Solved

network load balancing requirements for ADFS servers and proxy servers in for Office 365

Posted on 2013-06-10
8
1,307 Views
Last Modified: 2013-06-17
Hello all,
I am going to deploy two ADFS servers into the F5 network load balancing. I would like to know their requirement such as port #, DNS record, etc.

Could you please provide me the requirements?
Thanks,
0
Comment
Question by:dongocdung
  • 4
  • 3
8 Comments
 
LVL 39

Assisted Solution

by:Adam Brown
Adam Brown earned 125 total points
ID: 39236351
ADFS communication with clients works over port 443 (HTTPS) only. The servers should be able to communicate with one another freely, though (for the most part). DNS will need to be set up so that the each server has an individual DNS entry that is referenced Internally and the VIP should be set to the Cluster DNS name.
0
 
LVL 6

Assisted Solution

by:Neadom Tucker
Neadom Tucker earned 375 total points
ID: 39236613
Are you using physical or virtual servers?  If you are using virtual servers what Hyper visor type will you be using.  Xen Server has an issue with Multicast Cluster setups and the cluster does not work well. You will need a 3rd party certificate if you plan on accessing the site from outside the network.  This will need to be on all 3 servers and you will need to create a host entry on your proxy server that points to your Cluster.  It is a pretty simple setup.  There are a few gotchas.

Tucker
0
 

Author Comment

by:dongocdung
ID: 39236681
I am using vmware. I plan to have a virtual IP address for load balancing cluster with two servers. I also create a record for this IP address. In proxy, i also create NATs for public facing. I open port 443. Is my plan OK?
0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 
LVL 6

Accepted Solution

by:
Neadom Tucker earned 375 total points
ID: 39236705
Yeah so far.  You should not have an issue with your implementation using VMware.  Your Proxy will need a host entry created for (adfs.yourdomain.com) that points to your vIP through your DMZ.  Make sure you allow port 443 from your DMZ to your ADFS vIP.

Just and FYI the latest version of DirSync includes password sync.  So depending on your reasoning on implementing SSO you may not need it.

http://blogs.msdn.com/b/active_directory_team_blog/archive/2013/06/03/making-it-simple-to-connect-ad-to-azure-ad-password-hash-sync.aspx

I hope this helps!

Tucker
0
 

Author Comment

by:dongocdung
ID: 39237694
ADFS server and ADFS Proxy server will use the same service name (sts.domain.com). Which server's ip address do I need to use to create the record in DNS? Do I need to create two records for the same service names?
0
 
LVL 6

Assisted Solution

by:Neadom Tucker
Neadom Tucker earned 375 total points
ID: 39238252
what is the VIP of your ADFS Loadbalancer?  you create the record for your virtual IP.
0
 

Author Comment

by:dongocdung
ID: 39238620
My ADFS load balancer is 172.25.5.208 and proxy is 192.168.254.16. So, do I need to create two records for them?
0
 
LVL 6

Expert Comment

by:Neadom Tucker
ID: 39253393
you just need the dns info for the load balancer for the internal network.  your external dns should point to the firewall and then NAT to the 254.16
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Samba Question 11 75
Accessing two networks from one PC 30 110
Manage ASA using outside IP 14 62
Remote access problem to camera controller 9 37
Cloud-based technologies and services will continue to grow in popularity in 2017 thanks to the simple, scalable and cost-effective solutions they deliver. Here are three areas where cloud adoption is poised to really take off.
In-place Upgrading Dirsync to Azure AD Connect
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question