Load balancing Microsoft ADFS
About Microsoft ADFS (Active Directory Federation Services)
Microsoft ADFS (Active Directory Federation Services) provides secure SSO (Single Sign-On) and identity federation within an ADFS deployed environment. In its simplest form, it can be used to provide authentication against Active Directory for claims-aware applications such as Office 365, Outlook on the web, or Sharepoint to name but a few Web SSO.
Using standards-based identity federation allows trust relationships between federated third parties such as partner organisations or applications hosted within cloud environments. Whenever authentication is required across organisational boundaries (between otherwise autonomous security domains) a federation trust can be created Federated Web SSO.
Key benefits of load balancing
Here are a few key benefits:
- Ensures the application is always available
- Provides a stable, optimal performance
- Ability to isolate servers which reduces risk when performing upgrades/maintenance
Microsoft’s Enterprise solutions are at the heart of businesses everywhere. Loadbalancer.org is officially certified for all of Microsoft’s key applications which you can find here. More details on the Microsoft ADFS components, how it works, and prerequisites for load balancing can be found in our deployment guide, available to view below.
How to load balance Microsoft ADFS
You can deploy Federation Servers within your LAN or leverage the ADFS Proxy role within your DMZ allowing secure deployment alongside your applications. A load balancer can be deployed in front of either Federation Server or Federation Server Proxies providing both scalability and high availability to ADFS deployments.
Example deployment utilizing 2 HA pairs. HA pair 1 is used to load balance the ADFS Proxy’s located in the DMZ, HA pair 2 is used to load balance the ADFS Servers on the internal LAN.
|Protocol||Role||Ports||Load balancing methods|
|TCP/HTTPS||WEB SSO||443||Layer 7 TCP Mode|