The Active Directory Federation Services (AD FS) trust policy file defines the set of parameters that a Federation Service requires to identify partners, certificates, account stores, claims, and the various properties of these entities that are associated with the Federation Service.
The act of creating two or more federation servers in the same network, configuring each of them to use the same trust policy file, and adding the public key of each server's token-signing certificates (verification certificates) to the trust policy creates a federation server farm.
For farmed scenarios, it is important that the trust policy file be shared on a computer that does not also participate as a federation server in that farm. Microsoft Network Load Balancing (NLB) does not allow any of the computers that participate in a farm to communicate with one another.
After the trustpolicy.xml file has been placed in a shared folder, you protect that share with the appropriate permissions. This means that for each new federation server to successfully share a trust policy file, you must provide at least Read-only access permissions to each of the machine accounts on every federation server in the farm. The administrator of the Federation Service will be able to modify the trust policy file even though the machine accounts have Read-only permissions.