I'm having a hard time finding some good articles on best practices for ADFS. We are looking to implement SSO for less than 200 users. We plan on setting up a federated server farm (2 servers) behind a hardware load balance. Is a ADFS proxy necessary if we put the federated server farm behind the hardware load balancer? I need the solution to be redundant however it would seem unnecessary for us to build out 4 servers (2 for ADFS, 2 for proxy).
ADFS 2.0 Best Practices
adfssingle-sign-on
Best Answer
Microsoft outlines counts of servers necessary as it relates to using ADFS to integrate with Office 365, Azure, and Intune. For Windows Server 2012-based ADFS deployments they call out a minimum of two (2) ADFS servers and two (2) proxies.
Of course, having redundant servers on-site is meaningless if your Internet connection, network infrastructure, and power isn't also redundant. If you're concerned about losing your entire ADFS infrastructure when your servers get carried away by a tornado / flood / rioters then you might consider deploying a redundant ADFS environment, including a Domain Controller, in an off-site hosting facility.