locked
Limit on number of ACS identities per servicebus namespace RRS feed

  • Question

  • Is there a limit on number of ACS identities per servicebus namespace? If there is a limit, what is limit? Please clarify.

    Thanks in advance

    Anil Lingamallu

    Tuesday, September 18, 2012 9:27 PM

Answers

  • I got the official answer from Microsoft support. Posting this as it can be useful for others searching on same issue.

    I confirmed that there was no hard count limit of service identities, but avoid going over 250, 000 for a single ACS namespace in terms of performance considerations. If we have more than 250, 000, it is recommended to use multiple ACS namespaces to shard workloads.

    Please let me know if you have any questions or concerns.

    Thanks

    Anil

    Thursday, October 4, 2012 2:42 PM

All replies

  • Hi,

    For each root service bus namespace an ACS namespace will be created. I could not find any documentation on the maximum number of service identities that can be created in an ACS namespace, but if there is a limit I would guess the value will be high.

    How many identities do you think you will need to create?

    Regards,

    Alan


    Free EBook: "Windows Azure Service Bus Developer Guide" http://www.cloudcasts.net/devguide/

    Tuesday, September 18, 2012 10:02 PM
  • Thanks Alan.

    Our tenants share same servicebus namespace but use different sets of servicebus keys.

    Our architecture requires 5 identities per tenant. Since servicebus supports 2000 active relayed services per namespace, it will be 10000 ACS identities at minimum.

    Not all tenants will be active at the time, lets say we over provision to start with. So the maximum identities are 20000. Is this supported?

    Tuesday, September 18, 2012 10:35 PM
  • Anyone from Servicebus/ACS team comment on this please?
    Thursday, September 20, 2012 5:27 PM
  • The official recommendation is to NOT use ACS as an identity store. It wasn't build to be an active directory replacement and as such this aspect of the service may not scale well. If you truely predict 20,000 identities, I would respectfully suggest there may be a better way to manage the security.

    Identities should be stored elsewhere and exposed via an indentity provider that can then be consumed by the ACS.

    Monday, September 24, 2012 4:17 PM
  • I got the official answer from Microsoft support. Posting this as it can be useful for others searching on same issue.

    I confirmed that there was no hard count limit of service identities, but avoid going over 250, 000 for a single ACS namespace in terms of performance considerations. If we have more than 250, 000, it is recommended to use multiple ACS namespaces to shard workloads.

    Please let me know if you have any questions or concerns.

    Thanks

    Anil

    Thursday, October 4, 2012 2:42 PM