ADConnect SSO over Network Load Balance Cluster



Similar documents
Network Load Balancing

Configuring Network Load Balancing with Cerberus FTP Server

LOAD BALANCING 2X APPLICATIONSERVER XG SECURE CLIENT GATEWAYS THROUGH MICROSOFT NETWORK LOAD BALANCING

This How To guide will take you through configuring Network Load Balancing and deploying MOSS 2007 in SharePoint Farm.

Flexible Identity Federation

Configuring Windows Server Clusters

CONFIGURING MNLB FOR LOAD BALANCING EXCHANGE 2013 CU2 CAS SERVERS FOR HIGH AVAILABILITY

Deploying Windows Streaming Media Servers NLB Cluster and metasan

How to Configure an Initial Installation of the VMware ESXi Hypervisor

Enable SSL for Apollo 2015

Configuring a SQL Server Reporting Services scale-out deployment to run on a Network Load Balancing cluster

Building a Scale-Out SQL Server 2008 Reporting Services Farm

F-Secure Messaging Security Gateway. Deployment Guide

Configuration of a Load-Balanced and Fail-Over Merak Cluster using Windows Server 2003 Network Load Balancing

Installing and Setting up Microsoft DNS Server

istorage Server: High-Availability iscsi SAN for Windows Server 2008 & Hyper-V Clustering

ACP ThinManager Tech Notes ThinManager and PXE Boot

NETWORK LOAD BALANCING and FAILOVER CLUSTERING IN WINDOWS SERVER 2008 R2. Techhelpgo.wordpress.com

64-Bit Compatibility with Micromeritics Applications

HRG Performance Series DVR DDNS Support Application Note (hrgddns)

CommandCenter Secure Gateway

Introduction. Versions Used Windows Server 2003

Implementing Moodle on a Windows High Availability Environment

How to Scale out SharePoint Server 2007 from a single server farm to a 3 server farm with Microsoft Network Load Balancing on the Web servers.

Improving Application Performance, Scalability, and Availability using Microsoft Windows Server 2008 and NLB with Sanbolic Melio FS and SAN Storage

Configuring Advanced Windows Server 2012 Services 5 Days

Wireless G Broadband quick install

Configuring Advanced Windows Server 2012 Services MOC 20412

Microsoft OCS with IPC-R: SIP (M)TLS Trunking. directpacket Product Supplement

NSi Mobile Installation Guide. Version 6.2

Deploying Microsoft Clusters in Parallels Virtuozzo-Based Systems

Installation of MicroSoft Active Directory

Microsoft Windows 2003 DNS Server for Wireless LAN Controller (WLC) Discovery Configuration Example

Configure AlwaysOn Failover Cluster Instances (SQL Server) using InfoSphere Data Replication Change Data Capture (CDC) on Windows Server 2012

Deploying System Center 2012 R2 Configuration Manager

RSA Authentication Manager 8.1 Virtual Appliance Getting Started

Active Directory Management. Agent Deployment Guide

Install MS SQL Server 2012 Express Edition

SevOne NMS Download Installation and Implementation Guide

Installation Guide for Windows May 2016

ISA 2006 Array Step by step configuration guide

istorage Server: High Availability iscsi SAN for Windows Server 2012 Cluster

SATO Network Interface Card Configuration Instructions

Owner of the content within this article is Written by Marc Grote

How to install Small Business Server 2003 in an existing Active

Configuring Advanced Windows Server 2012 Services

c360 Portal Installation Guide

Installing and Using the vnios Trial

Using HP Systems Insight Manager to achieve high availability for Microsoft Team Foundation Server

Deploying Remote Desktop Connection Broker with High Availability Step-by-Step Guide

MS Configuring Advanced Windows Server 2012 Services

Clustering ExtremeZ-IP 4.1

AD RMS Windows Server 2008 to Windows Server 2008 R2 Migration and Upgrade Guide... 2 About this guide... 2

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

Trial environment setup. Exchange Server Archiver - 3.0

0651 Installing PointCentral 8.0 For the First Time

StarWind iscsi SAN & NAS: Configuring HA Storage for Hyper-V October 2012

Fundamentals of Windows Server 2008 Network and Applications Infrastructure

Configuring MDaemon for High Availability

Classroom Management network FAQ and troubleshooting

Jeff Schertz MVP, MCITP, MCTS, MCP, MCSE

Installing the Microsoft Network Driver Interface

Desktop Surveillance Help

StarWind iscsi SAN & NAS: Configuring HA File Server on Windows Server 2012 for SMB NAS January 2013

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

High Availability Configuration

VMware for Bosch VMS. en Software Manual

Cloud Services ADM. Agent Deployment Guide

Deploying Remote Desktop IP Virtualization Step-by-Step Guide

MailMarshal SMTP in a Load Balanced Array of Servers Technical White Paper September 29, 2003

Quick Start Guide. User Manual. 1 March 2012

FLIR M-Series and NavNet TZtouch

Load Balancing Exchange 2007 Client Access Servers using Windows Network Load- Balancing Technology

Magaya Software Installation Guide

INSTALLATION INSTRUCTIONS FOR UKSSOGATEWAY

AvePoint Meetings for SharePoint On-Premises. Installation and Configuration Guide

The Windows Server 2003 Environment. Introduction. Computer Roles. Introduction to Administering Accounts and Resources. Lab 2

Migrating from Microsoft ISA Server 2004/2006 to Forefront Threat Management Gateway (TMG) 2010

Quick Start Guide For Ipswitch Failover v9.0

HRG Performance Series DVR DDNS Support Application Note (DynDNS)

Active Directory Infrastructure Design Document

Snapt Redundancy Manual

Changing Passwords in Cisco Unity 8.x

Load Balancing Exchange 2007 SP1 Hub Transport Servers using Windows Network Load Balancing Technology

Immotec Systems, Inc. SQL Server 2005 Installation Document

SafeWord Domain Login Agent Step-by-Step Guide

Prestige 623R-T. Quick Start Guide. ADSL Dual-link Router. Version 3.40

Course Outline. Course 20412B: Configuring Advanced Windows Server 2012 Services. Duration: 5 Days

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014

Step by step guide for installing highly available System Centre 2012 Virtual Machine Manager Management server:

StarWind iscsi SAN & NAS: Configuring HA Shared Storage for Scale- Out File Servers in Windows Server 2012 January 2013

IPRO Viewer. Installation

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

Verify LDAP over SSL/TLS (LDAPS) and CA Certificate Using Ldp.exe

Upgrade Guide BES12. Version 12.1

Palomar College Dial-up Remote Access

Transcription:

ADConnect SSO over Network Load Balance Cluster This article outlines the steps required to configure ADConnect SSO over Network Load Balance Cluster. Example settings and installation/configuration steps in this article use Network Load Balancing, a clustering technology included in the Microsoft Windows Server 2008 operating systems. If you are using a different network load balancing solution, please consult with your vendor s documentation to replicate the steps covered in this document. Contents 1 Configuring NLB Cluster for ADConnect SSO high avaliability 2 Notes 3 Links 1.1 Pre- requisites & example settings 1.2 Installation 1.3 Configuration 1.4 Using ADConnect SSO with cluster 1. Configuring NLB Cluster for ADConnect SSO high availability 1.1 Pre- requisites & example settings Example is given for minimal possible NLB cluster configuration 1xAD + 2xIIS instances. 1. Active Directory running on dedicated windows box (Windows 2008R2) 1. static IP: 192.168.1.1 2. hostname: ad.acme.com 3. servicing domain: acme.com 2. First IIS server 1. joined to acme.com 2. 2 NIC interfaces (one for domain communication, another for NLB communication)

1. dhcp of static IP: 192.168.1.129 (for domain) 2. static IP: 172.16.194.6 (for NLB) 3. hostname: iis1.acme.com 3. Second IIS server 1. joined to acme.com 2. 2 NIC interfaces (one for domain communication, another for NLB communication) 1. dhcp of static IP: 192.168.1.130 (for domain) 2. static IP: 172.16.194.7 (for NLB) 3. hostname: iis2.acme.com 1.2 Installation 1. Install ADConnect on iis1.acme.com and ii2.acme.com 2. Disable ADConnect Provisioner Service on one of the instances: 1. Start - > Administrative Tools - > Services - > ADConnect Provisioner Service - > Stop, Startup Type - > Disabled

3. Export signing certificate with private key from master node (iis1.acme.com) 1. Open MMC application: Start - > Run... - > mmc - > OK 2. Add Certificates snap- in for Local Computer account: File - > Add/Remove Snap- in... - > Choose Certificates - > Add - > Choose Computer Account

- > Next - > Choose Local Computer - > Finish - > OK

3. Navigate to Certificates (Local Computer) - > Personal - > Certificates - > locate signing cert (it matches full domain name of computer) - > Right click - > All tasks - > Export... è Next - > Choose Yes, export the private key - > Next - > Next - > type password for certificate file - > Next - > choose filename - > Next - > Finish 4. Import signing certificates to other nodes (iis2.acme.com) 1. Open MMC Application - > Add Certificates snap- in for Local Computer account - > Navigate to Personal/Certificates - > Right click - > All Tasks - > Import... - > Select certificate file - > Enter password - > Finalize wizard 2. Repeat same procedure for Trusted People/Certificates 5. Grant IIS process access to signing keys on child nodes (iis2.acme.com) 1. Open MMC Application - > Add Certificates snap- in for Local Computer account - > Navigate to Personal/Certificates - > Right click - > All Tasks - > Manage private private keys... - > Add - > type IIS_IUSRS - > OK - > OK

6. Update Web.config file to use new signing certificate 1. Open c:\program Files (x86)\ping Identity\ADConnect\SSO\Web.config 2. change value for saml.signing.cert to match new signing certificate 7. Install Network Load Balancing feature on both IIS nodes: iis1.acme.com and iis2.acme.com 1. Server Manager - > Features - > Add Features - > Network Load Balancing

1.3 Configuration 1. Open Network Load Balancing Manager: Start - > Administrative Tools - > Network Load Balancing Manager 2. Create new cluster: 1. Cluster - > New 2. Enter first IIS box NLB IP in the Host field: 172.16.194.6, click Connect 3. Select NLB NIC from the list: 172.16.194.6, click Next

4. Assign unique host id (1), click Next

5. Press Add to create virtual Cluster IP (or IPs), it should be in the same subnet with NLB hosts, enter: 172.16.194.100, specify appropriate network mask, click Next when done

6. Select virtual Cluster IP: 172.16.194.100, provide optional internet name 7. Set cluster operation mode to Multicast (also see Notes section below), click Next

8. Finalize wizard by setting port rules if needed (or skip) 9. Wait until first cluster node enter Converged state

10. Right click on Cluster node - > Add Host to Cluster 11. Enter second IIS box NLB IP in the Host field: 172.16.194.7, click Connect 12. Select NLB NIC from the list: 172.16.194.7, click Next 13. Assign unique host id (2), click Next 14. Finalize wizard by setting port rules if needed (or skip) 15. Wait until all cluster nodes enter Converged state

1.4 Using ADConnect SSO with cluster 1. Use virtual cluster IP to access ADConnect SSO application: https://172.16.194.100/adconnect/startsso.aspx (don't use individual IIS boxes ip addresses) 2. Now it's possible to turn off and on IIS boxes configured as part of cluster with automatic failover to alive nodes. Also additional IIS nodes can be transparently added to cluster if needed. 2. Notes 1. Microsoft recommends using Unicast cluster operation mode, which is compatible with all routers/switches/network devices. But VMWare recommends using Multicast if configuring NLB cluster on virtualized hardware. 3. Links 2. NLB ips must be static, NLB does not support DHCP protocol 1. MSDN: http://technet.microsoft.com/en- us/library/cc770558.aspx 2. VMWare: http://kb.vmware.com/selfservice/microsites/search.do?cmd=displaykc&doctype=kc&ex ternalid=1006778&sliceid=1&doctypeid=dt_kb_1_1&dialogid=256272877&stateid=1%2 00%20256278596

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information