Hello,
We have offices around the world and we would like to setup ADFS infrastructure in each of our 3 regions (AMER, EMEA, APAC), we basically want to be able to continue using ADFS even if one of our datacenters goes offline. Can anyone tell me how this can be accomplished? I've looked through all the documentation and deployment designs for ADFS but there is nothing on how to setup a geo-redundant ADFS environment.
From my understanding thus far, this is what I'm thinking:
1 Proxy ADFS server in each regional datacenter DMZ
2 ADFS servers in the AMER datacenter, 2 in the EMEA datacenter and 1 in the APAC datacenter all joined to the same ADFS farm (max seems to be 5 to use WIP instead of SQL to simplify this a bit)
I will need an external DNS provider to provide us with the geo DNS resolution of the DNS name so that users outside the network are directed to their closest Proxy ADFS server.
We will need to use something similar (geo DNS resolution) with our internal DNS so that users inside the network are directed to their closest ADFS server (to avoid going over the transatlantic pipes to speed up authentication requests) when using the ADFS DNS name.
Is this it? Am I missing something else? Any pointers? Anyone here has tried to do this? What do you use for the internal geo DNS resolution?
Thanks...