Monday, April 04, 2011

Microsoft Releases AD FS 2.0 Capacity Planning Spreadsheet - hillarity ensues...

OK, so it's been a while since I last blogged, various excuses are the reason...

But today I was tracking new downloads from Microsoft, we use their products a lot here at work and that can be both good and bad.

I'm involved in a project that will be using AD FS 2.0 and SharePoint 2010, so when I saw that MS had released a Capacity Planning Spreadsheet for AD FS 2.0, I ran off and downloaded it. Plugged in our numbers (we have about 450 staff and over 2000 Extranet users) and this is what I saw:
That's right, 0.01 AD FS servers are reccomended (actually, the first time I ran it, I got 0.00!).
Now, we're not a small firm by NZ standards, but we're certainly not an "Enterprise" by USA standards, either.

So why does it come up with such a small number.  Flip the sheet on the spreadsheet and you get MS's server sizes, as tested:
  1. Federation Server
    • Dual Quad Core 2.27GHz (8 cores)
    • 16GB RAM
    • Windows Server 2008 R2, Enterprise Edition
    • Gigabit Network
  2. Federation Proxy Server
    • Quad Core 2.24GHz (4 cores)
    • 4GB RAM
    • Windows Server 2008 R2, Enterprise Edition
    • Gigabit Network

Which they qualify with:
"Capacity recommendations for AD FS 2.0 servers can vary considerably, depending on the specifications you choose for the hardware and network configuration used in a given environment. As a point of reference, the sizing guidance provided in this content is based on a utilization target of 80% on the computers specified above.

** Memory and disk space requirements for federation servers are modest, and they are not likely to be a driving factor in hardware decisions. The estimates contained in the AD FS capacity planning sizing spreadsheet can be used to estimate the recommended number of federation servers with more moderate memory specifications, such as 4 GB."

Well thank goodness for that! My original calculations had their base-line hardware at 70,000 times more powerful than was necessary to support us!
Let it not be said that MS doesn't support/promote hardware vendors :)
All joking aside, a more useful (if somewhat more complex) calculator would have given variances in hardware (or VM) specs, to cater for those of us that don't run 40,000 users through ADFS against 6 Claims apps. Yes, that's what it takes to require ONE ADFS server....


Anonymous said...

So, what did you end up doing? Did you deploy a dedicated ADFS server or co-locate it with other services on a single server?

Craig Humphrey said...

As it happens, we didn't go with ADFS at the time, we used UAG instead.
Our reasoning being that:
a) UAG gave us a lot more security (application packet inspection, etc)
b) UAG supported more systems (CRM, etc)
c) The ADFS support in SharePoint was still a bit sketchy (federated support still is!)

Little did we know that UAG would later be dropped by Microsoft...

We've just recently introduced ADFS as part of our Office365 Enterprise Mobility Suite, so will likely push that into our SharePoint 2013 efforts...