Updated 11/2014 after some new feature releases in Azure VM space:
While recently working on some ADFS deployments on Azure, I learned a lot of stuff. Thought of sharing my learnings with all, some of it documented already, some not documented clearly.
Possible Deployments of ADFS on Azure:
2. Hybrid setup with ADFS servers, ADFS proxies and DCs distributed across on premise and Azure site, with either Azure setup as primary or DR.
3. ADFS proxies on Azure pointing to load balanced ADFS servers on-premises through the site-to-site VPN.
ADFS specific recommendations (Mainly for deployment option 1, i.e. full ADFS setup in Azure)
Guidelines for Deploying Windows Server Active Directory on Windows Azure Virtual Machines
Office 365 Adapter: Deploying Office 365 Single Sign-On using Windows Azure
Hope this helps,
This information is invaluable. Thank you for sharing.
Great article, thanks for sharing
Thank you for sharing your experiences. Very interesting and good information.
Great info. Thank you for sharing. Should you put 5 VMs in the Azure platform to go full ADFS, ADFS Proxy and single DC in IaaS, what are your estimates or is there a way to calculate expected egress bandwidth when planning out the pricing of the solution?
This is an awesome "2 minute round-up before you roll up your sleeves" article. Thank you for the article.
Great stuff - thanks
awesome stuff, thank you
Instead of using WID, could you use Azure SQL Database?
We have some questions about the difference between Option 1 and Option 3:
You are stating now in option 1:
ADFS servers behind LB VIP, ADFS proxies pointing to LB VIP of ADFS servers
How does it differ with Option 3?
We would expect/design a load balanced ADFS Proxy and load balanced ADFS, both with VIP's... Can you elaborate more about the DIP's?
My preferred design would thus be
EXTERNAL USER --> LB VIP ADFSPROXIES -> ADFS Proxies (2x) -> LB VIP ADFS -> ADFS (2x)
Any feedback would be greatly appreciated.