ADFS deployment types
In this blog we will talk about ADFS deployment types. We will discuss standalone ADFS deployment using WID, we will talk about ADFS farm federation service using WID and we will discuss ADFS farm federation service using SQL.
In previous blogs of ADFS series we discussed what is ADFS and what is federation trust in ADFS.
Table of Contents
Watch video
Join us on our YouTube channel and watch how to set up ADFS labs and what are the ADFS deployment types.
ADFS deployment types
Let’s talk about different types of ADFS deployment methods.
Standalone Federation Service using WID (Windows Internal Database)
When we talk about standalone federation server, there is only one ADFS server within your environment. You cannot add another ADFS server in your environment if you choose standalone federation server deployment option.
Let’s say you had a small organization and that time you installed ADFS using standalone federation Service option. But now your organization is expanding day-by-day and you might need to add another ADFS server in your environment. But with Standalone Federation Server, this is not possible. If you have selected Standalone Federation Server, you cannot add more ADFS servers in your farm. And if this ADFS server goes down, you do not have a backup. That is why, this type of deployment was dis-continued in Windows Server 2012 R2.
Standalone Federation Server deployment method is available in Windows Server 2008 and 2008 R2 (ADFS 2.0), and Windows Server 2012, 2012 R2.
Farm Federation Service using WID (Windows Internal Database)
Next type of deployment is Farm Federation Service using Windows Internal Database (WID). Farm is basically, it is a boundary in which you have deployed multiple ADFS servers. This type of deployment is supported from Windows Server 2008 and it is still being supported.
When we install ADFS server role, we can choose if we want to install ADFS with default method or we want to install it using SQL instance. If we select Default method, Windows Internal Database gets installed with ADFS server. This database is called ADFS Configuration Database.
ADFS use this database to store the configuration related data. For example, If you create a relying party trust or you make any changes within the ADFS server, all this configuration will be stored in this database.
The first ADFS server that you install within your farm is called Primary ADFS Server. And the database that is installed for the primary ADFS Server, holds the read and write copy of the database.
If you add another ADFS server within your farm, that ADFS server will be named as Secondary ADFS Server. And this server will hold a read only copy of the database.
In this type of deployment if you want to make any changes, you will have to login to the primary ADFS server. Because only Primary ADFS server holds a read and write copy of the database. So all the changes will be done only in Primary ADFS Server and these changes will be replicated to all secondary ADFS Servers.
The secondary ADFS servers connect to the primary ADFS server every 5 minutes to replicate the copy of the ADFS configuration database. Every 5 minutes secondary ADFS servers connect with primary ADFS Server and they query for the recent changes those are done in the primary ADFS server.
This is the default value and you can either modify it or you can force immediate synchronization using Set-AdfsSyncProperties PowerShell command.
In Farm Federation Service with WID, if Primary ADFS Server goes down, you can promote secondary ADFS Server as Primary.
Pros and cons of Farm Federation Service using WID
This type of deployment has some advantages and disadvantages.
| Pros | Cons |
| Farm Federation Service with WID is easy to deploy. | This type of deployment supports only 5 ADFS servers. We cannot install more than 5 ADFS servers within the farm. |
| We can install multiple ADFS servers within the farm. | In this type of deployment we can create only 100 relying party trusts within the ADFS server. If we create more than 100 relying party trusts it will not accept it. |
| We can deploy Load Balancing Servers within the ADFS servers to equally distribute the traffic. And if one ADFS server goes down we can make other server as primary. | In Farm Federation Service using WID, any changes that we need to do, we need to do it on Primary ADFS server. We cannot make any changes on the secondary ADFS server because these servers hold a read only copy of the database. |
| This type of deployment is easy to expand. That means we can add more servers to our farm. |
Farm Federation Service using SQL
The 3rd type of deployment for ADFS is Farm Federation Service using SQL. This type of deployment is also supported in all versions of Windows Server operating systems.
In this type of deployment, every ADFS server within the farm is called primary ADFS server. And every ADFS server uses the same database that holds a Read and Write copy of ADFS database. That means, if you want to make any changes within the ADFS configuration, you can login to any ADFS server within the farm and you can make the changes. And those changes will be replicated to all the ADFS servers.
So in Farm Federation Service using SQL, there is no concept of secondary ADFS server. All ADFS servers will act as Primary ADFS servers and if you want to make any changes in ADFS configuration you can login to any ADFS server and can make those changes.
Pros and cons of Farm Federation with SQL
| Pros | Cons |
| This type of deployment supports multiple ADFS servers. | This type of deployment is more complex to maintain. You can add multiple ADFS servers in your farm, but when it comes to maintain them or troubleshoot them, it can be a complex task. |
| In this type of deployment, fault tolerance is possible. If one ADFS server goes down, other ADFS server within the farm will take over. | Every ADFS server is dependent on a single SQL server. So if SQL server goes down, every ADFS server will be affected. |
| This type of deployment is easily scalable. | |
| In this type of deployment, changes can be made on any ADFS server because all ADFS servers hold Read and Write copy of the database. |
So basis on your business requirement you can decide if you want to install ADFS using Windows Internal Database (default installation) or you want to install it using SQL Server. But the recommended deployment is Farm Federation with Windows Internal Database (WID).
Conclusion
In this blog we learnt what are ADFS deployment types, we learn what is standalone federation service using WID, what is farm federation service using WID, and what is farm federation service using SQL.
Found this article helpful and informative? Please share it within your community and join our Newsletter for early access to the blogs and updates.
Related articles
We welcome you to browse our other articles on ADFS (Active Directory Federation Services):
What is ADFS
What is federation trust in ADFS
Happy Learning!!