IAG SP2: Securely Publishing Dynamics CRM 4.0

We are pleased to announce the upcoming availability of the Intelligent Application Gateway (IAG) Service Pack 2 (SP2) which provides a number of key enhancements, including a new application optimizer for Microsoft Dynamics CRM 4.0. The IAG team has always viewed CRM as an important scenario, and we feel confident that this update will help you protect your CRM deployments.

CRM is an application that most organizations want to make available to their remote employees and business partners. However, the CRM application can also contain extremely sensitive information. As a result, it is important to pay special attention to the related security issues, including a means of protecting the CRM server and preventing unattended information leakage. IAG SP2 provides built-in support for all of these requirements – specifically adapted for Dynamics CRM 4.0. SP2 also enhances the overall administrator experience.

Using the new SP2 application optimizer to publish a Dynamics CRM 4.0 deployment automatically:

• Prevents file downloads from unhealthy or unmanaged computers
• Prevents uploads for computers that aren't running an anti-virus
• Controls who can export CRM data to Excel, and from which devices
• Cleans the user’s cache and temporary files after a session ends (e.g. if your CEO used “export to Excel” from an Internet kiosk…)
• Adds timeout and logoff functionality to reduce the risk of session hijacking
• Provides strong authentication to CRM servers (for example, smartcards and one-time passwords)
• Supports ADFS
• Provides single sign on (SSO) to and from the CRM server to any other application published by IAG
• Forwards only valid HTTP requests to back-end servers

Note: Also keep in mind that because the CRM server is separated at the application level from external users, it is already protected from most malicious attacks.

As always, the IAG team performed extensive testing on Dynamics CRM 4.0 behind IAG to ensure that SP2 doesn't break any CRM functionality, or harm performance..

Making it easier to provide Internet access to an organization's CRM application can unlock new and exciting models that can leverage the current CRM deployments which:

• Allows secured access from unmanaged machines such as the employees home PCs, Internet kiosks and mobile devices.
• Provides business partners with access to a subset of the CRM functionality to all them to update their work without employee involvement. IAG SP2 handles the authentication (e.g.  using ADFS) and ensures that partners cannot access sensitive parts or perform actions such as exporting data to Microsoft Excel.
• For example if a subcontractor is providing service for all your customers in a specific region you could allow its employees to access contacts and service for their customers but block them from viewing contracts, quotes, marketing or upload files.

For more information, see http://www.microsoft.com/iag. Additional detail will also be provided later this month at the Convergence conference in Copenhagen.

Cheers,

Meir Mendelovich, IAG Product Group

Jim Toland, Dynamics CRM Engineering for Enterprise team