Hosting ADFS Offsite
Posted on 2011-09-15
Does anybody have any thoughts on deploying ADFS at an OFFSITE datacentre for Office 365 authentication?
We have recently deployed Office 365 for our 30 user organisation which is making use of federated domains and SSO.
This means we have our ADFS Main server on the primary domain controller, dirsync on another 2003 server and our ADFS proxy on another 2008 server.
These are all hosted at head office.
Currently this works wonderfully and means that users can take full advantage of SSO and they only need to remember 1 set of credentials for everything.
This works great! UNTILL our internet connection goes down at the main office and the outside world is no longer able to authenticate with ADFS servers.
This defeats the purpose entirely of hosting email services in the cloud.
The question then is: in which configuration can we still have our federated domain and SSO but NOT be reliant on a connection to head office?
One scenario I have come up with is to have a virtual server running at a local ISP datacentre, this will be a Read Only Domain Controller and be the main ADFS server.
At head office there will be the ADFS proxy.
These two locations would be connected via an already installed fiber based routed VLAN connection (>= 20Mb/s)
I am after THOUGHTS on why this will and won't work, or if possible alternate scenarios.
I will award the best answer with the largest amount of points I can....