Select Stand-Alone or Farm Deployment

  • Article

Applies To: Active Directory Federation Services (AD FS) 2.0, Windows Server 2012

You can configure Active Directory Federation Services (AD FS) 2.0 as either a stand-alone server or as part of a server farm. Stand-alone configuration is preferred if you want to evaluate the product or deploy it in a small production environment. If you want to have high availability and load-balancing, you should select the server farm configuration option. In server farm deployment, some features are not available when AD FS 2.0 uses the default database engine (Windows Internal Database) to store configuration settings. To have access to the full feature set when you configure your server farm, use Microsoft SQL Server for the database instead.

When you configure AD FS 2.0 with this wizard, some default settings are selected automatically. These settings include the Windows Internal Database for storing AD FS 2.0 configuration settings and self-issuing certificates for signing and token decryption. To override the configuration default settings and to control individual settings (for example, to specify that the configuration database uses SQL Server), run the command-line tool. For more information, see the procedure in the table below.

Item Detail

New federation server farm

Select this option to configure a new AD FS 2.0 farm. This option allows you to later add additional federation servers to the farm that you create now by selecting this option.

When you select this option, Windows Internal Database is used to store configuration settings. As a result, the Security Assertion Markup Language (SAML) artifact resolution feature and token replay detection features are not available in this deployment type. If you want access to full set of AD FS 2.0 features, run this wizard in command-line mode and select SQL Server as the preferred configuration database. For more information, use the following procedure.

To select SQL Server for the configuration database

  1. If it is open, close and exit this wizard.

  2. At a command prompt, change to the directory where AD FS 2.0 is installed (typically, %programfiles%\Active Directory Federation Services 2.0) and type fsconfig.exe /help to view the detailed options for selecting SQL Server.

Stand-alone federation server

Select this option to configure a new stand-alone instance of AD FS 2.0. Use this option if you only need to install and deploy a single AD FS 2.0 server for either evaluation purposes or a small production environment. If you select this option, you will not be able to upgrade to a server farm configuration later.

Using the Windows Internal Database to support AD FS 2.0 deployment

When you use the Windows Internal Database option, the following capacity planning limitations are advised for your AD FS 2.0 deployment:

  • No more than five federation servers should be added to a federation server farm deployment. If you need more federation servers to support higher performance in farm deployment, use SQL Server instead.

  • No more than 100 trust relationships of the same type (either claims provider trusts or relying party trusts) can be supported. For example, you can have up to 100 claims provider trusts and 100 relying party trusts with a Windows Internal Database deployment, but to exceed this number for either category of trusts, use SQL Server instead.

For more information on feature differences between Windows Internal Database and SQL Server in AD FS 2.0, see The Role of the AD FS Configuration Database (https://go.microsoft.com/fwlink/?LinkID=181111).