Azure AppFabric Access Control Sample Import/Export Tool (acmsafeguard.exe)

The AcmSafeGuard tool is a command line tool built to be able to perform a full export and import of the Azure AppFabric Access Control entities, as well as a delete-all operation. This tool, with source, is available in the attachment. I built this by evolving the acm.exe tool that is already included in the AppFabric SDK today.


This tool can be used in two primary scenarios, backup and restore of the ACS entities in case you are worried you make unintended changes to the data, and environment migration of ACS entities from one service namespace to another. This second scenario may be helpful in cases you want to setup another service namespace with a duplicate for the purpose of geo-redundancy. This ensures safety in case one of the service namespaces in a given location becomes unavailable; your application logic can resort to using the back-up service.


This tool is unsupported because there are many limitations in its capabilities to provide any guarantees of satisfying the scenarios defined. Read the following, it’s the big “WARNING!” sign.

During the duration of the export process, the entities might change. Since the export process is non-transactional, interdependencies between entities are not guaranteed. For example, if a Rule references an Issuer which was deleted after the Issuers were exported, then there is a broken relationship. Also, if you want to be able to say at which exact time the snapshot occurred, that too is not possible. Since the process takes a while and changes might occur for that duration, it is hard to set an exact time of the snapshot as it is not accurate with either the begging or end.

If you want to perform a backup/restore process, I suggest that you use the ACS service as a “cache”, and store the “master” data on your system locally and maintain proper backup practices on that master data.

If you want to perform an environment migration I would suggest that you ensure that the entities do not change for the duration of the export, this way you can actually make an accurate replica. This means you’ll have to prevent modifications of the entities from you application logic. Furthermore, a migration should be done off the master copy, not this ACS cache. That is, if you maintain a master copy of the data as suggested, then instead of migrating from one environment to another, you’d just be deploying the master data to a new ACS service namespace.