A few tips regarding cloud connectors:
- Ideally you shall not be running additional software in domain controllers (the best practice is to let them be dedicated for that).
Rationale: You wouldn't want your Domain Controllers to be unable to satisfy authentication requests because they are competing for resources (CPU, Memory, throughput) with another service (like the cloud connector service). - A Centrify cloud connector at a minimum should have a multicore processor with 8GB of RAM and there has to be multiple cloud connectors for redundancy.
This is well-known from the docs. Depending how sensitive your apps are to your users (productivity, revenue-generation), you must plan for your federation infrastructure to be robust enough to recover from planned or unplanned outages. - Not all cloud connectors are built equal. Cloud connectors provide services like reverse-proxying (App Gateway), RADIUS, MFA services, etc.
The specs and design for high-availability vary depending on the services being offered. - Adhere to Microsoft AD best practices based on your design.
E.g.: In a multi-domain environment, proximity to Global Catalogs is key. Well-connected sites and proximity to resources and accounts being served. - Monitor your cloud-connectors.
has provided a script: https://github.com/israelbiscaia/centrify-cc-monitor