Im' adding a 2012r2 domain controller to the existing 2008r2 DC.
dc1 - 2008r2 - FMSO role holder
dc2 - 2012r2
DC2 will be the ADFS server for SSO with Exchange online.
Do I *need* to have 2 servers for the ADFS (inside) and WAP (dmz) roles or can I run the WAP on the internal ADFS server and port-forward on the firewall?
Most doc suggests the WAP role is best on a dedicated server in the DMZ, but they don't go so far as to say it's a hard-and-fast requirement.
It seems an expensive item to dedicate a Server OS license to just hold the WAP role.