Forum Discussion
Using Azure as a failover solution for ADFS server on prem
In this scenario, the ADFS farm would span both on-prem and in-cloud. Nodes would be added to the farm as secondary. You'd also need to ensure SQL has high availability to keep the farm resilient.
While Traffic Manager can send to the cloud or to a private datacenter, it uses DNS to perform resolution. So, you'd need to use CNAMEs with priority set to favor the datacenter versus the cloud. Traffic Manager does Round Robin by default.
Reference: Azure Traffic Manager - How to use on-premises endpoints
Using a public IP behind a Load Balancer which performs probes against the back-end servers both on-prem and in-cloud may be preferable, so it responds to network conditions without intervention.
The other way to go about this would be to just have the public IP set to point on-premises, and if the IT team determines there's an outage, someone must manually go in and update the CNAME to point to Azure instead. That wouldn't provide real-time failover, but if it's documented as the procedure it'd also work to "flip the switch".
While you could have two ADFS instances if you wanted to, the problem would be keeping them in 100% sync. You'd need a firm change control process to ensure that anytime Farm A is edited, the same change is made on Farm B. Hence, this approach wouldn't be ideal and likely isn't viable from a maintenance perspective.
Please like or mark this thread as answered if it's helpful, thanks!