Load Balance ADFS (not proxy) in Azure - Create public end points a good idea? RRS feed

  • Question

  • Hi!!

    I would like to ask about ADFS implementation in Azure. We have put a whole AD site up in Azure cloud (AD + ADFS + ADFS Proxies) with site to site vpn back to office premise for replication traffics only, as per best practice published by Microsoft.

    Here's the question about the performance, we would like to build 2 ADFS servers and have some means for load balance them as well (not proxy, we already have 2 ADFS proxies running in same cloud service and loadbalanced using public NLB end points) ,we are thinking of 2 possible ways to achieve it:

    1) We considering create public end points (http and https) on ADFS itself AND impose some kind of restriction (Azure ACL? Windows firewall?) to allow only public VIP of our ADFS proxies to access those end points, by doing that we can make use of the NLB feature and run the ADFS servers as a cloud service. Feasible? Advisable? 

    2) If the option No (1) is not supported, then run windows NLB directly on them (haven't try, not sure whether it will work).

    Any experts out there can give advise on this? (in term of feasibility and whether or not it is the correct way to do)

    • Edited by davidthamwf Tuesday, November 5, 2013 2:46 AM
    Tuesday, November 5, 2013 2:33 AM