MSCRM Scalable Security Modeling White Paper Released

Posted by Peter Majer on June 10, 2013 in   |  Microsoft Dynamics CRM,   |  Microsoft Dynamics CRM 2011  |  Comments (0)

Microsoft has just released a white paper on their security modeling features which you can get to from this link.  In this white paper Microsoft goes through in detail the different features within Dynamics CRM that allow users to drive security and different access levels to data with CRM.  It also talks about the implications associated with these features functioning at high volumes, and guidance on modeling Dynamics CRM for scale.

With all of the flexible security features that Microsoft offers, it’s very important to plan out your strategy for your security.  Security is one of the last things we see that is often overlooked in a lot of deployments but is one of the most critical pieces in a successful deployment.  You can build the most amazing custom solution, but if you haven’t thought out who will be accessing your system, how those users will access your system, and what permissions they’re going to need, then your project could be a failure.

Microsoft breaks down user access to Dynamics into two categories:

• Authentication: Determining who the user is and confirming they are who they say they are
• Authorization: Determining whether the authenticated user is entitled to access the system and what within the system they are permitted to see or do

The whitepaper goes into details about Authorization, and not Authentication, as Authentication can be handled by a variety of different technologies which have detailed documentation of their own.

The whitepaper discusses a few common business scenarios.  From this discussion, it’s easy to identify the different categories or levels of interacting with CRM data, and the different values of those interactions and what it means for dealing with your customers.  Categorizing your user access needs into these high level buckets is a first start to understanding and developing a security authorization strategy for your deployment.

 

Dynamics CRM Access Control Objects:

The different Access Control Options made available out of the box are discussed:

• Sharing with Users / Teams
  • Sharing is a good option for exception cases but when your database size and number of records grow, this becomes an unmanageable solution. 
  • There’s also the concern of a performance impact if you have a lot of shared records in a large database, as each record that is shared, also gets a Sharing Record created increasing the size of your database.
  • Also pay attention to the Cascade settings as sharing a parent record could drastically increase the size of your database if the Sharing is cascaded down to child records.
  • Sharing with Teams reduces the overhead and increase in database size as sharing with one record, ends up sharing with all users in that team.
  • However, there is still a performance concern from the overhead associated with calculating access to each record.
  • The whitepaper discusses in length how Sharing is implemented in CRM and why you should carefully consider if Sharing should be used in your deployment or not.
• Record Ownership (User / Team / Org / Business Unit)
  • Discusses the different types of ownership types per entity.
  • Team Ownership allows for ease of providing multiple people access to a set of records by adding or removing them from one team, versus sharing with each of the records.
• Business Unit Privileges
  • Business Units are discussed including how setting up a solid hierarchy of your organization’s groups that will be accessing CRM is a key piece to planning out your security plan.
• Organization Privileges
  • These are Organization Owned entities that users can either have access to or not. 
  • The granularity of security for User Owned entities do not apply here.
  • Performance benefits for Organization Owned entities exist as individual access checks are not required other than a user or team is allowed access to the record.
• Field Level Security (Access Control to Fields)
  • If you cannot break out secure information into separate entities that you can lock down, Field Level Security would be required to lock down sensitive pieces of information in a record.

Scalability Characteristics of Dynamics CRM:

The white paper then discusses scalability characteristics of these CRM elements.  Instead of discussing details of each security model, the document goes into the approach used for each so that the scalability can be appreciated.

Dynamics CRM caches a lot of information to optimize the user experience and improve performance.  These include metadata, security roles / business units or a user, security role / business units of teams, and team membership.  This information is cached by each application server separately when the information is first requested.

It’s interesting to note that there are a couple things that could degrade performance and should be something to watch out for when you’re building out your solution:

• Users are associated with a lot of teams
• A large amount of users logging in at the same time
• Frequently changing team membership
• Frequently updating user details

The whitepaper says that performing the action in the last bullet above regarding updating user details forces the application servers’ caches to flush the user’s information with each update forcing it to be reloaded the next time it’s requested, which is an expensive process.

As discussed previously above, the white paper talks at length about the implementation of Sharing in Dynamics CRM, and the fact that you should carefully consider using it in high volume environments.  The document states that Team Ownership is a great alternative that users should consider instead of using Sharing extensively.  The table below details some of the implications of Team Ownership.

Just like anything else in the system, Business Units also succumb to the “too many could be a bad thing” theory.  Microsoft states that having too many business units (>1000) could have an impact on system performance.

Granular access to records (e.g., sharing) is more expensive in terms of performance compared with organization wide privileges (e.g., making entities Organization Owned).  However, all deployments we’ve worked with require at least some ability to define security at a granular level.  This white paper goes into details about where performance issues can come into play with overusing granular level access to records, and points out that if you can avoid it for some areas of your deployment, you should try to, as this will reduce the probability of running into performance issues down the road as the size of your environment grows.

The table below gives a good overview of the different security features offered by Dynamics CRM and their functionality:

 

The main takeaways I got from reading this whitepaper are:

• Use Sharing sparingly and only in exception cases as it can be costly regarding performance – try to use team ownership instead
• Keep the number of Business Units under 1000
• Pay attention to the number of teams a user is associated with and keep this to a realistic number
• Monitor the login pattern of your users as many logging in at the same time could impact overall scalability
• Do not update user team membership frequently
• Try not to update user details frequently

If you’re planning on rolling out a Dynamics CRM solution, this whitepaper is a must read.  It goes into great detail how each of the security features in CRM work and the implications of each in regards to scale and performance. 

CRM 2011 - DocumentBody Fetch XML Bug

Posted by Blake Scarlavai on May 31, 2013 in   |  Microsoft Dynamics CRM,   |  Microsoft Dynamics CRM 2011  |  Comments (0)

The other day, we ran into an issue when trying to retrieve an image attachment from a note.  We were retrieving the documentbody from the annotation entity and showing the image but it would only partially display.  The Fetch XML was similar to the following:

<fetch mapping="logical" distinct="true">
    <entity name="annotation">
        <attribute name="documentbody" />
        <filter>
            <condition attribute="annotationid" operator="eq" value="{DA43C8AD-4CC9-E211-B4E9-5C260AFC36D8}" />
        </filter>
    </entity>
</fetch> 

Since we had another annotation query that was retrieving the image just fine, my co-worker, BJ Dibbern, compared the two queries and discovered one small difference.  The query above had the distinct attribute set to true, which was not necessary for this particular query.  Once the distinct=”true” was removed, then the full image displayed!

Below are the results of the same fetch xml query, the first one is with distinct set to true while the other one is false.  As you can see, the two results are completely different as the first result cuts off the documentbody in the middle.

We are submitting this interesting bug to Microsoft Support but hopefully it can save someone a lot of troubleshooting effort in the meantime!

CRM Solution Lifecycle Management White Paper Summary

Posted by Blake Scarlavai on May 21, 2013 in   |  Microsoft Dynamics CRM,   |  Microsoft Dynamics CRM 2011  |  Comments (1)

The white paper ALM for Microsoft Dynamics CRM 2011: CRM Solution Lifecycle Management was released last Friday.  This white paper is 76 pages of very detailed information on best practices and direction for the whole solution lifecycle.  It is an invaluable read and highly recommended as it touches on an array of topics from requirements gathering, development techniques, version control, daily builds, testing and deployment.

1. Hotfix Process

2. A variety of hotfix types are discussed, including the deletion of solution components.  If you are a solution customizer or developer then you understand the pain in having to delete a component from a solution that has been already deployed. The white paper solves this problem with a complex solution called the “Shared Publisher Technique” on page 13 that is worth checking out.

1. Solution Architecture

2. Guidance is provided on three types of solution architecture:

• One CRM Solution for One Production Deployment
• One CRM Solution for Multiple Regional Deployments
• Multi-Solution Environment

A scenario is provided for each type of architecture to help understand which type should be used.  The white paper also goes into detail on versioning, deployment and patching for each type of solution architecture.  All of this is good information for CRM implementation teams who haven’t ran into these specific scenarios before.

Version Control

In this section, different techniques are discussed on how to control, track, and manage changes to the source code files which are shown in the diagram below.  Using TFS, specific individual changes can be tied to work items or bugs which proves to be extremely helpful for the development process.

Solutions can be stored as a single file or multiple unpacked files.  The advantages and disadvantages of each approach are carefully detailed as well as scenarios for managed vs. unmanaged solutions.

Personally, I recommend using a Visual Studio solution to develop and keep track of all your CRM solution’s web resources as well as TFS, Subversion or a similar tool to version your solution components.  Also recommended is the CRM Solution Manager for Visual Studio which allows you to easily create, edit, and publish your files to CRM as web resources.  This helps maintain the same structure that you have created within Visual Studio.

Build

The whole build process is detailed out including check-in policies and gated builds to help ensure code quality.  It talks about how continuous integration builds can be used to deny check-ins until the build completes successfully which is a big part in ensuring each check-in doesn’t have any breaking changes. 

Probably my favorite section in the whole white paper is about developer environments.  Recommendations are given on different options of setting up the environments, from isolated CRM instances per developer to sharing an instance for all developers.

The following is a well laid out diagram on an enterprise development scenario with a centrally prepared development environment show on page 38.  This approach is highly recommended for enterprise scenarios with several developers.  More in depth information can be found on pages 38 and 39 as well as Appendix F.

I highly recommend isolated dev environments for each developer if you will have multiple developers working on the same CRM organization.  It is much easier for developers to debug plug-ins in an isolated environment so they are not stepping on each other’s toes.  Web resource changes made by developers can then be merged into source control and the latest can be pushed to the master development org.

Test

In this section, best practices are recommended for the best ways to find defects as early as possible.  Tests should be created for each user story.  Ideally the tests are automated and ran each night.  The paper also recommends a test plan to define testing scenarios as well as to help measure testing progress.

The authors go very in-depth on setting up testing automation, testing tools, how to manage the testing lifecycle and a big variety of testing scenarios.  In my opinion, all of these testing techniques should be used to ensure code quality and a successful deployment.

Diagram from page 41 - Running tests by using environments from Microsoft Test Manager

 

Deployment

Two types of deployment are described, manual development deployment and automatic deployment.  Microsoft makes it easy for automatic deployment with the concept of solutions but sometimes there are external components that need to be deployed as well, such as a nightly task.  These components should be deployed automatically where possible to save time and money.  The white paper lists out different tools that can be used for automatic deployment.

The white paper then finishes with a multitude of detailed concepts and methodologies in the appendices.  In my opinion, this is a must read for all teams implementing a CRM solution.  It’ll help plan out your design and architecture for all aspects of the lifecycle to ensure a time and cost friendly implementation that is scalable and easy to maintain for the future.

Know Your Enemy: Boosting Your Competitive Intelligence

Posted by Sonoma Partners on May 20, 2013 in   |  Microsoft Dynamics CRM,   |  Microsoft Dynamics CRM 2011  |  Comments (0)

Today's guest blogger is Jacob Cynamon-Murphy, a Sales Engineer at Sonoma Partners

Though we may not be fighting a war each day that we are out selling, competition certainly is fierce in most industries, so I'll paraphrase Sun Tzu by saying, "If you know your [competition] and know yourself, you can win a hundred [customers] without a single loss."  Across CRM implementations, I've found that the Competitor entity is one of the least-utilized of the core entities.  With the goal of making it a more significant player in your sales arsenal, I beefed up the entity and made a managed solution for Dynamics CRM 2011 that can turn the Competitor entity into a more valuable resource in your sales efforts.

 

What is in the solution?

• The Competitor entity is now firmly in the 21st century - I've added three new URL fields that can offer quick access from the Competitor record to your competition's Facebook, Twitter and LinkedIn pages.
• In case you (or another solution you deployed) have made updates to the native Competitor form, I created a new form named "Competitor Plus".  This new form includes a tab containing the three new social media fields.  By default, this form is enabled for all roles and shows as the first role-based form for the Competitor entity; you can modify these settings to meet your users' needs.
• I created four new Connection roles - Former Customer, Current Customer, Former Vendor and Current Vendor.  The "Customer" roles can be linked to Account and Contact records; the "Vendor" roles can be linked to Competitor records.  Additionally, Former Customer and Former Vendor are linked, as are Current Customer and Current Vendor.

 

How do I deploy the solution?

• Download the Competitor Plus managed solution.
• Within your CRM system, navigate to Settings | Solutions.
• Click the Import button at the top of the Solutions grid.
• Navigate to the location of the managed solution (where you downloaded or saved the file) and select the solution.
• Complete the import wizard.

 

How do I use the Competitor enhancements?

• When creating or editing Competitor records, you can populate the social media fields to add shortcuts to your competitors' pages; this will make it easier for your users to quickly find out how the competition is engaging with customers.
  • Twitter has the friendliest URL format.  It is simply "https://twitter.com/<username>" where you remove the "@" from the username.  For example, our corporate Twitter account is @sonomapartners and our Twitter URL is https://twitter.com/sonomapartners.
  • Facebook is similar, but their vanity URLs can be customized.  Simply go to http://facebook.com and search for your competitor by name to find the URL.
  • LinkedIn is the least "friendly" when it comes to URL discoverability.  When I search "Sonoma Partners" on the LinkedIn website, I get http://www.linkedin.com/company/41393?trk=tyah as my URL.  If, however, I search "sonoma partners site:linkedin.com" on Bing, the first URL in the search results is http://www.linkedin.com/company/sonoma-partners, a much more friendly option.
    
    
• You can also leverage the new connection roles.  Opportunity natively has a N:1 relationship with Competitor, but Account and Contact do not.  For long-running relationships, these additional connection roles can provide you with visibility to current competitive relationships as well as past relationships.
  • On a Competitor record, navigate to the Connections subgrid in the left-navigation.
  • Click on the Connect button (by default, 2nd in from left).
  • In the Connect To tab, select an Account or Contact in the Name field.
  • Next, select either Former Customer or Current Customer in the As this role field.
  • Optionally, you can expand the Details tab and set the Start Date and/or End Date fields.
  • Click on the Save & Close button.
  • Users can navigate to this subgrid to quickly review current and former relationships that the competitor has had with customers and prospects.
    
    

 

What's next?

I'm intending this solution to be a starting point for much-needed Competitor enhancements.  If you like what you see and want to suggest additional changes, send me a Tweet (@jcynamon) or email me (jcynamon AT sonomapartners DOT com).  Additionally, I have a Microsoft Connect suggestion to create a new field type to make the social media URLs (and other common URL fields) more user-friendly - please vote it up at http://www.bit.ly/12sajOm.

Dev.login.live.com to be Retired in Early June

Posted by Peter Majer on May 20, 2013 in   |  Microsoft Dynamics CRM,   |  Microsoft Dynamics CRM 2011  |  Comments (0)

We’ve been notified through the Microsoft MVP channel that the Microsoft Windows Live ID team will be shutting down the Dev.login.live.com endpoint in early June.  This endpoint was never meant to be a production endpoint, and apparently there aren’t a lot of people hitting this endpoint, so shutting it down should cause minimal issues.  However, there is still some traffic hitting this endpoint therefore it appears as if some Dynamics CRM customers CRM Online organizations are still using it.

If your solution is hitting this endpoint, the fix is simple.  You just need to update your code to hit login.live.com instead.  Simply pointing to this new endpoint should be all you need to do.

In order to avoid having any down time or issues with your code, we recommend you look at your solutions to see if you’re using the Dev.login.live.com endpoint, and make the change to login.live.com immediately.

Site Map Error Troubleshooting

Posted by Blake Scarlavai on May 8, 2013 in   |  Microsoft Dynamics CRM,   |  Microsoft Dynamics CRM 2011  |  Comments (0)

A co-worker ran into this pesky Site Map error the other day after importing and publishing customizations into a new organization. 

Unfortunately the ability to download the log file was disabled and the CRM trace was of no help.  Since we knew the Site Map was the culprit, we opened up the XML and began to review it.  After scanning the XML we discovered a privilege requirement for an entity that was no longer being used and the entity has been removed from the main solution, therefore the new organization doesn't contain this entity. 

Once this privilege was removed and the Site Map imported back into the organization, we were error free!

Hopefully this can save someone from a lot of troubleshooting time if you run into a similar error.

DefenseReady Daily Standup Released to the Win 8 App Store!

Posted by Blake Scarlavai on May 2, 2013 in   |  Microsoft Dynamics CRM,   |  Microsoft Dynamics CRM 2011  |  Comments (0)

We are excited to announce the release of the DefenseReady Daily Standup app on the Windows 8 App Store!

DefenseReady is a Dynamics CRM solution built by Permuta Technologies, Inc. that provides DoD and DHS organizations out-of-the-box mission-enabling solutions for Force Readiness, Mission Execution and Training Management.  Developed jointly by Sonoma Partners and Permuta, the Daily Standup app provides military commanders and leadership real-time insight into PERSTEMPO and strength levels throughout their organizations.  The app will be available for free to users of DefenseReady.

The app also has a built-in Demo Mode so even if you are not currently a DefenseReady customer, you can still check it out!

PERSTEMPO

The Daily Standup app will default to the PERSTEMPO view.  PERSTEMPO stands for Personnel Tempo which is the amount of days a troop has been away from home.  A column will be displayed for every child unit of the selected unit as well as the individuals for the selected unit.  Four ranges of PERSTEMPO are used to visualize the breakdown of each unit and individual.  A unit column can then be selected to drill into that unit and see its child units and individuals. 

Strength

The strength view displays how many positions are needed and how many are filled.  This helps monitor if the organization is under or over staffed.  The Strength view is shown by Rank or by Skill and each one is represented by a bullet chart.  The gray background bard represents the number of positions needed while the solid blue bar indicates the number of occupied positions.  The light gray bar indicates a 25% overage range.  The value and percentage to the right of the chart show the amount of occupied positions.

Map

The map view uses Bing Maps to display where troops are currently located as well a past and future locations.  The map will group the troops by location and display the number of troops in that location.  The Projection slider can be used to visualize troop locations in the past or future.

Follow-up List

The follow-up list can be displayed from the application bar.  The list will display any open waivers or tasks.  Waivers are used to get approval from a superior to go ahead and deploy a troop that has a high PERSTEMPO score.  Tasks can be used to flag a certain individual or a unit and take any notes which will be sent to the DefenseReady system.

I highly recommend checking out this app to see the ease of use and the power of DefenseReady.  It also displays the great potential of mobility with Dynamics CRM.  If your organization is looking to bring a powerful new app to the Windows 8 store, let Sonoma Partners help.  Contact us at info@sonomapartners.com.

For more information about DefenseReady or to schedule a demo, contact info@defenseready.com

Dynamics CRM 4.0 Mainstream Support has Ended - In Extended Support

Posted by Peter Majer on April 12, 2013 in   |  Microsoft Dynamics CRM,   |  Microsoft Dynamics CRM 4.0  |  Comments (1)

Microsoft recently provided an update on the support lifecycle for Microsoft Dynamics CRM.

Mainstream Support for Dynamics CRM 4.0 has ended, and it is now in Extended Support which goes until 4/10/2018.  What this means is that CRM will continue to be supported through 2018, but there will be no special treatment unless you pay. 

For the most part, this will have little impact as paid support (support plans, Pay Per Incident, Premier hourly, etc.) will continue as before with no changes.  The biggest change is the removal of non-security hotfix support (except for customers who purchase an Extended Hotfix Agreement) and design change requests.   Except in very limited circumstances, there will be no new hotfixes generated for Dynamics CRM 4.0 except the currently in-progress 4.0 fixes.  

If you want to sign up for the Extended Hotfix Agreement, you need to have a Premier Support Agreement in place (or you need sign up for one if you don’t have one already).

What is the difference between Mainstream Support, Extended Support, and online self-help support for software products?  The table below provides this information:

Support provided	Mainstream Support phase	Extended Support phase
Paid support (per-incident, per hour, and others)	X	X
Security update support	X	X
Non-security hotfix support	X	Requires extended hotfix agreement, purchased within 90 days of mainstream support ending.
No-charge incident support	X
Warranty claims	X
Design changes and feature requests	X
Product-specific information that is available by using the online Microsoft Knowledge Base	X	X
Product-specific information that is available by using the Support site at Microsoft Help and Support to find answers to technical questions	X	X

The table below shows a full grid of the different Dynamics CRM versions and the current support that is being offered (or not offered in some cases) per version.

Product Release	Lifecycle Start Date	Mainstream Support End Date	Extended Support End Date	Notes
CRM 1.0	1/1/2003	7/11/2006	NA	No longer supported
CRM 1.2	10/31/2003	1/9/2007	NA	No longer supported
Dynamics CRM 3.0	12/1/2005	4/12/2011	4/12/2016	In Extended Support
Dynamics CRM 4.0	2/29/2008	4/9/2013	4/10/2018	In Extended Support
Dynamics CRM 2011	5/18/2011	7/12/2016	7/13/2021	In Mainstream Support

More details on the Microsoft Lifecycle Policy can be found through this link.

Announcing the Sonoma Partners Community Site

Posted by Sonoma Partners on April 9, 2013 in   |  Microsoft Dynamics CRM,   |  Microsoft Dynamics CRM 2011,   |  Salesforce.com  |  Comments (0)

Our new Sonoma Partners Community is now LIVE!  To access the site, click here or “Community” on the Sonoma Partners website toolbar. 

Check out the key areas of our community site:

• Blog – find countless articles on MSFT Dynamics CRM and SalesForce.com lessons learned, trends, and Sonoma Partners solutions
• Applications – download and access help for all of our free solutions and apps
• Forums – post and browse discussions and issues related to our products
• Ideas – search and provide suggestions for product enhancements

Our community site is built using the Portals product from our friends at Adxstudio.

Sonoma Partners Universal Search Update - CRM Online Patches Applied and Working Once Again!

Posted by Sonoma Partners on April 5, 2013 in   |  Microsoft Dynamics CRM,   |  Microsoft Dynamics CRM 2011  |  Comments (1)

Today's guest blogger is Cherish Orozco, a Consultant at Sonoma Partners

Universal Search is now working again for all CRM Dynamics Online customers!

As many of you know, Microsoft deployed a patch to CRM Online late February which adversely affected two supported functions used by Universal Search – Xrm.Utility.openWebResource (used to open the Universal Search page) and Xrm.Utility.openEntityForm (used to open the results records).  Mid-March, Microsoft provided a fix for the first function.  This allowed online customers to launch the Universal Search page, but still prevented users from opening up the results records.  Last week, Microsoft deployed a fix for the second function, Xrm.Utility.openEntityForm, to all geographies.  We have confirmed that Universal Search should now be working again for all CRM Online customers.  NOTE: On premise Dynamics customers were not affected by any of these changes.

If you have any additional issues or questions regarding Universal Search, please visit our Community Site Forum for Universal Search.