Friday, 27 September 2013

Multiple Instances in CRM Online

With the December 2012 Service update (aka "Polaris"), we introduced the ability for customers to provision and manage multiple CRM instances within a single subscription.
This opens up new enterprise customer scenarios such as separate instances for departmental use, regional use, development/test instances for application lifecycle management and more.

Use Case for Multiple Instances
Logically, you can imagine multiple CRM Online instances for an organization structured similar to multi-tenant high-rise or building. Each floor within a building can be logically considered as an application (Sales/Service, Vendor mgmt., Wealth mgmt., etc) and each unit within a floor can be considered as an instance for a specific purpose such as production (final), training, testing, development, etc.

The need for multiple instances varies from one organization to another. Some organizations might require just a few and others might need large number of instances depending upon their business needs.
It is important to note that multiple instances cannot be created across the globe. Currently, all the additional instances can only be created within the same geo (Americas, EMEA or APAC) as the subscription.

Scenario: Departmental Use
So - why would an organization need multiple instances of CRM Online if data segregation can be achieved using business units and role-based forms?

A common use for additional instances is to have separate instances for each department or region within an organization. For example a large financial organization might need separate instances for retail banking division, wealth management vision, separate ones for insurance business and vendor mgmt., etc. Another example might be to have separate instances for different regions (Northwest, South, East, etc) as the policies and business procedures might significantly vary from one region to another within the same organization.
Multiple instances are needed when segregation of plugins/workflows/admin resources are required which cannot be easily isolated using business units in CRM. In the below example - when Retail banking needs to make a change or install a 3rd party component for their needs, you wouldn’t want the wealth management users to be affected by those changes.
Additional instances are charged at a monthly rate per instance and do not require additional CRM user licenses (CALs). Each user with a CRM license can access all of the instances in their subscription. When a user is part of multiple instances, they’ll see an instance picker while logging into CRM Online. Security can also be applied to restrict users only to specific instances.

Instance Security Groups
Security groups defined within the Microsoft Online Services Portal (MOSP) controls access to various CRM Online instances. Any security group available within the MOSP can be used to control access to a CRM instance. If a security group is not associated with a CRM instance, all users with a CRM license will be created as users in the instance.  If a security group is associated with an instance, only users with CRM licenses that are members of the security group will be created as users in the CRM instance

Security groups can also be nested, meaning one security group can encompass other security groups making it easy to map complex security and access requirements that is illustrated in the slide. For example, you can easily create an “All Sales” group that includes Corporate, Field Management and Field Sales/Service groups.
Administrators can view and create security groups within the MOSP. If you have configured your subscription for Active Directory synchronization, security groups you create in Active Directory will be replicated to the MOSP and can be associated with your CRM Online instance for simplified integration. Of course security groups within Active Directory can be used for controlling access to other products such as SharePoint, network shares and other applications making it easier to achieve end-to-end enterprise security.

No comments:

Post a Comment