Install proxy server Windows

How To Install AD FS 2012 R2 For Office 365–Part 2 – 250 Hello

Windows 2012 R2 Add Roles And Features WizardNow we need to make the AD FS infrastructure available to the Internet in a secure fashion, so that Office 365 will be able to contact the AD FS proxy to authenticate user requests.

Planning And Prerequisites

Install And Configure AD FS Proxy OS

In this installation, the AD FS proxy server will be placed into the DMZ, and installed as a workgroup machine since the TailspinToys organisation does not possess a separate management forest in the DMZ. Ensure the machine is built as per your standard build process, is secured and all Microsoft updates are installed.

Installing Windows 2012 R2 Remote Access Role ServiceYou will want to install the to light up additional pieces of AD FS functionality, but we will save that for a later blog post. If you do want to take a peek at this now, the PFE Platform folks are rocking it over here – please subscribe to their RSS feed too!

Install And Verify Certificate

As discussed in part one, you will need a certificate from a trusted third party. Ensure that you check with the CA to ensure that you are able to install the certificate onto multiple servers as this is blocked in some license agreements. This is something that you must check directly with the CA.

Installing Windows 2012 R2 Remote Access Role ServiceIf you are allowed to install the certificate from the AD FS server, then this simplifies matters else you will require an additional certificate. The name must match the AD FS namespace that you selected through the AD FS design process.

Name resolution

Since the AD FS server will be in a network that may not have access to the internal DNS zone information, ensure that it is able to resolve the AD FS namespace to the internal AD FS infrastructure. A swift update to the local hosts file may suffice, just remember to add this to your build documentation.

External DNS Record

Create external DNS record for the AD FS proxy server. This A record will exist in the external DNS zone of you are using split DNS. In the TailspinToys enterprise (cough, cough this lab) the internal DNS zone is held on AD integrated DNS zones. The external zone is at a commercial ISP, so the external DNS record was created at the commercial ISP so it resolves to the external IP of the AD FS proxy infrastructure when I am at Starbucks.

As with the internal AD FS farm, there should be multiple WAP servers in the DMZ. They should be load balanced, and the DNS record should resolved to the VIP.

image_thumb23 Windows 2012 R2 Confirm Remote Access Role Service Configure 2012 R2 Web Application Proxy For ADFS Windows 2012 R2 ADFS Proxy Configuration - Beware Federation Service Name


Related posts:

  1. Caching proxy server Windows
  2. SIP proxy server Windows
  3. Local proxy server Windows
  4. Small proxy server Windows