top of page

ADFS High Availability and Disaster Recovery Overlook

In this Article, We will see some of the basic concepts how to setup ADFS High Availability and Disaster Recovery

What is ADFS??

Adfs is simplified authentication method which is claims based Authentication(CBD) to applications like Exchange online, cloud applications and so on. it will enable the organizations to avail the Single sign-on  beyond the organizational boundaries and coloborate with cloud applications easily without breaking security boundaries.

For More Information, Please read Technet Ariticle

What is WAP?

Web Application Proxy is the IIS Based application which will be installed in the permiter Network and allow the users to access the URLs from internet using reverse proxy funcationalities. it will preauthenticate applications using the ADFS. It will be simply called as ADFS Proxy..

For More Information, Please read Technet Ariticle

What is Database Server?

ADFS Configuraion and the Relay party informations will be stored in the Databases. ADFS Contains two databases(AdfsArtifactStore and AdfsConfiguration). ADFS Will support for both Windows Internal Database(WID) and Windows SQL Dabase servers. Both has it’s merits and demerits. You can read about them in the Ariticle.

I have explained both the way in my previous Aritcles, you can find them here with WID and here with Windows Server SQL. There i have explained how to update SQL Failover databses as well.

With mentioning the above steps, The ADFS Structure will look like this,


1

When the user trying to connect office 365 Mailbox, First it will hit WAP Server and WAP Server will proxy the connection to ADFS Server and adfs will talk to AD on behalf of user and token will be issued to the user.( Will cover detailed Authentication process in upcoming ariticles).

If any one server fails here, Complete ADFS Service will get impacted due to which none of the federated applications will work and SSO process will fail completely.

To avoid that we can add muliple servers which is called as Farm. hence that if one server fails, Another server will process the request. it will be highly recommended for all the companies.


2

In the above structure, There will be one Virtual IP Address for each WAP Farm, ADFS Farm and SQL Cluster. It will be configured by using hardware load Balancer like Radware, F5. So the first hit will come to hardware loadbalancer and the connection will be transfered to among the farm nodes based on the sessions limits.

What is DR Site and how to setup?

Disaster Recovery is another site where there will be same services hosted. whenever there is any issues or network problems in the primary site, We can move the services to the DR Site.


3

We can move any of the farm to DR Site if there is any issues.

1. if Any issues with DB, You can Failover to the DR Site

2. If any issues with ADFS Farm, You can point to ADFS FQDN Record to DR Site VIP Address in internal DNS.

2. If any issues with ADFSWAP Farm, You can point ADFSWAPFQDN record to DR Site  VIP Address in ISP DNS.

39 views0 comments
bottom of page