HighAvilabilty(主站点和DR站点)ADFS和代理服务器与office 365 [英] HighAvilabilty (Primary site and DR Site) ADFS and Proxy server with office 365
问题描述
亲爱的所有人,
是否可以使用Office 365配置辅助adfs和代理服务器以实现高可用性
当前直接同步,ADFS和ADFS代理服务。我打算为HA添加一个ADFS和代理。请告知。
是。
你可以使用Azure流量管理器轻松且经济高效地实现此目的。
将域控制器放置在辅助站点中。为其子网定义Active Directory站点。将第二个AD FS服务器加入与第一个相同的Active Directory域,并将新的AD FS服务器放在与第一个AD FS
服务器相同的AD FS服务器场中。在AD FS数据库中使用WID时,请确保AD FS服务器之间可以使用TCP80。将另一条A记录添加到AD FS场名称的内部DNS区域。 Active Directory站点感知将确保来自内部网络的人希望
使用AD FS服务器场定向到正确的AD FS服务器。
配置Web应用程序代理用于AD FS场的辅助站点。允许其Windows防火墙允许来自Internet的TCP80进行探测。
将两个Web应用程序代理的外部IP地址配置为Azure Traffic Manager中的端点。使用首选路由方法和探测/ adfs / probe配置Traffic Manager配置文件。在外部DNS区域中,将AD
FS场名称配置为Azure Traffic Manager配置文件的CNAME。
我已经记录了如何更详细地设置它< a href ="https://dirteam.com/sander/2018/01/25/configuring-geo-redundancy-ad-fs-premises-azure-traffic-manager/">
here 。
Dear All,
Is it possible to configure secondary adfs and proxy server with office 365 for High Availability
Currently Direct Sync, ADFS and ADFS Proxy serves. I'm planning to add one more ADFS and proxy for HA. please advice.
Yes.
You can easily and cost-effectively achieve this, using Azure Traffic Manager.
Place a Domain Controller in the secondary site. Define an Active Directory site for its subnet(s). Join the second AD FS server to the same Active Directory domain as the first one and place the new AD FS server in the same AD FS farm as the first AD FS server. When using WID for the AD FS database, make sure TCP80 is available between the AD FS servers. Add another A record to internal DNS zone for the AD FS farm name. Active Directory site awareness will make sure people from the internal network wanting to use the AD FS farm are directed to the right AD FS server.
Configure the Web Application Proxy for the secondary site for the AD FS farm. Allow its Windows Firewall to allow TCP80 from the Internet for probing purposes.
Configure the external IP addresses of the two Web Application Proxies as endpoints in Azure Traffic Manager. Configure the Traffic Manager profile with your preferred routing method and probing of /adfs/probe. In the external DNS zone, configure the AD FS farm name as a CNAME for the Azure Traffic Manager profile.
I've documented how to set this up in more detail here.
这篇关于HighAvilabilty(主站点和DR站点)ADFS和代理服务器与office 365的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
