In our example deployment, “Kemp Demo” has deployed AD FS 2.0 in their environment to facilitate claims-based authentication for their Exchange 2010 infrastructure and allow for SSO capabilities across applications. The deployment contains the following:

  • Two AD FS 2.0 Servers
  • Two AD FS 2.0 Proxy Servers
  • Two Exchange 2010 Multi-Role Servers
  • A LoadMaster High Availability (HA) Cluster

A name space of owaADFS.Kempdemo.com is used for access to the Microsoft Exchange environment. A name space of myADFS.Kempdemo.com is used for access to the AD FS environment. Split DNS is implemented, which allows these name spaces to be used both internally and externally in the environment.

The following scenarios are defined:

  • Internal access to Outlook Web App (OWA) using the internal AD FS farm, both of which are being load-balanced by the LoadMaster
  • External access to OWA using the Proxy Farm and Internal Farm all three of which are being load-balanced by the LoadMaster

The following diagrams represent the respective environments: