Wireless validating identity fix
In part 1 of this multi-part article series revolving around Exchange hybrid deployment based migrations to Office 365 or more precisely Exchange Online, I explained to you in simple terms what migration approaches we have at our disposal, when it comes to migrating from an Exchange based on-premise environment to Exchange Online.In addition, I briefly described what an Exchange hybrid deployment is and what it offers in terms of coexistence.
In this part 2, we will continue where we left off in part 1.That is we will deploy the Active Directory Federation Service (ADFS) servers that are required for identity federation with Office 365.More specifically, we will deploy and configure two ADFS servers.In order to achieve high availability, the ADFS servers will be confgiured in an ADFS farm and load balanced using Windows Network Load Balancing (WNLB).Important: Before you start deploy and configure the servers required to achieve rich coexistence between the Exchange on-premise and Exchange Online, you should run the Microsoft Office 365 Deployment Readiness Tool in the respective Active Directory forest.The tool will provide an analysis of the environment in preparation for the actual Office 365 enterprise deployment and it’s important you fix any issues caught by the tool prior to deploying the rich coexistence servers. By using the WS-Federation (WS-Fed) and WS-Trust protocols, Active Directory Federation Services (ADFS) 2.0 provides claims-based single sign-on (aka identity federation) for the services in the Office 365 service offering.
The benefits of using indentity federation is to provide the users in the enterprise with a SSO experience no matter if they are located on an external network or on the internal corporate network.
Basically, ADFS 2.0 is a Security Token Service (STS) that is capable of issuing, validating and exchanging security tokens on behalf of the users in the enterprise.
Although ADFS can be deployed using stand-alone federation servers, the identity federation service usually consist of two or more ADFS Proxy servers in placed in the perimeter network and two or more ADFS servers located on the internal corporate network.
The internal ADFS servers are configured in a so called federation server farm, which then again is load balanced using some form of load balancing solution.
The ADFS Proxy servers are are not configured in a federation server farm per se, but incoming sessions hitting these servers are simply load balanced.
Diagram 1 The reason why it’s recommended to deploy at least two ADFS Proxy and ADFS servers is in order to achieve redundancy.