Hi,
I'm looking into a design for HA across 2 DCs. As far as I'm aware it's not possible to have an Active-Active scenario - the FIM sync service is the limiting factor.
What I'm not sure about is whether it's possible to have a complete FIM 2010 R2 configuration in a passive environment, whereby it's not actually be used, but ready for go live if DC1 fails. Both FIM installations use the same AD. I'm thinking of using something along the lines of the below diagram to configure an active/passive HA environment.
The idea being is that the FIM servers in DC1 and DC2 will have an almost identical configuration and use the same service accounts, but the DBs in DC2 will be read-only until fail over.
Presumably for any fail over scenario, I would need to do the following:
- Update SPNs for the FIM service
- Ensure any web.config files are up to date (customizations on the portal)
- Ensure DNS updated to point at new DC
- Ensure registry keys\FIM sync encryption keys are at hand if needed
The other approach I'm thinking of is using a backup and restore if DC1 goes down, however active/passive is preferred. I'd be really interested to hear from anyone who has gone through a similar setup.
Thanks