How do I configure WAP in Windows Server 2012 R2 highly available?

Web Application Proxy (WAP) in Windows Server 2012 R2 provides a reverse proxy service enabling services hosted internally on-premises to be published to the Internet. It does this while also integrating with Active Directory Federation Services (ADFS) to enable pre-authentication, single sign-on and more. If you need to use WAP in a production scenario its important that the WAP service is highly available. This is achieved by deploying multiple WAP instances that use the same certificate and connect to the same ADFS instance to ensure consistent policy. Network load balancing is used to provide a virtual IP that joins the multiple WAP instances into a single highly available service. You can use either Windows NLB or a separate load balancing solution.

Working with WAP:

A step-by-step guide is available which walks through configuring two WAP servers using Windows NLB at As part of the same series it also walks through deploying a highly available ADFS implementation which is important as all parts of the solution need to be highly available to provide a highly available complete solution.

Do I need multiple NICs for Web Application Proxy?

No. Web Application Proxy has no requirements or preference around the number of network adapters. The decision to have multiple NICs is dependent only on your network topology and if you need multiple network adapters to enable the connectivity required

Best practice analyzer:

Example of implementation: