檢查清單︰ 聯盟 Proxy 伺服器設定Checklist: Setting Up a Federation Server Proxy

適用於:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

檢查此清單包含部署工作備妥聯盟伺服器 proxy 中的角色 Active Directory 同盟服務 (AD FS) 執行 Windows Server® 2012 年的伺服器。This checklist includes the deployment tasks for preparing a server running Windows Server® 2012 for the federation server proxy role in Active Directory Federation Services (AD FS).

注意

完成此訂單中的檢查清單中的工作。Complete the tasks in this checklist in order. 當參考連結可讓您的程序時,返回本主題之後在您完成該程序中的步驟操作,以便您可以繼續檢查清單中的其餘的工作。When a reference link takes you to a procedure, return to this topic after you complete the steps in that procedure so that you can proceed with the remaining tasks in this checklist.

<span data-ttu-id="a7f38-107">聯盟的 proxy 伺服器設定](media/2b05dce3-938f-4168-9b8f-1f4398cbdb9b.gif)**檢查清單︰ 設定聯盟 proxy 伺服器**</span><span class="sxs-lookup"><span data-stu-id="a7f38-107">setting up a federated proxy serverChecklist: Setting Up a federation server proxy

工作Task 參考資料Reference
聯盟的 proxy 伺服器設定 部署您 AD FS 聯盟伺服器 proxy 您開始之前,請檢查 AD FS 部署拓撲類型及其相關聯的伺服器位置和網路配置建議。Before you begin deploying your AD FS federation server proxies, review the AD FS deployment topology types and their associated server placement and network layout recommendations. <span data-ttu-id="a7f38-112">聯盟的 proxy 伺服器設定判斷您 AD FS 部署拓撲](https://technet.microsoft.com/library/gg982491.aspx)setting up a federated proxy serverDetermine Your AD FS Deployment Topology

<span data-ttu-id="a7f38-113">聯盟的 proxy 伺服器設定規劃聯盟伺服器 Proxy 位置](https://technet.microsoft.com/library/dd807130.aspx)setting up a federated proxy serverPlanning Federation Server Proxy Placement

<span data-ttu-id="a7f38-114">聯盟的 proxy 伺服器設定放置聯盟 Proxy 伺服器](https://technet.microsoft.com/library/dd807048.aspx)setting up a federated proxy serverWhere to Place a Federation Server Proxy
聯盟的 proxy 伺服器設定 檢查 AD FS 容量規劃指導方針,以判斷正確的聯盟伺服器 proxy,您應該 production 環境中使用數。Review AD FS capacity planning guidance to determine the proper number of federation server proxies you should use in your production environment. <span data-ttu-id="a7f38-117">聯盟的 proxy 伺服器設定聯盟 Proxy 伺服器的容量的計劃](https://technet.microsoft.com/library/gg749898.aspx)setting up a federated proxy serverPlanning for Federation Server Proxy Capacity
聯盟的 proxy 伺服器設定 單一聯盟 proxy 伺服器或聯盟 proxy 伺服器陣列適合您的部署。Determine whether a single federation server proxy or a federation server proxy farm is better for your deployment. 注意:聯盟伺服器也執行聯盟 proxy 伺服器的責任。Note: Federation servers also perform federation server proxy responsibilities. <span data-ttu-id="a7f38-121">聯盟的 proxy 伺服器設定建立聯盟 Proxy 伺服器的時機](https://technet.microsoft.com/library/dd807032.aspx)setting up a federated proxy serverWhen to Create a Federation Server Proxy

<span data-ttu-id="a7f38-122">聯盟的 proxy 伺服器設定當建立聯盟 Proxy 伺服器陣列](https://technet.microsoft.com/library/dd807082.aspx)setting up a federated proxy serverWhen to Create a Federation Server Proxy Farm
聯盟的 proxy 伺服器設定 判斷是否要建立這個新的聯盟伺服器 proxy account 合作夥伴公司或組織資源合作夥伴周邊網路中。Determine whether this new federation server proxy will be created in the perimeter network of the account partner organization or the resource partner organization. <span data-ttu-id="a7f38-125">聯盟的 proxy 伺服器設定檢視聯盟伺服器 Proxy Account 合作夥伴中的角色](https://technet.microsoft.com/library/dd807109.aspx)setting up a federated proxy serverReview the Role of the Federation Server Proxy in the Account Partner

<span data-ttu-id="a7f38-126">聯盟的 proxy 伺服器設定檢視聯盟伺服器 Proxy 資源夥伴中的角色](https://technet.microsoft.com/en-us/library/dd807052.aspx)setting up a federated proxy serverReview the Role of the Federation Server Proxy in the Resource Partner
聯盟的 proxy 伺服器設定 您的電腦將會變成聯盟 proxy 伺服器上安裝 AD FS 之前,請了解取得伺服器驗證憑證的名稱,聯盟伺服器 proxy 陣列 — 新增或共用發電廠中的所有伺服器的憑證。Before you install AD FS on a computer that will become a federation server proxy, read about the importance of obtaining a server authentication certificate—for federation server proxy farms—adding or sharing certificates across all the servers in a farm. <span data-ttu-id="a7f38-129">聯盟的 proxy 伺服器設定聯盟的 Proxy 伺服器的憑證需求](https://technet.microsoft.com/library/dd807054.aspx)setting up a federated proxy serverCertificate Requirements for Federation Server Proxies
聯盟的 proxy 伺服器設定 檢查 AD FS 設計節目表中了解如何更新周邊網路中的網域名稱系統 (DNS) 發生成功的名稱解析為聯盟伺服器和聯盟的 proxy 伺服器的資訊。Review information in the AD FS Design Guide about how to update Domain Name System (DNS) in the perimeter network so that successful name resolution for federation servers and federation server proxies can occur. <span data-ttu-id="a7f38-132">聯盟的 proxy 伺服器設定聯盟的 Proxy 伺服器的名稱解析需求](https://technet.microsoft.com/library/dd807055.aspx)setting up a federated proxy serverName Resolution Requirements for Federation Server Proxies
聯盟的 proxy 伺服器設定 判斷聯盟 proxy 伺服器是否必須加入網域。Determine whether the federation server proxy must be joined to a domain. 雖然不需要聯盟伺服器 proxy 加入網域,有更容易管理的遠端管理和群組原則的功能時的加入網域。Although federation server proxies do not have to be joined to a domain, they are easier to manage with remote administration and Group Policy features when they are joined to a domain. <span data-ttu-id="a7f38-136">聯盟的 proxy 伺服器設定加入網域的電腦](Join-a-Computer-to-a-Domain.md)setting up a federated proxy serverJoin a Computer to a Domain
聯盟的 proxy 伺服器設定 根據您周邊網路的 DNS 基礎結構的設定方式完成主題中的程序的其中一個上直接前您在組織中部署聯盟 proxy 伺服器。Depending on how the DNS infrastructure in your perimeter network is configured, complete one of the procedures in the topics on the right before you deploy a federation server proxy in your organization. 注意:未執行兩個程序。Note: Do not perform both procedures. 朗讀聯盟的 Proxy 伺服器的名稱解析需求若要判斷的程序最適合您的組織的需求。Read Name Resolution Requirements for Federation Server Proxies to determine which procedure best suits the requirements of your organization. <span data-ttu-id="a7f38-141">聯盟的 proxy 伺服器設定設定為聯盟伺服器 Proxy 做周邊網路 DNS 區域中的名稱解析](Configure-Name-Resolution-for-a-Federation-Server-Proxy-in-a-DNS-Zone-That-Serves-Only-the-Perimeter-Network.md)setting up a federated proxy serverConfigure Name Resolution for a Federation Server Proxy in a DNS Zone That Serves Only the Perimeter Network

<span data-ttu-id="a7f38-142">聯盟的 proxy 伺服器設定的 DNS 區域,提供同時周邊網路和網際網路戶端聯盟伺服器 Proxy 設定名稱解析](Configure-Name-Resolution-for-a-Federation-Server-Proxy-in-a-DNS-Zone-That-Serves-Both-the-Perimeter-Network-and-Internet-Clients.md)setting up a federated proxy serverConfigure Name Resolution for a Federation Server Proxy in a DNS Zone That Serves Both the Perimeter Network and Internet Clients
聯盟的 proxy 伺服器設定 取得伺服器驗證憑證之後,您必須在網際網路資訊服務 (IIS) 預設聯盟 proxy 伺服器的網站上安裝它。After you obtain a server authentication certificate, you must install it in Internet Information Services (IIS) on the default Web site of the federation server proxy. <span data-ttu-id="a7f38-145">聯盟的 proxy 伺服器設定匯入伺服器驗證憑證的預設網站](Import-a-Server-Authentication-Certificate-to-the-Default-Web-Site.md)setting up a federated proxy serverImport a Server Authentication Certificate to the Default Web Site
聯盟的 proxy 伺服器設定 取得伺服器驗證憑證的憑證授權單位另一種 (Optional) (CA),您可以使用 IIS 您聯盟伺服器 proxy 取得範例憑證。(Optional) As an alternative to obtaining a server authentication certificate from a certification authority (CA), you can use IIS to acquire a sample certificate for your federation server proxy.

因為 IIS 產生 self\ 簽署憑證並非來自受信任的來源,請使用它來只能在下列案例中建立 self\ 簽署的憑證:Because IIS generates a self-signed certificate that does not originate from a trusted source, use it to create a self-signed certificate only in the following scenarios:

-當您有建立有限、已知群組中的使用者與您的伺服器安全通訊端層 (SSL) 通道- When you have to create a Secure Sockets Layer (SSL) channel between your server and a limited, known group of users
-當您有 third\ 廠商憑證問題進行疑難排解注意:並不安全的最佳做法部署聯盟伺服器 proxy production 環境中使用 self\ 簽章,伺服器驗證憑證。- When you have to troubleshoot third-party certificate problems Caution: It is not a security best practice to deploy a federation server proxy in a production environment using a self-signed, server authentication certificate.
<span data-ttu-id="a7f38-151">聯盟的 proxy 伺服器設定IIS:建立 Self-Signed 伺服器的憑證](http://go.microsoft.com/fwlink/?LinkID=108271)setting up a federated proxy serverIIS: Create a Self-Signed Server Certificate
聯盟的 proxy 伺服器設定 將會變成聯盟 proxy 伺服器的電腦上安裝同盟服務 Proxy 角色服務。Install the Federation Service Proxy role service on the computer that will become the federation server proxy. <span data-ttu-id="a7f38-154">聯盟的 proxy 伺服器設定安裝同盟服務 Proxy 角色服務](Install-the-Federation-Service-Proxy-Role-Service.md)setting up a federated proxy serverInstall the Federation Service Proxy Role Service
聯盟的 proxy 伺服器設定 AD FS 軟體的電腦上設定,請使用 AD FSFederation Proxy 伺服器設定精靈做在聯盟 proxy 伺服器的角色。Configure the AD FS software on the computer to act in the federation server proxy role by using the AD FSFederation Server Proxy Configuration Wizard. <span data-ttu-id="a7f38-157">聯盟的 proxy 伺服器設定聯盟伺服器 Proxy 角色設定電腦](Configure-a-Computer-for-the-Federation-Server-Proxy-Role.md)setting up a federated proxy serverConfigure a Computer for the Federation Server Proxy Role
聯盟的 proxy 伺服器設定 使用事件檢視器,請確認聯盟 proxy 伺服器開始。Using Event Viewer, verify that the federation server proxy service has started. <span data-ttu-id="a7f38-160">聯盟的 proxy 伺服器設定確認聯盟伺服器 Proxy 是操作](Verify-That-a-Federation-Server-Proxy-Is-Operational.md)setting up a federated proxy serverVerify That a Federation Server Proxy Is Operational