1 00:00:06,440 --> 00:00:12,630 Before deploying your Federation servers, you must prepare the environment for the installation of 2 00:00:12,830 --> 00:00:13,450 defence. 3 00:00:14,150 --> 00:00:21,920 This might include preparing the configuration database and any required service accounts and certificates 4 00:00:22,730 --> 00:00:32,150 and prepare the DNS host records for access from inside, from inside and outside the corporate network. 5 00:00:33,380 --> 00:00:35,810 Then you have to prepare a SQL Server. 6 00:00:36,080 --> 00:00:44,750 If you plan to host the configuration database for the First Federation server form in SQL Server, 7 00:00:45,050 --> 00:00:52,790 you should deploy the sequel server instance prior to installing the first Federation server in Windows 8 00:00:52,790 --> 00:00:54,380 Server 2016. 9 00:00:54,710 --> 00:00:55,160 Hey there. 10 00:00:55,160 --> 00:01:04,010 First supports multiple options for the high availability of your federation server for that users sequel 11 00:01:04,010 --> 00:01:04,550 server. 12 00:01:05,000 --> 00:01:10,580 You should consider one of this options when preparing for the configuration database. 13 00:01:11,840 --> 00:01:14,900 Then you have to prepare server seconds. 14 00:01:15,650 --> 00:01:23,660 If possible, you should consider using a group managed service accounts or a GM asset for a defense 15 00:01:24,020 --> 00:01:25,220 during deployment. 16 00:01:25,460 --> 00:01:34,940 The first installation will automatically create and configuration GMAC if you have appropriate permissions 17 00:01:34,940 --> 00:01:36,620 to do this. 18 00:01:37,220 --> 00:01:44,780 Otherwise, you should create a GMAC in advance for the first for duration server deployment. 19 00:01:45,620 --> 00:01:55,400 If you are not able to use a GM asset, you should create a standard server second in a and it is prior 20 00:01:55,400 --> 00:02:03,230 to deploying the 81st Federation server and configure the password to never expire. 21 00:02:03,920 --> 00:02:10,310 This service account requires the following access rights on the First Federation server. 22 00:02:10,670 --> 00:02:16,550 It requires log on as a service and log on as a batch job. 23 00:02:17,570 --> 00:02:20,540 After that, you have to prepare so difficult. 24 00:02:21,020 --> 00:02:29,450 Although you can import the certificate during the first installation, you need to request the appropriate 25 00:02:29,450 --> 00:02:39,050 SSL certificate required for ADF files from a publicly trusted seal prior to deployment. 26 00:02:39,440 --> 00:02:46,430 When you are receiving the certificate from the SEAL, you install it in the personal certificate store 27 00:02:46,820 --> 00:02:49,130 on the ADF First Federation server. 28 00:02:49,940 --> 00:02:56,240 If you are deploying a Federation server, form the subject name or a certificate of common name or 29 00:02:56,270 --> 00:03:06,170 CRM on the SSL certificate must match the Federation Service name or a wildcard associated certificate 30 00:03:06,170 --> 00:03:06,500 name. 31 00:03:07,220 --> 00:03:13,690 This certificate should be installed in the personal certificate store on each of the Federation servers 32 00:03:13,700 --> 00:03:14,360 in the form. 33 00:03:16,000 --> 00:03:18,070 Then you have to prepare DNS. 34 00:03:18,730 --> 00:03:27,640 In addition, to add to this, DNS is one of the primary network services that was critical to the operation 35 00:03:27,640 --> 00:03:28,780 of HFS. 36 00:03:29,470 --> 00:03:37,810 With Dearness records, certs, users and other service providers can locate your full duration service 37 00:03:38,140 --> 00:03:42,040 over the Internet and on your corporate network. 38 00:03:42,730 --> 00:03:48,940 When you configure DNS to support the first, you should consider the following you should consider. 39 00:03:49,120 --> 00:03:56,770 If you are deploying a for duration server forum, you will need to create a during this course to record 40 00:03:56,770 --> 00:04:05,170 on your internal DNS servers or the cluster DNS name for your and be before duration server form. 41 00:04:06,580 --> 00:04:06,910 No. 42 00:04:07,090 --> 00:04:13,900 If you are deploying a standalone federation server, it will need to create a DNS host record on your 43 00:04:13,900 --> 00:04:20,050 internal DNS servers of the DNS name for your federation server. 44 00:04:20,950 --> 00:04:27,550 If you are deploying a Federation brooks array, you will need to greater than this host breaker on 45 00:04:27,550 --> 00:04:37,450 your perimeter DNS server solve the load balancer DNS name for your first proxies server or your web 46 00:04:37,450 --> 00:04:39,640 application proxies server array. 47 00:04:40,870 --> 00:04:47,680 If you're deploying a standalone federation of proxies server, you will need to create a host record 48 00:04:47,680 --> 00:04:49,240 on your perimeter. 49 00:04:49,480 --> 00:04:57,820 DNS servers over the DNS name for your first proxies server or your web application proxies server. 50 00:04:58,450 --> 00:05:04,840 And finally, if you are if you are not deploying a federation proxy, you will need to create a DNS 51 00:05:04,840 --> 00:05:13,040 host record on your barometer DNS servers over the cluster DNS name for your and a before duration server 52 00:05:13,040 --> 00:05:16,030 for or for duration server. 53 00:05:17,230 --> 00:05:22,570 Please know that you should not use your name records for the Federation Service name. 54 00:05:23,200 --> 00:05:30,550 I also wrote about installing and configuring India first in Windows Server 2016 eight. 55 00:05:30,700 --> 00:05:36,370 First 3.0 is installed from server manager as a role. 56 00:05:36,850 --> 00:05:45,040 The Server Manager Configuration Wizard performs validation checks and automatically installs all the 57 00:05:45,040 --> 00:05:47,650 services required by HFS. 58 00:05:48,710 --> 00:05:56,450 The first server rule includes Windows PowerShell command lets that you can use to perform a deployment 59 00:05:56,870 --> 00:06:07,040 based on Windows PowerShell of 81st server or some proxies to install the first overall use the server 60 00:06:07,040 --> 00:06:17,630 manager, add roles and features wizard and then select the 8/1 server role and the add rules and features 61 00:06:17,630 --> 00:06:26,420 Wizard automatically selects the Microsoft DOT net framework and any first management tools features. 62 00:06:26,840 --> 00:06:29,360 No other features are required. 63 00:06:30,250 --> 00:06:40,810 When you when the 8/1 rule installed the ad rules and features wizard provides you with the option of 64 00:06:41,050 --> 00:06:47,500 starting the 8/1 configuration wizard to configure the 81st server. 65 00:06:47,950 --> 00:06:56,500 The steps for the 81st configuration wizard vary depending on whether you are creating the first Federation 66 00:06:56,500 --> 00:07:04,690 server in a Federation server form or adding a federation server to a federation server for. 67 00:07:05,680 --> 00:07:14,470 You can also start the first configuration wizard from the tools menu in server manager or from the 68 00:07:14,470 --> 00:07:15,490 store script. 69 00:07:17,460 --> 00:07:25,590 As for creating the first Federation server in a Federation server farm to create the first Federation 70 00:07:25,590 --> 00:07:28,350 server in a Federation server form. 71 00:07:29,360 --> 00:07:33,000 You, you have to follow the following steps. 72 00:07:33,570 --> 00:07:37,200 There are seven steps which you have to follow the first one. 73 00:07:37,980 --> 00:07:46,650 In the first configuration wizard, you have to select the create the first Federation server in a federation 74 00:07:46,650 --> 00:07:48,210 server form option. 75 00:07:48,960 --> 00:07:52,530 Learn all the connect to the end of this page. 76 00:07:52,830 --> 00:07:58,650 Select the account that has the main administrator permissions to edit. 77 00:07:58,650 --> 00:08:06,900 If it was an account that you used to install and it first has the appropriate permissions, leave the 78 00:08:06,900 --> 00:08:09,390 default option and then proceed. 79 00:08:10,020 --> 00:08:13,700 Otherwise change it to the appropriate account. 80 00:08:14,340 --> 00:08:20,010 The account that you select should not be the credentials of your service account. 81 00:08:20,880 --> 00:08:25,410 The third step is on the specified service properties page. 82 00:08:25,710 --> 00:08:35,850 Select the corresponding certificate from the SSL certificate list or you have an option to import the 83 00:08:36,060 --> 00:08:43,470 associated certificate if you did not install it prior to the installation and then specify the Federation 84 00:08:43,470 --> 00:08:46,230 Service name of the Federation server for. 85 00:08:47,800 --> 00:08:55,240 After that on the specified service account which specify the credentials of the appropriate service. 86 00:08:55,240 --> 00:09:01,840 Second, for error, pass them on the specified configuration database page. 87 00:09:02,170 --> 00:09:12,850 Select the option to create a database by using WIOD or select the option to specify the location, 88 00:09:13,120 --> 00:09:18,640 hostname and instance of an existence SQL Server database. 89 00:09:20,330 --> 00:09:28,220 Then over the review options page note the wizard displays your selections, including your service 90 00:09:28,220 --> 00:09:35,030 account actions if you choose to use the w i d database. 91 00:09:35,060 --> 00:09:45,080 The Wizard notes that this is the primary server in the forum and the WIO database is installed and 92 00:09:45,080 --> 00:09:53,390 if you choose to use an existing sequel or database, the wizard notes that this will be the first server 93 00:09:53,390 --> 00:10:02,300 in the thorough form and provides the connection screen details for connecting to SQL Server to retrieve 94 00:10:02,300 --> 00:10:03,350 the configuration. 95 00:10:04,880 --> 00:10:15,350 And the last step for configurator in the Federation server in a Federation server form is on the Prerequisite 96 00:10:15,620 --> 00:10:16,900 Checks page. 97 00:10:17,060 --> 00:10:24,860 Note The Wizard displays the results of the prerequisite check before proceeding to the installation 98 00:10:24,860 --> 00:10:25,880 of ADF as. 99 00:10:27,130 --> 00:10:35,500 Please know that alternatively, you can use the Windows PowerShell command lift installed as a first 100 00:10:35,500 --> 00:10:41,080 form to deploy the first Federation server in a Federation server for. 101 00:10:42,820 --> 00:10:43,080 No. 102 00:10:43,090 --> 00:10:48,190 Some words about adding a federation server to a federation server for. 103 00:10:49,960 --> 00:10:55,000 To add an additional server to an array of first server form you have to follow. 104 00:10:56,110 --> 00:11:05,680 These steps first in the ED first configuration wizard select the Add Federation server to Federation 105 00:11:05,680 --> 00:11:14,650 servers form option second on the connect to add to this page, select the second that has domain administrator 106 00:11:14,650 --> 00:11:24,220 permissions to the edit is in the in the account that you use to install it first has the appropriate 107 00:11:24,310 --> 00:11:32,200 the appropriate permissions leave the default option and then proceed otherwise change it to the appropriate 108 00:11:32,200 --> 00:11:32,680 account. 109 00:11:33,130 --> 00:11:37,730 The call that you select should not be the credentials of your service. 110 00:11:37,730 --> 00:11:38,230 Second. 111 00:11:39,040 --> 00:11:47,350 Third On the specified form page, specify the name of the primer of a duration server in a form that 112 00:11:47,350 --> 00:11:56,650 uses WIOD or specify the database hostname and the instance name of an existing for duration server 113 00:11:56,650 --> 00:11:59,170 form the to use a SQL server. 114 00:12:00,700 --> 00:12:05,230 Fourth on the specified SSL certificate page. 115 00:12:05,680 --> 00:12:15,130 Either select the corresponding certificate from the SSL certificate to list or import the SSL certificate 116 00:12:15,130 --> 00:12:22,540 if you do not install it prior to the installation as opposed to the other installation options. 117 00:12:23,290 --> 00:12:31,540 You do not have to specify the Federation server service name of the Federation server for this is because 118 00:12:31,540 --> 00:12:39,250 of the resort is already aware of the Federation service name because of the previous information that 119 00:12:39,250 --> 00:12:40,060 you provided. 120 00:12:41,300 --> 00:12:48,320 After that on the specified service, second page specified the credentials for the appropriate service 121 00:12:48,320 --> 00:12:49,640 account for it. 122 00:12:49,800 --> 00:12:57,410 First, the country's pacifier must be the same according to the one used on the Primary Federation 123 00:12:57,410 --> 00:12:58,760 server in the form. 124 00:13:00,350 --> 00:13:03,080 And all the review options page. 125 00:13:03,320 --> 00:13:07,190 Note the reserve displays your selections for. 126 00:13:08,220 --> 00:13:14,280 Ah, the w I did the database or for a SQL Server database. 127 00:13:14,790 --> 00:13:17,670 And lastly on the Prerequisite Checks page. 128 00:13:17,850 --> 00:13:25,050 No, the wizard displays the results of the prerequisite check before proceeding to the installation 129 00:13:25,410 --> 00:13:26,610 of the first. 130 00:13:27,780 --> 00:13:36,910 And also please know that alternatively you can use the Windows PowerShell command led to reach out. 131 00:13:37,110 --> 00:13:43,500 This is the first for node to add a federation server to a federation server for. 132 00:13:45,730 --> 00:13:52,420 You can update it for us to help ensure that your idea of first environment is reliable and stable. 133 00:13:52,750 --> 00:14:00,340 You should install the recommended updates for radio first after installing and configuring your area 134 00:14:00,340 --> 00:14:01,900 first for duration source. 135 00:14:02,260 --> 00:14:07,150 You can use Microsoft Update to check for available updates. 136 00:14:08,790 --> 00:14:14,730 Next up, we'll be talking about configuring an account partner and resource partner.