Do we need a Federated Server Farm

Posted on 2013-11-12
Last Modified: 2013-11-20
   We will be setting up ADFS for Office 365 in our office. The office has about 80 people in total. I am familiar with the process and have setup a small office using just one server for the Federated role. However, I am reading more and more that I should at least think about setting up a server farm. Is it necessary at this level of users?
Question by:JesusFreak42
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
LVL 58

Expert Comment

by:Cliff Galiher
ID: 39642949
The reason to set up a farm isn't just load, but also resiliency. Nothing is more frustrating than losing access to most of your productivity suite just because of a single point of failure in your authentication infrastructure.

I am of the mindset that if you have enough users to benefit from ADFS, you have enough users that you want a farm. And if you don't think you have enough users to justify a farm, chances are you should probably reconsider ADFS, where DirSync would suffice for smaller organizations. For me personally, I've found that tipping point to be around 150 users before ADFS becomes worth the hassle of the added infrastructure costs and management.
LVL 41

Assisted Solution

by:Vasil Michev (MVP)
Vasil Michev (MVP) earned 100 total points
ID: 39642993
What he said, farm gives you both HA and LB. You can spin the AD FS servers in VMs, so the cost difference will not be that big. And it's not that difficult to set up, you just use the other radio button in the wizard.

So, if you indeed NEED the benefits of AD FS, follow the best practices. If you simply want 'same credentials' experience, stick to dirsync with password sync.

Author Comment

ID: 39643017
Hmmm.... Quick question. It seems like AD FS might be a convenience, though this company is growing quickly. However, isn't ADFS really easy to deactivate through the powershell if the server were to go down?
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 41

Expert Comment

by:Vasil Michev (MVP)
ID: 39643054
Deactivating AD FS means generating new passwords for every federated user, have fun distributing those to people that cannot even access their email :)

Author Comment

ID: 39643098
Is that true even if Directory Synching remains active?
LVL 58

Accepted Solution

Cliff Galiher earned 400 total points
ID: 39643140
Yes, that is still true. DirSync in an ADFS infrastructure syncs the directory objects, but NOT credentials. Password syncing wasn't even a part of DirSync in its initial release and was only added much later because of popular demand. Enabling ADFS still disables password sync (by necessity) and so you end up with the same problem. I said, managing ADFS is not trivial. While what the other expert said is true...that is is not "difficult" to set up, there is still background knowledge and ongoing maintenance and disaster recovery concerns that aren't technically part of the setup process, but still need to be considered.

So I stand by my initial assertion that you may not be at a place where ADFS makes sense, just based on your line of questions. That isn't an indictment. I am *good* at ADFS and Azure in general, and I don't do it for my smaller clients. The cost/benefit just isn't there.

Author Closing Comment

ID: 39664331
I have proposed that we put in two ADFS machines IF we are going to go that route. Thank you

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Here's a look at newsworthy articles and community happenings during the last month.
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: (…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question