1 00:00:03,070 --> 00:00:09,700 Before we start to get into installing and configuring AD FS 2019, I want to talk a bit about my lab 2 00:00:09,700 --> 00:00:10,420 environment. 3 00:00:11,330 --> 00:00:16,700 I have a Windows ten physical machine that's running Hyper-V to host the VMs I'm using in this course. 4 00:00:17,630 --> 00:00:19,640 You don't have to use Hyper-V. 5 00:00:20,510 --> 00:00:25,220 You're free to use any hypervisor of your choice to run the guest VMs in my environment. 6 00:00:25,250 --> 00:00:31,550 There's a Windows Server 2019 domain controller named DC and it has Active Directory domain services 7 00:00:31,550 --> 00:00:32,240 installed. 8 00:00:33,160 --> 00:00:39,550 I've called the network company Dot PRI, and that same DC machine also has DNS installed as well as 9 00:00:39,550 --> 00:00:41,080 Active Directory certificates. 10 00:00:41,080 --> 00:00:46,870 Services will need that in order to create the certificate for the ad fs service to use. 11 00:00:47,080 --> 00:00:52,060 But you could also use a certificate purchased from a trusted third party certificate authority. 12 00:00:52,960 --> 00:00:58,180 When we get into federating with Azure later in the course, I'll actually be using a certificate from 13 00:00:58,180 --> 00:00:59,980 a third party trusted CAA. 14 00:01:00,850 --> 00:01:07,420 There's a single Windows Server 2019 server that will be using for all our ADF's configuration and that's 15 00:01:07,420 --> 00:01:08,830 called ADF's one. 16 00:01:09,700 --> 00:01:15,610 Then there's a web server with IaaS installed that will be deploying a custom ASP.NET Core application 17 00:01:15,610 --> 00:01:16,210 to later. 18 00:01:17,060 --> 00:01:22,070 And it's that application that will be accessing using the different authentication methods and we'll 19 00:01:22,070 --> 00:01:24,920 be able to see the claims returned by DFS. 20 00:01:25,820 --> 00:01:28,640 There's also a Windows ten VM that I'll be using to do. 21 00:01:28,640 --> 00:01:35,060 Most of the configuration from all of these VMs are on an internal network, which is just a Hyper-V 22 00:01:35,060 --> 00:01:42,500 switch with a19 2.168.3 net network, which simulates these VMs being on an internal corporate network. 23 00:01:43,390 --> 00:01:48,400 Then there's another network that's actually another virtual switch in Hyper-V that uses the external 24 00:01:48,400 --> 00:01:53,860 network, my physical router controls, and that network has access to the internet, which will need 25 00:01:53,860 --> 00:01:56,980 when we configure Federation with Azure later in the course. 26 00:01:57,880 --> 00:02:03,310 But the real purpose of this network is to separate another server from the internal network, and that's 27 00:02:03,310 --> 00:02:08,830 the Windows Server 2019 VM that will be installing Web Application Proxy onto. 28 00:02:09,670 --> 00:02:15,780 So this server will accept incoming calls from VMs on this network when we test web application proxy. 29 00:02:16,640 --> 00:02:21,980 The Web application proxy VM also has another network adapter that allows it to make calls into the 30 00:02:21,980 --> 00:02:28,820 company's PRI network so it can publish applications to the Internet network as well as making ad fs 31 00:02:28,820 --> 00:02:30,020 available externally. 32 00:02:30,890 --> 00:02:33,320 That'll all make sense later in the course. 33 00:02:34,250 --> 00:02:39,170 This is really the core of my test environment, but I will be making some additions throughout the 34 00:02:39,170 --> 00:02:39,650 course. 35 00:02:40,550 --> 00:02:42,800 When we federate with another organization. 36 00:02:42,830 --> 00:02:48,380 I'll have another set of VMs to represent the other org and I'll be making some changes to the ADF's 37 00:02:48,380 --> 00:02:51,830 service name when we federate with Azure AD later in the course. 38 00:02:52,760 --> 00:02:55,340 I'll go through those changes in that module. 39 00:02:56,260 --> 00:02:56,770 Next. 40 00:02:56,770 --> 00:03:02,980 Let's talk about the certificates that ADF's uses before we create one to use with the ADF for a service 41 00:03:02,980 --> 00:03:04,090 that will be installing.