FIM and Azure Infrastructure as a Service (IaaS)

You may or may not know that Windows Azure Infrastructure as a Service (IaaS) – officially called Windows Azure Infrastructure Services – is now live and available.  Microsoft announced the General Availability (GA) today, here

Microsoft have a knowledgebase article that lists what Microsoft products are officially supported running on Windows Azure Virtual Machines – kb2721672: Microsoft server software support for Windows Azure Virtual Machines – and both Active Directory Federation Services (AD FS), running on Windows Server 2008 R2 or later, and Forefront Identity Manager (FIM) 2010 R2 Service Pack 1 (SP1) are now supported on Azure IaaS VMs.

Some more info.:

  • SQL Azure won’t work as a database backend for FIM and a remote SQL VM has not been, and will not be, tested – you need to use an on-box SQL instance.
  • Not all workloads make sense running in IaaS.  Smaller workloads, probably FIM SYNC only, and DIRSYNC or multi-forest DIRSYNC using FIM and the Azure Active Directory (AAD) connector are probably going to make up the bulk of users.
  • You really need to consider having a DC running in IaaS too.  This will probably be recommended by Microsoft in the future.
  • You really need to look at the cost benefit of hosting FIM in the cloud.  There’s a bunch of costs that need to be considered – the cost of the VM, the processor usage, the storage, the network traffic and the VPN tunnel.
  • Lastly, support is via CSS FIM resources and not Azure support.

About Paul Williams

IT consultant working for Microsoft specialising in Identity Management and Directory Services.
This entry was posted in AD FS, FIM, News and tagged , , , , , . Bookmark the permalink.

3 Responses to FIM and Azure Infrastructure as a Service (IaaS)

  1. Pingback: FIM2010 R2 SP1 now supported on Azure IaaS (IdMaaS?) | FIMSpecialist

  2. Paul Green says:

    Hi Bob,

    It’s great that FIM is now supported in IaaS. I worked with Microsoft in profiling the optimum disk configuration for use with FIM Sync and SQL. We found – contrary to some published advice – that single disk configurations with read only caching yielded the optimum results. I guess others’ mileage may vary, but I’ve seen some good performance (similar to many on prem deployments) even from medium-sized servers. I’m just holding out for an extra extra large server with a huge SSD to really push the limits 😉

  3. Pingback: [REFERENCE] Azure IaaS and FIM 2010 - Solve your Identity crisis without therapy - Site Home - MSDN Blogs

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s