|Title:||Dynamics GP Technical Airlift 2012 - Web Client part 2|
A continuation of the first part of my articles on the GP2013 Web Client, this goes through some of the other training things that were covered that are installation related. Some of the things in this article are:
As I mentioned in the first article, this is not an exhaustive resource for installing the web client. To be quite honest, there are several areas which are pretty new to me so there may be instances where I don't have the terminology described quite correctly... drop me a line via the comments if there are any glaring errors!
First, a certificate must be requested and it can be one of three types: Self-Signed, Internal or External (3rd Party). Some notes:
Training covered creating an internal certificate only. High level, this is done via ADCS, on the domain controller, using MMC snap-ins. First you create a Certificate Template, one that is exportable. Then you use the Certification Authority snap-in to administer a certification authority (CA) based on the template you created. Last you go to the Certificates snap-in, and create a new certificate, set the properties (the DNS names of the server machines) and enroll.
After this you will also export the certificate, save the pfx file on the web server (or a place that you can access from the web server), and on the web server import that certificate and enroll it on that machine.
During installation, only websites with valid certifications and SSL will be in the drop down list of sites to install the GP web client to. There are four places during the installation where the certificate name comes into place:
The website must have SSL binding before you start the installation of the GP2013 web client. After you import the certificate above, in IIS, on the default web site (or whichever website you create for the GP web client), you click on Bindings under the Actions pane and add the HTTPS SSL binding with the certificate.
To test that this portion worked, you can click on the Browse https link to open the website. Because it opens with "localhost" you will see a certificate error. The certificate has specific DNS names, not localhost, so this is expected. However if you change the website from localhost to your actual website name, assuming this name matches what you put in the certificate properties in the first place, the certificate error should go away. This type of error would specifically tell you it's a name mismatch (as opposed to "no certificate installed" types of errors).
Firewall settings come into play when we are dealing with both intranet and extranet or DMZ traffic. Some firewall setup is already a part of a standard Dynamics GP installation when it comes to the proper settings to allow SQL server port traffic through. Typically you have to set a couple of rules on port TCP1433 and UDP1434 inbound rule on the SQL server to allow traffic through, such as the web server trying to communicate with the SQL server.
I won't get into details here except to say there are firewall implications to consider depending on your deployment choice.
Domain Users & Groups
Before beginning the installation you will want to ensure you have created both one or more service accounts for the services and groups for the users. The recommendation for our demo installation was this:
This topic can't be covered in a single blog but to give you an idea of some of the planning elements that must be taken into consideration, these are the types of deployments we did talk about.
They are developing a Web Client Deployment Tool which will help with providing a specific task list for deployment based on the inputs you provide. This will be ready for RTM release, not Beta. The deployment can be exported and imported in case of changes so you don't have to run through the wizard over and over again. The end result is something that walks you through the settings you'll need.
A few random final thoughts around the web client. Initially the phase 1 Web Client will be limited to Financials and Distribution modules. The phased approach will follow this release plan approximately, with the exact timing unknown:
What this specifically means is clients using those applications will be using "rich client" only, no web client. They will be able to use web client for the portions of their business that they can if they choose.
|Date Added:||September 14, 2012 09:59:26 PM|