User Managed identity with failover group with servers in different regions

KAMALPREET KAUR 1 Microsoft Employee

while using user managed identity with azure sql , the connection string or token acquired using DefaultAzureCredential is dependent on the clientID of user managed identity.

for the scenario when there is a sql failover switch i.e due to outage in one region (primary server) the other region's secondary) becomes primary.

if i have user managed identity per region (which is the recommended way for resiliency reasons), the automatic switch is not possible without switching the client id of managed identity.

what is the right way to use user managed identity on azure sql failover group, so that service consuming sql server remains unaware of sql failover?

GeethaThatipatri-MSFT 27,887 Reputation points Microsoft Employee

2024-05-08T00:45:15.15+00:00

@KAMALPREET KAUR Welcome to Microsoft Q&A thanks for posting your question.

Please find the similar post below this might help to address your question.

https://learn.microsoft.com/en-us/answers/questions/433960/user-assigned-managed-identity-and-sql-failover

let me know if you have any additional questions.

Regards

Geetha
KAMALPREET KAUR 1 Reputation point Microsoft Employee

2024-05-08T22:36:09.2466667+00:00

the shared link discusses about having only one user managed identity for both the regions.
but due to resiliency, the recommendation is to have one user managed identity per region .
how to handle scenario of failover , when there is a managed identity assigned to each sql server /region
KAMALPREET KAUR 1 Reputation point Microsoft Employee

2024-05-08T23:11:15.5166667+00:00

the link is talking about only one user identity in one region , linked to both sql servers.

but it defies the resiliency pattern , we need to create managed identity in each region of sql server . and on failover switch it should work automatically

Share via

User Managed identity with failover group with servers in different regions