Windows Server 2008 R2 : Active Directory federation services (part 1) - Planning for Active Directory Federation Services

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019

Organizations in today's global market have found themselves needing to extend their applications beyond the corporate LAN. Many organizations find themselves needing to securely provide clients, vendors, and business partners access to their internal applications or extranets. Additionally, organizations looking at cloud services to host applications are finding it necessary to provide a secure single-sign onto these environments. These needs create a lot of questions around security and account management. Microsoft created Active Directory Federation services (ADFS) as a solution to this issue. ADFS was first introduced with the release of Windows Server 2003 R2 and has been further improved in Windows Server 2008. ADFS uses what is known as claims-based authentication to provide a mechanism to authenticate across network boundaries. The claims-based authentication is done by passing tokens between ADFS servers in separate AD domains. The ADFS servers are set up to act as account and resource servers which can authenticate users based upon a claims token that is passed between ADFS servers and presented to the claims aware application. ADFS is still considered an early technology, but if you have applications where single sign-on is required across networks, you should consider deploying ADFS. By using ADFS, you can allow users in other organizations or other nontrusted forests in your organization to access claims aware applications on your network. The two primary scenarios where ADFS is used today are:

  • Extranet applications—It is common for businesses to deploy an application such as SharePoint server in an extranet or perimeter network. The problem created by doing this is that most perimeter networks do not have direct access to the internal AD environment. This means internal users need a second account and password to log on to the perimeter application. This means that more account management burden on IT departments and internal employees have another set of credentials to remember. By deploying ADFS, you can enable claims-based authentication in the extranet SharePoint deployment which allows internal users to log on using their internal AD accounts.

  • Business-to-business (B2B) extranet applications—You may also want to consider using ADFS for extranet applications that are heavily used by business partners, clients, or vendors. In the B2B scenario, you use claims-based authentication to allow users from business partners to log on to the extranet application using the AD accounts from their own internal domain. This not only provides a single-sign-on (SSO) experience to the end users from the business partner, but puts the burden of account management back on the business partner's IT department. In the B2B scenario, you still control which users from the business partner have access to the application, you just allow the other organization to maintain and manage the accounts used to log on. This also helps ensure that employees who no longer work for the business partner have their access properly removed from your application.

ADFS will continue to evolve with future releases of Windows. More focus will be given around enhancing claims-based authentication for cloud-based services allowing your corporate users to log on to a cloud service using the same credentials they would use to access resources on your LAN.

1. Planning for Active Directory Federation Services

Prior to deploying ADFS, you should properly plan your environment and ensure that the business requirements will be met by your proposed solution. For example, if you want to provide SSO for an extranet application in your permiter network, you will need to ensure that your design includes an AD forest and ADFS servers in the permiter network. You will also need to ensure that the applications support claims-based authentication using ADFS. After you document business requirements, you can begin designing your deployment. Figure 1 depicts an ADFS deployment with an application installed in the perimeter network. ADFS in this design is providing SSO for corporate users with existing user accounts in an internal AD forest.


Figure 1 ADFS design diagram.

ADFS has several prerequisites that must be met prior to deployment. The prerequisites are:

  • PKI—ADFS requires certificates to secure communications between two environments. Self-signed certificates can be used for testing and lab purposes but should not be used in production deployments.

  • Windows Server 2008 R2 Enterprise—ADFS servers require Windows Server 2008 R2 Enterprise edition or greater.

  • AD Domains—ADFS requires that an AD domain exists on both the account and resource side.

  • FS Web Agent installed on application server—The Web server hosting the application will need the federation services Web agent installed.

Other factors that you must consider as part of your planning process are:

  • Are there redundancy and high availability requirements?

  • Will the ADFS deployment involve several AD domains?

  • Do you have a PKI deployed to support certificate requirements of ADFS?

  • Who will manage access using ADFS?

Be sure that you can answer the aforementioned questions as part of your design and planning process.

  •  Windows 8 : Administering Windows Networking - Troubleshooting networking (part 3) - Using the network troubleshooters, Using command-line tools
  •  Windows 8 : Administering Windows Networking - Troubleshooting networking (part 2) - View ing Windows 8 network settings
  •  Windows 8 : Administering Windows Networking - Troubleshooting networking (part 1) - Updating the Task Manager view for networking
  •  Windows Server 2008 and Windows Vista : Troubleshooting GPOs - Group Policy Troubleshooting Essentials
  •  Windows Server 2008 and Windows Vista : Creating and Using the ADMX Central Store
  •  Windows Server 2008 and Windows Vista : Migrating .adm Templates to ADMX Files
  •  Windows Server 2008 and Windows Vista : ADMX Files,Default ADMX Files, Using Both .adm Templates and ADMX Files
  •  Windows 8 : Configuring networking (part 7) - Managing network settings - Managing a wireless network
  •  Windows 8 : Configuring networking (part 6) - Managing network settings - Adding a second default gateway,Connecting to a wireless network
  •  Windows 8 : Configuring networking (part 5) - Managing network settings - Understanding the dual TCP/IP stack in Windows 8, Configuring name resolution
    Top 10
    Free Mobile And Desktop Apps For Accessing Restricted Websites
    MASERATI QUATTROPORTE; DIESEL : Lure of Italian limos
    TOYOTA CAMRY 2; 2.5 : Camry now more comely
    KIA SORENTO 2.2CRDi : Fuel-sipping slugger
    How To Setup, Password Protect & Encrypt Wireless Internet Connection
    Emulate And Run iPad Apps On Windows, Mac OS X & Linux With iPadian
    Backup & Restore Game Progress From Any Game With SaveGameProgress
    Generate A Facebook Timeline Cover Using A Free App
    New App for Women ‘Remix’ Offers Fashion Advice & Style Tips
    SG50 Ferrari F12berlinetta : Prancing Horse for Lion City's 50th
    - Messages forwarded by Outlook rule go nowhere
    - Create and Deploy Windows 7 Image
    - How do I check to see if my exchange 2003 is an open relay? (not using a open relay tester tool online, but on the console)
    - Creating and using an unencrypted cookie in ASP.NET
    - Directories
    - Poor Performance on Sharepoint 2010 Server
    - SBS 2008 ~ The e-mail alias already exists...
    - Public to Private IP - DNS Changes
    - Send Email from Winform application
    - How to create a .mdb file from ms sql server database.......
    programming4us programming4us