Your network contains an Active Directory domain named contoso.com.
You plan to deploy an Active Directory Federation Services (AD FS) farm that will contain eight
federation servers.
You need to identify which technology or technologies must be deployed on the network before you
install the federation servers.
Which technology or technologies should you identify? (Each correct answer presents part of the
solution. Choose all that apply.)
A.
Network Load Balancing (NLB)
B.
Microsoft Forefront Identity Manager (FIM) 2010
C.
The Windows Internal Database feature
D.
Microsoft SQL Server 2012
E.
The Windows Identity Foundation 3.5 feature
Explanation:
Best practices for deploying a federation server farm
We recommend the following best practices for deploying a federation server in a production
environment:
* (A) Use NLB or some other form of clustering to allocate a single IP address for many federation
server computers.
* (D) If the AD FS configuration database will be stored in a SQL database, avoid editing the SQL
database from multiple federation servers at the same time.
* If you will be deploying multiple federation servers at the same time or you know that you will be
adding more servers to the farm over time, consider creating a server image of an existing
federation server in the farm and then installing from that image when you need to create additional
federation servers quickly.
* Reserve a static IP address for each federation server in the farm and, depending on your Domain
Name System (DNS) configuration, insert an exclusion for each IP address in Dynamic Host
Configuration Protocol (DHCP). Microsoft NLB technology requires that each server that participates
in the NLB cluster be assigned a static IP address.
When to Create a Federation Server Farm
I’d say A and C:
The default topology for Active Directory Federation Services (AD FS) is a federation server farm, using the Windows Internal Database (WID). In this topology, AD FS uses WID as the store for the AD FS configuration database for all federation servers that are joined to that farm. The farm replicates and maintains the Federation Service data in the configuration database across each server in the farm.AD FS in Windows Server 2012 R2 enables organizations with 100 or fewer relying party trusts to configure federation server farms using WID with up to 30 servers. For organizations with more than 100 relying party trusts, the limit is 5 servers in a WID farm.
Nope just A. You do not need to deploy SQL as mentioned. WID is no feature and will be installed alongside installing the ADFS Feature.
Am I missing something ?
If WID support only 5 ADFS servers and you have 8, WID cannot be used and you need SQL.
wid supports up to five dedicaed servers
A and C are correct I think. WID supports up to 30 federation servers and 100 relying party trusts. It is not said in the question how many relying party trusts there are, so you can assume it is less than 100. You need SQL when you have more than 100 relying party trusts. This is not explicitly told in the question so I go for A and C.
https://technet.microsoft.com/en-us/library/dn554247.aspx
https://technet.microsoft.com/en-us/library/dn486775.aspx
I doubt if we have to count the option C, because WID is a feature you have to set in the AD CS configuration wizard when you configure the federation server, see point 6 in https://technet.microsoft.com/en-us/library/dn486807.aspx
So WID is not a technology as they ask in the question but a feature. You do not have to deploy something extra for WID, so I think just A as answer is right as Jeff said.
I think Microsoft wants us to choose between WID and SQL. That’s why they use the general term ‘technologies’. So I’d go for A and C.
A WID farm has a limit of five federation servers. For more information, see AD FS 2.0 Deployment Topology Considerations.
A-D