Load Balance the AD FS Servers in Windows Azure for Office365 Single Sign-On

Azure has two methods of load balancing services out of the box. Depending on your needs and the security requirements of your company will help decide the method that you will use. I have detailed both methods in two blog posts below. Be sure to reference the Microsoft link for the details on both and decide what method is best for your company.

 

 

Method 1 – Azure Internal Load Balancing (ILB)

 

 

Azure Internal Load Balancing (ILB) provides load balancing between virtual machines that reside inside of a cloud service or a virtual network with a regional scope

 

Configure the AD FS Servers in an Internal Load-Balanced Set in Windows Azure for Office365 Single Sign-On

 

With this method you have one network with different address spaces for the internal (10.0.0.0) and DMZ (172.16.0.0) networks. This method works, because Azure allows routing between the different address spaces on the same network.

 

 

Method 2 – Azure Load Balanced Set

 

 

Azure load balanced set is layer 4 load balancing across the virtual machines of a cloud service

 

Configure the AD FS Servers with Azure Load Balanced Set in Windows Azure for Office365 Single Sign-On

 

With this method, you have two physical networks in Azure. With this method, we rely on end points and hosts files for routing between the networks. This is the more secure way of implementing the solution since we will control access with ACLs between the networks.

 

 

My BLOG Series

Deploying a Highly Available AD FS 3.0 Solution in Windows Azure for Single Sign-on with Office365

  1. Setting up the Primary AD FS 3.0 Server in Windows Azure for Office365 Single Sign-On
  2. Setting up the Secondary AD FS 3.0 Server in Windows Azure for Office365 Single Sign-On
    1. Configure the AD FS Servers in an Internal Load-Balanced Set in Windows Azure for Office365 Single Sign-On
    2. Configure the AD FS Servers with Azure Load Balanced Set in Windows Azure for Office365 Single Sign-On
  3. Securing the AD FS 3.0 servers and Configuring Azure ACLs for WAP Communications
  4. Setting up the First Web Application Proxy Servers (AD FS Proxy) in Windows Azure for Office365 Single Sign-On
  5. Setting up the Second Web Application Proxy Server (AD FS Proxy) in Windows Azure for Office365 Single Sign-On
  6. Configure Endpoints and Test the Web Application Proxy Servers (Load-Balanced Set in Windows Azure) for Office365 Single Sign-On

Thanks for visiting and reading my posts. I am always looking for more ideas. Please comment or email me with what you would like to see.

Kelsey Epps Office365 MVP

Technical Consultant

Concepps Group

Email Me Follow me on Twitter Connect with me on LinkedIN

One thought on “Load Balance the AD FS Servers in Windows Azure for Office365 Single Sign-On

  1. cameron

    With Method 2, how to do you get an internal load balanced IP for internal users to get to the adfs servers?

    Reply

Leave a Reply