locked
ADFS Proxy on Windows Azure Environment with network loadbalancing to on-premises ADFS Proxy? RRS feed

  • Question

  • Hi,

    We are planning to have a Disastor recovery for AD and ADFS proxy on the cloud. We are hosting DC, ADFS & ADFS proxies (2 servers in load balancing) servers on premises for single Sign on to O365 Exchange.

    1) Can we have replica of ADC and ADFS Proxy on the Cloud (windows azure)?

    2) If Yes, can we configured Network loadbalancing between Cloud ADFS Proxy and on premises ADFS Proxy? (main intension is to to maintain 100% availability of Single Sign on to O365 when our on premises ADFS Proxy gets down)

    Please suggest me if this requirement is feasible to implement.

    Thank you,

    Regards,

    Umamaheshwar.
    Monday, February 4, 2013 1:48 PM

Answers

  • Hi some more information for you. Here are couple of links that you might find helpful. A response from the engineering team:

    "Basically you're asking if the cloud can be used as a backup.  I think the answer is yes the cloud can be used as a backup and you can point them at this article on how to get the AD Connection setup as a first step then they can follow our guidance for the AD FS proxy bits.  We should make sure we say “backup for DR” in the response.

    http://msdn.microsoft.com/en-us/library/windowsazure/jj156090  - in particular find the scenario called 1. AD FS: Extend a claims-aware on-premises front-end applicaiton to the Internet.

    http://www.windowsazure.com/en-us/manage/services/networking/cross-premises-connectivity/ - in particular Install a replica Active Directory domain controller on Windows Azure 

    Thursday, February 7, 2013 8:52 PM
  • Hi,

    We have since also published guidance for such scenarios here:

    http://www.microsoft.com/en-us/download/details.aspx?id=38845 (Office 365 Adapter: Deploying Office 365 Single Sign-On using Windows Azure)

    See Scenario 3 in this document. As noted by Gayana, we're looking at a Disaster Recovery scenario, not at an active/active configuration across premises.

    Yann

    Wednesday, May 29, 2013 9:49 AM

All replies

  • Hi, I am a technical writer for the SSO via AD FS documentation set. Just in case, here are some topics that you might find helpful: http://technet.microsoft.com/en-us/library/hh967628.aspx Check out this topic in particular, especially the Deploy your federation server proxies section - http://technet.microsoft.com/en-us/library/jj151794.aspx#bk_deployfsp
    I don't think we cover your precise proxy scenario but I've forwarded your enquiry to our engineering team and I hope to have a better answer for you soon.
    Wednesday, February 6, 2013 10:10 PM
  • Hi some more information for you. Here are couple of links that you might find helpful. A response from the engineering team:

    "Basically you're asking if the cloud can be used as a backup.  I think the answer is yes the cloud can be used as a backup and you can point them at this article on how to get the AD Connection setup as a first step then they can follow our guidance for the AD FS proxy bits.  We should make sure we say “backup for DR” in the response.

    http://msdn.microsoft.com/en-us/library/windowsazure/jj156090  - in particular find the scenario called 1. AD FS: Extend a claims-aware on-premises front-end applicaiton to the Internet.

    http://www.windowsazure.com/en-us/manage/services/networking/cross-premises-connectivity/ - in particular Install a replica Active Directory domain controller on Windows Azure 

    Thursday, February 7, 2013 8:52 PM
  • Thanks alot for the Solution, Gayana :) :)

    Monday, February 11, 2013 9:10 AM
  • Hi,

    We have since also published guidance for such scenarios here:

    http://www.microsoft.com/en-us/download/details.aspx?id=38845 (Office 365 Adapter: Deploying Office 365 Single Sign-On using Windows Azure)

    See Scenario 3 in this document. As noted by Gayana, we're looking at a Disaster Recovery scenario, not at an active/active configuration across premises.

    Yann

    Wednesday, May 29, 2013 9:49 AM