CRM “5” – Secure Code on the Server

Download

How do I download the videos?

• To download, right click the file type you would like and pick “Save target as…” or “Save link as…”

Why should I download videos from Channel9?

• It's an easy way to save the videos you like locally.
• You can save the videos in order to watch them offline.
• If all you want is to hear the audio, you can download the MP3!

Which version should I choose?

• If you want to view the video on your PC, Xbox or Media Center, download the High Quality WMV file (this is the highest quality version we have available).
• If you'd like a lower bitrate version, to reduce the download time or cost, then choose the Medium Quality WMV file.
• If you have a Zune, WP7, iPhone, iPad, or iPod device, choose the low or medium MP4 file.
• If you just want to hear the audio of the video, choose the MP3 file.

Right click “Save as…”

• High Quality WMV (PC, Xbox, MCE)
• MP3 (Audio only)
• MP4 (iPod, Zune HD)
• Mid Quality WMV (Lo-band, Mobile)
• WMV (WMV Video)

In this video I chat with Andy Bybee (Principal Program Manager Lead), Allen Hafezipour (Senior Program Manager) and Nirav Shah (Senior Dev Lead).  These are some of the folks on the Dynamics CRM team thinking hard about code on the server.

Back in October I spent some time chatting with the Dynamics CRM team about some of the new features coming in CRM “5”.  I published a couple of videos back then (here and here) but never got around to publishing this final one (sorry about that guys!). 

In this one we chat about how to write custom code in Dynamics CRM and have that run securely in the various deployment models available including on-premises, partner-hosted and even in CRM Online. 

The current version of CRM allows code on the server (for plug-ins or workflows) and that code runs in full trust.  That’s the primary reason why server code is not allowed on Dynamics CRM Online where you’re sharing the server with many other tenants.

There are a number of different areas where you might need to write custom code on the server; for instance, custom workflows, custom web apps, plug-ins.  It’s not hard to allow that sort of thing.  Where it gets tricky is allowing developers to do that in ways that don’t compromise security and performance.

The team talks about what they needed to think about to solve these types of problems (profiling, tracing, and managing security of numerous managed assemblies).  They looked at physical (sandboxing) and logical (code access security) isolation levels.  They divided the security problem into multiple layers:

• 1st layer is .NET code access security
• then using Windows security: putting code within its own machine and isolating access to databases or machine services
• and finally for multi-tenant environment preventing one tenant’s code from touching the data or code from another tenant

Nirav and Andy provide a great whiteboard architecture walk through showing how the security is implemented and how the message pipeline flows.

Allen walks us through some sample code to show how this works in an early build (of course this stuff could change) including how to insert tracing in your server code allowing you to see what happened when exceptions are thrown.  There’s a new plugin registration tool that helps with registration and deploying of code on the server.

The message to the developer writing line-of-business applications on the Dynamics CRM platform is clear.  While today’s server code model supports only full-trust the new code security now unlocks the ability to run the exact same code in all of the various deployment mechanisms.

By coupling that with the coming solution management features, building and deploying secure applications will get much easier.  There’ll be no need for writing MSIs and constantly keeping them updated.  There’ll be no need to think about which type of server deployment a customer will use.  As a developer you get to focus on your application.  The platform does the work related to security and performance management.

I think the power of choice just got more power.