Time
5 hours 18 minutes
Difficulty
Intermediate
CEU/CPE
20

Video Transcription

00:04
listen to is deploying a T. F s
00:07
this lesson. We're gonna look at a T. F s components
00:11
80 fsp requisites
00:13
p k i A certificate requirements
00:16
If the effects components
00:19
member A T. F. S is his story as it serve a role in December 2012.
00:25
However,
00:27
there are many different components you need to install on configure an A. T. F s deployment is something with a d a m s a D r M s. If you remember, the less the last our module,
00:38
even though we had to, we had to Army stolen the server road. There's a lot of components that goes into it without its components in place. Idiot Fest or eight year are a mess. We know work properly,
00:51
Mr Car Components For a D A face, we have a federation server.
00:56
The Federation survey is a very important component because it issues
01:00
monitors on violated requests involving identity claims.
01:07
All your implementation off a. D. F. S require at least one federation service
01:12
for each participating forest, so each participating forests require
01:19
a D. F s
01:19
federation server,
01:23
tradition, service service proxy or Web application proxy.
01:29
This is an option Our component.
01:32
This is what you probably have. Your DMC. A perimeter network.
01:38
This is audition. I lay off security
01:46
The traditional layout Security went Web service proxy. Also call Web application proxy.
01:52
It's on a dish. Optional components.
01:56
Ah, yes, this you probably having your DMC zone.
02:00
It does not add any functionality to a T. F s deployment,
02:04
but the only thing I wanted um,
02:07
functionally gives us it's, ah, a layer of security for connection. It's what if people users are connecting through the Internet.
02:16
That way they can interact with the Web proxy. Ah, Web application proxy
02:22
flame
02:24
Clemens I like components
02:27
it claim is a statement it trusted entity makes about an object such as a user
02:34
the crime could include. He used his name, job title or any other factor that might be used to Ford and authentication reasons
02:45
With Windows 7 2012 The object can also be a device
02:50
used in a D. C. Deployment
02:54
claim rules.
02:57
Clem rules determine our federation server process claims.
03:04
For example, claim room might stay that an email address is accepted as a valid claim
03:10
or a group name from one organization is France inter application specific role
03:19
This rules usually a process in real time
03:27
ock tribute stall
03:29
You saw that component
03:30
A T F s use attributes stall to look up Claim values
03:40
Claim provider
03:44
Klim provider is the server that issues claims on authenticate user
03:50
He claims provider is one side of the ADF s authentication authorization process
03:58
He claims provider manage user authentication
04:00
then use that claimed that the user presents
04:04
then issues a claim that use the presents
04:08
to a relying party
04:12
relying parties Another component
04:15
Lion party is a party where the ug application is located
04:19
and it is the other side of a d. F s authentication authorization process.
04:26
You're lying Parties, A Web service that consumes claims from the claim provider
04:35
claims provider Trust
04:38
claim provider Trust configures data that defines rules under which it client might
04:45
request claim form a claim provider.
04:47
I'm subsequently so midem to rely on party.
04:54
For example, The trust consists of various identify as such as, ah, name's groups on various rules
05:08
we lying party trust
05:12
Ryan Party troughs defines the claiming for mission about use our client
05:15
that idea face were pastor to relying party.
05:21
The school also have different
05:24
identify such as names, groups on various rules
05:28
certificates.
05:30
ADF s uses digital certificates when comes when communicating over SSL or a spot of a token issue in process
05:40
a spot of it talking, receiving process about it and also meta data publishing process.
05:46
So a T. F s use digital certificate when when communication over SSL
05:51
or our spot of a token issues process our spot of took in receiving process On our spot of the made up
05:59
data publishing process
06:02
you get those certificates
06:05
are also used for talking signing
06:13
another component said points and points are windows communication foundation mechanism.
06:19
They enable access to a T. F s technologies,
06:23
including talking insurance on metadata publishing.
06:29
You're A d. F s comes with built in and points
06:34
ADF s prerequisite
06:38
prerequisite for a d. F s very important because without the prerequisite, you cannot install it successfully.
06:46
You know, before you deploy the affairs, you must assure that you you have internal network
06:51
asked his basic prerequisites
06:56
for example,
06:59
for connect well, connectivity following connectivity is required,
07:04
the client computer must be able to communicate with a web application
07:12
must be the resource federation server
07:15
on the website of a proxy on the account
07:19
federation's server are federation server proxy By using a T. T. P. S.
07:26
What? *** what I mean by that is your client's machines such as Windows seven, Windows eight or whatever must be able to communicate with the Web application
07:35
was called Miss K with the Resource Application server.
07:40
The federation serve a proxy
07:43
on the account federation server or federation. Serve a proxy by using a T. T. P s. By using secure connection,
07:51
the Federation server proxy must be able to communicate with the Federation server
07:57
in the same organization by using a t. T. P s,
08:03
the Federation server and eternal client computer must be able to communicate with the main control of Forrester authentication.
08:13
What that means is, um,
08:16
active director Demand service must also become figured.
08:20
You're active. Directory service must become figured.
08:24
Your federation service must be joined to the domain.
08:31
Your federation service proxy doesn't have to be joined to domain.
08:35
What else do you need?
08:39
You almost have to C p I p network connectivity.
08:43
You must act active directory. Damen service is
08:46
you must have an attribute store.
08:50
Come Figured
08:52
You must have the NS,
08:56
you must have compatible or prettiest systems such as Windows Server 2003
09:03
in December 2008. 27 2012
09:07
for example. If you're using Windows 7 2012 release to Ah yes, it's not required.
09:13
Well, prior to Windows Server 2012 Released. Two I s is required.
09:18
Now if you also using Windows Server 2000 and 12 Release, too.
09:22
No a d. F s stand alone server option. Young Miss. You can all use 80 if it's general options.
09:30
All right, let's look up Ikea and certificate requirements
09:35
with some A D. F s.
09:39
Um, septic, A used by idea Fair's includes service communication certificates.
09:46
For example, Idiot fester cures all communication using SSL, which require certificates
09:52
our computer that comic it with a D. F s most trusted certificate as useful service communication.
10:03
Um, before the computers, there's connecting to your A d F s I domain joint. Well, you could use auto enrollment to get certificates. If not,
10:13
if there's other partner organization, consider using tor party certification authorities such as very sign
10:20
you also talking. Signing certificate
10:24
took in Sinus certificates used to sign every token that the Federation server issues
10:30
this certificate is critical to all. ADF s deployment
10:35
because it took his signature indicates weeks
10:39
tradition server issue as the token.
10:43
They're talking to krypton certificates.
10:46
So he took into KRYPTON. So I used to encrypt the entire user. Took it before it's transmitted across the network from claim provider Federation Server
10:58
Tow The Relying Party Federation server. So took and decrypted says it could I use to encrypt the entire user token before it's transmitted across the network
11:11
from the claim provider.
11:13
Federation. Servitude Relying Party Federation server
11:18
Choosing a C A. Watts Here. Will I use Should I use a commission, CIA or internal CIA depends.
11:26
You know it. GFS Federation server. Can you self signed certificates from your internal C A R privacy? A. But when you're doing a collaboration with other organization humans better,
11:39
um, that you use it commercial. See a such as very sign

Up Next

Microsoft Certified Solutions Associate (MCSA) Certification

Our self-paced online Microsoft Certified Solutions Associate (MCSA) certification training course will teach you all you need to know for the certification exam: how to configure file and print services, how to deploy, manage and maintain Microsoft servers, among other relevant topics.

Instructed By

Instructor Profile Image
Michael Boberg
CEO of Broadline Enterprises, LLC
Instructor