Requirement
Create a Traffic Manager profile for KimConnect using the Azure portal.
Overview
———————————
“Setup Phase”
1. Create a Traffic Manager profile
2. Add Traffic Manager endpoints
3. Test Traffic Manager profile
———————————
“Cutover Phase”
1. Edit public DNS entries for ADFS to point to the public IP of Traffic Manager
2. Validate successful routing of name resolution toward active endpoints
3. Optional: roll-back procedures
Setup Phase
1. Create Traffic Manager profile
a. Log into Azure as a Global Admin > search for “Traffic Manager profile” > Create
– Name: “WestUS-PROD-ADFS”
– Routing method: Priority
– Subscription: select the KimConnect’s current subscription
– Resource Group: Select KimConnect’s current Resource Group
– Location: select US West region
2. Add Traffic Manager endpoints
a. Search for the newly created Traffic Manager: Resource Groups > click on correct resource group (KimConnect- DNS) > click on the newly created RG (“WestUS-PROD-ADFS”) > Copy the DNS name ) > Endpoints > Add > input these settings
— Type: External endpoint
— Name: “WestUS-PROD-ADFS-IP1”
— FQDN or IP: 2.2.2.2
— Priority: 1
— Custom Header settings: host:sts.kimconnect.com
b. Select OK > repeat this procedure for the secondary endpoint “WestUS-PROD-ADFS-IP2” (associated with 1.1.1.1)
c. Navigate back to the TM > Configuration > set Protocol = HTTPS, Port = 443, Path = /adfs/ls/idpinitiatedsignon.aspx > Save
3. Test setup
——-
a. Edit the hosts file of the local Windows workstation/laptop to associate the Traffic Manager’s IP with the DNS record of ADFS. Alternatively, install Technitium DNS Server to create a CNAME record
b. Search for the newly created Traffic Manager > Overview > Subscription > verify that the “DNS name” was correctly set
c. Open a web browser and navigate the that URL and validate that it’s resolvable
d. select Overview > select “WestUS-PROD-ADFS-IP1” > select Disabled > Save > open a web browser to validate that URL still resolves
e. reverse local hosts file changes in part (a)
——
Cutover Phase
1. Edit public DNS entries for ADFS to point to the public IP of Traffic Manager
2. Validate successful routing of name resolution toward active endpoints
a. If necessary, ensure that the hosts file of the local Windows workstation/laptop has no entries related to ADFS
b. Open a web browser to validate that URL still resolves > Logins are functional as expected. If not, follow the roll-back procedures
c. Logon to Azure > search for the newly created Traffic Manager > select Overview > select “WestUS-PROD-ADFS-IP1” > select Disabled > Save > open a web browser to validate that URL still resolves
3. Optional: roll-back procedures
a. Edit the hosts file of the local Windows workstation/laptop to associate the Traffic Manager’s IP with the DNS record of ADFS
b. Logon to Azure > Edit public DNS entries for ADFS to point back to the previously set IPs