Pass Through Authentication. Define "High Availability" please
Does PTA simply round-robin between each PTA Agent. PTA does not do Deterministic Load Balancing, then what does it do?
What is the context of your question.
PTA is configured with server/s to whom it forwards or through which it proxies. So if there is a single resource on the other side and that resource is unavailable the thing authetnication fails.
PTA for "HIGH AVAILAbility" should have two or more system that can be used to authenticate/authorize and two or more on the destination.
i.e. PTA is made of two or more systems that are queried for authentication.
These systems are forwarding/proxying the requests to two or more servers cable to respond.
MS covers the description
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication
If you have two federated servers end points to whom PTA can forward/query so long as your Internet feed stays up and one of the servers is running and responding, you achieve HIgh Availability. If your internet feed drops, you single signon will fail until the internet feed is restored.
Locating a federation server at anohter location, will provide an alternate destination as well as increase you high availability
PTA is configured with server/s to whom it forwards or through which it proxies. So if there is a single resource on the other side and that resource is unavailable the thing authetnication fails.
PTA for "HIGH AVAILAbility" should have two or more system that can be used to authenticate/authorize and two or more on the destination.
i.e. PTA is made of two or more systems that are queried for authentication.
These systems are forwarding/proxying the requests to two or more servers cable to respond.
MS covers the description
https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-pass-through-authentication
If you have two federated servers end points to whom PTA can forward/query so long as your Internet feed stays up and one of the servers is running and responding, you achieve HIgh Availability. If your internet feed drops, you single signon will fail until the internet feed is restored.
Locating a federation server at anohter location, will provide an alternate destination as well as increase you high availability
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
There's no need for load balancing with PTA agents because it's not a solution that accepts incoming connections. Load Balancing allows multiple servers to accept incoming connections from a single virtual IP address. Since the PTA agents only do outbound connections to Azure AD (and keep that connection open), there's no need for load balancing. Multiple agents connect to Azure AD and AAD will use whichever one gives the information it needs first.
At 1st place if OP asked for azure PTA, he could have got the answer as appropriate
ASKER
Most complete and direct solution .. Thank you!
Mahesh, you are correct, I will try to be more detailed next time.
Mahesh, you are correct, I will try to be more detailed next time.
it can't do load balancing
you need some other means to do load balancing like nlb, hlb, or round Robin dns for that matter