Scenario: Directory integration components on-premises

 

Applies to: Office 365

Summary: Describes an Office 365 deployment scenario in which directory integration components are deployed on-premises.

We're listening to your feedback and consolidating all our Office 365 deployment content. On July 1st, 2015, all information in this guide will be moved to https://support.office.com/, and these pages will be removed from TechNet. As you review the content still on TechNet, you'll notice many have links pointing to the new content already on https://support.office.com/.

To explore content available on https://support.office.com/, start with the Office 365 for business - Admin Help page.

Deploying Office 365 directory integration components on premises (without the use of Microsoft Azure) is the first deployment scenario. This scenario is covered in the Office 365 documentation. This scenario is presented here for you to compare it to the deployment scenarios that include Azure.

Office 365 directory integration components deployed on-premises

We recommend this scenario for customers who:

  • Want to deploy on-premises infrastructure components

  • Don’t want to introduce Azure Virtual Machines into their environment

The following figure shows the high-level architecture for this scenario.

Figure 2. High-level architecture of directory components deployed on-premises withoutAzure

Directory components deployed on-premises

In this topology, customers deploy and operate Office 365 directory integration components on-premises. The on-premises Active Directory Federation Services (AD FS) infrastructure is published to the Internet through Federation Services proxies on the customer’s perimeter network. This topology includes the Office 365 directory integration components as shown in the following table.

Component Quantity Location

Directory synchronization server

One

Customer corporate network

AD FS servers

Two or more

Customer corporate network

Federation Service proxy

Two or more

Customer perimeter network

We recommend at least two servers for all components that support redundancy as shown in the previous table. Your server capacity requirements may require additional virtual servers. For details, see AD FS capacity planning guidance.

Planning recommendations and deployment considerations for directory synchronization and single sign-on (SSO) are provided on TechNet:

An in-depth white paper is also available: Office 365 Single Sign-On with AD FS 2.0