Load Distribution/HA across multiple ACS namespaces

Category: azure security


crudolphi on Tue, 12 Jun 2012 22:00:41

My understanding is that an ACS namespace provisioned into an Azure datacenter has no built-in capability to fail-over to another data center in case of ACS service failure or data center loss.

We are considering provisioning identical ACS namespaces in multiple datacenters (identical IDP and RP configurations, mapping rules, certificates, etc).

My question: has anyone identified options/best practices for how to supplement ACS with the ability to route traffic to a backup namespace in case of primary namespace failure?




Arwind - MSFT on Wed, 13 Jun 2012 09:27:38


Do you want to create a backup ACS namespace? I guess this is possible but a little trouble, assuming we create 2 different ACS namespace in different region (different data center), and create retry policy for relying-party application, if 1 namespace does not works, try to make application send request to another namespace (maybe slower because application and ACS in different data center).

And you have to do extra works to make multiple ACS namespace has the same rules, for example, sometime you need create ACS rules by code for users, please remember also create the same rules or do the same changes for another namespace.

If you want Azure ACS provide similar function defaultly, try to post your idea  as a feature request to Microsoft Azure platform:


Hope this helps.