❆ Fwd: ADFS SQL vs WID

  • 509 Views
  • Last Post 05 January 2016
Dima Razbornov posted this 22 December 2015


Hi, Jorge!
This change was made last week. Therefore the information of the five servers is still alive in the memory.
http://blog.msresource.net/2015/12/14/new-wid-support-limit-in-ad-fs/
I read about this before, and rejoiced as the author notes but did not attach special significance.
WBR, Dima.
0:06 +01:00 от Jorge De Almeida Pinto <jorgedealmeidapinto@xxxxxxxxxxxxxxxx>:

Hi, I have never heart about the 30 servers limit before with WID when having 100 rp trusts or less. I remember reading about limits like max 5 WID servers en max 100 trust (no trust type specification). I also thought these were hard limits due to use of WID, but they look more like recommended limits (not sure though). WID has a max DB size of 10GB, therefore I don’t think these are hard limits. Met vriendelijke groet / Kind regards,
Jorge de Almeida Pinto

E-Mail: JorgeDeAlmeidaPinto@xxxxxxxxxxxxxxxx
Tel.: +31-(0)6-26.26.62.80

(+++Sent from my mobile device +++)
(Apologies for any typos) 

show

Order By: Standard | Newest | Votes
florian posted this 22 December 2015

Howdie! I am mostly lurking on this DL, but this is a topic I’ve seen customers wonder about a lot. Tony already posted the changed supportability statement for WID (30 servers max, 100 RPs). I have a lot of customers who are deploying ADFS that wonder how far they can go with WID. Given some beefy hardware, you get pretty far, without perf impact. I’ve seen customers with 100 000+ seats that run Office 365 off of a WID farm. What I found customers complain about is that SQL often isn’t their Identity team’s core business. When you add multi-region to the mix, it gets more complicated. For troubleshooting, even if the SQL team supports the backend, there’s a friction to overcome and you might have to deal with different SLAs (Identity/SSO vs. Database). WID can help here in many cases. An error on one node does not affect the rest of them – and clever load balancing mitigates this. I am not saying WID’s the ultimate solution – especially if you rely on Token Replay Detection or Artifact resolution. But I recommend WID far more often than in ADFS 2.0 days – simply because supportability allows it now and it’s pretty robust; and less complex to maintain. And in case the requirements change significantly down the road, there’s a supported way of moving from WID -> SQL. Thanks,Florian 

show

blukudu posted this 05 January 2016

Hi all (and happy new year)
I really appreciate the responses from the list on this so far.
Does anyone have an answer to the specific questions I raised regarding SAML artefact resolution?
Alexei

show

Close