Time
5 hours 18 minutes
Difficulty
Intermediate
CEU/CPE
20

Video Transcription

00:04
M. C s a window. Several 2012 Exam for 12.
00:08
Configure an advance Windows Server 2012 Service's modulate
00:13
in modulate. We're gonna talk about implementing administering a D. F. S.
00:20
Lesson one
00:21
is the overview of a D. F s. What's idiot fest? Was the GFs useful? Why use a d f s?
00:27
We're gonna talk about topics like there
00:30
That's in two ago. Look at deploying a d. F. S.
00:34
Then the lab is implementing a d. F s. Are we
00:38
gonna implement? Are we gonna enable that feature and server manager?
00:43
All right, let's do one
00:46
overview of a D. F. S.
00:49
In this lesson, we're gonna look at Ward is Identity Federation.
00:56
What is I dated? Federation
00:59
identified relation
01:02
allow you to
01:04
or enables you to provide
01:08
identification
01:11
authorization.
01:12
Authentication are cross organization and proper form boundaries.
01:19
You can implement a data federation within a single organization
01:25
so users can access different
01:27
where perhaps our between organization have difference,
01:34
trust relationships
01:37
or they have established trust relationship between the two come to organization
01:42
to know, to establish a daily federation partnership,
01:47
both partners must agree to create a federal federal trust relationship.
01:53
The federal trust relationship is based on ongoing business relationship.
01:59
On this enables the organization to implement business processes
02:04
that identified in business relationship. For example, if you have two organizations are doing collaboration
02:10
UK, unlike active directory domain trust,
02:15
inferred, really trust the federal its servers in two organization. They don't have to communicate directly with each other.
02:23
All the communication can be don't true SSL
02:29
or https. That means, you know, after open multiple firewall, just
02:34
one port the 4th 4 43
02:38
for example, a spot of Federated Trusts each partner would define. While resource is assessable to the other organization outside its boundaries, for example, let's say Microsoft and they're doing a collaboration because of Microsoft new hardware called Surface.
02:58
Now Microsoft allow people from Dell to access some few servers at Microsoft Organization so they can access some data without, you know, I've been to log on the game without having to look create an account for them in Microsoft forests. So Frederick trust work like that Michael so would define what
03:16
resource is accessible
03:17
bye uses from Dale.
03:23
Then let's look at what our claims identity
03:27
claim. A date
03:29
claim based identity
03:31
provides information about uses
03:37
information that's provided by user identity Proof provider is acceptable by the application provider for I give you an example off Microsoft and Dell.
03:47
Okay,
03:49
if ah
03:51
uses need to access Microsoft servers from Dale.
03:55
Okay, the identity we have to be provided by Dell. Microsoft as the application provider, must accept those identity so those users can access. Resource in Microsoft on Microsoft Service Selective Service Off course.
04:14
Now let's look at what is a d. F s
04:19
idea fesses Microsoft Implementation of Identity Federation Solution
04:25
that uses claim based authentication.
04:30
For example, Idea Fest provides a mechanism to implement boot identity
04:34
provider and a dentist service for about a competent components.
04:40
For example, A D Effects provides the following features Enterprise claim provider
04:46
Okay. Enterprising provider for claim based applications.
04:51
You can configure your A. D. F. S serve as a claim provider,
04:57
which means that he can issue claims about indicate a user.
05:02
So this and now
05:04
the organization to provide this uses with access to claim away application in another organization
05:13
by using using Single sign on
05:18
are the feature is the federation service provider
05:23
for data federation are cross domain.
05:27
This service office Federal Web single sign on our cross domains,
05:32
thereby enhancing security, are reducing overhead for information technology administrators.
05:40
So that way,
05:42
um,
05:43
you specify
05:46
what resources can be. It's made available
05:49
to your uses. When they go to a partner all partner organization,
05:57
we have something such as, well, well, we have single sign on.
06:00
Like I said, most organization very deploy Active directory Doorman service is is allow their users to log on.
06:09
Once you log on to the domain,
06:11
you specify your user name your passport if everything is correct to be given access
06:15
just to that domain on Lee
06:16
all to it. And I demand that you have trust you
06:20
photo out of forest as as a trust. But in this instance, there's no demand trust between you and the other organization. There's no forest, Ross. So what you do now,
06:31
if you want this authentication, this security talking that was granted to them when they sign are using the user name and password wanted to carry over to another organization. So you are going across your forest boundary
06:46
going above your for his boundary. So a. D. F s. We extend its security talking that you normally use with the organization
06:55
toe with to the Internet or to Internet face in applications.
07:01
That's what you call Wheat Web single sign on.
07:05
So a T. F s gives you that,
07:09
Eddie, if it also gives you,
07:12
um, Web service is in top ability.
07:15
For example, to a T. F s. You can use an application such a sequel, server or any type of application like that in the partner organization that's outside your domain
07:29
O forest trust.
07:34
It's also can integrate with dynamic access control.
07:40
You know, when you deploy D A. C, you can configure use and device claims.
07:46
Active directory. DeMent's to make control already issue so ADF s. We allow those user on device claims I used that you use with the organization to carry over to another organization.
08:03
You can also use windows partial command line interface command lates for administering A. D. F. S.
08:11
For example, in December 2012 provides several new con command lates that you can use to install on configure ADF, a server role

Up Next

Microsoft Certified Solutions Associate (MCSA) Certification

Our self-paced online Microsoft Certified Solutions Associate (MCSA) certification training course will teach you all you need to know for the certification exam: how to configure file and print services, how to deploy, manage and maintain Microsoft servers, among other relevant topics.

Instructed By

Instructor Profile Image
Michael Boberg
CEO of Broadline Enterprises, LLC
Instructor