M. C s a window. Several 2012 Exam for 12.
Configure an advance Windows Server 2012 Service's modulate
in modulate. We're gonna talk about implementing administering a D. F. S.
is the overview of a D. F s. What's idiot fest? Was the GFs useful? Why use a d f s?
We're gonna talk about topics like there
That's in two ago. Look at deploying a d. F. S.
Then the lab is implementing a d. F s. Are we
gonna implement? Are we gonna enable that feature and server manager?
All right, let's do one
overview of a D. F. S.
In this lesson, we're gonna look at Ward is Identity Federation.
What is I dated? Federation
or enables you to provide
Authentication are cross organization and proper form boundaries.
You can implement a data federation within a single organization
so users can access different
where perhaps our between organization have difference,
or they have established trust relationship between the two come to organization
to know, to establish a daily federation partnership,
both partners must agree to create a federal federal trust relationship.
The federal trust relationship is based on ongoing business relationship.
On this enables the organization to implement business processes
that identified in business relationship. For example, if you have two organizations are doing collaboration
UK, unlike active directory domain trust,
inferred, really trust the federal its servers in two organization. They don't have to communicate directly with each other.
All the communication can be don't true SSL
or https. That means, you know, after open multiple firewall, just
one port the 4th 4 43
for example, a spot of Federated Trusts each partner would define. While resource is assessable to the other organization outside its boundaries, for example, let's say Microsoft and they're doing a collaboration because of Microsoft new hardware called Surface.
Now Microsoft allow people from Dell to access some few servers at Microsoft Organization so they can access some data without, you know, I've been to log on the game without having to look create an account for them in Microsoft forests. So Frederick trust work like that Michael so would define what
resource is accessible
Then let's look at what our claims identity
claim based identity
provides information about uses
information that's provided by user identity Proof provider is acceptable by the application provider for I give you an example off Microsoft and Dell.
uses need to access Microsoft servers from Dale.
Okay, the identity we have to be provided by Dell. Microsoft as the application provider, must accept those identity so those users can access. Resource in Microsoft on Microsoft Service Selective Service Off course.
Now let's look at what is a d. F s
idea fesses Microsoft Implementation of Identity Federation Solution
that uses claim based authentication.
For example, Idea Fest provides a mechanism to implement boot identity
provider and a dentist service for about a competent components.
For example, A D Effects provides the following features Enterprise claim provider
Okay. Enterprising provider for claim based applications.
You can configure your A. D. F. S serve as a claim provider,
which means that he can issue claims about indicate a user.
the organization to provide this uses with access to claim away application in another organization
by using using Single sign on
are the feature is the federation service provider
for data federation are cross domain.
This service office Federal Web single sign on our cross domains,
thereby enhancing security, are reducing overhead for information technology administrators.
what resources can be. It's made available
to your uses. When they go to a partner all partner organization,
we have something such as, well, well, we have single sign on.
Like I said, most organization very deploy Active directory Doorman service is is allow their users to log on.
Once you log on to the domain,
you specify your user name your passport if everything is correct to be given access
just to that domain on Lee
all to it. And I demand that you have trust you
photo out of forest as as a trust. But in this instance, there's no demand trust between you and the other organization. There's no forest, Ross. So what you do now,
if you want this authentication, this security talking that was granted to them when they sign are using the user name and password wanted to carry over to another organization. So you are going across your forest boundary
going above your for his boundary. So a. D. F s. We extend its security talking that you normally use with the organization
toe with to the Internet or to Internet face in applications.
That's what you call Wheat Web single sign on.
So a T. F s gives you that,
Eddie, if it also gives you,
um, Web service is in top ability.
For example, to a T. F s. You can use an application such a sequel, server or any type of application like that in the partner organization that's outside your domain
It's also can integrate with dynamic access control.
You know, when you deploy D A. C, you can configure use and device claims.
Active directory. DeMent's to make control already issue so ADF s. We allow those user on device claims I used that you use with the organization to carry over to another organization.
You can also use windows partial command line interface command lates for administering A. D. F. S.
For example, in December 2012 provides several new con command lates that you can use to install on configure ADF, a server role