Multiple federation servers and multiple Web Application Proxy servers with SQL Server

So far, we have looked into models, which suit for easy implementation and improved security. But this model is focused for high availability. Each role will be configured with NLB clusters. The AD FS database will be hosted in the SQL Always On cluster environment. This model is ideal for the SPs and other businesses, which deal with high volume AD FS requests.

The NLB cluster is a software-based load balancing solution that comes with Microsoft. It is easy to implement with no additional licenses. However, hardware load balancers provide high performance and fewer dependencies.

Similar to the previous model, this model's operations are clearly divided into two networks: perimeter and corporate. The firewall will have following NAT and access rules to support the setup:

  • Map external IP address to myapp.rebeladmin.com so that users can make initial request from external networks. It is recommended to use TCP 443.
  • Map external IP address to secure.rebeladmin.com, map it to the IP address of Web Application Proxy server group's NLB cluster IP, and open TCP 443 from the external to allow access.
  • Allows access from Web Application Proxy servers to AD FS Farm NLB cluster IP in TCP port 443.

For both the NLB clusters, the initial connection point will be NLB cluster IP and the external and internal DNS records should have entry for it. Apart from the application's external URL, the only external published URL will be Web Application Proxy's URL. In the preceding example, secure.rebeladmin.com is a map to Web Application Proxy NLB cluster IP.

AD FS servers are using Microsoft SQL Always On availability group to host the AD FS database. This is a read/write database for both the hosts.

SQL Always On is a high availability solution which runs on top of the Windows cluster. Windows Server 2016 support a two-node cluster with Azure Cloud Witness. It reduces the number of servers which need to be used in a SQL Always On setup.
Advantages Disadvantages
High availability: Each component hosts multiple servers with load balancer. AD FS database also using SQL high availability environment. High cost: It needs multiple servers and licenses (OS, SQL Servers). It also increases the management cost.
High performance: Workloads are distributed between multiple hosts using load balancers. Complex setup: The implementation will be time consuming and needs advanced skills for planning and configuration.
Support for features such as SAML artifact resolution and SAML/WS-Federation token replay detection. Troubleshooting an issue will be time consuming and complex as there are many systems and application dependencies.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.144.189.177