the tightest security by ensuring that each user is authenticated via VPN and Active Directory. Sometimes though, it might be necessary to set up an external facing CRM site to allow direct access via a simple login — in which case the VPN or network authentication would not be required. When a client of ours recently came to us with this request, we discussed the setup with them in detail and agreed upon the following configuration:
- CRM Web server in the DMZ* for Internet access
- CRM application server and CRM SQL server inside the network & firewall to keep data secure
The server in the DMZ did not have access to the client’s DNS*, which is good, because an external server can be prone to a security attack and therefore access to the DNS could compromise the rest of the network. However, Infor CRM’s connections default to using server names, so setting up the server in this way this caused an issue. Without access to the DNS, the server name meant nothing to the CRM, and therefore connecting to a named server was impossible.
To resolve the issue, the connection manager settings needed to be modified to use IP addresses only. An alternate option would have been to modify the SYSTEMINFO table to use the appropriate IP address instead of a server name. Once the IP addresses were known, the external CRM server's requests were routed to the appropriate internal servers, enabling data flow between the CRM website and internal application/database servers.
*The DMZ is the part of the network that is technically outside of your “secure” network area. It’s meant for access by any person outside of the company network. A company’s website, for example, might run on such a machine. The DNS (discussed below), or Domain Server name, is a list of names corresponding to your computer IP addresses.