diff --git a/.github/actions-config/gh-ado-sync-config.json b/.github/actions-config/gh-ado-sync-config.json new file mode 100644 index 000000000..0c3183d83 --- /dev/null +++ b/.github/actions-config/gh-ado-sync-config.json @@ -0,0 +1,18 @@ +{ + "log_level": "info", + "ado": { + "organization": "CSUSolEng", + "project": "Well-Architected Framework", + "wit": "GitHub Issue", + "states": { + "new": "New", + "closed": "Closed", + "reopened": "New", + "deleted": "Removed", + "active": "In Progress" + }, + "bypassRules": true, + "autoCreate": true, + "areaPath": "Well-Architected Framework" + } +} diff --git a/.github/workflows/ado-sync-workitems.yml b/.github/workflows/ado-sync-workitems.yml new file mode 100644 index 000000000..e6896d572 --- /dev/null +++ b/.github/workflows/ado-sync-workitems.yml @@ -0,0 +1,31 @@ +name: Sync Issues to Azure DevOps Work Items + +permissions: + contents: read + +on: + issues: + types: [opened, closed, deleted, reopened, edited, labeled, unlabeled, assigned, unassigned] + issue_comment: + types: [created] + +jobs: + alert: + runs-on: ubuntu-latest + name: Sync workflow + if: github.repository == 'Azure/Azure-Proactive-Resiliency-Library-v2' + + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: GitHub/ADO Sync + uses: a11smiles/GitSync@v1.2.3 + env: + ado_token: '${{ secrets.ADO_PERSONAL_ACCESS_TOKEN }}' + github_token: '${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}' + config_file: './.github/actions-config/gh-ado-sync-config.json' + with: + ado: ${{ secrets.ADO_MAPPINGS_HANDLES }} diff --git a/.github/workflows/build-recommendation-object.yml b/.github/workflows/build-recommendation-object.yml index 5d5bb4356..b4cfee1a6 100644 --- a/.github/workflows/build-recommendation-object.yml +++ b/.github/workflows/build-recommendation-object.yml @@ -5,9 +5,15 @@ on: - cron: "0 0 * * *" workflow_dispatch: {} +permissions: + contents: read + jobs: build: runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write steps: - name: Harden Runner uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1 @@ -38,7 +44,7 @@ jobs: run: | git add ./tools/data/recommendations.json git commit -m "Update recommendations.json" - git push + git push --set-upstream origin json-object-update - name: Create PR env: diff --git a/azure-specialized-workloads/avd/kql/4b1a45af-d35f-442d-922a-a3e7b6052de1.kql b/azure-resources/Compute/galleries/kql/b14ee8ed-7d27-447b-b6fb-6472cb5f4b75.kql similarity index 95% rename from azure-specialized-workloads/avd/kql/4b1a45af-d35f-442d-922a-a3e7b6052de1.kql rename to azure-resources/Compute/galleries/kql/b14ee8ed-7d27-447b-b6fb-6472cb5f4b75.kql index 825659376..614a7f9ca 100644 --- a/azure-specialized-workloads/avd/kql/4b1a45af-d35f-442d-922a-a3e7b6052de1.kql +++ b/azure-resources/Compute/galleries/kql/b14ee8ed-7d27-447b-b6fb-6472cb5f4b75.kql @@ -1,2 +1 @@ // under-development - diff --git a/azure-resources/Compute/galleries/kql/b3c3ba1d-7de6-442d-8c50-023330fbf765.kql b/azure-resources/Compute/galleries/kql/b3c3ba1d-7de6-442d-8c50-023330fbf765.kql new file mode 100644 index 000000000..614a7f9ca --- /dev/null +++ b/azure-resources/Compute/galleries/kql/b3c3ba1d-7de6-442d-8c50-023330fbf765.kql @@ -0,0 +1 @@ +// under-development diff --git a/azure-resources/Compute/galleries/recommendations.yaml b/azure-resources/Compute/galleries/recommendations.yaml index 156325e4f..d952a6f72 100644 --- a/azure-resources/Compute/galleries/recommendations.yaml +++ b/azure-resources/Compute/galleries/recommendations.yaml @@ -57,3 +57,39 @@ url: "https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/should-i-create-a-generation-1-or-2-virtual-machine-in-hyper-v" - name: Images in Compute gallery url: "https://learn.microsoft.com/en-us/azure/virtual-machines/shared-image-galleries?tabs=azure-cli" + +- description: Create Image Versions replicas in secondary region + aprlGuid: b14ee8ed-7d27-447b-b6fb-6472cb5f4b75 + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: Medium + recommendationResourceType: Microsoft.Compute/galleries + recommendationMetadataState: Active + longDescription: | + On multi-region deployments, replicate Image Versions to a secondary region to ensure disaster recovery capability. This ensures that the Image Versions are available in the secondary region in case of a disaster in the primary region. + potentialBenefits: Enhances disaster recovery capability + pgVerified: true + publishedToLearn: false + automationAvailable: true + tags: null + learnMoreLink: + - name: Compute Gallery Replication + url: "https://learn.microsoft.com/azure/virtual-machines/azure-compute-gallery#replication" + +- description: Configure Image version replica count per region. + aprlGuid: b3c3ba1d-7de6-442d-8c50-023330fbf765 + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: Medium + recommendationResourceType: Microsoft.Compute/galleries + recommendationMetadataState: Active + longDescription: | + You can set a different replica count in each target region, based on the scale needs for the region. For every 20 VMs that you create concurrently, we recommend you keep one replica. + potentialBenefits: Enhances disaster recovery capability + pgVerified: true + publishedToLearn: false + automationAvailable: true + tags: null + learnMoreLink: + - name: Compute Gallery Scaling + url: "https://learn.microsoft.com/en-us/azure/virtual-machines/azure-compute-gallery#scaling" diff --git a/azure-resources/Compute/virtualMachines/kql/587ca3e4-113b-4c4f-b4e0-92cd8d2065b6.kql b/azure-resources/Compute/virtualMachines/kql/587ca3e4-113b-4c4f-b4e0-92cd8d2065b6.kql new file mode 100644 index 000000000..62b578dfe --- /dev/null +++ b/azure-resources/Compute/virtualMachines/kql/587ca3e4-113b-4c4f-b4e0-92cd8d2065b6.kql @@ -0,0 +1,2 @@ +// cannot-be-validated-with-arg + diff --git a/azure-resources/Compute/virtualMachines/recommendations.yaml b/azure-resources/Compute/virtualMachines/recommendations.yaml index ef4b9027c..28e541fff 100644 --- a/azure-resources/Compute/virtualMachines/recommendations.yaml +++ b/azure-resources/Compute/virtualMachines/recommendations.yaml @@ -523,3 +523,21 @@ learnMoreLink: - name: How to update the Azure Linux Agent on a VM url: "https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/update-linux-agent?tabs=ubuntu" + +- description: Reserve Compute Capacity in Disaster Recovery Regions + aprlGuid: 587ca3e4-113b-4c4f-b4e0-92cd8d2065b6 + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: Medium + recommendationResourceType: Microsoft.Compute/virtualMachines + recommendationMetadataState: Active + longDescription: | + On-Demand Capacity Reservations ensure recovery of virtual machines in the event of a natural disaster by reserving compute capacity in advance within a specific region or zone. This guarantees that VMs have the necessary resources during disaster recovery failover events thus reducing downtime. + potentialBenefits: Guaranteed capacity in disaster recovery regions + pgVerified: true + publishedToLearn: false + automationAvailable: false + tags: null + learnMoreLink: + - name: On-demand Capacity Reservation + url: "https://aka.ms/on-demand-capacity-reservations-docs" diff --git a/azure-resources/Dashboard/_index.md b/azure-resources/Dashboard/_index.md new file mode 100644 index 000000000..00253f673 --- /dev/null +++ b/azure-resources/Dashboard/_index.md @@ -0,0 +1,5 @@ +--- +title: Dashboard +geekdocCollapseSection: true +geekdocHidden: false +--- diff --git a/azure-resources/Dashboard/grafana/_index.md b/azure-resources/Dashboard/grafana/_index.md new file mode 100644 index 000000000..ce121b420 --- /dev/null +++ b/azure-resources/Dashboard/grafana/_index.md @@ -0,0 +1,7 @@ +--- +title: grafana +geekdocCollapseSection: true +geekdocHidden: false +--- + +{{< azure-resources-recommendationlist name="azure-resources-recommendationlist" >}} diff --git a/azure-resources/Dashboard/grafana/kql/6cd57b65-ef84-4088-9ada-c0d8de74c2f7.kql b/azure-resources/Dashboard/grafana/kql/6cd57b65-ef84-4088-9ada-c0d8de74c2f7.kql new file mode 100644 index 000000000..ceb9926cf --- /dev/null +++ b/azure-resources/Dashboard/grafana/kql/6cd57b65-ef84-4088-9ada-c0d8de74c2f7.kql @@ -0,0 +1,14 @@ +// Azure Resource Graph Query +// Provides a list of Azure Managed Grafana resources that do not zone redundancy enabled. +resources +| where type =~ "Microsoft.Dashboard/grafana" +| extend zoneRedundancy = properties.zoneRedundancy +| where zoneRedundancy !~ "Enabled" +| project + recommendationId = "6cd57b65-ef84-4088-9ada-c0d8de74c2f7", + name, + id, + tags, + param1 = strcat("location: ", location), + param2 = strcat("sku: ", sku.name), + param3 = strcat("zoneRedundancy: ", zoneRedundancy) diff --git a/azure-resources/Dashboard/grafana/recommendations.yaml b/azure-resources/Dashboard/grafana/recommendations.yaml new file mode 100644 index 000000000..be213a1a9 --- /dev/null +++ b/azure-resources/Dashboard/grafana/recommendations.yaml @@ -0,0 +1,19 @@ +- description: Enable zone redundancy in Managed Grafana + aprlGuid: 6cd57b65-ef84-4088-9ada-c0d8de74c2f7 + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: Medium + recommendationResourceType: Microsoft.Dashboard/grafana + recommendationMetadataState: Active + longDescription: | + Managed Grafana Standard tier is hosted on a dedicated set of VMs to provide redundancy. With zone redundancy enabled, VMs are spread across availability zones (AZ). Related resources are also configured for AZ. Zone redundancy can only be enabled when creating the Azure Managed Grafana instance. + potentialBenefits: Enhanced Managed Grafana resilience to failures + pgVerified: false + publishedToLearn: false + automationAvailable: true + tags: null + learnMoreLink: + - name: Azure Managed Grafana service reliability + url: "https://learn.microsoft.com/azure/managed-grafana/high-availability" + - name: Enable zone redundancy in Azure Managed Grafana + url: "https://learn.microsoft.com/Azure/managed-grafana/how-to-enable-zone-redundancy" diff --git a/azure-resources/DesktopVirtualization/hostPools/recommendations.yaml b/azure-resources/DesktopVirtualization/hostPools/recommendations.yaml index 20066cedc..bd58c9158 100644 --- a/azure-resources/DesktopVirtualization/hostPools/recommendations.yaml +++ b/azure-resources/DesktopVirtualization/hostPools/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Create a validation host pool for testing of planned updates +- description: Create a validation host pool aprlGuid: 013ac34e-7c4b-425f-9e0c-216f0cc06181 recommendationTypeId: null recommendationControl: Governance @@ -6,7 +6,7 @@ recommendationResourceType: Microsoft.DesktopVirtualization/hostPools recommendationMetadataState: Active longDescription: | - Create a Validation Pool for early issue detection with planned AVD updates. Adjust limits based on needs. Scale by adding multiple host pools for more users. Regularly test updates on host pools. Validate changes before applying to main environment to avoid downtime. + Validation host pools let you monitor service updates before the service applies them to your standard or non-validation environment. potentialBenefits: Enhanced environment stability pgVerified: true publishedToLearn: false @@ -24,7 +24,7 @@ recommendationResourceType: Microsoft.DesktopVirtualization/hostPools recommendationMetadataState: Active longDescription: | - Create maintenance schedules for AVD agent updates to avoid disruptions. Use Scheduled Agent Updates to set maintenance windows for updating Azure Virtual Desktop agent, side-by-side stack, and Geneva Monitoring agent. + Create up to two maintenance windows for the Azure Virtual Desktop agent, side-by-side stack, and Geneva Monitoring agent to get updated so that updates don't happen during peak business hours. potentialBenefits: Enhanced environment stability pgVerified: true publishedToLearn: false @@ -42,7 +42,7 @@ recommendationResourceType: Microsoft.DesktopVirtualization/hostPools recommendationMetadataState: Active longDescription: | - For optimized AVD configuration, place Hybrid VMs in unique OUs. Segregate Prod and DR units for environment-specific settings. This ensures targeted configurations for session hosts, including FSLogix, timeouts, and session controls. + Place domain joined session hosts VMs in unique OUs. Segregate Prod and DR units for environment-specific settings. This ensures targeted configurations for session hosts, including FSLogix, session controls, etc. potentialBenefits: Improved AVD hostpool config & segmentation pgVerified: true publishedToLearn: false @@ -52,7 +52,7 @@ - name: Configure the VMs and install Active Directory Domain Services url: "https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/virtual-dc/adds-on-azure-vm#configure-the-vms-and-install-active-directory-domain-services" -- description: Use Azure Site Recovery or backups to protect VMs supporting personal desktops +- description: Use Azure Site Recovery to protect stateful session hosts aprlGuid: 38721758-2cc2-4d6b-b7b7-8b47dadbf7df recommendationTypeId: null recommendationControl: Disaster Recovery @@ -60,7 +60,7 @@ recommendationResourceType: Microsoft.Compute/virtualMachines recommendationMetadataState: Active longDescription: | - Implement Azure Site Recovery (ASR) or Azure Backup for personal host pools to enable seamless failover and failback. This replicates VMs supporting personal desktops to a secondary Azure region, ensuring recovery from a known state in case of a disaster or outage. + Implement Azure Site Recovery (ASR) to replicate or backup stateful session hosts. This replicates VMs to a secondary Azure region or availability zone, ensuring recovery from a known VM state in case of an outage. potentialBenefits: Ensures VM recovery & failover pgVerified: true publishedToLearn: false diff --git a/azure-resources/DesktopVirtualization/scalingPlans/recommendations.yaml b/azure-resources/DesktopVirtualization/scalingPlans/recommendations.yaml index 882a2038f..48f963ace 100644 --- a/azure-resources/DesktopVirtualization/scalingPlans/recommendations.yaml +++ b/azure-resources/DesktopVirtualization/scalingPlans/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Scaling plans should be created per region and not scaled across regions +- description: Create scaling plans per region aprlGuid: 499769ae-67c9-492e-9ca5-cfd4cece5209 recommendationTypeId: null recommendationControl: Scalability @@ -6,7 +6,7 @@ recommendationResourceType: Microsoft.DesktopVirtualization/scalingPlans recommendationMetadataState: Active longDescription: | - Each region has its own scaling plans assigned to host pools within that region. However, these plans can become inaccessible if there's a regional failure. To mitigate this risk, it's advisable to create a secondary scaling plan in another region. + Scaling plans can only be assigned to host pools in the same region, on multi-region deployment scenario each region should has its own scaling plan. potentialBenefits: Enhanced scaling pgVerified: true publishedToLearn: false diff --git a/azure-resources/Network/connections/kql/f6a14b32-a727-4ace-b5fa-7b1c6bdff402.kql b/azure-resources/Network/connections/kql/f6a14b32-a727-4ace-b5fa-7b1c6bdff402.kql index 825659376..c39397d18 100644 --- a/azure-resources/Network/connections/kql/f6a14b32-a727-4ace-b5fa-7b1c6bdff402.kql +++ b/azure-resources/Network/connections/kql/f6a14b32-a727-4ace-b5fa-7b1c6bdff402.kql @@ -1,2 +1,19 @@ -// under-development - +// Azure Resource Graph Query +// Find all ExpressRoute Connections that are connected to ErGw3AZ or UltraPerformance gateway sku that don't have +// FastPath enabled for both the Gateway Bypass or Private Endpoint/Link service. +resources +| where type == "microsoft.network/connections" +| where properties.connectionType =~ 'expressroute' +| extend gatewayId = tostring(properties.virtualNetworkGateway1.id) +| join kind=inner ( + resources + | where type =~ "Microsoft.Network/virtualNetworkGateways" + | where properties.sku.name in~ ("ErGw3AZ", "UltraPerformance") + | extend gatewayId = tostring(id) +) on gatewayId +| extend erGatewayBypass = tobool(properties.expressRouteGatewayBypass) +| extend privateLinkFastPath = tobool(properties.enablePrivateLinkFastPath) +| where not(erGatewayBypass) or not(privateLinkFastPath) +| project recommendationId = "f6a14b32-a727-4ace-b5fa-7b1c6bdff402", id, name, tags, + param1 = iff(erGatewayBypass, "Enabled: Gateway Bypass", "Disabled: Gateway Bypass"), + param2 = iff(privateLinkFastPath, "Enabled: PE FastPath", "Disabled: PE FastPath"), diff --git a/azure-resources/Network/connections/recommendations.yaml b/azure-resources/Network/connections/recommendations.yaml index 200e269fd..e7cf00e00 100644 --- a/azure-resources/Network/connections/recommendations.yaml +++ b/azure-resources/Network/connections/recommendations.yaml @@ -1,4 +1,4 @@ -- description: For better data path performance enable FastPath on ExpressRoute Direct and Gateway +- description: For better data path performance enable FastPath on ExpressRoute Connections aprlGuid: f6a14b32-a727-4ace-b5fa-7b1c6bdff402 recommendationTypeId: null recommendationControl: Scalability diff --git a/azure-resources/Resources/resourceGroups/kql/98bd7098-49d6-491b-86f1-b143d6b1a0ff.kql b/azure-resources/Resources/resourceGroups/kql/98bd7098-49d6-491b-86f1-b143d6b1a0ff.kql index 0c313399e..f8cef9ca4 100644 --- a/azure-resources/Resources/resourceGroups/kql/98bd7098-49d6-491b-86f1-b143d6b1a0ff.kql +++ b/azure-resources/Resources/resourceGroups/kql/98bd7098-49d6-491b-86f1-b143d6b1a0ff.kql @@ -1,13 +1,22 @@ // Azure Resource Graph Query // Provides a list of Azure Resource Groups that have resources deployed in a region different than the Resource Group region -resources -| project id, name, tags, resourceGroup, location -| where location != "global" // exclude global resources -| where resourceGroup != "networkwatcherrg" // exclude networkwatcherrg -| where split(id, "/", 3)[0] =~ "resourceGroups" // resource is in a resource group -| extend resourceGroupId = strcat_array(array_slice(split(id, "/"),0,4), "/") // create resource group resource id -| join (resourcecontainers | project containerid=id, containerlocation=location ) on $left.resourceGroupId == $right.['containerid'] // join to resourcecontainers table -| where location != containerlocation -| project recommendationId="98bd7098-49d6-491b-86f1-b143d6b1a0ff", name, id, tags -| order by id asc - +resourcecontainers +| where type =~ "Microsoft.Resources/subscriptions/resourceGroups" +| project resourceGroupId = tolower(id), resourceGroupLocation = location +| join kind = inner ( + resources + | where location !~ "Global" and // Exclude global resources + resourceGroup !~ "NetworkWatcherRG" and // Exclude resources in the NetworkWatcherRG + id has "/resourceGroups/" // Exclude resources not in a resource group + | project id, name, tags, resourceGroup, location, resourceGroupId = tolower(strcat_array(array_slice(split(id, "/"), 0, 4), "/")) + ) + on resourceGroupId +| where resourceGroupLocation !~ location +| project + recommendationId = "98bd7098-49d6-491b-86f1-b143d6b1a0ff", + name, + id, + tags, + param1 = strcat("resourceLocation: ", location), + param2 = strcat("resourceGroupLocation: ", resourceGroupLocation), + param3 = strcat("resourceGroup: ", resourceGroup) diff --git a/azure-resources/VirtualMachineImages/imageTemplates/recommendations.yaml b/azure-resources/VirtualMachineImages/imageTemplates/recommendations.yaml index d9d89d8e6..619071f11 100644 --- a/azure-resources/VirtualMachineImages/imageTemplates/recommendations.yaml +++ b/azure-resources/VirtualMachineImages/imageTemplates/recommendations.yaml @@ -24,7 +24,7 @@ recommendationResourceType: Microsoft.VirtualMachineImages/imageTemplates recommendationMetadataState: Active longDescription: | - The Azure Image Builder service, used for deploying Image Templates, lacks availability zones support. By replicating Image Templates to a secondary, preferably paired, region, quick recovery from a region failure is enabled, ensuring continuous virtual machine deployment from these templates. + The Azure Image Builder service lacks availability zones support. Replicating Image Templates to a secondary region will enable the build of new images in secondary region. potentialBenefits: Enhances disaster recovery capability pgVerified: true publishedToLearn: false @@ -32,6 +32,6 @@ tags: null learnMoreLink: - name: Image Template resiliency - url: "https://learn.microsoft.com/en-us/azure/reliability/reliability-image-builder?toc=%2Fazure%2Fvirtual-machines%2Ftoc.json&bc=%2Fazure%2Fvirtual-machines%2Fbreadcrumb%2Ftoc.json#capacity-and-proactive-disaster-recovery-resiliency" + url: "https://learn.microsoft.com/en-us/azure/reliability/reliability-image-builder?toc=%2Fazure%2Fvirtual-machines%2Ftoc.json&bc=%2Fazure%2Fvirtual-machines%2Fbreadcrumb%2Ftoc.json&tabs=graph#disaster-recovery" - name: Azure Image Builder Supported Regions url: "https://learn.microsoft.com/en-us/azure/virtual-machines/image-builder-overview?tabs=azure-powershell#regions" diff --git a/azure-resources/Web/serverFarms/recommendations.yaml b/azure-resources/Web/serverFarms/recommendations.yaml index 26750673d..5bbb32913 100644 --- a/azure-resources/Web/serverFarms/recommendations.yaml +++ b/azure-resources/Web/serverFarms/recommendations.yaml @@ -46,7 +46,7 @@ longDescription: | Avoid frequent scaling up/down of Azure App Service instances to prevent service disruptions. Choose the right tier and size for the workload and scale out for traffic changes, as scaling adjustments can trigger application restarts. potentialBenefits: Minimizes restarts, enhances stability - pgVerified: false + pgVerified: true publishedToLearn: false automationAvailable: true tags: null @@ -82,7 +82,7 @@ longDescription: | Enabling Autoscale/Automatic Scaling for your Azure App Service ensures sufficient resources for incoming requests. Autoscaling is rule-based, whereas Automatic Scaling, a newer feature, automatically adjusts resources based on HTTP traffic. potentialBenefits: Optimizes resources for traffic - pgVerified: false + pgVerified: true publishedToLearn: false automationAvailable: false tags: null diff --git a/azure-resources/Web/sites/recommendations.yaml b/azure-resources/Web/sites/recommendations.yaml index 9dcdbc108..9261bbd34 100644 --- a/azure-resources/Web/sites/recommendations.yaml +++ b/azure-resources/Web/sites/recommendations.yaml @@ -20,13 +20,13 @@ aprlGuid: a7e8bb3d-8ceb-442d-b26f-007cd63f9ffc recommendationTypeId: null recommendationControl: Monitoring and Alerting - recommendationImpact: Medium + recommendationImpact: High recommendationResourceType: Microsoft.Web/sites recommendationMetadataState: Active longDescription: | Use Application Insights to monitor app performance and load behavior, offering real-time insights, issue diagnosis, and root-cause analysis. It supports ASP.NET, ASP.NET Core, Java, and Node.js on Azure App Service, now with built-in monitoring. potentialBenefits: Real-time insights and issue diagnosis - pgVerified: false + pgVerified: true publishedToLearn: false automationAvailable: false tags: null @@ -64,7 +64,7 @@ longDescription: | Creating a separate storage account for logs and not using the same one for application data prevents logging activities from reducing application performance by ensuring that the resources dedicated to handling application data are not burdened by logging processes. potentialBenefits: Improves app performance - pgVerified: false + pgVerified: true publishedToLearn: false automationAvailable: false tags: null @@ -100,7 +100,7 @@ longDescription: | Use app settings for configuration and define them in Resource Manager templates or via PowerShell to facilitate part of an automated deployment/update process for improved reliability. potentialBenefits: Enhanced reliability via automation - pgVerified: false + pgVerified: true publishedToLearn: false automationAvailable: true tags: null @@ -112,13 +112,13 @@ aprlGuid: fd049c28-ae6d-48f0-a641-cc3ba1a3fe1d recommendationTypeId: null recommendationControl: Other Best Practices - recommendationImpact: Medium + recommendationImpact: High recommendationResourceType: Microsoft.Web/sites recommendationMetadataState: Active longDescription: | Use Health Check for production workloads. Health check increases your application's availability by rerouting requests away from unhealthy instances, and replacing instances if they remain unhealthy. The Health check path should check critical components of your application. potentialBenefits: Enhanced reliability via automation - pgVerified: false + pgVerified: true publishedToLearn: false automationAvailable: true tags: null @@ -136,7 +136,7 @@ longDescription: | Use network access restrictions to define a priority-ordered allow/deny list that controls network access to your app. Web application firewalls, such as the one available in Application Gateway, are recommended for protection of public-facing web applications. potentialBenefits: Enhanced security - pgVerified: false + pgVerified: true publishedToLearn: false automationAvailable: true tags: null @@ -148,13 +148,13 @@ aprlGuid: 9e6682ac-31bc-4635-9959-ab74b52454e6 recommendationTypeId: null recommendationControl: Scalability - recommendationImpact: Medium + recommendationImpact: High recommendationResourceType: Microsoft.Web/sites recommendationMetadataState: Active longDescription: | App Service should be configured with a minimum of two instances for production workloads. If apps have a longer warmup time a minimum of three instances should be used. potentialBenefits: Improves app performace - pgVerified: false + pgVerified: true publishedToLearn: false automationAvailable: true tags: null diff --git a/azure-specialized-workloads/avd/_index.md b/azure-specialized-workloads/avd/_index.md index dc01c6c0b..d4324854e 100644 --- a/azure-specialized-workloads/avd/_index.md +++ b/azure-specialized-workloads/avd/_index.md @@ -8,12 +8,14 @@ geekdocHidden: false | Recommendation | Provider Namespace | Resource Type | |:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------:|:----------------------:| -| [Create a validation host pool for testing of planned updates](../../../Azure-Proactive-Resiliency-Library-v2/azure-resources/DesktopVirtualization/hostPools/#Create-a-validation-host-pool-for-testing-of-planned-updates) | DesktopVirtualization | hostPools | +| [Create a validation host pool](../../../Azure-Proactive-Resiliency-Library-v2/azure-resources/DesktopVirtualization/hostPools/#Create-a-validation-host-pool) | DesktopVirtualization | hostPools | | [Configure host pool scheduled agent updates](../../../Azure-Proactive-Resiliency-Library-v2/azure-resources/DesktopVirtualization/hostPools/#configure-host-pool-scheduled-agent-updates) | DesktopVirtualization | hostPools | | [Ensure a unique OU is used when deploying host pools with domain joined session hosts](../../../Azure-Proactive-Resiliency-Library-v2/azure-resources/DesktopVirtualization/hostPools/#ensure-a-unique-ou-is-used-when-deploying-host-pools-with-domain-joined-session-hosts) | DesktopVirtualization | hostPools | -| [Use Azure Site Recovery or backups to protect VMs supporting personal desktops](../../../Azure-Proactive-Resiliency-Library-v2/azure-resources/DesktopVirtualization/hostPools/#use-azure-site-recovery-or-backups-to-protect-vms-supporting-personal-desktops) | DesktopVirtualization | hostPools | -| [Scaling plans should be created per region and not scaled across regions](../../../Azure-Proactive-Resiliency-Library-v2/azure-resources/DesktopVirtualization/scalingPlans/#scaling-plans-should-be-created-per-region-and-not-scaled-across-regions) | DesktopVirtualization | scalingPlans | -| [Replicate your Image Templates to a secondary region](../../../Azure-Proactive-Resiliency-Library-v2/azure-resources/VirtualMachineImages/imageTemplates/#replicate-your-image-templates-to-a-secondary-region) | Compute | galleries | +| [Use Azure Site Recovery to protect stateful session hosts](../../../Azure-Proactive-Resiliency-Library-v2/azure-resources/DesktopVirtualization/hostPools/#use-azure-site-recovery-to-protect-stateful-session hosts) | DesktopVirtualization | hostPools | +| [Create scaling plans per region](../../../Azure-Proactive-Resiliency-Library-v2/azure-resources/DesktopVirtualization/scalingPlans/#create-scaling-plans-per-region) | DesktopVirtualization | scalingPlans | +| [Replicate your image templates to a secondary region](../../../Azure-Proactive-Resiliency-Library-v2/azure-resources/VirtualMachineImages/imageTemplates/#replicate-your-image-templates-to-a-secondary-region) | Compute | virtualMachineImages | +| [Create image Versions replicas in secondary region](../../../Azure-Proactive-Resiliency-Library-v2/azure-resources/compute/galleries/#create-image-versions-replicas-in-secondary-region) | Compute | galleries | +| [Configure image version replica count per region](../../../Azure-Proactive-Resiliency-Library-v2/azure-resources/compute/galleries/#configure-image-version-replica-count-per-region) | Compute | galleries | | [A minimum of three replicas should be kept for production image versions](../../../Azure-Proactive-Resiliency-Library-v2/azure-resources/Compute/galleries/#a-minimum-of-three-replicas-should-be-kept-for-production-image-versions) | Compute | galleries | | [Zone redundant storage should be used for image versions](../../../Azure-Proactive-Resiliency-Library-v2/azure-resources/Compute/galleries/#zone-redundant-storage-should-be-used-for-image-versions) | Compute | galleries | | [Deploy VMs across Availability Zones](../../../Azure-Proactive-Resiliency-Library-v2/azure-resources/Compute/virtualMachines/#deploy-vms-across-availability-zones) | Compute | virtualMachines | diff --git a/azure-specialized-workloads/avd/recommendations.yaml b/azure-specialized-workloads/avd/recommendations.yaml index b900a31c8..ef2ef7c49 100644 --- a/azure-specialized-workloads/avd/recommendations.yaml +++ b/azure-specialized-workloads/avd/recommendations.yaml @@ -279,25 +279,6 @@ - name: Learn More url: "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing" -- description: Ensure route tables accommodate failover - aprlGuid: 4b1a45af-d35f-442d-922a-a3e7b6052de1 - recommendationTypeId: null - recommendationControl: Disaster Recovery - recommendationImpact: High - recommendationResourceType: Specialized.Workload/AVD - recommendationMetadataState: Active - longDescription: | - Ensure Route Tables that force tunnel traffic to FW/NVA have failover considerations evaluated and won't fail or trigger next-gen FW protections. - AVD workload teams should collaborate with centralized teams that manage the shared infrastructure, like networking, to ensure that both Production and DR workloads have the appropriate route tables in place for failover of routing to perform as expected. - potentialBenefits: Enhanced failover reliability - pgVerified: true - publishedToLearn: false - automationAvailable: false - tags: - learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-area/management-business-continuity-disaster-recovery" - - description: Configure static routes for session hosts to directly access the AVD control plane subnet aprlGuid: 1c6c97d7-4d03-4f53-985d-fa239f715173 recommendationTypeId: null