locked
Hybrid ADFS integration - Maximum latency supported RRS feed

  • Question

  • Hello,  are you aware of any microsoft documentation regarding maximum network latency supported between on premisses Users using SSO with AD connect and hybrid ADFS scenario?. We are planning to setup a VPN connection from on premisses to Azure for connectivity to an ADFS Farm deployed on azure in HA (internal load balancer), Web application proxies will be deployed in HA (external load balancer) in Azure as well, same VNet, same location but different subnets (ADFS and DMZ Subnet). On the premisses  We have a couple of domain controllers and one AD Connect Server. My concern is the supported maximum latency between On premisses Users / Domain controllers to Azure ADFS Servers and viceversa, I used Azure latency test portal in order to test the latency to our nearest Azure region, having 300 ms in average (I know, my ISPs sucks :) ). So before going with SSO Authentication with this hybrid solution I would like to have certainty if the network latency would not be an issue. Thanks in advance for your feedback.
    Friday, August 17, 2018 8:57 PM

All replies

  • So you have an ADFS server in IaaS but not a Domain Controller? 

    Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

    Thursday, August 23, 2018 1:02 PM
  • I do not have exact Network latency figure which is required, but there should be very good connectivity when doing ADFS pre-authentication since all the authentication traffic is actually send to the ADFS server in the backend. So low latency required.

    Thanks,

    Ravi

    Thursday, August 23, 2018 4:48 PM
  • Thanks for the follow up, I have a couple of DCs on premises and 2 DCs in Azure in one Availability Set in same VNET, my concern is the traffic flowing from On Prem users to ADFS IAAS Servers with more than 200 ms latency.
    Thursday, August 23, 2018 9:07 PM
  • Ravi:

    Thanks for the inputs, I am elaborating a virtual lab in order to test/replicate how the latency could be afffect my end users before going live, depending on the tests I will try to sort this out hiring a better link connection before going with Hybrid ADFS.I will keep you posted. Regards


    • Edited by diazed Thursday, August 23, 2018 9:13 PM
    Thursday, August 23, 2018 9:12 PM