Windows Server 中的 AD FS 設計指南AD FS Design Guide in Windows Server


如需如何在 Windows Server 2012 R2 部署 AD FS 的詳細資訊,請參閱Windows Server 2012 R2 AD FS 部署指南For information about how to deploy AD FS in Windows Server 2012 R2 , see Windows Server 2012 R2 AD FS Deployment Guide.

您可以使用 Active Directory® Federation Services (AD FS) Windows Server® 2012年作業系統中的同盟服務提供者角色,才能順暢地驗證您的使用者之任何 web-為基礎的服務或位於資源夥伴組織,而不需要系統管理員建立或維護外部信任或樹系信任的網路的兩個組織,並不需要使用者登入第二個時間之間的應用程式。You can use Active Directory® Federation Services (AD FS) with the Windows Server® 2012 operating system in a federation services provider role to seamlessly authenticate your users to any Web-based services or applications that reside in a resource partner organization, without the need for administrators to create or maintain external trusts or forest trusts between the networks of both organizations and without the need for the users to log on a second time. 向一個網路存取其他網路中的資源時的程序 — 使用者重複登入動作的負擔,又稱為單一登-上(SSO)。The process of authenticating to one network while accessing resources in another network—without the burden of repeated logon actions by users—is known as single sign-on (SSO).

關於本指南About this guide

本指南提供建議,協助您規劃新部署的 AD FS 中,根據貴組織的需求(也稱為本指南中的部署目標)和您想要建立的特定設計。This guide provides recommendations to help you plan a new deployment of AD FS, based on the requirements of your organization (also referred to in this guide as deployment goals) and the particular design that you want to create. 本指南的使用對象為基礎結構專家或系統架構設計人員。This guide is intended for use by an infrastructure specialist or system architect. 它反白顯示您的主要決策點,當您在規劃 AD FS 部署。It highlights your main decision points as you plan your AD FS deployment. 在閱讀本指南之前,您應該充分了解 AD FS 功能等級上運作的方式。Before you read this guide, you should have a good understanding of how AD FS works on a functional level. 您也應該充分了解組織的需求,將會反映在您的 AD FS 設計。You should also have a good understanding of the organizational requirements that will be reflected in your AD FS design.

本指南說明一組的三個主要 AD FS 設計為基礎的部署目標,並協助您決定最適當的設計,為您的環境。This guide describes a set of deployment goals that are based on three primary AD FS designs, and it helps you decide the most appropriate design for your environment. 您可以使用這些的部署目標,來產生下列完整的 AD FS 設計或自訂的設計符合您環境的需求之一:You can use these deployment goals to form one of the following comprehensive AD FS designs or a custom design that meets the needs of your environment:

  • 同盟網頁 SSO,來支援商務-要-商務(B2B)案例以及支援含獨立樹系之業務單位之間的共同作業Federated Web SSO to support business-to-business (B2B) scenarios and to support collaboration between business units with independent forests

  • Web SSO,可支援企業中的客戶應用程式存取權-要-消費者(B2C)案例Web SSO to support customer access to applications in business-to-consumer (B2C) scenarios

針對每一個設計,您將發現適用於蒐集與您的環境有關之必要資料的指導方針。For each design, you will find guidelines for gathering the required data about your environment. 您接著可以使用這些指導方針來規劃和設計您的 AD FS 部署。You can then use these guidelines to plan and design your AD FS deployment. 在閱讀本指南並完成蒐集、 記錄及對應組織的需求之後,就會開始部署使用中的指導方針的 AD FS 所需的資訊Windows Server 2012 AD FS 部署指南.After you read this guide and finish gathering, documenting, and mapping your organization's requirements, you will have the information necessary to begin deploying AD FS using the guidance in the Windows Server 2012 AD FS Deployment Guide.

本指南內容In this guide