Placing MIM in Azure IaaS

MIM has been listed under the server software support list for Azure VMs since it was known as FIM – so quite some time. But dig a little deeper and this isn’t a done deal, which is possibly a point of some confusion as this is not made at all clear when you read the Supported Platforms for MIM 2016 document. It was only while checking out the HA and DR for SQL in Azure VM’s document that I noticed SQL Clusters were not listed.

Always-On groups have some nice characteristics, and I imagine a great many conversations have taken place between MIM, SQL and Azure IaaS pros related to Always-On groups and how ‘they might just work’ regardless of not being listed in the MIM supported platforms document, but there is a key challenge specific to how MIM works which means that it’s not a trivial issue and Always-On groups might actually break the MIM platform. So we have something which needs to be resolved by Microsoft here, either:

  1. MIM needs to supports Always-On (or at least in some manifestation).
  2. Azure IaaS needs to support SQL clusters – maybe a ‘virtual cluster’?

Each of those is not a simple matter, so I’m not expecting a quick fix but back to today: SQL Cluster is the only supported HA option for MIM, and this is not available in Azure IaaS scenarios – and so Azure IaaS has no supported HA option for MIM.

For MIM Sync this may or may not be an issue for you, likely dependant on the fashion, length and frequency of your sync cycle. But a great many MIM Portal solutions have frequently-used self-service features which need to remain online (at least during business hours). In these cases, it is very difficult to recommend placing identity infrastructure into the cloud.

With identity receiving so much attention recently, it’s a little odd that identity infrastructure components have been left to stagnate in traditional datacentres. I guess this is 2016 and we’re now used to features and fixes coming thick and fast with the accelerated development cycle made possible by Azure. So it’s jarring when we’re forced to remember MIM is still very much a traditional on-premises service. Maybe something cloud-optimised could be coming along down the road, who knows, but identity folks are generally big proponents of cloud solutions, and so out of anyone looking to shift workloads to the cloud, I’m sure we’d all like to be at the vanguard of this… See how nicely I avoided a forefront reference?

If this impacts you, and you have a Premier support contract, it should be possible to open an advisory case from the Premier portal and submit a Business Impact Statement with Microsoft who will then review (and possibly reject) the case. But if enough people ask about this issue it may receive closer attention (here’s hoping).

So how about you and your environment, or your customers? Are people frustrated that they can’t migrate to the cloud? Or are they just doing it anyway on the basis that Azure IaaS brings with it other key benefits? I’d be interested to hear your thoughts and experiences.