建立聯盟 Proxy 伺服器陣列的時機When to Create a Federation Server Proxy Farm

適用於:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

請考慮安裝其他聯盟伺服器 proxy 當您有大量的 Active Directory 同盟服務 (AD FS) 部署,而您想要提供您 proxy 部署容錯、 load\ 平衡和擴充性。Consider installing additional federation server proxies when you have a large Active Directory Federation Services (AD FS) deployment and you want to provide fault tolerance, load-balancing, and scalability for your proxy deployment. 在相同的周邊網路 proxy 伺服器建立兩個或更多聯盟和設定的每個保護相同 AD FS 同盟服務的動作,會建立聯盟 proxy 伺服器陣列。The act of creating two or more federation server proxies in the same perimeter network and configuring each of them to protect the same AD FS Federation Service creates a federation server proxy farm.

您可以建立聯盟 proxy 伺服器陣列或使用 AD FS 聯盟伺服器 Proxy 設定精靈現有發電廠安裝其他聯盟的 proxy 伺服器。You can create a federation server proxy farm or install additional federation server proxies to an existing farm by using the AD FS Federation Server Proxy Configuration Wizard. 如需詳細資訊,請查看當建立聯盟 Proxy 伺服器For more information, see When to Create a Federation Server Proxy.

聯盟伺服器 proxy 一起為陣列後才能正確運作,您必須先叢集他們在一個 IP 位址和一個網域名稱系統 (DNS) 完整的網域名稱 (FQDN)。Before all the federation server proxies can function together as a farm, you must first cluster them under one IP address and one Domain Name System (DNS) fully qualified domain name (FQDN). 您可以藉由部署周邊網路中的 Microsoft 網路負載平衡 (NLB) 叢集伺服器。You can cluster the servers by deploying Microsoft Network Load Balancing (NLB) inside the perimeter network. 下表中的工作需要 NLB 叢集發電廠聯盟 proxy 伺服器設定正確。The tasks in the following table require NLB to be configured appropriately to cluster the federation server proxies in the farm.

如需有關如何設定 FQDN 叢集使用 Microsoft NLB 技術的詳細資訊,請查看指定叢集參數For more information about how to configure an FQDN for a cluster using Microsoft NLB technology, see Specifying the Cluster Parameters.

設定聯盟伺服器 proxy 伺服器陣列Configuring federation server proxies for a farm

下表描述,因此每個聯盟伺服器 proxy 可以參與發電廠必須完成的工作。The following table describes the tasks that must be completed so that each federation server proxy can participate in a farm.

工作Task 描述Description
指向陣列中的所有 proxy 同名 AD FS 同盟服務Point all proxies in the farm to the same AD FS Federation Service name 當您建立聯盟 proxy 伺服器時,您必須輸入 AD FS 聯盟伺服器 Proxy 設定精靈同盟服務名稱相同的所有聯盟伺服器 proxy 發電廠參與。When you create the federation server proxies, you must type the same Federation Service name in the AD FS Federation Server Proxy Configuration Wizard for all the federation server proxies that will participate in the farm. 聯盟 proxy 伺服器使用,以判斷哪一個 AD FS 同盟服務執行個體此 DNS 主機名稱連絡人的 URL。The federation server proxy uses the URL that makes up this DNS host name to determine which AD FS Federation Service instance it contacts.

如需詳細資訊,請查看設定電腦聯盟 Proxy 角色For more information, see Configure a Computer for the Federation Server Proxy Role.
取得並分享憑證Obtain and share certificates 您可以取得伺服器驗證憑證的公用憑證授權單位 \ (CA),例如 VeriSign-然後設定憑證,讓所有聯盟伺服器 proxy 都分享的每個聯盟伺服器 proxy 的相同金鑰的私密部分預設的網站上相同的憑證。You can obtain a server authentication certificate from a public certification authority (CA)—for example, VeriSign—and then configure the certificate so that all federation server proxies share the same private key portion of the same certificate on the default Web site for each federation server proxy. 若要分享的憑證,您必須安裝預設的網站上相同的伺服器驗證憑證的每個聯盟伺服器 proxy。To share the certificate, you must install the same server authentication certificate on the default Web site for each federation server proxy. 如需詳細資訊,請查看匯入伺服器驗證憑證的預設網站For more information, see Import a Server Authentication Certificate to the Default Web Site.

如需詳細資訊,請查看聯盟的 Proxy 伺服器的憑證需求For more information, see Certificate Requirements for Federation Server Proxies.

如新增新的聯盟伺服器 proxy 建立聯盟 proxy 伺服器陣列的相關詳細資訊,請查看檢查清單︰ 設定好聯盟伺服器 ProxyFor more information about adding new federation server proxies to create a federation server proxy farm, see Checklist: Setting Up a Federation Server Proxy.

也了See Also

Windows Server 2012 中的 AD FS 設計指南AD FS Design Guide in Windows Server 2012