[Webinar] Learn how to a build a cloud-first strategyRegister Now


How many ADFS servers should I have for my environment?

Posted on 2014-08-26
Medium Priority
Last Modified: 2014-08-27
HI Guys

I have recently implemented ADFS allowing external company users out on the Public Domain to access our internal CRM platform. We have 1,200 who could potentially connect to CRM over the Internet (not concurrently) but nevertheless I would like to know if I should be considering adding an additional internal ADFS server to sit along side my existing one to support these users?

I have an ADFS Proxy server in the DMZ and just need to know how many concurrent users wold my single ADFS server support before having to consider an additional server.
Question by:CTCRM
1 Comment

Accepted Solution

Wilder_Admin earned 1500 total points
ID: 40285448
The answer i found on technet:

What is the difference between a single ADFS server versus a farm? Which one is better?

ADFS can be setup as a

Standalone federation server.
Farm Federation Server using WID
Farm Federation Server using SQL
Farm federation server is definitely a better option than a standalone federation server for the obvious reasons – scalability and redundancy. Standalone federation server only support a single server and only store configuration information on a Windows Internal Database (WID). Of course It is easy to setup and its best for lab environment but lacks scalability and redundancy. Moreover, you cannot add more than one server to the Standalone federation server. However, with a farm federation server, you can start a farm with one single ADFS server and add more ADFS servers to the farm at that time or sometime in the future. I often get this question, can a farm federation server using WID function with one server? And the answer is YES! But remember you cannot benefit from load balancing and redundancy since there is only one server in the farm. For more information on Federation Server using WID or SQL please refer to the question of which database to choose.

But this answer is clear. If you are running a critical service like auth you always should have a solution for any desaster.

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question