Active Directory Federation Services - Capac

How to use it: Supply information in the cells in bold below about peak traffic, geo redundancy, proxy and data needs. Th
DB technology to choose

Peak Traffic Information

Parameter Value

Number of processors for your AD FS Servers 8

Total Users Authenticating with ADFS 70,000
Approximate % Peak users login to ADFS applications 70%
Peak login timespan (in minutes) 10

Geo Redundancy Information

Parameter Value
Number of data centers in your organization 1
Maximum data centers you will tolerate to be offline 0

Peak % of traffic to be absorbed by a single data center 100%

Additional servers per data center 1

ADFS Proxy Information

Parameter Value
Additional proxy servers per data center 1

Total Recommended Servers

Total Recommended Federation Servers 3
Total Recommended Federation Servers per Datacenter 3

Total Recommended AD FS Proxy Servers 3

Total Recommended AD FS Proxy Servers Per Datacenter 3

Capacity summary You can support 70% of all users loggin

losing 1

Database Information
Parameter Value
Number of on-premises app with direct ADFS trust relationship 99
Do you plan to have a federation trust with Azure AD/O365? 1
SAML Artifact Resolution 0

Is AD FS a federated provider and using Token Replay Detection 0

Recommendation of DB Technology WID

tion Services - Capacity Planning Worksheet
ancy, proxy and data needs. Then, this worksheet will give you a notion of how many AD FS Servers, AD FS proxies, and

Notes

How many processors per physical or virtual server? This can be based on your procurement requirements.
Based on the # of processors, this spreadsheet will adjust the number of servers you would need
How many users do you have that will require ADFS?
What is the peak number of simultenous users that you expect to login to ADFS?
How long do you expect the peak traffic to last?

Explanation
How many data centers do you plan to deploy ADFS into?
How many data centers should be prepared to absorb all the traffic

The calculated distribution across datacenters is 100% when 0 out of 1 datacenters are offline. Consider
planning with a higher percentage of traffic to account for un-even load distribution. Values smaller than
100% will be ignored and the calculated value will be used
Increment this value if you want to account for a potential situation where ADFS servers within a data center
are offline (maintenance, upgrade, etc.). Microsoft recommends at least one.

Notes
Increment this value if you want to account for a potential situation where ADFS Proxy servers within a data
center are offline (maintenance, upgrade, etc.). Microsoft recommends at least one.

Total number of ADFS servers required across both data centers.

Total number of ADFS servers required per datacenter.

Total number of ADFS Proxy servers required across both data centers.
Total number of ADFS Proxy servers required per datacenter.

upport 70% of all users logging in at once during a 10 minute period when 0 out of 1 data centers are down, even when
losing 1 federation server and 1 proxy servers in each data center

Explanation
How many federated apps would you deploy on premises?
Do you expect to be federated with Azure AD or O365? This number should only be 0 or 1.
Rarely used. If you require SAML artifact resolution, then this requires SQL

Not needed for Azure AD or office 365. It is rarely used and AD FS needs to be in Federation Provider role. If
you require SAML artifact resolution, then this requires SQL

A WID farm has a limit of 30 federation servers and up to 100 RP trusts.

Parameter Value
Maximum capacity per core 7.5
Recommended maximum login/sec in single AD FS server in using enterprise hardware 60
Calculated % of traffic distribution across data centers 100.00%
Maximum logins / second in the busiest data center 81.67
Calculated Minimum servers needed in a single data center per traffic 2
Total Federation Servers per data center 3
Total Federation Servers needed to absorb the traffic 2
Proxy to AD FS Server Ratio 1

Total proxies per ratio 2

Total Proxy servers per data center 3
Federation Trust with Azure AD/O365 1
Total RP trusts 100
Less than or equal than 100 RPs 1
Less than or equal to 30 Servers 1
Description
Theoretical maximum is 12.5 request per second per core, at 60% for production
Per AD FS PG lab testing, a 8 core machine can do up to 100 logins / second to max out the CPU. Adjusting for production usag
This is the calculated % of traffic per data center when minimal amount of data centers are online
Expected peak of traffic on the data center with most traffic
This is the minimum # of servers to take the peak traffic, assuming even distribution of NLB
This is the calculated amount of servers to absorbe the peak of traffic plus the provision for extra servers
From previous worksheet
This is the number of proxy servers per federation server. The guidance from PG is a 1:1 ratio

Per AD FS PG lab testing, a 8 core machine can do up to 100 logins / second to max out the CPU. Adjusting for production usag
This is the calculated amount of servers to absorbe the peak of traffic plus the provision for extra servers