Active Directory Federation Services (ADFS) is a Microsoft identity access solution. It was an optional component of Microsoft Windows Server® 2003 R2, now built into Windows Server® 2008. ADFS helps you establish trust relationships and reduces the need for provisioning and managing user accounts. Its implementation provides browser-based clients (internal or external to your network) with seamless, “Single Sign-On” access to one or more protected Internet-facing applications (e.g. Cloud based services such as Office 365).
Trust relationships are used to project a user’s digital identity and access rights to trusted partners and can be deployed in multiple organisations in order to facilitate business-to-business (B2B) transactions between trusted partner organisations.
ADFS Server: Responsible for user authentication and issuance of claims. The Server must be able to connect to a Domain Controller. It authenticates users from multiple domains via windows trust. The ADFS server can be setup in cluster for high availability.
ADFS Proxy Server: Authenticates users from the internet and protects the ADFS Server from Internet based threats.
ADFS configuration Database: Relying party trust, certificates, claim Provider trust, claims description, service configuration, attributes… are all stored in the Database. The entire content of the Database can be stored as in instance of SQL database or Windows Internal Database (max 5 servers) but not both at the same time.
Multiple ADFS proxy servers can be setup in cluster for high availability solutions.
The Kemp LoadMaster can be deployed to load balance ADFS 2.0 Servers, Proxy Farms and provide high availability, better performance and scalability as ADFS requires Transport Layer Security and Secure Sockets Layer (TLS/SSL). The Hardware Load Balancing will provide the functionality to test the application or the service connectivity. A greater range of scheduling methods (Least connection preferred).
Using the Kemp LoadMaster™
Joe Lepore, Pre-Sales Engineer, Kemp Technologies