network load balancing requirements for ADFS servers and proxy servers in for Office 365

Hello all,
I am going to deploy two ADFS servers into the F5 network load balancing. I would like to know their requirement such as port #, DNS record, etc.

Could you please provide me the requirements?
Thanks,
dongocdungAsked:
Who is Participating?
 
Neadom TuckerCommented:
Yeah so far.  You should not have an issue with your implementation using VMware.  Your Proxy will need a host entry created for (adfs.yourdomain.com) that points to your vIP through your DMZ.  Make sure you allow port 443 from your DMZ to your ADFS vIP.

Just and FYI the latest version of DirSync includes password sync.  So depending on your reasoning on implementing SSO you may not need it.

http://blogs.msdn.com/b/active_directory_team_blog/archive/2013/06/03/making-it-simple-to-connect-ad-to-azure-ad-password-hash-sync.aspx

I hope this helps!

Tucker
0
 
Adam BrownSr Solutions ArchitectCommented:
ADFS communication with clients works over port 443 (HTTPS) only. The servers should be able to communicate with one another freely, though (for the most part). DNS will need to be set up so that the each server has an individual DNS entry that is referenced Internally and the VIP should be set to the Cluster DNS name.
0
 
Neadom TuckerCommented:
Are you using physical or virtual servers?  If you are using virtual servers what Hyper visor type will you be using.  Xen Server has an issue with Multicast Cluster setups and the cluster does not work well. You will need a 3rd party certificate if you plan on accessing the site from outside the network.  This will need to be on all 3 servers and you will need to create a host entry on your proxy server that points to your Cluster.  It is a pretty simple setup.  There are a few gotchas.

Tucker
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
dongocdungAuthor Commented:
I am using vmware. I plan to have a virtual IP address for load balancing cluster with two servers. I also create a record for this IP address. In proxy, i also create NATs for public facing. I open port 443. Is my plan OK?
0
 
dongocdungAuthor Commented:
ADFS server and ADFS Proxy server will use the same service name (sts.domain.com). Which server's ip address do I need to use to create the record in DNS? Do I need to create two records for the same service names?
0
 
Neadom TuckerCommented:
what is the VIP of your ADFS Loadbalancer?  you create the record for your virtual IP.
0
 
dongocdungAuthor Commented:
My ADFS load balancer is 172.25.5.208 and proxy is 192.168.254.16. So, do I need to create two records for them?
0
 
Neadom TuckerCommented:
you just need the dns info for the load balancer for the internal network.  your external dns should point to the firewall and then NAT to the 254.16
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.