Designing a Federated Application Strategy

Applies To: Windows Server 2008

An important part of designing a new Active Directory Federation Services (AD FS) infrastructure is determining the full set of applications that will participate in the federation and which organizational partners will be the recipients of those application resources. Before you design a federated application strategy, consider the following questions:

  • Will your organization host the federated application or applications?

  • Will you be deploying a claims-aware application or a Windows NT token-based application?

  • Will users on the corporate network require access to the federated application through Windows Integrated authentication?

  • Are all of the AD FS-enabled Web servers that host federated applications running the Windows Server 2008 operating system and Internet Information Services (IIS) 7.0?

  • Who will the federated application provides resources for?

  • Will the federated application be used by users in your perimeter network? If so, will Windows Integrated authentication be required?

  • Will you use a public key infrastructure (PKI) or the Kerberos authentication protocol to sign and protect tokens?

Answering these questions will help you plan a solid design. It will also assist you in creating a federated application strategy that is cost effective and resource efficient. For more information about designing the most appropriate federated application strategy for your organization, see the following topics: