From 3ba64556befec67864fb946b0d7bae5472068c98 Mon Sep 17 00:00:00 2001 From: "Rodrigo Reis Santos (AZURE)" Date: Wed, 10 Apr 2024 03:57:08 -0400 Subject: [PATCH 01/11] updating urls --- .../AVS/privateClouds/recommendations.yaml | 241 ++++++- .../service/recommendations.yaml | 21 +- .../automationAccounts/recommendations.yaml | 9 +- .../Batch/batchAccounts/recommendations.yaml | 11 +- .../Cache/Redis/recommendations.yaml | 7 +- .../Cdn/profiles/recommendations.yaml | 77 ++- .../Compute/galleries/recommendations.yaml | 21 +- .../recommendations.yaml | 55 +- .../virtualMachines/recommendations.yaml | 129 ++-- .../registries/recommendations.yaml | 51 +- .../managedClusters/recommendations.yaml | 147 +++-- .../flexibleServers/recommendations.yaml | 11 +- .../flexibleServers/recommendations.yaml | 11 +- .../workspaces/recommendations.yaml | 131 ++-- .../hostPools/recommendations.yaml | 614 +++++++++++++++++- .../Devices/IotHubs/recommendations.yaml | 33 +- .../databaseAccounts/recommendations.yaml | 43 +- .../EventGrid/topics/recommendations.yaml | 15 +- .../EventHub/namespaces/recommendations.yaml | 11 +- .../activityLogAlerts/recommendations.yaml | 17 +- .../Insights/components/recommendations.yaml | 7 +- .../KeyVault/vaults/recommendations.yaml | 23 +- .../netAppAccounts/recommendations.yaml | 63 +- .../recommendations.yaml | 25 +- .../applicationGateways/recommendations.yaml | 61 +- .../azureFirewalls/recommendations.yaml | 33 +- .../Network/connections/recommendations.yaml | 11 +- .../ddosProtectionPlans/recommendations.yaml | 7 +- .../expressRouteCircuits/recommendations.yaml | 37 +- .../expressRoutePorts/recommendations.yaml | 15 +- .../loadBalancers/recommendations.yaml | 21 +- .../recommendations.yaml | 23 +- .../networkWatchers/recommendations.yaml | 11 +- .../privateDnsZones/recommendations.yaml | 15 +- .../privateEndpoints/recommendations.yaml | 7 +- .../publicIPAddresses/recommendations.yaml | 21 +- .../Network/routeTables/recommendations.yaml | 11 +- .../recommendations.yaml | 26 +- .../recommendations.yaml | 65 +- .../virtualNetworks/recommendations.yaml | 25 +- .../recommendations.yaml | 7 +- .../workspaces/recommendations.yaml | 23 +- .../vaults/recommendations.yaml | 27 +- .../resourceGroups/recommendations.yaml | 26 +- .../namespaces/recommendations.yaml | 11 +- .../SignalR/recommendations.yaml | 7 +- .../Sql/servers/recommendations.yaml | 35 +- .../storageAccounts/recommendations.yaml | 53 +- .../subscriptions/recommendations.yaml | 7 +- .../imageTemplates/recommendations.yaml | 13 +- .../Web/serverFarms/recommendations.yaml | 27 +- .../Web/sites/recommendations.yaml | 29 +- .../hpc/recommendations-hpc.yaml | 75 +++ .../sap/recommendations-sap.yaml | 420 ++++++++++++ azure-waf/define/recommendations.yaml | 21 +- azure-waf/deploy/recommendations.yaml | 19 +- azure-waf/design/recommendations.yaml | 77 +-- azure-waf/monitor/recommendations.yaml | 45 +- azure-waf/respond/recommendations.yaml | 13 +- azure-waf/test/recommendations.yaml | 43 +- 60 files changed, 2395 insertions(+), 745 deletions(-) create mode 100644 azure-specialized-workloads/hpc/recommendations-hpc.yaml create mode 100644 azure-specialized-workloads/sap/recommendations-sap.yaml diff --git a/azure-resources/AVS/privateClouds/recommendations.yaml b/azure-resources/AVS/privateClouds/recommendations.yaml index 4fd43f7f4..3efc8c780 100644 --- a/azure-resources/AVS/privateClouds/recommendations.yaml +++ b/azure-resources/AVS/privateClouds/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Configure Azure Service Health notifications and alerts for Azure VMware Solution +- description: Configure Azure Service Health notifications and alerts for Azure VMware Solution aprlGuid: 74fcb9f2-9a25-49a6-8c42-d32851c4afb7 recommendationTypeId: null recommendationControl: Monitoring and Alerting @@ -14,8 +14,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/azure-vmware/eslz-management-and-monitoring#design-recommendations" + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/azure-vmware/eslz-management-and-monitoring#design-recommendations - description: Monitor when Azure VMware Solution Private Cloud is reaching the capacity limit aprlGuid: 29d7a115-dfb6-4df1-9205-04824109548f @@ -33,8 +33,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#configure-and-streamline-alerts" + - name: Configure and streamline alerts + url: https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#configure-and-streamline-alerts - description: Monitor when Azure VMware Solution Cluster Size is approaching the host limit aprlGuid: f86355e3-de7c-4dad-8080-1b0b411e66c8 @@ -52,8 +52,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#configure-and-streamline-alerts" + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#configure-and-streamline-alerts - description: Use the AVS Interconnect feature to connect private clouds in different availability zones aprlGuid: 726abfe3-adae-4a6d-8eb8-4b27a7214ca1 @@ -71,8 +71,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/azure-vmware/connect-multiple-private-clouds-same-region" + - name: Connect Private Clouds in the same region + url: https://learn.microsoft.com/en-us/azure/azure-vmware/connect-multiple-private-clouds-same-region - description: Integrate LDAPS Identity with dual sources for enhanced NSX and vCenter security aprlGuid: c2794660-ffd7-4da3-96ba-5d546b70b1c6 @@ -90,8 +90,10 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/azure-vmware/configure-identity-source-vcenter" + - name: Set an external identity source for vCenter + url: https://learn.microsoft.com/en-us/azure/azure-vmware/configure-identity-source-vcenter + - name: Set an external identity for NSX-T + url: https://learn.microsoft.com/en-us/azure/azure-vmware/configure-external-identity-source-nsx-t - description: Use HCX Network Extension High Availability aprlGuid: bce16eee-0933-4baa-ab4d-8d1bb5653fc2 @@ -109,8 +111,10 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/azure-vmware/configure-hcx-network-extension-high-availability" + - name: HCX Network extension high availability + url: https://learn.microsoft.com/en-us/azure/azure-vmware/configure-hcx-network-extension-high-availability + - name: Understanding Network Extension High Availability + url: https://docs.vmware.com/en/VMware-HCX/4.8/hcx-user-guide/GUID-E1353511-697A-44B0-82A0-852DB55F97D7.html - description: Verify Management Networks are not extended with HCX Network Extension aprlGuid: 6be9a543-cf82-4926-82ea-7e1f1ffaad80 @@ -128,8 +132,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://docs.vmware.com/en/VMware-HCX/4.8/hcx-user-guide/GUID-0C746416-850E-46F7-85DD-4D4326A23785.html" + - name: Requirements for Network Extension + url: https://docs.vmware.com/en/VMware-HCX/4.8/hcx-user-guide/GUID-0C746416-850E-46F7-85DD-4D4326A23785.html - description: Enable Stretched Clusters for Multi-AZ Availability of the vSAN Datastore aprlGuid: 9ec5b4c8-3dd8-473a-86ee-3273290331b9 @@ -147,8 +151,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/infrastructure#implement-high-availability" + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/infrastructure#implement-high-availability + - name: Stretched Clusters + url: https://learn.microsoft.com/en-us/azure/azure-vmware/deploy-vsan-stretched-clusters - description: Verify vSAN FTT configuration aligns with the cluster size aprlGuid: 0943aa90-e3db-4c61-aef1-782b6a6a3881 @@ -166,5 +172,202 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/application-platform#use-fault-domains" + - name: Use fault domains + url: https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/application-platform#use-fault-domains + - name: Configure storage policy + url: https://learn.microsoft.com/en-us/azure/azure-vmware/configure-storage-policy + +- description: Configure Azure Monitor Alert warning thresholds for vSAN datastore utilization + aprlGuid: 4232eb32-3241-4049-9e14-9b8005817b56 + recommendationTypeId: null + recommendationControl: Monitoring and Alerting + recommendationImpact: High + recommendationResourceType: Microsoft.AVS/privateClouds + recommendationMetadataState: Active + longDescription: | + Ensure VMware vSAN datastore slack space is maintained for SLA by monitoring storage utilization and setting alerts at 70% and 75% utilization to allow for capacity planning. To expand, add hosts or external storage like Azure Elastic SAN, Azure NetApp Files, if CPU and RAM requirements are met. + potentialBenefits: Optimized capacity planning for vSAN + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: arg + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/azure-vmware/configure-alerts-for-azure-vmware-solution#supported-metrics-and-activities + +- description: Configure Syslog in Diagnostic Settings for Azure VMware Solution + aprlGuid: fa4ab927-bced-429a-971a-53350de7f14b + recommendationTypeId: null + recommendationControl: Monitoring and Alerting + recommendationImpact: High + recommendationResourceType: Microsoft.AVS/privateClouds + recommendationMetadataState: Active + longDescription: | + Ensure Diagnostic Settings are configured for each private cloud to send syslogs to external sources for analysis and/or archiving. Azure VMware Solution Syslogs contain data for troubleshooting and performance, aiding quicker issue resolution and early detection of issues. + potentialBenefits: Faster issue resolution, early detection + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#manage-logs-and-archives + +- description: Monitor CPU Utilization to ensure sufficient resources for workloads + aprlGuid: 4ee5d535-c47b-470a-9557-4a3dd297d62f + recommendationTypeId: null + recommendationControl: Monitoring and Alerting + recommendationImpact: Medium + recommendationResourceType: Microsoft.AVS/privateClouds + recommendationMetadataState: Active + longDescription: | + Ensure sufficient compute resources to avoid host resource exhaustion in Azure VMware Solution, which utilizes vSphere DRS and HA for dynamic workload resource management. However, sustained CPU utilization over 95% may increase CPU Ready times, impacting workloads. + potentialBenefits: Avoids resource exhaustion, optimizes performance + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: arg + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#configure-and-streamline-alerts + +- description: Monitor Memory Utilization to ensure sufficient resources for workloads + aprlGuid: 029208c8-5186-4a76-8ee8-6e3445fef4dd + recommendationTypeId: null + recommendationControl: Monitoring and Alerting + recommendationImpact: Medium + recommendationResourceType: Microsoft.AVS/privateClouds + recommendationMetadataState: Active + longDescription: | + Ensure sufficient memory resources to prevent host resource exhaustion in Azure VMware Solution. It uses vSphere DRS and vSphere HA for dynamic workload management. Yet, continuous memory use over 95% leads to disk swapping, affecting workloads. + potentialBenefits: Avoids host exhaustion & swapping + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: arg + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#configure-and-streamline-alerts + +- description: Apply Resource delete lock on the resource group hosting the private cloud + aprlGuid: a5ef7c05-c611-4842-9af5-11efdc99123a + recommendationTypeId: null + recommendationControl: Governance + recommendationImpact: High + recommendationResourceType: Microsoft.AVS/privateClouds + recommendationMetadataState: Active + longDescription: | + Applying a resource delete lock to the Azure VMware Solution Private Cloud resource group prevents unauthorized or accidental deletion by anyone with contributor access, ensuring the protection and reliability of the Azure VMware Solution Private Cloud. + potentialBenefits: Prevents accidental deletion + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Lock your resources to protect your infrastructure + url: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources + +- description: Align ExpressRoute configuration with best practices for circuit resilience + aprlGuid: 6f573d60-be93-4f18-8016-42e923e3c05e + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: Microsoft.AVS/privateClouds + recommendationMetadataState: Active + longDescription: | + Microsoft suggests using two or more ExpressRoute circuits at distinct peering locations for critical workloads. Connect these circuits and your Azure VMware Solutions private clouds using Global Reach. + potentialBenefits: Enhanced circuit resilience for Azure VMware + pgVerified: Preview + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: APRL guidance for ExpressRoute circuits + url: https://azure.github.io/Azure-Proactive-Resiliency-Library/services/networking/expressroute-circuits + - name: Create a new ExpressRoute circuit + url: https://learn.microsoft.com/azure/expressroute/expressroute-howto-circuit-portal-resource-manager?pivots=expressroute-preview#create-a-new-expressroute-circuit-preview + +- description: Deploy dual Azure VMware Solution clouds in different regions for disaster recovery + aprlGuid: bdac462a-2eda-4a67-887d-46d58f141afe + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: High + recommendationResourceType: Microsoft.AVS/privateClouds + recommendationMetadataState: Active + longDescription: | + Two Azure VMware Solution private clouds can be deployed in different regions for business continuity, implementing a mesh network topology based on ExpressRoute Gateway Connections and Global Reach Connections. + potentialBenefits: Enhanced disaster recovery + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Private Clouds in two regions + url: https://learn.microsoft.com/en-us/azure/azure-vmware/move-azure-vmware-solution-across-regions + - name: Dual Region Network Topology + url: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/azure-vmware/eslz-dual-region-network-topology + +- description: Deploy two or more circuits in different peering locations when using stretched clusters + aprlGuid: 91c84596-1c41-48fe-8d5e-3f817e6a273b + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: Microsoft.AVS/privateClouds + recommendationMetadataState: Active + longDescription: | + Azure VMware Solution vSAN stretched clusters cover 2 Availability Zones plus a third for witness. Use ExpressRoute for added resilience by deploying two circuits in different locations. With Global Reach, create a mesh topology by connecting on-premises circuits to Azure's managed circuits. + potentialBenefits: Enhanced resilience & connectivity + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Deploy vSAN streched cluster + url: https://learn.microsoft.com/en-us/azure/azure-vmware/deploy-vsan-stretched-clusters#deploy-a-stretched-cluster-private-cloud + +- description: Use key autorotation for vSAN datastore customer-managed keys + aprlGuid: e0ac2f57-c8c0-4b8c-a7c8-19e5797828b5 + recommendationTypeId: null + recommendationControl: Security + recommendationImpact: High + recommendationResourceType: Microsoft.AVS/privateClouds + recommendationMetadataState: Active + longDescription: | + When using customer-managed keys for encrypting vSAN datastores, leveraging Azure Key Vault for central management and accessing them via a managed identity linked to the private cloud is advised. The expiration of these keys can render the vSAN datastore and its associated workloads inaccessible. + potentialBenefits: Avoid outages with key auto-rotation + pgVerified: Preview + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Configure Customer Managed Keys + url: https://learn.microsoft.com/en-us/azure/azure-vmware/configure-customer-managed-keys?tabs=azure-portal + +- description: Use multiple DNS servers per private FQDN zone + aprlGuid: fcc2e257-23af-4c68-aac8-9cc03033c939 + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: Microsoft.AVS/privateClouds + recommendationMetadataState: Active + longDescription: | + Azure VMware Solution private clouds support up to three DNS servers for a single FQDN, preventing a single DNS server from becoming a point of failure. It's crucial to use multiple DNS servers for on-premises FQDN resolution from each private cloud. + potentialBenefits: Enhances reliability & avoids failure + pgVerified: Preview + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Configure DNS forwarder + url: https://learn.microsoft.com/en-us/azure/azure-vmware/configure-dns-azure-vmware-solution#configure-dns-forwarder + diff --git a/azure-resources/ApiManagement/service/recommendations.yaml b/azure-resources/ApiManagement/service/recommendations.yaml index 3527559c2..e645e0c3a 100644 --- a/azure-resources/ApiManagement/service/recommendations.yaml +++ b/azure-resources/ApiManagement/service/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Migrate API Management services to Premium SKU to support Availability Zones +- description: Migrate API Management services to Premium SKU to support Availability Zones aprlGuid: baf3bfc0-32a2-4c0c-926d-c9bf0b49808e recommendationTypeId: null recommendationControl: High Availability @@ -14,8 +14,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/api-management/upgrade-and-scale#change-your-api-management-service-tier" + - name: Change your API Management service tier + url: https://learn.microsoft.com/en-us/azure/api-management/upgrade-and-scale#change-your-api-management-service-tier + - name: Migrate Azure API Management to availability zone support + url: https://learn.microsoft.com/en-us/azure/reliability/migrate-api-mgt - description: Enable Availability Zones on Premium API Management instances aprlGuid: 740f2c1c-8857-4648-80eb-47d2c56d5a50 @@ -33,8 +35,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/api-management/high-availability#availability-zones" + - name: Ensure API Management availability and reliability + url: https://learn.microsoft.com/en-us/azure/api-management/high-availability#availability-zones + - name: Migrate Azure API Management to availability zone support + url: https://learn.microsoft.com/en-us/azure/reliability/migrate-api-mgt - description: Upgrade to platform version stv2 aprlGuid: e35cf148-8eee-49d1-a1c9-956160f99e0b @@ -52,5 +56,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/api-management/breaking-changes/stv1-platform-retirement-august-2024" + - name: Azure API Management - stv1 platform retirement (August 2024) + url: https://learn.microsoft.com/en-us/azure/api-management/breaking-changes/stv1-platform-retirement-august-2024 + - name: Azure API Management compute platform + url: https://learn.microsoft.com/en-us/azure/api-management/compute-infrastructure + diff --git a/azure-resources/Automation/automationAccounts/recommendations.yaml b/azure-resources/Automation/automationAccounts/recommendations.yaml index ce19c7d3e..6bcbc0d29 100644 --- a/azure-resources/Automation/automationAccounts/recommendations.yaml +++ b/azure-resources/Automation/automationAccounts/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Set up disaster recovery of Automation accounts and its dependent resources +- description: Set up disaster recovery of Automation accounts and its dependent resources aprlGuid: 67205887-0733-466e-b50e-b1cd7316c514 recommendationTypeId: null recommendationControl: High Availability @@ -14,5 +14,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/automation/automation-disaster-recovery?tabs=win-hrw%2Cps-script%2Coption-one" + - name: Disaster recovery for Automation accounts + url: https://learn.microsoft.com/en-us/azure/automation/automation-disaster-recovery?tabs=win-hrw%2Cps-script%2Coption-one + - name: Disaster recovery scenarios for cloud and hybrid jobs + url: https://learn.microsoft.com/en-us/azure/automation/automation-disaster-recovery?tabs=win-hrw%2Cps-script%2Coption-one#scenarios-for-cloud-and-hybrid-jobs + diff --git a/azure-resources/Batch/batchAccounts/recommendations.yaml b/azure-resources/Batch/batchAccounts/recommendations.yaml index 73ce456e7..bb3776f76 100644 --- a/azure-resources/Batch/batchAccounts/recommendations.yaml +++ b/azure-resources/Batch/batchAccounts/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Monitor Batch Account quota +- description: Monitor Batch Account quota aprlGuid: 3464854d-6f75-4922-95e4-a2a308b53ce6 recommendationTypeId: null recommendationControl: Monitoring and Alerting @@ -14,8 +14,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/reliability/reliability-batch#cross-region-disaster-recovery-and-business-continuity" + - name: Learn More + url: https://learn.microsoft.com/azure/reliability/reliability-batch#cross-region-disaster-recovery-and-business-continuity - description: Create an Azure Batch pool across Availability Zones aprlGuid: 71cfab8f-d588-4742-b175-b6e07ae48dbd @@ -33,5 +33,6 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/batch/create-pool-availability-zones" + - name: Learn More + url: https://learn.microsoft.com/azure/batch/create-pool-availability-zones + diff --git a/azure-resources/Cache/Redis/recommendations.yaml b/azure-resources/Cache/Redis/recommendations.yaml index d6c410ac7..35d7abff4 100644 --- a/azure-resources/Cache/Redis/recommendations.yaml +++ b/azure-resources/Cache/Redis/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Enable zone redundancy for Azure Cache for Redis +- description: Enable zone redundancy for Azure Cache for Redis aprlGuid: 5a44bd30-ae6a-4b81-9b68-dc3a8ffca4d8 recommendationTypeId: null recommendationControl: High Availability @@ -14,5 +14,6 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/azure-cache-for-redis/cache-how-to-zone-redundancy" + - name: Enable zone redundancy for Azure Cache for Redis + url: https://learn.microsoft.com/azure/azure-cache-for-redis/cache-how-to-zone-redundancy + diff --git a/azure-resources/Cdn/profiles/recommendations.yaml b/azure-resources/Cdn/profiles/recommendations.yaml index 140e7d2b7..d42141865 100644 --- a/azure-resources/Cdn/profiles/recommendations.yaml +++ b/azure-resources/Cdn/profiles/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Avoid combining Traffic Manager and Front Door +- description: Avoid combining Traffic Manager and Front Door aprlGuid: 9437634c-d69e-2747-b13e-631c13182150 recommendationTypeId: null recommendationControl: Business Continuity @@ -14,8 +14,14 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/architecture/guide/technology-choices/load-balancing-overview" + - name: Azure Load Balancing Options + url: https://learn.microsoft.com/azure/architecture/guide/technology-choices/load-balancing-overview + - name: Azure Traffic Manager + url: https://learn.microsoft.com/azure/traffic-manager/traffic-manager-overview + - name: Azure Front Door + url: https://learn.microsoft.com/azure/frontdoor/front-door-overview + - name: Mission-critical global content delivery + url: https://learn.microsoft.com/en-us/azure/architecture/guide/networking/global-web-applications/mission-critical-content-delivery - description: Restrict traffic to your origins aprlGuid: 6c40b7ae-2bea-5748-be1a-9e9e3b834649 @@ -33,8 +39,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/frontdoor/origin-security?tabs=app-service-functions&pivots=front-door-standard-premium" + - name: Secure traffic to Azure Front Door origins + url: https://learn.microsoft.com/azure/frontdoor/origin-security?tabs=app-service-functions&pivots=front-door-standard-premium - description: Use the latest API version and SDK version aprlGuid: 52bc9a7b-23c8-bc4c-9d2a-7bc43b50104a @@ -52,8 +58,12 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/rest/api/frontdoor/" + - name: REST API Reference + url: https://learn.microsoft.com/rest/api/frontdoor/ + - name: Client library for Java + url: https://learn.microsoft.com/java/api/overview/azure/resourcemanager-frontdoor-readme?view=azure-java-preview + - name: SDK for Python + url: https://learn.microsoft.com/python/api/overview/azure/front-door?view=azure-python - description: Configure logs aprlGuid: 1ad74c3c-e3d7-0046-b83f-a2199974ef15 @@ -71,8 +81,12 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/frontdoor/front-door-diagnostics?pivots=front-door-standard-premium" + - name: Monitor metrics and logs in Azure Front Door + url: https://learn.microsoft.com/azure/frontdoor/front-door-diagnostics?pivots=front-door-standard-premium + - name: WAF logs + url: https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-monitor?pivots=front-door-standard-premium#waf-logs + - name: Configure Azure Front Door logs + url: https://learn.microsoft.com/azure/frontdoor/standard-premium/how-to-logs - description: Use end-to-end TLS aprlGuid: d9bd6780-0d6f-cd4c-bc66-8ddcab12f3d1 @@ -90,8 +104,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/frontdoor/end-to-end-tls?pivots=front-door-standard-premium" + - name: End-to-end TLS with Azure Front Door + url: https://learn.microsoft.com/azure/frontdoor/end-to-end-tls?pivots=front-door-standard-premium - description: Use HTTP to HTTPS redirection aprlGuid: 24ab9f11-a3e4-3043-a985-22cf94c4933a @@ -109,8 +123,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/frontdoor/front-door-how-to-redirect-https#create-http-to-https-redirect-rule" + - name: Create HTTP to HTTPS redirect rule + url: https://learn.microsoft.com/azure/frontdoor/front-door-how-to-redirect-https#create-http-to-https-redirect-rule - description: Use managed TLS certificates aprlGuid: 29d65c41-2fad-d142-95eb-9eab95f6c0a5 @@ -128,8 +142,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/frontdoor/standard-premium/how-to-configure-https-custom-domain?tabs=powershell" + - name: Configure HTTPS on an Azure Front Door custom domain using the Azure portal + url: https://learn.microsoft.com/azure/frontdoor/standard-premium/how-to-configure-https-custom-domain?tabs=powershell - description: Use latest version for customer-managed certificates aprlGuid: 4638c2c0-03de-6d42-9e09-82ee4478cbf3 @@ -147,8 +161,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/frontdoor/standard-premium/how-to-configure-https-custom-domain?tabs=powershell#select-the-certificate-for-azure-front-door-to-deploy" + - name: Select the certificate for Azure Front Door to deploy + url: https://learn.microsoft.com/azure/frontdoor/standard-premium/how-to-configure-https-custom-domain?tabs=powershell#select-the-certificate-for-azure-front-door-to-deploy - description: Use the same domain name on Front Door and your origin aprlGuid: cd6a32af-747a-e649-82a7-a98f528ca842 @@ -166,8 +180,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/architecture/best-practices/host-name-preservation" + - name: Preserve the original HTTP host name between a reverse proxy and its back-end web application + url: https://learn.microsoft.com/azure/architecture/best-practices/host-name-preservation - description: Enable the WAF aprlGuid: 1bd2b7e8-400f-e64a-99a2-c572f7b08a62 @@ -185,8 +199,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/frontdoor/web-application-firewall" + - name: https://learn.microsoft.com/azure/frontdoor/web-application-firewall + url: https://learn.microsoft.com/azure/frontdoor/web-application-firewall - description: Disable health probes when there is only one origin in an origin group aprlGuid: 38f3d542-6de6-a44b-86c6-97e3be690281 @@ -204,8 +218,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/frontdoor/health-probes" + - name: Health probes + url: https://learn.microsoft.com/azure/frontdoor/health-probes - description: Select good health probe endpoints aprlGuid: 5225bba3-28ec-1e43-8986-7eedfd466d65 @@ -223,8 +237,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/architecture/patterns/health-endpoint-monitoring" + - name: Health Endpoint Monitoring pattern + url: https://learn.microsoft.com/azure/architecture/patterns/health-endpoint-monitoring - description: Use HEAD health probes aprlGuid: 5783defe-b49e-d947-84f7-d8677593f324 @@ -242,8 +256,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/frontdoor/health-probes#supported-http-methods-for-health-probes" + - name: Supported HTTP methods for health probes + url: https://learn.microsoft.com/azure/frontdoor/health-probes#supported-http-methods-for-health-probes - description: Use geo-filtering in Azure Front Door aprlGuid: b515690d-3bf9-3a49-8d38-188e0fd45896 @@ -261,8 +275,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-geo-filtering" + - name: Geo filter WAF policy - GeoMatch + url: https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-geo-filtering - description: Secure your Origin with Private Link in Azure Front Door aprlGuid: 1cfe7834-56ec-ff41-b11d-993734705dba @@ -280,5 +294,6 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/frontdoor/private-link" + - name: Private link for Azure Front Door + url: https://learn.microsoft.com/azure/frontdoor/private-link + diff --git a/azure-resources/Compute/galleries/recommendations.yaml b/azure-resources/Compute/galleries/recommendations.yaml index b1ecc51cb..f29d6dda5 100644 --- a/azure-resources/Compute/galleries/recommendations.yaml +++ b/azure-resources/Compute/galleries/recommendations.yaml @@ -1,4 +1,4 @@ -- description: A minimum of three replicas should be kept for production image versions +- description: A minimum of three replicas should be kept for production image versions aprlGuid: b49a39fd-f431-4b61-9062-f2157849d845 recommendationTypeId: null recommendationControl: High Availability @@ -14,8 +14,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/virtual-machines/azure-compute-gallery#best-practices" + - name: Compute Gallery best practices + url: https://learn.microsoft.com/en-us/azure/virtual-machines/azure-compute-gallery#best-practices - description: Zone redundant storage should be used for image versions aprlGuid: 488dcc8b-f2e3-40ce-bf95-73deb2db095f @@ -33,8 +33,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/virtual-machines/azure-compute-gallery#best-practices" + - name: Compute Gallery best practices + url: https://learn.microsoft.com/en-us/azure/virtual-machines/azure-compute-gallery#best-practices + - name: Zone-redundant storage + url: https://learn.microsoft.com/en-us/azure/storage/common/storage-redundancy#zone-redundant-storage - description: Consider creating TrustedLaunchSupported images where possible aprlGuid: 1c5e1e58-4e56-491c-8529-10f37af9d4ed @@ -52,5 +54,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/virtual-machines/azure-compute-gallery#best-practices" + - name: Compute Gallery best practices + url: https://learn.microsoft.com/en-us/azure/virtual-machines/azure-compute-gallery#best-practices + - name: Generation 1 vs Generation 2 in Hyper-V + url: https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/should-i-create-a-generation-1-or-2-virtual-machine-in-hyper-v + - name: Images in Compute gallery + url: https://learn.microsoft.com/en-us/azure/virtual-machines/shared-image-galleries?tabs=azure-cli + diff --git a/azure-resources/Compute/virtualMachineScaleSets/recommendations.yaml b/azure-resources/Compute/virtualMachineScaleSets/recommendations.yaml index b0f54d81c..530d1289d 100644 --- a/azure-resources/Compute/virtualMachineScaleSets/recommendations.yaml +++ b/azure-resources/Compute/virtualMachineScaleSets/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Deploy VMSS with Flex orchestration mode instead of Uniform +- description: Deploy VMSS with Flex orchestration mode instead of Uniform aprlGuid: e7495e1c-0c75-0946-b266-b429b5c7f3bf recommendationTypeId: null recommendationControl: Scalability @@ -14,8 +14,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-design-overview#when-to-use-scale-sets-instead-of-virtual-machines" + - name: When to use VMSS instead of VMs + url: https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-design-overview#when-to-use-scale-sets-instead-of-virtual-machines + - name: Azure Well-Architected Framework review - Virtual Machines and Scale Sets + url: https://learn.microsoft.com/azure/well-architected/services/compute/virtual-machines/virtual-machines-review - description: Enable VMSS application health monitoring aprlGuid: 94794d2a-eff0-2345-9b67-6f9349d0a627 @@ -33,8 +35,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-health-extension?tabs=rest-api" + - name: Using Application Health extension with Virtual Machine Scale Sets + url: https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-health-extension?tabs=rest-api - description: Enable Automatic Repair policy aprlGuid: 820f4743-1f94-e946-ae0b-45efafd87962 @@ -52,8 +54,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-instance-repairs#requirements-for-using-automatic-instance-repairs" + - name: Automatic instance repairs for Azure Virtual Machine Scale Sets + url: https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-instance-repairs#requirements-for-using-automatic-instance-repairs - description: Configure VMSS Autoscale to custom and configure the scaling metrics aprlGuid: ee66ff65-9aa3-2345-93c1-25827cf79f44 @@ -71,8 +73,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/azure-monitor/autoscale/autoscale-get-started?WT.mc_id=Portal-Microsoft_Azure_Monitoring" + - name: Get started with autoscale in Azure + url: https://learn.microsoft.com/azure/azure-monitor/autoscale/autoscale-get-started?WT.mc_id=Portal-Microsoft_Azure_Monitoring + - name: Overview of autoscale in Azure + url: https://learn.microsoft.com/azure/azure-monitor/autoscale/autoscale-overview - description: Enable Predictive autoscale and configure at least for Forecast Only aprlGuid: 3f85a51c-e286-9f44-b4dc-51d00768696c @@ -90,8 +94,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/azure-monitor/autoscale/autoscale-predictive" + - name: Use predictive autoscale to scale out before load demands in virtual machine scale sets + url: https://learn.microsoft.com/azure/azure-monitor/autoscale/autoscale-predictive - description: Disable Force strictly even balance across zones to avoid scale in and out fail attempts aprlGuid: b5a63aa0-c58e-244f-b8a6-cbba0560a6db @@ -109,8 +113,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-scale-in-policy" + - name: Use scale-in policies with Azure Virtual Machine Scale Sets + url: https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-scale-in-policy - description: Configure Allocation Policy Spreading algorithm to Max Spreading aprlGuid: 457e1648-8aa2-214d-a854-11a4084ecdc9 @@ -128,8 +132,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-use-availability-zones#availability-considerations" + - name: Availability Considerations + url: https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-use-availability-zones#availability-considerations - description: Deploy VMSS across availability zones with VMSS Flex aprlGuid: 1422c567-782c-7148-ac7c-5fc14cf45adc @@ -147,8 +151,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-use-availability-zones" + - name: Create a Virtual Machine Scale Set that uses Availability Zones + url: https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-use-availability-zones + - name: Update scale set to add availability zones + url: https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-use-availability-zones?tabs=cli-1%2Cportal-2#update-scale-set-to-add-availability-zones - description: Set Patch orchestration options to Azure-orchestrated aprlGuid: e4ffd7b0-ba24-c84e-9352-ba4819f908c0 @@ -166,8 +172,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/virtual-machines/automatic-vm-guest-patching" + - name: Automatic VM Guest Patching for Azure VMs + url: https://learn.microsoft.com/azure/virtual-machines/automatic-vm-guest-patching + - name: Auto OS Image Upgrades + url: https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade - description: Upgrade VMSS Image versions scheduled to be deprecated or already retired aprlGuid: 83d61669-7bd6-9642-a305-175db8adcdf4 @@ -185,8 +193,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/virtual-machines/deprecated-images" + - name: Deprecated Azure Marketplace images + url: https://learn.microsoft.com/en-us/azure/virtual-machines/deprecated-images - description: Production VMSS instances should be using SSD disks aprlGuid: 1074f391-22bf-42f5-9c95-68af5ad89bf6 @@ -204,5 +212,6 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison" + - name: Disk Comparison + url: https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison + diff --git a/azure-resources/Compute/virtualMachines/recommendations.yaml b/azure-resources/Compute/virtualMachines/recommendations.yaml index b45119c93..a729ba040 100644 --- a/azure-resources/Compute/virtualMachines/recommendations.yaml +++ b/azure-resources/Compute/virtualMachines/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Run production workloads on two or more VMs using VMSS Flex +- description: Run production workloads on two or more VMs using VMSS Flex aprlGuid: 273f6b30-68e0-4241-85ea-acf15ffb60bf recommendationTypeId: null recommendationControl: High Availability @@ -14,8 +14,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-orchestration-modes#what-has-changed-with-flexible-orchestration-mode" + - name: What has changed with Flexible orchestration mode + url: https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-orchestration-modes#what-has-changed-with-flexible-orchestration-mode + - name: Attach or detach a Virtual Machine to or from a Virtual Machine Scale Set + url: https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-attach-detach-vm?branch=main&tabs=portal-1%2Cportal-2%2Cportal-3 - description: Deploy VMs across Availability Zones aprlGuid: 2bd0be95-a825-6f47-a8c6-3db1fb5eb387 @@ -33,8 +35,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/virtual-machines/create-portal-availability-zone?tabs=standard" + - name: Create virtual machines in an availability zone using the Azure portal + url: https://learn.microsoft.com/azure/virtual-machines/create-portal-availability-zone?tabs=standard - description: Migrate VMs using availability sets to VMSS Flex aprlGuid: a8d25876-7951-b646-b4e8-880c9031596b @@ -52,8 +54,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#virtual-machines" + - name: Resiliency checklist for Virtual Machines + url: https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#virtual-machines - description: Replicate VMs using Azure Site Recovery aprlGuid: cfe22a65-b1db-fd41-9e8e-d573922709ae @@ -71,8 +73,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#virtual-machines" + - name: Resiliency checklist for Virtual Machines + url: https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#virtual-machines + - name: Run a test failover (disaster recovery drill) to Azure + url: https://learn.microsoft.com/azure/site-recovery/site-recovery-test-failover-to-azure - description: Use Managed Disks for VM disks aprlGuid: 122d11d7-b91f-8747-a562-f56b79bcfbdc @@ -90,8 +94,12 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/virtual-machines/unmanaged-disks-deprecation" + - name: Migrate your Azure unmanaged disks by Sep 30, 2025 + url: https://learn.microsoft.com/azure/virtual-machines/unmanaged-disks-deprecation + - name: Migrate Windows VM from unmanaged disks to managed disks + url: https://learn.microsoft.com/azure/virtual-machines/windows/convert-unmanaged-to-managed-disks + - name: Migrate Linux VM from unmanaged disks to managed disks + url: https://learn.microsoft.com/azure/virtual-machines/linux/convert-unmanaged-to-managed-disks - description: Host database data on a data disk aprlGuid: 4ea2878f-0d69-8d4a-b715-afc10d1e538e @@ -109,8 +117,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview#data-disk" + - name: Introduction to Azure managed disks - Data disks + url: https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview#data-disk + - name: Azure managed disk types + url: https://learn.microsoft.com/azure/virtual-machines/disks-types - description: Backup VMs with Azure Backup service aprlGuid: 1981f704-97b9-b645-9c57-33f8ded9261a @@ -128,8 +138,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/backup/backup-overview" + - name: What is the Azure Backup service? + url: https://learn.microsoft.com/azure/backup/backup-overview - description: Production VMs should be using SSD disks aprlGuid: d3f3ee41-b9aa-d34d-b442-5d46d20232b2 @@ -147,8 +157,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/virtual-machines/disks-types#premium-ssd" + - name: Azure managed disk types + url: https://learn.microsoft.com/azure/virtual-machines/disks-types#premium-ssd - description: Review VMs in stopped state aprlGuid: 98b334c0-8578-6046-9e43-b6e8fce6318e @@ -166,8 +176,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/virtual-machines/states-billing?context=%2Ftroubleshoot%2Fazure%2Fvirtual-machines%2Fcontext%2Fcontext#power-states-and-billing" + - name: States and billing status of Azure Virtual Machines + url: https://learn.microsoft.com/azure/virtual-machines/states-billing?context=%2Ftroubleshoot%2Fazure%2Fvirtual-machines%2Fcontext%2Fcontext#power-states-and-billing - description: Enable Accelerated Networking (AccelNet) aprlGuid: dfedbeb1-1519-fc47-86a5-52f96cf07105 @@ -185,8 +195,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/virtual-network/accelerated-networking-overview" + - name: Accelerated Networking (AccelNet) overview + url: https://learn.microsoft.com/azure/virtual-network/accelerated-networking-overview - description: When AccelNet is enabled, you must manually update the GuestOS NIC driver aprlGuid: 73d1bb04-7d3e-0d47-bc0d-63afe773b5fe @@ -204,8 +214,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/virtual-network/accelerated-networking-overview" + - name: Accelerated Networking (AccelNet) overview + url: https://learn.microsoft.com/azure/virtual-network/accelerated-networking-overview - description: VMs should not have a Public IP directly associated aprlGuid: 1f629a30-c9d0-d241-82ee-6f2eb9d42cb4 @@ -223,8 +233,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/load-balancer/load-balancer-outbound-connections" + - name: Use Source Network Address Translation (SNAT) for outbound connections + url: https://learn.microsoft.com/azure/load-balancer/load-balancer-outbound-connections - description: VM network interfaces and associated subnets both have a Network Security Group (NSG) associated aprlGuid: 82b3cf6b-9ae2-2e44-b193-10793213f676 @@ -242,8 +252,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/virtual-network/network-security-group-how-it-works#intra-subnet-traffic" + - name: How network security groups filter network traffic + url: https://learn.microsoft.com/azure/virtual-network/network-security-group-how-it-works#intra-subnet-traffic - description: IP Forwarding should only be enabled for Network Virtual Appliances aprlGuid: 41a22a5e-5e08-9647-92d0-2ffe9ef1bdad @@ -261,8 +271,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/virtual-network/virtual-network-network-interface?tabs=network-interface-portal#enable-or-disable-ip-forwarding" + - name: Enable or disable IP forwarding + url: https://learn.microsoft.com/azure/virtual-network/virtual-network-network-interface?tabs=network-interface-portal#enable-or-disable-ip-forwarding - description: Customer DNS Servers should be configured in the Virtual Network level aprlGuid: 1cf8fe21-9593-1e4e-966b-779a294c0d30 @@ -280,8 +290,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances" + - name: Name resolution for resources in Azure virtual networks + url: https://learn.microsoft.com/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances - description: Shared disks should only be enabled in clustered servers aprlGuid: 3263a64a-c256-de48-9818-afd3cbc55c2a @@ -299,8 +309,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/virtual-machines/disks-shared-enable?tabs=azure-portal" + - name: Azure Shared Disk Introduction + url: https://learn.microsoft.com/azure/virtual-machines/disks-shared + - name: Enable Shared Disks + url: https://learn.microsoft.com/azure/virtual-machines/disks-shared-enable?tabs=azure-portal - description: Network access to the VM disk should be set to Disable public access and enable private access aprlGuid: 70b1d2be-e6c4-b54e-9959-b1b690f9e485 @@ -318,8 +330,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/virtual-machines/disks-enable-private-links-for-import-export-portal" + - name: Restrict import/export access for managed disks using Azure Private Link + url: https://learn.microsoft.com/azure/virtual-machines/disks-enable-private-links-for-import-export-portal - description: Ensure that your VMs are compliant with Azure Policies aprlGuid: c42343ae-2712-2843-a285-3437eb0b28a1 @@ -337,8 +349,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-principles#policy-driven-governance" + - name: Policy-driven governance + url: https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-principles#policy-driven-governance + - name: Azure Policy Regulatory Compliance controls for Azure Virtual Machines + url: https://learn.microsoft.com/azure/virtual-machines/security-policy - description: Enable advanced encryption options for your managed disks aprlGuid: f0a97179-133a-6e4f-8a49-8a44da73ffce @@ -356,8 +370,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/virtual-machines/disk-encryption-overview" + - name: Overview of managed disk encryption options + url: https://learn.microsoft.com/azure/virtual-machines/disk-encryption-overview - description: Enable VM Insights aprlGuid: b72214bb-e879-5f4b-b9cd-642db84f36f4 @@ -375,8 +389,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/azure-monitor/vm/vminsights-overview" + - name: Overview of VM insights + url: https://learn.microsoft.com/azure/azure-monitor/vm/vminsights-overview + - name: Did the extension install properly? + url: https://learn.microsoft.com/azure/azure-monitor/vm/vminsights-troubleshoot#did-the-extension-install-properly - description: Configure diagnostic settings for all Azure Virtual Machines aprlGuid: 4a9d8973-6dba-0042-b3aa-07924877ebd5 @@ -394,8 +410,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/azure-monitor/essentials/diagnostic-settings?tabs=portal" + - name: Diagnostic settings in Azure Monitor + url: https://learn.microsoft.com/azure/azure-monitor/essentials/diagnostic-settings?tabs=portal - description: Use maintenance configurations for the VMs aprlGuid: 52ab9e5c-eec0-3148-8bd7-b6dd9e1be870 @@ -413,8 +429,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/virtual-machines/maintenance-configurations" + - name: Use maintenance configurations to control and manage the VM updates + url: https://learn.microsoft.com/azure/virtual-machines/maintenance-configurations - description: Don't use A or B-Series VMs for production needing constant full CPU performance aprlGuid: 3201dba8-d1da-4826-98a4-104066545170 @@ -432,8 +448,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/virtual-machines/sizes-b-series-burstable" + - name: B-series burstable virtual machine sizes + url: https://learn.microsoft.com/en-us/azure/virtual-machines/sizes-b-series-burstable - description: Mission Critical Workloads should be using Premium or Ultra Disks aprlGuid: df0ff862-814d-45a3-95e4-4fad5a244ba6 @@ -451,8 +467,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison" + - name: Disk type comparison and decision tree + url: https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison - description: Use Azure Boost VMs for Maintenance sensitive workload aprlGuid: 9ab499d8-8844-424d-a2d4-8f53690eb8f8 @@ -470,8 +486,10 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/azure-boost/overview" + - name: Microsoft Azure Boost + url: https://learn.microsoft.com/azure/azure-boost/overview + - name: Announcing the general availability of Azure Boost + url: https://aka.ms/AzureBoostGABlog - description: Enable Scheduled Events for Maintenance sensitive workload VMs aprlGuid: 2de8fa5e-14f4-4c4c-857f-1520f87a629f @@ -489,5 +507,10 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/virtual-machines/windows/scheduled-event-service" + - name: Monitor scheduled events for your Azure VMs + url: https://learn.microsoft.com/azure/virtual-machines/windows/scheduled-event-service + - name: Azure Metadata Service: Scheduled Events for Linux VMs + url: https://learn.microsoft.com/azure/virtual-machines/linux/scheduled-events + - name: Azure Metadata Service: Scheduled Events for Windows VMs + url: https://learn.microsoft.com/azure/virtual-machines/windows/scheduled-events + diff --git a/azure-resources/ContainerRegistry/registries/recommendations.yaml b/azure-resources/ContainerRegistry/registries/recommendations.yaml index 0f8685565..f9183cac4 100644 --- a/azure-resources/ContainerRegistry/registries/recommendations.yaml +++ b/azure-resources/ContainerRegistry/registries/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Use Premium tier for critical production workloads +- description: Use Premium tier for critical production workloads aprlGuid: eb005943-40a8-194b-9db2-474d430046b7 recommendationTypeId: null recommendationControl: Scalability @@ -14,8 +14,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-best-practices" + - name: Container Registry Best Practices + url: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-best-practices - description: Enable zone redundancy aprlGuid: 63491f70-22e4-3b4a-8b0c-845450e46fac @@ -33,8 +33,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://review.learn.microsoft.com/en-us/azure/container-registry/zone-redundancy?toc=%2Fazure%2Freliability%2Ftoc.json&bc=%2Fazure%2Freliability%2Fbreadcrumb%2Ftoc.json&branch=main" + - name: Registry best practices - Enable zone redundancy + url: https://review.learn.microsoft.com/en-us/azure/container-registry/zone-redundancy?toc=%2Fazure%2Freliability%2Ftoc.json&bc=%2Fazure%2Freliability%2Fbreadcrumb%2Ftoc.json&branch=main - description: Enable geo-replication aprlGuid: 36ea6c09-ef6e-d743-9cfb-bd0c928a430b @@ -52,8 +52,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-best-practices#geo-replicate-multi-region-deployments" + - name: Registry best practices - Enable geo-replication + url: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-best-practices#geo-replicate-multi-region-deployments + - name: Geo-Replicate Container Registry + url: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-geo-replication - description: Use Repository namespaces aprlGuid: a5a0101a-a240-8742-90ba-81dbde9a0c0c @@ -71,8 +73,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-best-practices#repository-namespaces" + - name: Registry best practices - use repository namespaces + url: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-best-practices#repository-namespaces - description: Move Container Registry to a dedicated resource group aprlGuid: 8e389532-5db5-7e4c-9d4d-443b3e55ae82 @@ -90,8 +92,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-best-practices#dedicated-resource-group" + - name: Registry best practices - Use dedicated resource group + url: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-best-practices#dedicated-resource-group - description: Manage registry size aprlGuid: 3ef86f16-f65b-c645-9901-7830d6dc3a1b @@ -109,8 +111,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-best-practices#manage-registry-size" + - name: Registry best practices - Manage registry size + url: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-best-practices#manage-registry-size + - name: Retention Policy + url: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-retention-policy#about-the-retention-policy - description: Disable anonymous pull access aprlGuid: 03f4a7d8-c5b4-7842-8e6e-14997a34842b @@ -128,8 +132,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/container-registry/anonymous-pull-access#about-anonymous-pull-access" + - name: Enable anonymous pull access + url: https://learn.microsoft.com/en-us/azure/container-registry/anonymous-pull-access#about-anonymous-pull-access - description: Configure Diagnostic Settings for all Azure Container Registries aprlGuid: 44107155-7a32-9348-89f3-d5aa7e7c5a1d @@ -147,8 +151,10 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/container-registry/monitor-service-reference#resource-logs" + - name: Monitoring Azure Container Registry data reference - Resource Logs + url: https://learn.microsoft.com/en-us/azure/container-registry/monitor-service-reference#resource-logs + - name: Monitor Azure Container Registry - Enable diagnostic logs + url: https://learn.microsoft.com/en-us/azure/container-registry/monitor-service#collection-and-routing - description: Monitor Azure Container Registry with Azure Monitor aprlGuid: d594cde6-4116-d143-a64a-25f63289a2f8 @@ -166,8 +172,10 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/container-registry/monitor-service-reference#metrics" + - name: Monitoring Azure Container Registry data reference + url: https://learn.microsoft.com/en-us/azure/container-registry/monitor-service-reference#metrics + - name: Monitor Azure Container Registry + url: https://learn.microsoft.com/en-us/azure/container-registry/monitor-service - description: Enable soft delete policy aprlGuid: e7f0fd54-fba0-054e-9ab8-e676f2851f88 @@ -185,5 +193,6 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-soft-delete-policy" + - name: Enable soft delete policy + url: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-soft-delete-policy + diff --git a/azure-resources/ContainerService/managedClusters/recommendations.yaml b/azure-resources/ContainerService/managedClusters/recommendations.yaml index 106f3eae5..1fe523c31 100644 --- a/azure-resources/ContainerService/managedClusters/recommendations.yaml +++ b/azure-resources/ContainerService/managedClusters/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Deploy AKS cluster across availability zones +- description: Deploy AKS cluster across availability zones aprlGuid: 4f63619f-5001-439c-bacb-8de891287727 recommendationTypeId: null recommendationControl: High Availability @@ -14,8 +14,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/aks/availability-zones" + - name: AKS Availability Zones + url: https://learn.microsoft.com/en-us/azure/aks/availability-zones + - name: Zone Balancing + url: https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-use-availability-zones#zone-balancing - description: Isolate system and application pods aprlGuid: 5ee083cd-6ac3-4a83-8913-9549dd36cf56 @@ -33,8 +35,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/aks/use-system-pools?tabs=azure-cli#system-and-user-node-pools" + - name: System and user node pools + url: https://learn.microsoft.com/en-us/azure/aks/use-system-pools?tabs=azure-cli#system-and-user-node-pools - description: Disable local accounts aprlGuid: ca324d71-54b0-4a3e-b9e4-10e767daa9fc @@ -52,8 +54,12 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/aks/concepts-identity#azure-ad-integration" + - name: Entra integration + url: https://learn.microsoft.com/en-us/azure/aks/concepts-identity#azure-ad-integration + - name: Use Azure role-based access control for AKS + url: https://learn.microsoft.com/en-us/azure/aks/manage-azure-rbac?source=recommendations + - name: Manage AKS local accounts + url: https://learn.microsoft.com/en-us/azure/aks/manage-local-accounts-managed-azure-ad?source=recommendations - description: Configure Azure CNI networking for dynamic allocation of IPs aprlGuid: c22db132-399b-4e7c-995d-577a60881be8 @@ -71,8 +77,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/aks/configure-azure-cni-dynamic-ip-allocation" + - name: Configure Azure CNI networking + url: https://learn.microsoft.com/en-us/azure/aks/configure-azure-cni-dynamic-ip-allocation + - name: Configure Azure CNI Overlay networking + url: https://learn.microsoft.com/en-us/azure/aks/azure-cni-overlay - description: Enable the cluster auto-scaler on an existing cluster aprlGuid: 902c82ff-4910-4b61-942d-0d6ef7f39b67 @@ -90,8 +98,14 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/aks/cluster-autoscaler?tabs=azure-cli" + - name: Use the Cluster Autoscaler on AKS + url: https://learn.microsoft.com/azure/aks/cluster-autoscaler?tabs=azure-cli + - name: Best practices for advanced scheduler features + url: https://learn.microsoft.com/azure/aks/operator-best-practices-advanced-scheduler + - name: Node pool scaling considerations and best practices + url: https://learn.microsoft.com/azure/aks/best-practices-performance-scale-large#node-pool-scaling + - name: Best practices for basic scheduler features + url: https://learn.microsoft.com/azure/aks/operator-best-practices-scheduler - description: Back up Azure Kubernetes Service aprlGuid: 269a9f1a-6675-460a-831e-b05a887a8c4b @@ -109,8 +123,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/backup/azure-kubernetes-service-cluster-backup" + - name: AKS Backups + url: https://learn.microsoft.com/en-us/azure/backup/azure-kubernetes-service-cluster-backup + - name: Best Practices for AKS Backups + url: https://learn.microsoft.com/en-us/azure/aks/operator-best-practices-storage - description: Plan an AKS version upgrade aprlGuid: e6188d3b-7fbc-4ecf-a37b-b658f9efcdc4 @@ -128,8 +144,12 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/aks/operator-best-practices-cluster-security?tabs=azure-cli#regularly-update-to-the-latest-version-of-kubernetes" + - name: Updating to the latest AKS version + url: https://learn.microsoft.com/azure/aks/operator-best-practices-cluster-security?tabs=azure-cli#regularly-update-to-the-latest-version-of-kubernetes + - name: Upgrade cluster + url: https://learn.microsoft.com/azure/aks/upgrade-cluster?tabs=azure-cli + - name: Auto-upgrading cluster + url: https://learn.microsoft.com/azure/aks/auto-upgrade-cluster - description: Use zone-redundant storage for persistent volumes when running multi-zone AKS aprlGuid: d3111036-355d-431b-ab49-8ddad042800b @@ -147,8 +167,16 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/aks/azure-disk-csi#azure-disk-csi-driver-features" + - name: Availability zones overview + url: https://learn.microsoft.com/azure/reliability/availability-zones-overview?tabs=azure-cli + - name: Zone-redundant storage + url: https://learn.microsoft.com/azure/storage/common/storage-redundancy#zone-redundant-storage + - name: ZRS disks + url: https://learn.microsoft.com/azure/virtual-machines/disks-redundancy#zone-redundant-storage-for-managed-disks + - name: Convert a disk from LRS to ZRS + url: https://learn.microsoft.com/azure/virtual-machines/disks-migrate-lrs-zrs + - name: Enable multi-zone storage redundancy in Azure Container Storage + url: https://learn.microsoft.com/azure/storage/container-storage/enable-multi-zone-redundancy - description: Upgrade Persistent Volumes using in-tree drivers to Azure CSI drivers aprlGuid: b002c030-72e6-4a37-8217-1cb276c43169 @@ -166,8 +194,10 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/aks/csi-storage-drivers" + - name: CSI Storage Drivers + url: https://learn.microsoft.com/azure/aks/csi-storage-drivers + - name: CSI Migrate in Tree Volumes + url: https://learn.microsoft.com/azure/aks/csi-migrate-in-tree-volumes - description: Implement Resource Quota to ensure that Kubernetes resources do not exceed hard resource limits aprlGuid: 9a1c17e5-c9a0-43db-b920-adaf54d1bcb7 @@ -185,8 +215,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://kubernetes.io/docs/concepts/policy/resource-quotas/" + - name: Resource Quotas + url: https://kubernetes.io/docs/concepts/policy/resource-quotas/ - description: Attach Virtual Nodes (ACI) to the AKS cluster aprlGuid: b4639ca7-6308-429a-8b98-92f0bf9bf813 @@ -204,8 +234,10 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/aks/virtual-nodes" + - name: Virtual Nodes + url: https://learn.microsoft.com/azure/aks/virtual-nodes + - name: Azure Container Instances + url: https://learn.microsoft.com/azure/container-instances/container-instances-overview - description: Update AKS tier to Standard aprlGuid: 0611251f-e70f-4243-8ddd-cfe894bec2e7 @@ -223,8 +255,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/aks/free-standard-pricing-tiers" + - name: Pricing Tiers + url: https://learn.microsoft.com/en-us/azure/aks/free-standard-pricing-tiers + - name: AKS Baseline Architecture + url: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/containers/aks/baseline-aks?toc=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Faks%2Ftoc.json&bc=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Fbread%2Ftoc.json#kubernetes-api-server-sla - description: Enable AKS Monitoring aprlGuid: dcaf8128-94bd-4d53-9235-3a0371df6b74 @@ -242,8 +276,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/aks/monitor-aks" + - name: Monitor AKS + url: https://learn.microsoft.com/azure/aks/monitor-aks - description: Use Ephemeral OS disks on AKS clusters aprlGuid: a7bfcc18-b0d8-4d37-81f3-8131ed8bead5 @@ -261,8 +295,12 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/samples/azure-samples/aks-ephemeral-os-disk/aks-ephemeral-os-disk/" + - name: Ephemeral OS disk + url: https://learn.microsoft.com/azure/aks/concepts-storage#ephemeral-os-disk + - name: Configure an AKS cluster + url: https://learn.microsoft.com/azure/aks/cluster-configuration + - name: Everything you want to know about ephemeral OS disks and AKS + url: https://learn.microsoft.com/samples/azure-samples/aks-ephemeral-os-disk/aks-ephemeral-os-disk/ - description: Enable and remediate Azure Policies configured for AKS aprlGuid: 26ebaf1f-c70d-4ebd-8641-4b60a0ce0094 @@ -280,8 +318,10 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/containers/aks/baseline-aks?toc=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Faks%2Ftoc.json&bc=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Fbread%2Ftoc.json#policy-management" + - name: AKS Baseline - Policy Management + url: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/containers/aks/baseline-aks?toc=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Faks%2Ftoc.json&bc=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Fbread%2Ftoc.json#policy-management + - name: Built-in Policy Definitions for AKS + url: https://learn.microsoft.com/en-us/azure/aks/policy-reference - description: Enable GitOps when using DevOps frameworks aprlGuid: 5f3cbd68-692a-4121-988c-9770914859a9 @@ -299,8 +339,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/architecture/guide/aks/aks-cicd-github-actions-and-gitops" + - name: GitOps with AKS + url: https://learn.microsoft.com/en-us/azure/architecture/guide/aks/aks-cicd-github-actions-and-gitops + - name: GitOps for AKS - Reference Architecture + url: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/gitops-aks/gitops-blueprint-aks - description: Configure affinity or anti-affinity rules based on application requirements aprlGuid: 928fcc6f-5e9a-42d9-9bd4-260af42de2e5 @@ -318,8 +360,10 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/" + - name: Topology Spread Constraints + url: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + - name: Assign Pod Node + url: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ - description: Configures Pods Liveness, Readiness, and Startup Probes aprlGuid: cd6791b1-c60e-4b37-ac98-9897b1e6f4b8 @@ -337,8 +381,10 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/" + - name: Configure probes + url: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + - name: Assign Pod Node + url: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ - description: Configure pod replica sets in production applications to guarantee availability aprlGuid: bcfe71f1-ebed-49e5-a84a-193b81ad5d27 @@ -356,8 +402,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/" + - name: Replica Sets + url: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ - description: Configure system nodepool count aprlGuid: 7f7ae535-a5ba-4665-b7e0-c451dbdda01f @@ -375,8 +421,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/aks/use-system-pools?tabs=azure-cli" + - name: System nodepools + url: https://learn.microsoft.com/azure/aks/use-system-pools?tabs=azure-cli - description: Configure user nodepool count aprlGuid: 005ccbbd-aeab-46ef-80bd-9bd4479412ec @@ -394,8 +440,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/well-architected/service-guides/azure-kubernetes-service#design-checklist" + - name: Azure Well-Architected Framework review for Azure Kubernetes Service (AKS) + url: https://learn.microsoft.com/azure/well-architected/service-guides/azure-kubernetes-service#design-checklist - description: Configure pod disruption budgets (PDBs) aprlGuid: a08a06a0-e41a-4b99-83bb-69ce8bca54cb @@ -413,8 +459,10 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://kubernetes.io/docs/tasks/run-application/configure-pdb/" + - name: Configure PDBs + url: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + - name: Plan availability using PDBs + url: https://learn.microsoft.com/azure/aks/operator-best-practices-scheduler#plan-for-availability-using-pod-disruption-budgets - description: Nodepool subnet size needs to accommodate maximum auto-scale settings aprlGuid: e620fa98-7a40-41a0-bfc9-b4407297fb58 @@ -432,8 +480,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/aks/concepts-network" + - name: AKS Networking + url: https://learn.microsoft.com/azure/aks/concepts-network - description: Enforce resource quotas at the namespace level aprlGuid: d479df28-d367-4ef0-8b86-0495ab94fabd @@ -451,5 +499,6 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/aks/operator-best-practices-scheduler#enforce-resource-quotas" + - name: Resource quotas + url: https://learn.microsoft.com/azure/aks/operator-best-practices-scheduler#enforce-resource-quotas + diff --git a/azure-resources/DBforMySQL/flexibleServers/recommendations.yaml b/azure-resources/DBforMySQL/flexibleServers/recommendations.yaml index 57e72c6d5..fa284adc6 100644 --- a/azure-resources/DBforMySQL/flexibleServers/recommendations.yaml +++ b/azure-resources/DBforMySQL/flexibleServers/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Enable HA with zone redundancy +- description: Enable HA with zone redundancy aprlGuid: 88856605-53d8-4bbd-a75b-4a7b14939d32 recommendationTypeId: null recommendationControl: High Availability @@ -14,8 +14,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/mysql/flexible-server/concepts-high-availability" + - name: High availability concepts in Azure Database for MySQL - Flexible Server + url: https://learn.microsoft.com/azure/mysql/flexible-server/concepts-high-availability - description: Enable custom maintenance schedule aprlGuid: 82a9a0f2-24ee-496f-9ad2-25f81710942d @@ -33,5 +33,6 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/mysql/flexible-server/concepts-maintenance" + - name: Scheduled maintenance in Azure Database for MySQL - Flexible Server + url: https://learn.microsoft.com/azure/mysql/flexible-server/concepts-maintenance + diff --git a/azure-resources/DBforPostgreSQL/flexibleServers/recommendations.yaml b/azure-resources/DBforPostgreSQL/flexibleServers/recommendations.yaml index 8337e46c8..a9c031522 100644 --- a/azure-resources/DBforPostgreSQL/flexibleServers/recommendations.yaml +++ b/azure-resources/DBforPostgreSQL/flexibleServers/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Enable HA with zone redundancy +- description: Enable HA with zone redundancy aprlGuid: ca87914f-aac4-4783-ab67-82a6f936f194 recommendationTypeId: null recommendationControl: High Availability @@ -14,8 +14,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/postgresql/flexible-server/concepts-high-availability" + - name: Overview of high availability with Azure Database for PostgreSQL + url: https://learn.microsoft.com/azure/postgresql/flexible-server/concepts-high-availability - description: Enable custom maintenance schedule aprlGuid: b2bad57d-7e03-4c0f-9024-597c9eb295bb @@ -33,5 +33,6 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/postgresql/flexible-server/concepts-maintenance" + - name: Scheduled maintenance in Azure Database for PostgreSQL - Flexible Server + url: https://learn.microsoft.com/azure/postgresql/flexible-server/concepts-maintenance + diff --git a/azure-resources/Databricks/workspaces/recommendations.yaml b/azure-resources/Databricks/workspaces/recommendations.yaml index 8ec255436..7df78ff73 100644 --- a/azure-resources/Databricks/workspaces/recommendations.yaml +++ b/azure-resources/Databricks/workspaces/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Databricks runtime version is not latest or is not LTS version +- description: Databricks runtime version is not latest or is not LTS version aprlGuid: 0e835cc2-2551-a247-b1f1-3c5f25c9cb70 recommendationTypeId: null recommendationControl: Governance @@ -14,8 +14,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/databricks/release-notes/runtime/databricks-runtime-ver" + - name: Databricks runtime support lifecycles + url: https://learn.microsoft.com/en-us/azure/databricks/release-notes/runtime/databricks-runtime-ver - description: Use Databricks Pools aprlGuid: c166602e-0804-e34b-be8f-09b4d56e1fcd @@ -33,8 +33,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices" + - name: Best practices for reliability + url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices - description: Use SSD backed VMs for Worker VM Type and Driver type aprlGuid: 5877a510-8444-7a4c-8412-a8dab8662f7e @@ -52,8 +52,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/virtual-machines/disks-types#premium-ssd" + - name: Azure managed disk types + url: https://learn.microsoft.com/azure/virtual-machines/disks-types#premium-ssd - description: Enable autoscaling for batch workloads aprlGuid: 5c72f0d6-55ec-d941-be84-36c194fa78c0 @@ -71,8 +71,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#enable-autoscaling-for-batch-workloadss" + - name: Best practices for reliability + url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#enable-autoscaling-for-batch-workloadss - description: Enable autoscaling for SQL warehouse aprlGuid: 362ad2b6-b92c-414f-980a-0cf69467ccce @@ -90,8 +90,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#enable-autoscaling-for-sql-warehouse" + - name: Best practices for reliability + url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#enable-autoscaling-for-sql-warehouse - description: Use Delta Live Tables enhanced autoscaling aprlGuid: cd77db98-9b13-6e4b-bd2b-74c2cb538628 @@ -109,8 +109,10 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/databricks/lakehouse-architecture/reliability/best-practices" + - name: Best practices for reliability + url: https://learn.microsoft.com/azure/databricks/lakehouse-architecture/reliability/best-practices + - name: Databricks enhanced autoscaling + url: https://learn.microsoft.com/azure/databricks/delta-live-tables/settings#use-autoscaling-to-increase-efficiency-and-reduce-resource-usage - description: Automatic Job Termination is enabled, ensure there are no user-defined local processes aprlGuid: 3d3e53b5-ebd1-db42-b43b-d4fad74824ec @@ -128,8 +130,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices" + - name: Best practices for reliability? + url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices - description: Enable Logging-Cluster log delivery aprlGuid: 7fb90127-5364-bb4d-86fa-30778ed713fb @@ -147,8 +149,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/databricks/clusters/configure#cluster-log-delivery" + - name: Create a cluster + url: https://learn.microsoft.com/en-us/azure/databricks/clusters/configure#cluster-log-delivery - description: Use Delta Lake for higher reliability aprlGuid: da4ea916-4df3-8c4d-8060-17b49da45977 @@ -166,8 +168,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices" + - name: Best practices for reliability + url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices - description: Use Photon Acceleration aprlGuid: 892ca809-e2b5-9a47-924a-71132bf6f902 @@ -185,8 +187,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#use-apache-spark-or-photon-for-distributed-compute" + - name: Best practices for reliability + url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#use-apache-spark-or-photon-for-distributed-compute - description: Automatically rescue invalid or nonconforming data with Databricks Auto Loader or Delta Live Tables aprlGuid: 7e52d64d-8cc0-8548-a593-eb49ab45630d @@ -204,8 +206,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices" + - name: Best practices for reliability + url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices - description: Configure jobs for automatic retries and termination aprlGuid: 84e44da6-8cd7-b349-b02c-c8bf72cf587c @@ -223,8 +225,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices" + - name: Best practices for reliability + url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices - description: Use a scalable and production-grade model serving infrastructure aprlGuid: 4cbb7744-ff3d-0447-badb-baf068c95696 @@ -242,8 +244,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices" + - name: Best practices for reliability + url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices - description: Use a layered storage architecture aprlGuid: 1b0d0893-bf0e-8f4c-9dc6-f18f145c1ecf @@ -261,8 +263,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices" + - name: Best practices for reliability + url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices - description: Improve data integrity by reducing data redundancy aprlGuid: e93fe702-e385-d741-ba37-1f1656482ecd @@ -280,8 +282,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices" + - name: Best practices for reliability + url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices - description: Actively manage schemas aprlGuid: b7e1d13f-54c9-1648-8a52-34c0abe8ce16 @@ -299,8 +301,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices" + - name: Best practices for reliability + url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices - description: Use constraints and data expectations aprlGuid: a42297c4-7e4f-8b41-8d4b-114033263f0e @@ -318,8 +320,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#use-constraints-and-data-expectations" + - name: Best practices for reliability + url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#use-constraints-and-data-expectations - description: Create regular backups aprlGuid: 932d45d6-b46d-e341-abfb-d97bce832f1f @@ -337,8 +339,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#create-regular-backups" + - name: Best practices for reliability + url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#create-regular-backups - description: Recover from Structured Streaming query failures aprlGuid: 12e9d852-5cdc-2743-bffe-ee21f2ef7781 @@ -356,8 +358,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#recover-from-structured-streaming-query-failures" + - name: Best practices for reliability + url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#recover-from-structured-streaming-query-failures - description: Recover ETL jobs based on Delta time travel aprlGuid: a18d60f8-c98c-ba4e-ad6e-2fac72879df1 @@ -375,8 +377,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#recover-etl-jobs-based-on-delta-time-travel" + - name: Best practices for reliability + url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#recover-etl-jobs-based-on-delta-time-travel - description: Use Databricks Workflows and built-in recovery aprlGuid: c0e22580-3819-444d-8546-a80e4ed85c83 @@ -394,8 +396,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices" + - name: Best practices for reliability + url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices - description: Configure a disaster recovery pattern aprlGuid: 4fdb7112-4531-6f48-b60e-c917a6068d9b @@ -413,8 +415,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://github.com/Azure/AzureDatabricksBestPractices/tree/master" + - name: Azure Databricks Best Practices + url: https://github.com/Azure/AzureDatabricksBestPractices/tree/master - description: Automate deployments and workloads aprlGuid: 42aedaa8-6151-424d-b782-b8666c779969 @@ -432,8 +434,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/operational-excellence/best-practices#2-automate-deployments-and-workloads" + - name: Best practices for operational excellence + url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/operational-excellence/best-practices#2-automate-deployments-and-workloads - description: Set up monitoring, alerting, and logging aprlGuid: 20193ff9-dbcd-a74e-b197-71d7d9d3c1e6 @@ -451,8 +453,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/operational-excellence/best-practices#system-monitoring" + - name: Best practices for operational excellence + url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/operational-excellence/best-practices#system-monitoring - description: Deploy workspaces in separate Subscriptions aprlGuid: 397cdebb-9d6e-ab4f-83a1-8c481de0a3a7 @@ -470,8 +472,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://github.com/Azure/AzureDatabricksBestPractices/blob/master/toc.md#deploy-workspaces-in-multiple-subscriptions-to-honor-azure-capacity-limits" + - name: Azure Databricks Best Practices + url: https://github.com/Azure/AzureDatabricksBestPractices/blob/master/toc.md#deploy-workspaces-in-multiple-subscriptions-to-honor-azure-capacity-limits - description: Isolate each workspace in its own Vnet aprlGuid: 5e722c4f-415a-9b4c-bd4c-96b74dce29ad @@ -489,8 +491,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://github.com/Azure/AzureDatabricksBestPractices/blob/master/toc.md#consider-isolating-each-workspace-in-its-own-vnet" + - name: Azure Databricks Best Practices + url: https://github.com/Azure/AzureDatabricksBestPractices/blob/master/toc.md#consider-isolating-each-workspace-in-its-own-vnet - description: Do not Store any Production Data in Default DBFS Folders aprlGuid: 14310ba6-77ad-3641-a2db-57a2218b9bc7 @@ -508,8 +510,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://github.com/Azure/AzureDatabricksBestPractices/blob/master/toc.md#do-not-store-any-production-data-in-default-dbfs-foldersr" + - name: Azure Databricks Best Practices + url: https://github.com/Azure/AzureDatabricksBestPractices/blob/master/toc.md#do-not-store-any-production-data-in-default-dbfs-foldersr - description: Do not use Azure Spot VMs for critical Production workloads aprlGuid: b5af7e26-3939-1b48-8fba-f8d4a475c67a @@ -527,8 +529,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/virtual-machines/spot-vms" + - name: Use Azure Spot Virtual Machines + url: https://learn.microsoft.com/en-us/azure/virtual-machines/spot-vms - description: Migrate Legacy Workspaces aprlGuid: 8aa63c34-dd9d-49bd-9582-21ec310dfbdd @@ -546,8 +548,12 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/databricks/resources/supported-regions#--ip-addresses-and-domains" + - name: Azure Databricks regions - IP addresses and domains + url: https://learn.microsoft.com/azure/databricks/resources/supported-regions#--ip-addresses-and-domains + - name: Migrate - maintained by Databricks Inc. + url: https://github.com/databrickslabs/migrate + - name: Databricks Terraform Exporter - maintained by Databricks Inc. (Experimental) + url: https://registry.terraform.io/providers/databricks/databricks/latest/docs/guides/experimental-exporter - description: Define alternate VM SKUs aprlGuid: 028593be-956e-4736-bccf-074cb10b92f4 @@ -565,5 +571,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/databricks/compute/cluster-config-best-practices" + - name: Compute configuration best practices + url: https://learn.microsoft.com/azure/databricks/compute/cluster-config-best-practices + - name: GPU-enabled compute + url: https://learn.microsoft.com/azure/databricks/compute/gpu + diff --git a/azure-resources/DesktopVirtualization/hostPools/recommendations.yaml b/azure-resources/DesktopVirtualization/hostPools/recommendations.yaml index e2017440b..b395db6a1 100644 --- a/azure-resources/DesktopVirtualization/hostPools/recommendations.yaml +++ b/azure-resources/DesktopVirtualization/hostPools/recommendations.yaml @@ -1,4 +1,4 @@ -- description: (Personal) Create a validation pool for testing of planned updates +- description: (Personal) Create a validation pool for testing of planned updates aprlGuid: 97d4d8c1-eeb4-4506-b338-79a4949c993b recommendationTypeId: null recommendationControl: Governance @@ -6,9 +6,9 @@ recommendationResourceType: Microsoft.DesktopVirtualization/hostPools recommendationMetadataState: Active longDescription: | - At least one Validation Pool to have early warning if a planned update to AVD causes an issue. Also check that the host pool has been used regularly to test planned updates. - Host pools are a collection of one or more identical virtual machines within Azure Virtual Desktop environment. We highly recommend you create a validation host pool where service updates are applied first. Validation host pools let you monitor service updates before the service applies them to your standard or non-validation environment. Without a validation host pool, you may not discover changes that introduce errors, which could result in downtime for users in your standard environment. - To ensure your apps work with the latest updates, the validation host pool should be as similar to host pools in your non-validation environment as possible. Users should connect as frequently to the validation host pool as they do to the standard host pool. If you have automated testing on your host pool, you should include automated testing on the validation host pool. +At least one Validation Pool to have early warning if a planned update to AVD causes an issue. Also check that the host pool has been used regularly to test planned updates. +Host pools are a collection of one or more identical virtual machines within Azure Virtual Desktop environment. We highly recommend you create a validation host pool where service updates are applied first. Validation host pools let you monitor service updates before the service applies them to your standard or non-validation environment. Without a validation host pool, you may not discover changes that introduce errors, which could result in downtime for users in your standard environment. +To ensure your apps work with the latest updates, the validation host pool should be as similar to host pools in your non-validation environment as possible. Users should connect as frequently to the validation host pool as they do to the standard host pool. If you have automated testing on your host pool, you should include automated testing on the validation host pool. potentialBenefits: Early issue detection & testing for AVD updates pgVerified: Verified publishedToLearn: false @@ -16,8 +16,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/virtual-desktop/configure-validation-environment?tabs=azure-portal" + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/virtual-desktop/configure-validation-environment?tabs=azure-portal - description: (Pooled) Configure scheduled agent updates aprlGuid: 9fc522c1-d5b0-4bad-8169-1e1d32855afd @@ -27,8 +27,8 @@ recommendationResourceType: Microsoft.DesktopVirtualization/hostPools recommendationMetadataState: Active longDescription: | - Ensure schedules have been created to provide maintenance windows for AVD agent updates. - The Scheduled Agent Updates feature lets you create up to two maintenance windows for the Azure Virtual Desktop agent, side-by-side stack, and Geneva Monitoring agent to get updated so that updates don't happen during peak business hours. +Ensure schedules have been created to provide maintenance windows for AVD agent updates. +The Scheduled Agent Updates feature lets you create up to two maintenance windows for the Azure Virtual Desktop agent, side-by-side stack, and Geneva Monitoring agent to get updated so that updates don't happen during peak business hours. potentialBenefits: Minimizes disruptions, ensures updates pgVerified: Verified publishedToLearn: false @@ -36,8 +36,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/virtual-desktop/scheduled-agent-updates" + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/virtual-desktop/scheduled-agent-updates - description: (Pooled) Create a validation pool for testing of planned updates aprlGuid: 0a22b144-6fa7-4032-be77-fa64152858eb @@ -47,10 +47,10 @@ recommendationResourceType: Microsoft.DesktopVirtualization/hostPools recommendationMetadataState: Active longDescription: | - At least one Validation Pool to have early warning if a planned update to AVD causes an issue. support to adjust limits based on your business requirements. To handle a large number of users, consider scaling horizontally by creating multiple host pools. - Also check that the host pool has been used regularly to test planned updates. - Host pools are a collection of one or more identical virtual machines within Azure Virtual Desktop environment. We highly recommend you create a validation host pool where service updates are applied first. Validation host pools let you monitor service updates before the service applies them to your standard or non-validation environment. Without a validation host pool, you may not discover changes that introduce errors, which could result in downtime for users in your standard environment. - To ensure your apps work with the latest updates, the validation host pool should be as similar to host pools in your non-validation environment as possible. Users should connect as frequently to the validation host pool as they do to the standard host pool. If you have automated testing on your host pool, you should include automated testing on the validation host pool. +At least one Validation Pool to have early warning if a planned update to AVD causes an issue. support to adjust limits based on your business requirements. To handle a large number of users, consider scaling horizontally by creating multiple host pools. +Also check that the host pool has been used regularly to test planned updates. +Host pools are a collection of one or more identical virtual machines within Azure Virtual Desktop environment. We highly recommend you create a validation host pool where service updates are applied first. Validation host pools let you monitor service updates before the service applies them to your standard or non-validation environment. Without a validation host pool, you may not discover changes that introduce errors, which could result in downtime for users in your standard environment. +To ensure your apps work with the latest updates, the validation host pool should be as similar to host pools in your non-validation environment as possible. Users should connect as frequently to the validation host pool as they do to the standard host pool. If you have automated testing on your host pool, you should include automated testing on the validation host pool. potentialBenefits: Early detection of update issues. pgVerified: Verified publishedToLearn: false @@ -58,5 +58,587 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/virtual-desktop/configure-validation-environment?tabs=azure-portal" + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/virtual-desktop/configure-validation-environment?tabs=azure-portal + +- description: Use Private link when connecting to File Share or Key Vault + aprlGuid: dc55be60-6f8c-461e-a9d5-a3c7686ed94e + recommendationTypeId: null + recommendationControl: Security + recommendationImpact: Medium + recommendationResourceType: Microsoft.DesktopVirtualization/hostPools + recommendationMetadataState: Active + longDescription: | + Private Link is available for other Azure services that work in conjunction with Azure Virtual Desktop, such as Azure Files and Key Vault. From a resiliency standpoint, we recommending implementing private endpoints for these services to reduce exposure to potential internet-related issues such as latency, packet loss, and/or downtime. This can lead to more reliable communication between AVD and dependent services. + potentialBenefits: Enhances AVD reliability + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/networking#private-endpoints-private-link + - name: Private link + url: https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/networking#private-endpoints-private-link + +- description: Configure AVD Insights Workbook + aprlGuid: 0cf72d91-644d-4591-9bb7-84ba3f705a41 + recommendationTypeId: null + recommendationControl: Monitoring and Alerting + recommendationImpact: High + recommendationResourceType: Microsoft.DesktopVirtualization/hostPools + recommendationMetadataState: Active + longDescription: | + AVD Insights is an Azure Workbook template provided by the AVD product team. It is highly recommended in order to monitor and troubleshoot AVD workloads across metrics, logs, events, and more. Both Production and DR workloads should be enabled with AVD Insights. + potentialBenefits: Enhanced AVD monitoring & troubleshooting + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/virtual-desktop/insights?tabs=monitor + +- description: Provision Secondary Key Vault for Disaster Recovery + aprlGuid: 1f57434f-f884-41f3-b818-129bbe3c5d3b + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: High + recommendationResourceType: Microsoft.DesktopVirtualization/hostPools + recommendationMetadataState: Active + longDescription: | + To ensure continuous availability and disaster recovery readiness, it is recommended to provision a secondary Key Vault in a secondary region. In the event of a primary region failure, this secondary Key Vault will ensure that critical secrets are accessible for use in deployments in the secondary region. + potentialBenefits: Ensures DR readiness and access + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/key-vault/general/disaster-recovery-guidance + +- description: Ensure virtual networks isolation with separate IP space and NSGs for Prod and DR + aprlGuid: 37d1091b-e599-4548-a067-a9286be16e45 + recommendationTypeId: null + recommendationControl: Business Continuity + recommendationImpact: Medium + recommendationResourceType: Microsoft.DesktopVirtualization/hostPools + recommendationMetadataState: Active + longDescription: | +NSG and ASG per AVD persona and IP space per Prod/DR regions. +It's important your organization plans for IP addressing in Azure. Planning ensures the IP address space doesn't overlap across on-premises locations and Azure regions. Overlapping IP address spaces across on-premises and Azure regions create major contention challenges. + potentialBenefits: Enhances security & prevents IP conflicts + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing + +- description: Ensure virtual networks have route tables/route server configured for all regions + aprlGuid: db1727d1-5c8e-4a01-a31e-f0d58cfd95b1 + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: Medium + recommendationResourceType: Microsoft.DesktopVirtualization/hostPools + recommendationMetadataState: Active + longDescription: | + For high availability connections back to on-premises datacenters should consider backup paths across the regions that have been utilized. Ensure redundancy in routing by having a secondary route table in the secondary region. + potentialBenefits: Enhanced availability & routing + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering#need-for-redundant-connectivity-solution + +- description: Segregate App attach storage in disaster recovery plans with distinct file shares + aprlGuid: 7d9c96a6-1ce5-4cf0-ad1b-638a37f753cb + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: Medium + recommendationResourceType: Microsoft.DesktopVirtualization/hostPools + recommendationMetadataState: Active + longDescription: | +App Attach packages should be on a separate share from profiles. And App Attach files should be backed up. +Best practice is to separate App Attach VHD files in a separate file share away from user profiles, both for performance and scalability purposes. Requirements can vary greatly depending on how many packaged applications are stored in an image, and you need to test your applications to understand your requirements. +Your file share should be in the same Azure region as your session hosts. + potentialBenefits: Enhances performance & scalability + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/virtual-desktop/app-attach-overview?pivots=msix-app-attach + +- description: Turn on Continuous Availability for ANF if using App Attach + aprlGuid: 9b2301af-9cac-4f1a-871a-f17475d01812 + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: Medium + recommendationResourceType: Microsoft.DesktopVirtualization/hostPools + recommendationMetadataState: Active + longDescription: | +Turn on Continuous Availability if using Azure Netapp Files. +Verify the number of users connecting to each file share to make sure the SMB path can handle the number of file connections. Currently, Azure Files supports up to 10k handles per root directory. + potentialBenefits: Enhanced stability & user limit checks + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/virtual-desktop/app-attach-overview?pivots=msix-app-attach + +- description: Manually update new FSLogix image when available + aprlGuid: d51e0a70-8b50-4be3-af8a-7c9065e47360 + recommendationTypeId: null + recommendationControl: Governance + recommendationImpact: Low + recommendationResourceType: Microsoft.DesktopVirtualization/hostPools + recommendationMetadataState: Active + longDescription: | + Ensure a process is in place to regularly check for FSLogix agent upgrades and maintain FSLogix up to date. We recommend customers upgrade to the latest version of FSLogix as quickly as their deployment process can allow. FSLogix will provide hotfix releases which address current and potential bugs that impact customer deployments. Additionally, it is the first requirement when opening any support case. + potentialBenefits: Enhanced reliability & support + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/fslogix/how-to-install-fslogix + +- description: Configure Diagnostic Settings for FSLogix logs and enable review for accounts + aprlGuid: 483f5a00-84a0-49f7-903b-ef6f1fc0c389 + recommendationTypeId: null + recommendationControl: Monitoring and Alerting + recommendationImpact: Medium + recommendationResourceType: Microsoft.DesktopVirtualization/hostPools + recommendationMetadataState: Active + longDescription: | + Regularly review FSLogix logs for errors and issues related to login and mounting the profile. Events can be reviewed by looking locally inside the Session Host and also in Log Analytics when the Azure Monitor Agent is used. + potentialBenefits: Enhanced AVD error tracking and resolution + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/fslogix/troubleshooting-events-logs-diagnostics + +- description: Ensure user permissions are set correctly on SMB shares + aprlGuid: 7b170ddd-5770-4945-9bc3-cd1ccf5f8672 + recommendationTypeId: null + recommendationControl: Security + recommendationImpact: High + recommendationResourceType: Microsoft.DesktopVirtualization/hostPools + recommendationMetadataState: Active + longDescription: | + Verify user permissions are correctly set on SMB shares so that users have appropriate access to only their own profile and not other user profiles, while administrators have full access at the root volume. Also ensure secondary storage path permissions are set in case of a DR event. + potentialBenefits: Enhanced security & disaster recovery + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/fslogix/how-to-configure-storage-permissions + +- description: Ensure the standard FSLogix configuration is deployed + aprlGuid: c15b2b73-52a1-4db2-88dd-d592424ff4e4 + recommendationTypeId: null + recommendationControl: Governance + recommendationImpact: High + recommendationResourceType: Microsoft.DesktopVirtualization/hostPools + recommendationMetadataState: Active + longDescription: | + Ensure all session hosts have the standard FSLogix configuration deployed. Regularly validate settings for consistency and alignment with best practices. + potentialBenefits: Optimized session reliability and performance + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/fslogix/reference-configuration-settings?tabs=profiles + +- description: Ensure a unique OU when deploying VMs to Domain + aprlGuid: 939cb85c-102a-4e0a-ab82-5c92116d3778 + recommendationTypeId: null + recommendationControl: Governance + recommendationImpact: Medium + recommendationResourceType: Microsoft.DesktopVirtualization/hostPools + recommendationMetadataState: Active + longDescription: | +Hybrid VMs should be in a unique OU. +When using AD-joined session hosts will benefit from using a unique OU to target specific AVD configurations per hostpool. Examples include Fslogix, time out limits, session controls, and much more. It�s also important to segment Prod and DR organization units to ensure resources are configured per environment. + potentialBenefits: Improved AVD hostpool config & segmentation + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/virtual-dc/adds-on-azure-vm#configure-the-vms-and-install-active-directory-domain-services + +- description: Use Azure Site Recovery or Backups on VMs supporting personal desktops + aprlGuid: 38721758-2cc2-4d6b-b7b7-8b47dadbf7df + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: Medium + recommendationResourceType: Microsoft.DesktopVirtualization/hostPools + recommendationMetadataState: Active + longDescription: | + Leverage Azure Site Recovery (ASR) or implement Azure Backup for personal host pools for seamless failover and failback capabilities, enabling the replication of VMs supporting personal desktops to a secondary Azure region. In the event of a disaster or unexpected outage, this ensures the recovery of these VMs from a known-state. + potentialBenefits: Ensures VM recovery & failover + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/virtual-desktop/scheduled-agent-updates + +- description: Create updated image version and replace session hosts rather than updating host directly + aprlGuid: 2831dab9-6a43-44a1-8aec-90a8e84894bc + recommendationTypeId: null + recommendationControl: Governance + recommendationImpact: Low + recommendationResourceType: Microsoft.DesktopVirtualization/hostPools + recommendationMetadataState: Active + longDescription: | +Establish a systematic process for handling image updates within your Azure Virtual Desktop environment. Instead of directly updating individual session hosts, create a new version of the updated image. This process involves creating and configuring a golden image with the necessary updates and configurations. Once the new image is prepared, replace existing session hosts with instances using the updated image. This approach ensures consistency across all session hosts and minimizes the risk of configuration drift. Additionally, it enables quick rollback to a previous image version in case of any issues with the update. Implementing this process helps streamline maintenance activities and ensures that all session hosts are up-to-date with the latest configurations and updates. +has context menu + potentialBenefits: Ensures consistency; minimizes drift + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/training/modules/create-manage-session-host-image/ + +- description: Monitor Service Health and Resource Health of AVD + aprlGuid: a75a20e7-8cc0-4f7b-b4a9-e2476bd72429 + recommendationTypeId: null + recommendationControl: Monitoring and Alerting + recommendationImpact: High + recommendationResourceType: Microsoft.DesktopVirtualization/hostPools + recommendationMetadataState: Active + longDescription: | +Use Service Health to stay informed about the health of the Azure services and regions that you use to insure their availability. +Set up Service Health alerts so that you stay aware of service issues, planned maintenance, or other changes that might affect your Azure Virtual Desktop resources. +Use Resource Health to monitor your VMs and storage solutions. + potentialBenefits: Enhanced AVD uptime and awareness + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/monitoring#resource-health + +- description: Deploy Domain Controllers and DNS Servers in Azure Virtual Network Across Availability Zones + aprlGuid: 99bf5c94-aa68-4bb3-8b7f-45d1c5f09b5d + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: Microsoft.DesktopVirtualization/hostPools + recommendationMetadataState: Active + longDescription: | +When using an AD DS identity solution with AVD, it is recommended to deploy domain controllers and DNS servers on Azure virtual machines across availability zones. This improves the environment�s reliability by removing a dependency on an on-premises service and improves performance by creating a shorter path for user authentication. +This recommendation is not relevant when you are utilizing Microsoft Entra as the identity provider. + potentialBenefits: Enhanced reliability and performance + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/identity/adds-extend-domain#reliability + +- description: Implement RDP Shortpath for Public or Managed Networks + aprlGuid: 3835b4b3-0479-4be8-9ffd-34ae29fa33b9 + recommendationTypeId: null + recommendationControl: Other Best Practices + recommendationImpact: Medium + recommendationResourceType: Microsoft.DesktopVirtualization/hostPools + recommendationMetadataState: Active + longDescription: | + It is recommended to enable RDP Shortpath for AVD. RDP Shortpath is a feature of Azure Virtual Desktop that establishes a direct UDP-based transport between a supported Windows Remote Desktop client and session host. By default, Remote Desktop Protocol (RDP) tries to establish connection using UDP and uses a TCP-based reverse connect transport as a fallback connection mechanism. TCP-based reverse connect transport provides the best compatibility with various networking configurations and has a high success rate for establishing RDP connections. UDP-based transport offers better connection reliability and more consistent latency. + potentialBenefits: Better reliability & consistent latency + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/virtual-desktop/rdp-shortpath?tabs=managed-networks + +- description: Implement a Multi-Region BCDR Plan + aprlGuid: 0714d039-535e-468d-9732-e32b5c094faa + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: Medium + recommendationResourceType: Microsoft.DesktopVirtualization/hostPools + recommendationMetadataState: Active + longDescription: | + It is recommended to adopt a multi-region deployment (active-active) for AVD. Each region should contain at least identity, name resolution, AVD management resources, and session hosts in case of a primary region outage. + potentialBenefits: Enhanced resilience & uptime + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Multi-region BCDR + url: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/azure-virtual-desktop-multi-region-bcdr + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/business-continuity#active-active-scenarios + +- description: Store Golden Image Redundantly for Disaster Recovery + aprlGuid: 0bf1a2bb-7617-4ab2-a784-e7ea40c5f01b + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: Low + recommendationResourceType: Microsoft.DesktopVirtualization/hostPools + recommendationMetadataState: Active + longDescription: | + If a full BCDR strategy is not in place, consider using zone-redundant storage to store golden images across availability zones. Having the image available will allow for faster recovery in case of zonal or regional outage. + potentialBenefits: Faster recovery from outages + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Golden Image + url: https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/business-continuity#golden-images + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/application-delivery#fault-tolerance + +- description: Capacity Planning for AVD Resources + aprlGuid: ef4b3561-c85f-47cf-8cb0-51fae9ddf929 + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: Low + recommendationResourceType: Microsoft.DesktopVirtualization/hostPools + recommendationMetadataState: Active + longDescription: | +Monitor and plan for subscription limits and API throttling limits. Closely monitor your Azure Virtual Desktop deployments, and keep track of resource usage within your subscription. By proactively monitoring capacity, you can identify potential challenges early on, and you can take suitable actions to avoid reaching limits. +Consider scaling across multiple subscriptions if further scaling is required, or work with Azure support to adjust limits based on your business requirements. +To handle a large number of users, consider scaling horizontally by creating multiple host pools. + potentialBenefits: Avoids limits, ensures smooth scaling + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Capacity Planning + url: https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/business-continuity#capacity-planning + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-desktop#azure-virtual-desktop-limitations + +- description: Ensure separate log analytics workspaces for Prod and DR + aprlGuid: 89b4d8f6-6345-4d66-9012-c3fc2aef94e8 + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: Low + recommendationResourceType: Microsoft.DesktopVirtualization/hostPools + recommendationMetadataState: Active + longDescription: | + Having separate Log Analytics ensures that your DR environment is fully operational for visibility of the metrics, performance, and other auditing tools your workload teams will rely on in the event of an incident. + potentialBenefits: Improved DR visibility & operation + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/virtual-desktop/diagnostics-log-analytics + +- description: Ensure that FSLogix Storage Account is Redundant + aprlGuid: ed1f0327-0914-49e8-9518-16acb0d6b8d6 + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: Medium + recommendationResourceType: Microsoft.DesktopVirtualization/hostPools + recommendationMetadataState: Active + longDescription: | +It is important to ensure the redundancy of our user profiles when using FSLogix. When using FSLogix with AVD, it is deployed on a file share in a storage account. Data in an Azure Storage account is always replicated three times in the primary region. Below are the options for how your data is replicated in the primary or paired region: +LRS for least expensive replication (not recommended for apps with high availability and durability). +- LRS provides eleven 9s durability and replicates three time in a single physical location. +- ZRS is recommended for apps requiring high availability across zones. ZRS provides twelve 9s durability. Replicated across three availability zones +- GRS replicates an additional three copies to secondary region and provides sixteen 9s durability. +- GZRS provides both high availability and redundancy across geo replication. It provides sixteen 9s durability over a given year. + +Generally, it is recommended to store your data as secure and redundant as possible. + potentialBenefits: Improves data durability & availability + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/storage#user-profiles + +- description: Scaling plans should be created per region and not scaled across regions + aprlGuid: e091419d-10ba-4a8e-bdb0-67380cc021a9 + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: Medium + recommendationResourceType: Microsoft.DesktopVirtualization/hostPools + recommendationMetadataState: Active + longDescription: | + Each region has its own scaling plans assigned to host pools within that region. However, these plans can become inaccessible if there's a regional failure. To mitigate this risk, it's advisable to create a secondary scaling plan in another region. + potentialBenefits: Enhances reliability across failures + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/virtual-desktop/autoscale-scaling-plan?tabs=portal + +- description: Validate AVD Session Host Connectivity to the AVD Control Plane and UDP Ports open if in use + aprlGuid: e718ac1a-ebab-4f75-9e4a-1a5ccef20d1f + recommendationTypeId: null + recommendationControl: Governance + recommendationImpact: Medium + recommendationResourceType: Microsoft.DesktopVirtualization/hostPools + recommendationMetadataState: Active + longDescription: | + Ensure that AVD session hosts can effectively communicate with the AVD control plane and that UDP ports are open if UDP is utilized. Validate the connectivity of VMs to the AVD Control Plane and confirm the accessibility of UDP TURN ports. Whitelist global URLs and ensure that UDP/TURN ports are open and accessible to facilitate smooth user connections. Proper connectivity validation guarantees optimal performance and user experience within the AVD environment. + potentialBenefits: Enhanced performance & user experience + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-rdp-shortpath + +- description: Ensure Secondary Entra ID connect synchronization server + aprlGuid: d984eaf9-0fa1-4f8d-a326-bda751993c6f + recommendationTypeId: null + recommendationControl: Security + recommendationImpact: Low + recommendationResourceType: Microsoft.DesktopVirtualization/hostPools + recommendationMetadataState: Active + longDescription: | +Hybrid - Entra ID Connect best to run in Azure but can be hosted on-prem. Secondary or more VMs should be setup in staging mode in event of failover. +Set up secondary server in staging mode for Entra Connect for syncing to Entra in case of primary server outage. + potentialBenefits: Improved failover reliability + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-install-multiple-domains + +- description: Deploy paired Domain Controllers in the same region as AVD session hosts + aprlGuid: d61f6ee8-de1b-4fd9-9ce3-316cfe11ee05 + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: High + recommendationResourceType: Microsoft.DesktopVirtualization/hostPools + recommendationMetadataState: Active + longDescription: | +Ensure each region with session hosts has multiple domain controllers in the same region to support high availability with regards to identity. +For a hybrid scenario, each Azure region with AVD session hosts should have Active Directory Domain Controllers in Azure and use Availability Zones or Availability Sets for resilience within the region. This also mitigates dependency on ER/VPN/Inter-Azure dependencies. + potentialBenefits: Enhanced identity resilience + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/azure-virtual-desktop/azure-virtual-desktop-multi-region-bcdr + +- description: Ensure DNS regions are replicated to avoid single point of failure + aprlGuid: e1a34ac6-8761-4020-b537-d60c0be7514e + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: Medium + recommendationResourceType: Microsoft.DesktopVirtualization/hostPools + recommendationMetadataState: Active + longDescription: | + Active Directory Domain Services (AD DS) integrated DNS/other should target Secondary/Tertiary customer DNS across multi-region zones. If using custom DNS, ensure there are redundant DNS servers to avoid a single point of failure. + potentialBenefits: Improves uptime & resilience + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/azure-virtual-desktop/azure-virtual-desktop-multi-region-bcdr + +- description: Enable Azure Backup for FSLogix Storage Account + aprlGuid: 0025ed2e-41f4-4ada-93c1-12484cef8b0c + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: Medium + recommendationResourceType: Microsoft.DesktopVirtualization/hostPools + recommendationMetadataState: Active + longDescription: | + It is recommended to enable backup on the FSLogix Storage Account. Ensuring the user profiles are resilient will allow user data and experience to be consistent through outages. + potentialBenefits: Ensures data resilience and consistency + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: FSLogix + url: https://learn.microsoft.com/en-us/fslogix/overview-what-is-fslogix + - name: Backup Storage Account + url: https://learn.microsoft.com/en-us/azure/backup/blob-backup-configure-manage?tabs=operational-backup + +- description: Organize AVD resources using the AVD Scale unit model described by the AVD Landing Zone Methodology + aprlGuid: 204b56b0-9710-4c16-b506-bafb5fb318ed + recommendationTypeId: null + recommendationControl: Governance + recommendationImpact: Low + recommendationResourceType: Microsoft.DesktopVirtualization/hostPools + recommendationMetadataState: Active + longDescription: | + Follow AVD Landing Zone best practices using multiple resource groups based on resource type and associated shared resources for AVD workloads. + potentialBenefits: Enhanced organization & scalability + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/azure-virtual-desktop/enterprise-scale-landing-zone + diff --git a/azure-resources/Devices/IotHubs/recommendations.yaml b/azure-resources/Devices/IotHubs/recommendations.yaml index 4d80893ed..b1d46e460 100644 --- a/azure-resources/Devices/IotHubs/recommendations.yaml +++ b/azure-resources/Devices/IotHubs/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Device Identities are exported to a secondary region +- description: Device Identities are exported to a secondary region aprlGuid: 783c6c18-760b-4867-9ced-3010a0bc5aa3 recommendationTypeId: null recommendationControl: Disaster Recovery @@ -14,8 +14,10 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-bulk-identity-mgmt" + - name: Import and export IoT Hub device identities in bulk + url: https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-bulk-identity-mgmt + - name: IoT Hub high availability and disaster recovery + url: https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-ha-dr#manual-failover - description: Do not use free tier aprlGuid: eeba3a49-fef0-481f-a471-7ff01139b474 @@ -33,8 +35,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-scaling" + - name: Choose the right IoT Hub tier and size for your solution + url: https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-scaling - description: Use Availability Zones aprlGuid: 214cbc46-747e-4354-af6e-6bf0054196a5 @@ -52,8 +54,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-ha-dr#availability-zones" + - name: Azure IoT Hub high availability and disaster recovery + url: https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-ha-dr#availability-zones - description: Use Device Provisioning Service aprlGuid: b1e1378d-4572-4414-bebd-b8872a6d4d1c @@ -71,8 +73,12 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/iot-dps/concepts-service" + - name: IoT Hub Device Provisioning Service (DPS) terminology + url: https://learn.microsoft.com/en-us/azure/iot-dps/concepts-service + - name: Best practices for large-scale IoT device deployments + url: https://learn.microsoft.com/en-us/azure/iot-dps/concepts-deploy-at-scale + - name: IoT Hub Device Provisioning Service high availability and disaster recovery + url: https://learn.microsoft.com/en-us/azure/iot-dps/iot-dps-ha-dr - description: Define Failover Guidelines aprlGuid: 02568a5d-335e-4e51-9f7c-fe2ada977300 @@ -90,8 +96,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-ha-dr" + - name: IoT Hub high availability and disaster recovery + url: https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-ha-dr - description: Disabled Fallback Route aprlGuid: e7dbd21f-b27a-4b8c-a901-cedb1e6d8e1e @@ -109,5 +115,6 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-messages-d2c#fallback-route" + - name: Use message routing - Fallback route + url: https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-messages-d2c#fallback-route + diff --git a/azure-resources/DocumentDB/databaseAccounts/recommendations.yaml b/azure-resources/DocumentDB/databaseAccounts/recommendations.yaml index 585666069..65f5c5f52 100644 --- a/azure-resources/DocumentDB/databaseAccounts/recommendations.yaml +++ b/azure-resources/DocumentDB/databaseAccounts/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Configure at least two regions for high availability +- description: Configure at least two regions for high availability aprlGuid: 43663217-a1d3-844b-80ea-571a2ce37c6c recommendationTypeId: null recommendationControl: High Availability @@ -14,8 +14,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/cosmos-db/distribute-data-globally" + - name: Distribute data globally with Azure Cosmos DB | Microsoft Learn + url: https://learn.microsoft.com/en-us/azure/cosmos-db/distribute-data-globally + - name: Tips for building highly available applications | Microsoft Learn + url: https://learn.microsoft.com/en-us/azure/cosmos-db/high-availability#tips-for-building-highly-available-applications - description: Enable service-managed failover for multi-region accounts with single write region aprlGuid: 9cabded7-a1fc-6e4a-944b-d7dd98ea31a2 @@ -33,8 +35,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-manage-database-account#automatic-failover" + - name: Manage an Azure Cosmos DB account by using the Azure portal | Microsoft Learn + url: https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-manage-database-account#automatic-failover - description: Evaluate multi-region write capability aprlGuid: 9ce78192-74a0-104c-b5bb-9a443f941649 @@ -52,8 +54,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/cosmos-db/distribute-data-globally" + - name: Distribute data globally with Azure Cosmos DB | Microsoft Learn + url: https://learn.microsoft.com/en-us/azure/cosmos-db/distribute-data-globally + - name: Conflict resolution types and resolution policies in Azure Cosmos DB | Microsoft Learn + url: https://learn.microsoft.com/en-us/azure/cosmos-db/conflict-resolution-policies - description: Choose appropriate consistency mode reflecting data durability requirements aprlGuid: 23ebe97d-c546-204b-8b0d-00e61a5524f7 @@ -71,8 +75,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/cosmos-db/consistency-levels" + - name: Consistency level choices - Azure Cosmos DB | Microsoft Learn + url: https://learn.microsoft.com/en-us/azure/cosmos-db/consistency-levels - description: Configure continuous backup mode aprlGuid: e544520b-8505-7841-9e77-1f1974ee86ec @@ -90,8 +94,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/cosmos-db/continuous-backup-restore-introduction" + - name: Continuous backup with point in time restore feature in Azure Cosmos DB | Microsoft Learn + url: https://learn.microsoft.com/en-us/azure/cosmos-db/continuous-backup-restore-introduction - description: Ensure query results are fully drained aprlGuid: c006604a-0d29-684c-99f0-9729cb40dac5 @@ -109,8 +113,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/query/pagination#handling-multiple-pages-of-results" + - name: Pagination in Azure Cosmos DB | Microsoft Learn + url: https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/query/pagination#handling-multiple-pages-of-results - description: Maintain singleton pattern in your client aprlGuid: 7eb32cf9-9a42-1540-acf8-597cbba8a418 @@ -128,8 +132,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/conceptual-resilient-sdk-applications" + - name: Designing resilient applications with Azure Cosmos DB SDKs | Microsoft Learn + url: https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/conceptual-resilient-sdk-applications - description: Implement retry logic in your client aprlGuid: fa6ac22f-0584-bb4b-80e4-80f4755d1a97 @@ -147,8 +151,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/conceptual-resilient-sdk-applications" + - name: Designing resilient applications with Azure Cosmos DB SDKs | Microsoft Learn + url: https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/conceptual-resilient-sdk-applications - description: Monitor Cosmos DB health and set up alerts aprlGuid: deaea200-013c-414b-ac9f-bfa7a7fb13f0 @@ -166,5 +170,6 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/cosmos-db/create-alerts" + - name: Create alerts for Azure Cosmos DB using Azure Monitor | Microsoft Learn + url: https://learn.microsoft.com/en-us/azure/cosmos-db/create-alerts + diff --git a/azure-resources/EventGrid/topics/recommendations.yaml b/azure-resources/EventGrid/topics/recommendations.yaml index 39d4712cf..37e29812a 100644 --- a/azure-resources/EventGrid/topics/recommendations.yaml +++ b/azure-resources/EventGrid/topics/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Configure Diagnostic Settings for all Azure Event Grid resources +- description: Configure Diagnostic Settings for all Azure Event Grid resources aprlGuid: 54c3191b-b535-1946-bba9-b754f44060f6 recommendationTypeId: null recommendationControl: Monitoring and Alerting @@ -14,8 +14,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/event-grid/enable-diagnostic-logs-topic" + - name: Azure Event Grid - Enable diagnostic logs for Event Grid resources + url: https://learn.microsoft.com/en-us/azure/event-grid/enable-diagnostic-logs-topic - description: Configure Dead-letter to save events that cannot be delivered aprlGuid: 92162eb5-4323-3145-8a6c-525ce2f0700e @@ -33,8 +33,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/event-grid/delivery-and-retry#dead-letter-events" + - name: Azure Event Grid delivery and retry + url: https://learn.microsoft.com/en-us/azure/event-grid/delivery-and-retry#dead-letter-events - description: Configure Private Endpoints aprlGuid: b2069f64-4741-3d4a-a71d-50c8b03f5ab7 @@ -52,5 +52,6 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/event-grid/configure-private-endpoints" + - name: Configure private endpoints for Azure Event Grid topics or domains + url: https://learn.microsoft.com/en-us/azure/event-grid/configure-private-endpoints + diff --git a/azure-resources/EventHub/namespaces/recommendations.yaml b/azure-resources/EventHub/namespaces/recommendations.yaml index a7eb43352..d267897d6 100644 --- a/azure-resources/EventHub/namespaces/recommendations.yaml +++ b/azure-resources/EventHub/namespaces/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Enable zone redundancy for Event Hub namespace +- description: Enable zone redundancy for Event Hub namespace aprlGuid: 84636c6c-b317-4722-b603-7b1ffc16384b recommendationTypeId: null recommendationControl: High Availability @@ -14,8 +14,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/event-hubs/event-hubs-geo-dr?tabs=portal#availability-zones" + - name: Azure Event Hubs - Geo-disaster recovery + url: https://learn.microsoft.com/azure/event-hubs/event-hubs-geo-dr?tabs=portal#availability-zones - description: Enable auto-inflate on Event Hub Standard tier aprlGuid: fbfef3df-04a5-41b2-a8fd-b8541eb04956 @@ -33,5 +33,6 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/event-hubs/event-hubs-auto-inflate" + - name: Azure Event Hubs - Automatically scale throughput units + url: https://learn.microsoft.com/azure/event-hubs/event-hubs-auto-inflate + diff --git a/azure-resources/Insights/activityLogAlerts/recommendations.yaml b/azure-resources/Insights/activityLogAlerts/recommendations.yaml index f7b61d1e5..15af382e2 100644 --- a/azure-resources/Insights/activityLogAlerts/recommendations.yaml +++ b/azure-resources/Insights/activityLogAlerts/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Configure Resource Health Alerts +- description: Configure Resource Health Alerts aprlGuid: be448849-0d7d-49ba-9c94-9573ee533d5d recommendationTypeId: null recommendationControl: Monitoring and Alerting @@ -14,8 +14,12 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/service-health/resource-health-overview" + - name: Resource Health + url: https://learn.microsoft.com/en-us/azure/service-health/resource-health-overview + - name: Configure Resource Health alerts in the Azure portal + url: https://learn.microsoft.com/en-us/azure/service-health/resource-health-alert-monitor-guide#create-a-resource-health-alert-rule-in-the-azure-portal + - name: Alerts Health + url: https://learn.microsoft.com/en-us/azure/service-health/alerts-activity-log-service-notifications-portal - description: Configure Service Health Alerts aprlGuid: 9729c89d-8118-41b4-a39b-e12468fa872b @@ -33,5 +37,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/service-health/overview" + - name: What is Azure Service Health? + url: https://learn.microsoft.com/azure/service-health/overview + - name: Configure alerts for service health events + url: https://learn.microsoft.com/azure/service-health/alerts-activity-log-service-notifications-portal + diff --git a/azure-resources/Insights/components/recommendations.yaml b/azure-resources/Insights/components/recommendations.yaml index 43c9c7d20..9a265a410 100644 --- a/azure-resources/Insights/components/recommendations.yaml +++ b/azure-resources/Insights/components/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Convert Classic Deployments +- description: Convert Classic Deployments aprlGuid: dac421ec-2832-4c37-839e-b6dc5a38f2fa recommendationTypeId: null recommendationControl: Service Upgrade And Retirement @@ -14,5 +14,6 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/azure-monitor/app/convert-classic-resource" + - name: Migrate an Application Insights classic resource to a workspace-based resource + url: https://learn.microsoft.com/en-us/azure/azure-monitor/app/convert-classic-resource + diff --git a/azure-resources/KeyVault/vaults/recommendations.yaml b/azure-resources/KeyVault/vaults/recommendations.yaml index b74dc8760..a07e96751 100644 --- a/azure-resources/KeyVault/vaults/recommendations.yaml +++ b/azure-resources/KeyVault/vaults/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Key vaults should have soft delete enabled +- description: Key vaults should have soft delete enabled aprlGuid: 1cca00d2-d9ab-8e42-a788-5d40f49405cb recommendationTypeId: null recommendationControl: Disaster Recovery @@ -14,8 +14,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/key-vault/general/soft-delete-overview" + - name: Azure Key Vault soft-delete overview + url: https://learn.microsoft.com/azure/key-vault/general/soft-delete-overview - description: Key vaults should have purge protection enabled aprlGuid: 70fcfe6d-00e9-5544-a63a-fff42b9f2edb @@ -33,8 +33,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/key-vault/general/soft-delete-overview#purge-protection" + - name: Azure Key Vault purge-protection overview + url: https://learn.microsoft.com/azure/key-vault/general/soft-delete-overview#purge-protection - description: Enable Azure Private Link Service for Key vault aprlGuid: 00c3d2b0-ea6e-4c4b-89be-b78a35caeb51 @@ -52,8 +52,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/key-vault/general/security-features#network-security" + - name: Azure Key Vault Private Link Service overview + url: https://learn.microsoft.com/azure/key-vault/general/security-features#network-security - description: Use separate key vaults per application per environment aprlGuid: e7091145-3642-bd41-bb58-66502e64d2cd @@ -71,8 +71,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/key-vault/general/best-practices#why-we-recommend-separate-key-vaults" + - name: Azure Key Vault best practices overview + url: https://learn.microsoft.com/azure/key-vault/general/best-practices#why-we-recommend-separate-key-vaults - description: Diagnostic logs in Key Vault should be enabled aprlGuid: 1dc0821d-4f14-7644-bab4-ba208ff5f7fa @@ -90,5 +90,6 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/key-vault/general/logging?tabs=Vault" + - name: Azure Key Vault logging overview + url: https://learn.microsoft.com/azure/key-vault/general/logging?tabs=Vault + diff --git a/azure-resources/NetApp/netAppAccounts/recommendations.yaml b/azure-resources/NetApp/netAppAccounts/recommendations.yaml index 2ce11bd14..6e9310d92 100644 --- a/azure-resources/NetApp/netAppAccounts/recommendations.yaml +++ b/azure-resources/NetApp/netAppAccounts/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Use the correct service level and volume quota size for the expected performance level +- description: Use the correct service level and volume quota size for the expected performance level aprlGuid: af426a99-62a6-6b4c-9662-42d220b413b8 recommendationTypeId: null recommendationControl: Scalability @@ -14,8 +14,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/azure-netapp-files/azure-netapp-files-service-levels" + - name: Service levels for Azure NetApp Files | Microsoft Learn + url: https://learn.microsoft.com/azure/azure-netapp-files/azure-netapp-files-service-levels - description: Use standard network features for production in Azure NetApp Files aprlGuid: ab984130-c57b-6c4a-8d04-6723b4e1bdb6 @@ -33,8 +33,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/azure-netapp-files/azure-netapp-files-network-topologies" + - name: Guidelines for Azure NetApp Files network planning | Microsoft Learn + url: https://learn.microsoft.com/azure/azure-netapp-files/azure-netapp-files-network-topologies - description: Use availability zones for high availability in Azure NetApp Files aprlGuid: 47d100a5-7f85-5742-967a-67eb5081240a @@ -52,8 +52,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/azure-netapp-files/use-availability-zones" + - name: Use availability zones for high availability in Azure NetApp Files | Microsoft Learn + url: https://learn.microsoft.com/azure/azure-netapp-files/use-availability-zones - description: Use snapshots for data protection in Azure NetApp Files aprlGuid: 72827434-c773-4345-9493-34848ddf5803 @@ -71,8 +71,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/azure-netapp-files/snapshots-introduction" + - name: How Azure NetApp Files snapshots work | Microsoft Learn + url: https://learn.microsoft.com/azure/azure-netapp-files/snapshots-introduction - description: Enable backup for data protection in Azure NetApp Files aprlGuid: b2fb3e60-97ec-e34d-af29-b16a0d61c2ac @@ -90,11 +90,11 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/azure-netapp-files/backup-introduction" + - name: Understand Azure NetApp Files backup | Microsoft Learn + url: https://learn.microsoft.com/azure/azure-netapp-files/backup-introduction - description: Enable Cross-region replication of Azure NetApp Files volumes - aprlGuid: b2fb3e60-97ec-e34d-af29-b16a0d61c2ac + aprlGuid: e30317d2-c502-4dfe-a2d3-0a737cc79545 recommendationTypeId: null recommendationControl: Disaster Recovery recommendationImpact: High @@ -109,8 +109,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/azure-netapp-files/cross-region-replication-introduction" + - name: Cross-region replication of Azure NetApp Files volumes + url: https://learn.microsoft.com/en-us/azure/azure-netapp-files/cross-region-replication-introduction - description: Enable Cross-zone replication of Azure NetApp Files volumes aprlGuid: e3d742e1-dacd-9b48-b6b1-510ec9f87c96 @@ -128,8 +128,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/azure-netapp-files/cross-zone-replication-introduction" + - name: Cross-zone replication of Azure NetApp Files volumes | Microsoft Learn + url: https://learn.microsoft.com/azure/azure-netapp-files/cross-zone-replication-introduction - description: Monitor Azure NetApp Files metrics to better understand usage pattern and performance aprlGuid: 2f579fc9-e599-0d44-8b97-254f50ae04d8 @@ -147,8 +147,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/azure-netapp-files/monitor-azure-netapp-files" + - name: Ways to monitor Azure NetApp Files | Microsoft Learn + url: https://learn.microsoft.com/azure/azure-netapp-files/monitor-azure-netapp-files - description: Enforce standards and assess compliance in Azure NetApp Files with Azure policy aprlGuid: 687ae58f-517f-ca43-90fe-922497e61283 @@ -166,8 +166,10 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/azure-netapp-files/azure-policy-definitions" + - name: Azure Policy definitions for Azure NetApp Files | Microsoft Learn + url: https://learn.microsoft.com/azure/azure-netapp-files/azure-policy-definitions + - name: Creating custom policy definitions | Microsoft Learn + url: https://learn.microsoft.com/azure/governance/policy/tutorials/create-custom-policy-definition - description: Restrict default access to Azure NetApp Files volumes aprlGuid: cfa2244b-5436-47de-8287-b217875d3b0a @@ -185,8 +187,16 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/azure-netapp-files/configure-network-features" + - name: Configure network features for an Azure NetApp Files volume + url: https://learn.microsoft.com/azure/azure-netapp-files/configure-network-features + - name: Manage SMB share ACLs in Azure NetApp Files + url: https://learn.microsoft.com/azure/azure-netapp-files/manage-smb-share-access-control-lists + - name: Configure export policy for NFS or dual-protocol volumes + url: https://learn.microsoft.com/azure/azure-netapp-files/azure-netapp-files-configure-export-policy + - name: Configure access control lists on NFSv4.1 volumes for Azure NetApp Files + url: https://learn.microsoft.com/azure/azure-netapp-files/configure-access-control-lists + - name: Configure Unix permissions and change ownership mode for NFS and dual-protocol volumes + url: https://learn.microsoft.com/azure/azure-netapp-files/configure-unix-permissions-change-ownership-mode - description: Make use of SMB continuous availability for supported applications aprlGuid: d1e7ccc3-e6c1-40e9-a36e-fd134711c808 @@ -204,8 +214,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/azure-netapp-files/faq-application-resilience#do-i-need-to-take-special-precautions-for-smb-based-applications" + - name: Do I need to take special precautions for SMB-based applications? | Microsoft Learn + url: https://learn.microsoft.com/azure/azure-netapp-files/faq-application-resilience#do-i-need-to-take-special-precautions-for-smb-based-applications - description: Ensure application resilience for service maintenance events aprlGuid: 60f36f9b-fac9-4160-bbf5-57af04da4f53 @@ -223,5 +233,6 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/azure-netapp-files/faq-application-resilience#what-do-you-recommend-for-handling-potential-application-disruptions-due-to-storage-service-maintenance-events" + - name: What do you recommend for handling potential application disruptions due to storage service maintenance events? | Microsoft Learn + url: https://learn.microsoft.com/azure/azure-netapp-files/faq-application-resilience#what-do-you-recommend-for-handling-potential-application-disruptions-due-to-storage-service-maintenance-events + diff --git a/azure-resources/Network/FrontDoorWebApplicationFirewallPolicies/recommendations.yaml b/azure-resources/Network/FrontDoorWebApplicationFirewallPolicies/recommendations.yaml index 680986dfc..fe72ac382 100644 --- a/azure-resources/Network/FrontDoorWebApplicationFirewallPolicies/recommendations.yaml +++ b/azure-resources/Network/FrontDoorWebApplicationFirewallPolicies/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Inspect Azure Front Door WAF logs for wrongfully blocked legitimate requests +- description: Inspect Azure Front Door WAF logs for wrongfully blocked legitimate requests aprlGuid: d0cfe47f-686b-5043-bf83-5a3868acb80a recommendationTypeId: null recommendationControl: Monitoring and Alerting @@ -14,8 +14,14 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-monitor?pivots=front-door-standard-premium#access-logs" + - name: Azure Web Application Firewall monitoring and logging - Access Log + url: https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-monitor?pivots=front-door-standard-premium#access-logs + - name: Understanding WAF logs + url: https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-tuning?pivots=front-door-standard-premium#understanding-waf-logs + - name: Web Application Firewall exclusion lists + url: https://learn.microsoft.com/azure/web-application-firewall/ag/application-gateway-waf-configuration?tabs=portal + - name: Fixing a false positive + url: https://learn.microsoft.com/azure/web-application-firewall/ag/web-application-firewall-troubleshoot#fixing-false-positives - description: Check Azure Application Gateway WAF logs for mistakenly blocked valid requests aprlGuid: 537b4d94-edd1-4041-b13d-8217dfa485f0 @@ -33,8 +39,10 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/web-application-firewall/ag/application-gateway-waf-metrics#logs-and-diagnostics" + - name: Azure Web Application Firewall Monitoring and Logging + url: https://learn.microsoft.com/azure/web-application-firewall/ag/application-gateway-waf-metrics#logs-and-diagnostics + - name: Diagnostic logs + url: https://learn.microsoft.com/azure/web-application-firewall/ag/web-application-firewall-logs#diagnostic-logs - description: Monitor Web Application Firewall aprlGuid: 5357ae22-0f52-1a49-9fd4-1f00ace6add0 @@ -52,5 +60,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/web-application-firewall/ag/ag-overview#waf-monitoring" + - name: WAF monitoring + url: https://learn.microsoft.com/azure/web-application-firewall/ag/ag-overview#waf-monitoring + - name: Azure Monitor Workbook for WAF + url: https://github.com/Azure/Azure-Network-Security/tree/master/Azure%20WAF/Workbook%20-%20WAF%20Monitor%20Workbook + diff --git a/azure-resources/Network/applicationGateways/recommendations.yaml b/azure-resources/Network/applicationGateways/recommendations.yaml index 455648015..3fc444436 100644 --- a/azure-resources/Network/applicationGateways/recommendations.yaml +++ b/azure-resources/Network/applicationGateways/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Set a minimum instance count of 2 +- description: Set a minimum instance count of 2 aprlGuid: 823b0cff-05c0-2e4e-a1e7-9965e1cfa16f recommendationTypeId: null recommendationControl: Scalability @@ -14,8 +14,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant#autoscaling-and-high-availability" + - name: Application Gateway Autoscaling Zone-Redundant + url: https://learn.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant#autoscaling-and-high-availability - description: Secure all incoming connections with SSL aprlGuid: 233a7008-71e9-e745-923e-1a1c7a0b92f3 @@ -33,8 +33,16 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/well-architected/services/networking/azure-application-gateway#security" + - name: Application Gateway Security + url: https://learn.microsoft.com/azure/well-architected/services/networking/azure-application-gateway#security + - name: Application Gateway SSL Overview + url: https://learn.microsoft.com/azure/application-gateway/ssl-overview + - name: Application Gateway SSL Policy Overview + url: https://learn.microsoft.com/azure/application-gateway/application-gateway-ssl-policy-overview + - name: Application Gateway KeyVault Certs + url: https://learn.microsoft.com/azure/application-gateway/key-vault-certs + - name: Application Gateway SSL Cert Management + url: https://learn.microsoft.com/azure/application-gateway/ssl-certificate-management - description: Enable Web Application Firewall policies aprlGuid: 8d9223c4-730d-ca47-af88-a9a024c37270 @@ -52,8 +60,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/well-architected/services/networking/azure-application-gateway" + - name: Well-Architected Framework Application Gateway Overview + url: https://learn.microsoft.com/azure/well-architected/services/networking/azure-application-gateway + - name: Application Gateway - Web Application Firewall + url: https://learn.microsoft.com/azure/application-gateway/features#web-application-firewall - description: Use Application GW V2 instead of V1 aprlGuid: 7893f0b3-8622-1d47-beed-4b50a19f7895 @@ -71,8 +81,12 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/application-gateway/overview-v2" + - name: Application Gateway Overview V2 + url: https://learn.microsoft.com/azure/application-gateway/overview-v2 + - name: Application Gateway Feature Comparison Between V1 and V2 + url: https://learn.microsoft.com/azure/application-gateway/overview-v2#feature-comparison-between-v1-sku-and-v2-sku + - name: Application Gateway V1 Retirement + url: https://azure.microsoft.com/updates/application-gateway-v1-will-be-retired-on-28-april-2026-transition-to-application-gateway-v2/ - description: Monitor and Log the configurations and traffic aprlGuid: 5d035919-898d-a047-8d5d-454e199692e5 @@ -90,8 +104,10 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/application-gateway/application-gateway-metrics" + - name: Application Gateway Metrics + url: https://learn.microsoft.com/azure/application-gateway/application-gateway-metrics + - name: Application Gateway Diagnostics + url: https://learn.microsoft.com/azure/application-gateway/application-gateway-diagnostics - description: Use Health Probes to detect backend availability aprlGuid: 847a8d88-21c4-bc48-a94e-562206edd767 @@ -109,8 +125,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/application-gateway/application-gateway-probe-overview" + - name: Application Gateway Probe Overview + url: https://learn.microsoft.com/azure/application-gateway/application-gateway-probe-overview + - name: Well-Architected Framework Application Gateway Overview + url: https://learn.microsoft.com/azure/well-architected/services/networking/azure-application-gateway - description: Deploy Application Gateway in a zone-redundant configuration aprlGuid: c9c00f2a-3888-714b-a72b-b4c9e8fcffb2 @@ -128,8 +146,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/well-architected/services/networking/azure-application-gateway#reliability" + - name: Well-Architected Framework Application Gateway Reliability + url: https://learn.microsoft.com/azure/well-architected/services/networking/azure-application-gateway#reliability + - name: Application Gateway V2 Overview + url: https://learn.microsoft.com/azure/application-gateway/overview-v2 - description: Plan for backend maintenance by using connection draining aprlGuid: 10f02bc6-e2e7-004d-a2c2-f9bf9f16b915 @@ -147,8 +167,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/application-gateway/features#connection-draining" + - name: Application Gateway Connection Draining + url: https://learn.microsoft.com/azure/application-gateway/features#connection-draining + - name: Application Gateway Connection Draining HTTP Settings + url: https://learn.microsoft.com/azure/application-gateway/configuration-http-settings#connection-draining - description: Ensure Application Gateway Subnet is using a /24 subnet mask aprlGuid: 8364fd0a-7c0e-e240-9d95-4bf965aec243 @@ -166,5 +188,6 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/application-gateway/configuration-infrastructure#size-of-the-subnet" + - name: Azure Application Gateway infrastructure configuration | Microsoft Learn + url: https://learn.microsoft.com/en-us/azure/application-gateway/configuration-infrastructure#size-of-the-subnet + diff --git a/azure-resources/Network/azureFirewalls/recommendations.yaml b/azure-resources/Network/azureFirewalls/recommendations.yaml index 53e6e88f6..57f900eab 100644 --- a/azure-resources/Network/azureFirewalls/recommendations.yaml +++ b/azure-resources/Network/azureFirewalls/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Deploy Azure Firewall across multiple availability zones +- description: Deploy Azure Firewall across multiple availability zones aprlGuid: c72b7fee-1fa0-5b4b-98e5-54bcae95bb74 recommendationTypeId: null recommendationControl: High Availability @@ -14,8 +14,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/architecture/framework/services/networking/azure-firewall" + - name: Azure Well Architected Framework - Azure Firewall + url: https://learn.microsoft.com/azure/architecture/framework/services/networking/azure-firewall + - name: Deploy Azure Firewall across multiple availability zones + url: https://learn.microsoft.com/azure/firewall/deploy-availability-zone-powershell - description: Monitor Azure Firewall metrics aprlGuid: 3c8fa7c6-6b78-a24a-a63f-348a7c71acb9 @@ -33,8 +35,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/azure-monitor/essentials/metrics-supported#microsoftnetworkazurefirewalls" + - name: Azure Firewall metrics supported in Azure Monitor + url: https://learn.microsoft.com/azure/azure-monitor/essentials/metrics-supported#microsoftnetworkazurefirewalls + - name: Azure Firewall performance + url: https://learn.microsoft.com/azure/firewall/firewall-performance - description: Configure DDoS Protection on the Azure Firewall VNet aprlGuid: 1b2dbf4a-8a0b-5e4b-8f4e-3f758188910d @@ -52,8 +56,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/ddos-protection/ddos-protection-overview" + - name: Azure DDoS Protection overview + url: https://learn.microsoft.com/azure/ddos-protection/ddos-protection-overview - description: Leverage Azure Policy inheritance model aprlGuid: 3a63560a-1ed3-6140-acd1-d1d23f9a2e12 @@ -71,8 +75,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/firewall-manager/rule-hierarchy" + - name: Azure Firewall Policy hierarchy + url: https://learn.microsoft.com/azure/firewall-manager/rule-hierarchy - description: Configure 2-4 PIPs for SNAT Port utilization aprlGuid: d2e4a38e-2307-4299-a217-4c0cebc9a7f6 @@ -90,8 +94,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/well-architected/service-guides/azure-firewall#recommendations" + - name: Azure Well-Architected Framework review - Azure Firewall + url: https://learn.microsoft.com/en-us/azure/well-architected/service-guides/azure-firewall#recommendations - description: Monitor AZFW Latency Probes metric aprlGuid: 8faace2d-a36e-425c-aa58-2ad99e3e0b7a @@ -109,5 +113,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/well-architected/service-guides/azure-firewall#recommendations" + - name: Azure Well-Architected Framework review - Azure Firewall + url: https://learn.microsoft.com/azure/well-architected/service-guides/azure-firewall#recommendations + - name: Azure Firewall metrics overview + url: https://learn.microsoft.com/azure/firewall/metrics + diff --git a/azure-resources/Network/connections/recommendations.yaml b/azure-resources/Network/connections/recommendations.yaml index a3fb89b7d..94b4522b5 100644 --- a/azure-resources/Network/connections/recommendations.yaml +++ b/azure-resources/Network/connections/recommendations.yaml @@ -1,4 +1,4 @@ -- description: For better data path performance enable FastPath on ExpressRoute Direct and Gateway +- description: For better data path performance enable FastPath on ExpressRoute Direct and Gateway aprlGuid: f6a14b32-a727-4ace-b5fa-7b1c6bdff402 recommendationTypeId: null recommendationControl: Scalability @@ -14,8 +14,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/expressroute/about-fastpath" + - name: About ExpressRoute FastPath + url: https://learn.microsoft.com/en-us/azure/expressroute/about-fastpath - description: Configure an Azure Resource Lock on connections to prevent accidental deletion aprlGuid: a5f3a4bd-4cf1-4196-a3cb-f5a0876198b2 @@ -33,5 +33,6 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json" + - name: Protect your Azure resources with a lock - Azure Resource Manager | Microsoft Learn + url: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json + diff --git a/azure-resources/Network/ddosProtectionPlans/recommendations.yaml b/azure-resources/Network/ddosProtectionPlans/recommendations.yaml index 0b19e5768..fb130d735 100644 --- a/azure-resources/Network/ddosProtectionPlans/recommendations.yaml +++ b/azure-resources/Network/ddosProtectionPlans/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Monitor Azure DDoS Protection Plan metrics +- description: Monitor Azure DDoS Protection Plan metrics aprlGuid: ae054bf2-aefa-cf4a-8282-741194cef8da recommendationTypeId: null recommendationControl: Security @@ -14,5 +14,6 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/ddos-protection/monitor-ddos-protection-reference" + - name: Monitoring Azure DDoS Protection + url: https://learn.microsoft.com/en-us/azure/ddos-protection/monitor-ddos-protection-reference + diff --git a/azure-resources/Network/expressRouteCircuits/recommendations.yaml b/azure-resources/Network/expressRouteCircuits/recommendations.yaml index 799a066ff..1ba4fb6fb 100644 --- a/azure-resources/Network/expressRouteCircuits/recommendations.yaml +++ b/azure-resources/Network/expressRouteCircuits/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Connect on-prem networks to Azure critical workloads via multiple ExpressRoutes +- description: Connect on-prem networks to Azure critical workloads via multiple ExpressRoutes aprlGuid: 4d703025-dafc-f840-a183-5dc440456134 recommendationTypeId: null recommendationControl: High Availability @@ -14,8 +14,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering" + - name: Designing for disaster recovery with ExpressRoute private peering + url: https://learn.microsoft.com/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering - description: Ensure ExpressRoute's physical links connect to distinct network edge devices aprlGuid: 0e19cc41-8274-1342-b0db-0e4146eacef8 @@ -33,8 +33,10 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/expressroute/designing-for-high-availability-with-expressroute" + - name: Designing for high availability with ExpressRoute + url: https://learn.microsoft.com/en-us/azure/expressroute/designing-for-high-availability-with-expressroute + - name: Azure Well-Architected Framework review - Azure ExpressRoute - Design Checklist + url: https://learn.microsoft.com/azure/well-architected/services/networking/azure-expressroute#recommendations - description: Ensure both connections of an ExpressRoute circuit are configured in active-active mode aprlGuid: f06a2bbe-5839-d447-9f39-fc3d20562d88 @@ -52,8 +54,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/expressroute/designing-for-high-availability-with-expressroute#active-active-connections" + - name: Designing for high availability with ExpressRoute - Active-active connections + url: https://learn.microsoft.com/azure/expressroute/designing-for-high-availability-with-expressroute#active-active-connections - description: Activate Bidirectional Forwarding Detection on edge devices for faster failover aprlGuid: 2a5bf650-586d-db4c-a292-d922be7d3e0e @@ -71,8 +73,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/expressroute/expressroute-bfd" + - name: Configure BFD over ExpressRoute + url: https://learn.microsoft.com/azure/expressroute/expressroute-bfd - description: Configure monitoring and alerting for ExpressRoute circuits aprlGuid: 9771a435-d031-814e-9827-9b5fdafc0f87 @@ -90,8 +92,12 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/expressroute/expressroute-network-insights" + - name: Azure ExpressRoute Insights using Network Insights | Microsoft Learn + url: https://learn.microsoft.com/en-us/azure/expressroute/expressroute-network-insights + - name: Monitoring Azure ExpressRoute + url: https://learn.microsoft.com/azure/expressroute/monitor-expressroute + - name: Configure Traffic Collector for ExpressRoute Direct - Azure ExpressRoute | Microsoft Learn + url: https://learn.microsoft.com/en-us/azure/expressroute/how-to-configure-traffic-collector#deploy-expressroute-traffic-collector - description: Configure service health to receive ExpressRoute circuit maintenance notification aprlGuid: 26cb547f-aabc-dc40-be02-d0a9b6b04b1a @@ -109,8 +115,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/expressroute/maintenance-alerts" + - name: How to view and configure alerts for Azure ExpressRoute circuit maintenance + url: https://learn.microsoft.com/azure/expressroute/maintenance-alerts - description: Use a site-to-site VPN as an interim backup solution for a single ExpressRoute circuit aprlGuid: f902cf86-2b53-2942-abc2-781f4fb62be6 @@ -128,5 +134,6 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/expressroute/use-s2s-vpn-as-backup-for-expressroute-privatepeering" + - name: Using S2S VPN as a backup for ExpressRoute private peering + url: https://learn.microsoft.com/azure/expressroute/use-s2s-vpn-as-backup-for-expressroute-privatepeering + diff --git a/azure-resources/Network/expressRoutePorts/recommendations.yaml b/azure-resources/Network/expressRoutePorts/recommendations.yaml index 46228a673..7cb7cc0cf 100644 --- a/azure-resources/Network/expressRoutePorts/recommendations.yaml +++ b/azure-resources/Network/expressRoutePorts/recommendations.yaml @@ -1,4 +1,4 @@ -- description: The Admin State of both Links of an ExpressRoute Direct should be in Enabled state +- description: The Admin State of both Links of an ExpressRoute Direct should be in Enabled state aprlGuid: 60077378-7cb1-4b35-89bb-393884d9921d recommendationTypeId: null recommendationControl: High Availability @@ -14,8 +14,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/expressroute/expressroute-howto-erdirect#state" + - name: How to configure ExpressRoute Direct: Change Admin State of links + url: https://learn.microsoft.com/en-us/azure/expressroute/expressroute-howto-erdirect#state - description: Ensure you do not over-subscribe an ExpressRoute Direct aprlGuid: 0bee356b-7348-4799-8cab-0c71ffe13018 @@ -33,8 +33,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/expressroute/expressroute-erdirect-about?source=recommendations#circuit-sizes" + - name: About ExpressRoute Direct: Circuit Sizes + url: https://learn.microsoft.com/en-us/azure/expressroute/expressroute-erdirect-about?source=recommendations#circuit-sizes - description: Implement rate-limiting across ExpressRoute Direct Circuits to optimize network flow aprlGuid: d40c769d-2f08-4980-8d8f-a386946276e6 @@ -52,5 +52,6 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/expressroute/rate-limit" + - name: Rate limiting for ExpressRoute Direct circuits (Preview) + url: https://learn.microsoft.com/en-us/azure/expressroute/rate-limit + diff --git a/azure-resources/Network/loadBalancers/recommendations.yaml b/azure-resources/Network/loadBalancers/recommendations.yaml index b496080ab..74758fbd8 100644 --- a/azure-resources/Network/loadBalancers/recommendations.yaml +++ b/azure-resources/Network/loadBalancers/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Use Standard Load Balancer SKU +- description: Use Standard Load Balancer SKU aprlGuid: 38c3bca1-97a1-eb42-8cd3-838b243f35ba recommendationTypeId: null recommendationControl: High Availability @@ -14,8 +14,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/architecture/framework/services/networking/azure-load-balancer/reliability" + - name: Reliability and Azure Load Balancer + url: https://learn.microsoft.com/azure/architecture/framework/services/networking/azure-load-balancer/reliability + - name: Resiliency checklist for specific Azure services- Azure Load Balancer + url: https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#azure-load-balancer - description: Ensure the Backend Pool contains at least two instances aprlGuid: 6d82d042-6d61-ad49-86f0-6a5455398081 @@ -33,8 +35,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#azure-load-balancer" + - name: Resiliency checklist for specific Azure services- Azure Load Balancer + url: https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#azure-load-balancer - description: Use NAT Gateway instead of Outbound Rules for Production Workloads aprlGuid: 8d319a05-677b-944f-b9b4-ca0fb42e883c @@ -52,8 +54,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#azure-load-balancer" + - name: Resiliency checklist for specific Azure services- Azure Load Balancer + url: https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#azure-load-balancer - description: Ensure Standard Load Balancer is zone-redundant aprlGuid: 621dbc78-3745-4d32-8eac-9e65b27b7512 @@ -71,5 +73,6 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-availability-zones#zone-redundant" + - name: Load Balancer and Availability Zones + url: https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-availability-zones#zone-redundant + diff --git a/azure-resources/Network/networkSecurityGroups/recommendations.yaml b/azure-resources/Network/networkSecurityGroups/recommendations.yaml index 692e1ec28..8b9a83259 100644 --- a/azure-resources/Network/networkSecurityGroups/recommendations.yaml +++ b/azure-resources/Network/networkSecurityGroups/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Configure Diagnostic Settings for all network security groups +- description: Configure Diagnostic Settings for all network security groups aprlGuid: d2976d3e-294b-4b49-a1f0-c42566a3758f recommendationTypeId: null recommendationControl: Monitoring and Alerting @@ -14,8 +14,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/azure-monitor/essentials/diagnostic-settings" + - name: Diagnostic settings in Azure Monitor + url: https://learn.microsoft.com/azure/azure-monitor/essentials/diagnostic-settings - description: Monitor changes in Network Security Groups with Azure Monitor aprlGuid: 8bb4a57b-55e4-d24e-9c19-2679d8bc779f @@ -33,8 +33,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/azure-monitor/essentials/activity-log?tabs=powershell" + - name: Azure Monitor activity log + url: https://learn.microsoft.com/azure/azure-monitor/essentials/activity-log?tabs=powershell - description: Configure locks for Network Security Groups to avoid accidental changes and/or deletion aprlGuid: 52ac35e8-9c3e-f84d-8ce8-2fab955333d3 @@ -52,8 +52,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/azure-resource-manager/management/lock-resources?toc=%2Fazure%2Fvirtual-network%2Ftoc.json&tabs=json" + - name: Lock your resources to protect your infrastructure + url: https://learn.microsoft.com/azure/azure-resource-manager/management/lock-resources?toc=%2Fazure%2Fvirtual-network%2Ftoc.json&tabs=json - description: Configure NSG Flow Logs aprlGuid: da1a3c06-d1d5-a940-9a99-fcc05966fe7c @@ -71,8 +71,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/network-watcher/network-watcher-nsg-flow-logging-overview" + - name: Flow logging for network security groups + url: https://learn.microsoft.com/azure/network-watcher/network-watcher-nsg-flow-logging-overview - description: The NSG only has Default Security Rules, make sure to configure the necessary rules aprlGuid: 8291c1fa-650c-b44b-b008-4deb7465919d @@ -90,5 +90,6 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/virtual-network/network-security-groups-overview#security-rules" + - name: Security rules + url: https://learn.microsoft.com/azure/virtual-network/network-security-groups-overview#security-rules + diff --git a/azure-resources/Network/networkWatchers/recommendations.yaml b/azure-resources/Network/networkWatchers/recommendations.yaml index 7b4904530..cf1b542e1 100644 --- a/azure-resources/Network/networkWatchers/recommendations.yaml +++ b/azure-resources/Network/networkWatchers/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Deploy Network Watcher in all regions where you have networking services +- description: Deploy Network Watcher in all regions where you have networking services aprlGuid: 4e133bd0-8762-bc40-a95b-b29142427d73 recommendationTypeId: null recommendationControl: Monitoring and Alerting @@ -14,8 +14,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/network-watcher/network-watcher-overview" + - name: What is Azure Network Watcher? + url: https://learn.microsoft.com/azure/network-watcher/network-watcher-overview - description: Fix Flow Log configurations in Failed state or Disabled Status aprlGuid: 22a769ed-0ecb-8b49-bafe-8f52e6373d9c @@ -33,5 +33,6 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/network-watcher/nsg-flow-logging" + - name: Manage NSG flow logs using the Azure portal + url: https://learn.microsoft.com/azure/network-watcher/nsg-flow-logging + diff --git a/azure-resources/Network/privateDnsZones/recommendations.yaml b/azure-resources/Network/privateDnsZones/recommendations.yaml index 0499864d3..7cf47e51d 100644 --- a/azure-resources/Network/privateDnsZones/recommendations.yaml +++ b/azure-resources/Network/privateDnsZones/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Protect private DNS zones and records +- description: Protect private DNS zones and records aprlGuid: 2820f6d6-a23c-7a40-aec5-506f3bd1aeb6 recommendationTypeId: null recommendationControl: Security @@ -14,8 +14,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/dns/dns-protect-private-zones-recordsets" + - name: Protecting private DNS Zones and Records - Azure DNS + url: https://learn.microsoft.com/en-us/azure/dns/dns-protect-private-zones-recordsets - description: Monitor Private DNS Zones health and set up alerts aprlGuid: ab896e8c-49b9-2c44-adec-98339aff7821 @@ -33,8 +33,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/dns/private-dns-scenarios" + - name: Scenarios for Azure Private DNS zones + url: https://learn.microsoft.com/en-us/azure/dns/private-dns-scenarios - description: Align Production and DR zones with identical workload and resource failover entries aprlGuid: 1e02335c-1f90-fd4e-a5a5-d359c7b22d70 @@ -52,5 +52,6 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/dns/private-dns-scenarios" + - name: Scenarios for Azure Private DNS zones + url: https://learn.microsoft.com/en-us/azure/dns/private-dns-scenarios + diff --git a/azure-resources/Network/privateEndpoints/recommendations.yaml b/azure-resources/Network/privateEndpoints/recommendations.yaml index 1508e0870..656d5a598 100644 --- a/azure-resources/Network/privateEndpoints/recommendations.yaml +++ b/azure-resources/Network/privateEndpoints/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Resolve issues with Private Endpoints in non Succeeded connection state +- description: Resolve issues with Private Endpoints in non Succeeded connection state aprlGuid: b89c9acc-0aba-fb44-9ff2-3dbfcf97dce7 recommendationTypeId: null recommendationControl: High Availability @@ -14,5 +14,6 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/private-link/manage-private-endpoint?tabs=manage-private-link-powershell#private-endpoint-connections" + - name: Private endpoint connections + url: https://learn.microsoft.com/azure/private-link/manage-private-endpoint?tabs=manage-private-link-powershell#private-endpoint-connections + diff --git a/azure-resources/Network/publicIPAddresses/recommendations.yaml b/azure-resources/Network/publicIPAddresses/recommendations.yaml index 81cdffeec..1bd87ae7b 100644 --- a/azure-resources/Network/publicIPAddresses/recommendations.yaml +++ b/azure-resources/Network/publicIPAddresses/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Use Standard SKU and Zone-Redundant IPs when applicable +- description: Use Standard SKU and Zone-Redundant IPs when applicable aprlGuid: c63b81fb-7afc-894c-a840-91bb8a8dcfaf recommendationTypeId: null recommendationControl: High Availability @@ -14,8 +14,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/virtual-network/ip-services/public-ip-addresses#availability-zone" + - name: Public IP addresses - Availability Zones + url: https://learn.microsoft.com/azure/virtual-network/ip-services/public-ip-addresses#availability-zone + - name: Upgrading a basic public IP address to Standard SKU + url: https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-basic-upgrade-guidance#steps-to-complete-the-upgrade - description: Use NAT gateway for outbound connectivity to avoid SNAT Exhaustion aprlGuid: 1adba190-5c4c-e646-8527-dd1b2a6d8b15 @@ -33,8 +35,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/advisor/advisor-reference-reliability-recommendations#use-nat-gateway-for-outbound-connectivity" + - name: Use NAT GW for outbound connectivity + url: https://learn.microsoft.com/azure/advisor/advisor-reference-reliability-recommendations#use-nat-gateway-for-outbound-connectivity + - name: TCP and SNAT Ports + url: https://learn.microsoft.com/azure/architecture/framework/services/compute/azure-app-service/reliability#tcp-and-snat-ports - description: Upgrade Basic SKU public IP addresses to Standard SKU aprlGuid: 5cea1501-6fe4-4ec4-ac8f-f72320eb18d3 @@ -52,5 +56,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-basic-upgrade-guidance" + - name: Upgrading a basic public IP address to Standard SKU - Guidance + url: https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-basic-upgrade-guidance + - name: Upgrade to Standard SKU public IP addresses in Azure by 30 September 2025�Basic SKU will be retired + url: https://azure.microsoft.com/en-us/updates/upgrade-to-standard-sku-public-ip-addresses-in-azure-by-30-september-2025-basic-sku-will-be-retired/ + diff --git a/azure-resources/Network/routeTables/recommendations.yaml b/azure-resources/Network/routeTables/recommendations.yaml index 9eac6f6ba..3cc7cb88d 100644 --- a/azure-resources/Network/routeTables/recommendations.yaml +++ b/azure-resources/Network/routeTables/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Monitor changes in Route Tables with Azure Monitor +- description: Monitor changes in Route Tables with Azure Monitor aprlGuid: 23b2dfc7-7e5d-9443-9f62-980ca621b561 recommendationTypeId: null recommendationControl: Monitoring and Alerting @@ -14,8 +14,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log?tabs=powershell" + - name: Azure activity log - Azure Monitor | Microsoft Learn + url: https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log?tabs=powershell - description: Configure locks for Route Tables to avoid accidental changes or deletion aprlGuid: 89d1166a-1a20-0f46-acc8-3194387bf127 @@ -33,5 +33,6 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?toc=%2Fazure%2Fvirtual-network%2Ftoc.json&tabs=json" + - name: Protect your Azure resources with a lock - Azure Resource Manager | Microsoft Learn + url: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?toc=%2Fazure%2Fvirtual-network%2Ftoc.json&tabs=json + diff --git a/azure-resources/Network/trafficmanagerprofiles/recommendations.yaml b/azure-resources/Network/trafficmanagerprofiles/recommendations.yaml index c2082b5f4..548d5c414 100644 --- a/azure-resources/Network/trafficmanagerprofiles/recommendations.yaml +++ b/azure-resources/Network/trafficmanagerprofiles/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Traffic Manager Monitor Status Should be Online +- description: Traffic Manager Monitor Status Should be Online aprlGuid: f05a3e6d-49db-2740-88e2-2b13706c1f67 recommendationTypeId: null recommendationControl: High Availability @@ -14,8 +14,12 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/traffic-manager/traffic-manager-monitoring" + - name: Azure Traffic Manager endpoint monitoring + url: https://learn.microsoft.com/azure/traffic-manager/traffic-manager-monitoring + - name: Enable or disable health checks + url: https://learn.microsoft.com/azure/traffic-manager/traffic-manager-monitoring#enable-or-disable-health-checks-preview + - name: Troubleshooting degraded state on Azure Traffic Manager + url: https://learn.microsoft.com/azure/traffic-manager/traffic-manager-troubleshooting-degraded - description: Traffic manager profiles should have more than one endpoint aprlGuid: 5b422a7f-8caa-3d48-becb-511599e5bba9 @@ -33,8 +37,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/traffic-manager/traffic-manager-endpoint-types" + - name: Traffic Manager Endpoint Types + url: https://learn.microsoft.com/azure/traffic-manager/traffic-manager-endpoint-types - description: Configure at least one endpoint within a another region aprlGuid: 1ad9d7b7-9692-1441-a8f4-93792efbe97a @@ -52,8 +56,9 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/advisor/advisor-reference-reliability-recommendations#add-at-least-one-more-endpoint-to-the-profile-preferably-in-another-azure-region" + - name: Reliability recommendations + + url: https://learn.microsoft.com/azure/advisor/advisor-reference-reliability-recommendations#add-at-least-one-more-endpoint-to-the-profile-preferably-in-another-azure-region - description: Ensure endpoint configured to (All World) for geographic profiles aprlGuid: c31f76a0-48cd-9f44-aa43-99ee904db9bc @@ -71,5 +76,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/advisor/advisor-reference-reliability-recommendations#add-an-endpoint-configured-to-all-world" + - name: Add an endpoint configured to "All (World)" + url: https://learn.microsoft.com/azure/advisor/advisor-reference-reliability-recommendations#add-an-endpoint-configured-to-all-world + - name: Traffic Manager profile - GeographicProfile (Add an endpoint configured to ""All (World)""). + url: https://aka.ms/Rf7vc5 + diff --git a/azure-resources/Network/virtualNetworkGateways/recommendations.yaml b/azure-resources/Network/virtualNetworkGateways/recommendations.yaml index ee9e7057c..6834580f3 100644 --- a/azure-resources/Network/virtualNetworkGateways/recommendations.yaml +++ b/azure-resources/Network/virtualNetworkGateways/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Connect ExpressRoute Gateway with circuits from diverse peering locations for resilience +- description: Connect ExpressRoute Gateway with circuits from diverse peering locations for resilience aprlGuid: d37db635-157f-584d-9bce-4f6fc8c65ce5 recommendationTypeId: null recommendationControl: High Availability @@ -14,8 +14,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering" + - name: Designing for disaster recovery with ExpressRoute private peering + url: https://learn.microsoft.com/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering - description: Use Zone-redundant gateway SKUs aprlGuid: bbe668b7-eb5c-c746-8b82-70afdedf0cae @@ -33,8 +33,12 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways#zrgw" + - name: About ExpressRoute virtual network gateways - Zone-redundant gateway SKUs + url: https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways#zrgw + - name: About zone-redundant virtual network gateway in Azure availability zones + url: https://learn.microsoft.com/azure/vpn-gateway/about-zone-redundant-vnet-gateways + - name: Create a zone-redundant virtual network gateway in Azure Availability Zones + url: https://learn.microsoft.com/azure/vpn-gateway/create-zone-redundant-vnet-gateway - description: Configure an Azure Resource lock for ExpressRoute Gateway to prevent accidental deletion aprlGuid: c0f23a92-d322-4d4d-97e9-a238b5e3bbb8 @@ -52,8 +56,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json" + - name: Protect your Azure resources with a lock - Azure Resource Manager | Microsoft Learn + url: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json - description: Monitor gateway health aprlGuid: 1c34faa8-8b99-974c-adbf-71922eae943c @@ -71,8 +75,10 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/expressroute/expressroute-monitoring-metrics-alerts#expressroute-gateways" + - name: ExpressRoute monitoring, metrics, and alerts | ExpressRoute gateways + url: https://learn.microsoft.com/azure/expressroute/expressroute-monitoring-metrics-alerts#expressroute-gateways + - name: Azure ExpressRoute Insights using Network Insights + url: https://learn.microsoft.com/en-us/azure/expressroute/expressroute-network-insights - description: Avoid using ExpressRoute circuits for VNet to VNet communication aprlGuid: 194c14ac-0d7a-5a48-ae32-75fa450ee564 @@ -90,8 +96,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways#vnet-to-vnet-connectivity" + - name: About ExpressRoute virtual network gateways - VNet-to-VNet connectivity + url: https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways#vnet-to-vnet-connectivity - description: Configure customer-controlled gateway maintenance aprlGuid: 3e115044-a3aa-433e-be01-ce17d67e50da @@ -109,8 +115,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/expressroute/customer-controlled-gateway-maintenance#azure-portal-steps" + - name: Configure customer-controlled maintenance for your virtual network gateway - ExpressRoute | Microsoft Learn + url: https://learn.microsoft.com/en-us/azure/expressroute/customer-controlled-gateway-maintenance#azure-portal-steps - description: Choose a Zone-redundant gateway aprlGuid: 5b1933a6-90e4-f642-a01f-e58594e5aab2 @@ -128,8 +134,12 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/vpn-gateway/about-zone-redundant-vnet-gateways" + - name: Zone redundant Virtual network gateway in availability zone + url: https://learn.microsoft.com/azure/vpn-gateway/about-zone-redundant-vnet-gateways + - name: Gateway SKU + url: https://learn.microsoft.com/azure/vpn-gateway/about-zone-redundant-vnet-gateways#gwskus + - name: SLA summary for Azure services + url: https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1 - description: Plan for Active-Active mode aprlGuid: 281a2713-c0e0-3c48-b596-19f590c46671 @@ -147,8 +157,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/vpn-gateway/active-active-portal#gateway" + - name: Active-active VPN gateway + url: https://learn.microsoft.com/azure/vpn-gateway/active-active-portal#gateway + - name: Gateway SKU + url: https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsku - description: Deploy active-active VPN concentrators on your premises for maximum resiliency aprlGuid: af11fc4c-c06c-4f4c-b98d-6eee6d5c4c70 @@ -166,8 +178,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-highlyavailable#dual-redundancy-active-active-vpn-gateways-for-both-azure-and-on-premises-networks" + - name: Dual-redundancy: active-active VPN gateways for both Azure and on-premises networks + url: https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-highlyavailable#dual-redundancy-active-active-vpn-gateways-for-both-azure-and-on-premises-networks - description: Monitor connections and gateway health aprlGuid: 9eab120e-f6d3-ee49-ba0d-766562ce7df1 @@ -185,8 +197,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/vpn-gateway/monitor-vpn-gateway-reference" + - name: VPN gateway data reference + url: https://learn.microsoft.com/azure/vpn-gateway/monitor-vpn-gateway-reference - description: Enable service health aprlGuid: 9186dae0-7ddc-8f4b-bea5-55538cea4893 @@ -204,8 +216,10 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/azure-monitor/essentials/metrics-getting-started" + - name: Getting started with Azure Metrics Explorer + url: https://learn.microsoft.com/azure/azure-monitor/essentials/metrics-getting-started + - name: Monitor VPN gateway + url: https://learn.microsoft.com/azure/vpn-gateway/monitor-vpn-gateway-reference#metrics - description: Deploy zone-redundant VPN Gateways with zone-redundant Public IP(s) aprlGuid: 4bae5a28-5cf4-40d9-bcf1-623d28f6d917 @@ -223,5 +237,6 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/vpn-gateway/about-zone-redundant-vnet-gateways" + - name: About zone-redundant virtual network gateway in Azure availability zones + url: https://learn.microsoft.com/azure/vpn-gateway/about-zone-redundant-vnet-gateways + diff --git a/azure-resources/Network/virtualNetworks/recommendations.yaml b/azure-resources/Network/virtualNetworks/recommendations.yaml index 898d33c41..4dc311dab 100644 --- a/azure-resources/Network/virtualNetworks/recommendations.yaml +++ b/azure-resources/Network/virtualNetworks/recommendations.yaml @@ -1,4 +1,4 @@ -- description: All Subnets should have a Network Security Group associated +- description: All Subnets should have a Network Security Group associated aprlGuid: f0bf9ae6-25a5-974d-87d5-025abec73539 recommendationTypeId: null recommendationControl: Security @@ -14,8 +14,14 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/virtual-network/concepts-and-best-practices" + - name: Azure Virtual Network - Concepts and best practices | Microsoft Learn + url: https://learn.microsoft.com/azure/virtual-network/concepts-and-best-practices + - name: GatewaySUbnet + url: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub + - name: Can I associate a network security group (NSG) to the RouteServerSubnet? + url: https://learn.microsoft.com/en-us/azure/route-server/route-server-faq#can-i-associate-a-network-security-group-nsg-to-the-routeserversubnet + - name: Are Network Security Groups (NSGs) supported on the AzureFirewallSubnet? + url: https://learn.microsoft.com/en-us/azure/firewall/firewall-faq#are-network-security-groups--nsgs--supported-on-the-azurefirewallsubnet - description: Shield public endpoints in Azure VNets with Azure DDoS Standard Protection Plans aprlGuid: 69ea1185-19b7-de40-9da1-9e8493547a5c @@ -33,8 +39,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/architecture/framework/services/networking/azure-virtual-network/reliability" + - name: Reliability and Azure Virtual Network - Microsoft Azure Well-Architected Framework | Microsoft Learn + url: https://learn.microsoft.com/azure/architecture/framework/services/networking/azure-virtual-network/reliability - description: When available, use Private Endpoints instead of Service Endpoints for PaaS Services aprlGuid: 24ae3773-cc2c-3649-88de-c9788e25b463 @@ -52,5 +58,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/virtual-network/virtual-networks-faq" + - name: Azure Virtual Network FAQ | Microsoft Learn + url: https://learn.microsoft.com/azure/virtual-network/virtual-networks-faq + - name: Reliability and Network connectivity - Microsoft Azure Well-Architected Framework | Microsoft LearnNetworking Reliability + url: https://learn.microsoft.com/azure/architecture/framework/services/networking/network-connectivity/reliability + - name: Azure Private Link availability + url: https://learn.microsoft.com/en-us/azure/private-link/availability + diff --git a/azure-resources/NetworkFunction/azureTrafficCollectors/recommendations.yaml b/azure-resources/NetworkFunction/azureTrafficCollectors/recommendations.yaml index db5cc327b..d75ef716d 100644 --- a/azure-resources/NetworkFunction/azureTrafficCollectors/recommendations.yaml +++ b/azure-resources/NetworkFunction/azureTrafficCollectors/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Ensure ExpressRoute Traffic Collector is enabled and configured for ExpressRoute Direct circuits +- description: Ensure ExpressRoute Traffic Collector is enabled and configured for ExpressRoute Direct circuits aprlGuid: 1ceea4b5-1d8b-4be0-9bbe-9594557be51a recommendationTypeId: null recommendationControl: Monitoring and Alerting @@ -14,5 +14,6 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/expressroute/traffic-collector" + - name: Azure ExpressRoute Traffic Collector + url: https://learn.microsoft.com/en-us/azure/expressroute/traffic-collector + diff --git a/azure-resources/OperationalInsights/workspaces/recommendations.yaml b/azure-resources/OperationalInsights/workspaces/recommendations.yaml index ab7ee26d4..0b344bd0e 100644 --- a/azure-resources/OperationalInsights/workspaces/recommendations.yaml +++ b/azure-resources/OperationalInsights/workspaces/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Enable Log Analytics data export to GRS or GZRS +- description: Enable Log Analytics data export to GRS or GZRS aprlGuid: b36fd2ac-dd83-664a-ab48-ff7b8d3b189d recommendationTypeId: null recommendationControl: Governance @@ -14,8 +14,10 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/azure-monitor/logs/logs-data-export" + - name: Log Analytics workspace data export in Azure Monitor + url: https://learn.microsoft.com/azure/azure-monitor/logs/logs-data-export + - name: Azure Monitor configuration recommendations + url: https://learn.microsoft.com/azure/azure-monitor/best-practices-logs#configuration-recommendations - description: Create a health status alert rule for your Log Analytics workspace aprlGuid: 4b77191c-cc3c-8c4e-844b-0f56d0927890 @@ -33,8 +35,10 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/azure-monitor/logs/log-analytics-workspace-health" + - name: Monitor Log Analytics workspace health + url: https://learn.microsoft.com/azure/azure-monitor/logs/log-analytics-workspace-health + - name: Azure Monitor configuration recommendations + url: https://learn.microsoft.com/azure/azure-monitor/best-practices-logs#configuration-recommendations - description: Configure minimal logging and retention of logs aprlGuid: 7a0063ee-98a0-4634-823b-310a67f798cc @@ -52,5 +56,10 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-retention-archive?tabs=portal-1%2Cportal-2" + - name: Data retention and archive in Azure Monitor Logs + url: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-retention-archive?tabs=portal-1%2Cportal-2 + - name: Run search jobs in Azure Monitor + url: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/search-jobs?tabs=portal-1%2Cportal-2 + - name: Restore logs in Azure Monitor + url: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/restore?tabs=api-1 + diff --git a/azure-resources/RecoveryServices/vaults/recommendations.yaml b/azure-resources/RecoveryServices/vaults/recommendations.yaml index be3b2587d..3feaf352d 100644 --- a/azure-resources/RecoveryServices/vaults/recommendations.yaml +++ b/azure-resources/RecoveryServices/vaults/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Ensure static IP addresses configured in VM failover settings are available in the failover subnet +- description: Ensure static IP addresses configured in VM failover settings are available in the failover subnet aprlGuid: e93bb813-b356-48f3-9bdf-a06a0a6ba039 recommendationTypeId: null recommendationControl: Disaster Recovery @@ -14,8 +14,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/site-recovery/azure-to-azure-network-mapping#set-up-ip-addressing-for-target-vms" + - name: Setup network mapping for site recovery + url: https://learn.microsoft.com/en-us/azure/site-recovery/azure-to-azure-network-mapping#set-up-ip-addressing-for-target-vms - description: Validate VM functionality with a test failover to check performance at target aprlGuid: 17e877f7-3a89-4205-8a24-0670de54ddcd @@ -33,8 +33,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-dr-drill#run-a-test-failover" + - name: Run a test failover + url: https://learn.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-dr-drill#run-a-test-failover - description: Migrate from classic alerts to built-in Azure Monitor alerts for Azure Recovery Services Vaults aprlGuid: 2912472d-0198-4bdc-aa90-37f145790edc @@ -52,8 +52,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/backup/move-to-azure-monitor-alerts" + - name: Move to Azure monitor Alerts + url: https://learn.microsoft.com/azure/backup/move-to-azure-monitor-alerts + - name: Classic alerts retirement announcement + url: https://azure.microsoft.com/updates/transition-to-builtin-azure-monitor-alerts-for-recovery-services-vaults-in-azure-backup-by-31-march-2026/ - description: Opt-in to Cross Region Restore for all Geo-Redundant Storage (GRS) Azure Recovery Services vaults aprlGuid: 1549b91f-2ea0-4d4f-ba2a-4596becbe3de @@ -71,5 +73,12 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/backup/backup-create-recovery-services-vault#set-cross-region-restore" + - name: Set Cross Region Restore + url: https://learn.microsoft.com/azure/backup/backup-create-recovery-services-vault#set-cross-region-restore + - name: Azure Backup Best Practices + url: https://learn.microsoft.com/azure/backup/guidance-best-practices + - name: Minimum Role Requirements for Cross Region Restore + url: https://learn.microsoft.com/azure/backup/backup-rbac-rs-vault#minimum-role-requirements-for-azure-vm-backup + - name: Recovery Services Vault + url: https://learn.microsoft.com/azure/backup/backup-azure-arm-vms-prepare + diff --git a/azure-resources/Resources/resourceGroups/recommendations.yaml b/azure-resources/Resources/resourceGroups/recommendations.yaml index fa90f6f0a..2d9b99ae3 100644 --- a/azure-resources/Resources/resourceGroups/recommendations.yaml +++ b/azure-resources/Resources/resourceGroups/recommendations.yaml @@ -1,3 +1,24 @@ +- description: Subscriptions should not be placed under the Tenant Root Management Group + aprlGuid: 5ada5ffa-7149-4e49-9fbf-e67be7c2594c + recommendationTypeId: null + recommendationControl: Governance + recommendationImpact: Medium + recommendationResourceType: Microsoft.Resources/resourceGroups + recommendationMetadataState: Active + longDescription: | + The root management group in Azure is designed for organizational hierarchy, allowing for all management groups and subscriptions to fold into it. + potentialBenefits: Enhanced security, compliance, and management + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: arg + tags: null + learnMoreLink: + - name: Management group recommendations + url: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-management-groups#management-group-recommendations + - name: Root management group for each directory + url: https://learn.microsoft.com/en-us/azure/governance/management-groups/overview#root-management-group-for-each-directory + - description: Ensure Resource Group and its Resources are located in the same Region aprlGuid: 98bd7098-49d6-491b-86f1-b143d6b1a0ff recommendationTypeId: null @@ -14,5 +35,6 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/overview#resource-group-location-alignment" + - name: Azure Resource Manager Overview + url: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/overview#resource-group-location-alignment + diff --git a/azure-resources/ServiceBus/namespaces/recommendations.yaml b/azure-resources/ServiceBus/namespaces/recommendations.yaml index 8f88666d0..7dc5f0138 100644 --- a/azure-resources/ServiceBus/namespaces/recommendations.yaml +++ b/azure-resources/ServiceBus/namespaces/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Enable Availability Zones for Service Bus namespaces +- description: Enable Availability Zones for Service Bus namespaces aprlGuid: 20057905-262c-49fe-a9be-49f423afb359 recommendationTypeId: null recommendationControl: High Availability @@ -14,5 +14,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/well-architected/services/messaging/service-bus/reliability" + - name: Service Bus and reliability + url: https://learn.microsoft.com/en-us/azure/well-architected/services/messaging/service-bus/reliability + - name: Azure Service Bus Geo-disaster recovery + url: https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-geo-dr#availability-zones + - name: Insulate Azure Service Bus applications against outages and disasters + url: https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-outages-disasters + diff --git a/azure-resources/SignalRService/SignalR/recommendations.yaml b/azure-resources/SignalRService/SignalR/recommendations.yaml index 1ed9b7722..56e214579 100644 --- a/azure-resources/SignalRService/SignalR/recommendations.yaml +++ b/azure-resources/SignalRService/SignalR/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Enable zone redundancy for SignalR +- description: Enable zone redundancy for SignalR aprlGuid: 6a8b3db9-5773-413a-a127-4f7032f34bbd recommendationTypeId: null recommendationControl: High Availability @@ -14,5 +14,6 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/azure-signalr/availability-zones" + - name: Availability zones support in Azure SignalR Service + url: https://learn.microsoft.com/azure/azure-signalr/availability-zones + diff --git a/azure-resources/Sql/servers/recommendations.yaml b/azure-resources/Sql/servers/recommendations.yaml index 8d0ebfed2..4b594402a 100644 --- a/azure-resources/Sql/servers/recommendations.yaml +++ b/azure-resources/Sql/servers/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Use Active Geo Replication to Create a Readable Secondary in Another Region +- description: Use Active Geo Replication to Create a Readable Secondary in Another Region aprlGuid: 74c2491d-048b-0041-a140-935960220e20 recommendationTypeId: null recommendationControl: Disaster Recovery @@ -14,8 +14,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/azure-sql/database/active-geo-replication-overview" + - name: Active Geo Replication + url: https://learn.microsoft.com/en-us/azure/azure-sql/database/active-geo-replication-overview - description: Auto Failover Groups for apps should include all related databases for cohesion aprlGuid: 943c168a-2ec2-a94c-8015-85732a1b4859 @@ -33,8 +33,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/azure-sql/database/auto-failover-group-overview?tabs=azure-powershell" + - name: AutoFailover Groups + url: https://learn.microsoft.com/en-us/azure/azure-sql/database/auto-failover-group-overview?tabs=azure-powershell + - name: DR Design + url: https://learn.microsoft.com/en-us/azure/azure-sql/database/designing-cloud-solutions-for-disaster-recovery - description: Use a Zone-Redundant Database aprlGuid: c0085c32-84c0-c247-bfa9-e70977cbf108 @@ -52,8 +54,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/azure-sql/database/high-availability-sla" + - name: Zone Redundant Databases + url: https://learn.microsoft.com/en-us/azure/azure-sql/database/high-availability-sla - description: Implement Retry Logic aprlGuid: cbb17a29-64fb-c943-95d0-8df814a37c40 @@ -71,8 +73,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/azure-sql/database/troubleshoot-common-connectivity-issues" + - name: How to Implement Retry Logic + url: https://learn.microsoft.com/en-us/azure/azure-sql/database/troubleshoot-common-connectivity-issues - description: Monitor your Azure SQL Database in Near Real-Time to Detect Reliability Incidents aprlGuid: 7e7daec9-6a81-3546-a4cc-9aef72fec1f7 @@ -90,8 +92,12 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/azure-monitor/insights/azure-sql#analyze-data-and-create-alerts" + - name: Azure Monitor + url: https://learn.microsoft.com/en-us/azure/azure-monitor/insights/azure-sql#analyze-data-and-create-alerts + - name: Azure SQL Database Monitoring + url: https://learn.microsoft.com/en-us/azure/azure-sql/database/monitoring-sql-database-azure-monitor + - name: Monitoring SQL Database Reference + url: https://learn.microsoft.com/en-us/azure/azure-sql/database/monitoring-sql-database-azure-monitor-reference - description: Back Up Your Keys aprlGuid: d6ef87aa-574e-584e-a955-3e6bb8b5425b @@ -109,5 +115,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/key-vault/general/overview" + - name: Azure Key Vault + url: https://learn.microsoft.com/en-us/azure/key-vault/general/overview + - name: Getting Started with Always Encrypted + url: https://learn.microsoft.com/en-us/azure/azure-sql/database/always-encrypted-landing?view=azuresql + diff --git a/azure-resources/Storage/storageAccounts/recommendations.yaml b/azure-resources/Storage/storageAccounts/recommendations.yaml index d23b25881..a36de536e 100644 --- a/azure-resources/Storage/storageAccounts/recommendations.yaml +++ b/azure-resources/Storage/storageAccounts/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Ensure that storage accounts are zone or region redundant +- description: Ensure that storage accounts are zone or region redundant aprlGuid: e6c7e1cc-2f47-264d-aa50-1da421314472 recommendationTypeId: null recommendationControl: High Availability @@ -14,8 +14,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/storage/common/storage-redundancy" + - name: Azure Storage redundancy + url: https://learn.microsoft.com/azure/storage/common/storage-redundancy + - name: Change the redundancy configuration for a storage account + url: https://learn.microsoft.com/azure/storage/common/redundancy-migration - description: Do not use classic storage accounts aprlGuid: 63ad027e-611c-294b-acc5-8e3234db9a40 @@ -33,8 +35,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://azure.microsoft.com/updates/classic-azure-storage-accounts-will-be-retired-on-31-august-2024/" + - name: Azure classic storage accounts retirement announcement + url: https://azure.microsoft.com/updates/classic-azure-storage-accounts-will-be-retired-on-31-august-2024/ + - name: Migrate your classic storage accounts to Azure Resource Manager + url: https://learn.microsoft.com/azure/storage/common/classic-account-migration-overview - description: Ensure Performance tier is set as per workload aprlGuid: 5587ef77-7a05-a74d-9c6e-449547a12f27 @@ -52,8 +56,16 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/storage/common/storage-account-overview#types-of-storage-accounts" + - name: Types of storage accounts + url: https://learn.microsoft.com/azure/storage/common/storage-account-overview#types-of-storage-accounts + - name: Scalability and performance targets for standard storage accounts + url: https://learn.microsoft.com/azure/storage/common/scalability-targets-standard-account + - name: Performance and scalability checklist for Blob storage + url: https://learn.microsoft.com/azure/storage/blobs/storage-performance-checklist + - name: Scalability and performance targets for Blob storage + url: https://learn.microsoft.com/azure/storage/blobs/scalability-targets + - name: Premium block blob storage accounts + url: https://learn.microsoft.com/azure/storage/blobs/storage-blob-block-blob-premium - description: Enable soft delete for recovery of data aprlGuid: 03263c57-c869-3841-9e0a-3dbb9ef3e28d @@ -71,8 +83,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com//azure/storage/blobs/soft-delete-blob-enable?tabs=azure-portal " + - name: Soft delete detail docs + url: https://learn.microsoft.com//azure/storage/blobs/soft-delete-blob-enable?tabs=azure-portal - description: Enable versioning for accidental modification and keep the number of versions below 1000 aprlGuid: 8ebda7c0-e0e1-ed45-af59-2d7ea9a1c05d @@ -90,8 +102,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/storage/blobs/versioning-overview " + - name: Blob versioning + url: https://learn.microsoft.com/azure/storage/blobs/versioning-overview - description: Enable point-in-time restore for GPv2 accounts to safeguard against data loss aprlGuid: 1b965cb9-7629-214e-b682-6bf6e450a100 @@ -109,8 +121,10 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/storage/blobs/point-in-time-restore-overview" + - name: Point-in-time restore for block blobs + url: https://learn.microsoft.com/azure/storage/blobs/point-in-time-restore-overview + - name: Perform a point-in-time restore on block blob data + url: https://learn.microsoft.com/azure/storage/blobs/point-in-time-restore-manage?tabs=portal - description: Monitor all blob storage accounts aprlGuid: 96cb8331-6b06-8242-8ce8-4e2f665dc679 @@ -128,8 +142,10 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/storage/blobs/monitor-blob-storage" + - name: Monitor Azure Blob Storage + url: https://learn.microsoft.com/azure/storage/blobs/monitor-blob-storage + - name: Best practices for monitoring Azure Blob Storage + url: https://learn.microsoft.com/azure/storage/blobs/blob-storage-monitoring-scenarios - description: Consider upgrading legacy storage accounts to v2 storage accounts aprlGuid: 2ad78dec-5a4d-4a30-8fd1-8584335ad781 @@ -147,5 +163,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/storage/common/storage-account-overview#legacy-storage-account-types" + - name: Legacy storage account types + url: https://learn.microsoft.com/azure/storage/common/storage-account-overview#legacy-storage-account-types + - name: Upgrade to a general-purpose v2 storage account + url: https://learn.microsoft.com/azure/storage/common/storage-account-upgrade + diff --git a/azure-resources/Subscription/subscriptions/recommendations.yaml b/azure-resources/Subscription/subscriptions/recommendations.yaml index 6ab5122c0..61eb0011a 100644 --- a/azure-resources/Subscription/subscriptions/recommendations.yaml +++ b/azure-resources/Subscription/subscriptions/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Do not create more than 2000 Citrix VDA servers per subscription +- description: Do not create more than 2000 Citrix VDA servers per subscription aprlGuid: c041d596-6c97-4c5f-b4b3-9cd37628f2e2 recommendationTypeId: null recommendationControl: Governance @@ -14,5 +14,6 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://docs.citrix.com/en-us/citrix-daas-azure/limits" + - name: Citrix Limits + url: https://docs.citrix.com/en-us/citrix-daas-azure/limits + diff --git a/azure-resources/VirtualMachineImages/imageTemplates/recommendations.yaml b/azure-resources/VirtualMachineImages/imageTemplates/recommendations.yaml index a4049db47..d4656ec30 100644 --- a/azure-resources/VirtualMachineImages/imageTemplates/recommendations.yaml +++ b/azure-resources/VirtualMachineImages/imageTemplates/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Use Generation 2 virtual machine source image +- description: Use Generation 2 virtual machine source image aprlGuid: 19b6df57-f6b5-3e4f-843a-273daa087cb0 recommendationTypeId: null recommendationControl: High Availability @@ -14,8 +14,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/virtual-machines/generation-2#features-and-capabilities" + - name: Generation 1 vs generation 2 virtual machines + url: https://learn.microsoft.com/en-us/azure/virtual-machines/generation-2#features-and-capabilities - description: Replicate your Image Templates to a secondary region aprlGuid: 21fb841b-ba70-1f4e-a460-1f72fb41aa51 @@ -33,5 +33,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/reliability/reliability-image-builder?toc=%2Fazure%2Fvirtual-machines%2Ftoc.json&bc=%2Fazure%2Fvirtual-machines%2Fbreadcrumb%2Ftoc.json#capacity-and-proactive-disaster-recovery-resiliency" + - name: Image Template resiliency + url: https://learn.microsoft.com/en-us/azure/reliability/reliability-image-builder?toc=%2Fazure%2Fvirtual-machines%2Ftoc.json&bc=%2Fazure%2Fvirtual-machines%2Fbreadcrumb%2Ftoc.json#capacity-and-proactive-disaster-recovery-resiliency + - name: Azure Image Builder Supported Regions + url: https://learn.microsoft.com/en-us/azure/virtual-machines/image-builder-overview?tabs=azure-powershell#regions + diff --git a/azure-resources/Web/serverFarms/recommendations.yaml b/azure-resources/Web/serverFarms/recommendations.yaml index e9e34a6e3..606f9aa27 100644 --- a/azure-resources/Web/serverFarms/recommendations.yaml +++ b/azure-resources/Web/serverFarms/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Migrate App Service to availability Zone Support +- description: Migrate App Service to availability Zone Support aprlGuid: 88cb90c2-3b99-814b-9820-821a63f600dd recommendationTypeId: null recommendationControl: High Availability @@ -14,8 +14,10 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/reliability/migrate-app-service" + - name: Migrate App Service to availability zone support + url: https://learn.microsoft.com/en-us/azure/reliability/migrate-app-service + - name: High availability enterprise deployment using App Service Environment + url: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/enterprise-integration/ase-high-availability-deployment - description: Use Standard or Premium tier aprlGuid: b2113023-a553-2e41-9789-597e2fb54c31 @@ -33,8 +35,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/architecture/checklist/resiliency-per-service#app-service" + - name: Resiliency checklist for specific Azure services + url: https://learn.microsoft.com/en-us/azure/architecture/checklist/resiliency-per-service#app-service - description: Avoid scaling up or down aprlGuid: 07243659-4643-d44c-a1c6-07ac21635072 @@ -52,8 +54,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/architecture/checklist/resiliency-per-service#app-service" + - name: Resiliency checklist for specific Azure services + url: https://learn.microsoft.com/en-us/azure/architecture/checklist/resiliency-per-service#app-service - description: Create separate App Service plans for production and test aprlGuid: dbe3fd66-fb2a-9d46-b162-1791e21da236 @@ -71,8 +73,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/architecture/checklist/resiliency-per-service#app-service" + - name: Resiliency checklist for specific Azure services + url: https://learn.microsoft.com/en-us/azure/architecture/checklist/resiliency-per-service#app-service - description: Enable Autoscale/Automatic scaling to ensure adequate resources are available to service requests aprlGuid: 6320abf6-f917-1843-b2ae-4779c35985ae @@ -90,5 +92,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/app-service/manage-automatic-scaling?tabs=azure-portal" + - name: Automatic scaling in Azure App Service + url: https://learn.microsoft.com/en-us/azure/app-service/manage-automatic-scaling?tabs=azure-portal + - name: Auto Scale Web Apps + url: https://learn.microsoft.com/en-us/azure/azure-monitor/autoscale/autoscale-get-started + diff --git a/azure-resources/Web/sites/recommendations.yaml b/azure-resources/Web/sites/recommendations.yaml index 73042adb7..a55196e69 100644 --- a/azure-resources/Web/sites/recommendations.yaml +++ b/azure-resources/Web/sites/recommendations.yaml @@ -1,4 +1,4 @@ -- description: Enable diagnostics logging +- description: Enable diagnostics logging aprlGuid: 493f6079-3bb6-4a56-96ba-ab3248474cb1 recommendationTypeId: null recommendationControl: Monitoring and Alerting @@ -14,8 +14,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/app-service/troubleshoot-diagnostic-logs" + - name: Enable diagnostics logging for apps in Azure App Service + url: https://learn.microsoft.com/azure/app-service/troubleshoot-diagnostic-logs - description: Monitor Performance aprlGuid: a7e8bb3d-8ceb-442d-b26f-007cd63f9ffc @@ -33,8 +33,10 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/application-insights/app-insights-overview" + - name: Application Insights + url: https://learn.microsoft.com/azure/application-insights/app-insights-overview + - name: Application monitoring for Azure App Service + url: https://learn.microsoft.com/azure/azure-monitor/app/azure-web-apps - description: Separate web apps from web APIs aprlGuid: 78a5c033-ff51-4332-8a71-83464c34494b @@ -52,8 +54,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#app-service" + - name: Resiliency checklist for specific Azure services + url: https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#app-service - description: Create a separate storage account for logs aprlGuid: 3f9ddb59-0bb3-4acb-9c9b-99aa1776f0ab @@ -71,8 +73,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#app-service" + - name: Resiliency checklist + url: https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#app-service - description: Deploy to a staging slot aprlGuid: a1d91661-32d4-430b-b3b6-5adeb0975df7 @@ -90,8 +92,8 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/app-service-web/web-sites-staged-publishing" + - name: Set up staging environments in Azure App Service + url: https://learn.microsoft.com/azure/app-service-web/web-sites-staged-publishing - description: Store configuration as app settings aprlGuid: 0b80b67c-afbe-4988-ad58-a85a146b681e @@ -109,5 +111,6 @@ automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/app-service-web/web-sites-configure" + - name: Configure web apps in Azure App Service + url: https://learn.microsoft.com/azure/app-service-web/web-sites-configure + diff --git a/azure-specialized-workloads/hpc/recommendations-hpc.yaml b/azure-specialized-workloads/hpc/recommendations-hpc.yaml new file mode 100644 index 000000000..3e4a2a5de --- /dev/null +++ b/azure-specialized-workloads/hpc/recommendations-hpc.yaml @@ -0,0 +1,75 @@ +- description: Ensure File shares that stores jobs metadata are accessible from all head nodes + aprlGuid: 4c78fab4-845a-495d-ab14-3ad51de53a2a + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + Currently in all HPC Pack ARM templates we create the cluster share on one of the head node which is not highly available. + potentialBenefits: Enhances job metadata availability + pgVerified: Preview + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#hpc-pack-cluster-shares + +- description: Automatically grow and shrink HPC Pack cluster resources + aprlGuid: b02b5a0e-3770-44da-a099-5dd4d9f8cd70 + recommendationTypeId: null + recommendationControl: Scalability + recommendationImpact: Medium + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + By deploying Azure "burst" nodes (both Windows and Linux) in your HPC Pack cluster or creating your HPC Pack cluster in Azure, you can automatically grow or shrink the cluster's resources such as nodes or cores according to the workload on the cluster. + potentialBenefits: Efficient, uninterrupted execution + pgVerified: Preview + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-auto-grow-shrink?view=hpc19-ps + +- description: Use multiple head nodes for HPC Pack + aprlGuid: a48b1be6-77a3-4e3c-8205-dda2ba010a99 + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: Medium + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + Establish a cluster with a minimum of two head nodes. In the event of a head node failure, the active HPC Service will be automatically transferred from the affected head node to another functioning one. + potentialBenefits: Enhanced reliability for HPC + pgVerified: Preview + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#dealing-with-head-node-failure + +- description: Use HPC Pack Azure AD Integration or other highly available AD configuration + aprlGuid: 37eec891-7880-4759-b597-7cd925512fe3 + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + When HPC failed to connect to the Domain controller, admin and user will not be able to connect to the HPC Service thus not able to manage and submit jobs to the cluster. + potentialBenefits: Enhanced reliability & job management + pgVerified: Preview + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#dealing-with-ad-failure diff --git a/azure-specialized-workloads/sap/recommendations-sap.yaml b/azure-specialized-workloads/sap/recommendations-sap.yaml new file mode 100644 index 000000000..31582ee89 --- /dev/null +++ b/azure-specialized-workloads/sap/recommendations-sap.yaml @@ -0,0 +1,420 @@ +- description: Ensure that each SAP production system is designed for high availability across availability zones + aprlGuid: a9b649a5-2bfe-40ca-9b8f-34f9c71dfa12 + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + Azure Availability Zones are physically separate locations within each Azure region that are tolerant to local failures. Use availability zones to protect your applications and data against unlikely data center failures. Ensure each single point of failure of each SAP production system is protected with high availability using multiple availability zones. If you cannot deploy across different zones in a region, then refer to Microsoft guidance for High availability deployment options for SAP workload. + potentialBenefits: High availability for SAP systems + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: SAP ACSS Quality Insights + url: https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights + - name: OpenSource Inventory Checks + url: https://aka.ms/ACESInventoryCheckSAP + - name: OpenSource Quality Checks + url: https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck + - name: Move Regional SAP HA to Zonal + url: https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/Move-VM-from-AvSet-to-AvZone/Move-Regional-SAP-HA-To-Zonal-SAP-HA-WhitePaper + - name: High Availability Deployment Options for SAP + url: https://learn.microsoft.com/en-us/azure/sap/workloads/sap-high-availability-architecture-scenarios#high-availability-deployment-options-for-sap-workload + +- description: Run SAP application servers on two or more VMs using VMSS Flex + aprlGuid: 49bd34ab-d117-4b0e-99f8-34cc8a5394bc + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + Use Virtual Machines Scale Set (VMSS) with flexible orchestration to distribute the virtual machines across specified zones and within each zone to also distribute VMs across different fault domains within the zone on a best effort basis. Configure VMSS Flex following Microsoft recommendation for SAP workload using the right mode and correct settings. If you aren't currently using VMSS Flex for SAP application servers and also not using Availability Sets with Fault domain & Update domain distribution, then you should consider moving to VMSS Flex architecture to improve the resiliency posture of your SAP deployment. The following blog post in links below outlines the details on the process of migrating existing SAP workloads that are deployed in an availability set or availability zone to a flexible scale set with FD=1 deployment option. + potentialBenefits: Enhanced resiliency for SAP on Azure + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: OpenSource Inventory Checks + url: https://aka.ms/ACESInventoryCheckSAP + - name: Virtual machine Scale Set SAP Deployment Guide + url: https://learn.microsoft.com/en-us/azure/sap/workloads/virtual-machine-scale-set-sap-deployment-guide + - name: Considerations for Flexible VM Scale Sets for SAP + url: https://learn.microsoft.com/en-us/azure/sap/workloads/virtual-machine-scale-set-sap-deployment-guide?tabs=scaleset-cli#important-consideration-of-flexible-virtual-machine-scale-sets-for-sap-workload + - name: Migrate existing SAP system VMs to VMSS Flex + url: https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/how-to-easily-migrate-an-existing-sap-system-vms-to-flexible/ba-p/3833548 + +- description: If using single-instance VMs all OS and data disks must be Premium SSD or Ultra Disk + aprlGuid: b60ae773-9917-4bca-8a42-7cb45365a917 + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + For single-instance VMs, both OS and data disks must be either Premium SSD or Ultra Disk to achieve the single-instance SLA of 99.9% availability. + potentialBenefits: Higher SLA of 99.9% with SSDs + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: SAP ACSS Insights + url: https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights + - name: OpenSource Inventory Checks + url: https://aka.ms/ACESInventoryCheckSAP + - name: OpenSource Quality Checks + url: https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck + - name: VM SLA + url: https://www.azure.cn/en-us/support/sla/virtual-machines/ + - name: SAP Storage Planning Guide + url: https://learn.microsoft.com/en-us/azure/sap/workloads/planning-guide-storage + +- description: Ensure that the data is replicated synchronously (SYNC mode) between the primary and secondary database hosting VM nodes + aprlGuid: 094400a5-f112-408d-a334-afd68873ff0f + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + High availability for databases should be implemented using database native replication technologies and the data should be replicated synchronously that is in SYNC mode from primary database to a stand-by node. + potentialBenefits: Ensures high availability for SAP data + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: SAP ACSS Insights + url: https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights + - name: OpenSource Quality Checks + url: https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck + +- description: Ensure that SAP shared file systems are designed for high availability and when possible using availability zones + aprlGuid: e09ca960-20b7-4831-b85b-83ec84c1390e + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | +SAP shared file systems such as /sapmnt, /usr/trans, interfaces should be made highly available. +In case of Azure File Shares, we recommend that you use ZRS (Zone-redundant storage) and for Azure NetApp Files use Zonal replication for your volumes. + potentialBenefits: Enhanced data availability for SAP + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: OpenSource Inventory Checks + url: https://aka.ms/ACESInventoryCheckSAP + +- description: Test high availability solutions thoroughly to ensure fail overs work as expected + aprlGuid: 5663a808-56be-49ea-8d5c-c5dfc6925f76 + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | +Test all high availability solutions thoroughly (including kernel panic in Linux VMs and also fail-back). Include zonal failure scenarios in your testing, the testing should confirm that each layer of your SAP solution including database, central services, application servers and shared file systems is configured correctly for zone redundancy, the solution meets RPO = 0 and the application fails over automatically meeting your RTO. +The fail back can be either automatic or manual. + potentialBenefits: Ensures SAP Azure's failover reliability + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Test Cases + url: https://learn.microsoft.com/en-us/azure/sap/workloads/sap-hana-high-availability?tabs=lb-portal#test-the-cluster-setup + +- description: Remove unwanted location constraints from Linux Pacemaker clusters + aprlGuid: 1b8a3051-dfd4-4780-bfb7-446296774029 + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | +When executing a migrate command in a Linux Pacemaker cluster, the system generates a temporary "prefer" location constraint, aiming to move a resource to a specified node. This constraint prioritizes the target node for the resource temporarily without permanently altering the cluster�s configuration. + +During planned maintenances and fail over testing, you can leverage the migrate command for temporary resource relocation during maintenance or administrative tasks to ensure minimal disruption. This constraint is not permanent and does not survive reboots or cluster resets. It's designed for short-term adjustments. + +Once the planned task necessitating the resource migration is complete, manually remove the temporary constraint to revert to the cluster's original resource management policies. +This approach allows for controlled resource movement within the cluster, facilitating maintenance while preserving the integrity and efficiency of the cluster's configuration. + potentialBenefits: Enhanced maintenance and failover handling + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + + +- description: Secure compute resource capacity for critical VM roles in DR region + aprlGuid: 820b4c0c-8a74-442a-8ba7-b0cb840cd983 + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: Medium + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | +To ensure the availability of compute resources for critical VM roles in a DR region, consider securing capacity either through a warm standby approach or by utilizing Azure's On-demand Capacity Reservation. + +Warm standby involves keeping VMs in the DR region running. On-demand Capacity Reservation, on the other hand, reserves compute capacity without having to run the VMs, allowing you to start them when needed. When DR VMs are not needed, the reserved capacity may safely be used to run other workloads without the risk of losing the capacity to other customers. This strategy guarantees resource availability for your critical workloads in the event of a disaster, balancing cost and readiness. + potentialBenefits: Guarantees DR region availability + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Capacity Reservation + url: https://learn.microsoft.com/en-us/azure/virtual-machines/capacity-reservation-overview + +- description: Ensure that the production databases are replicated (ASYNC) to DR location using the database vendor's replication technology + aprlGuid: fb8bdcee-d88f-408d-8572-a76a4aaa733b + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + Replicate production databases (ASYNC) to the DR location using the database vendor�s replication technology. + potentialBenefits: Enhanced DR resilience + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: SAP Disaster Recovery Guide + url: https://learn.microsoft.com/en-us/azure/sap/workloads/disaster-recovery-sap-guide?tabs=windows + +- description: SAP components are backed up to DR location using an appropriate backup tool or ASR + aprlGuid: 41f0d88e-7866-4444-aac4-ef5fee3e6874 + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + SAP components such as (A)SCS, application servers, WebDispatchers, etc are backed up to DR location using an appropriate backup tool or ASR. + potentialBenefits: Ensures SAP data safety & recovery + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: SAP ACSS Insights + url: https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights + - name: OpenSource Inventory Checks + url: https://aka.ms/ACESInventoryCheckSAP + +- description: SAP shared files systems are replicated or backed up to DR location + aprlGuid: ee4dc309-00a1-49fe-92fa-1724baf5f103 + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + Implementing robust monitoring and alerting for DR in SAP on Azure ensures coverage across its complex, multi-layer architecture. This strategy is crucial for databases, services, applications, and shared systems. + potentialBenefits: Enhances SAP DR oversight + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: DR Guidance + url: https://learn.microsoft.com/en-us/azure/sap/workloads/disaster-recovery-sap-guide?tabs=windows + +- description: Automate DR infrastructure build or pre-deploy DR resources + aprlGuid: 0fabc52e-cdbb-4acd-8626-c4c637061e2d + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: Medium + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + Automate the build of disaster recovery (DR) infrastructure (or pre-deploy DR resources) and streamline SAP service recovery as much as possible. + potentialBenefits: Faster SAP recovery, reduced downtime + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + + +- description: Document and test DR procedure ensure it meets RPO and RTO targets + aprlGuid: c300e949-528d-4ac9-889b-cacf8b4a6e90 + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: Medium + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | +Create detailed documentation of your DR procedures for each layer of the SAP architecture-database, central services, application servers, and shared file systems. This documentation should include configuration details, failover mechanisms, and step-by-step recovery procedures. + +Test a wide range of failure scenarios, including regional outages. Testing should confirm that your DR strategy is robust, meets your RPO and RTO targets, and provides seamless failover across all layers of the SAP architecture. This will ensure a comprehensive and resilient DR strategy capable of withstanding regional failures and ensuring business continuity. + potentialBenefits: Ensures robust DR, meets RPO/RTO + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + +- description: Ensure there is a robust monitoring and alerting solution in place for the entire DR solution + aprlGuid: c27134b7-6917-4852-8276-3dbef5c71578 + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: Medium + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + For an SAP solution hosted on Azure it is imperative to implement a robust monitoring and alerting solution that comprehensively covers DR of each layer of the SAP architecture. Given the complexity of SAP systems, which span multiple layers using diverse technologies and Azure resources, each with potentially distinct DR replication mechanisms, an appropriate monitoring strategy is crucial. The different layers include database, central services, application, and shared file systems. + potentialBenefits: Improved DR oversight & rapid issue response + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + + +- description: Configure scheduled events notification + aprlGuid: 6b589ce6-c847-4cee-af35-f6e8eb1cf983 + recommendationTypeId: null + recommendationControl: Monitoring and Alerting + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | +Scheduled events is an Azure Metadata Services that provides proactive notifications about upcoming maintenance events (for example, reboot) so that your application can prepare for them and limit disruption. You should configure scheduled events for all your critical Azure VMs. + + +Resource agent azure-events-az can also integrate with Pacemaker clusters. + +To ensure high availability and service continuity in your Azure VMs, you should configure the azure-events-az resource agent within your Pacemaker clusters. This agent monitors for scheduled Azure maintenance events and can proactively relocate resources for a graceful node shutdown. Configure the agent to monitor specific event types such as Reboot and Redeploy, and enable verbose logging for detailed diagnostics. + + + +In addition, it is also important that you define a procedure on how to react to scheduled events. + potentialBenefits: Proactive maintenance awareness + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: VM Scheduled Events + url: https://learn.microsoft.com/en-us/azure/virtual-machines/linux/scheduled-events + - name: Configure Pacemaker for Azure Scheduled Events + url: https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker?tabs=msi#configure-pacemaker-for-azure-scheduled-events + +- description: ASCS-Pacemaker (Central Server Instance) Ensure Pacemaker cluster has been setup for SAP ASCS high availability + aprlGuid: 9d8f6678-694c-4da4-8384-415201f65194 + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + For the ASCS-Pacemaker (Central Server Instance), ensure that the Pacemaker cluster configuration parameters are correctly set up for SAP ASCS high availability. + potentialBenefits: Enhances SAP ASCS uptime + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: SAP ACSS Insights + url: https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights + - name: OpenSource Quality Checks + url: https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck + - name: ASCS-Pacemaker - Central Server Instance + url: https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations + +- description: ASCS-LB (Central Server Instance) Ensure the load balancer is configured correctly for SAP ASCS High availability + aprlGuid: 5c2e52d0-25be-4b1c-833c-b98b5ef1a26b + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + For the ASCS-LB (Central Server Instance), ensure that the load balancer is configured correctly for SAP ASCS high availability. + potentialBenefits: Enhanced HA for SAP ASCS + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: SAP ACSS Insights + url: https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights + - name: OpenSource Quality Checks + url: https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck + - name: ASCS-LB - Central Server Instance + url: https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations + +- description: DBHANA-Pacemaker (Database Instance) Ensure the Pacemaker cluster has been setup for SAP HANA DB high availability + aprlGuid: 6648fe61-880d-4a96-8d2d-190a23d5580b + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + For the DBHANA-Pacemaker (Database Instance), ensure that the Pacemaker cluster configuration parameters are correctly set up for SAP HANA DB high availability. + potentialBenefits: Enhances SAP HANA DB uptime + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: SAP ACSS Insights + url: https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights + - name: OpenSource Quality Checks + url: https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck + - name: DBHANA-Pacemaker - Database Instance + url: https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations + +- description: DBHANA-LB (Database Instance) Ensure the load balancer is configured correctly for SAP HANA DB High availability + aprlGuid: 2e4c2171-a83f-4238-a8e3-b51c90d86a99 + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + For the DBHANA-LB (Database Instance), make sure the load balancer is configured correctly for SAP HANA DB high availability. + potentialBenefits: Enhanced DB availability + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: SAP ACSS Insights + url: https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights + - name: OpenSource Quality Checks + url: https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck + - name: DBHANA-LB- Database Instance + url: https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations + diff --git a/azure-waf/define/recommendations.yaml b/azure-waf/define/recommendations.yaml index fc5aaf8e0..734dbc35c 100644 --- a/azure-waf/define/recommendations.yaml +++ b/azure-waf/define/recommendations.yaml @@ -1,6 +1,6 @@ -- description: Define and share Availability Targets with all teams for workload consistency +- description: Define and share Availability Targets with all teams for workload consistency aprlGuid: 0c8a12dd-52fb-cf40-bb4a-b60f99409bab - recommendationTypeId: + recommendationTypeId: null recommendationControl: High Availability recommendationImpact: High recommendationResourceType: WellArchitected/Define @@ -12,14 +12,16 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: No - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/well-architected/resiliency/business-metrics#workload-availability-targets" + - name: Use business metrics to design resilient Azure applications + url: https://learn.microsoft.com/azure/well-architected/resiliency/business-metrics#workload-availability-targets + - name: Target functional and nonfunctional requirements + url: https://learn.microsoft.com/azure/well-architected/resiliency/design-requirements - description: Ensure the Recovery Targets are well defined and communicated across teams working on the Workload aprlGuid: a43ab756-5b33-2345-8743-3daee911a1ae - recommendationTypeId: + recommendationTypeId: null recommendationControl: Disaster Recovery recommendationImpact: High recommendationResourceType: WellArchitected/Define @@ -31,7 +33,8 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: No - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/well-architected/resiliency/design-requirements" + - name: Target functional and nonfunctional requirements + url: https://learn.microsoft.com/azure/well-architected/resiliency/design-requirements + diff --git a/azure-waf/deploy/recommendations.yaml b/azure-waf/deploy/recommendations.yaml index 2c75901bd..3bbc6cca2 100644 --- a/azure-waf/deploy/recommendations.yaml +++ b/azure-waf/deploy/recommendations.yaml @@ -1,6 +1,6 @@ -- description: Avoid manual configuration to enforce consistency with Infrastructure as code +- description: Avoid manual configuration to enforce consistency with Infrastructure as code aprlGuid: 6bf9e5d5-fe57-c647-8daa-4903770e1302 - recommendationTypeId: + recommendationTypeId: null recommendationControl: Automation recommendationImpact: Medium recommendationResourceType: WellArchitected/Deploy @@ -12,14 +12,14 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: No - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/devops/deliver/what-is-infrastructure-as-code#avoid-manual-configuration-to-enforce-consistency" + - name: Avoid manual configuration to enforce consistency + url: https://learn.microsoft.com/devops/deliver/what-is-infrastructure-as-code#avoid-manual-configuration-to-enforce-consistency - description: Validated all changes in development environments before applying them to production aprlGuid: e42e646c-7d67-dd4b-96dc-16a3439fa030 - recommendationTypeId: + recommendationTypeId: null recommendationControl: Automation recommendationImpact: Medium recommendationResourceType: WellArchitected/Deploy @@ -31,7 +31,8 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: No - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/devops/operate/safe-deployment-practices" + - name: Safe deployment practices + url: https://learn.microsoft.com/devops/operate/safe-deployment-practices + diff --git a/azure-waf/design/recommendations.yaml b/azure-waf/design/recommendations.yaml index 8a1fc2827..8a9acc2f8 100644 --- a/azure-waf/design/recommendations.yaml +++ b/azure-waf/design/recommendations.yaml @@ -1,6 +1,6 @@ -- description: Consider deploying your application across multiple zones +- description: Consider deploying your application across multiple zones aprlGuid: 063d7237-5f68-5d42-b3d1-43144b3630b5 - recommendationTypeId: + recommendationTypeId: null recommendationControl: High Availability recommendationImpact: High recommendationResourceType: WellArchitected/Design @@ -12,14 +12,14 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: No - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/reliability/availability-zones-overview#availability-zones" + - name: Use Availability Zones + url: https://learn.microsoft.com/azure/reliability/availability-zones-overview#availability-zones - description: Consider deploying your application across multiple regions aprlGuid: 8a497b6d-d065-0d43-a7d9-e3f8eebfe0f4 - recommendationTypeId: + recommendationTypeId: null recommendationControl: Disaster Recovery recommendationImpact: High recommendationResourceType: WellArchitected/Design @@ -31,14 +31,16 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: No - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/well-architected/resiliency/app-design" + - name: Design reliable Azure applications + url: https://learn.microsoft.com/azure/well-architected/resiliency/app-design + - name: Cross-region replication in Azure: Business continuity and disaster recovery + url: https://learn.microsoft.com/azure/reliability/cross-region-replication-azure - description: Ensure that all fault-points and fault-modes are understood and operationalized aprlGuid: 99ebe682-6306-6446-bfc7-cf6610ebfa02 - recommendationTypeId: + recommendationTypeId: null recommendationControl: High Availability recommendationImpact: High recommendationResourceType: WellArchitected/Design @@ -50,14 +52,14 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: No - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/architecture/resiliency/failure-mode-analysis" + - name: Failure mode analysis for Azure applications + url: https://learn.microsoft.com/azure/architecture/resiliency/failure-mode-analysis - description: Use PaaS Azure services instead of IaaS aprlGuid: 097651d8-6e62-314a-9299-a0234ffd190e - recommendationTypeId: + recommendationTypeId: null recommendationControl: Scalability recommendationImpact: Medium recommendationResourceType: WellArchitected/Design @@ -69,14 +71,14 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: No - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/architecture/guide/design-principles/managed-services" + - name: Use platform as a service (PaaS) options + url: https://learn.microsoft.com/azure/architecture/guide/design-principles/managed-services - description: Design the application to scale out aprlGuid: 7f4c76d7-f9d4-d643-ab73-4d8f27fd7ed9 - recommendationTypeId: + recommendationTypeId: null recommendationControl: Scalability recommendationImpact: High recommendationResourceType: WellArchitected/Design @@ -88,14 +90,14 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: No - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/architecture/guide/design-principles/scale-out" + - name: Design to scale out + url: https://learn.microsoft.com/azure/architecture/guide/design-principles/scale-out - description: Create a landing zone for the workload following the Microsoft Cloud Adoption Framework aprlGuid: 6132a11a-3ea0-e64c-877b-f01ca1de79d4 - recommendationTypeId: + recommendationTypeId: null recommendationControl: Governance recommendationImpact: Low recommendationResourceType: WellArchitected/Design @@ -107,14 +109,14 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: No - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/well-architected/security/design-governance-landing-zone" + - name: Azure landing zone integration + url: https://learn.microsoft.com/azure/well-architected/security/design-governance-landing-zone - description: Design a BCDR strategy that will help to meet the business requirements aprlGuid: b09061cb-d536-1347-9957-390c2d0cfa3d - recommendationTypeId: + recommendationTypeId: null recommendationControl: Disaster Recovery recommendationImpact: High recommendationResourceType: WellArchitected/Design @@ -126,14 +128,14 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: No - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/well-architected/resiliency/backup-and-recovery" + - name: Backup and disaster recovery for Azure applications + url: https://learn.microsoft.com/azure/well-architected/resiliency/backup-and-recovery - description: Provide security assurance through identity management aprlGuid: 835e616d-78e6-7f4c-a48b-6f80382a48cf - recommendationTypeId: + recommendationTypeId: null recommendationControl: Security recommendationImpact: Medium recommendationResourceType: WellArchitected/Design @@ -145,14 +147,14 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: No - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/well-architected/security/design-identity" + - name: Azure identity and access management considerations + url: https://learn.microsoft.com/azure/well-architected/security/design-identity - description: Addressing security risks minimizes downtime and data loss from exposures aprlGuid: c5d8f87e-45ef-1644-a4aa-95ec08b88109 - recommendationTypeId: + recommendationTypeId: null recommendationControl: Security recommendationImpact: High recommendationResourceType: WellArchitected/Design @@ -164,7 +166,8 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: No - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/well-architected/security/security-principles" + - name: Security design principles + url: https://learn.microsoft.com/azure/well-architected/security/security-principles + diff --git a/azure-waf/monitor/recommendations.yaml b/azure-waf/monitor/recommendations.yaml index c42d1ab25..a6f3e4921 100644 --- a/azure-waf/monitor/recommendations.yaml +++ b/azure-waf/monitor/recommendations.yaml @@ -1,6 +1,6 @@ -- description: Make sure your application's health is being monitored +- description: Make sure your application's health is being monitored aprlGuid: 46fb4540-ecac-6e49-bc10-34c7792eb35d - recommendationTypeId: + recommendationTypeId: null recommendationControl: Monitoring and Alerting recommendationImpact: Medium recommendationResourceType: WellArchitected/Monitor @@ -12,14 +12,14 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: No - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/well-architected/resiliency/monitoring" + - name: Monitoring application health for reliability + url: https://learn.microsoft.com/azure/well-architected/resiliency/monitoring - description: Define a health model based on performance, availability, and recovery targets aprlGuid: 5dd7a9a3-fb79-004d-bc89-c9ef79890900 - recommendationTypeId: + recommendationTypeId: null recommendationControl: Monitoring and Alerting recommendationImpact: Low recommendationResourceType: WellArchitected/Monitor @@ -31,14 +31,14 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: No - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/well-architected/resiliency/monitor-model" + - name: Health modeling for reliability + url: https://learn.microsoft.com/azure/well-architected/resiliency/monitor-model - description: Create Dashboards and Alerts for Azure Platform resources aprlGuid: 1691bfea-c9fd-0948-969a-03e5abcab299 - recommendationTypeId: + recommendationTypeId: null recommendationControl: Monitoring and Alerting recommendationImpact: Low recommendationResourceType: WellArchitected/Monitor @@ -50,14 +50,14 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: No - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/azure-monitor/visualize/workbooks-templates" + - name: Azure Workbooks templates + url: https://learn.microsoft.com/azure/azure-monitor/visualize/workbooks-templates - description: Ensure that the right people in your organization will be notified about any future service issues aprlGuid: 1422b388-5d23-5641-ba1c-139a59fb7b4c - recommendationTypeId: + recommendationTypeId: null recommendationControl: Monitoring and Alerting recommendationImpact: Medium recommendationResourceType: WellArchitected/Monitor @@ -69,14 +69,14 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: No - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/service-health/alerts-activity-log-service-notifications-portal#create-a-service-health-alert-using-the-azure-portal" + - name: Create a Service Health alert using the Azure portal + url: https://learn.microsoft.com/azure/service-health/alerts-activity-log-service-notifications-portal#create-a-service-health-alert-using-the-azure-portal - description: Utilize built-in Resilience policies aprlGuid: 2af4f8c2-bafc-4808-88df-0af009a019b5 - recommendationTypeId: + recommendationTypeId: null recommendationControl: Governance recommendationImpact: Medium recommendationResourceType: WellArchitected/Monitor @@ -88,7 +88,10 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: No - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://github.com/Azure/azure-policy/tree/master/built-in-policies/policyDefinitions/Resilience" + - name: Built-in Resilience policy definitions + url: https://github.com/Azure/azure-policy/tree/master/built-in-policies/policyDefinitions/Resilience + - name: Get policy compliance data + url: https://learn.microsoft.com/azure/governance/policy/how-to/get-compliance-data + diff --git a/azure-waf/respond/recommendations.yaml b/azure-waf/respond/recommendations.yaml index db2dc9669..01e685f8a 100644 --- a/azure-waf/respond/recommendations.yaml +++ b/azure-waf/respond/recommendations.yaml @@ -1,6 +1,6 @@ -- description: Implement proactive Incident Response +- description: Implement proactive Incident Response aprlGuid: daf605e4-d3fd-fc42-819a-e3ec084ffda6 - recommendationTypeId: + recommendationTypeId: null recommendationControl: Disaster Recovery recommendationImpact: High recommendationResourceType: WellArchitected/Respond @@ -12,7 +12,10 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: No - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/training/modules/improve-reliability-incidents/2-importance" + - name: Importance of incident response + url: https://learn.microsoft.com/training/modules/improve-reliability-incidents/2-importance + - name: Incident tracking + url: https://learn.microsoft.com/training/modules/improve-reliability-incidents/5-tracking + diff --git a/azure-waf/test/recommendations.yaml b/azure-waf/test/recommendations.yaml index f880fd323..ae2ea91d4 100644 --- a/azure-waf/test/recommendations.yaml +++ b/azure-waf/test/recommendations.yaml @@ -1,6 +1,6 @@ -- description: Test your applications for availability and resiliency +- description: Test your applications for availability and resiliency aprlGuid: 28a8ce6f-1b47-c243-bafb-208f4422fe7a - recommendationTypeId: + recommendationTypeId: null recommendationControl: High Availability recommendationImpact: High recommendationResourceType: n/a @@ -12,14 +12,14 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: No - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/well-architected/resiliency/testing" + - name: Testing applications for availability and resiliency + url: https://learn.microsoft.com/azure/well-architected/resiliency/testing - description: Consider building logic into your workload to handle errors aprlGuid: 155dda00-c264-1b45-8ac0-d6f68178844f - recommendationTypeId: + recommendationTypeId: null recommendationControl: High Availability recommendationImpact: High recommendationResourceType: n/a @@ -31,14 +31,14 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: No - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/well-architected/resiliency/app-design-error-handling" + - name: Error handling for resilient applications in Azure + url: https://learn.microsoft.com/azure/well-architected/resiliency/app-design-error-handling - description: Perform disaster recovery tests regularly aprlGuid: 1b612a06-28dc-e64e-9057-17467e57764a - recommendationTypeId: + recommendationTypeId: null recommendationControl: Disaster Recovery recommendationImpact: High recommendationResourceType: n/a @@ -50,14 +50,14 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: No - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/well-architected/resiliency/backup-and-recovery" + - name: Backup and disaster recovery for Azure applications + url: https://learn.microsoft.com/azure/well-architected/resiliency/backup-and-recovery - description: Use chaos engineering to test Azure applications aprlGuid: e10f11a5-9c5b-6c4c-a684-4d9f4063127a - recommendationTypeId: + recommendationTypeId: null recommendationControl: High Availability recommendationImpact: Medium recommendationResourceType: n/a @@ -69,14 +69,14 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: No - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/azure/well-architected/resiliency/chaos-engineering" + - name: Use chaos engineering to test Azure applications + url: https://learn.microsoft.com/azure/well-architected/resiliency/chaos-engineering - description: Test application fault resiliency aprlGuid: c8ba80d4-20d9-456f-a2bd-8e6d488d8ff9 - recommendationTypeId: + recommendationTypeId: null recommendationControl: High Availability recommendationImpact: High recommendationResourceType: n/a @@ -88,7 +88,8 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: No - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/azure-sql/database/high-availability-sla?view=azuresql&tabs=azure-powershell#testing-application-fault-resiliency" + - name: Test application fault resiliency + url: https://learn.microsoft.com/en-us/azure/azure-sql/database/high-availability-sla?view=azuresql&tabs=azure-powershell#testing-application-fault-resiliency + From 7df7d06608439f3fc51fc6b14c8bd43b93cd3310 Mon Sep 17 00:00:00 2001 From: "Rodrigo Reis Santos (AZURE)" Date: Wed, 10 Apr 2024 04:09:49 -0400 Subject: [PATCH 02/11] updating learn more links --- .../AVS/privateClouds/recommendations.yaml | 138 ++--- .../service/recommendations.yaml | 30 +- .../automationAccounts/recommendations.yaml | 10 +- .../Batch/batchAccounts/recommendations.yaml | 12 +- .../Cache/Redis/recommendations.yaml | 6 +- .../Cdn/profiles/recommendations.yaml | 118 ++--- .../Compute/galleries/recommendations.yaml | 30 +- .../recommendations.yaml | 82 +-- .../virtualMachines/recommendations.yaml | 200 +++---- .../registries/recommendations.yaml | 76 +-- .../managedClusters/recommendations.yaml | 240 ++++----- .../flexibleServers/recommendations.yaml | 12 +- .../flexibleServers/recommendations.yaml | 12 +- .../workspaces/recommendations.yaml | 196 +++---- .../hostPools/recommendations.yaml | 212 ++++---- .../Devices/IotHubs/recommendations.yaml | 48 +- .../databaseAccounts/recommendations.yaml | 62 +-- .../EventGrid/topics/recommendations.yaml | 18 +- .../EventHub/namespaces/recommendations.yaml | 12 +- .../activityLogAlerts/recommendations.yaml | 24 +- .../Insights/components/recommendations.yaml | 6 +- .../KeyVault/vaults/recommendations.yaml | 30 +- .../netAppAccounts/recommendations.yaml | 92 ++-- .../recommendations.yaml | 38 +- .../applicationGateways/recommendations.yaml | 98 ++-- .../azureFirewalls/recommendations.yaml | 48 +- .../Network/connections/recommendations.yaml | 12 +- .../ddosProtectionPlans/recommendations.yaml | 6 +- .../expressRouteCircuits/recommendations.yaml | 54 +- .../expressRoutePorts/recommendations.yaml | 18 +- .../loadBalancers/recommendations.yaml | 28 +- .../recommendations.yaml | 30 +- .../networkWatchers/recommendations.yaml | 12 +- .../privateDnsZones/recommendations.yaml | 18 +- .../privateEndpoints/recommendations.yaml | 6 +- .../publicIPAddresses/recommendations.yaml | 30 +- .../Network/routeTables/recommendations.yaml | 12 +- .../recommendations.yaml | 36 +- .../recommendations.yaml | 100 ++-- .../virtualNetworks/recommendations.yaml | 38 +- .../recommendations.yaml | 6 +- .../workspaces/recommendations.yaml | 34 +- .../vaults/recommendations.yaml | 40 +- .../resourceGroups/recommendations.yaml | 16 +- .../namespaces/recommendations.yaml | 14 +- .../SignalR/recommendations.yaml | 6 +- .../Sql/servers/recommendations.yaml | 52 +- .../storageAccounts/recommendations.yaml | 84 +-- .../subscriptions/recommendations.yaml | 6 +- .../imageTemplates/recommendations.yaml | 16 +- .../Web/serverFarms/recommendations.yaml | 38 +- .../Web/sites/recommendations.yaml | 40 +- .../recommendations.yaml | 497 ++++++++++++++++++ azure-waf/define/recommendations.yaml | 16 +- azure-waf/deploy/recommendations.yaml | 12 +- azure-waf/design/recommendations.yaml | 58 +- azure-waf/monitor/recommendations.yaml | 34 +- azure-waf/respond/recommendations.yaml | 10 +- azure-waf/test/recommendations.yaml | 30 +- 59 files changed, 1878 insertions(+), 1381 deletions(-) create mode 100644 azure-specialized-workloads/recommendations.yaml diff --git a/azure-resources/AVS/privateClouds/recommendations.yaml b/azure-resources/AVS/privateClouds/recommendations.yaml index 3efc8c780..ec3a22166 100644 --- a/azure-resources/AVS/privateClouds/recommendations.yaml +++ b/azure-resources/AVS/privateClouds/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Ensure Azure Service Health notifications are set for Azure VMware Solution across all used regions and subscriptions. This communicates service/security issues and maintenance activities like host replacements and upgrades, reducing service request submissions. - potentialBenefits: Prompt mitigation of issues. + potentialBenefits Prompt mitigation of issues. pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/azure-vmware/eslz-management-and-monitoring#design-recommendations + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/azure-vmware/eslz-management-and-monitoring#design-recommendations" - description: Monitor when Azure VMware Solution Private Cloud is reaching the capacity limit aprlGuid: 29d7a115-dfb6-4df1-9205-04824109548f @@ -26,15 +26,15 @@ recommendationMetadataState: Active longDescription: | Set an alert for when the node count in Azure VMware Solution Private Cloud hits or exceeds 90 hosts, enabling timely planning for a new private cloud. - potentialBenefits: Proactive capacity planning + potentialBenefits Proactive capacity planning pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Configure and streamline alerts - url: https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#configure-and-streamline-alerts + - name: Configure and streamline alerts + url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#configure-and-streamline-alerts" - description: Monitor when Azure VMware Solution Cluster Size is approaching the host limit aprlGuid: f86355e3-de7c-4dad-8080-1b0b411e66c8 @@ -45,15 +45,15 @@ recommendationMetadataState: Active longDescription: | Alert when the cluster size reaches 14 hosts. Set up periodic alerts for planning new clusters or datastores due to growth, especially from storage needs. Beyond 14 hosts, trigger alerts for each new host addition for proactive resource monitoring. - potentialBenefits: Proactive resource management + potentialBenefits Proactive resource management pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#configure-and-streamline-alerts + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#configure-and-streamline-alerts" - description: Use the AVS Interconnect feature to connect private clouds in different availability zones aprlGuid: 726abfe3-adae-4a6d-8eb8-4b27a7214ca1 @@ -64,15 +64,15 @@ recommendationMetadataState: Active longDescription: | Use the Interconnect feature for direct communication between private clouds in different availability zones, enabling connectivity between the private clouds management and workload networks. - potentialBenefits: Enhanced private cloud connectivity + potentialBenefits Enhanced private cloud connectivity pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Connect Private Clouds in the same region - url: https://learn.microsoft.com/en-us/azure/azure-vmware/connect-multiple-private-clouds-same-region + - name: Connect Private Clouds in the same region + url: "https://learn.microsoft.com/en-us/azure/azure-vmware/connect-multiple-private-clouds-same-region" - description: Integrate LDAPS Identity with dual sources for enhanced NSX and vCenter security aprlGuid: c2794660-ffd7-4da3-96ba-5d546b70b1c6 @@ -83,17 +83,17 @@ recommendationMetadataState: Active longDescription: | Ensure two external identity sources are configured for NSX and vCenter Server. The VMware vCenter Server and NSX Manager use these for authentication with external identities. - potentialBenefits: Continuous login access during maintenances + potentialBenefits Continuous login access during maintenances pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Set an external identity source for vCenter - url: https://learn.microsoft.com/en-us/azure/azure-vmware/configure-identity-source-vcenter - - name: Set an external identity for NSX-T - url: https://learn.microsoft.com/en-us/azure/azure-vmware/configure-external-identity-source-nsx-t + - name: Set an external identity source for vCenter + url: "https://learn.microsoft.com/en-us/azure/azure-vmware/configure-identity-source-vcenter" + - name: Set an external identity for NSX-T + url: "https://learn.microsoft.com/en-us/azure/azure-vmware/configure-external-identity-source-nsx-t" - description: Use HCX Network Extension High Availability aprlGuid: bce16eee-0933-4baa-ab4d-8d1bb5653fc2 @@ -104,17 +104,17 @@ recommendationMetadataState: Active longDescription: | Enable Network Extension High Availability for appliance failure tolerance in HCX service. It pairs selected appliances for Active Standby configuration, ensuring high availability and quick recovery, keeping configurations in-service despite failures. - potentialBenefits: Improves HCX service continuity + potentialBenefits Improves HCX service continuity pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: HCX Network extension high availability - url: https://learn.microsoft.com/en-us/azure/azure-vmware/configure-hcx-network-extension-high-availability - - name: Understanding Network Extension High Availability - url: https://docs.vmware.com/en/VMware-HCX/4.8/hcx-user-guide/GUID-E1353511-697A-44B0-82A0-852DB55F97D7.html + - name: HCX Network extension high availability + url: "https://learn.microsoft.com/en-us/azure/azure-vmware/configure-hcx-network-extension-high-availability" + - name: Understanding Network Extension High Availability + url: "https://docs.vmware.com/en/VMware-HCX/4.8/hcx-user-guide/GUID-E1353511-697A-44B0-82A0-852DB55F97D7.html" - description: Verify Management Networks are not extended with HCX Network Extension aprlGuid: 6be9a543-cf82-4926-82ea-7e1f1ffaad80 @@ -125,15 +125,15 @@ recommendationMetadataState: Active longDescription: | Do not extend the network used by the HCX Management devices to ensure the network's security and stability. - potentialBenefits: Enhanced network safety & performance + potentialBenefits Enhanced network safety & performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Requirements for Network Extension - url: https://docs.vmware.com/en/VMware-HCX/4.8/hcx-user-guide/GUID-0C746416-850E-46F7-85DD-4D4326A23785.html + - name: Requirements for Network Extension + url: "https://docs.vmware.com/en/VMware-HCX/4.8/hcx-user-guide/GUID-0C746416-850E-46F7-85DD-4D4326A23785.html" - description: Enable Stretched Clusters for Multi-AZ Availability of the vSAN Datastore aprlGuid: 9ec5b4c8-3dd8-473a-86ee-3273290331b9 @@ -144,17 +144,17 @@ recommendationMetadataState: Active longDescription: | For Azure VMware Solution, enabling Stretched Clusters offers 99.99% SLA, synchronous storage replication (RPO=0), and spreads vSAN datastore across two AZs. Must be done at initial setup, needing double quota due to extension across AZs. - potentialBenefits: 99.99% SLA, 0 RPO, Multi-AZ + potentialBenefits 99.99% SLA, 0 RPO, Multi-AZ pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/infrastructure#implement-high-availability - - name: Stretched Clusters - url: https://learn.microsoft.com/en-us/azure/azure-vmware/deploy-vsan-stretched-clusters + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/infrastructure#implement-high-availability" + - name: Stretched Clusters + url: "https://learn.microsoft.com/en-us/azure/azure-vmware/deploy-vsan-stretched-clusters" - description: Verify vSAN FTT configuration aligns with the cluster size aprlGuid: 0943aa90-e3db-4c61-aef1-782b6a6a3881 @@ -165,17 +165,17 @@ recommendationMetadataState: Active longDescription: | The Azure VMware Solution's service SLA is influenced by vSAN storage policies, which change based on cluster size. For clusters over 6 hosts, an FTT-2 policy (RAID-1 or RAID-6) is advised. FTT refers to the Fault Tolerance feature. - potentialBenefits: Enhanced cluster reliability + potentialBenefits Enhanced cluster reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Use fault domains - url: https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/application-platform#use-fault-domains - - name: Configure storage policy - url: https://learn.microsoft.com/en-us/azure/azure-vmware/configure-storage-policy + - name: Use fault domains + url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/application-platform#use-fault-domains" + - name: Configure storage policy + url: "https://learn.microsoft.com/en-us/azure/azure-vmware/configure-storage-policy" - description: Configure Azure Monitor Alert warning thresholds for vSAN datastore utilization aprlGuid: 4232eb32-3241-4049-9e14-9b8005817b56 @@ -186,15 +186,15 @@ recommendationMetadataState: Active longDescription: | Ensure VMware vSAN datastore slack space is maintained for SLA by monitoring storage utilization and setting alerts at 70% and 75% utilization to allow for capacity planning. To expand, add hosts or external storage like Azure Elastic SAN, Azure NetApp Files, if CPU and RAM requirements are met. - potentialBenefits: Optimized capacity planning for vSAN + potentialBenefits Optimized capacity planning for vSAN pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/azure-vmware/configure-alerts-for-azure-vmware-solution#supported-metrics-and-activities + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/azure-vmware/configure-alerts-for-azure-vmware-solution#supported-metrics-and-activities" - description: Configure Syslog in Diagnostic Settings for Azure VMware Solution aprlGuid: fa4ab927-bced-429a-971a-53350de7f14b @@ -205,15 +205,15 @@ recommendationMetadataState: Active longDescription: | Ensure Diagnostic Settings are configured for each private cloud to send syslogs to external sources for analysis and/or archiving. Azure VMware Solution Syslogs contain data for troubleshooting and performance, aiding quicker issue resolution and early detection of issues. - potentialBenefits: Faster issue resolution, early detection + potentialBenefits Faster issue resolution, early detection pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#manage-logs-and-archives + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#manage-logs-and-archives" - description: Monitor CPU Utilization to ensure sufficient resources for workloads aprlGuid: 4ee5d535-c47b-470a-9557-4a3dd297d62f @@ -224,15 +224,15 @@ recommendationMetadataState: Active longDescription: | Ensure sufficient compute resources to avoid host resource exhaustion in Azure VMware Solution, which utilizes vSphere DRS and HA for dynamic workload resource management. However, sustained CPU utilization over 95% may increase CPU Ready times, impacting workloads. - potentialBenefits: Avoids resource exhaustion, optimizes performance + potentialBenefits Avoids resource exhaustion, optimizes performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#configure-and-streamline-alerts + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#configure-and-streamline-alerts" - description: Monitor Memory Utilization to ensure sufficient resources for workloads aprlGuid: 029208c8-5186-4a76-8ee8-6e3445fef4dd @@ -243,15 +243,15 @@ recommendationMetadataState: Active longDescription: | Ensure sufficient memory resources to prevent host resource exhaustion in Azure VMware Solution. It uses vSphere DRS and vSphere HA for dynamic workload management. Yet, continuous memory use over 95% leads to disk swapping, affecting workloads. - potentialBenefits: Avoids host exhaustion & swapping + potentialBenefits Avoids host exhaustion & swapping pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#configure-and-streamline-alerts + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#configure-and-streamline-alerts" - description: Apply Resource delete lock on the resource group hosting the private cloud aprlGuid: a5ef7c05-c611-4842-9af5-11efdc99123a @@ -262,15 +262,15 @@ recommendationMetadataState: Active longDescription: | Applying a resource delete lock to the Azure VMware Solution Private Cloud resource group prevents unauthorized or accidental deletion by anyone with contributor access, ensuring the protection and reliability of the Azure VMware Solution Private Cloud. - potentialBenefits: Prevents accidental deletion + potentialBenefits Prevents accidental deletion pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Lock your resources to protect your infrastructure - url: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources + - name: Lock your resources to protect your infrastructure + url: "https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources" - description: Align ExpressRoute configuration with best practices for circuit resilience aprlGuid: 6f573d60-be93-4f18-8016-42e923e3c05e @@ -281,17 +281,17 @@ recommendationMetadataState: Active longDescription: | Microsoft suggests using two or more ExpressRoute circuits at distinct peering locations for critical workloads. Connect these circuits and your Azure VMware Solutions private clouds using Global Reach. - potentialBenefits: Enhanced circuit resilience for Azure VMware + potentialBenefits Enhanced circuit resilience for Azure VMware pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: APRL guidance for ExpressRoute circuits - url: https://azure.github.io/Azure-Proactive-Resiliency-Library/services/networking/expressroute-circuits - - name: Create a new ExpressRoute circuit - url: https://learn.microsoft.com/azure/expressroute/expressroute-howto-circuit-portal-resource-manager?pivots=expressroute-preview#create-a-new-expressroute-circuit-preview + - name: APRL guidance for ExpressRoute circuits + url: "https://azure.github.io/Azure-Proactive-Resiliency-Library/services/networking/expressroute-circuits" + - name: Create a new ExpressRoute circuit + url: "https://learn.microsoft.com/azure/expressroute/expressroute-howto-circuit-portal-resource-manager?pivots=expressroute-preview#create-a-new-expressroute-circuit-preview" - description: Deploy dual Azure VMware Solution clouds in different regions for disaster recovery aprlGuid: bdac462a-2eda-4a67-887d-46d58f141afe @@ -302,17 +302,17 @@ recommendationMetadataState: Active longDescription: | Two Azure VMware Solution private clouds can be deployed in different regions for business continuity, implementing a mesh network topology based on ExpressRoute Gateway Connections and Global Reach Connections. - potentialBenefits: Enhanced disaster recovery + potentialBenefits Enhanced disaster recovery pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Private Clouds in two regions - url: https://learn.microsoft.com/en-us/azure/azure-vmware/move-azure-vmware-solution-across-regions - - name: Dual Region Network Topology - url: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/azure-vmware/eslz-dual-region-network-topology + - name: Private Clouds in two regions + url: "https://learn.microsoft.com/en-us/azure/azure-vmware/move-azure-vmware-solution-across-regions" + - name: Dual Region Network Topology + url: "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/azure-vmware/eslz-dual-region-network-topology" - description: Deploy two or more circuits in different peering locations when using stretched clusters aprlGuid: 91c84596-1c41-48fe-8d5e-3f817e6a273b @@ -323,15 +323,15 @@ recommendationMetadataState: Active longDescription: | Azure VMware Solution vSAN stretched clusters cover 2 Availability Zones plus a third for witness. Use ExpressRoute for added resilience by deploying two circuits in different locations. With Global Reach, create a mesh topology by connecting on-premises circuits to Azure's managed circuits. - potentialBenefits: Enhanced resilience & connectivity + potentialBenefits Enhanced resilience & connectivity pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Deploy vSAN streched cluster - url: https://learn.microsoft.com/en-us/azure/azure-vmware/deploy-vsan-stretched-clusters#deploy-a-stretched-cluster-private-cloud + - name: Deploy vSAN streched cluster + url: "https://learn.microsoft.com/en-us/azure/azure-vmware/deploy-vsan-stretched-clusters#deploy-a-stretched-cluster-private-cloud" - description: Use key autorotation for vSAN datastore customer-managed keys aprlGuid: e0ac2f57-c8c0-4b8c-a7c8-19e5797828b5 @@ -342,15 +342,15 @@ recommendationMetadataState: Active longDescription: | When using customer-managed keys for encrypting vSAN datastores, leveraging Azure Key Vault for central management and accessing them via a managed identity linked to the private cloud is advised. The expiration of these keys can render the vSAN datastore and its associated workloads inaccessible. - potentialBenefits: Avoid outages with key auto-rotation + potentialBenefits Avoid outages with key auto-rotation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Configure Customer Managed Keys - url: https://learn.microsoft.com/en-us/azure/azure-vmware/configure-customer-managed-keys?tabs=azure-portal + - name: Configure Customer Managed Keys + url: "https://learn.microsoft.com/en-us/azure/azure-vmware/configure-customer-managed-keys?tabs=azure-portal" - description: Use multiple DNS servers per private FQDN zone aprlGuid: fcc2e257-23af-4c68-aac8-9cc03033c939 @@ -361,13 +361,13 @@ recommendationMetadataState: Active longDescription: | Azure VMware Solution private clouds support up to three DNS servers for a single FQDN, preventing a single DNS server from becoming a point of failure. It's crucial to use multiple DNS servers for on-premises FQDN resolution from each private cloud. - potentialBenefits: Enhances reliability & avoids failure + potentialBenefits Enhances reliability & avoids failure pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Configure DNS forwarder - url: https://learn.microsoft.com/en-us/azure/azure-vmware/configure-dns-azure-vmware-solution#configure-dns-forwarder + - name: Configure DNS forwarder + url: "https://learn.microsoft.com/en-us/azure/azure-vmware/configure-dns-azure-vmware-solution#configure-dns-forwarder" diff --git a/azure-resources/ApiManagement/service/recommendations.yaml b/azure-resources/ApiManagement/service/recommendations.yaml index e645e0c3a..68ad59dde 100644 --- a/azure-resources/ApiManagement/service/recommendations.yaml +++ b/azure-resources/ApiManagement/service/recommendations.yaml @@ -7,17 +7,17 @@ recommendationMetadataState: Active longDescription: | Upgrading the API Management instance to the Premium SKU adds support for Availability Zones, enhancing availability and resilience by distributing services across physically separate locations within Azure regions. - potentialBenefits: Enhanced availability & resilience + potentialBenefits Enhanced availability & resilience pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Change your API Management service tier - url: https://learn.microsoft.com/en-us/azure/api-management/upgrade-and-scale#change-your-api-management-service-tier - - name: Migrate Azure API Management to availability zone support - url: https://learn.microsoft.com/en-us/azure/reliability/migrate-api-mgt + - name: Change your API Management service tier + url: "https://learn.microsoft.com/en-us/azure/api-management/upgrade-and-scale#change-your-api-management-service-tier" + - name: Migrate Azure API Management to availability zone support + url: "https://learn.microsoft.com/en-us/azure/reliability/migrate-api-mgt" - description: Enable Availability Zones on Premium API Management instances aprlGuid: 740f2c1c-8857-4648-80eb-47d2c56d5a50 @@ -28,17 +28,17 @@ recommendationMetadataState: Active longDescription: | Zone redundancy for APIM instances ensures the gateway and control plane (Management API, developer portal, Git configuration) are replicated across datacenters in physically separated zones, boosting resilience to zone failures. - potentialBenefits: Improved resilience to zone failures + potentialBenefits Improved resilience to zone failures pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Ensure API Management availability and reliability - url: https://learn.microsoft.com/en-us/azure/api-management/high-availability#availability-zones - - name: Migrate Azure API Management to availability zone support - url: https://learn.microsoft.com/en-us/azure/reliability/migrate-api-mgt + - name: Ensure API Management availability and reliability + url: "https://learn.microsoft.com/en-us/azure/api-management/high-availability#availability-zones" + - name: Migrate Azure API Management to availability zone support + url: "https://learn.microsoft.com/en-us/azure/reliability/migrate-api-mgt" - description: Upgrade to platform version stv2 aprlGuid: e35cf148-8eee-49d1-a1c9-956160f99e0b @@ -49,15 +49,15 @@ recommendationMetadataState: Active longDescription: | Upgrading to API Management stv2 is required as stv1 retires on 31 Aug 2024, offering enhanced capabilities with the new platform version. - potentialBenefits: Ensures service continuity + potentialBenefits Ensures service continuity pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure API Management - stv1 platform retirement (August 2024) - url: https://learn.microsoft.com/en-us/azure/api-management/breaking-changes/stv1-platform-retirement-august-2024 - - name: Azure API Management compute platform - url: https://learn.microsoft.com/en-us/azure/api-management/compute-infrastructure + - name: Azure API Management - stv1 platform retirement (August 2024) + url: "https://learn.microsoft.com/en-us/azure/api-management/breaking-changes/stv1-platform-retirement-august-2024" + - name: Azure API Management compute platform + url: "https://learn.microsoft.com/en-us/azure/api-management/compute-infrastructure" diff --git a/azure-resources/Automation/automationAccounts/recommendations.yaml b/azure-resources/Automation/automationAccounts/recommendations.yaml index 6bcbc0d29..87c5b823d 100644 --- a/azure-resources/Automation/automationAccounts/recommendations.yaml +++ b/azure-resources/Automation/automationAccounts/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Set up disaster recovery for Automation accounts and resources like Modules, Connections, Credentials, Certificates, Variables, and Schedules to deal with region or zone failures. A replica Automation account should be ready in a secondary region for failover. - potentialBenefits: Ensures continuity during outages + potentialBenefits Ensures continuity during outages pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Disaster recovery for Automation accounts - url: https://learn.microsoft.com/en-us/azure/automation/automation-disaster-recovery?tabs=win-hrw%2Cps-script%2Coption-one - - name: Disaster recovery scenarios for cloud and hybrid jobs - url: https://learn.microsoft.com/en-us/azure/automation/automation-disaster-recovery?tabs=win-hrw%2Cps-script%2Coption-one#scenarios-for-cloud-and-hybrid-jobs + - name: Disaster recovery for Automation accounts + url: "https://learn.microsoft.com/en-us/azure/automation/automation-disaster-recovery?tabs=win-hrw%2Cps-script%2Coption-one" + - name: Disaster recovery scenarios for cloud and hybrid jobs + url: "https://learn.microsoft.com/en-us/azure/automation/automation-disaster-recovery?tabs=win-hrw%2Cps-script%2Coption-one#scenarios-for-cloud-and-hybrid-jobs" diff --git a/azure-resources/Batch/batchAccounts/recommendations.yaml b/azure-resources/Batch/batchAccounts/recommendations.yaml index bb3776f76..545165065 100644 --- a/azure-resources/Batch/batchAccounts/recommendations.yaml +++ b/azure-resources/Batch/batchAccounts/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | To ensure cross-region disaster recovery and business continuity, set the right quotas for all Batch accounts to allocate necessary core numbers upfront, preventing execution interruptions from reaching quota limits. - potentialBenefits: Ensures business continuity + potentialBenefits Ensures business continuity pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/azure/reliability/reliability-batch#cross-region-disaster-recovery-and-business-continuity + - name: Learn More + url: "https://learn.microsoft.com/azure/reliability/reliability-batch#cross-region-disaster-recovery-and-business-continuity" - description: Create an Azure Batch pool across Availability Zones aprlGuid: 71cfab8f-d588-4742-b175-b6e07ae48dbd @@ -26,13 +26,13 @@ recommendationMetadataState: Active longDescription: | When using Virtual Machine Configuration for Azure Batch pools, opting to distribute your pool across Availability Zones bolsters your compute nodes against Azure datacenter failures. - potentialBenefits: Enhanced reliability & failure protection + potentialBenefits Enhanced reliability & failure protection pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/azure/batch/create-pool-availability-zones + - name: Learn More + url: "https://learn.microsoft.com/azure/batch/create-pool-availability-zones" diff --git a/azure-resources/Cache/Redis/recommendations.yaml b/azure-resources/Cache/Redis/recommendations.yaml index 35d7abff4..9e57f4ac1 100644 --- a/azure-resources/Cache/Redis/recommendations.yaml +++ b/azure-resources/Cache/Redis/recommendations.yaml @@ -7,13 +7,13 @@ recommendationMetadataState: Active longDescription: | Azure Cache for Redis offers zone redundancy in Premium and Enterprise tiers, using VMs across multiple Availability Zones to ensure greater resilience and availability. - potentialBenefits: Higher resilience & availability + potentialBenefits Higher resilience & availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Enable zone redundancy for Azure Cache for Redis - url: https://learn.microsoft.com/azure/azure-cache-for-redis/cache-how-to-zone-redundancy + - name: Enable zone redundancy for Azure Cache for Redis + url: "https://learn.microsoft.com/azure/azure-cache-for-redis/cache-how-to-zone-redundancy" diff --git a/azure-resources/Cdn/profiles/recommendations.yaml b/azure-resources/Cdn/profiles/recommendations.yaml index d42141865..cecc36a05 100644 --- a/azure-resources/Cdn/profiles/recommendations.yaml +++ b/azure-resources/Cdn/profiles/recommendations.yaml @@ -7,21 +7,21 @@ recommendationMetadataState: Active longDescription: | For most solutions, choose either Azure Front Door for content caching, CDN, TLS termination, and WAF, or Traffic Manager for simple global load balancing. - potentialBenefits: Optimized network routing and security + potentialBenefits Optimized network routing and security pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Load Balancing Options - url: https://learn.microsoft.com/azure/architecture/guide/technology-choices/load-balancing-overview - - name: Azure Traffic Manager - url: https://learn.microsoft.com/azure/traffic-manager/traffic-manager-overview - - name: Azure Front Door - url: https://learn.microsoft.com/azure/frontdoor/front-door-overview - - name: Mission-critical global content delivery - url: https://learn.microsoft.com/en-us/azure/architecture/guide/networking/global-web-applications/mission-critical-content-delivery + - name: Azure Load Balancing Options + url: "https://learn.microsoft.com/azure/architecture/guide/technology-choices/load-balancing-overview" + - name: Azure Traffic Manager + url: "https://learn.microsoft.com/azure/traffic-manager/traffic-manager-overview" + - name: Azure Front Door + url: "https://learn.microsoft.com/azure/frontdoor/front-door-overview" + - name: Mission-critical global content delivery + url: "https://learn.microsoft.com/en-us/azure/architecture/guide/networking/global-web-applications/mission-critical-content-delivery" - description: Restrict traffic to your origins aprlGuid: 6c40b7ae-2bea-5748-be1a-9e9e3b834649 @@ -32,15 +32,15 @@ recommendationMetadataState: Active longDescription: | Front Door's features perform optimally when traffic exclusively comes through Front Door. It's advised to set up your origin to deny access to traffic that bypasses Front Door. - potentialBenefits: Enhances security & performance + potentialBenefits Enhances security & performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Secure traffic to Azure Front Door origins - url: https://learn.microsoft.com/azure/frontdoor/origin-security?tabs=app-service-functions&pivots=front-door-standard-premium + - name: Secure traffic to Azure Front Door origins + url: "https://learn.microsoft.com/azure/frontdoor/origin-security?tabs=app-service-functions&pivots=front-door-standard-premium" - description: Use the latest API version and SDK version aprlGuid: 52bc9a7b-23c8-bc4c-9d2a-7bc43b50104a @@ -51,19 +51,19 @@ recommendationMetadataState: Active longDescription: | When working with Azure Front Door through APIs, ARM templates, Bicep, or SDKs, using the latest API or SDK version is crucial. Updates bring new functions, important security patches, and bug fixes. - potentialBenefits: Enhanced security & features + potentialBenefits Enhanced security & features pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: REST API Reference - url: https://learn.microsoft.com/rest/api/frontdoor/ - - name: Client library for Java - url: https://learn.microsoft.com/java/api/overview/azure/resourcemanager-frontdoor-readme?view=azure-java-preview - - name: SDK for Python - url: https://learn.microsoft.com/python/api/overview/azure/front-door?view=azure-python + - name: REST API Reference + url: "https://learn.microsoft.com/rest/api/frontdoor/" + - name: Client library for Java + url: "https://learn.microsoft.com/java/api/overview/azure/resourcemanager-frontdoor-readme?view=azure-java-preview" + - name: SDK for Python + url: "https://learn.microsoft.com/python/api/overview/azure/front-door?view=azure-python" - description: Configure logs aprlGuid: 1ad74c3c-e3d7-0046-b83f-a2199974ef15 @@ -74,19 +74,19 @@ recommendationMetadataState: Active longDescription: | Front Door logs offer comprehensive telemetry on each request, crucial for understanding your solution's performance and responses, especially when caching is enabled, as origin servers might not receive every request. - potentialBenefits: Enhanced insights and solution monitoring + potentialBenefits Enhanced insights and solution monitoring pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Monitor metrics and logs in Azure Front Door - url: https://learn.microsoft.com/azure/frontdoor/front-door-diagnostics?pivots=front-door-standard-premium - - name: WAF logs - url: https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-monitor?pivots=front-door-standard-premium#waf-logs - - name: Configure Azure Front Door logs - url: https://learn.microsoft.com/azure/frontdoor/standard-premium/how-to-logs + - name: Monitor metrics and logs in Azure Front Door + url: "https://learn.microsoft.com/azure/frontdoor/front-door-diagnostics?pivots=front-door-standard-premium" + - name: WAF logs + url: "https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-monitor?pivots=front-door-standard-premium#waf-logs" + - name: Configure Azure Front Door logs + url: "https://learn.microsoft.com/azure/frontdoor/standard-premium/how-to-logs" - description: Use end-to-end TLS aprlGuid: d9bd6780-0d6f-cd4c-bc66-8ddcab12f3d1 @@ -97,15 +97,15 @@ recommendationMetadataState: Active longDescription: | Front Door terminates TCP and TLS connections from clients and establishes new connections from each PoP to the origin. Securing these connections with TLS, even for Azure-hosted origins, ensures data is always encrypted during transit. - potentialBenefits: Ensures data encryption in transit + potentialBenefits Ensures data encryption in transit pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: End-to-end TLS with Azure Front Door - url: https://learn.microsoft.com/azure/frontdoor/end-to-end-tls?pivots=front-door-standard-premium + - name: End-to-end TLS with Azure Front Door + url: "https://learn.microsoft.com/azure/frontdoor/end-to-end-tls?pivots=front-door-standard-premium" - description: Use HTTP to HTTPS redirection aprlGuid: 24ab9f11-a3e4-3043-a985-22cf94c4933a @@ -116,15 +116,15 @@ recommendationMetadataState: Active longDescription: | Using HTTPS is ideal for secure connections. However, for compatibility with older clients, HTTP requests may be necessary. Azure Front Door enables auto redirection of HTTP to HTTPS, enhancing security without sacrificing accessibility. - potentialBenefits: Enhances security and compliance + potentialBenefits Enhances security and compliance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Create HTTP to HTTPS redirect rule - url: https://learn.microsoft.com/azure/frontdoor/front-door-how-to-redirect-https#create-http-to-https-redirect-rule + - name: Create HTTP to HTTPS redirect rule + url: "https://learn.microsoft.com/azure/frontdoor/front-door-how-to-redirect-https#create-http-to-https-redirect-rule" - description: Use managed TLS certificates aprlGuid: 29d65c41-2fad-d142-95eb-9eab95f6c0a5 @@ -135,15 +135,15 @@ recommendationMetadataState: Active longDescription: | When Front Door manages your TLS certificates, it reduces your operational costs and helps you to avoid costly outages caused by forgetting to renew a certificate. Front Door automatically issues and rotates the managed TLS certificates. - potentialBenefits: Lowers costs, avoids outages + potentialBenefits Lowers costs, avoids outages pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Configure HTTPS on an Azure Front Door custom domain using the Azure portal - url: https://learn.microsoft.com/azure/frontdoor/standard-premium/how-to-configure-https-custom-domain?tabs=powershell + - name: Configure HTTPS on an Azure Front Door custom domain using the Azure portal + url: "https://learn.microsoft.com/azure/frontdoor/standard-premium/how-to-configure-https-custom-domain?tabs=powershell" - description: Use latest version for customer-managed certificates aprlGuid: 4638c2c0-03de-6d42-9e09-82ee4478cbf3 @@ -154,15 +154,15 @@ recommendationMetadataState: Active longDescription: | If you use your own TLS certificates, set the Key Vault certificate version to 'Latest' to avoid reconfiguring Azure Front Door for new certificate versions and waiting for deployment across Front Door's environments. - potentialBenefits: Saves time & automates TLS updates + potentialBenefits Saves time & automates TLS updates pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Select the certificate for Azure Front Door to deploy - url: https://learn.microsoft.com/azure/frontdoor/standard-premium/how-to-configure-https-custom-domain?tabs=powershell#select-the-certificate-for-azure-front-door-to-deploy + - name: Select the certificate for Azure Front Door to deploy + url: "https://learn.microsoft.com/azure/frontdoor/standard-premium/how-to-configure-https-custom-domain?tabs=powershell#select-the-certificate-for-azure-front-door-to-deploy" - description: Use the same domain name on Front Door and your origin aprlGuid: cd6a32af-747a-e649-82a7-a98f528ca842 @@ -173,15 +173,15 @@ recommendationMetadataState: Active longDescription: | Front Door can rewrite Host headers for custom domain names routing to a single origin, useful for avoiding custom domain configuration at both Front Door and the origin. - potentialBenefits: Improves session/auth handling + potentialBenefits Improves session/auth handling pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Preserve the original HTTP host name between a reverse proxy and its back-end web application - url: https://learn.microsoft.com/azure/architecture/best-practices/host-name-preservation + - name: Preserve the original HTTP host name between a reverse proxy and its back-end web application + url: "https://learn.microsoft.com/azure/architecture/best-practices/host-name-preservation" - description: Enable the WAF aprlGuid: 1bd2b7e8-400f-e64a-99a2-c572f7b08a62 @@ -192,15 +192,15 @@ recommendationMetadataState: Active longDescription: | For internet-facing applications, enabling the Front Door web application firewall (WAF) and configuring it to use managed rules is recommended for protection against a wide range of attacks using Microsoft-managed rules. - potentialBenefits: Enhances web app security + potentialBenefits Enhances web app security pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: https://learn.microsoft.com/azure/frontdoor/web-application-firewall - url: https://learn.microsoft.com/azure/frontdoor/web-application-firewall + - name: https://learn.microsoft.com/azure/frontdoor/web-application-firewall + url: "https://learn.microsoft.com/azure/frontdoor/web-application-firewall" - description: Disable health probes when there is only one origin in an origin group aprlGuid: 38f3d542-6de6-a44b-86c6-97e3be690281 @@ -211,15 +211,15 @@ recommendationMetadataState: Active longDescription: | Front Door health probes help detect unavailable or unhealthy origins, directing traffic to alternate origins if needed. - potentialBenefits: Reduces unnecessary origin traffic + potentialBenefits Reduces unnecessary origin traffic pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Health probes - url: https://learn.microsoft.com/azure/frontdoor/health-probes + - name: Health probes + url: "https://learn.microsoft.com/azure/frontdoor/health-probes" - description: Select good health probe endpoints aprlGuid: 5225bba3-28ec-1e43-8986-7eedfd466d65 @@ -230,15 +230,15 @@ recommendationMetadataState: Active longDescription: | Consider selecting a webpage or location specifically designed for health monitoring as the endpoint for Azure Front Door's health probes. This should encompass the status of critical components like application servers, databases, and caches to serve production traffic efficiently. - potentialBenefits: Improves traffic routing & uptime + potentialBenefits Improves traffic routing & uptime pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Health Endpoint Monitoring pattern - url: https://learn.microsoft.com/azure/architecture/patterns/health-endpoint-monitoring + - name: Health Endpoint Monitoring pattern + url: "https://learn.microsoft.com/azure/architecture/patterns/health-endpoint-monitoring" - description: Use HEAD health probes aprlGuid: 5783defe-b49e-d947-84f7-d8677593f324 @@ -249,15 +249,15 @@ recommendationMetadataState: Active longDescription: | Health probes in Azure Front Door can use GET or HEAD HTTP methods. Using the HEAD method for health probes is a recommended practice because it reduces the traffic load on your origins, being less resource-intensive. - potentialBenefits: Reduces traffic load on origins + potentialBenefits Reduces traffic load on origins pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Supported HTTP methods for health probes - url: https://learn.microsoft.com/azure/frontdoor/health-probes#supported-http-methods-for-health-probes + - name: Supported HTTP methods for health probes + url: "https://learn.microsoft.com/azure/frontdoor/health-probes#supported-http-methods-for-health-probes" - description: Use geo-filtering in Azure Front Door aprlGuid: b515690d-3bf9-3a49-8d38-188e0fd45896 @@ -268,15 +268,15 @@ recommendationMetadataState: Active longDescription: | Azure Front Door's geo-filtering through WAF enables defining custom access rules by country/region to restrict or allow web app access. - potentialBenefits: Enhanced regional access control + potentialBenefits Enhanced regional access control pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Geo filter WAF policy - GeoMatch - url: https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-geo-filtering + - name: Geo filter WAF policy - GeoMatch + url: "https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-geo-filtering" - description: Secure your Origin with Private Link in Azure Front Door aprlGuid: 1cfe7834-56ec-ff41-b11d-993734705dba @@ -287,13 +287,13 @@ recommendationMetadataState: Active longDescription: | Azure Private Link enables secure access to Azure PaaS and services over a private endpoint in your virtual network, ensuring traffic goes over the Microsoft backbone network, not the public internet. - potentialBenefits: Enhanced security & private connectivity + potentialBenefits Enhanced security & private connectivity pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Private link for Azure Front Door - url: https://learn.microsoft.com/azure/frontdoor/private-link + - name: Private link for Azure Front Door + url: "https://learn.microsoft.com/azure/frontdoor/private-link" diff --git a/azure-resources/Compute/galleries/recommendations.yaml b/azure-resources/Compute/galleries/recommendations.yaml index f29d6dda5..75269c691 100644 --- a/azure-resources/Compute/galleries/recommendations.yaml +++ b/azure-resources/Compute/galleries/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Keeping a minimum of 3 replicas for production images in Azure's Compute Gallery ensures scalability and prevents throttling in multi-VM deployments by distributing VM deployments across different replicas. This reduces the risk of overloading a single replica. - potentialBenefits: Enhances scalability & avoids throttling + potentialBenefits Enhances scalability & avoids throttling pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Compute Gallery best practices - url: https://learn.microsoft.com/en-us/azure/virtual-machines/azure-compute-gallery#best-practices + - name: Compute Gallery best practices + url: "https://learn.microsoft.com/en-us/azure/virtual-machines/azure-compute-gallery#best-practices" - description: Zone redundant storage should be used for image versions aprlGuid: 488dcc8b-f2e3-40ce-bf95-73deb2db095f @@ -26,17 +26,17 @@ recommendationMetadataState: Active longDescription: | Use ZRS for high availability when creating image/VM versions in Azure Compute Gallery, offering resilience against Availability Zone failures. ZRS accounts are advisable in regions with Availability Zones, with the choice of Standard_ZRS recommended over Standard_LRS for these regions. - potentialBenefits: Enhances image version availability + potentialBenefits Enhances image version availability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Compute Gallery best practices - url: https://learn.microsoft.com/en-us/azure/virtual-machines/azure-compute-gallery#best-practices - - name: Zone-redundant storage - url: https://learn.microsoft.com/en-us/azure/storage/common/storage-redundancy#zone-redundant-storage + - name: Compute Gallery best practices + url: "https://learn.microsoft.com/en-us/azure/virtual-machines/azure-compute-gallery#best-practices" + - name: Zone-redundant storage + url: "https://learn.microsoft.com/en-us/azure/storage/common/storage-redundancy#zone-redundant-storage" - description: Consider creating TrustedLaunchSupported images where possible aprlGuid: 1c5e1e58-4e56-491c-8529-10f37af9d4ed @@ -47,17 +47,17 @@ recommendationMetadataState: Active longDescription: | We recommend creating Trusted Launch Supported Images for benefits like Secure Boot, vTPM, trusted launch VMs, large boot volume. These are Gen 2 Images by default and you cannot change a VM's generation after creation, so review the considerations first. - potentialBenefits: Enhances VM security and features + potentialBenefits Enhances VM security and features pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Compute Gallery best practices - url: https://learn.microsoft.com/en-us/azure/virtual-machines/azure-compute-gallery#best-practices - - name: Generation 1 vs Generation 2 in Hyper-V - url: https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/should-i-create-a-generation-1-or-2-virtual-machine-in-hyper-v - - name: Images in Compute gallery - url: https://learn.microsoft.com/en-us/azure/virtual-machines/shared-image-galleries?tabs=azure-cli + - name: Compute Gallery best practices + url: "https://learn.microsoft.com/en-us/azure/virtual-machines/azure-compute-gallery#best-practices" + - name: Generation 1 vs Generation 2 in Hyper-V + url: "https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/should-i-create-a-generation-1-or-2-virtual-machine-in-hyper-v" + - name: Images in Compute gallery + url: "https://learn.microsoft.com/en-us/azure/virtual-machines/shared-image-galleries?tabs=azure-cli" diff --git a/azure-resources/Compute/virtualMachineScaleSets/recommendations.yaml b/azure-resources/Compute/virtualMachineScaleSets/recommendations.yaml index 530d1289d..f88340672 100644 --- a/azure-resources/Compute/virtualMachineScaleSets/recommendations.yaml +++ b/azure-resources/Compute/virtualMachineScaleSets/recommendations.yaml @@ -7,17 +7,17 @@ recommendationMetadataState: Active longDescription: | Deploying even single instance VMs into a scale set with Flexible orchestration mode future-proofs applications for scaling and availability. This mode guarantees high availability (up to 1000 VMs) by distributing VMs across fault domains in a region or within an Availability Zone. - potentialBenefits: Higher scalability & availability + potentialBenefits Higher scalability & availability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: When to use VMSS instead of VMs - url: https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-design-overview#when-to-use-scale-sets-instead-of-virtual-machines - - name: Azure Well-Architected Framework review - Virtual Machines and Scale Sets - url: https://learn.microsoft.com/azure/well-architected/services/compute/virtual-machines/virtual-machines-review + - name: When to use VMSS instead of VMs + url: "https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-design-overview#when-to-use-scale-sets-instead-of-virtual-machines" + - name: Azure Well-Architected Framework review - Virtual Machines and Scale Sets + url: "https://learn.microsoft.com/azure/well-architected/services/compute/virtual-machines/virtual-machines-review" - description: Enable VMSS application health monitoring aprlGuid: 94794d2a-eff0-2345-9b67-6f9349d0a627 @@ -28,15 +28,15 @@ recommendationMetadataState: Active longDescription: | Monitoring application health in Azure Virtual Machine Scale Sets is crucial for deployment management. It supports rolling upgrades such as automatic OS-image upgrades and VM guest patching, leveraging health monitoring for upgrading. - potentialBenefits: Enhances deployment management & upgrades + potentialBenefits Enhances deployment management & upgrades pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Using Application Health extension with Virtual Machine Scale Sets - url: https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-health-extension?tabs=rest-api + - name: Using Application Health extension with Virtual Machine Scale Sets + url: "https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-health-extension?tabs=rest-api" - description: Enable Automatic Repair policy aprlGuid: 820f4743-1f94-e946-ae0b-45efafd87962 @@ -47,15 +47,15 @@ recommendationMetadataState: Active longDescription: | Enabling automatic instance repairs in Azure Virtual Machine Scale Sets enhances application availability through a continuous health check and maintenance process. - potentialBenefits: Boosts app availability by auto-repair + potentialBenefits Boosts app availability by auto-repair pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Automatic instance repairs for Azure Virtual Machine Scale Sets - url: https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-instance-repairs#requirements-for-using-automatic-instance-repairs + - name: Automatic instance repairs for Azure Virtual Machine Scale Sets + url: "https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-instance-repairs#requirements-for-using-automatic-instance-repairs" - description: Configure VMSS Autoscale to custom and configure the scaling metrics aprlGuid: ee66ff65-9aa3-2345-93c1-25827cf79f44 @@ -66,17 +66,17 @@ recommendationMetadataState: Active longDescription: | Use custom autoscale for VMSS based on metrics and schedules to improve performance and cost effectiveness, adjusting instances as demand changes. - potentialBenefits: Enhances performance & cost-efficiency + potentialBenefits Enhances performance & cost-efficiency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Get started with autoscale in Azure - url: https://learn.microsoft.com/azure/azure-monitor/autoscale/autoscale-get-started?WT.mc_id=Portal-Microsoft_Azure_Monitoring - - name: Overview of autoscale in Azure - url: https://learn.microsoft.com/azure/azure-monitor/autoscale/autoscale-overview + - name: Get started with autoscale in Azure + url: "https://learn.microsoft.com/azure/azure-monitor/autoscale/autoscale-get-started?WT.mc_id=Portal-Microsoft_Azure_Monitoring" + - name: Overview of autoscale in Azure + url: "https://learn.microsoft.com/azure/azure-monitor/autoscale/autoscale-overview" - description: Enable Predictive autoscale and configure at least for Forecast Only aprlGuid: 3f85a51c-e286-9f44-b4dc-51d00768696c @@ -87,15 +87,15 @@ recommendationMetadataState: Active longDescription: | Predictive autoscale utilizes machine learning to efficiently manage and scale Azure Virtual Machine Scale Sets by forecasting CPU load through historical usage analysis, ensuring timely scale-out to meet demand. - potentialBenefits: Optimizes scaling with ML predictions + potentialBenefits Optimizes scaling with ML predictions pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Use predictive autoscale to scale out before load demands in virtual machine scale sets - url: https://learn.microsoft.com/azure/azure-monitor/autoscale/autoscale-predictive + - name: Use predictive autoscale to scale out before load demands in virtual machine scale sets + url: "https://learn.microsoft.com/azure/azure-monitor/autoscale/autoscale-predictive" - description: Disable Force strictly even balance across zones to avoid scale in and out fail attempts aprlGuid: b5a63aa0-c58e-244f-b8a6-cbba0560a6db @@ -106,15 +106,15 @@ recommendationMetadataState: Active longDescription: | Microsoft advises disabling strictly even VM instance distribution across Availability Zones in VMSS to improve scalability and flexibility, noting that uneven distribution may better serve application load demands despite the potential trade-off in resilience. - potentialBenefits: Improves scaling, reduces fail attempts + potentialBenefits Improves scaling, reduces fail attempts pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Use scale-in policies with Azure Virtual Machine Scale Sets - url: https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-scale-in-policy + - name: Use scale-in policies with Azure Virtual Machine Scale Sets + url: "https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-scale-in-policy" - description: Configure Allocation Policy Spreading algorithm to Max Spreading aprlGuid: 457e1648-8aa2-214d-a854-11a4084ecdc9 @@ -125,15 +125,15 @@ recommendationMetadataState: Active longDescription: | Max spreading distributes VMs across multiple fault domains per zone, potentially more or less than five, enhancing resilience. Static spreading limits VMs to exactly five fault domains. If five distinct domains aren't available, allocation fails. - potentialBenefits: Enhances fault tolerance + potentialBenefits Enhances fault tolerance pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Availability Considerations - url: https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-use-availability-zones#availability-considerations + - name: Availability Considerations + url: "https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-use-availability-zones#availability-considerations" - description: Deploy VMSS across availability zones with VMSS Flex aprlGuid: 1422c567-782c-7148-ac7c-5fc14cf45adc @@ -144,17 +144,17 @@ recommendationMetadataState: Active longDescription: | When creating VMSS, implement availability zones as a protection measure for your applications and data against the rare event of datacenter failure. - potentialBenefits: Enhances disaster resilience + potentialBenefits Enhances disaster resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Create a Virtual Machine Scale Set that uses Availability Zones - url: https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-use-availability-zones - - name: Update scale set to add availability zones - url: https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-use-availability-zones?tabs=cli-1%2Cportal-2#update-scale-set-to-add-availability-zones + - name: Create a Virtual Machine Scale Set that uses Availability Zones + url: "https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-use-availability-zones" + - name: Update scale set to add availability zones + url: "https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-use-availability-zones?tabs=cli-1%2Cportal-2#update-scale-set-to-add-availability-zones" - description: Set Patch orchestration options to Azure-orchestrated aprlGuid: e4ffd7b0-ba24-c84e-9352-ba4819f908c0 @@ -165,17 +165,17 @@ recommendationMetadataState: Active longDescription: | Enabling automatic VM guest patching eases update management by safely, automatically patching virtual machines to maintain security compliance, while limiting blast radius of VMs. Note, the KQL will not return sets using Uniform orchestration. - potentialBenefits: Eases patch management, enhances security + potentialBenefits Eases patch management, enhances security pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Automatic VM Guest Patching for Azure VMs - url: https://learn.microsoft.com/azure/virtual-machines/automatic-vm-guest-patching - - name: Auto OS Image Upgrades - url: https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade + - name: Automatic VM Guest Patching for Azure VMs + url: "https://learn.microsoft.com/azure/virtual-machines/automatic-vm-guest-patching" + - name: Auto OS Image Upgrades + url: "https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade" - description: Upgrade VMSS Image versions scheduled to be deprecated or already retired aprlGuid: 83d61669-7bd6-9642-a305-175db8adcdf4 @@ -186,15 +186,15 @@ recommendationMetadataState: Active longDescription: | Using current image versions prevents disruption from deprecation, ensuring uninterrupted deployment of VMs and VMSS. - potentialBenefits: Avoid disruptions by updating VMSS images. + potentialBenefits Avoid disruptions by updating VMSS images. pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Deprecated Azure Marketplace images - url: https://learn.microsoft.com/en-us/azure/virtual-machines/deprecated-images + - name: Deprecated Azure Marketplace images + url: "https://learn.microsoft.com/en-us/azure/virtual-machines/deprecated-images" - description: Production VMSS instances should be using SSD disks aprlGuid: 1074f391-22bf-42f5-9c95-68af5ad89bf6 @@ -205,13 +205,13 @@ recommendationMetadataState: Active longDescription: | Using SSD disks for Production workloads is advised as HDDs could negatively impact resources, being suitable only for non-critical resources or those needing infrequent access. - potentialBenefits: Faster access & reliability for VMSS + potentialBenefits Faster access & reliability for VMSS pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Disk Comparison - url: https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison + - name: Disk Comparison + url: "https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison" diff --git a/azure-resources/Compute/virtualMachines/recommendations.yaml b/azure-resources/Compute/virtualMachines/recommendations.yaml index a729ba040..dbae4ce7f 100644 --- a/azure-resources/Compute/virtualMachines/recommendations.yaml +++ b/azure-resources/Compute/virtualMachines/recommendations.yaml @@ -7,17 +7,17 @@ recommendationMetadataState: Active longDescription: | Production VM workloads should be deployed on multiple VMs and grouped in a VMSS Flex instance to intelligently distribute across the platform, minimizing the impact of platform faults and updates. - potentialBenefits: Enhanced fault/update resilience + potentialBenefits Enhanced fault/update resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: What has changed with Flexible orchestration mode - url: https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-orchestration-modes#what-has-changed-with-flexible-orchestration-mode - - name: Attach or detach a Virtual Machine to or from a Virtual Machine Scale Set - url: https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-attach-detach-vm?branch=main&tabs=portal-1%2Cportal-2%2Cportal-3 + - name: What has changed with Flexible orchestration mode + url: "https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-orchestration-modes#what-has-changed-with-flexible-orchestration-mode" + - name: Attach or detach a Virtual Machine to or from a Virtual Machine Scale Set + url: "https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-attach-detach-vm?branch=main&tabs=portal-1%2Cportal-2%2Cportal-3" - description: Deploy VMs across Availability Zones aprlGuid: 2bd0be95-a825-6f47-a8c6-3db1fb5eb387 @@ -28,15 +28,15 @@ recommendationMetadataState: Active longDescription: | Azure Availability Zones, within each Azure region, are tolerant to local failures, protecting applications and data against unlikely datacenter failures by being physically separate. - potentialBenefits: Enhanced VM resilience to failures + potentialBenefits Enhanced VM resilience to failures pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Create virtual machines in an availability zone using the Azure portal - url: https://learn.microsoft.com/azure/virtual-machines/create-portal-availability-zone?tabs=standard + - name: Create virtual machines in an availability zone using the Azure portal + url: "https://learn.microsoft.com/azure/virtual-machines/create-portal-availability-zone?tabs=standard" - description: Migrate VMs using availability sets to VMSS Flex aprlGuid: a8d25876-7951-b646-b4e8-880c9031596b @@ -47,15 +47,15 @@ recommendationMetadataState: Active longDescription: | Availability sets will soon be retired. Migrate workloads from VMs to VMSS Flex for deployment across zones or within the same zone across different fault domains (FDs) and update domains (UD) for better reliability. - potentialBenefits: Enhances reliability & future-proofs VMs + potentialBenefits Enhances reliability & future-proofs VMs pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Resiliency checklist for Virtual Machines - url: https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#virtual-machines + - name: Resiliency checklist for Virtual Machines + url: "https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#virtual-machines" - description: Replicate VMs using Azure Site Recovery aprlGuid: cfe22a65-b1db-fd41-9e8e-d573922709ae @@ -66,17 +66,17 @@ recommendationMetadataState: Active longDescription: | Replicating Azure VMs via Site Recovery entails continuous, asynchronous disk replication to a target region. Recovery points are generated every few minutes, ensuring a Recovery Point Objective (RPO) in minutes. - potentialBenefits: Minimize downtime in disasters + potentialBenefits Minimize downtime in disasters pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Resiliency checklist for Virtual Machines - url: https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#virtual-machines - - name: Run a test failover (disaster recovery drill) to Azure - url: https://learn.microsoft.com/azure/site-recovery/site-recovery-test-failover-to-azure + - name: Resiliency checklist for Virtual Machines + url: "https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#virtual-machines" + - name: Run a test failover (disaster recovery drill) to Azure + url: "https://learn.microsoft.com/azure/site-recovery/site-recovery-test-failover-to-azure" - description: Use Managed Disks for VM disks aprlGuid: 122d11d7-b91f-8747-a562-f56b79bcfbdc @@ -87,19 +87,19 @@ recommendationMetadataState: Active longDescription: | Azure is retiring unmanaged disks on September 30, 2025. Users should plan the migration to avoid disruptions and maintain service reliability. - potentialBenefits: Avoid retirement disruption, enhance reliability + potentialBenefits Avoid retirement disruption, enhance reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Migrate your Azure unmanaged disks by Sep 30, 2025 - url: https://learn.microsoft.com/azure/virtual-machines/unmanaged-disks-deprecation - - name: Migrate Windows VM from unmanaged disks to managed disks - url: https://learn.microsoft.com/azure/virtual-machines/windows/convert-unmanaged-to-managed-disks - - name: Migrate Linux VM from unmanaged disks to managed disks - url: https://learn.microsoft.com/azure/virtual-machines/linux/convert-unmanaged-to-managed-disks + - name: Migrate your Azure unmanaged disks by Sep 30, 2025 + url: "https://learn.microsoft.com/azure/virtual-machines/unmanaged-disks-deprecation" + - name: Migrate Windows VM from unmanaged disks to managed disks + url: "https://learn.microsoft.com/azure/virtual-machines/windows/convert-unmanaged-to-managed-disks" + - name: Migrate Linux VM from unmanaged disks to managed disks + url: "https://learn.microsoft.com/azure/virtual-machines/linux/convert-unmanaged-to-managed-disks" - description: Host database data on a data disk aprlGuid: 4ea2878f-0d69-8d4a-b715-afc10d1e538e @@ -110,17 +110,17 @@ recommendationMetadataState: Active longDescription: | A data disk is a managed disk attached to a virtual machine for storing database or other essential data. These disks are SCSI drives labeled as per choice. - potentialBenefits: Enhances performance, recovery, migration flexibility + potentialBenefits Enhances performance, recovery, migration flexibility pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Introduction to Azure managed disks - Data disks - url: https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview#data-disk - - name: Azure managed disk types - url: https://learn.microsoft.com/azure/virtual-machines/disks-types + - name: Introduction to Azure managed disks - Data disks + url: "https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview#data-disk" + - name: Azure managed disk types + url: "https://learn.microsoft.com/azure/virtual-machines/disks-types" - description: Backup VMs with Azure Backup service aprlGuid: 1981f704-97b9-b645-9c57-33f8ded9261a @@ -131,15 +131,15 @@ recommendationMetadataState: Active longDescription: | Enable backups for your virtual machines with Azure Backup to secure and quickly recover your data. This service offers simple, secure, and cost-effective solutions for backing up and recovering data from the Microsoft Azure cloud. - potentialBenefits: Secure data recovery and backup + potentialBenefits Secure data recovery and backup pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: What is the Azure Backup service? - url: https://learn.microsoft.com/azure/backup/backup-overview + - name: What is the Azure Backup service? + url: "https://learn.microsoft.com/azure/backup/backup-overview" - description: Production VMs should be using SSD disks aprlGuid: d3f3ee41-b9aa-d34d-b442-5d46d20232b2 @@ -150,15 +150,15 @@ recommendationMetadataState: Active longDescription: | Premium SSD disks support I/O-intensive apps with high performance, low latency, ideal for production. Standard SSDs offer cost-effective solutions for less critical workloads with consistent performance. - potentialBenefits: High-performance & reliability for critical apps + potentialBenefits High-performance & reliability for critical apps pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure managed disk types - url: https://learn.microsoft.com/azure/virtual-machines/disks-types#premium-ssd + - name: Azure managed disk types + url: "https://learn.microsoft.com/azure/virtual-machines/disks-types#premium-ssd" - description: Review VMs in stopped state aprlGuid: 98b334c0-8578-6046-9e43-b6e8fce6318e @@ -169,15 +169,15 @@ recommendationMetadataState: Active longDescription: | Azure Virtual Machines (VM) instances have various states, like provisioning and power states. A non-running VM may indicate issues or it being unnecessary, suggesting removal could help cut costs. - potentialBenefits: Reduce costs by removing unused VMs + potentialBenefits Reduce costs by removing unused VMs pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: States and billing status of Azure Virtual Machines - url: https://learn.microsoft.com/azure/virtual-machines/states-billing?context=%2Ftroubleshoot%2Fazure%2Fvirtual-machines%2Fcontext%2Fcontext#power-states-and-billing + - name: States and billing status of Azure Virtual Machines + url: "https://learn.microsoft.com/azure/virtual-machines/states-billing?context=%2Ftroubleshoot%2Fazure%2Fvirtual-machines%2Fcontext%2Fcontext#power-states-and-billing" - description: Enable Accelerated Networking (AccelNet) aprlGuid: dfedbeb1-1519-fc47-86a5-52f96cf07105 @@ -188,15 +188,15 @@ recommendationMetadataState: Active longDescription: | Accelerated networking enables SR-IOV to a VM, greatly improving its networking performance by bypassing the host from the data path, which reduces latency, jitter, and CPU utilization for demanding network workloads on supported VM types. - potentialBenefits: Reduces latency, jitter & CPU use + potentialBenefits Reduces latency, jitter & CPU use pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Accelerated Networking (AccelNet) overview - url: https://learn.microsoft.com/azure/virtual-network/accelerated-networking-overview + - name: Accelerated Networking (AccelNet) overview + url: "https://learn.microsoft.com/azure/virtual-network/accelerated-networking-overview" - description: When AccelNet is enabled, you must manually update the GuestOS NIC driver aprlGuid: 73d1bb04-7d3e-0d47-bc0d-63afe773b5fe @@ -207,15 +207,15 @@ recommendationMetadataState: Active longDescription: | When Accelerated Networking is enabled, the default Azure VNet interface in GuestOS is swapped for a Mellanox, and its driver comes from a 3rd party. Marketplace images have the latest Mellanox drivers, but post-deployment, updating the driver is the user's responsibility. - potentialBenefits: Enhanced VM network efficiency + potentialBenefits Enhanced VM network efficiency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Accelerated Networking (AccelNet) overview - url: https://learn.microsoft.com/azure/virtual-network/accelerated-networking-overview + - name: Accelerated Networking (AccelNet) overview + url: "https://learn.microsoft.com/azure/virtual-network/accelerated-networking-overview" - description: VMs should not have a Public IP directly associated aprlGuid: 1f629a30-c9d0-d241-82ee-6f2eb9d42cb4 @@ -226,15 +226,15 @@ recommendationMetadataState: Active longDescription: | For outbound internet connectivity of Virtual Machines, using NAT Gateway or Azure Firewall is recommended to enhance security and service resilience, thanks to their higher availability and SNAT ports. - potentialBenefits: Enhanced security and service resiliency + potentialBenefits Enhanced security and service resiliency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Use Source Network Address Translation (SNAT) for outbound connections - url: https://learn.microsoft.com/azure/load-balancer/load-balancer-outbound-connections + - name: Use Source Network Address Translation (SNAT) for outbound connections + url: "https://learn.microsoft.com/azure/load-balancer/load-balancer-outbound-connections" - description: VM network interfaces and associated subnets both have a Network Security Group (NSG) associated aprlGuid: 82b3cf6b-9ae2-2e44-b193-10793213f676 @@ -245,15 +245,15 @@ recommendationMetadataState: Active longDescription: | Unless you have a specific reason, it's advised to associate a network security group to a subnet or a network interface, but not both, to avoid unexpected communication issues and troubleshooting due to potential rule conflicts between the two associations. - potentialBenefits: Reduces communication problems + potentialBenefits Reduces communication problems pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: How network security groups filter network traffic - url: https://learn.microsoft.com/azure/virtual-network/network-security-group-how-it-works#intra-subnet-traffic + - name: How network security groups filter network traffic + url: "https://learn.microsoft.com/azure/virtual-network/network-security-group-how-it-works#intra-subnet-traffic" - description: IP Forwarding should only be enabled for Network Virtual Appliances aprlGuid: 41a22a5e-5e08-9647-92d0-2ffe9ef1bdad @@ -264,15 +264,15 @@ recommendationMetadataState: Active longDescription: | IP forwarding allows a virtual machine network interface to receive and send network traffic not destined for or originating from its assigned IP addresses. - potentialBenefits: Enhances network appliance function + potentialBenefits Enhances network appliance function pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Enable or disable IP forwarding - url: https://learn.microsoft.com/azure/virtual-network/virtual-network-network-interface?tabs=network-interface-portal#enable-or-disable-ip-forwarding + - name: Enable or disable IP forwarding + url: "https://learn.microsoft.com/azure/virtual-network/virtual-network-network-interface?tabs=network-interface-portal#enable-or-disable-ip-forwarding" - description: Customer DNS Servers should be configured in the Virtual Network level aprlGuid: 1cf8fe21-9593-1e4e-966b-779a294c0d30 @@ -283,15 +283,15 @@ recommendationMetadataState: Active longDescription: | Configure the DNS Server at the Virtual Network level to prevent any inconsistency across the environment. - potentialBenefits: Ensures DNS consistency + potentialBenefits Ensures DNS consistency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Name resolution for resources in Azure virtual networks - url: https://learn.microsoft.com/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances + - name: Name resolution for resources in Azure virtual networks + url: "https://learn.microsoft.com/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances" - description: Shared disks should only be enabled in clustered servers aprlGuid: 3263a64a-c256-de48-9818-afd3cbc55c2a @@ -302,17 +302,17 @@ recommendationMetadataState: Active longDescription: | Azure shared disks let you attach a disk to multiple VMs at once for deploying or migrating clustered applications, suitable only when a disk is shared among VM cluster members. - potentialBenefits: Enhances clustered server performance + potentialBenefits Enhances clustered server performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Shared Disk Introduction - url: https://learn.microsoft.com/azure/virtual-machines/disks-shared - - name: Enable Shared Disks - url: https://learn.microsoft.com/azure/virtual-machines/disks-shared-enable?tabs=azure-portal + - name: Azure Shared Disk Introduction + url: "https://learn.microsoft.com/azure/virtual-machines/disks-shared" + - name: Enable Shared Disks + url: "https://learn.microsoft.com/azure/virtual-machines/disks-shared-enable?tabs=azure-portal" - description: Network access to the VM disk should be set to Disable public access and enable private access aprlGuid: 70b1d2be-e6c4-b54e-9959-b1b690f9e485 @@ -323,15 +323,15 @@ recommendationMetadataState: Active longDescription: | Recommended changing to "Disable public access and enable private access" and creating a Private Endpoint to improve security by restricting direct public access and ensuring connections are made privately, enhancing data protection and minimizing potential external threats. - potentialBenefits: Enhances VM security & privacy + potentialBenefits Enhances VM security & privacy pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Restrict import/export access for managed disks using Azure Private Link - url: https://learn.microsoft.com/azure/virtual-machines/disks-enable-private-links-for-import-export-portal + - name: Restrict import/export access for managed disks using Azure Private Link + url: "https://learn.microsoft.com/azure/virtual-machines/disks-enable-private-links-for-import-export-portal" - description: Ensure that your VMs are compliant with Azure Policies aprlGuid: c42343ae-2712-2843-a285-3437eb0b28a1 @@ -342,17 +342,17 @@ recommendationMetadataState: Active longDescription: | Keeping your virtual machine (VM) secure is crucial for the applications you run. This involves using various Azure services and features to ensure secure access to your VMs and the secure storage of your data, aiming for overall security of your VM and applications. - potentialBenefits: Secure VMs & applications + potentialBenefits Secure VMs & applications pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Policy-driven governance - url: https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-principles#policy-driven-governance - - name: Azure Policy Regulatory Compliance controls for Azure Virtual Machines - url: https://learn.microsoft.com/azure/virtual-machines/security-policy + - name: Policy-driven governance + url: "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-principles#policy-driven-governance" + - name: Azure Policy Regulatory Compliance controls for Azure Virtual Machines + url: "https://learn.microsoft.com/azure/virtual-machines/security-policy" - description: Enable advanced encryption options for your managed disks aprlGuid: f0a97179-133a-6e4f-8a49-8a44da73ffce @@ -363,15 +363,15 @@ recommendationMetadataState: Active longDescription: | Azure Disk Storage encrypts data at rest automatically for managed disks, including OS and data disks. - potentialBenefits: Enhances data security and integrity + potentialBenefits Enhances data security and integrity pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Overview of managed disk encryption options - url: https://learn.microsoft.com/azure/virtual-machines/disk-encryption-overview + - name: Overview of managed disk encryption options + url: "https://learn.microsoft.com/azure/virtual-machines/disk-encryption-overview" - description: Enable VM Insights aprlGuid: b72214bb-e879-5f4b-b9cd-642db84f36f4 @@ -382,17 +382,17 @@ recommendationMetadataState: Active longDescription: | VM Insights monitors VM and scale set performance, health, running processes, and dependencies. It enhances the predictability of application performance and availability by pinpointing performance bottlenecks and network issues, and it clarifies if problems are related to other dependencies. - potentialBenefits: Improves VM performance & health + potentialBenefits Improves VM performance & health pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Overview of VM insights - url: https://learn.microsoft.com/azure/azure-monitor/vm/vminsights-overview - - name: Did the extension install properly? - url: https://learn.microsoft.com/azure/azure-monitor/vm/vminsights-troubleshoot#did-the-extension-install-properly + - name: Overview of VM insights + url: "https://learn.microsoft.com/azure/azure-monitor/vm/vminsights-overview" + - name: Did the extension install properly? + url: "https://learn.microsoft.com/azure/azure-monitor/vm/vminsights-troubleshoot#did-the-extension-install-properly" - description: Configure diagnostic settings for all Azure Virtual Machines aprlGuid: 4a9d8973-6dba-0042-b3aa-07924877ebd5 @@ -403,15 +403,15 @@ recommendationMetadataState: Active longDescription: | Azure Monitor Metrics automatically receives platform metrics, but platform logs, which offer detailed diagnostics and auditing for resources and their Azure platform, need to be manually routed for collection. - potentialBenefits: Enhanced diagnostics & auditing capability + potentialBenefits Enhanced diagnostics & auditing capability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Diagnostic settings in Azure Monitor - url: https://learn.microsoft.com/azure/azure-monitor/essentials/diagnostic-settings?tabs=portal + - name: Diagnostic settings in Azure Monitor + url: "https://learn.microsoft.com/azure/azure-monitor/essentials/diagnostic-settings?tabs=portal" - description: Use maintenance configurations for the VMs aprlGuid: 52ab9e5c-eec0-3148-8bd7-b6dd9e1be870 @@ -422,15 +422,15 @@ recommendationMetadataState: Active longDescription: | The maintenance configuration settings let users schedule and manage updates, making sure the updates or interruptions on the VM are performed within a planned timeframe. - potentialBenefits: Scheduled updates for VMs + potentialBenefits Scheduled updates for VMs pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Use maintenance configurations to control and manage the VM updates - url: https://learn.microsoft.com/azure/virtual-machines/maintenance-configurations + - name: Use maintenance configurations to control and manage the VM updates + url: "https://learn.microsoft.com/azure/virtual-machines/maintenance-configurations" - description: Don't use A or B-Series VMs for production needing constant full CPU performance aprlGuid: 3201dba8-d1da-4826-98a4-104066545170 @@ -441,15 +441,15 @@ recommendationMetadataState: Active longDescription: | A-series VMs are tailored for entry-level workloads like development and testing, including use cases such as development and test servers, low traffic web servers, and small to medium databases. - potentialBenefits: Ensures full CPU usage for heavy tasks + potentialBenefits Ensures full CPU usage for heavy tasks pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: B-series burstable virtual machine sizes - url: https://learn.microsoft.com/en-us/azure/virtual-machines/sizes-b-series-burstable + - name: B-series burstable virtual machine sizes + url: "https://learn.microsoft.com/en-us/azure/virtual-machines/sizes-b-series-burstable" - description: Mission Critical Workloads should be using Premium or Ultra Disks aprlGuid: df0ff862-814d-45a3-95e4-4fad5a244ba6 @@ -460,15 +460,15 @@ recommendationMetadataState: Active longDescription: | Azure Premium SSDs provide high-performance, low-latency for IO-intensive VM workloads. Premium SSD v2 offers better performance at a lower cost, with adjustable capacity, throughput, IOPS, ideal for shifting needs, but not as OS Disks. - potentialBenefits: Enhanced performance & cost efficiency + potentialBenefits Enhanced performance & cost efficiency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Disk type comparison and decision tree - url: https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison + - name: Disk type comparison and decision tree + url: "https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison" - description: Use Azure Boost VMs for Maintenance sensitive workload aprlGuid: 9ab499d8-8844-424d-a2d4-8f53690eb8f8 @@ -479,17 +479,17 @@ recommendationMetadataState: Active longDescription: | If the workload is Maintenance sensitive, consider using Azure Boost compatible VMs designed to lessen the impact on customers when Azure maintenance activities occur. - potentialBenefits: Less maintenance impact + potentialBenefits Less maintenance impact pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Microsoft Azure Boost - url: https://learn.microsoft.com/azure/azure-boost/overview - - name: Announcing the general availability of Azure Boost - url: https://aka.ms/AzureBoostGABlog + - name: Microsoft Azure Boost + url: "https://learn.microsoft.com/azure/azure-boost/overview" + - name: Announcing the general availability of Azure Boost + url: "https://aka.ms/AzureBoostGABlog" - description: Enable Scheduled Events for Maintenance sensitive workload VMs aprlGuid: 2de8fa5e-14f4-4c4c-857f-1520f87a629f @@ -500,17 +500,17 @@ recommendationMetadataState: Active longDescription: | If your workload is Maintenance sensitive, enable Scheduled Events. This Azure Metadata Service lets your app prepare for virtual machine maintenance by providing information on upcoming events like reboots, reducing disruptions. - potentialBenefits: Minimize downtime for VMs + potentialBenefits Minimize downtime for VMs pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Monitor scheduled events for your Azure VMs - url: https://learn.microsoft.com/azure/virtual-machines/windows/scheduled-event-service - - name: Azure Metadata Service: Scheduled Events for Linux VMs - url: https://learn.microsoft.com/azure/virtual-machines/linux/scheduled-events - - name: Azure Metadata Service: Scheduled Events for Windows VMs - url: https://learn.microsoft.com/azure/virtual-machines/windows/scheduled-events + - name: Monitor scheduled events for your Azure VMs + url: "https://learn.microsoft.com/azure/virtual-machines/windows/scheduled-event-service" + - name: Azure Metadata Service: Scheduled Events for Linux VMs + url: "https://learn.microsoft.com/azure/virtual-machines/linux/scheduled-events" + - name: Azure Metadata Service: Scheduled Events for Windows VMs + url: "https://learn.microsoft.com/azure/virtual-machines/windows/scheduled-events" diff --git a/azure-resources/ContainerRegistry/registries/recommendations.yaml b/azure-resources/ContainerRegistry/registries/recommendations.yaml index f9183cac4..9e5e80e9e 100644 --- a/azure-resources/ContainerRegistry/registries/recommendations.yaml +++ b/azure-resources/ContainerRegistry/registries/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Choose a service tier of Azure Container Registry to meet your performance needs. Premium offers the most bandwidth and highest rate of read and write operations for high-volume deployments. Use Basic to start, Standard for production, and Premium for hyper-scale performance and geo-replication. - potentialBenefits: High-volume support & geo-replication + potentialBenefits High-volume support & geo-replication pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Container Registry Best Practices - url: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-best-practices + - name: Container Registry Best Practices + url: "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-best-practices" - description: Enable zone redundancy aprlGuid: 63491f70-22e4-3b4a-8b0c-845450e46fac @@ -26,15 +26,15 @@ recommendationMetadataState: Active longDescription: | Azure Container Registry's optional zone redundancy enhances resiliency and high availability for registries or replication resources in a specific region by distributing resources across multiple zones. - potentialBenefits: Enhances resiliency & high availability + potentialBenefits Enhances resiliency & high availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Registry best practices - Enable zone redundancy - url: https://review.learn.microsoft.com/en-us/azure/container-registry/zone-redundancy?toc=%2Fazure%2Freliability%2Ftoc.json&bc=%2Fazure%2Freliability%2Fbreadcrumb%2Ftoc.json&branch=main + - name: Registry best practices - Enable zone redundancy + url: "https://review.learn.microsoft.com/en-us/azure/container-registry/zone-redundancy?toc=%2Fazure%2Freliability%2Ftoc.json&bc=%2Fazure%2Freliability%2Fbreadcrumb%2Ftoc.json&branch=main" - description: Enable geo-replication aprlGuid: 36ea6c09-ef6e-d743-9cfb-bd0c928a430b @@ -45,17 +45,17 @@ recommendationMetadataState: Active longDescription: | Use Azure Container Registry's geo-replication for multi-region deployments to simplify registry management and minimize latency. It enables serving global customers from local data centers and supports distributed development teams. Regional webhooks can notify of events in replicas. - potentialBenefits: Simplifies management, reduces latency + potentialBenefits Simplifies management, reduces latency pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Registry best practices - Enable geo-replication - url: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-best-practices#geo-replicate-multi-region-deployments - - name: Geo-Replicate Container Registry - url: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-geo-replication + - name: Registry best practices - Enable geo-replication + url: "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-best-practices#geo-replicate-multi-region-deployments" + - name: Geo-Replicate Container Registry + url: "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-geo-replication" - description: Use Repository namespaces aprlGuid: a5a0101a-a240-8742-90ba-81dbde9a0c0c @@ -66,15 +66,15 @@ recommendationMetadataState: Active longDescription: | Using repository namespaces allows a single registry to be shared across multiple groups and deployments within an organization, supporting nested namespaces for group isolation. However, repositories are managed independently, not hierarchically. - potentialBenefits: Enables sharing & group isolation + potentialBenefits Enables sharing & group isolation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Registry best practices - use repository namespaces - url: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-best-practices#repository-namespaces + - name: Registry best practices - use repository namespaces + url: "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-best-practices#repository-namespaces" - description: Move Container Registry to a dedicated resource group aprlGuid: 8e389532-5db5-7e4c-9d4d-443b3e55ae82 @@ -85,15 +85,15 @@ recommendationMetadataState: Active longDescription: | Container registries, used across multiple hosts, should be in their own resource group to prevent accidental deletion of images when container instances are deleted, preserving the image collection while experimenting with hosts. - potentialBenefits: Safeguards image collection + potentialBenefits Safeguards image collection pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Registry best practices - Use dedicated resource group - url: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-best-practices#dedicated-resource-group + - name: Registry best practices - Use dedicated resource group + url: "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-best-practices#dedicated-resource-group" - description: Manage registry size aprlGuid: 3ef86f16-f65b-c645-9901-7830d6dc3a1b @@ -104,17 +104,17 @@ recommendationMetadataState: Active longDescription: | The storage constraints of Azure Container Registry's service tiers align with usage scenarios: Basic for starters, Standard for production, and Premium for high-scale performance & geo-replication. - potentialBenefits: Reduce costs, optimize storage + potentialBenefits Reduce costs, optimize storage pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Registry best practices - Manage registry size - url: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-best-practices#manage-registry-size - - name: Retention Policy - url: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-retention-policy#about-the-retention-policy + - name: Registry best practices - Manage registry size + url: "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-best-practices#manage-registry-size" + - name: Retention Policy + url: "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-retention-policy#about-the-retention-policy" - description: Disable anonymous pull access aprlGuid: 03f4a7d8-c5b4-7842-8e6e-14997a34842b @@ -125,15 +125,15 @@ recommendationMetadataState: Active longDescription: | By default, Azure container registry requires authentication for pull/push actions. Enabling anonymous pull access exposes all content for public read actions. This applies to all repositories, potentially allowing unrestricted access if repository-scoped tokens are used. - potentialBenefits: Enhanced security & controlled access + potentialBenefits Enhanced security & controlled access pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Enable anonymous pull access - url: https://learn.microsoft.com/en-us/azure/container-registry/anonymous-pull-access#about-anonymous-pull-access + - name: Enable anonymous pull access + url: "https://learn.microsoft.com/en-us/azure/container-registry/anonymous-pull-access#about-anonymous-pull-access" - description: Configure Diagnostic Settings for all Azure Container Registries aprlGuid: 44107155-7a32-9348-89f3-d5aa7e7c5a1d @@ -144,17 +144,17 @@ recommendationMetadataState: Active longDescription: | Resource Logs are not collected and stored until you create a diagnostic setting and route them to one or more locations. - potentialBenefits: Enhanced tracking and debugging + potentialBenefits Enhanced tracking and debugging pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Monitoring Azure Container Registry data reference - Resource Logs - url: https://learn.microsoft.com/en-us/azure/container-registry/monitor-service-reference#resource-logs - - name: Monitor Azure Container Registry - Enable diagnostic logs - url: https://learn.microsoft.com/en-us/azure/container-registry/monitor-service#collection-and-routing + - name: Monitoring Azure Container Registry data reference - Resource Logs + url: "https://learn.microsoft.com/en-us/azure/container-registry/monitor-service-reference#resource-logs" + - name: Monitor Azure Container Registry - Enable diagnostic logs + url: "https://learn.microsoft.com/en-us/azure/container-registry/monitor-service#collection-and-routing" - description: Monitor Azure Container Registry with Azure Monitor aprlGuid: d594cde6-4116-d143-a64a-25f63289a2f8 @@ -165,17 +165,17 @@ recommendationMetadataState: Active longDescription: | Monitoring Azure resources using Azure Monitor enhances their availability, performance, and operation. Azure Container Registry, a full-stack monitoring service, provides features for Azure and other cloud and on-premises resources. - potentialBenefits: Enhanced monitoring & operation + potentialBenefits Enhanced monitoring & operation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Monitoring Azure Container Registry data reference - url: https://learn.microsoft.com/en-us/azure/container-registry/monitor-service-reference#metrics - - name: Monitor Azure Container Registry - url: https://learn.microsoft.com/en-us/azure/container-registry/monitor-service + - name: Monitoring Azure Container Registry data reference + url: "https://learn.microsoft.com/en-us/azure/container-registry/monitor-service-reference#metrics" + - name: Monitor Azure Container Registry + url: "https://learn.microsoft.com/en-us/azure/container-registry/monitor-service" - description: Enable soft delete policy aprlGuid: e7f0fd54-fba0-054e-9ab8-e676f2851f88 @@ -186,13 +186,13 @@ recommendationMetadataState: Active longDescription: | Enabling soft delete in Azure Container Registry (ACR) allows for the management of deleted artifacts with a specified retention period. Users can list, filter, and restore these artifacts until automatically purged post-retention. - potentialBenefits: Recovery of deleted artifacts + potentialBenefits Recovery of deleted artifacts pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Enable soft delete policy - url: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-soft-delete-policy + - name: Enable soft delete policy + url: "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-soft-delete-policy" diff --git a/azure-resources/ContainerService/managedClusters/recommendations.yaml b/azure-resources/ContainerService/managedClusters/recommendations.yaml index 1fe523c31..a3ff6eb42 100644 --- a/azure-resources/ContainerService/managedClusters/recommendations.yaml +++ b/azure-resources/ContainerService/managedClusters/recommendations.yaml @@ -7,17 +7,17 @@ recommendationMetadataState: Active longDescription: | Azure Availability Zones ensure high availability by offering independent locations within regions, equipped with their own power, cooling, and networking to ensure applications and data are protected from datacenter-level failures. - potentialBenefits: Enhanced fault tolerance for AKS + potentialBenefits Enhanced fault tolerance for AKS pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: AKS Availability Zones - url: https://learn.microsoft.com/en-us/azure/aks/availability-zones - - name: Zone Balancing - url: https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-use-availability-zones#zone-balancing + - name: AKS Availability Zones + url: "https://learn.microsoft.com/en-us/azure/aks/availability-zones" + - name: Zone Balancing + url: "https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-use-availability-zones#zone-balancing" - description: Isolate system and application pods aprlGuid: 5ee083cd-6ac3-4a83-8913-9549dd36cf56 @@ -28,15 +28,15 @@ recommendationMetadataState: Active longDescription: | AKS assigns the kubernetes.azure.com/mode: system label to nodes in system node pools signaling system pods should be scheduled there. - potentialBenefits: Enhanced reliability via pod isolation + potentialBenefits Enhanced reliability via pod isolation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: System and user node pools - url: https://learn.microsoft.com/en-us/azure/aks/use-system-pools?tabs=azure-cli#system-and-user-node-pools + - name: System and user node pools + url: "https://learn.microsoft.com/en-us/azure/aks/use-system-pools?tabs=azure-cli#system-and-user-node-pools" - description: Disable local accounts aprlGuid: ca324d71-54b0-4a3e-b9e4-10e767daa9fc @@ -47,19 +47,19 @@ recommendationMetadataState: Active longDescription: | Local Kubernetes accounts in AKS, being non-auditable and legacy, are discouraged. Microsoft Entra's integration offers centralized management, multi-factor authentication, RBAC for detailed access, and a secure, scalable authentication system compatible with Azure and external identity providers. - potentialBenefits: Enhanced security & access control + potentialBenefits Enhanced security & access control pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Entra integration - url: https://learn.microsoft.com/en-us/azure/aks/concepts-identity#azure-ad-integration - - name: Use Azure role-based access control for AKS - url: https://learn.microsoft.com/en-us/azure/aks/manage-azure-rbac?source=recommendations - - name: Manage AKS local accounts - url: https://learn.microsoft.com/en-us/azure/aks/manage-local-accounts-managed-azure-ad?source=recommendations + - name: Entra integration + url: "https://learn.microsoft.com/en-us/azure/aks/concepts-identity#azure-ad-integration" + - name: Use Azure role-based access control for AKS + url: "https://learn.microsoft.com/en-us/azure/aks/manage-azure-rbac?source=recommendations" + - name: Manage AKS local accounts + url: "https://learn.microsoft.com/en-us/azure/aks/manage-local-accounts-managed-azure-ad?source=recommendations" - description: Configure Azure CNI networking for dynamic allocation of IPs aprlGuid: c22db132-399b-4e7c-995d-577a60881be8 @@ -70,17 +70,17 @@ recommendationMetadataState: Active longDescription: | Azure CNI enhances cluster IP and network management, allowing dynamic IP allocation, scalable subnets, direct pod-VNET connectivity, and supports diverse network policies for pods and nodes with Azure Network Policies and Calico, optimizing network efficiency and security - potentialBenefits: Dynamic IP allocation, scalable subnets, direct VNET access + potentialBenefits Dynamic IP allocation, scalable subnets, direct VNET access pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Configure Azure CNI networking - url: https://learn.microsoft.com/en-us/azure/aks/configure-azure-cni-dynamic-ip-allocation - - name: Configure Azure CNI Overlay networking - url: https://learn.microsoft.com/en-us/azure/aks/azure-cni-overlay + - name: Configure Azure CNI networking + url: "https://learn.microsoft.com/en-us/azure/aks/configure-azure-cni-dynamic-ip-allocation" + - name: Configure Azure CNI Overlay networking + url: "https://learn.microsoft.com/en-us/azure/aks/azure-cni-overlay" - description: Enable the cluster auto-scaler on an existing cluster aprlGuid: 902c82ff-4910-4b61-942d-0d6ef7f39b67 @@ -91,21 +91,21 @@ recommendationMetadataState: Active longDescription: | The cluster auto-scaler in AKS adjusts node counts based on pod resource needs and available capacity, enabling scaling as per demand to prevent outages. - potentialBenefits: Optimizes scaling & prevents outages + potentialBenefits Optimizes scaling & prevents outages pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Use the Cluster Autoscaler on AKS - url: https://learn.microsoft.com/azure/aks/cluster-autoscaler?tabs=azure-cli - - name: Best practices for advanced scheduler features - url: https://learn.microsoft.com/azure/aks/operator-best-practices-advanced-scheduler - - name: Node pool scaling considerations and best practices - url: https://learn.microsoft.com/azure/aks/best-practices-performance-scale-large#node-pool-scaling - - name: Best practices for basic scheduler features - url: https://learn.microsoft.com/azure/aks/operator-best-practices-scheduler + - name: Use the Cluster Autoscaler on AKS + url: "https://learn.microsoft.com/azure/aks/cluster-autoscaler?tabs=azure-cli" + - name: Best practices for advanced scheduler features + url: "https://learn.microsoft.com/azure/aks/operator-best-practices-advanced-scheduler" + - name: Node pool scaling considerations and best practices + url: "https://learn.microsoft.com/azure/aks/best-practices-performance-scale-large#node-pool-scaling" + - name: Best practices for basic scheduler features + url: "https://learn.microsoft.com/azure/aks/operator-best-practices-scheduler" - description: Back up Azure Kubernetes Service aprlGuid: 269a9f1a-6675-460a-831e-b05a887a8c4b @@ -116,17 +116,17 @@ recommendationMetadataState: Active longDescription: | AKS, popular for stateful apps needing backups, can now use Azure Backup to secure clusters and attached volumes through an installed Backup Extension, enabling backup and restore operations via a Backup Vault. - potentialBenefits: Ensures data safety for AKS + potentialBenefits Ensures data safety for AKS pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: AKS Backups - url: https://learn.microsoft.com/en-us/azure/backup/azure-kubernetes-service-cluster-backup - - name: Best Practices for AKS Backups - url: https://learn.microsoft.com/en-us/azure/aks/operator-best-practices-storage + - name: AKS Backups + url: "https://learn.microsoft.com/en-us/azure/backup/azure-kubernetes-service-cluster-backup" + - name: Best Practices for AKS Backups + url: "https://learn.microsoft.com/en-us/azure/aks/operator-best-practices-storage" - description: Plan an AKS version upgrade aprlGuid: e6188d3b-7fbc-4ecf-a37b-b658f9efcdc4 @@ -137,19 +137,19 @@ recommendationMetadataState: Active longDescription: | Minor version releases bring new features and improvements. Patch releases, often weekly, focus on critical bug fixes within a minor version, including security vulnerabilities or major bugs. Unsupported Kubernetes versions may lead to unsupported clusters when seeking AKS support. - potentialBenefits: Enhances features, fixes bugs, ensures support + potentialBenefits Enhances features, fixes bugs, ensures support pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Updating to the latest AKS version - url: https://learn.microsoft.com/azure/aks/operator-best-practices-cluster-security?tabs=azure-cli#regularly-update-to-the-latest-version-of-kubernetes - - name: Upgrade cluster - url: https://learn.microsoft.com/azure/aks/upgrade-cluster?tabs=azure-cli - - name: Auto-upgrading cluster - url: https://learn.microsoft.com/azure/aks/auto-upgrade-cluster + - name: Updating to the latest AKS version + url: "https://learn.microsoft.com/azure/aks/operator-best-practices-cluster-security?tabs=azure-cli#regularly-update-to-the-latest-version-of-kubernetes" + - name: Upgrade cluster + url: "https://learn.microsoft.com/azure/aks/upgrade-cluster?tabs=azure-cli" + - name: Auto-upgrading cluster + url: "https://learn.microsoft.com/azure/aks/auto-upgrade-cluster" - description: Use zone-redundant storage for persistent volumes when running multi-zone AKS aprlGuid: d3111036-355d-431b-ab49-8ddad042800b @@ -160,23 +160,23 @@ recommendationMetadataState: Active longDescription: | ZRS ensures data replication across three zones, protecting against zonal outages. It's available for Azure Disks, Container Storage, Files, and Blob by setting the SKU to ZRS in storage classes, enhancing multi-zone AKS clusters from v1.29. - potentialBenefits: Increases data durability and availability + potentialBenefits Increases data durability and availability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Availability zones overview - url: https://learn.microsoft.com/azure/reliability/availability-zones-overview?tabs=azure-cli - - name: Zone-redundant storage - url: https://learn.microsoft.com/azure/storage/common/storage-redundancy#zone-redundant-storage - - name: ZRS disks - url: https://learn.microsoft.com/azure/virtual-machines/disks-redundancy#zone-redundant-storage-for-managed-disks - - name: Convert a disk from LRS to ZRS - url: https://learn.microsoft.com/azure/virtual-machines/disks-migrate-lrs-zrs - - name: Enable multi-zone storage redundancy in Azure Container Storage - url: https://learn.microsoft.com/azure/storage/container-storage/enable-multi-zone-redundancy + - name: Availability zones overview + url: "https://learn.microsoft.com/azure/reliability/availability-zones-overview?tabs=azure-cli" + - name: Zone-redundant storage + url: "https://learn.microsoft.com/azure/storage/common/storage-redundancy#zone-redundant-storage" + - name: ZRS disks + url: "https://learn.microsoft.com/azure/virtual-machines/disks-redundancy#zone-redundant-storage-for-managed-disks" + - name: Convert a disk from LRS to ZRS + url: "https://learn.microsoft.com/azure/virtual-machines/disks-migrate-lrs-zrs" + - name: Enable multi-zone storage redundancy in Azure Container Storage + url: "https://learn.microsoft.com/azure/storage/container-storage/enable-multi-zone-redundancy" - description: Upgrade Persistent Volumes using in-tree drivers to Azure CSI drivers aprlGuid: b002c030-72e6-4a37-8217-1cb276c43169 @@ -187,17 +187,17 @@ recommendationMetadataState: Active longDescription: | From Kubernetes 1.26, Azure Disk and Azure File in-tree drivers are deprecated in favor of CSI drivers. Existing deployments remain operational but untested; users should switch to CSI drivers for new features and SKUs. - potentialBenefits: Ensures future compatibility + potentialBenefits Ensures future compatibility pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: CSI Storage Drivers - url: https://learn.microsoft.com/azure/aks/csi-storage-drivers - - name: CSI Migrate in Tree Volumes - url: https://learn.microsoft.com/azure/aks/csi-migrate-in-tree-volumes + - name: CSI Storage Drivers + url: "https://learn.microsoft.com/azure/aks/csi-storage-drivers" + - name: CSI Migrate in Tree Volumes + url: "https://learn.microsoft.com/azure/aks/csi-migrate-in-tree-volumes" - description: Implement Resource Quota to ensure that Kubernetes resources do not exceed hard resource limits aprlGuid: 9a1c17e5-c9a0-43db-b920-adaf54d1bcb7 @@ -208,15 +208,15 @@ recommendationMetadataState: Active longDescription: | A ResourceQuota object sets limits on resource use per namespace, controlling the number and type of objects created, and the total compute resources available. - potentialBenefits: Limits AKS resource usage per namespace + potentialBenefits Limits AKS resource usage per namespace pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Resource Quotas - url: https://kubernetes.io/docs/concepts/policy/resource-quotas/ + - name: Resource Quotas + url: "https://kubernetes.io/docs/concepts/policy/resource-quotas/" - description: Attach Virtual Nodes (ACI) to the AKS cluster aprlGuid: b4639ca7-6308-429a-8b98-92f0bf9bf813 @@ -227,17 +227,17 @@ recommendationMetadataState: Active longDescription: | To rapidly scale AKS workloads, utilize virtual nodes for quick pod provisioning, unlike Kubernetes auto-scaler. For clusters with availability zones, ensure one nodepool per AZ due to persistent volumes not working across AZs, preventing auto-scaler pod creation failures if lacking access. - potentialBenefits: Faster scaling with virtual nodes + potentialBenefits Faster scaling with virtual nodes pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Virtual Nodes - url: https://learn.microsoft.com/azure/aks/virtual-nodes - - name: Azure Container Instances - url: https://learn.microsoft.com/azure/container-instances/container-instances-overview + - name: Virtual Nodes + url: "https://learn.microsoft.com/azure/aks/virtual-nodes" + - name: Azure Container Instances + url: "https://learn.microsoft.com/azure/container-instances/container-instances-overview" - description: Update AKS tier to Standard aprlGuid: 0611251f-e70f-4243-8ddd-cfe894bec2e7 @@ -248,17 +248,17 @@ recommendationMetadataState: Active longDescription: | Production AKS clusters require the Standard tier for a financially backed SLA and enhanced node scalability, as the free service lacks these features. - potentialBenefits: SLA guarantee & better scalability + potentialBenefits SLA guarantee & better scalability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Pricing Tiers - url: https://learn.microsoft.com/en-us/azure/aks/free-standard-pricing-tiers - - name: AKS Baseline Architecture - url: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/containers/aks/baseline-aks?toc=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Faks%2Ftoc.json&bc=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Fbread%2Ftoc.json#kubernetes-api-server-sla + - name: Pricing Tiers + url: "https://learn.microsoft.com/en-us/azure/aks/free-standard-pricing-tiers" + - name: AKS Baseline Architecture + url: "https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/containers/aks/baseline-aks?toc=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Faks%2Ftoc.json&bc=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Fbread%2Ftoc.json#kubernetes-api-server-sla" - description: Enable AKS Monitoring aprlGuid: dcaf8128-94bd-4d53-9235-3a0371df6b74 @@ -269,15 +269,15 @@ recommendationMetadataState: Active longDescription: | Azure Monitor enables real-time health and performance insights for AKS by collecting events, capturing container logs, and gathering CPU/Memory data from the Metrics API. It allows data visualization using Azure Monitor Container Insights, Prometheus, Grafana, or others. - potentialBenefits: Real-time AKS health/performance insights + potentialBenefits Real-time AKS health/performance insights pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Monitor AKS - url: https://learn.microsoft.com/azure/aks/monitor-aks + - name: Monitor AKS + url: "https://learn.microsoft.com/azure/aks/monitor-aks" - description: Use Ephemeral OS disks on AKS clusters aprlGuid: a7bfcc18-b0d8-4d37-81f3-8131ed8bead5 @@ -288,19 +288,19 @@ recommendationMetadataState: Active longDescription: | Ephemeral OS disks on AKS offer lower read/write latency due to local attachment, eliminating the need for replication seen with managed disks. This enhances performance and speeds up cluster operations such as scaling or upgrading due to quicker re-imaging and boot times. - potentialBenefits: Lower latency, faster re-imaging & booting + potentialBenefits Lower latency, faster re-imaging & booting pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Ephemeral OS disk - url: https://learn.microsoft.com/azure/aks/concepts-storage#ephemeral-os-disk - - name: Configure an AKS cluster - url: https://learn.microsoft.com/azure/aks/cluster-configuration - - name: Everything you want to know about ephemeral OS disks and AKS - url: https://learn.microsoft.com/samples/azure-samples/aks-ephemeral-os-disk/aks-ephemeral-os-disk/ + - name: Ephemeral OS disk + url: "https://learn.microsoft.com/azure/aks/concepts-storage#ephemeral-os-disk" + - name: Configure an AKS cluster + url: "https://learn.microsoft.com/azure/aks/cluster-configuration" + - name: Everything you want to know about ephemeral OS disks and AKS + url: "https://learn.microsoft.com/samples/azure-samples/aks-ephemeral-os-disk/aks-ephemeral-os-disk/" - description: Enable and remediate Azure Policies configured for AKS aprlGuid: 26ebaf1f-c70d-4ebd-8641-4b60a0ce0094 @@ -311,17 +311,17 @@ recommendationMetadataState: Active longDescription: | Azure Policies in AKS clusters help enforce governance best practices concerning security, authentication, provisioning, networking, and more, ensuring a robust and secure environment for operations. - potentialBenefits: Enhanced AKS governance & security + potentialBenefits Enhanced AKS governance & security pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: AKS Baseline - Policy Management - url: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/containers/aks/baseline-aks?toc=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Faks%2Ftoc.json&bc=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Fbread%2Ftoc.json#policy-management - - name: Built-in Policy Definitions for AKS - url: https://learn.microsoft.com/en-us/azure/aks/policy-reference + - name: AKS Baseline - Policy Management + url: "https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/containers/aks/baseline-aks?toc=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Faks%2Ftoc.json&bc=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Fbread%2Ftoc.json#policy-management" + - name: Built-in Policy Definitions for AKS + url: "https://learn.microsoft.com/en-us/azure/aks/policy-reference" - description: Enable GitOps when using DevOps frameworks aprlGuid: 5f3cbd68-692a-4121-988c-9770914859a9 @@ -332,17 +332,17 @@ recommendationMetadataState: Active longDescription: | GitOps, an operating model for cloud-native apps, uses Git for storing application and infrastructure code as a source of truth for continuous delivery. - potentialBenefits: Ensures AKS config consistency + potentialBenefits Ensures AKS config consistency pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: GitOps with AKS - url: https://learn.microsoft.com/en-us/azure/architecture/guide/aks/aks-cicd-github-actions-and-gitops - - name: GitOps for AKS - Reference Architecture - url: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/gitops-aks/gitops-blueprint-aks + - name: GitOps with AKS + url: "https://learn.microsoft.com/en-us/azure/architecture/guide/aks/aks-cicd-github-actions-and-gitops" + - name: GitOps for AKS - Reference Architecture + url: "https://learn.microsoft.com/en-us/azure/architecture/example-scenario/gitops-aks/gitops-blueprint-aks" - description: Configure affinity or anti-affinity rules based on application requirements aprlGuid: 928fcc6f-5e9a-42d9-9bd4-260af42de2e5 @@ -353,17 +353,17 @@ recommendationMetadataState: Active longDescription: | Configure Topology Spread Constraints to spread Pods across your cluster among failure-domains like regions, zones, nodes, and other domains for high availability and efficient resource utilization. - potentialBenefits: Ensures high availability and efficient use + potentialBenefits Ensures high availability and efficient use pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Topology Spread Constraints - url: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ - - name: Assign Pod Node - url: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + - name: Topology Spread Constraints + url: "https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/" + - name: Assign Pod Node + url: "https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/" - description: Configures Pods Liveness, Readiness, and Startup Probes aprlGuid: cd6791b1-c60e-4b37-ac98-9897b1e6f4b8 @@ -374,17 +374,17 @@ recommendationMetadataState: Active longDescription: | AKS kubelet controller uses liveness probes to validate containers and applications health, ensuring the system knows when to restart a container based on its health status. - potentialBenefits: Enhances container health monitoring + potentialBenefits Enhances container health monitoring pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Configure probes - url: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ - - name: Assign Pod Node - url: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + - name: Configure probes + url: "https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/" + - name: Assign Pod Node + url: "https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/" - description: Configure pod replica sets in production applications to guarantee availability aprlGuid: bcfe71f1-ebed-49e5-a84a-193b81ad5d27 @@ -395,15 +395,15 @@ recommendationMetadataState: Active longDescription: | Configuring ReplicaSets in Pod or Deployment manifests stabilizes the number of replica Pods, ensuring that a specified number of identical Pods are always available, thereby guaranteeing their availability. - potentialBenefits: Ensures stable pod availability + potentialBenefits Ensures stable pod availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Replica Sets - url: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ + - name: Replica Sets + url: "https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/" - description: Configure system nodepool count aprlGuid: 7f7ae535-a5ba-4665-b7e0-c451dbdda01f @@ -414,15 +414,15 @@ recommendationMetadataState: Active longDescription: | The system node pool should be configured with a minimum node count of two to ensure critical system pods are resilient to node outages. - potentialBenefits: Ensures pod resilience + potentialBenefits Ensures pod resilience pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: System nodepools - url: https://learn.microsoft.com/azure/aks/use-system-pools?tabs=azure-cli + - name: System nodepools + url: "https://learn.microsoft.com/azure/aks/use-system-pools?tabs=azure-cli" - description: Configure user nodepool count aprlGuid: 005ccbbd-aeab-46ef-80bd-9bd4479412ec @@ -433,15 +433,15 @@ recommendationMetadataState: Active longDescription: | Configuring the user node pool with at least two nodes is essential for applications needing high availability, ensuring they remain operational and accessible without interruption. - potentialBenefits: Ensures high app availability + potentialBenefits Ensures high app availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Well-Architected Framework review for Azure Kubernetes Service (AKS) - url: https://learn.microsoft.com/azure/well-architected/service-guides/azure-kubernetes-service#design-checklist + - name: Azure Well-Architected Framework review for Azure Kubernetes Service (AKS) + url: "https://learn.microsoft.com/azure/well-architected/service-guides/azure-kubernetes-service#design-checklist" - description: Configure pod disruption budgets (PDBs) aprlGuid: a08a06a0-e41a-4b99-83bb-69ce8bca54cb @@ -452,17 +452,17 @@ recommendationMetadataState: Active longDescription: | A Pod Disruption Budget is a Kubernetes resource configuring the minimum number or percentage of pods that should remain available during disruptions like maintenance or scaling, ensuring a minimum number of pods are always available in the cluster. - potentialBenefits: Ensures cluster resiliency during disruptions + potentialBenefits Ensures cluster resiliency during disruptions pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Configure PDBs - url: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - - name: Plan availability using PDBs - url: https://learn.microsoft.com/azure/aks/operator-best-practices-scheduler#plan-for-availability-using-pod-disruption-budgets + - name: Configure PDBs + url: "https://kubernetes.io/docs/tasks/run-application/configure-pdb/" + - name: Plan availability using PDBs + url: "https://learn.microsoft.com/azure/aks/operator-best-practices-scheduler#plan-for-availability-using-pod-disruption-budgets" - description: Nodepool subnet size needs to accommodate maximum auto-scale settings aprlGuid: e620fa98-7a40-41a0-bfc9-b4407297fb58 @@ -473,15 +473,15 @@ recommendationMetadataState: Active longDescription: | Nodepool subnets sized for max auto-scale settings enable AKS to efficiently scale out nodes, meeting increased demand while reducing resource constraints and potential service disruptions. - potentialBenefits: Efficient scaling, reduced disruptions + potentialBenefits Efficient scaling, reduced disruptions pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: AKS Networking - url: https://learn.microsoft.com/azure/aks/concepts-network + - name: AKS Networking + url: "https://learn.microsoft.com/azure/aks/concepts-network" - description: Enforce resource quotas at the namespace level aprlGuid: d479df28-d367-4ef0-8b86-0495ab94fabd @@ -492,13 +492,13 @@ recommendationMetadataState: Active longDescription: | Enforcing namespace-level resource quotas in AKS is crucial for reliability, preventing resource exhaustion and maintaining cluster stability. It stops applications or users from monopolizing resources, avoiding degraded performance or outages for others. - potentialBenefits: Prevents resource monopoly, ensures stability + potentialBenefits Prevents resource monopoly, ensures stability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Resource quotas - url: https://learn.microsoft.com/azure/aks/operator-best-practices-scheduler#enforce-resource-quotas + - name: Resource quotas + url: "https://learn.microsoft.com/azure/aks/operator-best-practices-scheduler#enforce-resource-quotas" diff --git a/azure-resources/DBforMySQL/flexibleServers/recommendations.yaml b/azure-resources/DBforMySQL/flexibleServers/recommendations.yaml index fa284adc6..bf7384244 100644 --- a/azure-resources/DBforMySQL/flexibleServers/recommendations.yaml +++ b/azure-resources/DBforMySQL/flexibleServers/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Enable HA with zone redundancy on flexible server instances to deploy a standby replica in a different zone, offering automatic failover capability for improved reliability and disaster recovery. - potentialBenefits: Enhanced uptime & data protection + potentialBenefits Enhanced uptime & data protection pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: High availability concepts in Azure Database for MySQL - Flexible Server - url: https://learn.microsoft.com/azure/mysql/flexible-server/concepts-high-availability + - name: High availability concepts in Azure Database for MySQL - Flexible Server + url: "https://learn.microsoft.com/azure/mysql/flexible-server/concepts-high-availability" - description: Enable custom maintenance schedule aprlGuid: 82a9a0f2-24ee-496f-9ad2-25f81710942d @@ -26,13 +26,13 @@ recommendationMetadataState: Active longDescription: | Use custom maintenance schedule on flexible server instances to select a preferred time for service updates to be applied. - potentialBenefits: Control update timings + potentialBenefits Control update timings pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Scheduled maintenance in Azure Database for MySQL - Flexible Server - url: https://learn.microsoft.com/azure/mysql/flexible-server/concepts-maintenance + - name: Scheduled maintenance in Azure Database for MySQL - Flexible Server + url: "https://learn.microsoft.com/azure/mysql/flexible-server/concepts-maintenance" diff --git a/azure-resources/DBforPostgreSQL/flexibleServers/recommendations.yaml b/azure-resources/DBforPostgreSQL/flexibleServers/recommendations.yaml index a9c031522..6d989628e 100644 --- a/azure-resources/DBforPostgreSQL/flexibleServers/recommendations.yaml +++ b/azure-resources/DBforPostgreSQL/flexibleServers/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Enable HA with zone redundancy on flexible server instances to deploy a standby replica in a different zone, offering automatic failover capability for improved reliability and disaster recovery. - potentialBenefits: Enhanced uptime & data protection + potentialBenefits Enhanced uptime & data protection pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Overview of high availability with Azure Database for PostgreSQL - url: https://learn.microsoft.com/azure/postgresql/flexible-server/concepts-high-availability + - name: Overview of high availability with Azure Database for PostgreSQL + url: "https://learn.microsoft.com/azure/postgresql/flexible-server/concepts-high-availability" - description: Enable custom maintenance schedule aprlGuid: b2bad57d-7e03-4c0f-9024-597c9eb295bb @@ -26,13 +26,13 @@ recommendationMetadataState: Active longDescription: | Use custom maintenance schedule on flexible server instances to select a preferred time for service updates to be applied. - potentialBenefits: Control update timings + potentialBenefits Control update timings pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Scheduled maintenance in Azure Database for PostgreSQL - Flexible Server - url: https://learn.microsoft.com/azure/postgresql/flexible-server/concepts-maintenance + - name: Scheduled maintenance in Azure Database for PostgreSQL - Flexible Server + url: "https://learn.microsoft.com/azure/postgresql/flexible-server/concepts-maintenance" diff --git a/azure-resources/Databricks/workspaces/recommendations.yaml b/azure-resources/Databricks/workspaces/recommendations.yaml index 7df78ff73..e5f86b7d3 100644 --- a/azure-resources/Databricks/workspaces/recommendations.yaml +++ b/azure-resources/Databricks/workspaces/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Databricks recommends migrating workloads to the latest or LTS version of its runtime for enhanced stability and support. If on Runtime 11.3 LTS or above, move directly to the latest 12.x version. If below, first migrate to 11.3 LTS, then to the latest 12.x version as per the migration guide. - potentialBenefits: Enhanced stability & support + potentialBenefits Enhanced stability & support pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Databricks runtime support lifecycles - url: https://learn.microsoft.com/en-us/azure/databricks/release-notes/runtime/databricks-runtime-ver + - name: Databricks runtime support lifecycles + url: "https://learn.microsoft.com/en-us/azure/databricks/release-notes/runtime/databricks-runtime-ver" - description: Use Databricks Pools aprlGuid: c166602e-0804-e34b-be8f-09b4d56e1fcd @@ -26,15 +26,15 @@ recommendationMetadataState: Active longDescription: | Databricks pools pre-provision VMs, reducing risks of provisioning errors during cluster start or scale, enhancing reliability. - potentialBenefits: Reduces provisioning errors + potentialBenefits Reduces provisioning errors pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices" - description: Use SSD backed VMs for Worker VM Type and Driver type aprlGuid: 5877a510-8444-7a4c-8412-a8dab8662f7e @@ -45,15 +45,15 @@ recommendationMetadataState: Active longDescription: | Upgrade HDDs in premium VMs to SSDs for better speed and reliability. Premium SSDs boost IO-heavy apps; Standard SSDs balance cost and performance. Ideal for critical workloads, upgrading improves connectivity with brief reboot. Consider for vital VMs - potentialBenefits: Faster, reliable VM performance + potentialBenefits Faster, reliable VM performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure managed disk types - url: https://learn.microsoft.com/azure/virtual-machines/disks-types#premium-ssd + - name: Azure managed disk types + url: "https://learn.microsoft.com/azure/virtual-machines/disks-types#premium-ssd" - description: Enable autoscaling for batch workloads aprlGuid: 5c72f0d6-55ec-d941-be84-36c194fa78c0 @@ -64,15 +64,15 @@ recommendationMetadataState: Active longDescription: | Autoscaling adjusts cluster sizes automatically based on workload demands, offering benefits for many use cases in terms of costs and performance. It includes guidance on when and how to best utilize Autoscaling. For streaming, Delta Live Tables with autoscaling is advised. - potentialBenefits: Cost & performance optimization + potentialBenefits Cost & performance optimization pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#enable-autoscaling-for-batch-workloadss + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#enable-autoscaling-for-batch-workloadss" - description: Enable autoscaling for SQL warehouse aprlGuid: 362ad2b6-b92c-414f-980a-0cf69467ccce @@ -83,15 +83,15 @@ recommendationMetadataState: Active longDescription: | The scaling parameter of a SQL warehouse defines the min and max number of clusters for distributing queries. By default, it's set to one. Increasing the cluster count can accommodate more concurrent users effectively. - potentialBenefits: Improves concurrency & efficiency + potentialBenefits Improves concurrency & efficiency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#enable-autoscaling-for-sql-warehouse + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#enable-autoscaling-for-sql-warehouse" - description: Use Delta Live Tables enhanced autoscaling aprlGuid: cd77db98-9b13-6e4b-bd2b-74c2cb538628 @@ -102,17 +102,17 @@ recommendationMetadataState: Active longDescription: | Databricks enhanced autoscaling optimizes cluster utilization by automatically allocating cluster resources based on workload volume, with minimal impact on the data processing latency of your pipelines. - potentialBenefits: Optimized resource use & minimal latency + potentialBenefits Optimized resource use & minimal latency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/azure/databricks/lakehouse-architecture/reliability/best-practices - - name: Databricks enhanced autoscaling - url: https://learn.microsoft.com/azure/databricks/delta-live-tables/settings#use-autoscaling-to-increase-efficiency-and-reduce-resource-usage + - name: Best practices for reliability + url: "https://learn.microsoft.com/azure/databricks/lakehouse-architecture/reliability/best-practices" + - name: Databricks enhanced autoscaling + url: "https://learn.microsoft.com/azure/databricks/delta-live-tables/settings#use-autoscaling-to-increase-efficiency-and-reduce-resource-usage" - description: Automatic Job Termination is enabled, ensure there are no user-defined local processes aprlGuid: 3d3e53b5-ebd1-db42-b43b-d4fad74824ec @@ -123,15 +123,15 @@ recommendationMetadataState: Active longDescription: | To conserve cluster resources, you can terminate a cluster to store its configuration for future reuse or autostart jobs. Clusters can auto-terminate after inactivity, but this only tracks Spark jobs, not local processes, which might still be running even after Spark jobs end. - potentialBenefits: Saves cluster resources, avoids idle use + potentialBenefits Saves cluster resources, avoids idle use pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability? - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices + - name: Best practices for reliability? + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices" - description: Enable Logging-Cluster log delivery aprlGuid: 7fb90127-5364-bb4d-86fa-30778ed713fb @@ -142,15 +142,15 @@ recommendationMetadataState: Active longDescription: | When creating a Databricks cluster, you can set a log delivery location for the Spark driver, worker nodes, and events. Logs are delivered every 5 mins and archived hourly. Upon cluster termination, all generated logs until that point are guaranteed to be delivered. - potentialBenefits: Improved troubleshooting & audit + potentialBenefits Improved troubleshooting & audit pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Create a cluster - url: https://learn.microsoft.com/en-us/azure/databricks/clusters/configure#cluster-log-delivery + - name: Create a cluster + url: "https://learn.microsoft.com/en-us/azure/databricks/clusters/configure#cluster-log-delivery" - description: Use Delta Lake for higher reliability aprlGuid: da4ea916-4df3-8c4d-8060-17b49da45977 @@ -161,15 +161,15 @@ recommendationMetadataState: Active longDescription: | Delta Lake is an open source storage format enhancing data lakes' reliability with ACID transactions, schema enforcement, and scalable metadata handling. - potentialBenefits: Enhances data reliability & processing + potentialBenefits Enhances data reliability & processing pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices" - description: Use Photon Acceleration aprlGuid: 892ca809-e2b5-9a47-924a-71132bf6f902 @@ -180,15 +180,15 @@ recommendationMetadataState: Active longDescription: | Apache Spark in Databricks Lakehouse ensures resilient distributed data processing by automatically rescheduling failed tasks, aiding in overcoming external issues like network problems or revoked VMs. - potentialBenefits: Boosts speed & reliability for Spark tasks + potentialBenefits Boosts speed & reliability for Spark tasks pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#use-apache-spark-or-photon-for-distributed-compute + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#use-apache-spark-or-photon-for-distributed-compute" - description: Automatically rescue invalid or nonconforming data with Databricks Auto Loader or Delta Live Tables aprlGuid: 7e52d64d-8cc0-8548-a593-eb49ab45630d @@ -199,15 +199,15 @@ recommendationMetadataState: Active longDescription: | Invalid or nonconforming data can crash workloads dependent on specific data formats. Best practices recommend filtering such data at ingestion to improve end-to-end resilience, ensuring no data is lost or missed. - potentialBenefits: Enhanced data resilience and integrity + potentialBenefits Enhanced data resilience and integrity pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices" - description: Configure jobs for automatic retries and termination aprlGuid: 84e44da6-8cd7-b349-b02c-c8bf72cf587c @@ -218,15 +218,15 @@ recommendationMetadataState: Active longDescription: | Use Databricks and MLflow for deploying models as Spark UDFs for job scheduling, retries, autoscaling. Model serving offers scalable infrastructure, processes models using MLflow, and serves them via REST API using serverless compute managed in Databricks cloud. - potentialBenefits: Enhanced reliability & autoscaling + potentialBenefits Enhanced reliability & autoscaling pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices" - description: Use a scalable and production-grade model serving infrastructure aprlGuid: 4cbb7744-ff3d-0447-badb-baf068c95696 @@ -237,15 +237,15 @@ recommendationMetadataState: Active longDescription: | Use Databricks and MLflow for deploying models as Apache Spark UDFs, benefiting from job scheduling, retries, autoscaling, etc. - potentialBenefits: Enhances scalability & reliability + potentialBenefits Enhances scalability & reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices" - description: Use a layered storage architecture aprlGuid: 1b0d0893-bf0e-8f4c-9dc6-f18f145c1ecf @@ -256,15 +256,15 @@ recommendationMetadataState: Active longDescription: | Curate data by creating a layered architecture to increase data quality across layers. Start with a raw layer for ingested source data, continue with a curated layer for cleansed and refined data, and finish with a final layer catered to business needs, focusing on security and performance. - potentialBenefits: Enhances data quality & trust + potentialBenefits Enhances data quality & trust pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices" - description: Improve data integrity by reducing data redundancy aprlGuid: e93fe702-e385-d741-ba37-1f1656482ecd @@ -275,15 +275,15 @@ recommendationMetadataState: Active longDescription: | Copying data leads to redundancy, lost integrity, lineage, and access issues, affecting lakehouse data quality. Temporary copies are useful for agility and innovation but can become problematic operational data silos, questioning data's master status and currency. - potentialBenefits: Enhanced data integrity and quality + potentialBenefits Enhanced data integrity and quality pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices" - description: Actively manage schemas aprlGuid: b7e1d13f-54c9-1648-8a52-34c0abe8ce16 @@ -294,15 +294,15 @@ recommendationMetadataState: Active longDescription: | Uncontrolled schema changes can lead to invalid data and failing jobs. Databricks validates and enforces schema through Delta Lake, which prevents bad records during ingestion, and Auto Loader, which detects new columns and supports schema evolution to maintain data integrity. - potentialBenefits: Prevents invalid data & job failures + potentialBenefits Prevents invalid data & job failures pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices" - description: Use constraints and data expectations aprlGuid: a42297c4-7e4f-8b41-8d4b-114033263f0e @@ -313,15 +313,15 @@ recommendationMetadataState: Active longDescription: | Delta tables verify data quality automatically with SQL constraints, triggering an error for violations. Delta Live Tables enhance this by defining expectations for data quality, utilizing Python or SQL, to manage actions for record failures, ensuring data integrity and compliance. - potentialBenefits: Ensures data quality and integrity + potentialBenefits Ensures data quality and integrity pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#use-constraints-and-data-expectations + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#use-constraints-and-data-expectations" - description: Create regular backups aprlGuid: 932d45d6-b46d-e341-abfb-d97bce832f1f @@ -332,15 +332,15 @@ recommendationMetadataState: Active longDescription: | To recover from a failure, regular backups are needed. The Databricks Labs project migrate lets admins create backups by exporting workspace assets using the Databricks CLI/API. These backups help in restoring or migrating workspaces. - potentialBenefits: Ensures data recovery & migration + potentialBenefits Ensures data recovery & migration pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#create-regular-backups + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#create-regular-backups" - description: Recover from Structured Streaming query failures aprlGuid: 12e9d852-5cdc-2743-bffe-ee21f2ef7781 @@ -351,15 +351,15 @@ recommendationMetadataState: Active longDescription: | Structured Streaming ensures fault-tolerance and data consistency in streaming queries. With Azure Databricks workflows, you can set up your queries to automatically restart after failure, picking up precisely where they left off. - potentialBenefits: Fault-tolerance & auto-restart for queries + potentialBenefits Fault-tolerance & auto-restart for queries pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#recover-from-structured-streaming-query-failures + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#recover-from-structured-streaming-query-failures" - description: Recover ETL jobs based on Delta time travel aprlGuid: a18d60f8-c98c-ba4e-ad6e-2fac72879df1 @@ -370,15 +370,15 @@ recommendationMetadataState: Active longDescription: | Despite thorough testing, a production job can fail or yield unexpected data. Sometimes, repairs are done by adding jobs post-issue identification and pipeline correction. - potentialBenefits: Easy rollback and fix for ETL jobs + potentialBenefits Easy rollback and fix for ETL jobs pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#recover-etl-jobs-based-on-delta-time-travel + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#recover-etl-jobs-based-on-delta-time-travel" - description: Use Databricks Workflows and built-in recovery aprlGuid: c0e22580-3819-444d-8546-a80e4ed85c83 @@ -389,15 +389,15 @@ recommendationMetadataState: Active longDescription: | Databricks Workflows enable efficient error recovery in multi-task jobs by offering a matrix view for issue examination. Fixes can be applied to initiate repair runs targeting only failed and dependent tasks, preserving successful outcomes and thereby saving time and money. - potentialBenefits: Saves time and money with smart recovery + potentialBenefits Saves time and money with smart recovery pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices" - description: Configure a disaster recovery pattern aprlGuid: 4fdb7112-4531-6f48-b60e-c917a6068d9b @@ -408,15 +408,15 @@ recommendationMetadataState: Active longDescription: | Implementing a disaster recovery pattern is vital for Azure Databricks, a cloud-native data analytics platform, ensuring data teams' access even during rare regional outages caused by disasters like hurricanes or earthquakes. - potentialBenefits: Ensures service continuity during disasters + potentialBenefits Ensures service continuity during disasters pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure Databricks Best Practices - url: https://github.com/Azure/AzureDatabricksBestPractices/tree/master + - name: Azure Databricks Best Practices + url: "https://github.com/Azure/AzureDatabricksBestPractices/tree/master" - description: Automate deployments and workloads aprlGuid: 42aedaa8-6151-424d-b782-b8666c779969 @@ -427,15 +427,15 @@ recommendationMetadataState: Active longDescription: | The Databricks Terraform provider manages Azure Databricks workspaces and cloud infrastructure flexibly and powerfully. - potentialBenefits: Efficient, reliable automation + potentialBenefits Efficient, reliable automation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for operational excellence - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/operational-excellence/best-practices#2-automate-deployments-and-workloads + - name: Best practices for operational excellence + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/operational-excellence/best-practices#2-automate-deployments-and-workloads" - description: Set up monitoring, alerting, and logging aprlGuid: 20193ff9-dbcd-a74e-b197-71d7d9d3c1e6 @@ -446,15 +446,15 @@ recommendationMetadataState: Active longDescription: | The Databricks Terraform provider is a flexible, powerful tool for managing Azure Databricks workspaces and cloud infrastructure. - potentialBenefits: Enhanced reliability & automation + potentialBenefits Enhanced reliability & automation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for operational excellence - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/operational-excellence/best-practices#system-monitoring + - name: Best practices for operational excellence + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/operational-excellence/best-practices#system-monitoring" - description: Deploy workspaces in separate Subscriptions aprlGuid: 397cdebb-9d6e-ab4f-83a1-8c481de0a3a7 @@ -465,15 +465,15 @@ recommendationMetadataState: Active longDescription: | Customers often naturally divide workspaces by teams or departments. However, it's crucial to also consider Azure Subscription and ADB Workspace limits when partitioning. - potentialBenefits: Enhanced limits management, team separation + potentialBenefits Enhanced limits management, team separation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure Databricks Best Practices - url: https://github.com/Azure/AzureDatabricksBestPractices/blob/master/toc.md#deploy-workspaces-in-multiple-subscriptions-to-honor-azure-capacity-limits + - name: Azure Databricks Best Practices + url: "https://github.com/Azure/AzureDatabricksBestPractices/blob/master/toc.md#deploy-workspaces-in-multiple-subscriptions-to-honor-azure-capacity-limits" - description: Isolate each workspace in its own Vnet aprlGuid: 5e722c4f-415a-9b4c-bd4c-96b74dce29ad @@ -484,15 +484,15 @@ recommendationMetadataState: Active longDescription: | Deploying only one Databricks Workspace per VNet aligns with ADB's isolation model. - potentialBenefits: Enhanced security & resource isolation + potentialBenefits Enhanced security & resource isolation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure Databricks Best Practices - url: https://github.com/Azure/AzureDatabricksBestPractices/blob/master/toc.md#consider-isolating-each-workspace-in-its-own-vnet + - name: Azure Databricks Best Practices + url: "https://github.com/Azure/AzureDatabricksBestPractices/blob/master/toc.md#consider-isolating-each-workspace-in-its-own-vnet" - description: Do not Store any Production Data in Default DBFS Folders aprlGuid: 14310ba6-77ad-3641-a2db-57a2218b9bc7 @@ -503,15 +503,15 @@ recommendationMetadataState: Active longDescription: | Driven by security and data availability concerns, each Azure Databricks Workspace comes with a default DBFS designed for system-level artifacts like libraries and Init scripts, not for production data. - potentialBenefits: Enhanced security, data protection + potentialBenefits Enhanced security, data protection pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure Databricks Best Practices - url: https://github.com/Azure/AzureDatabricksBestPractices/blob/master/toc.md#do-not-store-any-production-data-in-default-dbfs-foldersr + - name: Azure Databricks Best Practices + url: "https://github.com/Azure/AzureDatabricksBestPractices/blob/master/toc.md#do-not-store-any-production-data-in-default-dbfs-foldersr" - description: Do not use Azure Spot VMs for critical Production workloads aprlGuid: b5af7e26-3939-1b48-8fba-f8d4a475c67a @@ -522,15 +522,15 @@ recommendationMetadataState: Active longDescription: | Azure Spot VMs are not suitable for critical production workloads needing high availability and reliability. They are meant for fault-tolerant tasks and can be evicted with 30-seconds notice if Azure needs the capacity, with no SLA guarantees. - potentialBenefits: Ensures high reliability for production + potentialBenefits Ensures high reliability for production pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Use Azure Spot Virtual Machines - url: https://learn.microsoft.com/en-us/azure/virtual-machines/spot-vms + - name: Use Azure Spot Virtual Machines + url: "https://learn.microsoft.com/en-us/azure/virtual-machines/spot-vms" - description: Migrate Legacy Workspaces aprlGuid: 8aa63c34-dd9d-49bd-9582-21ec310dfbdd @@ -541,19 +541,19 @@ recommendationMetadataState: Active longDescription: | Azure Databricks transitioned from a shared to dedicated in-region control planes to prevent regional outages affecting customer workspaces. Legacy workspaces, established before this change, differ from newer workspaces that utilize in-region control planes. - potentialBenefits: Improves resilience and data sovereignty + potentialBenefits Improves resilience and data sovereignty pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure Databricks regions - IP addresses and domains - url: https://learn.microsoft.com/azure/databricks/resources/supported-regions#--ip-addresses-and-domains - - name: Migrate - maintained by Databricks Inc. - url: https://github.com/databrickslabs/migrate - - name: Databricks Terraform Exporter - maintained by Databricks Inc. (Experimental) - url: https://registry.terraform.io/providers/databricks/databricks/latest/docs/guides/experimental-exporter + - name: Azure Databricks regions - IP addresses and domains + url: "https://learn.microsoft.com/azure/databricks/resources/supported-regions#--ip-addresses-and-domains" + - name: Migrate - maintained by Databricks Inc. + url: "https://github.com/databrickslabs/migrate" + - name: Databricks Terraform Exporter - maintained by Databricks Inc. (Experimental) + url: "https://registry.terraform.io/providers/databricks/databricks/latest/docs/guides/experimental-exporter" - description: Define alternate VM SKUs aprlGuid: 028593be-956e-4736-bccf-074cb10b92f4 @@ -564,15 +564,15 @@ recommendationMetadataState: Active longDescription: | Azure Databricks planning should include VM SKU swap strategies for capacity issues. VMs are regional, and allocation failures may occur, shown by a "CLOUD PROVIDER" error. - potentialBenefits: Ensures service availability + potentialBenefits Ensures service availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Compute configuration best practices - url: https://learn.microsoft.com/azure/databricks/compute/cluster-config-best-practices - - name: GPU-enabled compute - url: https://learn.microsoft.com/azure/databricks/compute/gpu + - name: Compute configuration best practices + url: "https://learn.microsoft.com/azure/databricks/compute/cluster-config-best-practices" + - name: GPU-enabled compute + url: "https://learn.microsoft.com/azure/databricks/compute/gpu" diff --git a/azure-resources/DesktopVirtualization/hostPools/recommendations.yaml b/azure-resources/DesktopVirtualization/hostPools/recommendations.yaml index b395db6a1..736d6affd 100644 --- a/azure-resources/DesktopVirtualization/hostPools/recommendations.yaml +++ b/azure-resources/DesktopVirtualization/hostPools/recommendations.yaml @@ -9,15 +9,15 @@ At least one Validation Pool to have early warning if a planned update to AVD causes an issue. Also check that the host pool has been used regularly to test planned updates. Host pools are a collection of one or more identical virtual machines within Azure Virtual Desktop environment. We highly recommend you create a validation host pool where service updates are applied first. Validation host pools let you monitor service updates before the service applies them to your standard or non-validation environment. Without a validation host pool, you may not discover changes that introduce errors, which could result in downtime for users in your standard environment. To ensure your apps work with the latest updates, the validation host pool should be as similar to host pools in your non-validation environment as possible. Users should connect as frequently to the validation host pool as they do to the standard host pool. If you have automated testing on your host pool, you should include automated testing on the validation host pool. - potentialBenefits: Early issue detection & testing for AVD updates + potentialBenefits Early issue detection & testing for AVD updates pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/virtual-desktop/configure-validation-environment?tabs=azure-portal + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/virtual-desktop/configure-validation-environment?tabs=azure-portal" - description: (Pooled) Configure scheduled agent updates aprlGuid: 9fc522c1-d5b0-4bad-8169-1e1d32855afd @@ -29,15 +29,15 @@ To ensure your apps work with the latest updates, the validation host pool shoul longDescription: | Ensure schedules have been created to provide maintenance windows for AVD agent updates. The Scheduled Agent Updates feature lets you create up to two maintenance windows for the Azure Virtual Desktop agent, side-by-side stack, and Geneva Monitoring agent to get updated so that updates don't happen during peak business hours. - potentialBenefits: Minimizes disruptions, ensures updates + potentialBenefits Minimizes disruptions, ensures updates pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/virtual-desktop/scheduled-agent-updates + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/virtual-desktop/scheduled-agent-updates" - description: (Pooled) Create a validation pool for testing of planned updates aprlGuid: 0a22b144-6fa7-4032-be77-fa64152858eb @@ -51,15 +51,15 @@ At least one Validation Pool to have early warning if a planned update to AVD ca Also check that the host pool has been used regularly to test planned updates. Host pools are a collection of one or more identical virtual machines within Azure Virtual Desktop environment. We highly recommend you create a validation host pool where service updates are applied first. Validation host pools let you monitor service updates before the service applies them to your standard or non-validation environment. Without a validation host pool, you may not discover changes that introduce errors, which could result in downtime for users in your standard environment. To ensure your apps work with the latest updates, the validation host pool should be as similar to host pools in your non-validation environment as possible. Users should connect as frequently to the validation host pool as they do to the standard host pool. If you have automated testing on your host pool, you should include automated testing on the validation host pool. - potentialBenefits: Early detection of update issues. + potentialBenefits Early detection of update issues. pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/virtual-desktop/configure-validation-environment?tabs=azure-portal + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/virtual-desktop/configure-validation-environment?tabs=azure-portal" - description: Use Private link when connecting to File Share or Key Vault aprlGuid: dc55be60-6f8c-461e-a9d5-a3c7686ed94e @@ -70,17 +70,17 @@ To ensure your apps work with the latest updates, the validation host pool shoul recommendationMetadataState: Active longDescription: | Private Link is available for other Azure services that work in conjunction with Azure Virtual Desktop, such as Azure Files and Key Vault. From a resiliency standpoint, we recommending implementing private endpoints for these services to reduce exposure to potential internet-related issues such as latency, packet loss, and/or downtime. This can lead to more reliable communication between AVD and dependent services. - potentialBenefits: Enhances AVD reliability + potentialBenefits Enhances AVD reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/networking#private-endpoints-private-link - - name: Private link - url: https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/networking#private-endpoints-private-link + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/networking#private-endpoints-private-link" + - name: Private link + url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/networking#private-endpoints-private-link" - description: Configure AVD Insights Workbook aprlGuid: 0cf72d91-644d-4591-9bb7-84ba3f705a41 @@ -91,15 +91,15 @@ To ensure your apps work with the latest updates, the validation host pool shoul recommendationMetadataState: Active longDescription: | AVD Insights is an Azure Workbook template provided by the AVD product team. It is highly recommended in order to monitor and troubleshoot AVD workloads across metrics, logs, events, and more. Both Production and DR workloads should be enabled with AVD Insights. - potentialBenefits: Enhanced AVD monitoring & troubleshooting + potentialBenefits Enhanced AVD monitoring & troubleshooting pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/virtual-desktop/insights?tabs=monitor + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/virtual-desktop/insights?tabs=monitor" - description: Provision Secondary Key Vault for Disaster Recovery aprlGuid: 1f57434f-f884-41f3-b818-129bbe3c5d3b @@ -110,15 +110,15 @@ To ensure your apps work with the latest updates, the validation host pool shoul recommendationMetadataState: Active longDescription: | To ensure continuous availability and disaster recovery readiness, it is recommended to provision a secondary Key Vault in a secondary region. In the event of a primary region failure, this secondary Key Vault will ensure that critical secrets are accessible for use in deployments in the secondary region. - potentialBenefits: Ensures DR readiness and access + potentialBenefits Ensures DR readiness and access pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/key-vault/general/disaster-recovery-guidance + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/key-vault/general/disaster-recovery-guidance" - description: Ensure virtual networks isolation with separate IP space and NSGs for Prod and DR aprlGuid: 37d1091b-e599-4548-a067-a9286be16e45 @@ -130,15 +130,15 @@ To ensure your apps work with the latest updates, the validation host pool shoul longDescription: | NSG and ASG per AVD persona and IP space per Prod/DR regions. It's important your organization plans for IP addressing in Azure. Planning ensures the IP address space doesn't overlap across on-premises locations and Azure regions. Overlapping IP address spaces across on-premises and Azure regions create major contention challenges. - potentialBenefits: Enhances security & prevents IP conflicts + potentialBenefits Enhances security & prevents IP conflicts pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing" - description: Ensure virtual networks have route tables/route server configured for all regions aprlGuid: db1727d1-5c8e-4a01-a31e-f0d58cfd95b1 @@ -149,15 +149,15 @@ It's important your organization plans for IP addressing in Azure. Planning ensu recommendationMetadataState: Active longDescription: | For high availability connections back to on-premises datacenters should consider backup paths across the regions that have been utilized. Ensure redundancy in routing by having a secondary route table in the secondary region. - potentialBenefits: Enhanced availability & routing + potentialBenefits Enhanced availability & routing pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering#need-for-redundant-connectivity-solution + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering#need-for-redundant-connectivity-solution" - description: Segregate App attach storage in disaster recovery plans with distinct file shares aprlGuid: 7d9c96a6-1ce5-4cf0-ad1b-638a37f753cb @@ -170,15 +170,15 @@ It's important your organization plans for IP addressing in Azure. Planning ensu App Attach packages should be on a separate share from profiles. And App Attach files should be backed up. Best practice is to separate App Attach VHD files in a separate file share away from user profiles, both for performance and scalability purposes. Requirements can vary greatly depending on how many packaged applications are stored in an image, and you need to test your applications to understand your requirements. Your file share should be in the same Azure region as your session hosts. - potentialBenefits: Enhances performance & scalability + potentialBenefits Enhances performance & scalability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/virtual-desktop/app-attach-overview?pivots=msix-app-attach + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/virtual-desktop/app-attach-overview?pivots=msix-app-attach" - description: Turn on Continuous Availability for ANF if using App Attach aprlGuid: 9b2301af-9cac-4f1a-871a-f17475d01812 @@ -190,15 +190,15 @@ Your file share should be in the same Azure region as your session hosts. longDescription: | Turn on Continuous Availability if using Azure Netapp Files. Verify the number of users connecting to each file share to make sure the SMB path can handle the number of file connections. Currently, Azure Files supports up to 10k handles per root directory. - potentialBenefits: Enhanced stability & user limit checks + potentialBenefits Enhanced stability & user limit checks pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/virtual-desktop/app-attach-overview?pivots=msix-app-attach + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/virtual-desktop/app-attach-overview?pivots=msix-app-attach" - description: Manually update new FSLogix image when available aprlGuid: d51e0a70-8b50-4be3-af8a-7c9065e47360 @@ -209,15 +209,15 @@ Verify the number of users connecting to each file share to make sure the SMB pa recommendationMetadataState: Active longDescription: | Ensure a process is in place to regularly check for FSLogix agent upgrades and maintain FSLogix up to date. We recommend customers upgrade to the latest version of FSLogix as quickly as their deployment process can allow. FSLogix will provide hotfix releases which address current and potential bugs that impact customer deployments. Additionally, it is the first requirement when opening any support case. - potentialBenefits: Enhanced reliability & support + potentialBenefits Enhanced reliability & support pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/fslogix/how-to-install-fslogix + - name: Learn More + url: "https://learn.microsoft.com/en-us/fslogix/how-to-install-fslogix" - description: Configure Diagnostic Settings for FSLogix logs and enable review for accounts aprlGuid: 483f5a00-84a0-49f7-903b-ef6f1fc0c389 @@ -228,15 +228,15 @@ Verify the number of users connecting to each file share to make sure the SMB pa recommendationMetadataState: Active longDescription: | Regularly review FSLogix logs for errors and issues related to login and mounting the profile. Events can be reviewed by looking locally inside the Session Host and also in Log Analytics when the Azure Monitor Agent is used. - potentialBenefits: Enhanced AVD error tracking and resolution + potentialBenefits Enhanced AVD error tracking and resolution pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/fslogix/troubleshooting-events-logs-diagnostics + - name: Learn More + url: "https://learn.microsoft.com/en-us/fslogix/troubleshooting-events-logs-diagnostics" - description: Ensure user permissions are set correctly on SMB shares aprlGuid: 7b170ddd-5770-4945-9bc3-cd1ccf5f8672 @@ -247,15 +247,15 @@ Verify the number of users connecting to each file share to make sure the SMB pa recommendationMetadataState: Active longDescription: | Verify user permissions are correctly set on SMB shares so that users have appropriate access to only their own profile and not other user profiles, while administrators have full access at the root volume. Also ensure secondary storage path permissions are set in case of a DR event. - potentialBenefits: Enhanced security & disaster recovery + potentialBenefits Enhanced security & disaster recovery pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/fslogix/how-to-configure-storage-permissions + - name: Learn More + url: "https://learn.microsoft.com/en-us/fslogix/how-to-configure-storage-permissions" - description: Ensure the standard FSLogix configuration is deployed aprlGuid: c15b2b73-52a1-4db2-88dd-d592424ff4e4 @@ -266,15 +266,15 @@ Verify the number of users connecting to each file share to make sure the SMB pa recommendationMetadataState: Active longDescription: | Ensure all session hosts have the standard FSLogix configuration deployed. Regularly validate settings for consistency and alignment with best practices. - potentialBenefits: Optimized session reliability and performance + potentialBenefits Optimized session reliability and performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/fslogix/reference-configuration-settings?tabs=profiles + - name: Learn More + url: "https://learn.microsoft.com/en-us/fslogix/reference-configuration-settings?tabs=profiles" - description: Ensure a unique OU when deploying VMs to Domain aprlGuid: 939cb85c-102a-4e0a-ab82-5c92116d3778 @@ -286,15 +286,15 @@ Verify the number of users connecting to each file share to make sure the SMB pa longDescription: | Hybrid VMs should be in a unique OU. When using AD-joined session hosts will benefit from using a unique OU to target specific AVD configurations per hostpool. Examples include Fslogix, time out limits, session controls, and much more. It�s also important to segment Prod and DR organization units to ensure resources are configured per environment. - potentialBenefits: Improved AVD hostpool config & segmentation + potentialBenefits Improved AVD hostpool config & segmentation pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/virtual-dc/adds-on-azure-vm#configure-the-vms-and-install-active-directory-domain-services + - name: Learn More + url: "https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/virtual-dc/adds-on-azure-vm#configure-the-vms-and-install-active-directory-domain-services" - description: Use Azure Site Recovery or Backups on VMs supporting personal desktops aprlGuid: 38721758-2cc2-4d6b-b7b7-8b47dadbf7df @@ -305,15 +305,15 @@ When using AD-joined session hosts will benefit from using a unique OU to target recommendationMetadataState: Active longDescription: | Leverage Azure Site Recovery (ASR) or implement Azure Backup for personal host pools for seamless failover and failback capabilities, enabling the replication of VMs supporting personal desktops to a secondary Azure region. In the event of a disaster or unexpected outage, this ensures the recovery of these VMs from a known-state. - potentialBenefits: Ensures VM recovery & failover + potentialBenefits Ensures VM recovery & failover pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/virtual-desktop/scheduled-agent-updates + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/virtual-desktop/scheduled-agent-updates" - description: Create updated image version and replace session hosts rather than updating host directly aprlGuid: 2831dab9-6a43-44a1-8aec-90a8e84894bc @@ -325,15 +325,15 @@ When using AD-joined session hosts will benefit from using a unique OU to target longDescription: | Establish a systematic process for handling image updates within your Azure Virtual Desktop environment. Instead of directly updating individual session hosts, create a new version of the updated image. This process involves creating and configuring a golden image with the necessary updates and configurations. Once the new image is prepared, replace existing session hosts with instances using the updated image. This approach ensures consistency across all session hosts and minimizes the risk of configuration drift. Additionally, it enables quick rollback to a previous image version in case of any issues with the update. Implementing this process helps streamline maintenance activities and ensures that all session hosts are up-to-date with the latest configurations and updates. has context menu - potentialBenefits: Ensures consistency; minimizes drift + potentialBenefits Ensures consistency; minimizes drift pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/training/modules/create-manage-session-host-image/ + - name: Learn More + url: "https://learn.microsoft.com/en-us/training/modules/create-manage-session-host-image/" - description: Monitor Service Health and Resource Health of AVD aprlGuid: a75a20e7-8cc0-4f7b-b4a9-e2476bd72429 @@ -346,15 +346,15 @@ has context menu Use Service Health to stay informed about the health of the Azure services and regions that you use to insure their availability. Set up Service Health alerts so that you stay aware of service issues, planned maintenance, or other changes that might affect your Azure Virtual Desktop resources. Use Resource Health to monitor your VMs and storage solutions. - potentialBenefits: Enhanced AVD uptime and awareness + potentialBenefits Enhanced AVD uptime and awareness pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/monitoring#resource-health + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/monitoring#resource-health" - description: Deploy Domain Controllers and DNS Servers in Azure Virtual Network Across Availability Zones aprlGuid: 99bf5c94-aa68-4bb3-8b7f-45d1c5f09b5d @@ -366,15 +366,15 @@ Use Resource Health to monitor your VMs and storage solutions. longDescription: | When using an AD DS identity solution with AVD, it is recommended to deploy domain controllers and DNS servers on Azure virtual machines across availability zones. This improves the environment�s reliability by removing a dependency on an on-premises service and improves performance by creating a shorter path for user authentication. This recommendation is not relevant when you are utilizing Microsoft Entra as the identity provider. - potentialBenefits: Enhanced reliability and performance + potentialBenefits Enhanced reliability and performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/identity/adds-extend-domain#reliability + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/architecture/example-scenario/identity/adds-extend-domain#reliability" - description: Implement RDP Shortpath for Public or Managed Networks aprlGuid: 3835b4b3-0479-4be8-9ffd-34ae29fa33b9 @@ -385,15 +385,15 @@ This recommendation is not relevant when you are utilizing Microsoft Entra as th recommendationMetadataState: Active longDescription: | It is recommended to enable RDP Shortpath for AVD. RDP Shortpath is a feature of Azure Virtual Desktop that establishes a direct UDP-based transport between a supported Windows Remote Desktop client and session host. By default, Remote Desktop Protocol (RDP) tries to establish connection using UDP and uses a TCP-based reverse connect transport as a fallback connection mechanism. TCP-based reverse connect transport provides the best compatibility with various networking configurations and has a high success rate for establishing RDP connections. UDP-based transport offers better connection reliability and more consistent latency. - potentialBenefits: Better reliability & consistent latency + potentialBenefits Better reliability & consistent latency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/virtual-desktop/rdp-shortpath?tabs=managed-networks + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/virtual-desktop/rdp-shortpath?tabs=managed-networks" - description: Implement a Multi-Region BCDR Plan aprlGuid: 0714d039-535e-468d-9732-e32b5c094faa @@ -404,17 +404,17 @@ This recommendation is not relevant when you are utilizing Microsoft Entra as th recommendationMetadataState: Active longDescription: | It is recommended to adopt a multi-region deployment (active-active) for AVD. Each region should contain at least identity, name resolution, AVD management resources, and session hosts in case of a primary region outage. - potentialBenefits: Enhanced resilience & uptime + potentialBenefits Enhanced resilience & uptime pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Multi-region BCDR - url: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/azure-virtual-desktop-multi-region-bcdr - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/business-continuity#active-active-scenarios + - name: Multi-region BCDR + url: "https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/azure-virtual-desktop-multi-region-bcdr" + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/business-continuity#active-active-scenarios" - description: Store Golden Image Redundantly for Disaster Recovery aprlGuid: 0bf1a2bb-7617-4ab2-a784-e7ea40c5f01b @@ -425,17 +425,17 @@ This recommendation is not relevant when you are utilizing Microsoft Entra as th recommendationMetadataState: Active longDescription: | If a full BCDR strategy is not in place, consider using zone-redundant storage to store golden images across availability zones. Having the image available will allow for faster recovery in case of zonal or regional outage. - potentialBenefits: Faster recovery from outages + potentialBenefits Faster recovery from outages pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Golden Image - url: https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/business-continuity#golden-images - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/application-delivery#fault-tolerance + - name: Golden Image + url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/business-continuity#golden-images" + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/application-delivery#fault-tolerance" - description: Capacity Planning for AVD Resources aprlGuid: ef4b3561-c85f-47cf-8cb0-51fae9ddf929 @@ -448,17 +448,17 @@ This recommendation is not relevant when you are utilizing Microsoft Entra as th Monitor and plan for subscription limits and API throttling limits. Closely monitor your Azure Virtual Desktop deployments, and keep track of resource usage within your subscription. By proactively monitoring capacity, you can identify potential challenges early on, and you can take suitable actions to avoid reaching limits. Consider scaling across multiple subscriptions if further scaling is required, or work with Azure support to adjust limits based on your business requirements. To handle a large number of users, consider scaling horizontally by creating multiple host pools. - potentialBenefits: Avoids limits, ensures smooth scaling + potentialBenefits Avoids limits, ensures smooth scaling pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Capacity Planning - url: https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/business-continuity#capacity-planning - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-desktop#azure-virtual-desktop-limitations + - name: Capacity Planning + url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/business-continuity#capacity-planning" + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-desktop#azure-virtual-desktop-limitations" - description: Ensure separate log analytics workspaces for Prod and DR aprlGuid: 89b4d8f6-6345-4d66-9012-c3fc2aef94e8 @@ -469,15 +469,15 @@ To handle a large number of users, consider scaling horizontally by creating mul recommendationMetadataState: Active longDescription: | Having separate Log Analytics ensures that your DR environment is fully operational for visibility of the metrics, performance, and other auditing tools your workload teams will rely on in the event of an incident. - potentialBenefits: Improved DR visibility & operation + potentialBenefits Improved DR visibility & operation pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/virtual-desktop/diagnostics-log-analytics + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/virtual-desktop/diagnostics-log-analytics" - description: Ensure that FSLogix Storage Account is Redundant aprlGuid: ed1f0327-0914-49e8-9518-16acb0d6b8d6 @@ -495,15 +495,15 @@ LRS for least expensive replication (not recommended for apps with high availabi - GZRS provides both high availability and redundancy across geo replication. It provides sixteen 9s durability over a given year. Generally, it is recommended to store your data as secure and redundant as possible. - potentialBenefits: Improves data durability & availability + potentialBenefits Improves data durability & availability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/storage#user-profiles + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/storage#user-profiles" - description: Scaling plans should be created per region and not scaled across regions aprlGuid: e091419d-10ba-4a8e-bdb0-67380cc021a9 @@ -514,15 +514,15 @@ Generally, it is recommended to store your data as secure and redundant as possi recommendationMetadataState: Active longDescription: | Each region has its own scaling plans assigned to host pools within that region. However, these plans can become inaccessible if there's a regional failure. To mitigate this risk, it's advisable to create a secondary scaling plan in another region. - potentialBenefits: Enhances reliability across failures + potentialBenefits Enhances reliability across failures pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/virtual-desktop/autoscale-scaling-plan?tabs=portal + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/virtual-desktop/autoscale-scaling-plan?tabs=portal" - description: Validate AVD Session Host Connectivity to the AVD Control Plane and UDP Ports open if in use aprlGuid: e718ac1a-ebab-4f75-9e4a-1a5ccef20d1f @@ -533,15 +533,15 @@ Generally, it is recommended to store your data as secure and redundant as possi recommendationMetadataState: Active longDescription: | Ensure that AVD session hosts can effectively communicate with the AVD control plane and that UDP ports are open if UDP is utilized. Validate the connectivity of VMs to the AVD Control Plane and confirm the accessibility of UDP TURN ports. Whitelist global URLs and ensure that UDP/TURN ports are open and accessible to facilitate smooth user connections. Proper connectivity validation guarantees optimal performance and user experience within the AVD environment. - potentialBenefits: Enhanced performance & user experience + potentialBenefits Enhanced performance & user experience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-rdp-shortpath + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-rdp-shortpath" - description: Ensure Secondary Entra ID connect synchronization server aprlGuid: d984eaf9-0fa1-4f8d-a326-bda751993c6f @@ -553,15 +553,15 @@ Generally, it is recommended to store your data as secure and redundant as possi longDescription: | Hybrid - Entra ID Connect best to run in Azure but can be hosted on-prem. Secondary or more VMs should be setup in staging mode in event of failover. Set up secondary server in staging mode for Entra Connect for syncing to Entra in case of primary server outage. - potentialBenefits: Improved failover reliability + potentialBenefits Improved failover reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-install-multiple-domains + - name: Learn More + url: "https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-install-multiple-domains" - description: Deploy paired Domain Controllers in the same region as AVD session hosts aprlGuid: d61f6ee8-de1b-4fd9-9ce3-316cfe11ee05 @@ -573,15 +573,15 @@ Set up secondary server in staging mode for Entra Connect for syncing to Entra i longDescription: | Ensure each region with session hosts has multiple domain controllers in the same region to support high availability with regards to identity. For a hybrid scenario, each Azure region with AVD session hosts should have Active Directory Domain Controllers in Azure and use Availability Zones or Availability Sets for resilience within the region. This also mitigates dependency on ER/VPN/Inter-Azure dependencies. - potentialBenefits: Enhanced identity resilience + potentialBenefits Enhanced identity resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/azure-virtual-desktop/azure-virtual-desktop-multi-region-bcdr + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/architecture/example-scenario/azure-virtual-desktop/azure-virtual-desktop-multi-region-bcdr" - description: Ensure DNS regions are replicated to avoid single point of failure aprlGuid: e1a34ac6-8761-4020-b537-d60c0be7514e @@ -592,15 +592,15 @@ For a hybrid scenario, each Azure region with AVD session hosts should have Acti recommendationMetadataState: Active longDescription: | Active Directory Domain Services (AD DS) integrated DNS/other should target Secondary/Tertiary customer DNS across multi-region zones. If using custom DNS, ensure there are redundant DNS servers to avoid a single point of failure. - potentialBenefits: Improves uptime & resilience + potentialBenefits Improves uptime & resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/azure-virtual-desktop/azure-virtual-desktop-multi-region-bcdr + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/architecture/example-scenario/azure-virtual-desktop/azure-virtual-desktop-multi-region-bcdr" - description: Enable Azure Backup for FSLogix Storage Account aprlGuid: 0025ed2e-41f4-4ada-93c1-12484cef8b0c @@ -611,17 +611,17 @@ For a hybrid scenario, each Azure region with AVD session hosts should have Acti recommendationMetadataState: Active longDescription: | It is recommended to enable backup on the FSLogix Storage Account. Ensuring the user profiles are resilient will allow user data and experience to be consistent through outages. - potentialBenefits: Ensures data resilience and consistency + potentialBenefits Ensures data resilience and consistency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: FSLogix - url: https://learn.microsoft.com/en-us/fslogix/overview-what-is-fslogix - - name: Backup Storage Account - url: https://learn.microsoft.com/en-us/azure/backup/blob-backup-configure-manage?tabs=operational-backup + - name: FSLogix + url: "https://learn.microsoft.com/en-us/fslogix/overview-what-is-fslogix" + - name: Backup Storage Account + url: "https://learn.microsoft.com/en-us/azure/backup/blob-backup-configure-manage?tabs=operational-backup" - description: Organize AVD resources using the AVD Scale unit model described by the AVD Landing Zone Methodology aprlGuid: 204b56b0-9710-4c16-b506-bafb5fb318ed @@ -632,13 +632,13 @@ For a hybrid scenario, each Azure region with AVD session hosts should have Acti recommendationMetadataState: Active longDescription: | Follow AVD Landing Zone best practices using multiple resource groups based on resource type and associated shared resources for AVD workloads. - potentialBenefits: Enhanced organization & scalability + potentialBenefits Enhanced organization & scalability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/azure-virtual-desktop/enterprise-scale-landing-zone + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/azure-virtual-desktop/enterprise-scale-landing-zone" diff --git a/azure-resources/Devices/IotHubs/recommendations.yaml b/azure-resources/Devices/IotHubs/recommendations.yaml index b1d46e460..d11245756 100644 --- a/azure-resources/Devices/IotHubs/recommendations.yaml +++ b/azure-resources/Devices/IotHubs/recommendations.yaml @@ -7,17 +7,17 @@ recommendationMetadataState: Active longDescription: | Device Identities should be copied to the failover region IoT-Hub for all IoT devices to ensure connectivity in case of a failover. Manual Failover to another region is quicker (RTO), suitable for mission critical workloads. - potentialBenefits: Faster failover; Ensures device connectivity + potentialBenefits Faster failover; Ensures device connectivity pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Import and export IoT Hub device identities in bulk - url: https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-bulk-identity-mgmt - - name: IoT Hub high availability and disaster recovery - url: https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-ha-dr#manual-failover + - name: Import and export IoT Hub device identities in bulk + url: "https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-bulk-identity-mgmt" + - name: IoT Hub high availability and disaster recovery + url: "https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-ha-dr#manual-failover" - description: Do not use free tier aprlGuid: eeba3a49-fef0-481f-a471-7ff01139b474 @@ -28,15 +28,15 @@ recommendationMetadataState: Active longDescription: | In a production scenario, the IoT Hub tier should not be Free because the Free tier does not provide the necessary Service Level Agreement. - potentialBenefits: Ensures SLA for production + potentialBenefits Ensures SLA for production pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Choose the right IoT Hub tier and size for your solution - url: https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-scaling + - name: Choose the right IoT Hub tier and size for your solution + url: "https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-scaling" - description: Use Availability Zones aprlGuid: 214cbc46-747e-4354-af6e-6bf0054196a5 @@ -47,15 +47,15 @@ recommendationMetadataState: Active longDescription: | In regions supporting Availability Zones for IoT Hub, using these zones boosts availability. They're automatically activated for new IoT Hubs in supported areas. - potentialBenefits: Boosts IoT Hub availability + potentialBenefits Boosts IoT Hub availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure IoT Hub high availability and disaster recovery - url: https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-ha-dr#availability-zones + - name: Azure IoT Hub high availability and disaster recovery + url: "https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-ha-dr#availability-zones" - description: Use Device Provisioning Service aprlGuid: b1e1378d-4572-4414-bebd-b8872a6d4d1c @@ -66,19 +66,19 @@ recommendationMetadataState: Active longDescription: | Device Provisioning Service (DPS) enables easy redistribution of IoT devices for scaling and availability, allowing devices to be reassigned and not bound to specific IoT Hub instances. Devices in IoT Hubs using DPS should be verified for DPS utilization. - potentialBenefits: Enhances scalability & availability + potentialBenefits Enhances scalability & availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: IoT Hub Device Provisioning Service (DPS) terminology - url: https://learn.microsoft.com/en-us/azure/iot-dps/concepts-service - - name: Best practices for large-scale IoT device deployments - url: https://learn.microsoft.com/en-us/azure/iot-dps/concepts-deploy-at-scale - - name: IoT Hub Device Provisioning Service high availability and disaster recovery - url: https://learn.microsoft.com/en-us/azure/iot-dps/iot-dps-ha-dr + - name: IoT Hub Device Provisioning Service (DPS) terminology + url: "https://learn.microsoft.com/en-us/azure/iot-dps/concepts-service" + - name: Best practices for large-scale IoT device deployments + url: "https://learn.microsoft.com/en-us/azure/iot-dps/concepts-deploy-at-scale" + - name: IoT Hub Device Provisioning Service high availability and disaster recovery + url: "https://learn.microsoft.com/en-us/azure/iot-dps/iot-dps-ha-dr" - description: Define Failover Guidelines aprlGuid: 02568a5d-335e-4e51-9f7c-fe2ada977300 @@ -89,15 +89,15 @@ recommendationMetadataState: Active longDescription: | In case of a regional failure, an IoT Hub can failover to a second region, automatically or manually, to ensure your application continues working. - potentialBenefits: Ensures business continuity + potentialBenefits Ensures business continuity pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: IoT Hub high availability and disaster recovery - url: https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-ha-dr + - name: IoT Hub high availability and disaster recovery + url: "https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-ha-dr" - description: Disabled Fallback Route aprlGuid: e7dbd21f-b27a-4b8c-a901-cedb1e6d8e1e @@ -108,13 +108,13 @@ recommendationMetadataState: Active longDescription: | Using message routing for custom endpoints in IoT Hub, messages might not reach these destinations if specific conditions are unmet. A default route ensures all messages are received, but disabling this safety net risks leaving some messages undelivered. - potentialBenefits: Prevents undelivered messages + potentialBenefits Prevents undelivered messages pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Use message routing - Fallback route - url: https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-messages-d2c#fallback-route + - name: Use message routing - Fallback route + url: "https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-messages-d2c#fallback-route" diff --git a/azure-resources/DocumentDB/databaseAccounts/recommendations.yaml b/azure-resources/DocumentDB/databaseAccounts/recommendations.yaml index 65f5c5f52..e62e54f14 100644 --- a/azure-resources/DocumentDB/databaseAccounts/recommendations.yaml +++ b/azure-resources/DocumentDB/databaseAccounts/recommendations.yaml @@ -7,17 +7,17 @@ recommendationMetadataState: Active longDescription: | Azure leverages a multi-tier isolation approach (rack, DC, zone, region) for Cosmos DB's default resilience with four replicas. - potentialBenefits: Enhances SLA & resilience + potentialBenefits Enhances SLA & resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Distribute data globally with Azure Cosmos DB | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/cosmos-db/distribute-data-globally - - name: Tips for building highly available applications | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/cosmos-db/high-availability#tips-for-building-highly-available-applications + - name: Distribute data globally with Azure Cosmos DB | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/cosmos-db/distribute-data-globally" + - name: Tips for building highly available applications | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/cosmos-db/high-availability#tips-for-building-highly-available-applications" - description: Enable service-managed failover for multi-region accounts with single write region aprlGuid: 9cabded7-a1fc-6e4a-944b-d7dd98ea31a2 @@ -28,15 +28,15 @@ recommendationMetadataState: Active longDescription: | Cosmos DB boasts high uptime and resiliency. Even so, issues may arise. With Service-Managed failover, if a region is down, Cosmos DB automatically switches to the next available region, requiring no user action. - potentialBenefits: Auto failover for high uptime + potentialBenefits Auto failover for high uptime pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Manage an Azure Cosmos DB account by using the Azure portal | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-manage-database-account#automatic-failover + - name: Manage an Azure Cosmos DB account by using the Azure portal | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-manage-database-account#automatic-failover" - description: Evaluate multi-region write capability aprlGuid: 9ce78192-74a0-104c-b5bb-9a443f941649 @@ -47,17 +47,17 @@ recommendationMetadataState: Active longDescription: | Multi-region write capability allows for designing applications that are highly available across multiple regions, though it demands careful attention to consistency requirements and conflict resolution. Improper setup may decrease availability and cause data corruption due to unhandled conflicts. - potentialBenefits: Enhances high availability + potentialBenefits Enhances high availability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Distribute data globally with Azure Cosmos DB | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/cosmos-db/distribute-data-globally - - name: Conflict resolution types and resolution policies in Azure Cosmos DB | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/cosmos-db/conflict-resolution-policies + - name: Distribute data globally with Azure Cosmos DB | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/cosmos-db/distribute-data-globally" + - name: Conflict resolution types and resolution policies in Azure Cosmos DB | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/cosmos-db/conflict-resolution-policies" - description: Choose appropriate consistency mode reflecting data durability requirements aprlGuid: 23ebe97d-c546-204b-8b0d-00e61a5524f7 @@ -68,15 +68,15 @@ recommendationMetadataState: Active longDescription: | In a globally distributed database, consistency level impacts data durability in region-wide outages. For business continuity, gauge data loss tolerance post-disruption. - potentialBenefits: Enhances data durability & recovery + potentialBenefits Enhances data durability & recovery pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Consistency level choices - Azure Cosmos DB | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/cosmos-db/consistency-levels + - name: Consistency level choices - Azure Cosmos DB | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/cosmos-db/consistency-levels" - description: Configure continuous backup mode aprlGuid: e544520b-8505-7841-9e77-1f1974ee86ec @@ -87,15 +87,15 @@ recommendationMetadataState: Active longDescription: | Cosmos DB's backup is always on, offering protection against data mishaps. Continuous mode allows for self-serve restoration to a pre-mishap point, unlike periodic mode which requires contacting Microsoft support, leading to longer restore times. - potentialBenefits: Faster self-serve data restore + potentialBenefits Faster self-serve data restore pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Continuous backup with point in time restore feature in Azure Cosmos DB | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/cosmos-db/continuous-backup-restore-introduction + - name: Continuous backup with point in time restore feature in Azure Cosmos DB | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/cosmos-db/continuous-backup-restore-introduction" - description: Ensure query results are fully drained aprlGuid: c006604a-0d29-684c-99f0-9729cb40dac5 @@ -106,15 +106,15 @@ recommendationMetadataState: Active longDescription: | Cosmos DB has a 4 MB response limit, leading to paginated results for large or partition-spanning queries. Each page shows availability and provides a continuation token for the next. A while loop in code is necessary to traverse all pages until completion. - potentialBenefits: Maximizes data retrieval efficiency + potentialBenefits Maximizes data retrieval efficiency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Pagination in Azure Cosmos DB | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/query/pagination#handling-multiple-pages-of-results + - name: Pagination in Azure Cosmos DB | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/query/pagination#handling-multiple-pages-of-results" - description: Maintain singleton pattern in your client aprlGuid: 7eb32cf9-9a42-1540-acf8-597cbba8a418 @@ -125,15 +125,15 @@ recommendationMetadataState: Active longDescription: | Establishing and maintaining database connections is costly. Using a single instance of the SDK client for each account and application is crucial as connections are tied to the client. Compute environments have a limit on open connections, affecting connectivity when exceeded. - potentialBenefits: Reduces costs & prevents connectivity issues + potentialBenefits Reduces costs & prevents connectivity issues pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Designing resilient applications with Azure Cosmos DB SDKs | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/conceptual-resilient-sdk-applications + - name: Designing resilient applications with Azure Cosmos DB SDKs | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/conceptual-resilient-sdk-applications" - description: Implement retry logic in your client aprlGuid: fa6ac22f-0584-bb4b-80e4-80f4755d1a97 @@ -144,15 +144,15 @@ recommendationMetadataState: Active longDescription: | Cosmos DB SDKs automatically manage many transient errors through retries. Despite this, it's crucial for applications to implement additional retry policies targeting specific cases that the SDKs can't generically address, ensuring more robust error handling. - potentialBenefits: Enhances error handling resilience + potentialBenefits Enhances error handling resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Designing resilient applications with Azure Cosmos DB SDKs | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/conceptual-resilient-sdk-applications + - name: Designing resilient applications with Azure Cosmos DB SDKs | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/conceptual-resilient-sdk-applications" - description: Monitor Cosmos DB health and set up alerts aprlGuid: deaea200-013c-414b-ac9f-bfa7a7fb13f0 @@ -163,13 +163,13 @@ recommendationMetadataState: Active longDescription: | Monitoring the availability and responsiveness of Azure Cosmos DB resources and having alerts set up for your workload is a good practice. This ensures you stay proactive in handling unforeseen events. - potentialBenefits: Proactive issue management + potentialBenefits Proactive issue management pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Create alerts for Azure Cosmos DB using Azure Monitor | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/cosmos-db/create-alerts + - name: Create alerts for Azure Cosmos DB using Azure Monitor | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/cosmos-db/create-alerts" diff --git a/azure-resources/EventGrid/topics/recommendations.yaml b/azure-resources/EventGrid/topics/recommendations.yaml index 37e29812a..598dbbb1b 100644 --- a/azure-resources/EventGrid/topics/recommendations.yaml +++ b/azure-resources/EventGrid/topics/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Enabling diagnostic settings on Azure Event Grid resources like custom topics, system topics, and domains lets you capture and view diagnostic information to troubleshoot failures effectively. - potentialBenefits: Enhanced troubleshooting for Event Grid + potentialBenefits Enhanced troubleshooting for Event Grid pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure Event Grid - Enable diagnostic logs for Event Grid resources - url: https://learn.microsoft.com/en-us/azure/event-grid/enable-diagnostic-logs-topic + - name: Azure Event Grid - Enable diagnostic logs for Event Grid resources + url: "https://learn.microsoft.com/en-us/azure/event-grid/enable-diagnostic-logs-topic" - description: Configure Dead-letter to save events that cannot be delivered aprlGuid: 92162eb5-4323-3145-8a6c-525ce2f0700e @@ -26,15 +26,15 @@ recommendationMetadataState: Active longDescription: | Event Grid may not deliver an event within a specific time or after several attempts, leading to dead-lettering where undelivered events are sent to a storage account. - potentialBenefits: Saves undelivered events + potentialBenefits Saves undelivered events pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure Event Grid delivery and retry - url: https://learn.microsoft.com/en-us/azure/event-grid/delivery-and-retry#dead-letter-events + - name: Azure Event Grid delivery and retry + url: "https://learn.microsoft.com/en-us/azure/event-grid/delivery-and-retry#dead-letter-events" - description: Configure Private Endpoints aprlGuid: b2069f64-4741-3d4a-a71d-50c8b03f5ab7 @@ -45,13 +45,13 @@ recommendationMetadataState: Active longDescription: | Use private endpoints for secure event ingress to custom topics/domains via a private link, avoiding the public internet. It employs an IP from the VNet space for your topic/domain. - potentialBenefits: Secure, private VNet ingress + potentialBenefits Secure, private VNet ingress pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Configure private endpoints for Azure Event Grid topics or domains - url: https://learn.microsoft.com/en-us/azure/event-grid/configure-private-endpoints + - name: Configure private endpoints for Azure Event Grid topics or domains + url: "https://learn.microsoft.com/en-us/azure/event-grid/configure-private-endpoints" diff --git a/azure-resources/EventHub/namespaces/recommendations.yaml b/azure-resources/EventHub/namespaces/recommendations.yaml index d267897d6..f6893d1a4 100644 --- a/azure-resources/EventHub/namespaces/recommendations.yaml +++ b/azure-resources/EventHub/namespaces/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Event Hubs leverages Availability Zones to offer fault-isolated locations within an Azure region, ensuring support in regions with availability zones. It ensures both metadata and events are replicated across data centers within the availability zone. - potentialBenefits: Enhanced fault tolerance for Event Hub + potentialBenefits Enhanced fault tolerance for Event Hub pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Event Hubs - Geo-disaster recovery - url: https://learn.microsoft.com/azure/event-hubs/event-hubs-geo-dr?tabs=portal#availability-zones + - name: Azure Event Hubs - Geo-disaster recovery + url: "https://learn.microsoft.com/azure/event-hubs/event-hubs-geo-dr?tabs=portal#availability-zones" - description: Enable auto-inflate on Event Hub Standard tier aprlGuid: fbfef3df-04a5-41b2-a8fd-b8541eb04956 @@ -26,13 +26,13 @@ recommendationMetadataState: Active longDescription: | Enable auto-inflate on Event Hub Standard tier namespaces to automatically scale up TUs, meeting usage needs and preventing data ingress or egress throttle scenarios by adjusting to allowed rates. - potentialBenefits: Prevents throttling by autoscaling TUs + potentialBenefits Prevents throttling by autoscaling TUs pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Event Hubs - Automatically scale throughput units - url: https://learn.microsoft.com/azure/event-hubs/event-hubs-auto-inflate + - name: Azure Event Hubs - Automatically scale throughput units + url: "https://learn.microsoft.com/azure/event-hubs/event-hubs-auto-inflate" diff --git a/azure-resources/Insights/activityLogAlerts/recommendations.yaml b/azure-resources/Insights/activityLogAlerts/recommendations.yaml index 15af382e2..a4eec536a 100644 --- a/azure-resources/Insights/activityLogAlerts/recommendations.yaml +++ b/azure-resources/Insights/activityLogAlerts/recommendations.yaml @@ -7,19 +7,19 @@ recommendationMetadataState: Active longDescription: | Configure Resource Health Alerts for all applicable resources to stay informed about the current and historical health status of your Azure resources. They notify you when these resources have a change in their health status. - potentialBenefits: Stay informed on resource status + potentialBenefits Stay informed on resource status pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Resource Health - url: https://learn.microsoft.com/en-us/azure/service-health/resource-health-overview - - name: Configure Resource Health alerts in the Azure portal - url: https://learn.microsoft.com/en-us/azure/service-health/resource-health-alert-monitor-guide#create-a-resource-health-alert-rule-in-the-azure-portal - - name: Alerts Health - url: https://learn.microsoft.com/en-us/azure/service-health/alerts-activity-log-service-notifications-portal + - name: Resource Health + url: "https://learn.microsoft.com/en-us/azure/service-health/resource-health-overview" + - name: Configure Resource Health alerts in the Azure portal + url: "https://learn.microsoft.com/en-us/azure/service-health/resource-health-alert-monitor-guide#create-a-resource-health-alert-rule-in-the-azure-portal" + - name: Alerts Health + url: "https://learn.microsoft.com/en-us/azure/service-health/alerts-activity-log-service-notifications-portal" - description: Configure Service Health Alerts aprlGuid: 9729c89d-8118-41b4-a39b-e12468fa872b @@ -30,15 +30,15 @@ recommendationMetadataState: Active longDescription: | Service health gives a personalized health view of Azure services and regions used, offering the best place for notifications on outages, planned maintenance, and health advisories by knowing the services used. - potentialBenefits: Proactive outage & maintenance alerts + potentialBenefits Proactive outage & maintenance alerts pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: What is Azure Service Health? - url: https://learn.microsoft.com/azure/service-health/overview - - name: Configure alerts for service health events - url: https://learn.microsoft.com/azure/service-health/alerts-activity-log-service-notifications-portal + - name: What is Azure Service Health? + url: "https://learn.microsoft.com/azure/service-health/overview" + - name: Configure alerts for service health events + url: "https://learn.microsoft.com/azure/service-health/alerts-activity-log-service-notifications-portal" diff --git a/azure-resources/Insights/components/recommendations.yaml b/azure-resources/Insights/components/recommendations.yaml index 9a265a410..c445cdee6 100644 --- a/azure-resources/Insights/components/recommendations.yaml +++ b/azure-resources/Insights/components/recommendations.yaml @@ -7,13 +7,13 @@ recommendationMetadataState: Active longDescription: | Classic Application Insights retires in February 2024. To minimize disruption to existing application monitoring scenarios, transition to workspace-based Application Insights before 29 February 2024. - potentialBenefits: Avoid service disruption post-Feb 2024 + potentialBenefits Avoid service disruption post-Feb 2024 pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Migrate an Application Insights classic resource to a workspace-based resource - url: https://learn.microsoft.com/en-us/azure/azure-monitor/app/convert-classic-resource + - name: Migrate an Application Insights classic resource to a workspace-based resource + url: "https://learn.microsoft.com/en-us/azure/azure-monitor/app/convert-classic-resource" diff --git a/azure-resources/KeyVault/vaults/recommendations.yaml b/azure-resources/KeyVault/vaults/recommendations.yaml index a07e96751..e5faec51f 100644 --- a/azure-resources/KeyVault/vaults/recommendations.yaml +++ b/azure-resources/KeyVault/vaults/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Key Vault's soft-delete feature enables recovery of deleted vaults and objects like keys, secrets, and certificates. When enabled, marked resources are retained for 90 days, allowing for their recovery, essentially undoing deletion. - potentialBenefits: Enables recovery of deleted items + potentialBenefits Enables recovery of deleted items pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Key Vault soft-delete overview - url: https://learn.microsoft.com/azure/key-vault/general/soft-delete-overview + - name: Azure Key Vault soft-delete overview + url: "https://learn.microsoft.com/azure/key-vault/general/soft-delete-overview" - description: Key vaults should have purge protection enabled aprlGuid: 70fcfe6d-00e9-5544-a63a-fff42b9f2edb @@ -26,15 +26,15 @@ recommendationMetadataState: Active longDescription: | Purge protection secures against malicious deletions by enforcing a retention period for soft deleted key vaults, ensuring no one, not even insiders or Microsoft, can purge your key vaults during this period, preventing permanent data loss. - potentialBenefits: Protects from insider attacks, avoids data loss + potentialBenefits Protects from insider attacks, avoids data loss pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Key Vault purge-protection overview - url: https://learn.microsoft.com/azure/key-vault/general/soft-delete-overview#purge-protection + - name: Azure Key Vault purge-protection overview + url: "https://learn.microsoft.com/azure/key-vault/general/soft-delete-overview#purge-protection" - description: Enable Azure Private Link Service for Key vault aprlGuid: 00c3d2b0-ea6e-4c4b-89be-b78a35caeb51 @@ -45,15 +45,15 @@ recommendationMetadataState: Active longDescription: | Azure Private Link Service lets you securely and privately connect to Azure Key Vault via a Private Endpoint in your VNet, using a private IP and eliminating public Internet exposure. - potentialBenefits: Secure Key Vault with Private Link + potentialBenefits Secure Key Vault with Private Link pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Key Vault Private Link Service overview - url: https://learn.microsoft.com/azure/key-vault/general/security-features#network-security + - name: Azure Key Vault Private Link Service overview + url: "https://learn.microsoft.com/azure/key-vault/general/security-features#network-security" - description: Use separate key vaults per application per environment aprlGuid: e7091145-3642-bd41-bb58-66502e64d2cd @@ -64,15 +64,15 @@ recommendationMetadataState: Active longDescription: | Key vaults are security boundaries for secret storage. Grouping secrets together increases risk during a security event, as attacks could access multiple secrets. - potentialBenefits: Enhanced security, Reduced risk + potentialBenefits Enhanced security, Reduced risk pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure Key Vault best practices overview - url: https://learn.microsoft.com/azure/key-vault/general/best-practices#why-we-recommend-separate-key-vaults + - name: Azure Key Vault best practices overview + url: "https://learn.microsoft.com/azure/key-vault/general/best-practices#why-we-recommend-separate-key-vaults" - description: Diagnostic logs in Key Vault should be enabled aprlGuid: 1dc0821d-4f14-7644-bab4-ba208ff5f7fa @@ -83,13 +83,13 @@ recommendationMetadataState: Active longDescription: | Enable logs, set up alerts, and adhere to retention requirements for improved monitoring and security of Key Vault access, detailing the frequency and identity of users. - potentialBenefits: Enhanced monitoring & security compliance + potentialBenefits Enhanced monitoring & security compliance pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Key Vault logging overview - url: https://learn.microsoft.com/azure/key-vault/general/logging?tabs=Vault + - name: Azure Key Vault logging overview + url: "https://learn.microsoft.com/azure/key-vault/general/logging?tabs=Vault" diff --git a/azure-resources/NetApp/netAppAccounts/recommendations.yaml b/azure-resources/NetApp/netAppAccounts/recommendations.yaml index 6e9310d92..05c8b2659 100644 --- a/azure-resources/NetApp/netAppAccounts/recommendations.yaml +++ b/azure-resources/NetApp/netAppAccounts/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Service levels, part of capacity pool attributes, determine the maximum throughput per volume quota in Azure NetApp Files. It combines read and write speed, offering three levels: Standard (16 MiB/s per 1TiB), Premium (64 MiB/s per 1TiB), and Ultra (128 MiB/s per 1TiB) throughput. - potentialBenefits: Optimized performance & cost efficiency + potentialBenefits Optimized performance & cost efficiency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Service levels for Azure NetApp Files | Microsoft Learn - url: https://learn.microsoft.com/azure/azure-netapp-files/azure-netapp-files-service-levels + - name: Service levels for Azure NetApp Files | Microsoft Learn + url: "https://learn.microsoft.com/azure/azure-netapp-files/azure-netapp-files-service-levels" - description: Use standard network features for production in Azure NetApp Files aprlGuid: ab984130-c57b-6c4a-8d04-6723b4e1bdb6 @@ -26,15 +26,15 @@ recommendationMetadataState: Active longDescription: | Standard network feature in Azure NetApp Files enhances IP limits and VNet capabilities, including network security groups, user-defined routes on subnets, and diverse connectivity options. - potentialBenefits: Enhanced connectivity & security + potentialBenefits Enhanced connectivity & security pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Guidelines for Azure NetApp Files network planning | Microsoft Learn - url: https://learn.microsoft.com/azure/azure-netapp-files/azure-netapp-files-network-topologies + - name: Guidelines for Azure NetApp Files network planning | Microsoft Learn + url: "https://learn.microsoft.com/azure/azure-netapp-files/azure-netapp-files-network-topologies" - description: Use availability zones for high availability in Azure NetApp Files aprlGuid: 47d100a5-7f85-5742-967a-67eb5081240a @@ -45,15 +45,15 @@ recommendationMetadataState: Active longDescription: | Azure availability zones are distinct locations within each Azure region designed to withstand local failures through redundancy and logical isolation, improving service resiliency with at least three zones in enabled regions. - potentialBenefits: Enhances disaster recovery + potentialBenefits Enhances disaster recovery pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Use availability zones for high availability in Azure NetApp Files | Microsoft Learn - url: https://learn.microsoft.com/azure/azure-netapp-files/use-availability-zones + - name: Use availability zones for high availability in Azure NetApp Files | Microsoft Learn + url: "https://learn.microsoft.com/azure/azure-netapp-files/use-availability-zones" - description: Use snapshots for data protection in Azure NetApp Files aprlGuid: 72827434-c773-4345-9493-34848ddf5803 @@ -64,15 +64,15 @@ recommendationMetadataState: Active longDescription: | Azure NetApp Files snapshot technology ensures stability, scalability, and swift data recoverability without affecting performance. It supports automatic snapshot creation via policies for Azure NetApp Files data. - potentialBenefits: Stable, scalable, swift recovery, no perf impact + potentialBenefits Stable, scalable, swift recovery, no perf impact pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: How Azure NetApp Files snapshots work | Microsoft Learn - url: https://learn.microsoft.com/azure/azure-netapp-files/snapshots-introduction + - name: How Azure NetApp Files snapshots work | Microsoft Learn + url: "https://learn.microsoft.com/azure/azure-netapp-files/snapshots-introduction" - description: Enable backup for data protection in Azure NetApp Files aprlGuid: b2fb3e60-97ec-e34d-af29-b16a0d61c2ac @@ -83,15 +83,15 @@ recommendationMetadataState: Active longDescription: | Azure NetApp Files offers a fully managed backup solution enhancing long-term recovery, archiving, and compliance. - potentialBenefits: Enhances data recovery & compliance + potentialBenefits Enhances data recovery & compliance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Understand Azure NetApp Files backup | Microsoft Learn - url: https://learn.microsoft.com/azure/azure-netapp-files/backup-introduction + - name: Understand Azure NetApp Files backup | Microsoft Learn + url: "https://learn.microsoft.com/azure/azure-netapp-files/backup-introduction" - description: Enable Cross-region replication of Azure NetApp Files volumes aprlGuid: e30317d2-c502-4dfe-a2d3-0a737cc79545 @@ -102,15 +102,15 @@ recommendationMetadataState: Active longDescription: | Azure NetApp Files replication offers data protection by allowing asynchronous cross-region volume replication for application failover in case of regional outages. Volumes can be replicated across regions, not concurrently with cross-zone replication. - potentialBenefits: Enhanced data protection & disaster recovery + potentialBenefits Enhanced data protection & disaster recovery pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Cross-region replication of Azure NetApp Files volumes - url: https://learn.microsoft.com/en-us/azure/azure-netapp-files/cross-region-replication-introduction + - name: Cross-region replication of Azure NetApp Files volumes + url: "https://learn.microsoft.com/en-us/azure/azure-netapp-files/cross-region-replication-introduction" - description: Enable Cross-zone replication of Azure NetApp Files volumes aprlGuid: e3d742e1-dacd-9b48-b6b1-510ec9f87c96 @@ -121,15 +121,15 @@ recommendationMetadataState: Active longDescription: | The cross-zone replication (CZR) feature enables asynchronous data replication between Azure NetApp Files volumes across different availability zones, ensuring data protection and critical application failover in case of zone-wide disasters. - potentialBenefits: Enhances disaster recovery + potentialBenefits Enhances disaster recovery pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Cross-zone replication of Azure NetApp Files volumes | Microsoft Learn - url: https://learn.microsoft.com/azure/azure-netapp-files/cross-zone-replication-introduction + - name: Cross-zone replication of Azure NetApp Files volumes | Microsoft Learn + url: "https://learn.microsoft.com/azure/azure-netapp-files/cross-zone-replication-introduction" - description: Monitor Azure NetApp Files metrics to better understand usage pattern and performance aprlGuid: 2f579fc9-e599-0d44-8b97-254f50ae04d8 @@ -140,15 +140,15 @@ recommendationMetadataState: Active longDescription: | Azure NetApp Files offers metrics like allocated storage, actual usage, volume IOPS, and latency, enabling a better understanding of usage patterns and volume performance for NetApp accounts. - potentialBenefits: Optimize usage & performance + potentialBenefits Optimize usage & performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Ways to monitor Azure NetApp Files | Microsoft Learn - url: https://learn.microsoft.com/azure/azure-netapp-files/monitor-azure-netapp-files + - name: Ways to monitor Azure NetApp Files | Microsoft Learn + url: "https://learn.microsoft.com/azure/azure-netapp-files/monitor-azure-netapp-files" - description: Enforce standards and assess compliance in Azure NetApp Files with Azure policy aprlGuid: 687ae58f-517f-ca43-90fe-922497e61283 @@ -159,17 +159,17 @@ recommendationMetadataState: Active longDescription: | Azure NetApp Files supports Azure policy integration using either built-in policy definitions or by creating custom ones to maintain organizational standards and compliance. - potentialBenefits: Enforce standards & assess compliance + potentialBenefits Enforce standards & assess compliance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure Policy definitions for Azure NetApp Files | Microsoft Learn - url: https://learn.microsoft.com/azure/azure-netapp-files/azure-policy-definitions - - name: Creating custom policy definitions | Microsoft Learn - url: https://learn.microsoft.com/azure/governance/policy/tutorials/create-custom-policy-definition + - name: Azure Policy definitions for Azure NetApp Files | Microsoft Learn + url: "https://learn.microsoft.com/azure/azure-netapp-files/azure-policy-definitions" + - name: Creating custom policy definitions | Microsoft Learn + url: "https://learn.microsoft.com/azure/governance/policy/tutorials/create-custom-policy-definition" - description: Restrict default access to Azure NetApp Files volumes aprlGuid: cfa2244b-5436-47de-8287-b217875d3b0a @@ -180,23 +180,23 @@ recommendationMetadataState: Active longDescription: | Access to the delegated subnet should be limited to specific Azure Virtual Networks. SMB-enabled volumes' share permissions should move away from 'Everyone/Full control'. NFS-enabled volumes' access needs to be controlled via export policies and/or NFSv4.1 ACLs. - potentialBenefits: Enhanced security, Reduced data breach risk + potentialBenefits Enhanced security, Reduced data breach risk pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Configure network features for an Azure NetApp Files volume - url: https://learn.microsoft.com/azure/azure-netapp-files/configure-network-features - - name: Manage SMB share ACLs in Azure NetApp Files - url: https://learn.microsoft.com/azure/azure-netapp-files/manage-smb-share-access-control-lists - - name: Configure export policy for NFS or dual-protocol volumes - url: https://learn.microsoft.com/azure/azure-netapp-files/azure-netapp-files-configure-export-policy - - name: Configure access control lists on NFSv4.1 volumes for Azure NetApp Files - url: https://learn.microsoft.com/azure/azure-netapp-files/configure-access-control-lists - - name: Configure Unix permissions and change ownership mode for NFS and dual-protocol volumes - url: https://learn.microsoft.com/azure/azure-netapp-files/configure-unix-permissions-change-ownership-mode + - name: Configure network features for an Azure NetApp Files volume + url: "https://learn.microsoft.com/azure/azure-netapp-files/configure-network-features" + - name: Manage SMB share ACLs in Azure NetApp Files + url: "https://learn.microsoft.com/azure/azure-netapp-files/manage-smb-share-access-control-lists" + - name: Configure export policy for NFS or dual-protocol volumes + url: "https://learn.microsoft.com/azure/azure-netapp-files/azure-netapp-files-configure-export-policy" + - name: Configure access control lists on NFSv4.1 volumes for Azure NetApp Files + url: "https://learn.microsoft.com/azure/azure-netapp-files/configure-access-control-lists" + - name: Configure Unix permissions and change ownership mode for NFS and dual-protocol volumes + url: "https://learn.microsoft.com/azure/azure-netapp-files/configure-unix-permissions-change-ownership-mode" - description: Make use of SMB continuous availability for supported applications aprlGuid: d1e7ccc3-e6c1-40e9-a36e-fd134711c808 @@ -207,15 +207,15 @@ recommendationMetadataState: Active longDescription: | Certain SMB applications need SMB Transparent Failover for maintenance without interrupting server connectivity. Azure NetApp Files provides this through SMB Continuous Availability for applications like Citrix App Layering, FSLogix user/profile containers, Microsoft SQL Server, MSIX app attach. - potentialBenefits: Zero downtime for SMB apps + potentialBenefits Zero downtime for SMB apps pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Do I need to take special precautions for SMB-based applications? | Microsoft Learn - url: https://learn.microsoft.com/azure/azure-netapp-files/faq-application-resilience#do-i-need-to-take-special-precautions-for-smb-based-applications + - name: Do I need to take special precautions for SMB-based applications? | Microsoft Learn + url: "https://learn.microsoft.com/azure/azure-netapp-files/faq-application-resilience#do-i-need-to-take-special-precautions-for-smb-based-applications" - description: Ensure application resilience for service maintenance events aprlGuid: 60f36f9b-fac9-4160-bbf5-57af04da4f53 @@ -226,13 +226,13 @@ recommendationMetadataState: Active longDescription: | Azure NetApp Files might undergo occasional planned maintenance such as platform updates or service and software upgrades. It's important to be aware of the application's resiliency settings to cope with these storage service maintenance events. - potentialBenefits: Minimizes downtime during maintenance + potentialBenefits Minimizes downtime during maintenance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: What do you recommend for handling potential application disruptions due to storage service maintenance events? | Microsoft Learn - url: https://learn.microsoft.com/azure/azure-netapp-files/faq-application-resilience#what-do-you-recommend-for-handling-potential-application-disruptions-due-to-storage-service-maintenance-events + - name: What do you recommend for handling potential application disruptions due to storage service maintenance events? | Microsoft Learn + url: "https://learn.microsoft.com/azure/azure-netapp-files/faq-application-resilience#what-do-you-recommend-for-handling-potential-application-disruptions-due-to-storage-service-maintenance-events" diff --git a/azure-resources/Network/FrontDoorWebApplicationFirewallPolicies/recommendations.yaml b/azure-resources/Network/FrontDoorWebApplicationFirewallPolicies/recommendations.yaml index fe72ac382..21dbab81e 100644 --- a/azure-resources/Network/FrontDoorWebApplicationFirewallPolicies/recommendations.yaml +++ b/azure-resources/Network/FrontDoorWebApplicationFirewallPolicies/recommendations.yaml @@ -7,21 +7,21 @@ recommendationMetadataState: Active longDescription: | WAF may mistakenly block legitimate requests (false positives). These can be identified by examining the last 24 hours of blocked requests in Log Analytics. - potentialBenefits: Reduces false positives, improves access + potentialBenefits Reduces false positives, improves access pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure Web Application Firewall monitoring and logging - Access Log - url: https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-monitor?pivots=front-door-standard-premium#access-logs - - name: Understanding WAF logs - url: https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-tuning?pivots=front-door-standard-premium#understanding-waf-logs - - name: Web Application Firewall exclusion lists - url: https://learn.microsoft.com/azure/web-application-firewall/ag/application-gateway-waf-configuration?tabs=portal - - name: Fixing a false positive - url: https://learn.microsoft.com/azure/web-application-firewall/ag/web-application-firewall-troubleshoot#fixing-false-positives + - name: Azure Web Application Firewall monitoring and logging - Access Log + url: "https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-monitor?pivots=front-door-standard-premium#access-logs" + - name: Understanding WAF logs + url: "https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-tuning?pivots=front-door-standard-premium#understanding-waf-logs" + - name: Web Application Firewall exclusion lists + url: "https://learn.microsoft.com/azure/web-application-firewall/ag/application-gateway-waf-configuration?tabs=portal" + - name: Fixing a false positive + url: "https://learn.microsoft.com/azure/web-application-firewall/ag/web-application-firewall-troubleshoot#fixing-false-positives" - description: Check Azure Application Gateway WAF logs for mistakenly blocked valid requests aprlGuid: 537b4d94-edd1-4041-b13d-8217dfa485f0 @@ -32,17 +32,17 @@ recommendationMetadataState: Active longDescription: | WAF may block legitimate requests as false positives. Identifying blocked requests within the last 24 hours through Log Analytics can help manage and mitigate these incorrect blockages efficiently. - potentialBenefits: Improve false positive identification + potentialBenefits Improve false positive identification pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure Web Application Firewall Monitoring and Logging - url: https://learn.microsoft.com/azure/web-application-firewall/ag/application-gateway-waf-metrics#logs-and-diagnostics - - name: Diagnostic logs - url: https://learn.microsoft.com/azure/web-application-firewall/ag/web-application-firewall-logs#diagnostic-logs + - name: Azure Web Application Firewall Monitoring and Logging + url: "https://learn.microsoft.com/azure/web-application-firewall/ag/application-gateway-waf-metrics#logs-and-diagnostics" + - name: Diagnostic logs + url: "https://learn.microsoft.com/azure/web-application-firewall/ag/web-application-firewall-logs#diagnostic-logs" - description: Monitor Web Application Firewall aprlGuid: 5357ae22-0f52-1a49-9fd4-1f00ace6add0 @@ -53,15 +53,15 @@ recommendationMetadataState: Active longDescription: | Monitoring the health of your Web Application Firewall and the applications it protects is crucial. This can be achieved through integration with Microsoft Defender for Cloud, Azure Monitor, and Azure Monitor logs, ensuring optimal performance and security. - potentialBenefits: Enhanced security & health insight + potentialBenefits Enhanced security & health insight pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: WAF monitoring - url: https://learn.microsoft.com/azure/web-application-firewall/ag/ag-overview#waf-monitoring - - name: Azure Monitor Workbook for WAF - url: https://github.com/Azure/Azure-Network-Security/tree/master/Azure%20WAF/Workbook%20-%20WAF%20Monitor%20Workbook + - name: WAF monitoring + url: "https://learn.microsoft.com/azure/web-application-firewall/ag/ag-overview#waf-monitoring" + - name: Azure Monitor Workbook for WAF + url: "https://github.com/Azure/Azure-Network-Security/tree/master/Azure%20WAF/Workbook%20-%20WAF%20Monitor%20Workbook" diff --git a/azure-resources/Network/applicationGateways/recommendations.yaml b/azure-resources/Network/applicationGateways/recommendations.yaml index 3fc444436..7a471976d 100644 --- a/azure-resources/Network/applicationGateways/recommendations.yaml +++ b/azure-resources/Network/applicationGateways/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Azure Application Gateways v2 are deployed highly available with multiple instances by default. - potentialBenefits: Enhances uptime & enables autoscaling + potentialBenefits Enhances uptime & enables autoscaling pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Application Gateway Autoscaling Zone-Redundant - url: https://learn.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant#autoscaling-and-high-availability + - name: Application Gateway Autoscaling Zone-Redundant + url: "https://learn.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant#autoscaling-and-high-availability" - description: Secure all incoming connections with SSL aprlGuid: 233a7008-71e9-e745-923e-1a1c7a0b92f3 @@ -26,23 +26,23 @@ recommendationMetadataState: Active longDescription: | Secure all incoming connections using HTTPS for production services with end-to-end SSL/TLS or SSL/TLS termination at the Application Gateway to protect against attacks and ensure data remains private and encrypted between the web server and browsers. - potentialBenefits: Enhanced security & privacy + potentialBenefits Enhanced security & privacy pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Application Gateway Security - url: https://learn.microsoft.com/azure/well-architected/services/networking/azure-application-gateway#security - - name: Application Gateway SSL Overview - url: https://learn.microsoft.com/azure/application-gateway/ssl-overview - - name: Application Gateway SSL Policy Overview - url: https://learn.microsoft.com/azure/application-gateway/application-gateway-ssl-policy-overview - - name: Application Gateway KeyVault Certs - url: https://learn.microsoft.com/azure/application-gateway/key-vault-certs - - name: Application Gateway SSL Cert Management - url: https://learn.microsoft.com/azure/application-gateway/ssl-certificate-management + - name: Application Gateway Security + url: "https://learn.microsoft.com/azure/well-architected/services/networking/azure-application-gateway#security" + - name: Application Gateway SSL Overview + url: "https://learn.microsoft.com/azure/application-gateway/ssl-overview" + - name: Application Gateway SSL Policy Overview + url: "https://learn.microsoft.com/azure/application-gateway/application-gateway-ssl-policy-overview" + - name: Application Gateway KeyVault Certs + url: "https://learn.microsoft.com/azure/application-gateway/key-vault-certs" + - name: Application Gateway SSL Cert Management + url: "https://learn.microsoft.com/azure/application-gateway/ssl-certificate-management" - description: Enable Web Application Firewall policies aprlGuid: 8d9223c4-730d-ca47-af88-a9a024c37270 @@ -53,17 +53,17 @@ recommendationMetadataState: Active longDescription: | Use Application Gateway with Web Application Firewall (WAF) in an application virtual network to safeguard inbound HTTP/S internet traffic. WAF offers centralized defense against potential exploits through OWASP core rule sets-based rules. - potentialBenefits: Enhanced security for HTTP/S traffic + potentialBenefits Enhanced security for HTTP/S traffic pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Well-Architected Framework Application Gateway Overview - url: https://learn.microsoft.com/azure/well-architected/services/networking/azure-application-gateway - - name: Application Gateway - Web Application Firewall - url: https://learn.microsoft.com/azure/application-gateway/features#web-application-firewall + - name: Well-Architected Framework Application Gateway Overview + url: "https://learn.microsoft.com/azure/well-architected/services/networking/azure-application-gateway" + - name: Application Gateway - Web Application Firewall + url: "https://learn.microsoft.com/azure/application-gateway/features#web-application-firewall" - description: Use Application GW V2 instead of V1 aprlGuid: 7893f0b3-8622-1d47-beed-4b50a19f7895 @@ -74,19 +74,19 @@ recommendationMetadataState: Active longDescription: | Use Application Gateway v2 for built-in features like autoscaling, static VIPs, Azure KeyVault integration for better traffic management and performance, unless v1 is necessary. - potentialBenefits: Better performance, autoscaling, more features + potentialBenefits Better performance, autoscaling, more features pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Application Gateway Overview V2 - url: https://learn.microsoft.com/azure/application-gateway/overview-v2 - - name: Application Gateway Feature Comparison Between V1 and V2 - url: https://learn.microsoft.com/azure/application-gateway/overview-v2#feature-comparison-between-v1-sku-and-v2-sku - - name: Application Gateway V1 Retirement - url: https://azure.microsoft.com/updates/application-gateway-v1-will-be-retired-on-28-april-2026-transition-to-application-gateway-v2/ + - name: Application Gateway Overview V2 + url: "https://learn.microsoft.com/azure/application-gateway/overview-v2" + - name: Application Gateway Feature Comparison Between V1 and V2 + url: "https://learn.microsoft.com/azure/application-gateway/overview-v2#feature-comparison-between-v1-sku-and-v2-sku" + - name: Application Gateway V1 Retirement + url: "https://azure.microsoft.com/updates/application-gateway-v1-will-be-retired-on-28-april-2026-transition-to-application-gateway-v2/" - description: Monitor and Log the configurations and traffic aprlGuid: 5d035919-898d-a047-8d5d-454e199692e5 @@ -97,17 +97,17 @@ recommendationMetadataState: Active longDescription: | Enable logging in storage accounts, Log Analytics, and monitoring services for auditing and insights. If using NSGs, enable NSG flow logs to be stored, providing in-depth traffic analysis into Azure Cloud. - potentialBenefits: Enhanced traffic insight & audit + potentialBenefits Enhanced traffic insight & audit pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Application Gateway Metrics - url: https://learn.microsoft.com/azure/application-gateway/application-gateway-metrics - - name: Application Gateway Diagnostics - url: https://learn.microsoft.com/azure/application-gateway/application-gateway-diagnostics + - name: Application Gateway Metrics + url: "https://learn.microsoft.com/azure/application-gateway/application-gateway-metrics" + - name: Application Gateway Diagnostics + url: "https://learn.microsoft.com/azure/application-gateway/application-gateway-diagnostics" - description: Use Health Probes to detect backend availability aprlGuid: 847a8d88-21c4-bc48-a94e-562206edd767 @@ -118,17 +118,17 @@ recommendationMetadataState: Active longDescription: | Using custom health probes enhances understanding of backend availability and facilitates monitoring of backend services for any impact. - potentialBenefits: Ensures backend uptime monitoring. + potentialBenefits Ensures backend uptime monitoring. pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Application Gateway Probe Overview - url: https://learn.microsoft.com/azure/application-gateway/application-gateway-probe-overview - - name: Well-Architected Framework Application Gateway Overview - url: https://learn.microsoft.com/azure/well-architected/services/networking/azure-application-gateway + - name: Application Gateway Probe Overview + url: "https://learn.microsoft.com/azure/application-gateway/application-gateway-probe-overview" + - name: Well-Architected Framework Application Gateway Overview + url: "https://learn.microsoft.com/azure/well-architected/services/networking/azure-application-gateway" - description: Deploy Application Gateway in a zone-redundant configuration aprlGuid: c9c00f2a-3888-714b-a72b-b4c9e8fcffb2 @@ -139,17 +139,17 @@ recommendationMetadataState: Active longDescription: | Deploying Application Gateway in a zone-aware configuration ensures continued customer access to services even if a specific zone goes down, as services in other zones remain available. - potentialBenefits: Enhanced uptime & customer access + potentialBenefits Enhanced uptime & customer access pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Well-Architected Framework Application Gateway Reliability - url: https://learn.microsoft.com/azure/well-architected/services/networking/azure-application-gateway#reliability - - name: Application Gateway V2 Overview - url: https://learn.microsoft.com/azure/application-gateway/overview-v2 + - name: Well-Architected Framework Application Gateway Reliability + url: "https://learn.microsoft.com/azure/well-architected/services/networking/azure-application-gateway#reliability" + - name: Application Gateway V2 Overview + url: "https://learn.microsoft.com/azure/application-gateway/overview-v2" - description: Plan for backend maintenance by using connection draining aprlGuid: 10f02bc6-e2e7-004d-a2c2-f9bf9f16b915 @@ -160,17 +160,17 @@ recommendationMetadataState: Active longDescription: | Using connection draining for backend maintenance ensures graceful removal of backend pool members during updates or health issues. It's enabled via Backend Setting and applies to all members during rule creation. - potentialBenefits: Smooth updates, no dropped users + potentialBenefits Smooth updates, no dropped users pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Application Gateway Connection Draining - url: https://learn.microsoft.com/azure/application-gateway/features#connection-draining - - name: Application Gateway Connection Draining HTTP Settings - url: https://learn.microsoft.com/azure/application-gateway/configuration-http-settings#connection-draining + - name: Application Gateway Connection Draining + url: "https://learn.microsoft.com/azure/application-gateway/features#connection-draining" + - name: Application Gateway Connection Draining HTTP Settings + url: "https://learn.microsoft.com/azure/application-gateway/configuration-http-settings#connection-draining" - description: Ensure Application Gateway Subnet is using a /24 subnet mask aprlGuid: 8364fd0a-7c0e-e240-9d95-4bf965aec243 @@ -181,13 +181,13 @@ recommendationMetadataState: Active longDescription: | Application Gateway v2 (Standard_v2 or WAF_v2 SKU) can support up to 125 instances. A /24 subnet isn't mandatory for deployment but is advised to provide enough space for autoscaling and maintenance upgrades. - potentialBenefits: Allows autoscaling and maintenance + potentialBenefits Allows autoscaling and maintenance pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Application Gateway infrastructure configuration | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/application-gateway/configuration-infrastructure#size-of-the-subnet + - name: Azure Application Gateway infrastructure configuration | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/application-gateway/configuration-infrastructure#size-of-the-subnet" diff --git a/azure-resources/Network/azureFirewalls/recommendations.yaml b/azure-resources/Network/azureFirewalls/recommendations.yaml index 57f900eab..d4f452818 100644 --- a/azure-resources/Network/azureFirewalls/recommendations.yaml +++ b/azure-resources/Network/azureFirewalls/recommendations.yaml @@ -7,17 +7,17 @@ recommendationMetadataState: Active longDescription: | Azure Firewall offers different SLAs depending on its deployment; in a single availability zone or across multiple, potentially improving reliability and performance. - potentialBenefits: Enhanced SLA and reliability + potentialBenefits Enhanced SLA and reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Well Architected Framework - Azure Firewall - url: https://learn.microsoft.com/azure/architecture/framework/services/networking/azure-firewall - - name: Deploy Azure Firewall across multiple availability zones - url: https://learn.microsoft.com/azure/firewall/deploy-availability-zone-powershell + - name: Azure Well Architected Framework - Azure Firewall + url: "https://learn.microsoft.com/azure/architecture/framework/services/networking/azure-firewall" + - name: Deploy Azure Firewall across multiple availability zones + url: "https://learn.microsoft.com/azure/firewall/deploy-availability-zone-powershell" - description: Monitor Azure Firewall metrics aprlGuid: 3c8fa7c6-6b78-a24a-a63f-348a7c71acb9 @@ -28,17 +28,17 @@ recommendationMetadataState: Active longDescription: | Monitor Azure Firewall for overall health, processed throughput, and outbound SNAT port usage. Get alerted before limits impact services. Consider NAT gateway integration with zonal deployments; note limitations with zone redundant firewalls and secure virtual hub networks. - potentialBenefits: Improve health & performance monitoring + potentialBenefits Improve health & performance monitoring pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Firewall metrics supported in Azure Monitor - url: https://learn.microsoft.com/azure/azure-monitor/essentials/metrics-supported#microsoftnetworkazurefirewalls - - name: Azure Firewall performance - url: https://learn.microsoft.com/azure/firewall/firewall-performance + - name: Azure Firewall metrics supported in Azure Monitor + url: "https://learn.microsoft.com/azure/azure-monitor/essentials/metrics-supported#microsoftnetworkazurefirewalls" + - name: Azure Firewall performance + url: "https://learn.microsoft.com/azure/firewall/firewall-performance" - description: Configure DDoS Protection on the Azure Firewall VNet aprlGuid: 1b2dbf4a-8a0b-5e4b-8f4e-3f758188910d @@ -49,15 +49,15 @@ recommendationMetadataState: Active longDescription: | Associate a DDoS protection plan with the virtual network hosting Azure Firewall to provide enhanced mitigation against DDoS attacks. Azure Firewall Manager integrates the creation of firewall infrastructure and DDoS protection plans. - potentialBenefits: Enhanced DDoS attack defense + potentialBenefits Enhanced DDoS attack defense pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure DDoS Protection overview - url: https://learn.microsoft.com/azure/ddos-protection/ddos-protection-overview + - name: Azure DDoS Protection overview + url: "https://learn.microsoft.com/azure/ddos-protection/ddos-protection-overview" - description: Leverage Azure Policy inheritance model aprlGuid: 3a63560a-1ed3-6140-acd1-d1d23f9a2e12 @@ -68,15 +68,15 @@ recommendationMetadataState: Active longDescription: | Azure Firewall policy supports rule hierarchies for compliance enforcement, using a central base policy with higher priority over child policies, and employs Azure custom roles to safeguard base policy and manage access within subscriptions or groups. - potentialBenefits: Enhanced compliance and rule hierarchy + potentialBenefits Enhanced compliance and rule hierarchy pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure Firewall Policy hierarchy - url: https://learn.microsoft.com/azure/firewall-manager/rule-hierarchy + - name: Azure Firewall Policy hierarchy + url: "https://learn.microsoft.com/azure/firewall-manager/rule-hierarchy" - description: Configure 2-4 PIPs for SNAT Port utilization aprlGuid: d2e4a38e-2307-4299-a217-4c0cebc9a7f6 @@ -87,15 +87,15 @@ recommendationMetadataState: Active longDescription: | Configure a minimum of two to four public IP addresses per Azure Firewall to avoid SNAT exhaustion. Azure Firewall offers SNAT for all outbound traffic to public IPs, providing 2,496 SNAT ports for each additional PIP. - potentialBenefits: Avoids SNAT exhaustion. + potentialBenefits Avoids SNAT exhaustion. pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure Well-Architected Framework review - Azure Firewall - url: https://learn.microsoft.com/en-us/azure/well-architected/service-guides/azure-firewall#recommendations + - name: Azure Well-Architected Framework review - Azure Firewall + url: "https://learn.microsoft.com/en-us/azure/well-architected/service-guides/azure-firewall#recommendations" - description: Monitor AZFW Latency Probes metric aprlGuid: 8faace2d-a36e-425c-aa58-2ad99e3e0b7a @@ -106,15 +106,15 @@ recommendationMetadataState: Active longDescription: | Creating a metric to monitor latency probes over 20ms for periods longer than 30mins helps identify when firewall instance CPUs are stressed, potentially indicating issues. - potentialBenefits: Improved CPU stress detection + potentialBenefits Improved CPU stress detection pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure Well-Architected Framework review - Azure Firewall - url: https://learn.microsoft.com/azure/well-architected/service-guides/azure-firewall#recommendations - - name: Azure Firewall metrics overview - url: https://learn.microsoft.com/azure/firewall/metrics + - name: Azure Well-Architected Framework review - Azure Firewall + url: "https://learn.microsoft.com/azure/well-architected/service-guides/azure-firewall#recommendations" + - name: Azure Firewall metrics overview + url: "https://learn.microsoft.com/azure/firewall/metrics" diff --git a/azure-resources/Network/connections/recommendations.yaml b/azure-resources/Network/connections/recommendations.yaml index 94b4522b5..bd3c2d8d0 100644 --- a/azure-resources/Network/connections/recommendations.yaml +++ b/azure-resources/Network/connections/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | ExpressRoute gateways facilitate network traffic and route exchanges. FastPath enhances on-premises to virtual network data path performance by directing traffic straight to virtual machines, bypassing the gateway for improved resiliency through reduced gateway utilization. - potentialBenefits: Enhances speed & resiliency + potentialBenefits Enhances speed & resiliency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: About ExpressRoute FastPath - url: https://learn.microsoft.com/en-us/azure/expressroute/about-fastpath + - name: About ExpressRoute FastPath + url: "https://learn.microsoft.com/en-us/azure/expressroute/about-fastpath" - description: Configure an Azure Resource Lock on connections to prevent accidental deletion aprlGuid: a5f3a4bd-4cf1-4196-a3cb-f5a0876198b2 @@ -26,13 +26,13 @@ recommendationMetadataState: Active longDescription: | Configure an Azure Resource lock for Gateway Connection resources to prevent accidental deletion and maintain connectivity between on-premises networks and Azure workloads. - potentialBenefits: Prevents accidental deletion of connections + potentialBenefits Prevents accidental deletion of connections pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Protect your Azure resources with a lock - Azure Resource Manager | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json + - name: Protect your Azure resources with a lock - Azure Resource Manager | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json" diff --git a/azure-resources/Network/ddosProtectionPlans/recommendations.yaml b/azure-resources/Network/ddosProtectionPlans/recommendations.yaml index fb130d735..e16b82766 100644 --- a/azure-resources/Network/ddosProtectionPlans/recommendations.yaml +++ b/azure-resources/Network/ddosProtectionPlans/recommendations.yaml @@ -7,13 +7,13 @@ recommendationMetadataState: Active longDescription: | Azure DDoS Plan metrics differentiate packets and bytes by tags: null Dropped (packets scrubbed by DDoS), Forwarded (packets to VIP not filtered), and No tag (total packets, sum of dropped and forwarded). - potentialBenefits: Enhanced security & traffic insight + potentialBenefits Enhanced security & traffic insight pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Monitoring Azure DDoS Protection - url: https://learn.microsoft.com/en-us/azure/ddos-protection/monitor-ddos-protection-reference + - name: Monitoring Azure DDoS Protection + url: "https://learn.microsoft.com/en-us/azure/ddos-protection/monitor-ddos-protection-reference" diff --git a/azure-resources/Network/expressRouteCircuits/recommendations.yaml b/azure-resources/Network/expressRouteCircuits/recommendations.yaml index 1ba4fb6fb..3fc3f662f 100644 --- a/azure-resources/Network/expressRouteCircuits/recommendations.yaml +++ b/azure-resources/Network/expressRouteCircuits/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Connecting each ExpressRoute Gateway to a minimum of two circuits in different peering locations enhances redundancy and reliability by ensuring alternate pathways for data in case one circuit fails. - potentialBenefits: Enhanced reliability & redundancy + potentialBenefits Enhanced reliability & redundancy pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Designing for disaster recovery with ExpressRoute private peering - url: https://learn.microsoft.com/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering + - name: Designing for disaster recovery with ExpressRoute private peering + url: "https://learn.microsoft.com/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering" - description: Ensure ExpressRoute's physical links connect to distinct network edge devices aprlGuid: 0e19cc41-8274-1342-b0db-0e4146eacef8 @@ -26,17 +26,17 @@ recommendationMetadataState: Active longDescription: | Microsoft or the ExpressRoute provider always ensures physical redundancy in their services. It's essential to maintain this level of physical redundancy (two devices, two links) from the ExpressRoute peering location to your network for optimal performance and reliability. - potentialBenefits: Enhanced reliability & fault tolerance + potentialBenefits Enhanced reliability & fault tolerance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Designing for high availability with ExpressRoute - url: https://learn.microsoft.com/en-us/azure/expressroute/designing-for-high-availability-with-expressroute - - name: Azure Well-Architected Framework review - Azure ExpressRoute - Design Checklist - url: https://learn.microsoft.com/azure/well-architected/services/networking/azure-expressroute#recommendations + - name: Designing for high availability with ExpressRoute + url: "https://learn.microsoft.com/en-us/azure/expressroute/designing-for-high-availability-with-expressroute" + - name: Azure Well-Architected Framework review - Azure ExpressRoute - Design Checklist + url: "https://learn.microsoft.com/azure/well-architected/services/networking/azure-expressroute#recommendations" - description: Ensure both connections of an ExpressRoute circuit are configured in active-active mode aprlGuid: f06a2bbe-5839-d447-9f39-fc3d20562d88 @@ -47,15 +47,15 @@ recommendationMetadataState: Active longDescription: | Operating both connections of an ExpressRoute circuit in active-active mode enhances high availability as the Microsoft network will load balance the traffic across the connections on a per-flow basis. - potentialBenefits: Improved high availability and load balancing + potentialBenefits Improved high availability and load balancing pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Designing for high availability with ExpressRoute - Active-active connections - url: https://learn.microsoft.com/azure/expressroute/designing-for-high-availability-with-expressroute#active-active-connections + - name: Designing for high availability with ExpressRoute - Active-active connections + url: "https://learn.microsoft.com/azure/expressroute/designing-for-high-availability-with-expressroute#active-active-connections" - description: Activate Bidirectional Forwarding Detection on edge devices for faster failover aprlGuid: 2a5bf650-586d-db4c-a292-d922be7d3e0e @@ -66,15 +66,15 @@ recommendationMetadataState: Active longDescription: | Enabling BFD over ExpressRoute speeds up link failure detection between MSEE devices and routers configured for ExpressRoute (CE/PE), applicable over both customer and Partner Edge routing devices with managed Layer 3 service. - potentialBenefits: Faster link failure detection + potentialBenefits Faster link failure detection pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Configure BFD over ExpressRoute - url: https://learn.microsoft.com/azure/expressroute/expressroute-bfd + - name: Configure BFD over ExpressRoute + url: "https://learn.microsoft.com/azure/expressroute/expressroute-bfd" - description: Configure monitoring and alerting for ExpressRoute circuits aprlGuid: 9771a435-d031-814e-9827-9b5fdafc0f87 @@ -85,19 +85,19 @@ recommendationMetadataState: Active longDescription: | Use Network Insights for monitoring ExpressRoute circuit availability, QoS, and throughput. Set alerts based on Azure Monitor Baseline Alerts for availability, QoS metrics, and throughput metrics exceeding specific thresholds. - potentialBenefits: Enhanced network performance & health + potentialBenefits Enhanced network performance & health pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure ExpressRoute Insights using Network Insights | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/expressroute/expressroute-network-insights - - name: Monitoring Azure ExpressRoute - url: https://learn.microsoft.com/azure/expressroute/monitor-expressroute - - name: Configure Traffic Collector for ExpressRoute Direct - Azure ExpressRoute | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/expressroute/how-to-configure-traffic-collector#deploy-expressroute-traffic-collector + - name: Azure ExpressRoute Insights using Network Insights | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/expressroute/expressroute-network-insights" + - name: Monitoring Azure ExpressRoute + url: "https://learn.microsoft.com/azure/expressroute/monitor-expressroute" + - name: Configure Traffic Collector for ExpressRoute Direct - Azure ExpressRoute | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/expressroute/how-to-configure-traffic-collector#deploy-expressroute-traffic-collector" - description: Configure service health to receive ExpressRoute circuit maintenance notification aprlGuid: 26cb547f-aabc-dc40-be02-d0a9b6b04b1a @@ -108,15 +108,15 @@ recommendationMetadataState: Active longDescription: | ExpressRoute leverages service health for notifications on both planned and unplanned maintenance, ensuring users are informed about any changes to their ExpressRoute circuits. - potentialBenefits: Stay informed on circuit updates + potentialBenefits Stay informed on circuit updates pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: How to view and configure alerts for Azure ExpressRoute circuit maintenance - url: https://learn.microsoft.com/azure/expressroute/maintenance-alerts + - name: How to view and configure alerts for Azure ExpressRoute circuit maintenance + url: "https://learn.microsoft.com/azure/expressroute/maintenance-alerts" - description: Use a site-to-site VPN as an interim backup solution for a single ExpressRoute circuit aprlGuid: f902cf86-2b53-2942-abc2-781f4fb62be6 @@ -127,13 +127,13 @@ recommendationMetadataState: Active longDescription: | If you haven't added a second ExpressRoute circuit, use a site-to-site VPN as a temporary solution until the second circuit is available. This ensures network reliability and continuity of service. - potentialBenefits: Ensures continuity & reliability + potentialBenefits Ensures continuity & reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Using S2S VPN as a backup for ExpressRoute private peering - url: https://learn.microsoft.com/azure/expressroute/use-s2s-vpn-as-backup-for-expressroute-privatepeering + - name: Using S2S VPN as a backup for ExpressRoute private peering + url: "https://learn.microsoft.com/azure/expressroute/use-s2s-vpn-as-backup-for-expressroute-privatepeering" diff --git a/azure-resources/Network/expressRoutePorts/recommendations.yaml b/azure-resources/Network/expressRoutePorts/recommendations.yaml index 7cb7cc0cf..177ffae12 100644 --- a/azure-resources/Network/expressRoutePorts/recommendations.yaml +++ b/azure-resources/Network/expressRoutePorts/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | In Azure ExpressRoute Direct, the "Admin State" indicates the administrative status of layer 1 links, showing if a link is enabled or disabled, effectively turning the physical port on or off. - potentialBenefits: Ensures optimal connectivity. + potentialBenefits Ensures optimal connectivity. pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: How to configure ExpressRoute Direct: Change Admin State of links - url: https://learn.microsoft.com/en-us/azure/expressroute/expressroute-howto-erdirect#state + - name: How to configure ExpressRoute Direct: Change Admin State of links + url: "https://learn.microsoft.com/en-us/azure/expressroute/expressroute-howto-erdirect#state" - description: Ensure you do not over-subscribe an ExpressRoute Direct aprlGuid: 0bee356b-7348-4799-8cab-0c71ffe13018 @@ -26,15 +26,15 @@ recommendationMetadataState: Active longDescription: | Provisioning ExpressRoute circuits on a 10-Gbps or 100-Gbps ExpressRoute Direct resource up to 20-Gbps or 200-Gbps is possible but not recommended for resiliency. If an ExpressRoute Direct port fails, and circuits are using full capacity, the remaining port won't handle the extra load. - potentialBenefits: Improves resilience during port failures + potentialBenefits Improves resilience during port failures pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: About ExpressRoute Direct: Circuit Sizes - url: https://learn.microsoft.com/en-us/azure/expressroute/expressroute-erdirect-about?source=recommendations#circuit-sizes + - name: About ExpressRoute Direct: Circuit Sizes + url: "https://learn.microsoft.com/en-us/azure/expressroute/expressroute-erdirect-about?source=recommendations#circuit-sizes" - description: Implement rate-limiting across ExpressRoute Direct Circuits to optimize network flow aprlGuid: d40c769d-2f08-4980-8d8f-a386946276e6 @@ -45,13 +45,13 @@ recommendationMetadataState: Active longDescription: | Rate limiting controls traffic volume between on-premises networks and Azure via ExpressRoute Direct, applying to private or Microsoft peering. It distributes port bandwidth, ensures stability, and prevents congestion, with steps outlined for enabling on circuits. - potentialBenefits: Optimizes network, prevents congestion + potentialBenefits Optimizes network, prevents congestion pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Rate limiting for ExpressRoute Direct circuits (Preview) - url: https://learn.microsoft.com/en-us/azure/expressroute/rate-limit + - name: Rate limiting for ExpressRoute Direct circuits (Preview) + url: "https://learn.microsoft.com/en-us/azure/expressroute/rate-limit" diff --git a/azure-resources/Network/loadBalancers/recommendations.yaml b/azure-resources/Network/loadBalancers/recommendations.yaml index 74758fbd8..2b6d6cad9 100644 --- a/azure-resources/Network/loadBalancers/recommendations.yaml +++ b/azure-resources/Network/loadBalancers/recommendations.yaml @@ -7,17 +7,17 @@ recommendationMetadataState: Active longDescription: | Selecting Standard SKU Load Balancer enhances reliability through availability zones and zone resiliency, ensuring deployments withstand zone and region failures. Unlike Basic, it supports global load balancing and offers an SLA. - potentialBenefits: Enhanced reliability & SLA support + potentialBenefits Enhanced reliability & SLA support pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Reliability and Azure Load Balancer - url: https://learn.microsoft.com/azure/architecture/framework/services/networking/azure-load-balancer/reliability - - name: Resiliency checklist for specific Azure services- Azure Load Balancer - url: https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#azure-load-balancer + - name: Reliability and Azure Load Balancer + url: "https://learn.microsoft.com/azure/architecture/framework/services/networking/azure-load-balancer/reliability" + - name: Resiliency checklist for specific Azure services- Azure Load Balancer + url: "https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#azure-load-balancer" - description: Ensure the Backend Pool contains at least two instances aprlGuid: 6d82d042-6d61-ad49-86f0-6a5455398081 @@ -28,15 +28,15 @@ recommendationMetadataState: Active longDescription: | Deploying Azure Load Balancers with at least two instances in the backend prevents a single point of failure and supports scalability. Pairing with Virtual Machine Scale Sets is advised for optimal scale building. - potentialBenefits: Enhances reliability & scalability + potentialBenefits Enhances reliability & scalability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Resiliency checklist for specific Azure services- Azure Load Balancer - url: https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#azure-load-balancer + - name: Resiliency checklist for specific Azure services- Azure Load Balancer + url: "https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#azure-load-balancer" - description: Use NAT Gateway instead of Outbound Rules for Production Workloads aprlGuid: 8d319a05-677b-944f-b9b4-ca0fb42e883c @@ -47,15 +47,15 @@ recommendationMetadataState: Active longDescription: | Outbound rules for Standard Public Load Balancer involve manual port allocation for backend pools, limiting scalability and risk of SNAT port exhaustion. NAT Gateway is recommended for its dynamic scaling and secure internet connectivity. - potentialBenefits: Enhanced scalability and reliability + potentialBenefits Enhanced scalability and reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Resiliency checklist for specific Azure services- Azure Load Balancer - url: https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#azure-load-balancer + - name: Resiliency checklist for specific Azure services- Azure Load Balancer + url: "https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#azure-load-balancer" - description: Ensure Standard Load Balancer is zone-redundant aprlGuid: 621dbc78-3745-4d32-8eac-9e65b27b7512 @@ -66,13 +66,13 @@ recommendationMetadataState: Active longDescription: | In regions with Availability Zones, assigning a zone-redundant frontend IP to a Standard Load Balancer ensures continuous traffic distribution even if one availability zone fails, provided other healthy zones and backend instances are available to receive the traffic. - potentialBenefits: Enhances uptime & resilience + potentialBenefits Enhances uptime & resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Load Balancer and Availability Zones - url: https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-availability-zones#zone-redundant + - name: Load Balancer and Availability Zones + url: "https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-availability-zones#zone-redundant" diff --git a/azure-resources/Network/networkSecurityGroups/recommendations.yaml b/azure-resources/Network/networkSecurityGroups/recommendations.yaml index 8b9a83259..0a5502dee 100644 --- a/azure-resources/Network/networkSecurityGroups/recommendations.yaml +++ b/azure-resources/Network/networkSecurityGroups/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Resource Logs are not collected and stored until you create a diagnostic setting and route them to one or more locations. - potentialBenefits: Enhanced monitoring & security insights + potentialBenefits Enhanced monitoring & security insights pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Diagnostic settings in Azure Monitor - url: https://learn.microsoft.com/azure/azure-monitor/essentials/diagnostic-settings + - name: Diagnostic settings in Azure Monitor + url: "https://learn.microsoft.com/azure/azure-monitor/essentials/diagnostic-settings" - description: Monitor changes in Network Security Groups with Azure Monitor aprlGuid: 8bb4a57b-55e4-d24e-9c19-2679d8bc779f @@ -26,15 +26,15 @@ recommendationMetadataState: Active longDescription: | Create Alerts with Azure Monitor for operations like creating or updating Network Security Group rules to catch unauthorized/undesired changes to resources and spot attempts to bypass firewalls or access resources from the outside. - potentialBenefits: Enhanced security and change monitoring + potentialBenefits Enhanced security and change monitoring pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Monitor activity log - url: https://learn.microsoft.com/azure/azure-monitor/essentials/activity-log?tabs=powershell + - name: Azure Monitor activity log + url: "https://learn.microsoft.com/azure/azure-monitor/essentials/activity-log?tabs=powershell" - description: Configure locks for Network Security Groups to avoid accidental changes and/or deletion aprlGuid: 52ac35e8-9c3e-f84d-8ce8-2fab955333d3 @@ -45,15 +45,15 @@ recommendationMetadataState: Active longDescription: | As an administrator, you can lock an Azure subscription, resource group, or resource to protect them from accidental deletions and modifications. The lock overrides user permissions. Locks can prevent either deletions or modifications and are known as Delete and Read-only in the portal. - potentialBenefits: Prevents accidental edits/deletions + potentialBenefits Prevents accidental edits/deletions pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Lock your resources to protect your infrastructure - url: https://learn.microsoft.com/azure/azure-resource-manager/management/lock-resources?toc=%2Fazure%2Fvirtual-network%2Ftoc.json&tabs=json + - name: Lock your resources to protect your infrastructure + url: "https://learn.microsoft.com/azure/azure-resource-manager/management/lock-resources?toc=%2Fazure%2Fvirtual-network%2Ftoc.json&tabs=json" - description: Configure NSG Flow Logs aprlGuid: da1a3c06-d1d5-a940-9a99-fcc05966fe7c @@ -64,15 +64,15 @@ recommendationMetadataState: Active longDescription: | Monitoring, managing, and understanding your network is crucial for protection and optimization. Knowing the current state, who and from where connections are made, open internet ports, expected and irregular behavior, and traffic spikes is essential. - potentialBenefits: Enhances security & optimizes network + potentialBenefits Enhances security & optimizes network pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Flow logging for network security groups - url: https://learn.microsoft.com/azure/network-watcher/network-watcher-nsg-flow-logging-overview + - name: Flow logging for network security groups + url: "https://learn.microsoft.com/azure/network-watcher/network-watcher-nsg-flow-logging-overview" - description: The NSG only has Default Security Rules, make sure to configure the necessary rules aprlGuid: 8291c1fa-650c-b44b-b008-4deb7465919d @@ -83,13 +83,13 @@ recommendationMetadataState: Active longDescription: | Azure network security groups filter network traffic between resources in a virtual network, using security rules to allow or deny inbound or outbound traffic based on source, destination, port, and protocol. - potentialBenefits: Enhanced traffic control & security + potentialBenefits Enhanced traffic control & security pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Security rules - url: https://learn.microsoft.com/azure/virtual-network/network-security-groups-overview#security-rules + - name: Security rules + url: "https://learn.microsoft.com/azure/virtual-network/network-security-groups-overview#security-rules" diff --git a/azure-resources/Network/networkWatchers/recommendations.yaml b/azure-resources/Network/networkWatchers/recommendations.yaml index cf1b542e1..0f33310f2 100644 --- a/azure-resources/Network/networkWatchers/recommendations.yaml +++ b/azure-resources/Network/networkWatchers/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Azure Network Watcher offers tools for monitoring, diagnosing, viewing metrics, and managing logs for IaaS resources. It helps maintain the health of VMs, VNets, application gateways, load balancers, but not for PaaS or Web analytics. - potentialBenefits: Enhanced monitoring & diagnostics for Azure IaaS + potentialBenefits Enhanced monitoring & diagnostics for Azure IaaS pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: What is Azure Network Watcher? - url: https://learn.microsoft.com/azure/network-watcher/network-watcher-overview + - name: What is Azure Network Watcher? + url: "https://learn.microsoft.com/azure/network-watcher/network-watcher-overview" - description: Fix Flow Log configurations in Failed state or Disabled Status aprlGuid: 22a769ed-0ecb-8b49-bafe-8f52e6373d9c @@ -26,13 +26,13 @@ recommendationMetadataState: Active longDescription: | Network security group flow logging is a feature of Azure Network Watcher that logs IP traffic info through a network security group. If in Failed state, monitoring data from the associated resource is not collected. - potentialBenefits: Ensures IP traffic logging + potentialBenefits Ensures IP traffic logging pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Manage NSG flow logs using the Azure portal - url: https://learn.microsoft.com/azure/network-watcher/nsg-flow-logging + - name: Manage NSG flow logs using the Azure portal + url: "https://learn.microsoft.com/azure/network-watcher/nsg-flow-logging" diff --git a/azure-resources/Network/privateDnsZones/recommendations.yaml b/azure-resources/Network/privateDnsZones/recommendations.yaml index 7cf47e51d..9fd484531 100644 --- a/azure-resources/Network/privateDnsZones/recommendations.yaml +++ b/azure-resources/Network/privateDnsZones/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Private DNS zones and records are critical and their deletion can cause service outages. To protect against unauthorized or accidental changes, the Private DNS Zone Contributor role, a built-in role for managing these resources, should be assigned to specific users or groups. - potentialBenefits: Prevents DNS outages + potentialBenefits Prevents DNS outages pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Protecting private DNS Zones and Records - Azure DNS - url: https://learn.microsoft.com/en-us/azure/dns/dns-protect-private-zones-recordsets + - name: Protecting private DNS Zones and Records - Azure DNS + url: "https://learn.microsoft.com/en-us/azure/dns/dns-protect-private-zones-recordsets" - description: Monitor Private DNS Zones health and set up alerts aprlGuid: ab896e8c-49b9-2c44-adec-98339aff7821 @@ -26,15 +26,15 @@ recommendationMetadataState: Active longDescription: | The records in a private DNS zone are only resolvable from linked virtual networks. You can link a private DNS zone to multiple networks and enable autoregistration to manage DNS records for virtual machines automatically. - potentialBenefits: Enhanced DNS reliability & alerting + potentialBenefits Enhanced DNS reliability & alerting pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Scenarios for Azure Private DNS zones - url: https://learn.microsoft.com/en-us/azure/dns/private-dns-scenarios + - name: Scenarios for Azure Private DNS zones + url: "https://learn.microsoft.com/en-us/azure/dns/private-dns-scenarios" - description: Align Production and DR zones with identical workload and resource failover entries aprlGuid: 1e02335c-1f90-fd4e-a5a5-d359c7b22d70 @@ -45,13 +45,13 @@ recommendationMetadataState: Active longDescription: | Azure Private DNS offers a reliable, secure way to handle domain names within virtual networks, using custom domains instead of default Azure names. Records in these zones aren't internet-accessible, only resolvable within linked virtual networks. - potentialBenefits: Ensures seamless failover for DNS + potentialBenefits Ensures seamless failover for DNS pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Scenarios for Azure Private DNS zones - url: https://learn.microsoft.com/en-us/azure/dns/private-dns-scenarios + - name: Scenarios for Azure Private DNS zones + url: "https://learn.microsoft.com/en-us/azure/dns/private-dns-scenarios" diff --git a/azure-resources/Network/privateEndpoints/recommendations.yaml b/azure-resources/Network/privateEndpoints/recommendations.yaml index 656d5a598..e5c423991 100644 --- a/azure-resources/Network/privateEndpoints/recommendations.yaml +++ b/azure-resources/Network/privateEndpoints/recommendations.yaml @@ -7,13 +7,13 @@ recommendationMetadataState: Active longDescription: | A private endpoint has two custom properties, static IP address and the network interface name, which must be set at creation. If not in Succeeded state, there may be issues with the endpoint or associated resource. - potentialBenefits: Enhanced connection reliability + potentialBenefits Enhanced connection reliability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Private endpoint connections - url: https://learn.microsoft.com/azure/private-link/manage-private-endpoint?tabs=manage-private-link-powershell#private-endpoint-connections + - name: Private endpoint connections + url: "https://learn.microsoft.com/azure/private-link/manage-private-endpoint?tabs=manage-private-link-powershell#private-endpoint-connections" diff --git a/azure-resources/Network/publicIPAddresses/recommendations.yaml b/azure-resources/Network/publicIPAddresses/recommendations.yaml index 1bd87ae7b..e46313311 100644 --- a/azure-resources/Network/publicIPAddresses/recommendations.yaml +++ b/azure-resources/Network/publicIPAddresses/recommendations.yaml @@ -7,17 +7,17 @@ recommendationMetadataState: Active longDescription: | Public IP addresses in Azure can be of standard SKU, available as non-zonal, zonal, or zone-redundant. Zone-redundant IPs are accessible across all zones, resisting any single zone failure, thereby providing higher resilience. - potentialBenefits: Enhanced resilience with zone redundancy + potentialBenefits Enhanced resilience with zone redundancy pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Public IP addresses - Availability Zones - url: https://learn.microsoft.com/azure/virtual-network/ip-services/public-ip-addresses#availability-zone - - name: Upgrading a basic public IP address to Standard SKU - url: https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-basic-upgrade-guidance#steps-to-complete-the-upgrade + - name: Public IP addresses - Availability Zones + url: "https://learn.microsoft.com/azure/virtual-network/ip-services/public-ip-addresses#availability-zone" + - name: Upgrading a basic public IP address to Standard SKU + url: "https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-basic-upgrade-guidance#steps-to-complete-the-upgrade" - description: Use NAT gateway for outbound connectivity to avoid SNAT Exhaustion aprlGuid: 1adba190-5c4c-e646-8527-dd1b2a6d8b15 @@ -28,17 +28,17 @@ recommendationMetadataState: Active longDescription: | Prevent connectivity failures due to SNAT port exhaustion by employing NAT gateway for outbound traffic from virtual networks, ensuring dynamic scaling and secure internet connections. - potentialBenefits: Avoids SNAT port exhaustion risks + potentialBenefits Avoids SNAT port exhaustion risks pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Use NAT GW for outbound connectivity - url: https://learn.microsoft.com/azure/advisor/advisor-reference-reliability-recommendations#use-nat-gateway-for-outbound-connectivity - - name: TCP and SNAT Ports - url: https://learn.microsoft.com/azure/architecture/framework/services/compute/azure-app-service/reliability#tcp-and-snat-ports + - name: Use NAT GW for outbound connectivity + url: "https://learn.microsoft.com/azure/advisor/advisor-reference-reliability-recommendations#use-nat-gateway-for-outbound-connectivity" + - name: TCP and SNAT Ports + url: "https://learn.microsoft.com/azure/architecture/framework/services/compute/azure-app-service/reliability#tcp-and-snat-ports" - description: Upgrade Basic SKU public IP addresses to Standard SKU aprlGuid: 5cea1501-6fe4-4ec4-ac8f-f72320eb18d3 @@ -49,15 +49,15 @@ recommendationMetadataState: Active longDescription: | Basic SKU public IP addresses will be retired on September 30, 2025. Users are advised to upgrade to Standard SKU public IP addresses before this date to avoid service disruptions. - potentialBenefits: Avoids service disruption + potentialBenefits Avoids service disruption pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Upgrading a basic public IP address to Standard SKU - Guidance - url: https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-basic-upgrade-guidance - - name: Upgrade to Standard SKU public IP addresses in Azure by 30 September 2025�Basic SKU will be retired - url: https://azure.microsoft.com/en-us/updates/upgrade-to-standard-sku-public-ip-addresses-in-azure-by-30-september-2025-basic-sku-will-be-retired/ + - name: Upgrading a basic public IP address to Standard SKU - Guidance + url: "https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-basic-upgrade-guidance" + - name: Upgrade to Standard SKU public IP addresses in Azure by 30 September 2025�Basic SKU will be retired + url: "https://azure.microsoft.com/en-us/updates/upgrade-to-standard-sku-public-ip-addresses-in-azure-by-30-september-2025-basic-sku-will-be-retired/" diff --git a/azure-resources/Network/routeTables/recommendations.yaml b/azure-resources/Network/routeTables/recommendations.yaml index 3cc7cb88d..521c634bb 100644 --- a/azure-resources/Network/routeTables/recommendations.yaml +++ b/azure-resources/Network/routeTables/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Create Alerts with Azure Monitor for operations like Create or Update Route Table to spot unauthorized/undesired changes in production resources. This setup aids in identifying improper routing changes, including efforts to evade firewalls or access resources from outside. - potentialBenefits: Enhanced security & change detection + potentialBenefits Enhanced security & change detection pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure activity log - Azure Monitor | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log?tabs=powershell + - name: Azure activity log - Azure Monitor | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log?tabs=powershell" - description: Configure locks for Route Tables to avoid accidental changes or deletion aprlGuid: 89d1166a-1a20-0f46-acc8-3194387bf127 @@ -26,13 +26,13 @@ recommendationMetadataState: Active longDescription: | As an administrator, you can protect Azure subscriptions, resource groups, or resources from accidental deletions and modifications by setting locks. - potentialBenefits: Prevents accidental edits/deletions + potentialBenefits Prevents accidental edits/deletions pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Protect your Azure resources with a lock - Azure Resource Manager | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?toc=%2Fazure%2Fvirtual-network%2Ftoc.json&tabs=json + - name: Protect your Azure resources with a lock - Azure Resource Manager | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?toc=%2Fazure%2Fvirtual-network%2Ftoc.json&tabs=json" diff --git a/azure-resources/Network/trafficmanagerprofiles/recommendations.yaml b/azure-resources/Network/trafficmanagerprofiles/recommendations.yaml index 548d5c414..edc5853d8 100644 --- a/azure-resources/Network/trafficmanagerprofiles/recommendations.yaml +++ b/azure-resources/Network/trafficmanagerprofiles/recommendations.yaml @@ -7,19 +7,19 @@ recommendationMetadataState: Active longDescription: | Monitor status should be online to ensure failover for application workload. If Traffic Manager's health shows Degraded, one or more endpoints may also be Degraded. - potentialBenefits: Ensures failover functionality + potentialBenefits Ensures failover functionality pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Traffic Manager endpoint monitoring - url: https://learn.microsoft.com/azure/traffic-manager/traffic-manager-monitoring - - name: Enable or disable health checks - url: https://learn.microsoft.com/azure/traffic-manager/traffic-manager-monitoring#enable-or-disable-health-checks-preview - - name: Troubleshooting degraded state on Azure Traffic Manager - url: https://learn.microsoft.com/azure/traffic-manager/traffic-manager-troubleshooting-degraded + - name: Azure Traffic Manager endpoint monitoring + url: "https://learn.microsoft.com/azure/traffic-manager/traffic-manager-monitoring" + - name: Enable or disable health checks + url: "https://learn.microsoft.com/azure/traffic-manager/traffic-manager-monitoring#enable-or-disable-health-checks-preview" + - name: Troubleshooting degraded state on Azure Traffic Manager + url: "https://learn.microsoft.com/azure/traffic-manager/traffic-manager-troubleshooting-degraded" - description: Traffic manager profiles should have more than one endpoint aprlGuid: 5b422a7f-8caa-3d48-becb-511599e5bba9 @@ -30,15 +30,15 @@ recommendationMetadataState: Active longDescription: | When configuring the Azure traffic manager, provision at least two endpoints to ensure workloads can fail-over to another instance, enhancing reliability and availability. - potentialBenefits: Enhances failover capabilities + potentialBenefits Enhances failover capabilities pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Traffic Manager Endpoint Types - url: https://learn.microsoft.com/azure/traffic-manager/traffic-manager-endpoint-types + - name: Traffic Manager Endpoint Types + url: "https://learn.microsoft.com/azure/traffic-manager/traffic-manager-endpoint-types" - description: Configure at least one endpoint within a another region aprlGuid: 1ad9d7b7-9692-1441-a8f4-93792efbe97a @@ -49,16 +49,16 @@ recommendationMetadataState: Active longDescription: | Profiles should have multiple endpoints to ensure availability in case an endpoint fails. It's also advised to distribute these endpoints across different regions for enhanced reliability. - potentialBenefits: Enhances availability across regions + potentialBenefits Enhances availability across regions pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Reliability recommendations + - name: Reliability recommendations - url: https://learn.microsoft.com/azure/advisor/advisor-reference-reliability-recommendations#add-at-least-one-more-endpoint-to-the-profile-preferably-in-another-azure-region + url: "https://learn.microsoft.com/azure/advisor/advisor-reference-reliability-recommendations#add-at-least-one-more-endpoint-to-the-profile-preferably-in-another-azure-region" - description: Ensure endpoint configured to (All World) for geographic profiles aprlGuid: c31f76a0-48cd-9f44-aa43-99ee904db9bc @@ -69,15 +69,15 @@ recommendationMetadataState: Active longDescription: | For geographic routing, traffic is directed to endpoints based on specific regions. If a region fails, without a predefined failover, configuring an endpoint to "All (World)" for geographic profiles can prevent traffic black holes, ensuring service remains available. - potentialBenefits: Avoids traffic black holing, ensures availability + potentialBenefits Avoids traffic black holing, ensures availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Add an endpoint configured to "All (World)" - url: https://learn.microsoft.com/azure/advisor/advisor-reference-reliability-recommendations#add-an-endpoint-configured-to-all-world - - name: Traffic Manager profile - GeographicProfile (Add an endpoint configured to ""All (World)""). - url: https://aka.ms/Rf7vc5 + - name: Add an endpoint configured to "All (World)" + url: "https://learn.microsoft.com/azure/advisor/advisor-reference-reliability-recommendations#add-an-endpoint-configured-to-all-world" + - name: Traffic Manager profile - GeographicProfile (Add an endpoint configured to ""All (World)""). + url: "https://aka.ms/Rf7vc5" diff --git a/azure-resources/Network/virtualNetworkGateways/recommendations.yaml b/azure-resources/Network/virtualNetworkGateways/recommendations.yaml index 6834580f3..aaf52a031 100644 --- a/azure-resources/Network/virtualNetworkGateways/recommendations.yaml +++ b/azure-resources/Network/virtualNetworkGateways/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | To increase reliability, it's advised that each ExpressRoute Gateway connects to at least two circuits, with each circuit originating from a different peering location than the other, ensuring diverse connectivity paths for enhanced resilience. - potentialBenefits: Enhanced resiliency for Azure service + potentialBenefits Enhanced resiliency for Azure service pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Designing for disaster recovery with ExpressRoute private peering - url: https://learn.microsoft.com/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering + - name: Designing for disaster recovery with ExpressRoute private peering + url: "https://learn.microsoft.com/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering" - description: Use Zone-redundant gateway SKUs aprlGuid: bbe668b7-eb5c-c746-8b82-70afdedf0cae @@ -26,19 +26,19 @@ recommendationMetadataState: Active longDescription: | Azure ExpressRoute gateway offers variable SLAs based on deployment in single or multiple availability zones. To deploy virtual network gateways across zones automatically, use zone-redundant gateways for accessing critical, scalable services with increased resilience. - potentialBenefits: Enhanced SLA and resilience + potentialBenefits Enhanced SLA and resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: About ExpressRoute virtual network gateways - Zone-redundant gateway SKUs - url: https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways#zrgw - - name: About zone-redundant virtual network gateway in Azure availability zones - url: https://learn.microsoft.com/azure/vpn-gateway/about-zone-redundant-vnet-gateways - - name: Create a zone-redundant virtual network gateway in Azure Availability Zones - url: https://learn.microsoft.com/azure/vpn-gateway/create-zone-redundant-vnet-gateway + - name: About ExpressRoute virtual network gateways - Zone-redundant gateway SKUs + url: "https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways#zrgw" + - name: About zone-redundant virtual network gateway in Azure availability zones + url: "https://learn.microsoft.com/azure/vpn-gateway/about-zone-redundant-vnet-gateways" + - name: Create a zone-redundant virtual network gateway in Azure Availability Zones + url: "https://learn.microsoft.com/azure/vpn-gateway/create-zone-redundant-vnet-gateway" - description: Configure an Azure Resource lock for ExpressRoute Gateway to prevent accidental deletion aprlGuid: c0f23a92-d322-4d4d-97e9-a238b5e3bbb8 @@ -49,15 +49,15 @@ recommendationMetadataState: Active longDescription: | Configuring an Azure Resource lock for ExpressRoute Gateway prevents accidental deletion by enabling administrators to lock an Azure subscription, resource group, or resource, thereby protecting them from unintended user deletions and modifications, with the lock overriding all user permissions. - potentialBenefits: Prevents accidental deletions + potentialBenefits Prevents accidental deletions pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Protect your Azure resources with a lock - Azure Resource Manager | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json + - name: Protect your Azure resources with a lock - Azure Resource Manager | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json" - description: Monitor gateway health aprlGuid: 1c34faa8-8b99-974c-adbf-71922eae943c @@ -68,17 +68,17 @@ recommendationMetadataState: Active longDescription: | Use Network Insights for monitoring ExpressRoute Gateway's health, including availability, performance, and scalability. - potentialBenefits: Enhanced monitoring & alerting + potentialBenefits Enhanced monitoring & alerting pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: ExpressRoute monitoring, metrics, and alerts | ExpressRoute gateways - url: https://learn.microsoft.com/azure/expressroute/expressroute-monitoring-metrics-alerts#expressroute-gateways - - name: Azure ExpressRoute Insights using Network Insights - url: https://learn.microsoft.com/en-us/azure/expressroute/expressroute-network-insights + - name: ExpressRoute monitoring, metrics, and alerts | ExpressRoute gateways + url: "https://learn.microsoft.com/azure/expressroute/expressroute-monitoring-metrics-alerts#expressroute-gateways" + - name: Azure ExpressRoute Insights using Network Insights + url: "https://learn.microsoft.com/en-us/azure/expressroute/expressroute-network-insights" - description: Avoid using ExpressRoute circuits for VNet to VNet communication aprlGuid: 194c14ac-0d7a-5a48-ae32-75fa450ee564 @@ -89,15 +89,15 @@ recommendationMetadataState: Active longDescription: | While multiple VNets can connect via the same ExpressRoute Gateway, Microsoft recommends using alternatives like VNet peering, Azure Firewall, NVA, Azure Route Server, site-to-site VPN, virtual WAN, or SD-WAN for VNet-to-VNet communication to optimize network performance and management. - potentialBenefits: Enhanced VNet integration efficiency + potentialBenefits Enhanced VNet integration efficiency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: About ExpressRoute virtual network gateways - VNet-to-VNet connectivity - url: https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways#vnet-to-vnet-connectivity + - name: About ExpressRoute virtual network gateways - VNet-to-VNet connectivity + url: "https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways#vnet-to-vnet-connectivity" - description: Configure customer-controlled gateway maintenance aprlGuid: 3e115044-a3aa-433e-be01-ce17d67e50da @@ -108,15 +108,15 @@ recommendationMetadataState: Active longDescription: | ExpressRoute gateways are updated for improved functionality, reliability, performance, and security. Customer-controlled maintenance configuration and scheduling minimize update impact and align with your maintenance windows. - potentialBenefits: Minimizes update impact + potentialBenefits Minimizes update impact pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Configure customer-controlled maintenance for your virtual network gateway - ExpressRoute | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/expressroute/customer-controlled-gateway-maintenance#azure-portal-steps + - name: Configure customer-controlled maintenance for your virtual network gateway - ExpressRoute | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/expressroute/customer-controlled-gateway-maintenance#azure-portal-steps" - description: Choose a Zone-redundant gateway aprlGuid: 5b1933a6-90e4-f642-a01f-e58594e5aab2 @@ -127,19 +127,19 @@ recommendationMetadataState: Active longDescription: | Azure VPN gateway offers variable SLAs based on deployment in one or two availability zones. Deploying zone-redundant virtual network gateways across availability zones ensures zone-resiliency, improving access to mission-critical, scalable services on Azure. - potentialBenefits: Enhanced reliability and scalability + potentialBenefits Enhanced reliability and scalability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Zone redundant Virtual network gateway in availability zone - url: https://learn.microsoft.com/azure/vpn-gateway/about-zone-redundant-vnet-gateways - - name: Gateway SKU - url: https://learn.microsoft.com/azure/vpn-gateway/about-zone-redundant-vnet-gateways#gwskus - - name: SLA summary for Azure services - url: https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1 + - name: Zone redundant Virtual network gateway in availability zone + url: "https://learn.microsoft.com/azure/vpn-gateway/about-zone-redundant-vnet-gateways" + - name: Gateway SKU + url: "https://learn.microsoft.com/azure/vpn-gateway/about-zone-redundant-vnet-gateways#gwskus" + - name: SLA summary for Azure services + url: "https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1" - description: Plan for Active-Active mode aprlGuid: 281a2713-c0e0-3c48-b596-19f590c46671 @@ -150,17 +150,17 @@ recommendationMetadataState: Active longDescription: | The active-active mode is available for all SKUs except Basic, allowing for two Gateway IP configurations and two public IP addresses, enhancing redundancy and traffic handling. - potentialBenefits: Enhanced reliability & network capacity + potentialBenefits Enhanced reliability & network capacity pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Active-active VPN gateway - url: https://learn.microsoft.com/azure/vpn-gateway/active-active-portal#gateway - - name: Gateway SKU - url: https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsku + - name: Active-active VPN gateway + url: "https://learn.microsoft.com/azure/vpn-gateway/active-active-portal#gateway" + - name: Gateway SKU + url: "https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsku" - description: Deploy active-active VPN concentrators on your premises for maximum resiliency aprlGuid: af11fc4c-c06c-4f4c-b98d-6eee6d5c4c70 @@ -171,15 +171,15 @@ recommendationMetadataState: Active longDescription: | Deploying active-active VPN concentrators and Azure VPN Gateways maximizes resilience and availability using a fully-meshed topology with four IPSec tunnels. - potentialBenefits: Maximizes resilience & availability + potentialBenefits Maximizes resilience & availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Dual-redundancy: active-active VPN gateways for both Azure and on-premises networks - url: https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-highlyavailable#dual-redundancy-active-active-vpn-gateways-for-both-azure-and-on-premises-networks + - name: Dual-redundancy: active-active VPN gateways for both Azure and on-premises networks + url: "https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-highlyavailable#dual-redundancy-active-active-vpn-gateways-for-both-azure-and-on-premises-networks" - description: Monitor connections and gateway health aprlGuid: 9eab120e-f6d3-ee49-ba0d-766562ce7df1 @@ -190,15 +190,15 @@ recommendationMetadataState: Active longDescription: | Set up monitoring and alerts for Virtual Network Gateway health to utilize a variety of metrics for ensuring operational efficiency and prompt response to any disruptions. - potentialBenefits: Improved uptime and issue awareness + potentialBenefits Improved uptime and issue awareness pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: VPN gateway data reference - url: https://learn.microsoft.com/azure/vpn-gateway/monitor-vpn-gateway-reference + - name: VPN gateway data reference + url: "https://learn.microsoft.com/azure/vpn-gateway/monitor-vpn-gateway-reference" - description: Enable service health aprlGuid: 9186dae0-7ddc-8f4b-bea5-55538cea4893 @@ -209,17 +209,17 @@ recommendationMetadataState: Active longDescription: | VPN Gateway leverages service health to inform users about both planned and unplanned maintenance, ensuring they are notified about modifications to their VPN connectivity. - potentialBenefits: Improves VPN maintenance alerts + potentialBenefits Improves VPN maintenance alerts pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Getting started with Azure Metrics Explorer - url: https://learn.microsoft.com/azure/azure-monitor/essentials/metrics-getting-started - - name: Monitor VPN gateway - url: https://learn.microsoft.com/azure/vpn-gateway/monitor-vpn-gateway-reference#metrics + - name: Getting started with Azure Metrics Explorer + url: "https://learn.microsoft.com/azure/azure-monitor/essentials/metrics-getting-started" + - name: Monitor VPN gateway + url: "https://learn.microsoft.com/azure/vpn-gateway/monitor-vpn-gateway-reference#metrics" - description: Deploy zone-redundant VPN Gateways with zone-redundant Public IP(s) aprlGuid: 4bae5a28-5cf4-40d9-bcf1-623d28f6d917 @@ -230,13 +230,13 @@ recommendationMetadataState: Active longDescription: | For zone-redundant VPN Gateways, always use zone-redundant Standard SKU public IPs to avoid deploying all instances in one zone. This ensures the gateway's reliability, applying to both active-passive (single IP) and active-active (dual IP) setups. - potentialBenefits: Enhanced reliability & disaster recovery + potentialBenefits Enhanced reliability & disaster recovery pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: About zone-redundant virtual network gateway in Azure availability zones - url: https://learn.microsoft.com/azure/vpn-gateway/about-zone-redundant-vnet-gateways + - name: About zone-redundant virtual network gateway in Azure availability zones + url: "https://learn.microsoft.com/azure/vpn-gateway/about-zone-redundant-vnet-gateways" diff --git a/azure-resources/Network/virtualNetworks/recommendations.yaml b/azure-resources/Network/virtualNetworks/recommendations.yaml index 4dc311dab..aa9bd4c5c 100644 --- a/azure-resources/Network/virtualNetworks/recommendations.yaml +++ b/azure-resources/Network/virtualNetworks/recommendations.yaml @@ -7,21 +7,21 @@ recommendationMetadataState: Active longDescription: | Network security groups and application security groups allow filtering of inbound and outbound traffic by IP, port, and protocol, adding a security layer at the Subnet level. - potentialBenefits: Enhanced subnet security & traffic control + potentialBenefits Enhanced subnet security & traffic control pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Virtual Network - Concepts and best practices | Microsoft Learn - url: https://learn.microsoft.com/azure/virtual-network/concepts-and-best-practices - - name: GatewaySUbnet - url: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub - - name: Can I associate a network security group (NSG) to the RouteServerSubnet? - url: https://learn.microsoft.com/en-us/azure/route-server/route-server-faq#can-i-associate-a-network-security-group-nsg-to-the-routeserversubnet - - name: Are Network Security Groups (NSGs) supported on the AzureFirewallSubnet? - url: https://learn.microsoft.com/en-us/azure/firewall/firewall-faq#are-network-security-groups--nsgs--supported-on-the-azurefirewallsubnet + - name: Azure Virtual Network - Concepts and best practices | Microsoft Learn + url: "https://learn.microsoft.com/azure/virtual-network/concepts-and-best-practices" + - name: GatewaySUbnet + url: "https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub" + - name: Can I associate a network security group (NSG) to the RouteServerSubnet? + url: "https://learn.microsoft.com/en-us/azure/route-server/route-server-faq#can-i-associate-a-network-security-group-nsg-to-the-routeserversubnet" + - name: Are Network Security Groups (NSGs) supported on the AzureFirewallSubnet? + url: "https://learn.microsoft.com/en-us/azure/firewall/firewall-faq#are-network-security-groups--nsgs--supported-on-the-azurefirewallsubnet" - description: Shield public endpoints in Azure VNets with Azure DDoS Standard Protection Plans aprlGuid: 69ea1185-19b7-de40-9da1-9e8493547a5c @@ -32,15 +32,15 @@ recommendationMetadataState: Active longDescription: | Azure DDoS Protection offers enhanced mitigation features against DDoS attacks and is auto-tuned to protect specific resources in a virtual network, combined with application design best practices. - potentialBenefits: Enhanced DDoS attack mitigation + potentialBenefits Enhanced DDoS attack mitigation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Reliability and Azure Virtual Network - Microsoft Azure Well-Architected Framework | Microsoft Learn - url: https://learn.microsoft.com/azure/architecture/framework/services/networking/azure-virtual-network/reliability + - name: Reliability and Azure Virtual Network - Microsoft Azure Well-Architected Framework | Microsoft Learn + url: "https://learn.microsoft.com/azure/architecture/framework/services/networking/azure-virtual-network/reliability" - description: When available, use Private Endpoints instead of Service Endpoints for PaaS Services aprlGuid: 24ae3773-cc2c-3649-88de-c9788e25b463 @@ -51,17 +51,17 @@ recommendationMetadataState: Active longDescription: | Use VNet service endpoints only if Private Link isn't available and no data movement concerns. This feature restricts Azure service access to specified VNet and subnet, enhancing network security and isolating service traffic. - potentialBenefits: Enhanced security & data isolation + potentialBenefits Enhanced security & data isolation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Virtual Network FAQ | Microsoft Learn - url: https://learn.microsoft.com/azure/virtual-network/virtual-networks-faq - - name: Reliability and Network connectivity - Microsoft Azure Well-Architected Framework | Microsoft LearnNetworking Reliability - url: https://learn.microsoft.com/azure/architecture/framework/services/networking/network-connectivity/reliability - - name: Azure Private Link availability - url: https://learn.microsoft.com/en-us/azure/private-link/availability + - name: Azure Virtual Network FAQ | Microsoft Learn + url: "https://learn.microsoft.com/azure/virtual-network/virtual-networks-faq" + - name: Reliability and Network connectivity - Microsoft Azure Well-Architected Framework | Microsoft LearnNetworking Reliability + url: "https://learn.microsoft.com/azure/architecture/framework/services/networking/network-connectivity/reliability" + - name: Azure Private Link availability + url: "https://learn.microsoft.com/en-us/azure/private-link/availability" diff --git a/azure-resources/NetworkFunction/azureTrafficCollectors/recommendations.yaml b/azure-resources/NetworkFunction/azureTrafficCollectors/recommendations.yaml index d75ef716d..821b3782e 100644 --- a/azure-resources/NetworkFunction/azureTrafficCollectors/recommendations.yaml +++ b/azure-resources/NetworkFunction/azureTrafficCollectors/recommendations.yaml @@ -7,13 +7,13 @@ recommendationMetadataState: Active longDescription: | ExpressRoute Traffic Collector samples network flows over ExpressRoute Direct circuits, sending flow logs to a Log Analytics workspace for analysis or export to visualization tools/SIEM. - potentialBenefits: Enhanced network flow analysis & DR readiness + potentialBenefits Enhanced network flow analysis & DR readiness pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure ExpressRoute Traffic Collector - url: https://learn.microsoft.com/en-us/azure/expressroute/traffic-collector + - name: Azure ExpressRoute Traffic Collector + url: "https://learn.microsoft.com/en-us/azure/expressroute/traffic-collector" diff --git a/azure-resources/OperationalInsights/workspaces/recommendations.yaml b/azure-resources/OperationalInsights/workspaces/recommendations.yaml index 0b344bd0e..d79e6a49e 100644 --- a/azure-resources/OperationalInsights/workspaces/recommendations.yaml +++ b/azure-resources/OperationalInsights/workspaces/recommendations.yaml @@ -7,17 +7,17 @@ recommendationMetadataState: Active longDescription: | Data export in a Log Analytics workspace to an Azure Storage account enhances data protection against regional failures by using geo-redundant (GRS) or geo-zone-redundant storage (GZRS), mainly for compliance and integration with other Azure services and tools. - potentialBenefits: Enhances compliance and regional fault tolerance + potentialBenefits Enhances compliance and regional fault tolerance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Log Analytics workspace data export in Azure Monitor - url: https://learn.microsoft.com/azure/azure-monitor/logs/logs-data-export - - name: Azure Monitor configuration recommendations - url: https://learn.microsoft.com/azure/azure-monitor/best-practices-logs#configuration-recommendations + - name: Log Analytics workspace data export in Azure Monitor + url: "https://learn.microsoft.com/azure/azure-monitor/logs/logs-data-export" + - name: Azure Monitor configuration recommendations + url: "https://learn.microsoft.com/azure/azure-monitor/best-practices-logs#configuration-recommendations" - description: Create a health status alert rule for your Log Analytics workspace aprlGuid: 4b77191c-cc3c-8c4e-844b-0f56d0927890 @@ -28,17 +28,17 @@ recommendationMetadataState: Active longDescription: | A health status alert will proactively notify you if a workspace becomes unavailable because of a datacenter or regional failure. - potentialBenefits: Early alert for workspace failure + potentialBenefits Early alert for workspace failure pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Monitor Log Analytics workspace health - url: https://learn.microsoft.com/azure/azure-monitor/logs/log-analytics-workspace-health - - name: Azure Monitor configuration recommendations - url: https://learn.microsoft.com/azure/azure-monitor/best-practices-logs#configuration-recommendations + - name: Monitor Log Analytics workspace health + url: "https://learn.microsoft.com/azure/azure-monitor/logs/log-analytics-workspace-health" + - name: Azure Monitor configuration recommendations + url: "https://learn.microsoft.com/azure/azure-monitor/best-practices-logs#configuration-recommendations" - description: Configure minimal logging and retention of logs aprlGuid: 7a0063ee-98a0-4634-823b-310a67f798cc @@ -49,17 +49,17 @@ recommendationMetadataState: Active longDescription: | Azure Monitor Logs retain log data for specific periods depending on the data type, e.g., 30 days for platform logs. For compliance or business reasons, you might need longer retention. Data retention settings are adjustable. - potentialBenefits: Cost-saving & compliance with data rules + potentialBenefits Cost-saving & compliance with data rules pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Data retention and archive in Azure Monitor Logs - url: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-retention-archive?tabs=portal-1%2Cportal-2 - - name: Run search jobs in Azure Monitor - url: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/search-jobs?tabs=portal-1%2Cportal-2 - - name: Restore logs in Azure Monitor - url: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/restore?tabs=api-1 + - name: Data retention and archive in Azure Monitor Logs + url: "https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-retention-archive?tabs=portal-1%2Cportal-2" + - name: Run search jobs in Azure Monitor + url: "https://learn.microsoft.com/en-us/azure/azure-monitor/logs/search-jobs?tabs=portal-1%2Cportal-2" + - name: Restore logs in Azure Monitor + url: "https://learn.microsoft.com/en-us/azure/azure-monitor/logs/restore?tabs=api-1" diff --git a/azure-resources/RecoveryServices/vaults/recommendations.yaml b/azure-resources/RecoveryServices/vaults/recommendations.yaml index 3feaf352d..0eab13b46 100644 --- a/azure-resources/RecoveryServices/vaults/recommendations.yaml +++ b/azure-resources/RecoveryServices/vaults/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Ensure VM failover settings' static IP addresses are available in the failover subnet to maintain consistent IP assignment during failover, with the target VM receiving the same static IP if it's available or the next available IP otherwise. IP adjustments can be made in VM Network settings. - potentialBenefits: Smooth failover IP management + potentialBenefits Smooth failover IP management pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Setup network mapping for site recovery - url: https://learn.microsoft.com/en-us/azure/site-recovery/azure-to-azure-network-mapping#set-up-ip-addressing-for-target-vms + - name: Setup network mapping for site recovery + url: "https://learn.microsoft.com/en-us/azure/site-recovery/azure-to-azure-network-mapping#set-up-ip-addressing-for-target-vms" - description: Validate VM functionality with a test failover to check performance at target aprlGuid: 17e877f7-3a89-4205-8a24-0670de54ddcd @@ -26,15 +26,15 @@ recommendationMetadataState: Active longDescription: | Perform a test failover to validate your BCDR strategy and ensure that your applications are functioning correctly in the target region without impacting your production environment. Test your Disaster Recovery plan periodically without any data loss or downtime, using test failovers. - potentialBenefits: Ensures BCDR plan accuracy and VM performance + potentialBenefits Ensures BCDR plan accuracy and VM performance pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Run a test failover - url: https://learn.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-dr-drill#run-a-test-failover + - name: Run a test failover + url: "https://learn.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-dr-drill#run-a-test-failover" - description: Migrate from classic alerts to built-in Azure Monitor alerts for Azure Recovery Services Vaults aprlGuid: 2912472d-0198-4bdc-aa90-37f145790edc @@ -45,17 +45,17 @@ recommendationMetadataState: Active longDescription: | Classic alerts for Recovery Services vaults in Azure Backup will be retired on 31 March 2026. - potentialBenefits: Enhanced, scalable, and consistent alerting. + potentialBenefits Enhanced, scalable, and consistent alerting. pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Move to Azure monitor Alerts - url: https://learn.microsoft.com/azure/backup/move-to-azure-monitor-alerts - - name: Classic alerts retirement announcement - url: https://azure.microsoft.com/updates/transition-to-builtin-azure-monitor-alerts-for-recovery-services-vaults-in-azure-backup-by-31-march-2026/ + - name: Move to Azure monitor Alerts + url: "https://learn.microsoft.com/azure/backup/move-to-azure-monitor-alerts" + - name: Classic alerts retirement announcement + url: "https://azure.microsoft.com/updates/transition-to-builtin-azure-monitor-alerts-for-recovery-services-vaults-in-azure-backup-by-31-march-2026/" - description: Opt-in to Cross Region Restore for all Geo-Redundant Storage (GRS) Azure Recovery Services vaults aprlGuid: 1549b91f-2ea0-4d4f-ba2a-4596becbe3de @@ -66,19 +66,19 @@ recommendationMetadataState: Active longDescription: | Cross Region Restore enables the restoration of Azure VMs in a secondary, Azure paired region, facilitating drills for audit or compliance and allowing recovery of VMs or disks in the event of a primary region disaster. It is an opt-in feature available exclusively for GRS vaults. - potentialBenefits: Enhances disaster recovery capabilities + potentialBenefits Enhances disaster recovery capabilities pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Set Cross Region Restore - url: https://learn.microsoft.com/azure/backup/backup-create-recovery-services-vault#set-cross-region-restore - - name: Azure Backup Best Practices - url: https://learn.microsoft.com/azure/backup/guidance-best-practices - - name: Minimum Role Requirements for Cross Region Restore - url: https://learn.microsoft.com/azure/backup/backup-rbac-rs-vault#minimum-role-requirements-for-azure-vm-backup - - name: Recovery Services Vault - url: https://learn.microsoft.com/azure/backup/backup-azure-arm-vms-prepare + - name: Set Cross Region Restore + url: "https://learn.microsoft.com/azure/backup/backup-create-recovery-services-vault#set-cross-region-restore" + - name: Azure Backup Best Practices + url: "https://learn.microsoft.com/azure/backup/guidance-best-practices" + - name: Minimum Role Requirements for Cross Region Restore + url: "https://learn.microsoft.com/azure/backup/backup-rbac-rs-vault#minimum-role-requirements-for-azure-vm-backup" + - name: Recovery Services Vault + url: "https://learn.microsoft.com/azure/backup/backup-azure-arm-vms-prepare" diff --git a/azure-resources/Resources/resourceGroups/recommendations.yaml b/azure-resources/Resources/resourceGroups/recommendations.yaml index 2d9b99ae3..098e68990 100644 --- a/azure-resources/Resources/resourceGroups/recommendations.yaml +++ b/azure-resources/Resources/resourceGroups/recommendations.yaml @@ -7,17 +7,17 @@ recommendationMetadataState: Active longDescription: | The root management group in Azure is designed for organizational hierarchy, allowing for all management groups and subscriptions to fold into it. - potentialBenefits: Enhanced security, compliance, and management + potentialBenefits Enhanced security, compliance, and management pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Management group recommendations - url: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-management-groups#management-group-recommendations - - name: Root management group for each directory - url: https://learn.microsoft.com/en-us/azure/governance/management-groups/overview#root-management-group-for-each-directory + - name: Management group recommendations + url: "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-management-groups#management-group-recommendations" + - name: Root management group for each directory + url: "https://learn.microsoft.com/en-us/azure/governance/management-groups/overview#root-management-group-for-each-directory" - description: Ensure Resource Group and its Resources are located in the same Region aprlGuid: 98bd7098-49d6-491b-86f1-b143d6b1a0ff @@ -28,13 +28,13 @@ recommendationMetadataState: Active longDescription: | Ensure resource locations align with their resource group to manage resources during regional outages. ARM stores resource data, which if in an unavailable region, could halt updates, rendering resources read-only. - potentialBenefits: Improves outage management + potentialBenefits Improves outage management pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Resource Manager Overview - url: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/overview#resource-group-location-alignment + - name: Azure Resource Manager Overview + url: "https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/overview#resource-group-location-alignment" diff --git a/azure-resources/ServiceBus/namespaces/recommendations.yaml b/azure-resources/ServiceBus/namespaces/recommendations.yaml index 7dc5f0138..0ad4822b5 100644 --- a/azure-resources/ServiceBus/namespaces/recommendations.yaml +++ b/azure-resources/ServiceBus/namespaces/recommendations.yaml @@ -7,17 +7,17 @@ recommendationMetadataState: Active longDescription: | Use Service Bus with zone redundancy for high availability. The Premium SKU supports availability zones, ensuring isolations within the same region. It manages 3 copies of the messaging store, kept in sync. - potentialBenefits: Enhances fault tolerance and uptime + potentialBenefits Enhances fault tolerance and uptime pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Service Bus and reliability - url: https://learn.microsoft.com/en-us/azure/well-architected/services/messaging/service-bus/reliability - - name: Azure Service Bus Geo-disaster recovery - url: https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-geo-dr#availability-zones - - name: Insulate Azure Service Bus applications against outages and disasters - url: https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-outages-disasters + - name: Service Bus and reliability + url: "https://learn.microsoft.com/en-us/azure/well-architected/services/messaging/service-bus/reliability" + - name: Azure Service Bus Geo-disaster recovery + url: "https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-geo-dr#availability-zones" + - name: Insulate Azure Service Bus applications against outages and disasters + url: "https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-outages-disasters" diff --git a/azure-resources/SignalRService/SignalR/recommendations.yaml b/azure-resources/SignalRService/SignalR/recommendations.yaml index 56e214579..990724060 100644 --- a/azure-resources/SignalRService/SignalR/recommendations.yaml +++ b/azure-resources/SignalRService/SignalR/recommendations.yaml @@ -7,13 +7,13 @@ recommendationMetadataState: Active longDescription: | Use SignalR with zone redundancy for production to improve uptime. This feature, available in the Premium tier, is activated upon creating or upgrading to Premium. Standard can upgrade to Premium without downtime. - potentialBenefits: Enhances reliability & uptime + potentialBenefits Enhances reliability & uptime pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Availability zones support in Azure SignalR Service - url: https://learn.microsoft.com/azure/azure-signalr/availability-zones + - name: Availability zones support in Azure SignalR Service + url: "https://learn.microsoft.com/azure/azure-signalr/availability-zones" diff --git a/azure-resources/Sql/servers/recommendations.yaml b/azure-resources/Sql/servers/recommendations.yaml index 4b594402a..fd3d414a2 100644 --- a/azure-resources/Sql/servers/recommendations.yaml +++ b/azure-resources/Sql/servers/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | If your primary database fails, perform a manual failover to the secondary database which remains read-only until then. Active geo-replication allows creating readable replicas and manual failover in case of a datacenter outage or application upgrade. - potentialBenefits: Enhanced disaster recovery & read scalability + potentialBenefits Enhanced disaster recovery & read scalability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Active Geo Replication - url: https://learn.microsoft.com/en-us/azure/azure-sql/database/active-geo-replication-overview + - name: Active Geo Replication + url: "https://learn.microsoft.com/en-us/azure/azure-sql/database/active-geo-replication-overview" - description: Auto Failover Groups for apps should include all related databases for cohesion aprlGuid: 943c168a-2ec2-a94c-8015-85732a1b4859 @@ -26,17 +26,17 @@ recommendationMetadataState: Active longDescription: | You can use the readable secondary databases to offload read-only query workloads. Autofailover groups involve multiple databases configured on a primary server, supporting replication of all databases in the group to only one secondary server or instance in a different region. - potentialBenefits: Improves load balancing & disaster recovery + potentialBenefits Improves load balancing & disaster recovery pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: AutoFailover Groups - url: https://learn.microsoft.com/en-us/azure/azure-sql/database/auto-failover-group-overview?tabs=azure-powershell - - name: DR Design - url: https://learn.microsoft.com/en-us/azure/azure-sql/database/designing-cloud-solutions-for-disaster-recovery + - name: AutoFailover Groups + url: "https://learn.microsoft.com/en-us/azure/azure-sql/database/auto-failover-group-overview?tabs=azure-powershell" + - name: DR Design + url: "https://learn.microsoft.com/en-us/azure/azure-sql/database/designing-cloud-solutions-for-disaster-recovery" - description: Use a Zone-Redundant Database aprlGuid: c0085c32-84c0-c247-bfa9-e70977cbf108 @@ -47,15 +47,15 @@ recommendationMetadataState: Active longDescription: | By default, the premium availability model clusters nodes in one datacenter. - potentialBenefits: Enhanced reliability, no extra cost + potentialBenefits Enhanced reliability, no extra cost pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Zone Redundant Databases - url: https://learn.microsoft.com/en-us/azure/azure-sql/database/high-availability-sla + - name: Zone Redundant Databases + url: "https://learn.microsoft.com/en-us/azure/azure-sql/database/high-availability-sla" - description: Implement Retry Logic aprlGuid: cbb17a29-64fb-c943-95d0-8df814a37c40 @@ -66,15 +66,15 @@ recommendationMetadataState: Active longDescription: | Azure SQL Database, known for its resilience to infrastructure failures, can occasionally encounter connectivity issues due to transient errors. Implementing retry logic in your code ensures continued operation by reattempting failed calls, maintaining smooth database interaction. - potentialBenefits: Enhanced connectivity stability + potentialBenefits Enhanced connectivity stability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: How to Implement Retry Logic - url: https://learn.microsoft.com/en-us/azure/azure-sql/database/troubleshoot-common-connectivity-issues + - name: How to Implement Retry Logic + url: "https://learn.microsoft.com/en-us/azure/azure-sql/database/troubleshoot-common-connectivity-issues" - description: Monitor your Azure SQL Database in Near Real-Time to Detect Reliability Incidents aprlGuid: 7e7daec9-6a81-3546-a4cc-9aef72fec1f7 @@ -85,19 +85,19 @@ recommendationMetadataState: Active longDescription: | Use available solutions to monitor SQL Database to detect reliability incidents early, making your databases more reliable. Opt for near real-time monitoring to rapidly react to incidents. - potentialBenefits: Quick incident detection & response + potentialBenefits Quick incident detection & response pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Monitor - url: https://learn.microsoft.com/en-us/azure/azure-monitor/insights/azure-sql#analyze-data-and-create-alerts - - name: Azure SQL Database Monitoring - url: https://learn.microsoft.com/en-us/azure/azure-sql/database/monitoring-sql-database-azure-monitor - - name: Monitoring SQL Database Reference - url: https://learn.microsoft.com/en-us/azure/azure-sql/database/monitoring-sql-database-azure-monitor-reference + - name: Azure Monitor + url: "https://learn.microsoft.com/en-us/azure/azure-monitor/insights/azure-sql#analyze-data-and-create-alerts" + - name: Azure SQL Database Monitoring + url: "https://learn.microsoft.com/en-us/azure/azure-sql/database/monitoring-sql-database-azure-monitor" + - name: Monitoring SQL Database Reference + url: "https://learn.microsoft.com/en-us/azure/azure-sql/database/monitoring-sql-database-azure-monitor-reference" - description: Back Up Your Keys aprlGuid: d6ef87aa-574e-584e-a955-3e6bb8b5425b @@ -108,15 +108,15 @@ recommendationMetadataState: Active longDescription: | It is highly recommended to use Azure Key Vault to store encryption keys for Always Encrypted configurations. Though not mandatory, if not using AKV, ensure keys are properly backed up. - potentialBenefits: Enhanced security & data recovery + potentialBenefits Enhanced security & data recovery pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure Key Vault - url: https://learn.microsoft.com/en-us/azure/key-vault/general/overview - - name: Getting Started with Always Encrypted - url: https://learn.microsoft.com/en-us/azure/azure-sql/database/always-encrypted-landing?view=azuresql + - name: Azure Key Vault + url: "https://learn.microsoft.com/en-us/azure/key-vault/general/overview" + - name: Getting Started with Always Encrypted + url: "https://learn.microsoft.com/en-us/azure/azure-sql/database/always-encrypted-landing?view=azuresql" diff --git a/azure-resources/Storage/storageAccounts/recommendations.yaml b/azure-resources/Storage/storageAccounts/recommendations.yaml index a36de536e..65959bad1 100644 --- a/azure-resources/Storage/storageAccounts/recommendations.yaml +++ b/azure-resources/Storage/storageAccounts/recommendations.yaml @@ -7,17 +7,17 @@ recommendationMetadataState: Active longDescription: | Redundancy ensures storage accounts meet availability and durability targets amidst failures, weighing lower costs against higher availability. Locally redundant storage offers the least durability at the lowest cost. - potentialBenefits: High availability & durability for storage + potentialBenefits High availability & durability for storage pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Storage redundancy - url: https://learn.microsoft.com/azure/storage/common/storage-redundancy - - name: Change the redundancy configuration for a storage account - url: https://learn.microsoft.com/azure/storage/common/redundancy-migration + - name: Azure Storage redundancy + url: "https://learn.microsoft.com/azure/storage/common/storage-redundancy" + - name: Change the redundancy configuration for a storage account + url: "https://learn.microsoft.com/azure/storage/common/redundancy-migration" - description: Do not use classic storage accounts aprlGuid: 63ad027e-611c-294b-acc5-8e3234db9a40 @@ -28,17 +28,17 @@ recommendationMetadataState: Active longDescription: | Classic storage accounts will be fully retired on August 31, 2024. If you have classic storage accounts, start planning your migration now. - potentialBenefits: Avoids service retirement issues + potentialBenefits Avoids service retirement issues pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure classic storage accounts retirement announcement - url: https://azure.microsoft.com/updates/classic-azure-storage-accounts-will-be-retired-on-31-august-2024/ - - name: Migrate your classic storage accounts to Azure Resource Manager - url: https://learn.microsoft.com/azure/storage/common/classic-account-migration-overview + - name: Azure classic storage accounts retirement announcement + url: "https://azure.microsoft.com/updates/classic-azure-storage-accounts-will-be-retired-on-31-august-2024/" + - name: Migrate your classic storage accounts to Azure Resource Manager + url: "https://learn.microsoft.com/azure/storage/common/classic-account-migration-overview" - description: Ensure Performance tier is set as per workload aprlGuid: 5587ef77-7a05-a74d-9c6e-449547a12f27 @@ -49,23 +49,23 @@ recommendationMetadataState: Active longDescription: | Consider using the appropriate storage performance tier for workload scenarios. Each workload scenario requires appropriate performance tiers, and selecting the appropriate tiers based on storage usage is crucial. - potentialBenefits: Optimized cost & performance + potentialBenefits Optimized cost & performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Types of storage accounts - url: https://learn.microsoft.com/azure/storage/common/storage-account-overview#types-of-storage-accounts - - name: Scalability and performance targets for standard storage accounts - url: https://learn.microsoft.com/azure/storage/common/scalability-targets-standard-account - - name: Performance and scalability checklist for Blob storage - url: https://learn.microsoft.com/azure/storage/blobs/storage-performance-checklist - - name: Scalability and performance targets for Blob storage - url: https://learn.microsoft.com/azure/storage/blobs/scalability-targets - - name: Premium block blob storage accounts - url: https://learn.microsoft.com/azure/storage/blobs/storage-blob-block-blob-premium + - name: Types of storage accounts + url: "https://learn.microsoft.com/azure/storage/common/storage-account-overview#types-of-storage-accounts" + - name: Scalability and performance targets for standard storage accounts + url: "https://learn.microsoft.com/azure/storage/common/scalability-targets-standard-account" + - name: Performance and scalability checklist for Blob storage + url: "https://learn.microsoft.com/azure/storage/blobs/storage-performance-checklist" + - name: Scalability and performance targets for Blob storage + url: "https://learn.microsoft.com/azure/storage/blobs/scalability-targets" + - name: Premium block blob storage accounts + url: "https://learn.microsoft.com/azure/storage/blobs/storage-blob-block-blob-premium" - description: Enable soft delete for recovery of data aprlGuid: 03263c57-c869-3841-9e0a-3dbb9ef3e28d @@ -76,15 +76,15 @@ recommendationMetadataState: Active longDescription: | The soft delete option enables data recovery if mistakenly deleted, while the Lock feature prevents the accidental deletion of the storage account itself, ensuring additional security and data integrity measures. - potentialBenefits: Prevents accidental data/account loss + potentialBenefits Prevents accidental data/account loss pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Soft delete detail docs - url: https://learn.microsoft.com//azure/storage/blobs/soft-delete-blob-enable?tabs=azure-portal + - name: Soft delete detail docs + url: "https://learn.microsoft.com//azure/storage/blobs/soft-delete-blob-enable?tabs=azure-portal " - description: Enable versioning for accidental modification and keep the number of versions below 1000 aprlGuid: 8ebda7c0-e0e1-ed45-af59-2d7ea9a1c05d @@ -95,15 +95,15 @@ recommendationMetadataState: Active longDescription: | Consider enabling versioning for Azure Storage Accounts to recover from accidental modifications or deletions and manage blob operation latency. Microsoft advises maintaining fewer than 1000 versions per blob to optimize performance. Lifecycle management can help delete old versions automatically. - potentialBenefits: Recover data, manage latency + potentialBenefits Recover data, manage latency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Blob versioning - url: https://learn.microsoft.com/azure/storage/blobs/versioning-overview + - name: Blob versioning + url: "https://learn.microsoft.com/azure/storage/blobs/versioning-overview " - description: Enable point-in-time restore for GPv2 accounts to safeguard against data loss aprlGuid: 1b965cb9-7629-214e-b682-6bf6e450a100 @@ -114,17 +114,17 @@ recommendationMetadataState: Active longDescription: | Consider enabling point-in-time restore for standard general purpose v2 accounts with flat namespace to protect against accidental deletion or corruption by restoring block blob data to an earlier state. - potentialBenefits: Protects data from loss/corruption + potentialBenefits Protects data from loss/corruption pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Point-in-time restore for block blobs - url: https://learn.microsoft.com/azure/storage/blobs/point-in-time-restore-overview - - name: Perform a point-in-time restore on block blob data - url: https://learn.microsoft.com/azure/storage/blobs/point-in-time-restore-manage?tabs=portal + - name: Point-in-time restore for block blobs + url: "https://learn.microsoft.com/azure/storage/blobs/point-in-time-restore-overview" + - name: Perform a point-in-time restore on block blob data + url: "https://learn.microsoft.com/azure/storage/blobs/point-in-time-restore-manage?tabs=portal" - description: Monitor all blob storage accounts aprlGuid: 96cb8331-6b06-8242-8ce8-4e2f665dc679 @@ -135,17 +135,17 @@ recommendationMetadataState: Active longDescription: | For critical applications and business processes relying on Azure, monitoring and alerts are crucial. Resource logs are only stored after creating a diagnostic setting to route logs to specified locations, requiring selection of log categories to collect. - potentialBenefits: Enhanced alerting & log analysis + potentialBenefits Enhanced alerting & log analysis pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Monitor Azure Blob Storage - url: https://learn.microsoft.com/azure/storage/blobs/monitor-blob-storage - - name: Best practices for monitoring Azure Blob Storage - url: https://learn.microsoft.com/azure/storage/blobs/blob-storage-monitoring-scenarios + - name: Monitor Azure Blob Storage + url: "https://learn.microsoft.com/azure/storage/blobs/monitor-blob-storage" + - name: Best practices for monitoring Azure Blob Storage + url: "https://learn.microsoft.com/azure/storage/blobs/blob-storage-monitoring-scenarios" - description: Consider upgrading legacy storage accounts to v2 storage accounts aprlGuid: 2ad78dec-5a4d-4a30-8fd1-8584335ad781 @@ -156,15 +156,15 @@ recommendationMetadataState: Active longDescription: | General-purpose v2 accounts are recommended for most storage scenarios offering the latest features or the lowest per-gigabyte pricing. Legacy accounts like Standard general-purpose v1 and Blob Storage aren't advised by Microsoft but may fit specific scenarios. - potentialBenefits: Latest features, lowest cost + potentialBenefits Latest features, lowest cost pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Legacy storage account types - url: https://learn.microsoft.com/azure/storage/common/storage-account-overview#legacy-storage-account-types - - name: Upgrade to a general-purpose v2 storage account - url: https://learn.microsoft.com/azure/storage/common/storage-account-upgrade + - name: Legacy storage account types + url: "https://learn.microsoft.com/azure/storage/common/storage-account-overview#legacy-storage-account-types" + - name: Upgrade to a general-purpose v2 storage account + url: "https://learn.microsoft.com/azure/storage/common/storage-account-upgrade" diff --git a/azure-resources/Subscription/subscriptions/recommendations.yaml b/azure-resources/Subscription/subscriptions/recommendations.yaml index 61eb0011a..c401d2673 100644 --- a/azure-resources/Subscription/subscriptions/recommendations.yaml +++ b/azure-resources/Subscription/subscriptions/recommendations.yaml @@ -7,13 +7,13 @@ recommendationMetadataState: Active longDescription: | A Citrix Managed Azure subscription supports VMs with VDA for app/desktop delivery, excluding other machines like Cloud Connectors. When close to the limit, signaled by a dashboard notification, and with sufficient licenses, request another subscription. Can't exceed the given limits for catalogs. - potentialBenefits: Avoids hitting limit, ensures reliability + potentialBenefits Avoids hitting limit, ensures reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Citrix Limits - url: https://docs.citrix.com/en-us/citrix-daas-azure/limits + - name: Citrix Limits + url: "https://docs.citrix.com/en-us/citrix-daas-azure/limits" diff --git a/azure-resources/VirtualMachineImages/imageTemplates/recommendations.yaml b/azure-resources/VirtualMachineImages/imageTemplates/recommendations.yaml index d4656ec30..7892a4041 100644 --- a/azure-resources/VirtualMachineImages/imageTemplates/recommendations.yaml +++ b/azure-resources/VirtualMachineImages/imageTemplates/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | When building Image Templates, use sources for gen 2 VMs. Gen 2 offers more memory, supports >2TB disks, uses UEFI for faster boot/installation, has Intel SGX, and virtualized persistent memory (vPMEM), unlike gen 1's BIOS-based architecture. - potentialBenefits: More memory, supports >2TB disks, faster boot + potentialBenefits More memory, supports >2TB disks, faster boot pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Generation 1 vs generation 2 virtual machines - url: https://learn.microsoft.com/en-us/azure/virtual-machines/generation-2#features-and-capabilities + - name: Generation 1 vs generation 2 virtual machines + url: "https://learn.microsoft.com/en-us/azure/virtual-machines/generation-2#features-and-capabilities" - description: Replicate your Image Templates to a secondary region aprlGuid: 21fb841b-ba70-1f4e-a460-1f72fb41aa51 @@ -26,15 +26,15 @@ recommendationMetadataState: Active longDescription: | The Azure Image Builder service, used for deploying Image Templates, lacks availability zones support. By replicating Image Templates to a secondary, preferably paired, region, quick recovery from a region failure is enabled, ensuring continuous virtual machine deployment from these templates. - potentialBenefits: Enhances disaster recovery capability + potentialBenefits Enhances disaster recovery capability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Image Template resiliency - url: https://learn.microsoft.com/en-us/azure/reliability/reliability-image-builder?toc=%2Fazure%2Fvirtual-machines%2Ftoc.json&bc=%2Fazure%2Fvirtual-machines%2Fbreadcrumb%2Ftoc.json#capacity-and-proactive-disaster-recovery-resiliency - - name: Azure Image Builder Supported Regions - url: https://learn.microsoft.com/en-us/azure/virtual-machines/image-builder-overview?tabs=azure-powershell#regions + - name: Image Template resiliency + url: "https://learn.microsoft.com/en-us/azure/reliability/reliability-image-builder?toc=%2Fazure%2Fvirtual-machines%2Ftoc.json&bc=%2Fazure%2Fvirtual-machines%2Fbreadcrumb%2Ftoc.json#capacity-and-proactive-disaster-recovery-resiliency" + - name: Azure Image Builder Supported Regions + url: "https://learn.microsoft.com/en-us/azure/virtual-machines/image-builder-overview?tabs=azure-powershell#regions" diff --git a/azure-resources/Web/serverFarms/recommendations.yaml b/azure-resources/Web/serverFarms/recommendations.yaml index 606f9aa27..b197b66af 100644 --- a/azure-resources/Web/serverFarms/recommendations.yaml +++ b/azure-resources/Web/serverFarms/recommendations.yaml @@ -7,17 +7,17 @@ recommendationMetadataState: Active longDescription: | Azure's feature of deploying App Service plans across availability zones enhances resiliency and reliability by ensuring operation during datacenter failures, providing redundancy without needing different regions, thus minimizing downtime and maintaining uninterrupted services. - potentialBenefits: Enhances app resiliency & reliability + potentialBenefits Enhances app resiliency & reliability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Migrate App Service to availability zone support - url: https://learn.microsoft.com/en-us/azure/reliability/migrate-app-service - - name: High availability enterprise deployment using App Service Environment - url: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/enterprise-integration/ase-high-availability-deployment + - name: Migrate App Service to availability zone support + url: "https://learn.microsoft.com/en-us/azure/reliability/migrate-app-service" + - name: High availability enterprise deployment using App Service Environment + url: "https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/enterprise-integration/ase-high-availability-deployment" - description: Use Standard or Premium tier aprlGuid: b2113023-a553-2e41-9789-597e2fb54c31 @@ -28,15 +28,15 @@ recommendationMetadataState: Active longDescription: | Choose Standard/Premium Azure App Service Plan for robust apps with advanced scaling, high availability, better performance, and multiple slots, ensuring resilience and continuous operation. - potentialBenefits: Enhanced scaling & reliability + potentialBenefits Enhanced scaling & reliability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Resiliency checklist for specific Azure services - url: https://learn.microsoft.com/en-us/azure/architecture/checklist/resiliency-per-service#app-service + - name: Resiliency checklist for specific Azure services + url: "https://learn.microsoft.com/en-us/azure/architecture/checklist/resiliency-per-service#app-service" - description: Avoid scaling up or down aprlGuid: 07243659-4643-d44c-a1c6-07ac21635072 @@ -47,15 +47,15 @@ recommendationMetadataState: Active longDescription: | Avoid frequent scaling up/down of Azure App Service instances to prevent service disruptions. Choose the right tier and size for the workload and scale out for traffic changes, as scaling adjustments can trigger application restarts. - potentialBenefits: Minimizes restarts, enhances stability + potentialBenefits Minimizes restarts, enhances stability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Resiliency checklist for specific Azure services - url: https://learn.microsoft.com/en-us/azure/architecture/checklist/resiliency-per-service#app-service + - name: Resiliency checklist for specific Azure services + url: "https://learn.microsoft.com/en-us/azure/architecture/checklist/resiliency-per-service#app-service" - description: Create separate App Service plans for production and test aprlGuid: dbe3fd66-fb2a-9d46-b162-1791e21da236 @@ -66,15 +66,15 @@ recommendationMetadataState: Active longDescription: | It is strongly recommended to create separate App Service plans for production and test environments to avoid using slots within your production deployment for testing purposes. - potentialBenefits: Protects prod performance; avoids test impact + potentialBenefits Protects prod performance; avoids test impact pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Resiliency checklist for specific Azure services - url: https://learn.microsoft.com/en-us/azure/architecture/checklist/resiliency-per-service#app-service + - name: Resiliency checklist for specific Azure services + url: "https://learn.microsoft.com/en-us/azure/architecture/checklist/resiliency-per-service#app-service" - description: Enable Autoscale/Automatic scaling to ensure adequate resources are available to service requests aprlGuid: 6320abf6-f917-1843-b2ae-4779c35985ae @@ -85,15 +85,15 @@ recommendationMetadataState: Active longDescription: | Enabling Autoscale/Automatic Scaling for your Azure App Service ensures sufficient resources for incoming requests. Autoscaling is rule-based, whereas Automatic Scaling, a newer feature, automatically adjusts resources based on HTTP traffic. - potentialBenefits: Optimizes resources for traffic + potentialBenefits Optimizes resources for traffic pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Automatic scaling in Azure App Service - url: https://learn.microsoft.com/en-us/azure/app-service/manage-automatic-scaling?tabs=azure-portal - - name: Auto Scale Web Apps - url: https://learn.microsoft.com/en-us/azure/azure-monitor/autoscale/autoscale-get-started + - name: Automatic scaling in Azure App Service + url: "https://learn.microsoft.com/en-us/azure/app-service/manage-automatic-scaling?tabs=azure-portal" + - name: Auto Scale Web Apps + url: "https://learn.microsoft.com/en-us/azure/azure-monitor/autoscale/autoscale-get-started" diff --git a/azure-resources/Web/sites/recommendations.yaml b/azure-resources/Web/sites/recommendations.yaml index a55196e69..c70dd8462 100644 --- a/azure-resources/Web/sites/recommendations.yaml +++ b/azure-resources/Web/sites/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Enabling diagnostics logging for your Azure App Service is crucial for monitoring and diagnostics, including both application logging and web server logging. - potentialBenefits: Enhanced monitoring & diagnostics + potentialBenefits Enhanced monitoring & diagnostics pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Enable diagnostics logging for apps in Azure App Service - url: https://learn.microsoft.com/azure/app-service/troubleshoot-diagnostic-logs + - name: Enable diagnostics logging for apps in Azure App Service + url: "https://learn.microsoft.com/azure/app-service/troubleshoot-diagnostic-logs" - description: Monitor Performance aprlGuid: a7e8bb3d-8ceb-442d-b26f-007cd63f9ffc @@ -26,17 +26,17 @@ recommendationMetadataState: Active longDescription: | Use Application Insights to monitor app performance and load behavior, offering real-time insights, issue diagnosis, and root-cause analysis. It supports ASP.NET, ASP.NET Core, Java, and Node.js on Azure App Service, now with built-in monitoring. - potentialBenefits: Real-time insights & issue diagnosis + potentialBenefits Real-time insights & issue diagnosis pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Application Insights - url: https://learn.microsoft.com/azure/application-insights/app-insights-overview - - name: Application monitoring for Azure App Service - url: https://learn.microsoft.com/azure/azure-monitor/app/azure-web-apps + - name: Application Insights + url: "https://learn.microsoft.com/azure/application-insights/app-insights-overview" + - name: Application monitoring for Azure App Service + url: "https://learn.microsoft.com/azure/azure-monitor/app/azure-web-apps" - description: Separate web apps from web APIs aprlGuid: 78a5c033-ff51-4332-8a71-83464c34494b @@ -47,15 +47,15 @@ recommendationMetadataState: Active longDescription: | If your solution includes both a web front end and a web API, decomposing them into separate App Service apps facilitates solution decomposition by workload, allowing for independent scaling. Initially, you can deploy both in the same plan and separate them for independent scaling when necessary. - potentialBenefits: Independent scaling, easier management + potentialBenefits Independent scaling, easier management pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Resiliency checklist for specific Azure services - url: https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#app-service + - name: Resiliency checklist for specific Azure services + url: "https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#app-service" - description: Create a separate storage account for logs aprlGuid: 3f9ddb59-0bb3-4acb-9c9b-99aa1776f0ab @@ -66,15 +66,15 @@ recommendationMetadataState: Active longDescription: | Creating a separate storage account for logs and not using the same one for application data prevents logging activities from reducing application performance by ensuring that the resources dedicated to handling application data are not burdened by logging processes. - potentialBenefits: Improves app performance + potentialBenefits Improves app performance pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Resiliency checklist - url: https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#app-service + - name: Resiliency checklist + url: "https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#app-service" - description: Deploy to a staging slot aprlGuid: a1d91661-32d4-430b-b3b6-5adeb0975df7 @@ -85,15 +85,15 @@ recommendationMetadataState: Active longDescription: | Create a deployment slot for staging to deploy updates, verify them, and ensure all instances are warmed up before production swap, reducing bad update chances. An LKG slot allows easy rollback to a previous good deployment if issues arise later, enhancing reliability. - potentialBenefits: Safer updates & easy rollback + potentialBenefits Safer updates & easy rollback pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Set up staging environments in Azure App Service - url: https://learn.microsoft.com/azure/app-service-web/web-sites-staged-publishing + - name: Set up staging environments in Azure App Service + url: "https://learn.microsoft.com/azure/app-service-web/web-sites-staged-publishing" - description: Store configuration as app settings aprlGuid: 0b80b67c-afbe-4988-ad58-a85a146b681e @@ -104,13 +104,13 @@ recommendationMetadataState: Active longDescription: | Use app settings for configuration and define them in Resource Manager templates or via PowerShell to facilitate part of an automated deployment/update process for improved reliability. - potentialBenefits: Enhanced reliability via automation + potentialBenefits Enhanced reliability via automation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Configure web apps in Azure App Service - url: https://learn.microsoft.com/azure/app-service-web/web-sites-configure + - name: Configure web apps in Azure App Service + url: "https://learn.microsoft.com/azure/app-service-web/web-sites-configure" diff --git a/azure-specialized-workloads/recommendations.yaml b/azure-specialized-workloads/recommendations.yaml new file mode 100644 index 000000000..380f748eb --- /dev/null +++ b/azure-specialized-workloads/recommendations.yaml @@ -0,0 +1,497 @@ +- description: Ensure File shares that stores jobs metadata are accessible from all head nodes + aprlGuid: 4c78fab4-845a-495d-ab14-3ad51de53a2a + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + Currently in all HPC Pack ARM templates we create the cluster share on one of the head node which is not highly available. + potentialBenefits Enhances job metadata availability + pgVerified: Preview + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#hpc-pack-cluster-shares" + +- description: Automatically grow and shrink HPC Pack cluster resources + aprlGuid: b02b5a0e-3770-44da-a099-5dd4d9f8cd70 + recommendationTypeId: null + recommendationControl: Scalability + recommendationImpact: Medium + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + By deploying Azure "burst" nodes (both Windows and Linux) in your HPC Pack cluster or creating your HPC Pack cluster in Azure, you can automatically grow or shrink the cluster's resources such as nodes or cores according to the workload on the cluster. + potentialBenefits Efficient, uninterrupted execution + pgVerified: Preview + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-auto-grow-shrink?view=hpc19-ps" + +- description: Use multiple head nodes for HPC Pack + aprlGuid: a48b1be6-77a3-4e3c-8205-dda2ba010a99 + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: Medium + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + Establish a cluster with a minimum of two head nodes. In the event of a head node failure, the active HPC Service will be automatically transferred from the affected head node to another functioning one. + potentialBenefits Enhanced reliability for HPC + pgVerified: Preview + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#dealing-with-head-node-failure" + +- description: Use HPC Pack Azure AD Integration or other highly available AD configuration + aprlGuid: 37eec891-7880-4759-b597-7cd925512fe3 + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + When HPC failed to connect to the Domain controller, admin and user will not be able to connect to the HPC Service thus not able to manage and submit jobs to the cluster. + potentialBenefits Enhanced reliability & job management + pgVerified: Preview + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#dealing-with-ad-failure" + +- description: Ensure that each SAP production system is designed for high availability across availability zones + aprlGuid: a9b649a5-2bfe-40ca-9b8f-34f9c71dfa12 + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + Azure Availability Zones are physically separate locations within each Azure region that are tolerant to local failures. Use availability zones to protect your applications and data against unlikely data center failures. Ensure each single point of failure of each SAP production system is protected with high availability using multiple availability zones. If you cannot deploy across different zones in a region, then refer to Microsoft guidance for High availability deployment options for SAP workload. + potentialBenefits High availability for SAP systems + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: SAP ACSS Quality Insights + url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Inventory Checks + url: "https://aka.ms/ACESInventoryCheckSAP" + - name: OpenSource Quality Checks + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" + - name: Move Regional SAP HA to Zonal + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/Move-VM-from-AvSet-to-AvZone/Move-Regional-SAP-HA-To-Zonal-SAP-HA-WhitePaper" + - name: High Availability Deployment Options for SAP + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/sap-high-availability-architecture-scenarios#high-availability-deployment-options-for-sap-workload" + +- description: Run SAP application servers on two or more VMs using VMSS Flex + aprlGuid: 49bd34ab-d117-4b0e-99f8-34cc8a5394bc + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + Use Virtual Machines Scale Set (VMSS) with flexible orchestration to distribute the virtual machines across specified zones and within each zone to also distribute VMs across different fault domains within the zone on a best effort basis. Configure VMSS Flex following Microsoft recommendation for SAP workload using the right mode and correct settings. If you aren't currently using VMSS Flex for SAP application servers and also not using Availability Sets with Fault domain & Update domain distribution, then you should consider moving to VMSS Flex architecture to improve the resiliency posture of your SAP deployment. The following blog post in links below outlines the details on the process of migrating existing SAP workloads that are deployed in an availability set or availability zone to a flexible scale set with FD=1 deployment option. + potentialBenefits Enhanced resiliency for SAP on Azure + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: OpenSource Inventory Checks + url: "https://aka.ms/ACESInventoryCheckSAP" + - name: Virtual machine Scale Set SAP Deployment Guide + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/virtual-machine-scale-set-sap-deployment-guide" + - name: Considerations for Flexible VM Scale Sets for SAP + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/virtual-machine-scale-set-sap-deployment-guide?tabs=scaleset-cli#important-consideration-of-flexible-virtual-machine-scale-sets-for-sap-workload" + - name: Migrate existing SAP system VMs to VMSS Flex + url: "https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/how-to-easily-migrate-an-existing-sap-system-vms-to-flexible/ba-p/3833548" + +- description: If using single-instance VMs all OS and data disks must be Premium SSD or Ultra Disk + aprlGuid: b60ae773-9917-4bca-8a42-7cb45365a917 + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + For single-instance VMs, both OS and data disks must be either Premium SSD or Ultra Disk to achieve the single-instance SLA of 99.9% availability. + potentialBenefits Higher SLA of 99.9% with SSDs + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: SAP ACSS Insights + url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Inventory Checks + url: "https://aka.ms/ACESInventoryCheckSAP" + - name: OpenSource Quality Checks + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" + - name: VM SLA + url: "https://www.azure.cn/en-us/support/sla/virtual-machines/" + - name: SAP Storage Planning Guide + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/planning-guide-storage" + +- description: Ensure that the data is replicated synchronously (SYNC mode) between the primary and secondary database hosting VM nodes + aprlGuid: 094400a5-f112-408d-a334-afd68873ff0f + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + High availability for databases should be implemented using database native replication technologies and the data should be replicated synchronously that is in SYNC mode from primary database to a stand-by node. + potentialBenefits Ensures high availability for SAP data + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: SAP ACSS Insights + url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Quality Checks + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" + +- description: Ensure that SAP shared file systems are designed for high availability and when possible using availability zones + aprlGuid: e09ca960-20b7-4831-b85b-83ec84c1390e + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | +SAP shared file systems such as /sapmnt, /usr/trans, interfaces should be made highly available. +In case of Azure File Shares, we recommend that you use ZRS (Zone-redundant storage) and for Azure NetApp Files use Zonal replication for your volumes. + potentialBenefits Enhanced data availability for SAP + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: OpenSource Inventory Checks + url: "https://aka.ms/ACESInventoryCheckSAP" + +- description: Test high availability solutions thoroughly to ensure fail overs work as expected + aprlGuid: 5663a808-56be-49ea-8d5c-c5dfc6925f76 + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | +Test all high availability solutions thoroughly (including kernel panic in Linux VMs and also fail-back). Include zonal failure scenarios in your testing, the testing should confirm that each layer of your SAP solution including database, central services, application servers and shared file systems is configured correctly for zone redundancy, the solution meets RPO = 0 and the application fails over automatically meeting your RTO. +The fail back can be either automatic or manual. + potentialBenefits Ensures SAP Azure's failover reliability + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Test Cases + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/sap-hana-high-availability?tabs=lb-portal#test-the-cluster-setup" + +- description: Remove unwanted location constraints from Linux Pacemaker clusters + aprlGuid: 1b8a3051-dfd4-4780-bfb7-446296774029 + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | +When executing a migrate command in a Linux Pacemaker cluster, the system generates a temporary "prefer" location constraint, aiming to move a resource to a specified node. This constraint prioritizes the target node for the resource temporarily without permanently altering the cluster�s configuration. + +During planned maintenances and fail over testing, you can leverage the migrate command for temporary resource relocation during maintenance or administrative tasks to ensure minimal disruption. This constraint is not permanent and does not survive reboots or cluster resets. It's designed for short-term adjustments. + +Once the planned task necessitating the resource migration is complete, manually remove the temporary constraint to revert to the cluster's original resource management policies. +This approach allows for controlled resource movement within the cluster, facilitating maintenance while preserving the integrity and efficiency of the cluster's configuration. + potentialBenefits Enhanced maintenance and failover handling + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + + +- description: Secure compute resource capacity for critical VM roles in DR region + aprlGuid: 820b4c0c-8a74-442a-8ba7-b0cb840cd983 + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: Medium + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | +To ensure the availability of compute resources for critical VM roles in a DR region, consider securing capacity either through a warm standby approach or by utilizing Azure's On-demand Capacity Reservation. + +Warm standby involves keeping VMs in the DR region running. On-demand Capacity Reservation, on the other hand, reserves compute capacity without having to run the VMs, allowing you to start them when needed. When DR VMs are not needed, the reserved capacity may safely be used to run other workloads without the risk of losing the capacity to other customers. This strategy guarantees resource availability for your critical workloads in the event of a disaster, balancing cost and readiness. + potentialBenefits Guarantees DR region availability + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Capacity Reservation + url: "https://learn.microsoft.com/en-us/azure/virtual-machines/capacity-reservation-overview" + +- description: Ensure that the production databases are replicated (ASYNC) to DR location using the database vendor's replication technology + aprlGuid: fb8bdcee-d88f-408d-8572-a76a4aaa733b + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + Replicate production databases (ASYNC) to the DR location using the database vendor�s replication technology. + potentialBenefits Enhanced DR resilience + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: SAP Disaster Recovery Guide + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/disaster-recovery-sap-guide?tabs=windows" + +- description: SAP components are backed up to DR location using an appropriate backup tool or ASR + aprlGuid: 41f0d88e-7866-4444-aac4-ef5fee3e6874 + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + SAP components such as (A)SCS, application servers, WebDispatchers, etc are backed up to DR location using an appropriate backup tool or ASR. + potentialBenefits Ensures SAP data safety & recovery + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: SAP ACSS Insights + url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Inventory Checks + url: "https://aka.ms/ACESInventoryCheckSAP" + +- description: SAP shared files systems are replicated or backed up to DR location + aprlGuid: ee4dc309-00a1-49fe-92fa-1724baf5f103 + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + Implementing robust monitoring and alerting for DR in SAP on Azure ensures coverage across its complex, multi-layer architecture. This strategy is crucial for databases, services, applications, and shared systems. + potentialBenefits Enhances SAP DR oversight + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: DR Guidance + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/disaster-recovery-sap-guide?tabs=windows" + +- description: Automate DR infrastructure build or pre-deploy DR resources + aprlGuid: 0fabc52e-cdbb-4acd-8626-c4c637061e2d + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: Medium + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + Automate the build of disaster recovery (DR) infrastructure (or pre-deploy DR resources) and streamline SAP service recovery as much as possible. + potentialBenefits Faster SAP recovery, reduced downtime + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + + +- description: Document and test DR procedure ensure it meets RPO and RTO targets + aprlGuid: c300e949-528d-4ac9-889b-cacf8b4a6e90 + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: Medium + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | +Create detailed documentation of your DR procedures for each layer of the SAP architecture-database, central services, application servers, and shared file systems. This documentation should include configuration details, failover mechanisms, and step-by-step recovery procedures. + +Test a wide range of failure scenarios, including regional outages. Testing should confirm that your DR strategy is robust, meets your RPO and RTO targets, and provides seamless failover across all layers of the SAP architecture. This will ensure a comprehensive and resilient DR strategy capable of withstanding regional failures and ensuring business continuity. + potentialBenefits Ensures robust DR, meets RPO/RTO + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + + +- description: Ensure there is a robust monitoring and alerting solution in place for the entire DR solution + aprlGuid: c27134b7-6917-4852-8276-3dbef5c71578 + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: Medium + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + For an SAP solution hosted on Azure it is imperative to implement a robust monitoring and alerting solution that comprehensively covers DR of each layer of the SAP architecture. Given the complexity of SAP systems, which span multiple layers using diverse technologies and Azure resources, each with potentially distinct DR replication mechanisms, an appropriate monitoring strategy is crucial. The different layers include database, central services, application, and shared file systems. + potentialBenefits Improved DR oversight & rapid issue response + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + + +- description: Configure scheduled events notification + aprlGuid: 6b589ce6-c847-4cee-af35-f6e8eb1cf983 + recommendationTypeId: null + recommendationControl: Monitoring and Alerting + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | +Scheduled events is an Azure Metadata Services that provides proactive notifications about upcoming maintenance events (for example, reboot) so that your application can prepare for them and limit disruption. You should configure scheduled events for all your critical Azure VMs. + + +Resource agent azure-events-az can also integrate with Pacemaker clusters. + +To ensure high availability and service continuity in your Azure VMs, you should configure the azure-events-az resource agent within your Pacemaker clusters. This agent monitors for scheduled Azure maintenance events and can proactively relocate resources for a graceful node shutdown. Configure the agent to monitor specific event types such as Reboot and Redeploy, and enable verbose logging for detailed diagnostics. + + + +In addition, it is also important that you define a procedure on how to react to scheduled events. + potentialBenefits Proactive maintenance awareness + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: VM Scheduled Events + url: "https://learn.microsoft.com/en-us/azure/virtual-machines/linux/scheduled-events" + - name: Configure Pacemaker for Azure Scheduled Events + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker?tabs=msi#configure-pacemaker-for-azure-scheduled-events" + +- description: ASCS-Pacemaker (Central Server Instance) Ensure Pacemaker cluster has been setup for SAP ASCS high availability + aprlGuid: 9d8f6678-694c-4da4-8384-415201f65194 + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + For the ASCS-Pacemaker (Central Server Instance), ensure that the Pacemaker cluster configuration parameters are correctly set up for SAP ASCS high availability. + potentialBenefits Enhances SAP ASCS uptime + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: SAP ACSS Insights + url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Quality Checks + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" + - name: ASCS-Pacemaker - Central Server Instance + url: "https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations" + +- description: ASCS-LB (Central Server Instance) Ensure the load balancer is configured correctly for SAP ASCS High availability + aprlGuid: 5c2e52d0-25be-4b1c-833c-b98b5ef1a26b + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + For the ASCS-LB (Central Server Instance), ensure that the load balancer is configured correctly for SAP ASCS high availability. + potentialBenefits Enhanced HA for SAP ASCS + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: SAP ACSS Insights + url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Quality Checks + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" + - name: ASCS-LB - Central Server Instance + url: "https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations" + +- description: DBHANA-Pacemaker (Database Instance) Ensure the Pacemaker cluster has been setup for SAP HANA DB high availability + aprlGuid: 6648fe61-880d-4a96-8d2d-190a23d5580b + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + For the DBHANA-Pacemaker (Database Instance), ensure that the Pacemaker cluster configuration parameters are correctly set up for SAP HANA DB high availability. + potentialBenefits Enhances SAP HANA DB uptime + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: SAP ACSS Insights + url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Quality Checks + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" + - name: DBHANA-Pacemaker - Database Instance + url: "https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations" + +- description: DBHANA-LB (Database Instance) Ensure the load balancer is configured correctly for SAP HANA DB High availability + aprlGuid: 2e4c2171-a83f-4238-a8e3-b51c90d86a99 + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + For the DBHANA-LB (Database Instance), make sure the load balancer is configured correctly for SAP HANA DB high availability. + potentialBenefits Enhanced DB availability + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: SAP ACSS Insights + url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Quality Checks + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" + - name: DBHANA-LB- Database Instance + url: "https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations" + diff --git a/azure-waf/define/recommendations.yaml b/azure-waf/define/recommendations.yaml index 734dbc35c..5acd401b2 100644 --- a/azure-waf/define/recommendations.yaml +++ b/azure-waf/define/recommendations.yaml @@ -7,17 +7,17 @@ recommendationMetadataState: Active longDescription: | Ensure the Availability Targets (SLA, SLO, SLI) are well defined, tested, monitored and communicated across teams working on the Workload. A Service Level Agreement (SLA) is an availability target that represents a commitment around performance and availability of the application. Understanding the SLA of individual components within the system is essential to define reliability targets. Knowing the SLA of dependencies will also provide a justification for additional spend when making the dependencies highly available and with proper support contracts. Availability targets for any dependencies leveraged by the application should be understood and ideally align with application targets should also be considered. Understanding your availability expectations is vital to reviewing overall operations for the application. For example, if you are striving to achieve an application Service Level Objective (SLO) of 99.999%, the level of inherent operational action required by the application is going to be far greater than if an SLO of 99.9% was the goal. - potentialBenefits: Enhances reliability & communication + potentialBenefits Enhances reliability & communication pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Use business metrics to design resilient Azure applications - url: https://learn.microsoft.com/azure/well-architected/resiliency/business-metrics#workload-availability-targets - - name: Target functional and nonfunctional requirements - url: https://learn.microsoft.com/azure/well-architected/resiliency/design-requirements + - name: Use business metrics to design resilient Azure applications + url: "https://learn.microsoft.com/azure/well-architected/resiliency/business-metrics#workload-availability-targets" + - name: Target functional and nonfunctional requirements + url: "https://learn.microsoft.com/azure/well-architected/resiliency/design-requirements" - description: Ensure the Recovery Targets are well defined and communicated across teams working on the Workload aprlGuid: a43ab756-5b33-2345-8743-3daee911a1ae @@ -28,13 +28,13 @@ recommendationMetadataState: Active longDescription: | Ensure the Recovery Targets are well defined and communicated across teams working on the Workload. Two important metrics to consider are the recovery time objective and recovery point objective, as they pertain to disaster recovery. - Recovery time objective (RTO) is the maximum acceptable time that an application can be unavailable after an incident. If your RTO is 90 minutes, you must be able to restore the application to a running state within 90 minutes from the start of a disaster. If you have a very low RTO, you might keep a second regional deployment continually running an active/passive configuration on standby, to protect against a regional outage. In some cases, you might deploy an active/active configuration to achieve even lower RTO. - Recovery point objective (RPO) is the maximum duration of data loss that is acceptable during a disaster. For example, if you store data in a single database, with no replication to other databases, and perform hourly backups, you could lose up to an hour of data. RTO and RPO are non-functional requirements of a system and should be dictated by business requirements. To derive these values, it's a good idea to conduct a risk assessment, and clearly understanding the cost of downtime or data loss. Monitoring and measuring application availability is vital to qualifying overall application health and progress towards defined targets. Make sure you measure and monitor key targets such as: - Mean Time Between Failures (MTBF) - The average time between failures of a particular component. - Mean Time to Recover (MTTR) - The average time it takes to restore a component after a failure. - potentialBenefits: Improved recovery times & data loss prevention + potentialBenefits Improved recovery times & data loss prevention pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Target functional and nonfunctional requirements - url: https://learn.microsoft.com/azure/well-architected/resiliency/design-requirements + - name: Target functional and nonfunctional requirements + url: "https://learn.microsoft.com/azure/well-architected/resiliency/design-requirements" diff --git a/azure-waf/deploy/recommendations.yaml b/azure-waf/deploy/recommendations.yaml index 3bbc6cca2..ff73dcb31 100644 --- a/azure-waf/deploy/recommendations.yaml +++ b/azure-waf/deploy/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Infrastructure as code (IaC) uses DevOps methodology and versioning with a descriptive model to define and deploy infrastructure, such as networks, virtual machines, load balancers, and connection topologies. Just as the same source code always generates the same binary, an IaC model generates the same environment every time it deploys. IaC is a key DevOps practice and a component of continuous delivery. With IaC, DevOps teams can work together with a unified set of practices and tools to deliver applications and their supporting infrastructure rapidly and reliably at scale. Key Points: - Avoid manual configuration to enforce consistency - Deliver stable test environments rapidly at scale - Use declarative definition files - potentialBenefits: Ensures consistent, scalable deployments + potentialBenefits Ensures consistent, scalable deployments pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Avoid manual configuration to enforce consistency - url: https://learn.microsoft.com/devops/deliver/what-is-infrastructure-as-code#avoid-manual-configuration-to-enforce-consistency + - name: Avoid manual configuration to enforce consistency + url: "https://learn.microsoft.com/devops/deliver/what-is-infrastructure-as-code#avoid-manual-configuration-to-enforce-consistency" - description: Validated all changes in development environments before applying them to production aprlGuid: e42e646c-7d67-dd4b-96dc-16a3439fa030 @@ -26,13 +26,13 @@ recommendationMetadataState: Active longDescription: | Continuously delivering value has become a mandatory requirement for organizations. To deliver value to your end users, you must release continually and without errors. Continuous delivery (CD) is the process of automating build, test, configuration, and deployment from a build to a production environment. A release pipeline can create multiple testing or staging environments to automate infrastructure creation and deploy new builds. Successive environments support progressively longer-running integration, load, and user acceptance testing activities. - potentialBenefits: Ensures error-free releases + potentialBenefits Ensures error-free releases pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Safe deployment practices - url: https://learn.microsoft.com/devops/operate/safe-deployment-practices + - name: Safe deployment practices + url: "https://learn.microsoft.com/devops/operate/safe-deployment-practices" diff --git a/azure-waf/design/recommendations.yaml b/azure-waf/design/recommendations.yaml index 8a9acc2f8..4b2c33597 100644 --- a/azure-waf/design/recommendations.yaml +++ b/azure-waf/design/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Design your application architecture to use availability zones within a region. Availability zones can be used to optimize application availability within a region by providing datacenter-level fault tolerance. However, the application architecture must not share dependencies between zones to use them effectively. Consider if component proximity is required for application performance reasons. If all or part of the application is highly sensitive to latency, components might need to be co-located which can limit the applicability of multi-region and multi-zone strategies. - potentialBenefits: Enhanced app availability & fault tolerance + potentialBenefits Enhanced app availability & fault tolerance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Use Availability Zones - url: https://learn.microsoft.com/azure/reliability/availability-zones-overview#availability-zones + - name: Use Availability Zones + url: "https://learn.microsoft.com/azure/reliability/availability-zones-overview#availability-zones" - description: Consider deploying your application across multiple regions aprlGuid: 8a497b6d-d065-0d43-a7d9-e3f8eebfe0f4 @@ -26,17 +26,17 @@ recommendationMetadataState: Active longDescription: | If your application is deployed to a single region, and the region becomes unavailable, your application will also be unavailable. This might be unacceptable under the terms of your application's SLA. If so, consider deploying your application and its services across multiple regions. A multiregional deployment can use an active-active or active-passive configuration. An active-active configuration distributes requests across multiple active regions. An active-passive configuration keeps warm instances in the secondary region, but doesn't send traffic there unless the primary region fails. - potentialBenefits: Enhances app availability & SLA compliance + potentialBenefits Enhances app availability & SLA compliance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Design reliable Azure applications - url: https://learn.microsoft.com/azure/well-architected/resiliency/app-design - - name: Cross-region replication in Azure: Business continuity and disaster recovery - url: https://learn.microsoft.com/azure/reliability/cross-region-replication-azure + - name: Design reliable Azure applications + url: "https://learn.microsoft.com/azure/well-architected/resiliency/app-design" + - name: Cross-region replication in Azure: Business continuity and disaster recovery + url: "https://learn.microsoft.com/azure/reliability/cross-region-replication-azure" - description: Ensure that all fault-points and fault-modes are understood and operationalized aprlGuid: 99ebe682-6306-6446-bfc7-cf6610ebfa02 @@ -47,15 +47,15 @@ recommendationMetadataState: Active longDescription: | Ensure that all fault-points and fault-modes are understood and operationalized. Failure mode analysis (FMA) is a process for building resiliency into a system, by identifying possible failure points in the system. The FMA should be part of the architecture and design phases, so that you can build failure recovery into the system from the beginning. Identify all fault-points and fault-modes. Fault-points describe the elements within an application architecture which can fail, while fault-modes capture the various ways by which a fault-point may fail. To ensure an application is resilient to end-to-end failures, it is essential that all fault-points and fault-modes are understood and operationalized. - potentialBenefits: Enhanced system resiliency + potentialBenefits Enhanced system resiliency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Failure mode analysis for Azure applications - url: https://learn.microsoft.com/azure/architecture/resiliency/failure-mode-analysis + - name: Failure mode analysis for Azure applications + url: "https://learn.microsoft.com/azure/architecture/resiliency/failure-mode-analysis" - description: Use PaaS Azure services instead of IaaS aprlGuid: 097651d8-6e62-314a-9299-a0234ffd190e @@ -66,15 +66,15 @@ recommendationMetadataState: Active longDescription: | PaaS provides a framework for developing and running apps. As with IaaS, the PaaS provider hosts and maintains the platform's servers, networks, storage, and other computing resources. But PaaS also includes tools, services, and systems that support the web application lifecycle. Developers use the platform to build apps without having to manage backups, security solutions, upgrades, and other administrative tasks. - potentialBenefits: Saves time, enhances security, simplifies app lifecycle + potentialBenefits Saves time, enhances security, simplifies app lifecycle pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Use platform as a service (PaaS) options - url: https://learn.microsoft.com/azure/architecture/guide/design-principles/managed-services + - name: Use platform as a service (PaaS) options + url: "https://learn.microsoft.com/azure/architecture/guide/design-principles/managed-services" - description: Design the application to scale out aprlGuid: 7f4c76d7-f9d4-d643-ab73-4d8f27fd7ed9 @@ -85,15 +85,15 @@ recommendationMetadataState: Active longDescription: | Azure provides elastic scalability and you should design to scale out. However, applications must leverage a scale-unit approach to navigate service and subscription limits to ensure that individual components and the application as a whole can scale horizontally. Don't forget about scale in, which is important to reduce cost. For example, scale in and out for App Service is done via rules. Often customers write scale out rules and never write scale in rules, which leaves the App Service more expensive. - potentialBenefits: Enhances scalability & cost efficiency + potentialBenefits Enhances scalability & cost efficiency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Design to scale out - url: https://learn.microsoft.com/azure/architecture/guide/design-principles/scale-out + - name: Design to scale out + url: "https://learn.microsoft.com/azure/architecture/guide/design-principles/scale-out" - description: Create a landing zone for the workload following the Microsoft Cloud Adoption Framework aprlGuid: 6132a11a-3ea0-e64c-877b-f01ca1de79d4 @@ -104,15 +104,15 @@ recommendationMetadataState: Active longDescription: | From a workload perspective, a landing zone refers to a prepared platform into which the application gets deployed. A landing zone implementation can have compute, data sources, access controls, and networking components already provisioned. With the required plumbing ready in place; the workload needs to plug into it. When considering the overall security, a landing zone offers centralized security capabilities that adds a threat mitigation layer for the workload. Implementations can vary but here are some common strategies that enhance the security posture. - Isolation through segmentation. You can isolate assets at several layers from Azure enrollment down to a subscription that has the resources for the workload. - Consistent adoption of organizational policies, enforce creation and deletion of services and their configuration through Azure Policy. - Configurations that align with principles of Zero Trust . For instance an implementation might have network connectivity to on-premises data centers. - potentialBenefits: Enhances security & speeds deployment + potentialBenefits Enhances security & speeds deployment pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Azure landing zone integration - url: https://learn.microsoft.com/azure/well-architected/security/design-governance-landing-zone + - name: Azure landing zone integration + url: "https://learn.microsoft.com/azure/well-architected/security/design-governance-landing-zone" - description: Design a BCDR strategy that will help to meet the business requirements aprlGuid: b09061cb-d536-1347-9957-390c2d0cfa3d @@ -123,15 +123,15 @@ recommendationMetadataState: Active longDescription: | Disaster recovery is the process of restoring application functionality after a catastrophic loss. In cloud environments, we acknowledge up front that failures happen. Instead of trying to prevent failures altogether, the goal is to minimize the effects of a single failing component. Testing is one way to minimize these effects. You should automate testing of your applications where possible, but you also need to be prepared for when they fail. When a failure happens, having backup and recovery strategies becomes important. Your tolerance for reduced functionality during a disaster is a business decision that varies from one application to the next. It might be acceptable for some applications to be temporarily unavailable, or partially available with reduced functionality or delayed processing. For other applications, any reduced functionality is unacceptable. Key points: - Create and test a disaster recovery plan regularly using key failure scenarios. - Design a disaster recovery strategy to run most applications with reduced functionality. - Design a backup strategy that's tailored for the business requirements and circumstances of the application. - Automate failover and failback steps and processes. - Test and validate the failover and failback approach successfully at least once. - potentialBenefits: Minimizes disaster impact, ensures operational continuity + potentialBenefits Minimizes disaster impact, ensures operational continuity pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Backup and disaster recovery for Azure applications - url: https://learn.microsoft.com/azure/well-architected/resiliency/backup-and-recovery + - name: Backup and disaster recovery for Azure applications + url: "https://learn.microsoft.com/azure/well-architected/resiliency/backup-and-recovery" - description: Provide security assurance through identity management aprlGuid: 835e616d-78e6-7f4c-a48b-6f80382a48cf @@ -142,15 +142,15 @@ recommendationMetadataState: Active longDescription: | Provide security assurance through identity management: the process of authenticating and authorizing security principals. Use identity management services to authenticate and grant permission to users, partners, customers, applications, services, and other entities. Identity management is typically a centralized function not controlled by the workload team as a part of the workload's architecture. - Define clear lines of responsibility and separation of duties for each function. Restrict access based on a need-to-know basis and least privilege security principles. - Assign permissions to users, groups, and applications at a certain scope through Azure RBAC. Use built-in roles when possible. - Prevent deletion or modification of a resource, resource group, or subscription through management locks. - Use managed identities to access resources in Azure. - potentialBenefits: Enhanced access control & security + potentialBenefits Enhanced access control & security pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Azure identity and access management considerations - url: https://learn.microsoft.com/azure/well-architected/security/design-identity + - name: Azure identity and access management considerations + url: "https://learn.microsoft.com/azure/well-architected/security/design-identity" - description: Addressing security risks minimizes downtime and data loss from exposures aprlGuid: c5d8f87e-45ef-1644-a4aa-95ec08b88109 @@ -161,13 +161,13 @@ recommendationMetadataState: Active longDescription: | Security is one of the most important aspects of any architecture. It provides the following assurances against deliberate attacks and abuse of your valuable data and systems: Confidentiality ,Integrity, and Availability. The security of complex systems depends on understanding the business context, social context, and technical context. As you design your system, cover these areas: - Ensure that the identity provider (AAD/ADFS/AD/Other) is highly available and aligns with application availability and recovery targets. - All external application endpoints are secured. - Communication to Azure PaaS services secured using Virtual Network Service Endpoints or Private Link. - Keys and secrets are backed-up to geo-redundant storage, and are still available in a failover case. - Ensure that the process for key rotation is automated and tested. - Emergency access break glass accounts have been tested and secured for recovering from Identity provider failure scenarios. - potentialBenefits: Minimizes downtime & data loss + potentialBenefits Minimizes downtime & data loss pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Security design principles - url: https://learn.microsoft.com/azure/well-architected/security/security-principles + - name: Security design principles + url: "https://learn.microsoft.com/azure/well-architected/security/security-principles" diff --git a/azure-waf/monitor/recommendations.yaml b/azure-waf/monitor/recommendations.yaml index a6f3e4921..d155be79e 100644 --- a/azure-waf/monitor/recommendations.yaml +++ b/azure-waf/monitor/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Monitoring and diagnostics are crucial for availability and resiliency. If something fails, you need to know that it failed, when it failed, and why. Monitoring isn't the same as failure detection. For example, your application might detect a transient error and retry, avoiding downtime. It should also log the retry operation so that you can monitor the error rate to get an overall picture of application health. Key points: - Define alerts that are actionable and effectively prioritized. - Create alerts that poll for services nearing their limits and quotas. - Use application instrumentation to detect and resolve performance anomalies. - Track the progress of long-running processes. - Troubleshoot issues to gain an overall view of application health. - Document how to analyze, diagnose, and respond to signals being monitored - potentialBenefits: Enhanced availability and issue tracking + potentialBenefits Enhanced availability and issue tracking pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Monitoring application health for reliability - url: https://learn.microsoft.com/azure/well-architected/resiliency/monitoring + - name: Monitoring application health for reliability + url: "https://learn.microsoft.com/azure/well-architected/resiliency/monitoring" - description: Define a health model based on performance, availability, and recovery targets aprlGuid: 5dd7a9a3-fb79-004d-bc89-c9ef79890900 @@ -26,15 +26,15 @@ recommendationMetadataState: Active longDescription: | The health model should be able to surface the health of critical system flows or key subsystems to ensure that appropriate operational prioritization is applied. For example, the health model should be able to represent the current state of the user sign-in transaction flow. The health model shouldn't treat all failures the same. The health model should distinguish between transient and non transient faults. It should clearly distinguish between expected-transient but recoverable failures and a true disaster state. Key points: - Know how to tell if an application is healthy or unhealthy. - Understand the effects of logs in diagnostic data. - Ensure the consistent use of diagnostic settings across the application. - Use critical system flows in your health model. - potentialBenefits: Enhanced system health insights + potentialBenefits Enhanced system health insights pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Health modeling for reliability - url: https://learn.microsoft.com/azure/well-architected/resiliency/monitor-model + - name: Health modeling for reliability + url: "https://learn.microsoft.com/azure/well-architected/resiliency/monitor-model" - description: Create Dashboards and Alerts for Azure Platform resources aprlGuid: 1691bfea-c9fd-0948-969a-03e5abcab299 @@ -45,15 +45,15 @@ recommendationMetadataState: Active longDescription: | In this stage, telemetry data is presented so that an operator can quickly notice problems or trends. Examples include Workbook, Dashboards or email alerts. With Azure Workbooks and/or dashboards, you can build a single pane of glass view of monitoring graphs originating from Application Insights, Log Analytics, Azure Monitor metrics and service health. With Azure Monitor alerts, you can create alerts on service health and resource health. - potentialBenefits: Quick issue detection & response + potentialBenefits Quick issue detection & response pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Azure Workbooks templates - url: https://learn.microsoft.com/azure/azure-monitor/visualize/workbooks-templates + - name: Azure Workbooks templates + url: "https://learn.microsoft.com/azure/azure-monitor/visualize/workbooks-templates" - description: Ensure that the right people in your organization will be notified about any future service issues aprlGuid: 1422b388-5d23-5641-ba1c-139a59fb7b4c @@ -64,15 +64,15 @@ recommendationMetadataState: Active longDescription: | Azure offers a suite of experiences to keep you informed about the health of your cloud resources. The Service Health portal tracks four types of health events that may impact your resources: - Service issues - Problems in the Azure services that affect you right now (Outages) - Planned maintenance - Upcoming maintenance that can affect the availability of your services in the future. - Health advisories - Changes in Azure services that require your attention. Examples include deprecation of Azure features or upgrade requirements (e.g upgrade to a supported PHP framework). - Security advisories - Security related notifications or violations that may affect the availability of your Azure services. - potentialBenefits: Quick issue alerts to key personnel + potentialBenefits Quick issue alerts to key personnel pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Create a Service Health alert using the Azure portal - url: https://learn.microsoft.com/azure/service-health/alerts-activity-log-service-notifications-portal#create-a-service-health-alert-using-the-azure-portal + - name: Create a Service Health alert using the Azure portal + url: "https://learn.microsoft.com/azure/service-health/alerts-activity-log-service-notifications-portal#create-a-service-health-alert-using-the-azure-portal" - description: Utilize built-in Resilience policies aprlGuid: 2af4f8c2-bafc-4808-88df-0af009a019b5 @@ -83,15 +83,15 @@ recommendationMetadataState: Active longDescription: | Utilize Azure's built-in Resilience policies to audit and enforce resilient configurations of Azure services. Azure Policy helps to enforce organizational standards and to assess compliance at-scale. - potentialBenefits: Ensures compliance & upscale resilience + potentialBenefits Ensures compliance & upscale resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Built-in Resilience policy definitions - url: https://github.com/Azure/azure-policy/tree/master/built-in-policies/policyDefinitions/Resilience - - name: Get policy compliance data - url: https://learn.microsoft.com/azure/governance/policy/how-to/get-compliance-data + - name: Built-in Resilience policy definitions + url: "https://github.com/Azure/azure-policy/tree/master/built-in-policies/policyDefinitions/Resilience" + - name: Get policy compliance data + url: "https://learn.microsoft.com/azure/governance/policy/how-to/get-compliance-data" diff --git a/azure-waf/respond/recommendations.yaml b/azure-waf/respond/recommendations.yaml index 01e685f8a..eb7ab07a9 100644 --- a/azure-waf/respond/recommendations.yaml +++ b/azure-waf/respond/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Prevention of all problems is a laudable, but impossible goal. Things will go wrong, so we need a plan to limit the impact on our end users and return operations to normal as quickly as possible. The key is to respond with urgency, rather than react. A reaction tends to be more impulsive and based in the present moment, without consideration of long-term effects. A response is well-thought-out, organized, and information based. Your incident response approach determines your effectiveness at: Understanding what�s going on (diagnosing the problem) Triaging (determining the urgency) and prioritizing the problem Engaging the right resources to mitigate the issue(s), and Communicating with stakeholders about the problem After the problem has been remediated, you can then learn from the incident through a post-incident review process. That's an important subject which has a whole separate module worth of discussion. - potentialBenefits: Quicker recovery, less impact + potentialBenefits Quicker recovery, less impact pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Importance of incident response - url: https://learn.microsoft.com/training/modules/improve-reliability-incidents/2-importance - - name: Incident tracking - url: https://learn.microsoft.com/training/modules/improve-reliability-incidents/5-tracking + - name: Importance of incident response + url: "https://learn.microsoft.com/training/modules/improve-reliability-incidents/2-importance" + - name: Incident tracking + url: "https://learn.microsoft.com/training/modules/improve-reliability-incidents/5-tracking" diff --git a/azure-waf/test/recommendations.yaml b/azure-waf/test/recommendations.yaml index ae2ea91d4..05fc5d0cf 100644 --- a/azure-waf/test/recommendations.yaml +++ b/azure-waf/test/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Applications should be tested to ensure availability and resiliency. Availability describes the amount of time that an application runs in a healthy state without significant downtime. Resiliency describes how quickly an application recovers from failure. Being able to measure availability and resiliency can answer questions like: How much downtime is acceptable? How much does potential downtime cost your business? What are your availability requirements? How much do you invest in making your application highly available? What is the risk versus the cost? Testing plays a critical role in making sure your applications can meet these requirements. Key points: - Test regularly to validate existing thresholds, targets, and assumptions. - Automate testing as much as possible. - Perform testing on both key Test environments and the production environment. - Verify how the end-to-end workload performs under intermittent failure conditions. - Test the application against critical functional and nonfunctional requirements for performance. - Conduct load testing with expected peak volumes to Test scalability and performance under load. - Perform chaos testing by injecting faults. - potentialBenefits: Improves uptime & speeds recovery + potentialBenefits Improves uptime & speeds recovery pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Testing applications for availability and resiliency - url: https://learn.microsoft.com/azure/well-architected/resiliency/testing + - name: Testing applications for availability and resiliency + url: "https://learn.microsoft.com/azure/well-architected/resiliency/testing" - description: Consider building logic into your workload to handle errors aprlGuid: 155dda00-c264-1b45-8ac0-d6f68178844f @@ -26,15 +26,15 @@ recommendationMetadataState: Active longDescription: | In a distributed system, ensuring that your application can recover from errors is critical. You can test your applications to prevent errors and failure, but you need to prepare for a wide range of issues. Testing doesn't always catch everything, so you should understand how to handle errors and prevent potential failure. Many things in a distributed system, such as underlying cloud infrastructure and third-party runtime dependencies, are outside your span of control and your means to test. You can be sure something will fail eventually, so you need to be prepared. Key points: - Implement retry logic to handle transient application failures and transient failures with internal or external dependencies. - Uncover issues or failures in your application's retry logic. - Configure request timeouts to manage intercomponent calls. - Configure and test health probes for your load balancers and traffic managers. - Segregate read operations from update operations across application data stores. - potentialBenefits: Enhances recovery & error management + potentialBenefits Enhances recovery & error management pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Error handling for resilient applications in Azure - url: https://learn.microsoft.com/azure/well-architected/resiliency/app-design-error-handling + - name: Error handling for resilient applications in Azure + url: "https://learn.microsoft.com/azure/well-architected/resiliency/app-design-error-handling" - description: Perform disaster recovery tests regularly aprlGuid: 1b612a06-28dc-e64e-9057-17467e57764a @@ -45,15 +45,15 @@ recommendationMetadataState: Active longDescription: | Disaster recovery is the process of restoring application functionality after a catastrophic loss. In cloud environments, we acknowledge up front that failures happen. Instead of trying to prevent failures altogether, the goal is to minimize the effects of a single failing component. Testing is one way to minimize these effects. You should automate testing of your applications where possible, but you also need to be prepared for when they fail. When a failure happens, having backup and recovery strategies becomes important. Your tolerance for reduced functionality during a disaster is a business decision that varies from one application to the next. It might be acceptable for some applications to be temporarily unavailable, or partially available with reduced functionality or delayed processing. For other applications, any reduced functionality is unacceptable. Key points - Create and test a disaster recovery plan regularly using key failure scenarios. - Design a disaster recovery strategy to run most applications with reduced functionality. - Design a backup strategy that's tailored for the business requirements and circumstances of the application. - Automate failover and failback steps and processes. - Test and validate the failover and failback approach successfully at least once. - potentialBenefits: Enhances recovery speed and reliability + potentialBenefits Enhances recovery speed and reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Backup and disaster recovery for Azure applications - url: https://learn.microsoft.com/azure/well-architected/resiliency/backup-and-recovery + - name: Backup and disaster recovery for Azure applications + url: "https://learn.microsoft.com/azure/well-architected/resiliency/backup-and-recovery" - description: Use chaos engineering to test Azure applications aprlGuid: e10f11a5-9c5b-6c4c-a684-4d9f4063127a @@ -64,15 +64,15 @@ recommendationMetadataState: Active longDescription: | Ideally, you should apply chaos principles continuously. There's constant change in the environments in which software and hardware run, so monitoring the changes is key. By constantly applying stress or faults on components, you can help expose issues early, before small problems are compounded by many other factors. Apply chaos engineering principles when you: - Deploy new code. - Add dependencies. - Observe changes in usage patterns. - Mitigate problems. - potentialBenefits: Early issue detection, prevents compounding + potentialBenefits Early issue detection, prevents compounding pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Use chaos engineering to test Azure applications - url: https://learn.microsoft.com/azure/well-architected/resiliency/chaos-engineering + - name: Use chaos engineering to test Azure applications + url: "https://learn.microsoft.com/azure/well-architected/resiliency/chaos-engineering" - description: Test application fault resiliency aprlGuid: c8ba80d4-20d9-456f-a2bd-8e6d488d8ff9 @@ -83,13 +83,13 @@ recommendationMetadataState: Active longDescription: | High availability is a fundamental part of the SQL Database platform that works transparently for your database application. However, we recognize that you may want to test how the automatic failover operations initiated during planned or unplanned events would impact an application before you deploy it to production. You can manually trigger a failover by calling a special API to restart a database, or an elastic pool. In the case of a zone-redundant serverless or provisioned General Purpose database or elastic pool, the API call would result in redirecting client connections to the new primary in an Availability Zone different from the Availability Zone of the old primary. So in addition to testing how failover impacts existing database sessions, you can also verify if it changes the end-to-end performance due to changes in network latency. Because the restart operation is intrusive and a large number of them could stress the platform, only one failover call is allowed every 15 minutes for each database or elastic pool. - potentialBenefits: Enhances fault resilience testing + potentialBenefits Enhances fault resilience testing pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Test application fault resiliency - url: https://learn.microsoft.com/en-us/azure/azure-sql/database/high-availability-sla?view=azuresql&tabs=azure-powershell#testing-application-fault-resiliency + - name: Test application fault resiliency + url: "https://learn.microsoft.com/en-us/azure/azure-sql/database/high-availability-sla?view=azuresql&tabs=azure-powershell#testing-application-fault-resiliency" From 8fe50fd2bff15e0a7820172ca77c197226643c45 Mon Sep 17 00:00:00 2001 From: "Rodrigo Reis Santos (AZURE)" Date: Wed, 10 Apr 2024 10:51:24 -0400 Subject: [PATCH 03/11] updates --- .../AVS/privateClouds/recommendations.yaml | 38 +++++------ .../service/recommendations.yaml | 6 +- .../automationAccounts/recommendations.yaml | 2 +- .../Batch/batchAccounts/recommendations.yaml | 4 +- .../Cache/Redis/recommendations.yaml | 2 +- .../Cdn/profiles/recommendations.yaml | 30 ++++----- .../Compute/galleries/recommendations.yaml | 6 +- .../recommendations.yaml | 22 +++---- .../virtualMachines/recommendations.yaml | 52 +++++++-------- .../registries/recommendations.yaml | 20 +++--- .../managedClusters/recommendations.yaml | 48 +++++++------- .../flexibleServers/recommendations.yaml | 4 +- .../flexibleServers/recommendations.yaml | 4 +- .../workspaces/recommendations.yaml | 60 ++++++++--------- .../hostPools/recommendations.yaml | 64 +++++++++---------- .../Devices/IotHubs/recommendations.yaml | 12 ++-- .../databaseAccounts/recommendations.yaml | 18 +++--- .../EventGrid/topics/recommendations.yaml | 6 +- .../EventHub/namespaces/recommendations.yaml | 4 +- .../activityLogAlerts/recommendations.yaml | 4 +- .../Insights/components/recommendations.yaml | 2 +- .../KeyVault/vaults/recommendations.yaml | 10 +-- .../netAppAccounts/recommendations.yaml | 24 +++---- .../recommendations.yaml | 6 +- .../applicationGateways/recommendations.yaml | 18 +++--- .../azureFirewalls/recommendations.yaml | 12 ++-- .../Network/connections/recommendations.yaml | 4 +- .../ddosProtectionPlans/recommendations.yaml | 2 +- .../expressRouteCircuits/recommendations.yaml | 14 ++-- .../expressRoutePorts/recommendations.yaml | 6 +- .../loadBalancers/recommendations.yaml | 8 +-- .../recommendations.yaml | 10 +-- .../networkWatchers/recommendations.yaml | 4 +- .../privateDnsZones/recommendations.yaml | 6 +- .../privateEndpoints/recommendations.yaml | 2 +- .../publicIPAddresses/recommendations.yaml | 6 +- .../Network/routeTables/recommendations.yaml | 4 +- .../recommendations.yaml | 8 +-- .../recommendations.yaml | 24 +++---- .../virtualNetworks/recommendations.yaml | 6 +- .../recommendations.yaml | 2 +- .../workspaces/recommendations.yaml | 6 +- .../vaults/recommendations.yaml | 8 +-- .../resourceGroups/recommendations.yaml | 4 +- .../namespaces/recommendations.yaml | 2 +- .../SignalR/recommendations.yaml | 2 +- .../Sql/servers/recommendations.yaml | 12 ++-- .../storageAccounts/recommendations.yaml | 16 ++--- .../subscriptions/recommendations.yaml | 3 +- .../imageTemplates/recommendations.yaml | 5 +- .../Web/serverFarms/recommendations.yaml | 11 ++-- .../Web/sites/recommendations.yaml | 13 ++-- .../recommendations.yaml | 52 +++++++-------- azure-waf/define/recommendations.yaml | 4 +- azure-waf/deploy/recommendations.yaml | 4 +- azure-waf/design/recommendations.yaml | 18 +++--- azure-waf/monitor/recommendations.yaml | 10 +-- azure-waf/respond/recommendations.yaml | 2 +- azure-waf/test/recommendations.yaml | 10 +-- 59 files changed, 381 insertions(+), 385 deletions(-) diff --git a/azure-resources/AVS/privateClouds/recommendations.yaml b/azure-resources/AVS/privateClouds/recommendations.yaml index ec3a22166..86224d7f5 100644 --- a/azure-resources/AVS/privateClouds/recommendations.yaml +++ b/azure-resources/AVS/privateClouds/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Ensure Azure Service Health notifications are set for Azure VMware Solution across all used regions and subscriptions. This communicates service/security issues and maintenance activities like host replacements and upgrades, reducing service request submissions. - potentialBenefits Prompt mitigation of issues. + potentialBenefits: Prompt mitigation of issues. pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | Set an alert for when the node count in Azure VMware Solution Private Cloud hits or exceeds 90 hosts, enabling timely planning for a new private cloud. - potentialBenefits Proactive capacity planning + potentialBenefits: Proactive capacity planning pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -45,7 +45,7 @@ recommendationMetadataState: Active longDescription: | Alert when the cluster size reaches 14 hosts. Set up periodic alerts for planning new clusters or datastores due to growth, especially from storage needs. Beyond 14 hosts, trigger alerts for each new host addition for proactive resource monitoring. - potentialBenefits Proactive resource management + potentialBenefits: Proactive resource management pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -64,7 +64,7 @@ recommendationMetadataState: Active longDescription: | Use the Interconnect feature for direct communication between private clouds in different availability zones, enabling connectivity between the private clouds management and workload networks. - potentialBenefits Enhanced private cloud connectivity + potentialBenefits: Enhanced private cloud connectivity pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -83,7 +83,7 @@ recommendationMetadataState: Active longDescription: | Ensure two external identity sources are configured for NSX and vCenter Server. The VMware vCenter Server and NSX Manager use these for authentication with external identities. - potentialBenefits Continuous login access during maintenances + potentialBenefits: Continuous login access during maintenances pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -104,7 +104,7 @@ recommendationMetadataState: Active longDescription: | Enable Network Extension High Availability for appliance failure tolerance in HCX service. It pairs selected appliances for Active Standby configuration, ensuring high availability and quick recovery, keeping configurations in-service despite failures. - potentialBenefits Improves HCX service continuity + potentialBenefits: Improves HCX service continuity pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -125,7 +125,7 @@ recommendationMetadataState: Active longDescription: | Do not extend the network used by the HCX Management devices to ensure the network's security and stability. - potentialBenefits Enhanced network safety & performance + potentialBenefits: Enhanced network safety & performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -144,7 +144,7 @@ recommendationMetadataState: Active longDescription: | For Azure VMware Solution, enabling Stretched Clusters offers 99.99% SLA, synchronous storage replication (RPO=0), and spreads vSAN datastore across two AZs. Must be done at initial setup, needing double quota due to extension across AZs. - potentialBenefits 99.99% SLA, 0 RPO, Multi-AZ + potentialBenefits: 99.99% SLA, 0 RPO, Multi-AZ pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -165,7 +165,7 @@ recommendationMetadataState: Active longDescription: | The Azure VMware Solution's service SLA is influenced by vSAN storage policies, which change based on cluster size. For clusters over 6 hosts, an FTT-2 policy (RAID-1 or RAID-6) is advised. FTT refers to the Fault Tolerance feature. - potentialBenefits Enhanced cluster reliability + potentialBenefits: Enhanced cluster reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -186,7 +186,7 @@ recommendationMetadataState: Active longDescription: | Ensure VMware vSAN datastore slack space is maintained for SLA by monitoring storage utilization and setting alerts at 70% and 75% utilization to allow for capacity planning. To expand, add hosts or external storage like Azure Elastic SAN, Azure NetApp Files, if CPU and RAM requirements are met. - potentialBenefits Optimized capacity planning for vSAN + potentialBenefits: Optimized capacity planning for vSAN pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -205,7 +205,7 @@ recommendationMetadataState: Active longDescription: | Ensure Diagnostic Settings are configured for each private cloud to send syslogs to external sources for analysis and/or archiving. Azure VMware Solution Syslogs contain data for troubleshooting and performance, aiding quicker issue resolution and early detection of issues. - potentialBenefits Faster issue resolution, early detection + potentialBenefits: Faster issue resolution, early detection pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -224,7 +224,7 @@ recommendationMetadataState: Active longDescription: | Ensure sufficient compute resources to avoid host resource exhaustion in Azure VMware Solution, which utilizes vSphere DRS and HA for dynamic workload resource management. However, sustained CPU utilization over 95% may increase CPU Ready times, impacting workloads. - potentialBenefits Avoids resource exhaustion, optimizes performance + potentialBenefits: Avoids resource exhaustion, optimizes performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -243,7 +243,7 @@ recommendationMetadataState: Active longDescription: | Ensure sufficient memory resources to prevent host resource exhaustion in Azure VMware Solution. It uses vSphere DRS and vSphere HA for dynamic workload management. Yet, continuous memory use over 95% leads to disk swapping, affecting workloads. - potentialBenefits Avoids host exhaustion & swapping + potentialBenefits: Avoids host exhaustion & swapping pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -262,7 +262,7 @@ recommendationMetadataState: Active longDescription: | Applying a resource delete lock to the Azure VMware Solution Private Cloud resource group prevents unauthorized or accidental deletion by anyone with contributor access, ensuring the protection and reliability of the Azure VMware Solution Private Cloud. - potentialBenefits Prevents accidental deletion + potentialBenefits: Prevents accidental deletion pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -281,7 +281,7 @@ recommendationMetadataState: Active longDescription: | Microsoft suggests using two or more ExpressRoute circuits at distinct peering locations for critical workloads. Connect these circuits and your Azure VMware Solutions private clouds using Global Reach. - potentialBenefits Enhanced circuit resilience for Azure VMware + potentialBenefits: Enhanced circuit resilience for Azure VMware pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -302,7 +302,7 @@ recommendationMetadataState: Active longDescription: | Two Azure VMware Solution private clouds can be deployed in different regions for business continuity, implementing a mesh network topology based on ExpressRoute Gateway Connections and Global Reach Connections. - potentialBenefits Enhanced disaster recovery + potentialBenefits: Enhanced disaster recovery pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -323,7 +323,7 @@ recommendationMetadataState: Active longDescription: | Azure VMware Solution vSAN stretched clusters cover 2 Availability Zones plus a third for witness. Use ExpressRoute for added resilience by deploying two circuits in different locations. With Global Reach, create a mesh topology by connecting on-premises circuits to Azure's managed circuits. - potentialBenefits Enhanced resilience & connectivity + potentialBenefits: Enhanced resilience & connectivity pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -342,7 +342,7 @@ recommendationMetadataState: Active longDescription: | When using customer-managed keys for encrypting vSAN datastores, leveraging Azure Key Vault for central management and accessing them via a managed identity linked to the private cloud is advised. The expiration of these keys can render the vSAN datastore and its associated workloads inaccessible. - potentialBenefits Avoid outages with key auto-rotation + potentialBenefits: Avoid outages with key auto-rotation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -361,7 +361,7 @@ recommendationMetadataState: Active longDescription: | Azure VMware Solution private clouds support up to three DNS servers for a single FQDN, preventing a single DNS server from becoming a point of failure. It's crucial to use multiple DNS servers for on-premises FQDN resolution from each private cloud. - potentialBenefits Enhances reliability & avoids failure + potentialBenefits: Enhances reliability & avoids failure pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/ApiManagement/service/recommendations.yaml b/azure-resources/ApiManagement/service/recommendations.yaml index 68ad59dde..93bc1f457 100644 --- a/azure-resources/ApiManagement/service/recommendations.yaml +++ b/azure-resources/ApiManagement/service/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Upgrading the API Management instance to the Premium SKU adds support for Availability Zones, enhancing availability and resilience by distributing services across physically separate locations within Azure regions. - potentialBenefits Enhanced availability & resilience + potentialBenefits: Enhanced availability & resilience pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -28,7 +28,7 @@ recommendationMetadataState: Active longDescription: | Zone redundancy for APIM instances ensures the gateway and control plane (Management API, developer portal, Git configuration) are replicated across datacenters in physically separated zones, boosting resilience to zone failures. - potentialBenefits Improved resilience to zone failures + potentialBenefits: Improved resilience to zone failures pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -49,7 +49,7 @@ recommendationMetadataState: Active longDescription: | Upgrading to API Management stv2 is required as stv1 retires on 31 Aug 2024, offering enhanced capabilities with the new platform version. - potentialBenefits Ensures service continuity + potentialBenefits: Ensures service continuity pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Automation/automationAccounts/recommendations.yaml b/azure-resources/Automation/automationAccounts/recommendations.yaml index 87c5b823d..1bb775c0e 100644 --- a/azure-resources/Automation/automationAccounts/recommendations.yaml +++ b/azure-resources/Automation/automationAccounts/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Set up disaster recovery for Automation accounts and resources like Modules, Connections, Credentials, Certificates, Variables, and Schedules to deal with region or zone failures. A replica Automation account should be ready in a secondary region for failover. - potentialBenefits Ensures continuity during outages + potentialBenefits: Ensures continuity during outages pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Batch/batchAccounts/recommendations.yaml b/azure-resources/Batch/batchAccounts/recommendations.yaml index 545165065..fe3e0d9cf 100644 --- a/azure-resources/Batch/batchAccounts/recommendations.yaml +++ b/azure-resources/Batch/batchAccounts/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | To ensure cross-region disaster recovery and business continuity, set the right quotas for all Batch accounts to allocate necessary core numbers upfront, preventing execution interruptions from reaching quota limits. - potentialBenefits Ensures business continuity + potentialBenefits: Ensures business continuity pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | When using Virtual Machine Configuration for Azure Batch pools, opting to distribute your pool across Availability Zones bolsters your compute nodes against Azure datacenter failures. - potentialBenefits Enhanced reliability & failure protection + potentialBenefits: Enhanced reliability & failure protection pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Cache/Redis/recommendations.yaml b/azure-resources/Cache/Redis/recommendations.yaml index 9e57f4ac1..adf56a42e 100644 --- a/azure-resources/Cache/Redis/recommendations.yaml +++ b/azure-resources/Cache/Redis/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Azure Cache for Redis offers zone redundancy in Premium and Enterprise tiers, using VMs across multiple Availability Zones to ensure greater resilience and availability. - potentialBenefits Higher resilience & availability + potentialBenefits: Higher resilience & availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Cdn/profiles/recommendations.yaml b/azure-resources/Cdn/profiles/recommendations.yaml index cecc36a05..5816e6006 100644 --- a/azure-resources/Cdn/profiles/recommendations.yaml +++ b/azure-resources/Cdn/profiles/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | For most solutions, choose either Azure Front Door for content caching, CDN, TLS termination, and WAF, or Traffic Manager for simple global load balancing. - potentialBenefits Optimized network routing and security + potentialBenefits: Optimized network routing and security pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -32,7 +32,7 @@ recommendationMetadataState: Active longDescription: | Front Door's features perform optimally when traffic exclusively comes through Front Door. It's advised to set up your origin to deny access to traffic that bypasses Front Door. - potentialBenefits Enhances security & performance + potentialBenefits: Enhances security & performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -51,7 +51,7 @@ recommendationMetadataState: Active longDescription: | When working with Azure Front Door through APIs, ARM templates, Bicep, or SDKs, using the latest API or SDK version is crucial. Updates bring new functions, important security patches, and bug fixes. - potentialBenefits Enhanced security & features + potentialBenefits: Enhanced security & features pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -74,7 +74,7 @@ recommendationMetadataState: Active longDescription: | Front Door logs offer comprehensive telemetry on each request, crucial for understanding your solution's performance and responses, especially when caching is enabled, as origin servers might not receive every request. - potentialBenefits Enhanced insights and solution monitoring + potentialBenefits: Enhanced insights and solution monitoring pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -97,7 +97,7 @@ recommendationMetadataState: Active longDescription: | Front Door terminates TCP and TLS connections from clients and establishes new connections from each PoP to the origin. Securing these connections with TLS, even for Azure-hosted origins, ensures data is always encrypted during transit. - potentialBenefits Ensures data encryption in transit + potentialBenefits: Ensures data encryption in transit pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -116,7 +116,7 @@ recommendationMetadataState: Active longDescription: | Using HTTPS is ideal for secure connections. However, for compatibility with older clients, HTTP requests may be necessary. Azure Front Door enables auto redirection of HTTP to HTTPS, enhancing security without sacrificing accessibility. - potentialBenefits Enhances security and compliance + potentialBenefits: Enhances security and compliance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -135,7 +135,7 @@ recommendationMetadataState: Active longDescription: | When Front Door manages your TLS certificates, it reduces your operational costs and helps you to avoid costly outages caused by forgetting to renew a certificate. Front Door automatically issues and rotates the managed TLS certificates. - potentialBenefits Lowers costs, avoids outages + potentialBenefits: Lowers costs, avoids outages pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -154,7 +154,7 @@ recommendationMetadataState: Active longDescription: | If you use your own TLS certificates, set the Key Vault certificate version to 'Latest' to avoid reconfiguring Azure Front Door for new certificate versions and waiting for deployment across Front Door's environments. - potentialBenefits Saves time & automates TLS updates + potentialBenefits: Saves time & automates TLS updates pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -173,7 +173,7 @@ recommendationMetadataState: Active longDescription: | Front Door can rewrite Host headers for custom domain names routing to a single origin, useful for avoiding custom domain configuration at both Front Door and the origin. - potentialBenefits Improves session/auth handling + potentialBenefits: Improves session/auth handling pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -192,7 +192,7 @@ recommendationMetadataState: Active longDescription: | For internet-facing applications, enabling the Front Door web application firewall (WAF) and configuring it to use managed rules is recommended for protection against a wide range of attacks using Microsoft-managed rules. - potentialBenefits Enhances web app security + potentialBenefits: Enhances web app security pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -211,7 +211,7 @@ recommendationMetadataState: Active longDescription: | Front Door health probes help detect unavailable or unhealthy origins, directing traffic to alternate origins if needed. - potentialBenefits Reduces unnecessary origin traffic + potentialBenefits: Reduces unnecessary origin traffic pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -230,7 +230,7 @@ recommendationMetadataState: Active longDescription: | Consider selecting a webpage or location specifically designed for health monitoring as the endpoint for Azure Front Door's health probes. This should encompass the status of critical components like application servers, databases, and caches to serve production traffic efficiently. - potentialBenefits Improves traffic routing & uptime + potentialBenefits: Improves traffic routing & uptime pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -249,7 +249,7 @@ recommendationMetadataState: Active longDescription: | Health probes in Azure Front Door can use GET or HEAD HTTP methods. Using the HEAD method for health probes is a recommended practice because it reduces the traffic load on your origins, being less resource-intensive. - potentialBenefits Reduces traffic load on origins + potentialBenefits: Reduces traffic load on origins pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -268,7 +268,7 @@ recommendationMetadataState: Active longDescription: | Azure Front Door's geo-filtering through WAF enables defining custom access rules by country/region to restrict or allow web app access. - potentialBenefits Enhanced regional access control + potentialBenefits: Enhanced regional access control pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -287,7 +287,7 @@ recommendationMetadataState: Active longDescription: | Azure Private Link enables secure access to Azure PaaS and services over a private endpoint in your virtual network, ensuring traffic goes over the Microsoft backbone network, not the public internet. - potentialBenefits Enhanced security & private connectivity + potentialBenefits: Enhanced security & private connectivity pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Compute/galleries/recommendations.yaml b/azure-resources/Compute/galleries/recommendations.yaml index 75269c691..6e1dafa45 100644 --- a/azure-resources/Compute/galleries/recommendations.yaml +++ b/azure-resources/Compute/galleries/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Keeping a minimum of 3 replicas for production images in Azure's Compute Gallery ensures scalability and prevents throttling in multi-VM deployments by distributing VM deployments across different replicas. This reduces the risk of overloading a single replica. - potentialBenefits Enhances scalability & avoids throttling + potentialBenefits: Enhances scalability & avoids throttling pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | Use ZRS for high availability when creating image/VM versions in Azure Compute Gallery, offering resilience against Availability Zone failures. ZRS accounts are advisable in regions with Availability Zones, with the choice of Standard_ZRS recommended over Standard_LRS for these regions. - potentialBenefits Enhances image version availability + potentialBenefits: Enhances image version availability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -47,7 +47,7 @@ recommendationMetadataState: Active longDescription: | We recommend creating Trusted Launch Supported Images for benefits like Secure Boot, vTPM, trusted launch VMs, large boot volume. These are Gen 2 Images by default and you cannot change a VM's generation after creation, so review the considerations first. - potentialBenefits Enhances VM security and features + potentialBenefits: Enhances VM security and features pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Compute/virtualMachineScaleSets/recommendations.yaml b/azure-resources/Compute/virtualMachineScaleSets/recommendations.yaml index f88340672..c6922b831 100644 --- a/azure-resources/Compute/virtualMachineScaleSets/recommendations.yaml +++ b/azure-resources/Compute/virtualMachineScaleSets/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Deploying even single instance VMs into a scale set with Flexible orchestration mode future-proofs applications for scaling and availability. This mode guarantees high availability (up to 1000 VMs) by distributing VMs across fault domains in a region or within an Availability Zone. - potentialBenefits Higher scalability & availability + potentialBenefits: Higher scalability & availability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -28,7 +28,7 @@ recommendationMetadataState: Active longDescription: | Monitoring application health in Azure Virtual Machine Scale Sets is crucial for deployment management. It supports rolling upgrades such as automatic OS-image upgrades and VM guest patching, leveraging health monitoring for upgrading. - potentialBenefits Enhances deployment management & upgrades + potentialBenefits: Enhances deployment management & upgrades pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -47,7 +47,7 @@ recommendationMetadataState: Active longDescription: | Enabling automatic instance repairs in Azure Virtual Machine Scale Sets enhances application availability through a continuous health check and maintenance process. - potentialBenefits Boosts app availability by auto-repair + potentialBenefits: Boosts app availability by auto-repair pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -66,7 +66,7 @@ recommendationMetadataState: Active longDescription: | Use custom autoscale for VMSS based on metrics and schedules to improve performance and cost effectiveness, adjusting instances as demand changes. - potentialBenefits Enhances performance & cost-efficiency + potentialBenefits: Enhances performance & cost-efficiency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -87,7 +87,7 @@ recommendationMetadataState: Active longDescription: | Predictive autoscale utilizes machine learning to efficiently manage and scale Azure Virtual Machine Scale Sets by forecasting CPU load through historical usage analysis, ensuring timely scale-out to meet demand. - potentialBenefits Optimizes scaling with ML predictions + potentialBenefits: Optimizes scaling with ML predictions pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -106,7 +106,7 @@ recommendationMetadataState: Active longDescription: | Microsoft advises disabling strictly even VM instance distribution across Availability Zones in VMSS to improve scalability and flexibility, noting that uneven distribution may better serve application load demands despite the potential trade-off in resilience. - potentialBenefits Improves scaling, reduces fail attempts + potentialBenefits: Improves scaling, reduces fail attempts pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -125,7 +125,7 @@ recommendationMetadataState: Active longDescription: | Max spreading distributes VMs across multiple fault domains per zone, potentially more or less than five, enhancing resilience. Static spreading limits VMs to exactly five fault domains. If five distinct domains aren't available, allocation fails. - potentialBenefits Enhances fault tolerance + potentialBenefits: Enhances fault tolerance pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -144,7 +144,7 @@ recommendationMetadataState: Active longDescription: | When creating VMSS, implement availability zones as a protection measure for your applications and data against the rare event of datacenter failure. - potentialBenefits Enhances disaster resilience + potentialBenefits: Enhances disaster resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -165,7 +165,7 @@ recommendationMetadataState: Active longDescription: | Enabling automatic VM guest patching eases update management by safely, automatically patching virtual machines to maintain security compliance, while limiting blast radius of VMs. Note, the KQL will not return sets using Uniform orchestration. - potentialBenefits Eases patch management, enhances security + potentialBenefits: Eases patch management, enhances security pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -186,7 +186,7 @@ recommendationMetadataState: Active longDescription: | Using current image versions prevents disruption from deprecation, ensuring uninterrupted deployment of VMs and VMSS. - potentialBenefits Avoid disruptions by updating VMSS images. + potentialBenefits: Avoid disruptions by updating VMSS images. pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -205,7 +205,7 @@ recommendationMetadataState: Active longDescription: | Using SSD disks for Production workloads is advised as HDDs could negatively impact resources, being suitable only for non-critical resources or those needing infrequent access. - potentialBenefits Faster access & reliability for VMSS + potentialBenefits: Faster access & reliability for VMSS pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Compute/virtualMachines/recommendations.yaml b/azure-resources/Compute/virtualMachines/recommendations.yaml index dbae4ce7f..b508b3d55 100644 --- a/azure-resources/Compute/virtualMachines/recommendations.yaml +++ b/azure-resources/Compute/virtualMachines/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Production VM workloads should be deployed on multiple VMs and grouped in a VMSS Flex instance to intelligently distribute across the platform, minimizing the impact of platform faults and updates. - potentialBenefits Enhanced fault/update resilience + potentialBenefits: Enhanced fault/update resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -28,7 +28,7 @@ recommendationMetadataState: Active longDescription: | Azure Availability Zones, within each Azure region, are tolerant to local failures, protecting applications and data against unlikely datacenter failures by being physically separate. - potentialBenefits Enhanced VM resilience to failures + potentialBenefits: Enhanced VM resilience to failures pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -47,7 +47,7 @@ recommendationMetadataState: Active longDescription: | Availability sets will soon be retired. Migrate workloads from VMs to VMSS Flex for deployment across zones or within the same zone across different fault domains (FDs) and update domains (UD) for better reliability. - potentialBenefits Enhances reliability & future-proofs VMs + potentialBenefits: Enhances reliability & future-proofs VMs pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -66,7 +66,7 @@ recommendationMetadataState: Active longDescription: | Replicating Azure VMs via Site Recovery entails continuous, asynchronous disk replication to a target region. Recovery points are generated every few minutes, ensuring a Recovery Point Objective (RPO) in minutes. - potentialBenefits Minimize downtime in disasters + potentialBenefits: Minimize downtime in disasters pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -87,7 +87,7 @@ recommendationMetadataState: Active longDescription: | Azure is retiring unmanaged disks on September 30, 2025. Users should plan the migration to avoid disruptions and maintain service reliability. - potentialBenefits Avoid retirement disruption, enhance reliability + potentialBenefits: Avoid retirement disruption, enhance reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -110,7 +110,7 @@ recommendationMetadataState: Active longDescription: | A data disk is a managed disk attached to a virtual machine for storing database or other essential data. These disks are SCSI drives labeled as per choice. - potentialBenefits Enhances performance, recovery, migration flexibility + potentialBenefits: Enhances performance, recovery, migration flexibility pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -131,7 +131,7 @@ recommendationMetadataState: Active longDescription: | Enable backups for your virtual machines with Azure Backup to secure and quickly recover your data. This service offers simple, secure, and cost-effective solutions for backing up and recovering data from the Microsoft Azure cloud. - potentialBenefits Secure data recovery and backup + potentialBenefits: Secure data recovery and backup pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -150,7 +150,7 @@ recommendationMetadataState: Active longDescription: | Premium SSD disks support I/O-intensive apps with high performance, low latency, ideal for production. Standard SSDs offer cost-effective solutions for less critical workloads with consistent performance. - potentialBenefits High-performance & reliability for critical apps + potentialBenefits: High-performance & reliability for critical apps pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -169,7 +169,7 @@ recommendationMetadataState: Active longDescription: | Azure Virtual Machines (VM) instances have various states, like provisioning and power states. A non-running VM may indicate issues or it being unnecessary, suggesting removal could help cut costs. - potentialBenefits Reduce costs by removing unused VMs + potentialBenefits: Reduce costs by removing unused VMs pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -188,7 +188,7 @@ recommendationMetadataState: Active longDescription: | Accelerated networking enables SR-IOV to a VM, greatly improving its networking performance by bypassing the host from the data path, which reduces latency, jitter, and CPU utilization for demanding network workloads on supported VM types. - potentialBenefits Reduces latency, jitter & CPU use + potentialBenefits: Reduces latency, jitter & CPU use pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -207,7 +207,7 @@ recommendationMetadataState: Active longDescription: | When Accelerated Networking is enabled, the default Azure VNet interface in GuestOS is swapped for a Mellanox, and its driver comes from a 3rd party. Marketplace images have the latest Mellanox drivers, but post-deployment, updating the driver is the user's responsibility. - potentialBenefits Enhanced VM network efficiency + potentialBenefits: Enhanced VM network efficiency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -226,7 +226,7 @@ recommendationMetadataState: Active longDescription: | For outbound internet connectivity of Virtual Machines, using NAT Gateway or Azure Firewall is recommended to enhance security and service resilience, thanks to their higher availability and SNAT ports. - potentialBenefits Enhanced security and service resiliency + potentialBenefits: Enhanced security and service resiliency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -245,7 +245,7 @@ recommendationMetadataState: Active longDescription: | Unless you have a specific reason, it's advised to associate a network security group to a subnet or a network interface, but not both, to avoid unexpected communication issues and troubleshooting due to potential rule conflicts between the two associations. - potentialBenefits Reduces communication problems + potentialBenefits: Reduces communication problems pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -264,7 +264,7 @@ recommendationMetadataState: Active longDescription: | IP forwarding allows a virtual machine network interface to receive and send network traffic not destined for or originating from its assigned IP addresses. - potentialBenefits Enhances network appliance function + potentialBenefits: Enhances network appliance function pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -283,7 +283,7 @@ recommendationMetadataState: Active longDescription: | Configure the DNS Server at the Virtual Network level to prevent any inconsistency across the environment. - potentialBenefits Ensures DNS consistency + potentialBenefits: Ensures DNS consistency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -302,7 +302,7 @@ recommendationMetadataState: Active longDescription: | Azure shared disks let you attach a disk to multiple VMs at once for deploying or migrating clustered applications, suitable only when a disk is shared among VM cluster members. - potentialBenefits Enhances clustered server performance + potentialBenefits: Enhances clustered server performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -323,7 +323,7 @@ recommendationMetadataState: Active longDescription: | Recommended changing to "Disable public access and enable private access" and creating a Private Endpoint to improve security by restricting direct public access and ensuring connections are made privately, enhancing data protection and minimizing potential external threats. - potentialBenefits Enhances VM security & privacy + potentialBenefits: Enhances VM security & privacy pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -342,7 +342,7 @@ recommendationMetadataState: Active longDescription: | Keeping your virtual machine (VM) secure is crucial for the applications you run. This involves using various Azure services and features to ensure secure access to your VMs and the secure storage of your data, aiming for overall security of your VM and applications. - potentialBenefits Secure VMs & applications + potentialBenefits: Secure VMs & applications pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -363,7 +363,7 @@ recommendationMetadataState: Active longDescription: | Azure Disk Storage encrypts data at rest automatically for managed disks, including OS and data disks. - potentialBenefits Enhances data security and integrity + potentialBenefits: Enhances data security and integrity pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -382,7 +382,7 @@ recommendationMetadataState: Active longDescription: | VM Insights monitors VM and scale set performance, health, running processes, and dependencies. It enhances the predictability of application performance and availability by pinpointing performance bottlenecks and network issues, and it clarifies if problems are related to other dependencies. - potentialBenefits Improves VM performance & health + potentialBenefits: Improves VM performance & health pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -403,7 +403,7 @@ recommendationMetadataState: Active longDescription: | Azure Monitor Metrics automatically receives platform metrics, but platform logs, which offer detailed diagnostics and auditing for resources and their Azure platform, need to be manually routed for collection. - potentialBenefits Enhanced diagnostics & auditing capability + potentialBenefits: Enhanced diagnostics & auditing capability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -422,7 +422,7 @@ recommendationMetadataState: Active longDescription: | The maintenance configuration settings let users schedule and manage updates, making sure the updates or interruptions on the VM are performed within a planned timeframe. - potentialBenefits Scheduled updates for VMs + potentialBenefits: Scheduled updates for VMs pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -441,7 +441,7 @@ recommendationMetadataState: Active longDescription: | A-series VMs are tailored for entry-level workloads like development and testing, including use cases such as development and test servers, low traffic web servers, and small to medium databases. - potentialBenefits Ensures full CPU usage for heavy tasks + potentialBenefits: Ensures full CPU usage for heavy tasks pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -460,7 +460,7 @@ recommendationMetadataState: Active longDescription: | Azure Premium SSDs provide high-performance, low-latency for IO-intensive VM workloads. Premium SSD v2 offers better performance at a lower cost, with adjustable capacity, throughput, IOPS, ideal for shifting needs, but not as OS Disks. - potentialBenefits Enhanced performance & cost efficiency + potentialBenefits: Enhanced performance & cost efficiency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -479,7 +479,7 @@ recommendationMetadataState: Active longDescription: | If the workload is Maintenance sensitive, consider using Azure Boost compatible VMs designed to lessen the impact on customers when Azure maintenance activities occur. - potentialBenefits Less maintenance impact + potentialBenefits: Less maintenance impact pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -500,7 +500,7 @@ recommendationMetadataState: Active longDescription: | If your workload is Maintenance sensitive, enable Scheduled Events. This Azure Metadata Service lets your app prepare for virtual machine maintenance by providing information on upcoming events like reboots, reducing disruptions. - potentialBenefits Minimize downtime for VMs + potentialBenefits: Minimize downtime for VMs pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/ContainerRegistry/registries/recommendations.yaml b/azure-resources/ContainerRegistry/registries/recommendations.yaml index 9e5e80e9e..478a3390b 100644 --- a/azure-resources/ContainerRegistry/registries/recommendations.yaml +++ b/azure-resources/ContainerRegistry/registries/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Choose a service tier of Azure Container Registry to meet your performance needs. Premium offers the most bandwidth and highest rate of read and write operations for high-volume deployments. Use Basic to start, Standard for production, and Premium for hyper-scale performance and geo-replication. - potentialBenefits High-volume support & geo-replication + potentialBenefits: High-volume support & geo-replication pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | Azure Container Registry's optional zone redundancy enhances resiliency and high availability for registries or replication resources in a specific region by distributing resources across multiple zones. - potentialBenefits Enhances resiliency & high availability + potentialBenefits: Enhances resiliency & high availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -45,7 +45,7 @@ recommendationMetadataState: Active longDescription: | Use Azure Container Registry's geo-replication for multi-region deployments to simplify registry management and minimize latency. It enables serving global customers from local data centers and supports distributed development teams. Regional webhooks can notify of events in replicas. - potentialBenefits Simplifies management, reduces latency + potentialBenefits: Simplifies management, reduces latency pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -66,7 +66,7 @@ recommendationMetadataState: Active longDescription: | Using repository namespaces allows a single registry to be shared across multiple groups and deployments within an organization, supporting nested namespaces for group isolation. However, repositories are managed independently, not hierarchically. - potentialBenefits Enables sharing & group isolation + potentialBenefits: Enables sharing & group isolation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -85,7 +85,7 @@ recommendationMetadataState: Active longDescription: | Container registries, used across multiple hosts, should be in their own resource group to prevent accidental deletion of images when container instances are deleted, preserving the image collection while experimenting with hosts. - potentialBenefits Safeguards image collection + potentialBenefits: Safeguards image collection pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -104,7 +104,7 @@ recommendationMetadataState: Active longDescription: | The storage constraints of Azure Container Registry's service tiers align with usage scenarios: Basic for starters, Standard for production, and Premium for high-scale performance & geo-replication. - potentialBenefits Reduce costs, optimize storage + potentialBenefits: Reduce costs, optimize storage pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -125,7 +125,7 @@ recommendationMetadataState: Active longDescription: | By default, Azure container registry requires authentication for pull/push actions. Enabling anonymous pull access exposes all content for public read actions. This applies to all repositories, potentially allowing unrestricted access if repository-scoped tokens are used. - potentialBenefits Enhanced security & controlled access + potentialBenefits: Enhanced security & controlled access pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -144,7 +144,7 @@ recommendationMetadataState: Active longDescription: | Resource Logs are not collected and stored until you create a diagnostic setting and route them to one or more locations. - potentialBenefits Enhanced tracking and debugging + potentialBenefits: Enhanced tracking and debugging pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -165,7 +165,7 @@ recommendationMetadataState: Active longDescription: | Monitoring Azure resources using Azure Monitor enhances their availability, performance, and operation. Azure Container Registry, a full-stack monitoring service, provides features for Azure and other cloud and on-premises resources. - potentialBenefits Enhanced monitoring & operation + potentialBenefits: Enhanced monitoring & operation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -186,7 +186,7 @@ recommendationMetadataState: Active longDescription: | Enabling soft delete in Azure Container Registry (ACR) allows for the management of deleted artifacts with a specified retention period. Users can list, filter, and restore these artifacts until automatically purged post-retention. - potentialBenefits Recovery of deleted artifacts + potentialBenefits: Recovery of deleted artifacts pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/ContainerService/managedClusters/recommendations.yaml b/azure-resources/ContainerService/managedClusters/recommendations.yaml index a3ff6eb42..67aa0aba2 100644 --- a/azure-resources/ContainerService/managedClusters/recommendations.yaml +++ b/azure-resources/ContainerService/managedClusters/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Azure Availability Zones ensure high availability by offering independent locations within regions, equipped with their own power, cooling, and networking to ensure applications and data are protected from datacenter-level failures. - potentialBenefits Enhanced fault tolerance for AKS + potentialBenefits: Enhanced fault tolerance for AKS pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -28,7 +28,7 @@ recommendationMetadataState: Active longDescription: | AKS assigns the kubernetes.azure.com/mode: system label to nodes in system node pools signaling system pods should be scheduled there. - potentialBenefits Enhanced reliability via pod isolation + potentialBenefits: Enhanced reliability via pod isolation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -47,7 +47,7 @@ recommendationMetadataState: Active longDescription: | Local Kubernetes accounts in AKS, being non-auditable and legacy, are discouraged. Microsoft Entra's integration offers centralized management, multi-factor authentication, RBAC for detailed access, and a secure, scalable authentication system compatible with Azure and external identity providers. - potentialBenefits Enhanced security & access control + potentialBenefits: Enhanced security & access control pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -70,7 +70,7 @@ recommendationMetadataState: Active longDescription: | Azure CNI enhances cluster IP and network management, allowing dynamic IP allocation, scalable subnets, direct pod-VNET connectivity, and supports diverse network policies for pods and nodes with Azure Network Policies and Calico, optimizing network efficiency and security - potentialBenefits Dynamic IP allocation, scalable subnets, direct VNET access + potentialBenefits: Dynamic IP allocation, scalable subnets, direct VNET access pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -91,7 +91,7 @@ recommendationMetadataState: Active longDescription: | The cluster auto-scaler in AKS adjusts node counts based on pod resource needs and available capacity, enabling scaling as per demand to prevent outages. - potentialBenefits Optimizes scaling & prevents outages + potentialBenefits: Optimizes scaling & prevents outages pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -116,7 +116,7 @@ recommendationMetadataState: Active longDescription: | AKS, popular for stateful apps needing backups, can now use Azure Backup to secure clusters and attached volumes through an installed Backup Extension, enabling backup and restore operations via a Backup Vault. - potentialBenefits Ensures data safety for AKS + potentialBenefits: Ensures data safety for AKS pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -137,7 +137,7 @@ recommendationMetadataState: Active longDescription: | Minor version releases bring new features and improvements. Patch releases, often weekly, focus on critical bug fixes within a minor version, including security vulnerabilities or major bugs. Unsupported Kubernetes versions may lead to unsupported clusters when seeking AKS support. - potentialBenefits Enhances features, fixes bugs, ensures support + potentialBenefits: Enhances features, fixes bugs, ensures support pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -160,7 +160,7 @@ recommendationMetadataState: Active longDescription: | ZRS ensures data replication across three zones, protecting against zonal outages. It's available for Azure Disks, Container Storage, Files, and Blob by setting the SKU to ZRS in storage classes, enhancing multi-zone AKS clusters from v1.29. - potentialBenefits Increases data durability and availability + potentialBenefits: Increases data durability and availability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -187,7 +187,7 @@ recommendationMetadataState: Active longDescription: | From Kubernetes 1.26, Azure Disk and Azure File in-tree drivers are deprecated in favor of CSI drivers. Existing deployments remain operational but untested; users should switch to CSI drivers for new features and SKUs. - potentialBenefits Ensures future compatibility + potentialBenefits: Ensures future compatibility pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -208,7 +208,7 @@ recommendationMetadataState: Active longDescription: | A ResourceQuota object sets limits on resource use per namespace, controlling the number and type of objects created, and the total compute resources available. - potentialBenefits Limits AKS resource usage per namespace + potentialBenefits: Limits AKS resource usage per namespace pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -227,7 +227,7 @@ recommendationMetadataState: Active longDescription: | To rapidly scale AKS workloads, utilize virtual nodes for quick pod provisioning, unlike Kubernetes auto-scaler. For clusters with availability zones, ensure one nodepool per AZ due to persistent volumes not working across AZs, preventing auto-scaler pod creation failures if lacking access. - potentialBenefits Faster scaling with virtual nodes + potentialBenefits: Faster scaling with virtual nodes pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -248,7 +248,7 @@ recommendationMetadataState: Active longDescription: | Production AKS clusters require the Standard tier for a financially backed SLA and enhanced node scalability, as the free service lacks these features. - potentialBenefits SLA guarantee & better scalability + potentialBenefits: SLA guarantee & better scalability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -269,7 +269,7 @@ recommendationMetadataState: Active longDescription: | Azure Monitor enables real-time health and performance insights for AKS by collecting events, capturing container logs, and gathering CPU/Memory data from the Metrics API. It allows data visualization using Azure Monitor Container Insights, Prometheus, Grafana, or others. - potentialBenefits Real-time AKS health/performance insights + potentialBenefits: Real-time AKS health/performance insights pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -288,7 +288,7 @@ recommendationMetadataState: Active longDescription: | Ephemeral OS disks on AKS offer lower read/write latency due to local attachment, eliminating the need for replication seen with managed disks. This enhances performance and speeds up cluster operations such as scaling or upgrading due to quicker re-imaging and boot times. - potentialBenefits Lower latency, faster re-imaging & booting + potentialBenefits: Lower latency, faster re-imaging & booting pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -311,7 +311,7 @@ recommendationMetadataState: Active longDescription: | Azure Policies in AKS clusters help enforce governance best practices concerning security, authentication, provisioning, networking, and more, ensuring a robust and secure environment for operations. - potentialBenefits Enhanced AKS governance & security + potentialBenefits: Enhanced AKS governance & security pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -332,7 +332,7 @@ recommendationMetadataState: Active longDescription: | GitOps, an operating model for cloud-native apps, uses Git for storing application and infrastructure code as a source of truth for continuous delivery. - potentialBenefits Ensures AKS config consistency + potentialBenefits: Ensures AKS config consistency pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -353,7 +353,7 @@ recommendationMetadataState: Active longDescription: | Configure Topology Spread Constraints to spread Pods across your cluster among failure-domains like regions, zones, nodes, and other domains for high availability and efficient resource utilization. - potentialBenefits Ensures high availability and efficient use + potentialBenefits: Ensures high availability and efficient use pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -374,7 +374,7 @@ recommendationMetadataState: Active longDescription: | AKS kubelet controller uses liveness probes to validate containers and applications health, ensuring the system knows when to restart a container based on its health status. - potentialBenefits Enhances container health monitoring + potentialBenefits: Enhances container health monitoring pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -395,7 +395,7 @@ recommendationMetadataState: Active longDescription: | Configuring ReplicaSets in Pod or Deployment manifests stabilizes the number of replica Pods, ensuring that a specified number of identical Pods are always available, thereby guaranteeing their availability. - potentialBenefits Ensures stable pod availability + potentialBenefits: Ensures stable pod availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -414,7 +414,7 @@ recommendationMetadataState: Active longDescription: | The system node pool should be configured with a minimum node count of two to ensure critical system pods are resilient to node outages. - potentialBenefits Ensures pod resilience + potentialBenefits: Ensures pod resilience pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -433,7 +433,7 @@ recommendationMetadataState: Active longDescription: | Configuring the user node pool with at least two nodes is essential for applications needing high availability, ensuring they remain operational and accessible without interruption. - potentialBenefits Ensures high app availability + potentialBenefits: Ensures high app availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -452,7 +452,7 @@ recommendationMetadataState: Active longDescription: | A Pod Disruption Budget is a Kubernetes resource configuring the minimum number or percentage of pods that should remain available during disruptions like maintenance or scaling, ensuring a minimum number of pods are always available in the cluster. - potentialBenefits Ensures cluster resiliency during disruptions + potentialBenefits: Ensures cluster resiliency during disruptions pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -473,7 +473,7 @@ recommendationMetadataState: Active longDescription: | Nodepool subnets sized for max auto-scale settings enable AKS to efficiently scale out nodes, meeting increased demand while reducing resource constraints and potential service disruptions. - potentialBenefits Efficient scaling, reduced disruptions + potentialBenefits: Efficient scaling, reduced disruptions pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -492,7 +492,7 @@ recommendationMetadataState: Active longDescription: | Enforcing namespace-level resource quotas in AKS is crucial for reliability, preventing resource exhaustion and maintaining cluster stability. It stops applications or users from monopolizing resources, avoiding degraded performance or outages for others. - potentialBenefits Prevents resource monopoly, ensures stability + potentialBenefits: Prevents resource monopoly, ensures stability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/DBforMySQL/flexibleServers/recommendations.yaml b/azure-resources/DBforMySQL/flexibleServers/recommendations.yaml index bf7384244..c3c7e1955 100644 --- a/azure-resources/DBforMySQL/flexibleServers/recommendations.yaml +++ b/azure-resources/DBforMySQL/flexibleServers/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Enable HA with zone redundancy on flexible server instances to deploy a standby replica in a different zone, offering automatic failover capability for improved reliability and disaster recovery. - potentialBenefits Enhanced uptime & data protection + potentialBenefits: Enhanced uptime & data protection pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | Use custom maintenance schedule on flexible server instances to select a preferred time for service updates to be applied. - potentialBenefits Control update timings + potentialBenefits: Control update timings pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/DBforPostgreSQL/flexibleServers/recommendations.yaml b/azure-resources/DBforPostgreSQL/flexibleServers/recommendations.yaml index 6d989628e..dd60bbdb2 100644 --- a/azure-resources/DBforPostgreSQL/flexibleServers/recommendations.yaml +++ b/azure-resources/DBforPostgreSQL/flexibleServers/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Enable HA with zone redundancy on flexible server instances to deploy a standby replica in a different zone, offering automatic failover capability for improved reliability and disaster recovery. - potentialBenefits Enhanced uptime & data protection + potentialBenefits: Enhanced uptime & data protection pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | Use custom maintenance schedule on flexible server instances to select a preferred time for service updates to be applied. - potentialBenefits Control update timings + potentialBenefits: Control update timings pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Databricks/workspaces/recommendations.yaml b/azure-resources/Databricks/workspaces/recommendations.yaml index e5f86b7d3..11edfa88d 100644 --- a/azure-resources/Databricks/workspaces/recommendations.yaml +++ b/azure-resources/Databricks/workspaces/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Databricks recommends migrating workloads to the latest or LTS version of its runtime for enhanced stability and support. If on Runtime 11.3 LTS or above, move directly to the latest 12.x version. If below, first migrate to 11.3 LTS, then to the latest 12.x version as per the migration guide. - potentialBenefits Enhanced stability & support + potentialBenefits: Enhanced stability & support pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | Databricks pools pre-provision VMs, reducing risks of provisioning errors during cluster start or scale, enhancing reliability. - potentialBenefits Reduces provisioning errors + potentialBenefits: Reduces provisioning errors pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -45,7 +45,7 @@ recommendationMetadataState: Active longDescription: | Upgrade HDDs in premium VMs to SSDs for better speed and reliability. Premium SSDs boost IO-heavy apps; Standard SSDs balance cost and performance. Ideal for critical workloads, upgrading improves connectivity with brief reboot. Consider for vital VMs - potentialBenefits Faster, reliable VM performance + potentialBenefits: Faster, reliable VM performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -64,7 +64,7 @@ recommendationMetadataState: Active longDescription: | Autoscaling adjusts cluster sizes automatically based on workload demands, offering benefits for many use cases in terms of costs and performance. It includes guidance on when and how to best utilize Autoscaling. For streaming, Delta Live Tables with autoscaling is advised. - potentialBenefits Cost & performance optimization + potentialBenefits: Cost & performance optimization pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -83,7 +83,7 @@ recommendationMetadataState: Active longDescription: | The scaling parameter of a SQL warehouse defines the min and max number of clusters for distributing queries. By default, it's set to one. Increasing the cluster count can accommodate more concurrent users effectively. - potentialBenefits Improves concurrency & efficiency + potentialBenefits: Improves concurrency & efficiency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -102,7 +102,7 @@ recommendationMetadataState: Active longDescription: | Databricks enhanced autoscaling optimizes cluster utilization by automatically allocating cluster resources based on workload volume, with minimal impact on the data processing latency of your pipelines. - potentialBenefits Optimized resource use & minimal latency + potentialBenefits: Optimized resource use & minimal latency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -123,7 +123,7 @@ recommendationMetadataState: Active longDescription: | To conserve cluster resources, you can terminate a cluster to store its configuration for future reuse or autostart jobs. Clusters can auto-terminate after inactivity, but this only tracks Spark jobs, not local processes, which might still be running even after Spark jobs end. - potentialBenefits Saves cluster resources, avoids idle use + potentialBenefits: Saves cluster resources, avoids idle use pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -142,7 +142,7 @@ recommendationMetadataState: Active longDescription: | When creating a Databricks cluster, you can set a log delivery location for the Spark driver, worker nodes, and events. Logs are delivered every 5 mins and archived hourly. Upon cluster termination, all generated logs until that point are guaranteed to be delivered. - potentialBenefits Improved troubleshooting & audit + potentialBenefits: Improved troubleshooting & audit pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -161,7 +161,7 @@ recommendationMetadataState: Active longDescription: | Delta Lake is an open source storage format enhancing data lakes' reliability with ACID transactions, schema enforcement, and scalable metadata handling. - potentialBenefits Enhances data reliability & processing + potentialBenefits: Enhances data reliability & processing pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -180,7 +180,7 @@ recommendationMetadataState: Active longDescription: | Apache Spark in Databricks Lakehouse ensures resilient distributed data processing by automatically rescheduling failed tasks, aiding in overcoming external issues like network problems or revoked VMs. - potentialBenefits Boosts speed & reliability for Spark tasks + potentialBenefits: Boosts speed & reliability for Spark tasks pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -199,7 +199,7 @@ recommendationMetadataState: Active longDescription: | Invalid or nonconforming data can crash workloads dependent on specific data formats. Best practices recommend filtering such data at ingestion to improve end-to-end resilience, ensuring no data is lost or missed. - potentialBenefits Enhanced data resilience and integrity + potentialBenefits: Enhanced data resilience and integrity pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -218,7 +218,7 @@ recommendationMetadataState: Active longDescription: | Use Databricks and MLflow for deploying models as Spark UDFs for job scheduling, retries, autoscaling. Model serving offers scalable infrastructure, processes models using MLflow, and serves them via REST API using serverless compute managed in Databricks cloud. - potentialBenefits Enhanced reliability & autoscaling + potentialBenefits: Enhanced reliability & autoscaling pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -237,7 +237,7 @@ recommendationMetadataState: Active longDescription: | Use Databricks and MLflow for deploying models as Apache Spark UDFs, benefiting from job scheduling, retries, autoscaling, etc. - potentialBenefits Enhances scalability & reliability + potentialBenefits: Enhances scalability & reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -256,7 +256,7 @@ recommendationMetadataState: Active longDescription: | Curate data by creating a layered architecture to increase data quality across layers. Start with a raw layer for ingested source data, continue with a curated layer for cleansed and refined data, and finish with a final layer catered to business needs, focusing on security and performance. - potentialBenefits Enhances data quality & trust + potentialBenefits: Enhances data quality & trust pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -275,7 +275,7 @@ recommendationMetadataState: Active longDescription: | Copying data leads to redundancy, lost integrity, lineage, and access issues, affecting lakehouse data quality. Temporary copies are useful for agility and innovation but can become problematic operational data silos, questioning data's master status and currency. - potentialBenefits Enhanced data integrity and quality + potentialBenefits: Enhanced data integrity and quality pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -294,7 +294,7 @@ recommendationMetadataState: Active longDescription: | Uncontrolled schema changes can lead to invalid data and failing jobs. Databricks validates and enforces schema through Delta Lake, which prevents bad records during ingestion, and Auto Loader, which detects new columns and supports schema evolution to maintain data integrity. - potentialBenefits Prevents invalid data & job failures + potentialBenefits: Prevents invalid data & job failures pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -313,7 +313,7 @@ recommendationMetadataState: Active longDescription: | Delta tables verify data quality automatically with SQL constraints, triggering an error for violations. Delta Live Tables enhance this by defining expectations for data quality, utilizing Python or SQL, to manage actions for record failures, ensuring data integrity and compliance. - potentialBenefits Ensures data quality and integrity + potentialBenefits: Ensures data quality and integrity pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -332,7 +332,7 @@ recommendationMetadataState: Active longDescription: | To recover from a failure, regular backups are needed. The Databricks Labs project migrate lets admins create backups by exporting workspace assets using the Databricks CLI/API. These backups help in restoring or migrating workspaces. - potentialBenefits Ensures data recovery & migration + potentialBenefits: Ensures data recovery & migration pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -351,7 +351,7 @@ recommendationMetadataState: Active longDescription: | Structured Streaming ensures fault-tolerance and data consistency in streaming queries. With Azure Databricks workflows, you can set up your queries to automatically restart after failure, picking up precisely where they left off. - potentialBenefits Fault-tolerance & auto-restart for queries + potentialBenefits: Fault-tolerance & auto-restart for queries pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -370,7 +370,7 @@ recommendationMetadataState: Active longDescription: | Despite thorough testing, a production job can fail or yield unexpected data. Sometimes, repairs are done by adding jobs post-issue identification and pipeline correction. - potentialBenefits Easy rollback and fix for ETL jobs + potentialBenefits: Easy rollback and fix for ETL jobs pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -389,7 +389,7 @@ recommendationMetadataState: Active longDescription: | Databricks Workflows enable efficient error recovery in multi-task jobs by offering a matrix view for issue examination. Fixes can be applied to initiate repair runs targeting only failed and dependent tasks, preserving successful outcomes and thereby saving time and money. - potentialBenefits Saves time and money with smart recovery + potentialBenefits: Saves time and money with smart recovery pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -408,7 +408,7 @@ recommendationMetadataState: Active longDescription: | Implementing a disaster recovery pattern is vital for Azure Databricks, a cloud-native data analytics platform, ensuring data teams' access even during rare regional outages caused by disasters like hurricanes or earthquakes. - potentialBenefits Ensures service continuity during disasters + potentialBenefits: Ensures service continuity during disasters pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -427,7 +427,7 @@ recommendationMetadataState: Active longDescription: | The Databricks Terraform provider manages Azure Databricks workspaces and cloud infrastructure flexibly and powerfully. - potentialBenefits Efficient, reliable automation + potentialBenefits: Efficient, reliable automation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -446,7 +446,7 @@ recommendationMetadataState: Active longDescription: | The Databricks Terraform provider is a flexible, powerful tool for managing Azure Databricks workspaces and cloud infrastructure. - potentialBenefits Enhanced reliability & automation + potentialBenefits: Enhanced reliability & automation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -465,7 +465,7 @@ recommendationMetadataState: Active longDescription: | Customers often naturally divide workspaces by teams or departments. However, it's crucial to also consider Azure Subscription and ADB Workspace limits when partitioning. - potentialBenefits Enhanced limits management, team separation + potentialBenefits: Enhanced limits management, team separation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -484,7 +484,7 @@ recommendationMetadataState: Active longDescription: | Deploying only one Databricks Workspace per VNet aligns with ADB's isolation model. - potentialBenefits Enhanced security & resource isolation + potentialBenefits: Enhanced security & resource isolation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -503,7 +503,7 @@ recommendationMetadataState: Active longDescription: | Driven by security and data availability concerns, each Azure Databricks Workspace comes with a default DBFS designed for system-level artifacts like libraries and Init scripts, not for production data. - potentialBenefits Enhanced security, data protection + potentialBenefits: Enhanced security, data protection pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -522,7 +522,7 @@ recommendationMetadataState: Active longDescription: | Azure Spot VMs are not suitable for critical production workloads needing high availability and reliability. They are meant for fault-tolerant tasks and can be evicted with 30-seconds notice if Azure needs the capacity, with no SLA guarantees. - potentialBenefits Ensures high reliability for production + potentialBenefits: Ensures high reliability for production pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -541,7 +541,7 @@ recommendationMetadataState: Active longDescription: | Azure Databricks transitioned from a shared to dedicated in-region control planes to prevent regional outages affecting customer workspaces. Legacy workspaces, established before this change, differ from newer workspaces that utilize in-region control planes. - potentialBenefits Improves resilience and data sovereignty + potentialBenefits: Improves resilience and data sovereignty pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -564,7 +564,7 @@ recommendationMetadataState: Active longDescription: | Azure Databricks planning should include VM SKU swap strategies for capacity issues. VMs are regional, and allocation failures may occur, shown by a "CLOUD PROVIDER" error. - potentialBenefits Ensures service availability + potentialBenefits: Ensures service availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/DesktopVirtualization/hostPools/recommendations.yaml b/azure-resources/DesktopVirtualization/hostPools/recommendations.yaml index 736d6affd..3749b8646 100644 --- a/azure-resources/DesktopVirtualization/hostPools/recommendations.yaml +++ b/azure-resources/DesktopVirtualization/hostPools/recommendations.yaml @@ -9,7 +9,7 @@ At least one Validation Pool to have early warning if a planned update to AVD causes an issue. Also check that the host pool has been used regularly to test planned updates. Host pools are a collection of one or more identical virtual machines within Azure Virtual Desktop environment. We highly recommend you create a validation host pool where service updates are applied first. Validation host pools let you monitor service updates before the service applies them to your standard or non-validation environment. Without a validation host pool, you may not discover changes that introduce errors, which could result in downtime for users in your standard environment. To ensure your apps work with the latest updates, the validation host pool should be as similar to host pools in your non-validation environment as possible. Users should connect as frequently to the validation host pool as they do to the standard host pool. If you have automated testing on your host pool, you should include automated testing on the validation host pool. - potentialBenefits Early issue detection & testing for AVD updates + potentialBenefits: Early issue detection & testing for AVD updates pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -29,7 +29,7 @@ To ensure your apps work with the latest updates, the validation host pool shoul longDescription: | Ensure schedules have been created to provide maintenance windows for AVD agent updates. The Scheduled Agent Updates feature lets you create up to two maintenance windows for the Azure Virtual Desktop agent, side-by-side stack, and Geneva Monitoring agent to get updated so that updates don't happen during peak business hours. - potentialBenefits Minimizes disruptions, ensures updates + potentialBenefits: Minimizes disruptions, ensures updates pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -51,7 +51,7 @@ At least one Validation Pool to have early warning if a planned update to AVD ca Also check that the host pool has been used regularly to test planned updates. Host pools are a collection of one or more identical virtual machines within Azure Virtual Desktop environment. We highly recommend you create a validation host pool where service updates are applied first. Validation host pools let you monitor service updates before the service applies them to your standard or non-validation environment. Without a validation host pool, you may not discover changes that introduce errors, which could result in downtime for users in your standard environment. To ensure your apps work with the latest updates, the validation host pool should be as similar to host pools in your non-validation environment as possible. Users should connect as frequently to the validation host pool as they do to the standard host pool. If you have automated testing on your host pool, you should include automated testing on the validation host pool. - potentialBenefits Early detection of update issues. + potentialBenefits: Early detection of update issues. pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -70,7 +70,7 @@ To ensure your apps work with the latest updates, the validation host pool shoul recommendationMetadataState: Active longDescription: | Private Link is available for other Azure services that work in conjunction with Azure Virtual Desktop, such as Azure Files and Key Vault. From a resiliency standpoint, we recommending implementing private endpoints for these services to reduce exposure to potential internet-related issues such as latency, packet loss, and/or downtime. This can lead to more reliable communication between AVD and dependent services. - potentialBenefits Enhances AVD reliability + potentialBenefits: Enhances AVD reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -91,7 +91,7 @@ To ensure your apps work with the latest updates, the validation host pool shoul recommendationMetadataState: Active longDescription: | AVD Insights is an Azure Workbook template provided by the AVD product team. It is highly recommended in order to monitor and troubleshoot AVD workloads across metrics, logs, events, and more. Both Production and DR workloads should be enabled with AVD Insights. - potentialBenefits Enhanced AVD monitoring & troubleshooting + potentialBenefits: Enhanced AVD monitoring & troubleshooting pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -110,7 +110,7 @@ To ensure your apps work with the latest updates, the validation host pool shoul recommendationMetadataState: Active longDescription: | To ensure continuous availability and disaster recovery readiness, it is recommended to provision a secondary Key Vault in a secondary region. In the event of a primary region failure, this secondary Key Vault will ensure that critical secrets are accessible for use in deployments in the secondary region. - potentialBenefits Ensures DR readiness and access + potentialBenefits: Ensures DR readiness and access pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -130,7 +130,7 @@ To ensure your apps work with the latest updates, the validation host pool shoul longDescription: | NSG and ASG per AVD persona and IP space per Prod/DR regions. It's important your organization plans for IP addressing in Azure. Planning ensures the IP address space doesn't overlap across on-premises locations and Azure regions. Overlapping IP address spaces across on-premises and Azure regions create major contention challenges. - potentialBenefits Enhances security & prevents IP conflicts + potentialBenefits: Enhances security & prevents IP conflicts pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -149,7 +149,7 @@ It's important your organization plans for IP addressing in Azure. Planning ensu recommendationMetadataState: Active longDescription: | For high availability connections back to on-premises datacenters should consider backup paths across the regions that have been utilized. Ensure redundancy in routing by having a secondary route table in the secondary region. - potentialBenefits Enhanced availability & routing + potentialBenefits: Enhanced availability & routing pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -170,7 +170,7 @@ It's important your organization plans for IP addressing in Azure. Planning ensu App Attach packages should be on a separate share from profiles. And App Attach files should be backed up. Best practice is to separate App Attach VHD files in a separate file share away from user profiles, both for performance and scalability purposes. Requirements can vary greatly depending on how many packaged applications are stored in an image, and you need to test your applications to understand your requirements. Your file share should be in the same Azure region as your session hosts. - potentialBenefits Enhances performance & scalability + potentialBenefits: Enhances performance & scalability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -190,7 +190,7 @@ Your file share should be in the same Azure region as your session hosts. longDescription: | Turn on Continuous Availability if using Azure Netapp Files. Verify the number of users connecting to each file share to make sure the SMB path can handle the number of file connections. Currently, Azure Files supports up to 10k handles per root directory. - potentialBenefits Enhanced stability & user limit checks + potentialBenefits: Enhanced stability & user limit checks pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -209,7 +209,7 @@ Verify the number of users connecting to each file share to make sure the SMB pa recommendationMetadataState: Active longDescription: | Ensure a process is in place to regularly check for FSLogix agent upgrades and maintain FSLogix up to date. We recommend customers upgrade to the latest version of FSLogix as quickly as their deployment process can allow. FSLogix will provide hotfix releases which address current and potential bugs that impact customer deployments. Additionally, it is the first requirement when opening any support case. - potentialBenefits Enhanced reliability & support + potentialBenefits: Enhanced reliability & support pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -228,7 +228,7 @@ Verify the number of users connecting to each file share to make sure the SMB pa recommendationMetadataState: Active longDescription: | Regularly review FSLogix logs for errors and issues related to login and mounting the profile. Events can be reviewed by looking locally inside the Session Host and also in Log Analytics when the Azure Monitor Agent is used. - potentialBenefits Enhanced AVD error tracking and resolution + potentialBenefits: Enhanced AVD error tracking and resolution pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -247,7 +247,7 @@ Verify the number of users connecting to each file share to make sure the SMB pa recommendationMetadataState: Active longDescription: | Verify user permissions are correctly set on SMB shares so that users have appropriate access to only their own profile and not other user profiles, while administrators have full access at the root volume. Also ensure secondary storage path permissions are set in case of a DR event. - potentialBenefits Enhanced security & disaster recovery + potentialBenefits: Enhanced security & disaster recovery pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -266,7 +266,7 @@ Verify the number of users connecting to each file share to make sure the SMB pa recommendationMetadataState: Active longDescription: | Ensure all session hosts have the standard FSLogix configuration deployed. Regularly validate settings for consistency and alignment with best practices. - potentialBenefits Optimized session reliability and performance + potentialBenefits: Optimized session reliability and performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -286,7 +286,7 @@ Verify the number of users connecting to each file share to make sure the SMB pa longDescription: | Hybrid VMs should be in a unique OU. When using AD-joined session hosts will benefit from using a unique OU to target specific AVD configurations per hostpool. Examples include Fslogix, time out limits, session controls, and much more. It�s also important to segment Prod and DR organization units to ensure resources are configured per environment. - potentialBenefits Improved AVD hostpool config & segmentation + potentialBenefits: Improved AVD hostpool config & segmentation pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -305,7 +305,7 @@ When using AD-joined session hosts will benefit from using a unique OU to target recommendationMetadataState: Active longDescription: | Leverage Azure Site Recovery (ASR) or implement Azure Backup for personal host pools for seamless failover and failback capabilities, enabling the replication of VMs supporting personal desktops to a secondary Azure region. In the event of a disaster or unexpected outage, this ensures the recovery of these VMs from a known-state. - potentialBenefits Ensures VM recovery & failover + potentialBenefits: Ensures VM recovery & failover pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -325,7 +325,7 @@ When using AD-joined session hosts will benefit from using a unique OU to target longDescription: | Establish a systematic process for handling image updates within your Azure Virtual Desktop environment. Instead of directly updating individual session hosts, create a new version of the updated image. This process involves creating and configuring a golden image with the necessary updates and configurations. Once the new image is prepared, replace existing session hosts with instances using the updated image. This approach ensures consistency across all session hosts and minimizes the risk of configuration drift. Additionally, it enables quick rollback to a previous image version in case of any issues with the update. Implementing this process helps streamline maintenance activities and ensures that all session hosts are up-to-date with the latest configurations and updates. has context menu - potentialBenefits Ensures consistency; minimizes drift + potentialBenefits: Ensures consistency; minimizes drift pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -346,7 +346,7 @@ has context menu Use Service Health to stay informed about the health of the Azure services and regions that you use to insure their availability. Set up Service Health alerts so that you stay aware of service issues, planned maintenance, or other changes that might affect your Azure Virtual Desktop resources. Use Resource Health to monitor your VMs and storage solutions. - potentialBenefits Enhanced AVD uptime and awareness + potentialBenefits: Enhanced AVD uptime and awareness pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -366,7 +366,7 @@ Use Resource Health to monitor your VMs and storage solutions. longDescription: | When using an AD DS identity solution with AVD, it is recommended to deploy domain controllers and DNS servers on Azure virtual machines across availability zones. This improves the environment�s reliability by removing a dependency on an on-premises service and improves performance by creating a shorter path for user authentication. This recommendation is not relevant when you are utilizing Microsoft Entra as the identity provider. - potentialBenefits Enhanced reliability and performance + potentialBenefits: Enhanced reliability and performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -385,7 +385,7 @@ This recommendation is not relevant when you are utilizing Microsoft Entra as th recommendationMetadataState: Active longDescription: | It is recommended to enable RDP Shortpath for AVD. RDP Shortpath is a feature of Azure Virtual Desktop that establishes a direct UDP-based transport between a supported Windows Remote Desktop client and session host. By default, Remote Desktop Protocol (RDP) tries to establish connection using UDP and uses a TCP-based reverse connect transport as a fallback connection mechanism. TCP-based reverse connect transport provides the best compatibility with various networking configurations and has a high success rate for establishing RDP connections. UDP-based transport offers better connection reliability and more consistent latency. - potentialBenefits Better reliability & consistent latency + potentialBenefits: Better reliability & consistent latency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -404,7 +404,7 @@ This recommendation is not relevant when you are utilizing Microsoft Entra as th recommendationMetadataState: Active longDescription: | It is recommended to adopt a multi-region deployment (active-active) for AVD. Each region should contain at least identity, name resolution, AVD management resources, and session hosts in case of a primary region outage. - potentialBenefits Enhanced resilience & uptime + potentialBenefits: Enhanced resilience & uptime pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -425,7 +425,7 @@ This recommendation is not relevant when you are utilizing Microsoft Entra as th recommendationMetadataState: Active longDescription: | If a full BCDR strategy is not in place, consider using zone-redundant storage to store golden images across availability zones. Having the image available will allow for faster recovery in case of zonal or regional outage. - potentialBenefits Faster recovery from outages + potentialBenefits: Faster recovery from outages pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -448,7 +448,7 @@ This recommendation is not relevant when you are utilizing Microsoft Entra as th Monitor and plan for subscription limits and API throttling limits. Closely monitor your Azure Virtual Desktop deployments, and keep track of resource usage within your subscription. By proactively monitoring capacity, you can identify potential challenges early on, and you can take suitable actions to avoid reaching limits. Consider scaling across multiple subscriptions if further scaling is required, or work with Azure support to adjust limits based on your business requirements. To handle a large number of users, consider scaling horizontally by creating multiple host pools. - potentialBenefits Avoids limits, ensures smooth scaling + potentialBenefits: Avoids limits, ensures smooth scaling pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -469,7 +469,7 @@ To handle a large number of users, consider scaling horizontally by creating mul recommendationMetadataState: Active longDescription: | Having separate Log Analytics ensures that your DR environment is fully operational for visibility of the metrics, performance, and other auditing tools your workload teams will rely on in the event of an incident. - potentialBenefits Improved DR visibility & operation + potentialBenefits: Improved DR visibility & operation pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -495,7 +495,7 @@ LRS for least expensive replication (not recommended for apps with high availabi - GZRS provides both high availability and redundancy across geo replication. It provides sixteen 9s durability over a given year. Generally, it is recommended to store your data as secure and redundant as possible. - potentialBenefits Improves data durability & availability + potentialBenefits: Improves data durability & availability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -514,7 +514,7 @@ Generally, it is recommended to store your data as secure and redundant as possi recommendationMetadataState: Active longDescription: | Each region has its own scaling plans assigned to host pools within that region. However, these plans can become inaccessible if there's a regional failure. To mitigate this risk, it's advisable to create a secondary scaling plan in another region. - potentialBenefits Enhances reliability across failures + potentialBenefits: Enhances reliability across failures pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -533,7 +533,7 @@ Generally, it is recommended to store your data as secure and redundant as possi recommendationMetadataState: Active longDescription: | Ensure that AVD session hosts can effectively communicate with the AVD control plane and that UDP ports are open if UDP is utilized. Validate the connectivity of VMs to the AVD Control Plane and confirm the accessibility of UDP TURN ports. Whitelist global URLs and ensure that UDP/TURN ports are open and accessible to facilitate smooth user connections. Proper connectivity validation guarantees optimal performance and user experience within the AVD environment. - potentialBenefits Enhanced performance & user experience + potentialBenefits: Enhanced performance & user experience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -553,7 +553,7 @@ Generally, it is recommended to store your data as secure and redundant as possi longDescription: | Hybrid - Entra ID Connect best to run in Azure but can be hosted on-prem. Secondary or more VMs should be setup in staging mode in event of failover. Set up secondary server in staging mode for Entra Connect for syncing to Entra in case of primary server outage. - potentialBenefits Improved failover reliability + potentialBenefits: Improved failover reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -573,7 +573,7 @@ Set up secondary server in staging mode for Entra Connect for syncing to Entra i longDescription: | Ensure each region with session hosts has multiple domain controllers in the same region to support high availability with regards to identity. For a hybrid scenario, each Azure region with AVD session hosts should have Active Directory Domain Controllers in Azure and use Availability Zones or Availability Sets for resilience within the region. This also mitigates dependency on ER/VPN/Inter-Azure dependencies. - potentialBenefits Enhanced identity resilience + potentialBenefits: Enhanced identity resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -592,7 +592,7 @@ For a hybrid scenario, each Azure region with AVD session hosts should have Acti recommendationMetadataState: Active longDescription: | Active Directory Domain Services (AD DS) integrated DNS/other should target Secondary/Tertiary customer DNS across multi-region zones. If using custom DNS, ensure there are redundant DNS servers to avoid a single point of failure. - potentialBenefits Improves uptime & resilience + potentialBenefits: Improves uptime & resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -611,7 +611,7 @@ For a hybrid scenario, each Azure region with AVD session hosts should have Acti recommendationMetadataState: Active longDescription: | It is recommended to enable backup on the FSLogix Storage Account. Ensuring the user profiles are resilient will allow user data and experience to be consistent through outages. - potentialBenefits Ensures data resilience and consistency + potentialBenefits: Ensures data resilience and consistency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -632,7 +632,7 @@ For a hybrid scenario, each Azure region with AVD session hosts should have Acti recommendationMetadataState: Active longDescription: | Follow AVD Landing Zone best practices using multiple resource groups based on resource type and associated shared resources for AVD workloads. - potentialBenefits Enhanced organization & scalability + potentialBenefits: Enhanced organization & scalability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Devices/IotHubs/recommendations.yaml b/azure-resources/Devices/IotHubs/recommendations.yaml index d11245756..aaa720a1d 100644 --- a/azure-resources/Devices/IotHubs/recommendations.yaml +++ b/azure-resources/Devices/IotHubs/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Device Identities should be copied to the failover region IoT-Hub for all IoT devices to ensure connectivity in case of a failover. Manual Failover to another region is quicker (RTO), suitable for mission critical workloads. - potentialBenefits Faster failover; Ensures device connectivity + potentialBenefits: Faster failover; Ensures device connectivity pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -28,7 +28,7 @@ recommendationMetadataState: Active longDescription: | In a production scenario, the IoT Hub tier should not be Free because the Free tier does not provide the necessary Service Level Agreement. - potentialBenefits Ensures SLA for production + potentialBenefits: Ensures SLA for production pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -47,7 +47,7 @@ recommendationMetadataState: Active longDescription: | In regions supporting Availability Zones for IoT Hub, using these zones boosts availability. They're automatically activated for new IoT Hubs in supported areas. - potentialBenefits Boosts IoT Hub availability + potentialBenefits: Boosts IoT Hub availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -66,7 +66,7 @@ recommendationMetadataState: Active longDescription: | Device Provisioning Service (DPS) enables easy redistribution of IoT devices for scaling and availability, allowing devices to be reassigned and not bound to specific IoT Hub instances. Devices in IoT Hubs using DPS should be verified for DPS utilization. - potentialBenefits Enhances scalability & availability + potentialBenefits: Enhances scalability & availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -89,7 +89,7 @@ recommendationMetadataState: Active longDescription: | In case of a regional failure, an IoT Hub can failover to a second region, automatically or manually, to ensure your application continues working. - potentialBenefits Ensures business continuity + potentialBenefits: Ensures business continuity pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -108,7 +108,7 @@ recommendationMetadataState: Active longDescription: | Using message routing for custom endpoints in IoT Hub, messages might not reach these destinations if specific conditions are unmet. A default route ensures all messages are received, but disabling this safety net risks leaving some messages undelivered. - potentialBenefits Prevents undelivered messages + potentialBenefits: Prevents undelivered messages pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/DocumentDB/databaseAccounts/recommendations.yaml b/azure-resources/DocumentDB/databaseAccounts/recommendations.yaml index e62e54f14..bfcf408f9 100644 --- a/azure-resources/DocumentDB/databaseAccounts/recommendations.yaml +++ b/azure-resources/DocumentDB/databaseAccounts/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Azure leverages a multi-tier isolation approach (rack, DC, zone, region) for Cosmos DB's default resilience with four replicas. - potentialBenefits Enhances SLA & resilience + potentialBenefits: Enhances SLA & resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -28,7 +28,7 @@ recommendationMetadataState: Active longDescription: | Cosmos DB boasts high uptime and resiliency. Even so, issues may arise. With Service-Managed failover, if a region is down, Cosmos DB automatically switches to the next available region, requiring no user action. - potentialBenefits Auto failover for high uptime + potentialBenefits: Auto failover for high uptime pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -47,7 +47,7 @@ recommendationMetadataState: Active longDescription: | Multi-region write capability allows for designing applications that are highly available across multiple regions, though it demands careful attention to consistency requirements and conflict resolution. Improper setup may decrease availability and cause data corruption due to unhandled conflicts. - potentialBenefits Enhances high availability + potentialBenefits: Enhances high availability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -68,7 +68,7 @@ recommendationMetadataState: Active longDescription: | In a globally distributed database, consistency level impacts data durability in region-wide outages. For business continuity, gauge data loss tolerance post-disruption. - potentialBenefits Enhances data durability & recovery + potentialBenefits: Enhances data durability & recovery pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -87,7 +87,7 @@ recommendationMetadataState: Active longDescription: | Cosmos DB's backup is always on, offering protection against data mishaps. Continuous mode allows for self-serve restoration to a pre-mishap point, unlike periodic mode which requires contacting Microsoft support, leading to longer restore times. - potentialBenefits Faster self-serve data restore + potentialBenefits: Faster self-serve data restore pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -106,7 +106,7 @@ recommendationMetadataState: Active longDescription: | Cosmos DB has a 4 MB response limit, leading to paginated results for large or partition-spanning queries. Each page shows availability and provides a continuation token for the next. A while loop in code is necessary to traverse all pages until completion. - potentialBenefits Maximizes data retrieval efficiency + potentialBenefits: Maximizes data retrieval efficiency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -125,7 +125,7 @@ recommendationMetadataState: Active longDescription: | Establishing and maintaining database connections is costly. Using a single instance of the SDK client for each account and application is crucial as connections are tied to the client. Compute environments have a limit on open connections, affecting connectivity when exceeded. - potentialBenefits Reduces costs & prevents connectivity issues + potentialBenefits: Reduces costs & prevents connectivity issues pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -144,7 +144,7 @@ recommendationMetadataState: Active longDescription: | Cosmos DB SDKs automatically manage many transient errors through retries. Despite this, it's crucial for applications to implement additional retry policies targeting specific cases that the SDKs can't generically address, ensuring more robust error handling. - potentialBenefits Enhances error handling resilience + potentialBenefits: Enhances error handling resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -163,7 +163,7 @@ recommendationMetadataState: Active longDescription: | Monitoring the availability and responsiveness of Azure Cosmos DB resources and having alerts set up for your workload is a good practice. This ensures you stay proactive in handling unforeseen events. - potentialBenefits Proactive issue management + potentialBenefits: Proactive issue management pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/EventGrid/topics/recommendations.yaml b/azure-resources/EventGrid/topics/recommendations.yaml index 598dbbb1b..b4d794de0 100644 --- a/azure-resources/EventGrid/topics/recommendations.yaml +++ b/azure-resources/EventGrid/topics/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Enabling diagnostic settings on Azure Event Grid resources like custom topics, system topics, and domains lets you capture and view diagnostic information to troubleshoot failures effectively. - potentialBenefits Enhanced troubleshooting for Event Grid + potentialBenefits: Enhanced troubleshooting for Event Grid pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | Event Grid may not deliver an event within a specific time or after several attempts, leading to dead-lettering where undelivered events are sent to a storage account. - potentialBenefits Saves undelivered events + potentialBenefits: Saves undelivered events pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -45,7 +45,7 @@ recommendationMetadataState: Active longDescription: | Use private endpoints for secure event ingress to custom topics/domains via a private link, avoiding the public internet. It employs an IP from the VNet space for your topic/domain. - potentialBenefits Secure, private VNet ingress + potentialBenefits: Secure, private VNet ingress pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/EventHub/namespaces/recommendations.yaml b/azure-resources/EventHub/namespaces/recommendations.yaml index f6893d1a4..44392db53 100644 --- a/azure-resources/EventHub/namespaces/recommendations.yaml +++ b/azure-resources/EventHub/namespaces/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Event Hubs leverages Availability Zones to offer fault-isolated locations within an Azure region, ensuring support in regions with availability zones. It ensures both metadata and events are replicated across data centers within the availability zone. - potentialBenefits Enhanced fault tolerance for Event Hub + potentialBenefits: Enhanced fault tolerance for Event Hub pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | Enable auto-inflate on Event Hub Standard tier namespaces to automatically scale up TUs, meeting usage needs and preventing data ingress or egress throttle scenarios by adjusting to allowed rates. - potentialBenefits Prevents throttling by autoscaling TUs + potentialBenefits: Prevents throttling by autoscaling TUs pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Insights/activityLogAlerts/recommendations.yaml b/azure-resources/Insights/activityLogAlerts/recommendations.yaml index a4eec536a..2f28cb753 100644 --- a/azure-resources/Insights/activityLogAlerts/recommendations.yaml +++ b/azure-resources/Insights/activityLogAlerts/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Configure Resource Health Alerts for all applicable resources to stay informed about the current and historical health status of your Azure resources. They notify you when these resources have a change in their health status. - potentialBenefits Stay informed on resource status + potentialBenefits: Stay informed on resource status pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -30,7 +30,7 @@ recommendationMetadataState: Active longDescription: | Service health gives a personalized health view of Azure services and regions used, offering the best place for notifications on outages, planned maintenance, and health advisories by knowing the services used. - potentialBenefits Proactive outage & maintenance alerts + potentialBenefits: Proactive outage & maintenance alerts pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Insights/components/recommendations.yaml b/azure-resources/Insights/components/recommendations.yaml index c445cdee6..4d4e07c86 100644 --- a/azure-resources/Insights/components/recommendations.yaml +++ b/azure-resources/Insights/components/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Classic Application Insights retires in February 2024. To minimize disruption to existing application monitoring scenarios, transition to workspace-based Application Insights before 29 February 2024. - potentialBenefits Avoid service disruption post-Feb 2024 + potentialBenefits: Avoid service disruption post-Feb 2024 pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/KeyVault/vaults/recommendations.yaml b/azure-resources/KeyVault/vaults/recommendations.yaml index e5faec51f..b190274aa 100644 --- a/azure-resources/KeyVault/vaults/recommendations.yaml +++ b/azure-resources/KeyVault/vaults/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Key Vault's soft-delete feature enables recovery of deleted vaults and objects like keys, secrets, and certificates. When enabled, marked resources are retained for 90 days, allowing for their recovery, essentially undoing deletion. - potentialBenefits Enables recovery of deleted items + potentialBenefits: Enables recovery of deleted items pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | Purge protection secures against malicious deletions by enforcing a retention period for soft deleted key vaults, ensuring no one, not even insiders or Microsoft, can purge your key vaults during this period, preventing permanent data loss. - potentialBenefits Protects from insider attacks, avoids data loss + potentialBenefits: Protects from insider attacks, avoids data loss pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -45,7 +45,7 @@ recommendationMetadataState: Active longDescription: | Azure Private Link Service lets you securely and privately connect to Azure Key Vault via a Private Endpoint in your VNet, using a private IP and eliminating public Internet exposure. - potentialBenefits Secure Key Vault with Private Link + potentialBenefits: Secure Key Vault with Private Link pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -64,7 +64,7 @@ recommendationMetadataState: Active longDescription: | Key vaults are security boundaries for secret storage. Grouping secrets together increases risk during a security event, as attacks could access multiple secrets. - potentialBenefits Enhanced security, Reduced risk + potentialBenefits: Enhanced security, Reduced risk pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -83,7 +83,7 @@ recommendationMetadataState: Active longDescription: | Enable logs, set up alerts, and adhere to retention requirements for improved monitoring and security of Key Vault access, detailing the frequency and identity of users. - potentialBenefits Enhanced monitoring & security compliance + potentialBenefits: Enhanced monitoring & security compliance pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/NetApp/netAppAccounts/recommendations.yaml b/azure-resources/NetApp/netAppAccounts/recommendations.yaml index 05c8b2659..d22326564 100644 --- a/azure-resources/NetApp/netAppAccounts/recommendations.yaml +++ b/azure-resources/NetApp/netAppAccounts/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Service levels, part of capacity pool attributes, determine the maximum throughput per volume quota in Azure NetApp Files. It combines read and write speed, offering three levels: Standard (16 MiB/s per 1TiB), Premium (64 MiB/s per 1TiB), and Ultra (128 MiB/s per 1TiB) throughput. - potentialBenefits Optimized performance & cost efficiency + potentialBenefits: Optimized performance & cost efficiency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | Standard network feature in Azure NetApp Files enhances IP limits and VNet capabilities, including network security groups, user-defined routes on subnets, and diverse connectivity options. - potentialBenefits Enhanced connectivity & security + potentialBenefits: Enhanced connectivity & security pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -45,7 +45,7 @@ recommendationMetadataState: Active longDescription: | Azure availability zones are distinct locations within each Azure region designed to withstand local failures through redundancy and logical isolation, improving service resiliency with at least three zones in enabled regions. - potentialBenefits Enhances disaster recovery + potentialBenefits: Enhances disaster recovery pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -64,7 +64,7 @@ recommendationMetadataState: Active longDescription: | Azure NetApp Files snapshot technology ensures stability, scalability, and swift data recoverability without affecting performance. It supports automatic snapshot creation via policies for Azure NetApp Files data. - potentialBenefits Stable, scalable, swift recovery, no perf impact + potentialBenefits: Stable, scalable, swift recovery, no perf impact pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -83,7 +83,7 @@ recommendationMetadataState: Active longDescription: | Azure NetApp Files offers a fully managed backup solution enhancing long-term recovery, archiving, and compliance. - potentialBenefits Enhances data recovery & compliance + potentialBenefits: Enhances data recovery & compliance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -102,7 +102,7 @@ recommendationMetadataState: Active longDescription: | Azure NetApp Files replication offers data protection by allowing asynchronous cross-region volume replication for application failover in case of regional outages. Volumes can be replicated across regions, not concurrently with cross-zone replication. - potentialBenefits Enhanced data protection & disaster recovery + potentialBenefits: Enhanced data protection & disaster recovery pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -121,7 +121,7 @@ recommendationMetadataState: Active longDescription: | The cross-zone replication (CZR) feature enables asynchronous data replication between Azure NetApp Files volumes across different availability zones, ensuring data protection and critical application failover in case of zone-wide disasters. - potentialBenefits Enhances disaster recovery + potentialBenefits: Enhances disaster recovery pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -140,7 +140,7 @@ recommendationMetadataState: Active longDescription: | Azure NetApp Files offers metrics like allocated storage, actual usage, volume IOPS, and latency, enabling a better understanding of usage patterns and volume performance for NetApp accounts. - potentialBenefits Optimize usage & performance + potentialBenefits: Optimize usage & performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -159,7 +159,7 @@ recommendationMetadataState: Active longDescription: | Azure NetApp Files supports Azure policy integration using either built-in policy definitions or by creating custom ones to maintain organizational standards and compliance. - potentialBenefits Enforce standards & assess compliance + potentialBenefits: Enforce standards & assess compliance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -180,7 +180,7 @@ recommendationMetadataState: Active longDescription: | Access to the delegated subnet should be limited to specific Azure Virtual Networks. SMB-enabled volumes' share permissions should move away from 'Everyone/Full control'. NFS-enabled volumes' access needs to be controlled via export policies and/or NFSv4.1 ACLs. - potentialBenefits Enhanced security, Reduced data breach risk + potentialBenefits: Enhanced security, Reduced data breach risk pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -207,7 +207,7 @@ recommendationMetadataState: Active longDescription: | Certain SMB applications need SMB Transparent Failover for maintenance without interrupting server connectivity. Azure NetApp Files provides this through SMB Continuous Availability for applications like Citrix App Layering, FSLogix user/profile containers, Microsoft SQL Server, MSIX app attach. - potentialBenefits Zero downtime for SMB apps + potentialBenefits: Zero downtime for SMB apps pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -226,7 +226,7 @@ recommendationMetadataState: Active longDescription: | Azure NetApp Files might undergo occasional planned maintenance such as platform updates or service and software upgrades. It's important to be aware of the application's resiliency settings to cope with these storage service maintenance events. - potentialBenefits Minimizes downtime during maintenance + potentialBenefits: Minimizes downtime during maintenance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Network/FrontDoorWebApplicationFirewallPolicies/recommendations.yaml b/azure-resources/Network/FrontDoorWebApplicationFirewallPolicies/recommendations.yaml index 21dbab81e..c24614520 100644 --- a/azure-resources/Network/FrontDoorWebApplicationFirewallPolicies/recommendations.yaml +++ b/azure-resources/Network/FrontDoorWebApplicationFirewallPolicies/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | WAF may mistakenly block legitimate requests (false positives). These can be identified by examining the last 24 hours of blocked requests in Log Analytics. - potentialBenefits Reduces false positives, improves access + potentialBenefits: Reduces false positives, improves access pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -32,7 +32,7 @@ recommendationMetadataState: Active longDescription: | WAF may block legitimate requests as false positives. Identifying blocked requests within the last 24 hours through Log Analytics can help manage and mitigate these incorrect blockages efficiently. - potentialBenefits Improve false positive identification + potentialBenefits: Improve false positive identification pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -53,7 +53,7 @@ recommendationMetadataState: Active longDescription: | Monitoring the health of your Web Application Firewall and the applications it protects is crucial. This can be achieved through integration with Microsoft Defender for Cloud, Azure Monitor, and Azure Monitor logs, ensuring optimal performance and security. - potentialBenefits Enhanced security & health insight + potentialBenefits: Enhanced security & health insight pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Network/applicationGateways/recommendations.yaml b/azure-resources/Network/applicationGateways/recommendations.yaml index 7a471976d..8a7a6520d 100644 --- a/azure-resources/Network/applicationGateways/recommendations.yaml +++ b/azure-resources/Network/applicationGateways/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Azure Application Gateways v2 are deployed highly available with multiple instances by default. - potentialBenefits Enhances uptime & enables autoscaling + potentialBenefits: Enhances uptime & enables autoscaling pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | Secure all incoming connections using HTTPS for production services with end-to-end SSL/TLS or SSL/TLS termination at the Application Gateway to protect against attacks and ensure data remains private and encrypted between the web server and browsers. - potentialBenefits Enhanced security & privacy + potentialBenefits: Enhanced security & privacy pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -53,7 +53,7 @@ recommendationMetadataState: Active longDescription: | Use Application Gateway with Web Application Firewall (WAF) in an application virtual network to safeguard inbound HTTP/S internet traffic. WAF offers centralized defense against potential exploits through OWASP core rule sets-based rules. - potentialBenefits Enhanced security for HTTP/S traffic + potentialBenefits: Enhanced security for HTTP/S traffic pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -74,7 +74,7 @@ recommendationMetadataState: Active longDescription: | Use Application Gateway v2 for built-in features like autoscaling, static VIPs, Azure KeyVault integration for better traffic management and performance, unless v1 is necessary. - potentialBenefits Better performance, autoscaling, more features + potentialBenefits: Better performance, autoscaling, more features pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -97,7 +97,7 @@ recommendationMetadataState: Active longDescription: | Enable logging in storage accounts, Log Analytics, and monitoring services for auditing and insights. If using NSGs, enable NSG flow logs to be stored, providing in-depth traffic analysis into Azure Cloud. - potentialBenefits Enhanced traffic insight & audit + potentialBenefits: Enhanced traffic insight & audit pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -118,7 +118,7 @@ recommendationMetadataState: Active longDescription: | Using custom health probes enhances understanding of backend availability and facilitates monitoring of backend services for any impact. - potentialBenefits Ensures backend uptime monitoring. + potentialBenefits: Ensures backend uptime monitoring. pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -139,7 +139,7 @@ recommendationMetadataState: Active longDescription: | Deploying Application Gateway in a zone-aware configuration ensures continued customer access to services even if a specific zone goes down, as services in other zones remain available. - potentialBenefits Enhanced uptime & customer access + potentialBenefits: Enhanced uptime & customer access pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -160,7 +160,7 @@ recommendationMetadataState: Active longDescription: | Using connection draining for backend maintenance ensures graceful removal of backend pool members during updates or health issues. It's enabled via Backend Setting and applies to all members during rule creation. - potentialBenefits Smooth updates, no dropped users + potentialBenefits: Smooth updates, no dropped users pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -181,7 +181,7 @@ recommendationMetadataState: Active longDescription: | Application Gateway v2 (Standard_v2 or WAF_v2 SKU) can support up to 125 instances. A /24 subnet isn't mandatory for deployment but is advised to provide enough space for autoscaling and maintenance upgrades. - potentialBenefits Allows autoscaling and maintenance + potentialBenefits: Allows autoscaling and maintenance pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Network/azureFirewalls/recommendations.yaml b/azure-resources/Network/azureFirewalls/recommendations.yaml index d4f452818..a3e058325 100644 --- a/azure-resources/Network/azureFirewalls/recommendations.yaml +++ b/azure-resources/Network/azureFirewalls/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Azure Firewall offers different SLAs depending on its deployment; in a single availability zone or across multiple, potentially improving reliability and performance. - potentialBenefits Enhanced SLA and reliability + potentialBenefits: Enhanced SLA and reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -28,7 +28,7 @@ recommendationMetadataState: Active longDescription: | Monitor Azure Firewall for overall health, processed throughput, and outbound SNAT port usage. Get alerted before limits impact services. Consider NAT gateway integration with zonal deployments; note limitations with zone redundant firewalls and secure virtual hub networks. - potentialBenefits Improve health & performance monitoring + potentialBenefits: Improve health & performance monitoring pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -49,7 +49,7 @@ recommendationMetadataState: Active longDescription: | Associate a DDoS protection plan with the virtual network hosting Azure Firewall to provide enhanced mitigation against DDoS attacks. Azure Firewall Manager integrates the creation of firewall infrastructure and DDoS protection plans. - potentialBenefits Enhanced DDoS attack defense + potentialBenefits: Enhanced DDoS attack defense pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -68,7 +68,7 @@ recommendationMetadataState: Active longDescription: | Azure Firewall policy supports rule hierarchies for compliance enforcement, using a central base policy with higher priority over child policies, and employs Azure custom roles to safeguard base policy and manage access within subscriptions or groups. - potentialBenefits Enhanced compliance and rule hierarchy + potentialBenefits: Enhanced compliance and rule hierarchy pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -87,7 +87,7 @@ recommendationMetadataState: Active longDescription: | Configure a minimum of two to four public IP addresses per Azure Firewall to avoid SNAT exhaustion. Azure Firewall offers SNAT for all outbound traffic to public IPs, providing 2,496 SNAT ports for each additional PIP. - potentialBenefits Avoids SNAT exhaustion. + potentialBenefits: Avoids SNAT exhaustion. pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -106,7 +106,7 @@ recommendationMetadataState: Active longDescription: | Creating a metric to monitor latency probes over 20ms for periods longer than 30mins helps identify when firewall instance CPUs are stressed, potentially indicating issues. - potentialBenefits Improved CPU stress detection + potentialBenefits: Improved CPU stress detection pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Network/connections/recommendations.yaml b/azure-resources/Network/connections/recommendations.yaml index bd3c2d8d0..4478f969c 100644 --- a/azure-resources/Network/connections/recommendations.yaml +++ b/azure-resources/Network/connections/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | ExpressRoute gateways facilitate network traffic and route exchanges. FastPath enhances on-premises to virtual network data path performance by directing traffic straight to virtual machines, bypassing the gateway for improved resiliency through reduced gateway utilization. - potentialBenefits Enhances speed & resiliency + potentialBenefits: Enhances speed & resiliency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | Configure an Azure Resource lock for Gateway Connection resources to prevent accidental deletion and maintain connectivity between on-premises networks and Azure workloads. - potentialBenefits Prevents accidental deletion of connections + potentialBenefits: Prevents accidental deletion of connections pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Network/ddosProtectionPlans/recommendations.yaml b/azure-resources/Network/ddosProtectionPlans/recommendations.yaml index e16b82766..f4f7c48fc 100644 --- a/azure-resources/Network/ddosProtectionPlans/recommendations.yaml +++ b/azure-resources/Network/ddosProtectionPlans/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Azure DDoS Plan metrics differentiate packets and bytes by tags: null Dropped (packets scrubbed by DDoS), Forwarded (packets to VIP not filtered), and No tag (total packets, sum of dropped and forwarded). - potentialBenefits Enhanced security & traffic insight + potentialBenefits: Enhanced security & traffic insight pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Network/expressRouteCircuits/recommendations.yaml b/azure-resources/Network/expressRouteCircuits/recommendations.yaml index 3fc3f662f..ab8fa8157 100644 --- a/azure-resources/Network/expressRouteCircuits/recommendations.yaml +++ b/azure-resources/Network/expressRouteCircuits/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Connecting each ExpressRoute Gateway to a minimum of two circuits in different peering locations enhances redundancy and reliability by ensuring alternate pathways for data in case one circuit fails. - potentialBenefits Enhanced reliability & redundancy + potentialBenefits: Enhanced reliability & redundancy pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | Microsoft or the ExpressRoute provider always ensures physical redundancy in their services. It's essential to maintain this level of physical redundancy (two devices, two links) from the ExpressRoute peering location to your network for optimal performance and reliability. - potentialBenefits Enhanced reliability & fault tolerance + potentialBenefits: Enhanced reliability & fault tolerance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -47,7 +47,7 @@ recommendationMetadataState: Active longDescription: | Operating both connections of an ExpressRoute circuit in active-active mode enhances high availability as the Microsoft network will load balance the traffic across the connections on a per-flow basis. - potentialBenefits Improved high availability and load balancing + potentialBenefits: Improved high availability and load balancing pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -66,7 +66,7 @@ recommendationMetadataState: Active longDescription: | Enabling BFD over ExpressRoute speeds up link failure detection between MSEE devices and routers configured for ExpressRoute (CE/PE), applicable over both customer and Partner Edge routing devices with managed Layer 3 service. - potentialBenefits Faster link failure detection + potentialBenefits: Faster link failure detection pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -85,7 +85,7 @@ recommendationMetadataState: Active longDescription: | Use Network Insights for monitoring ExpressRoute circuit availability, QoS, and throughput. Set alerts based on Azure Monitor Baseline Alerts for availability, QoS metrics, and throughput metrics exceeding specific thresholds. - potentialBenefits Enhanced network performance & health + potentialBenefits: Enhanced network performance & health pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -108,7 +108,7 @@ recommendationMetadataState: Active longDescription: | ExpressRoute leverages service health for notifications on both planned and unplanned maintenance, ensuring users are informed about any changes to their ExpressRoute circuits. - potentialBenefits Stay informed on circuit updates + potentialBenefits: Stay informed on circuit updates pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -127,7 +127,7 @@ recommendationMetadataState: Active longDescription: | If you haven't added a second ExpressRoute circuit, use a site-to-site VPN as a temporary solution until the second circuit is available. This ensures network reliability and continuity of service. - potentialBenefits Ensures continuity & reliability + potentialBenefits: Ensures continuity & reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Network/expressRoutePorts/recommendations.yaml b/azure-resources/Network/expressRoutePorts/recommendations.yaml index 177ffae12..ee87f1eaa 100644 --- a/azure-resources/Network/expressRoutePorts/recommendations.yaml +++ b/azure-resources/Network/expressRoutePorts/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | In Azure ExpressRoute Direct, the "Admin State" indicates the administrative status of layer 1 links, showing if a link is enabled or disabled, effectively turning the physical port on or off. - potentialBenefits Ensures optimal connectivity. + potentialBenefits: Ensures optimal connectivity. pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | Provisioning ExpressRoute circuits on a 10-Gbps or 100-Gbps ExpressRoute Direct resource up to 20-Gbps or 200-Gbps is possible but not recommended for resiliency. If an ExpressRoute Direct port fails, and circuits are using full capacity, the remaining port won't handle the extra load. - potentialBenefits Improves resilience during port failures + potentialBenefits: Improves resilience during port failures pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -45,7 +45,7 @@ recommendationMetadataState: Active longDescription: | Rate limiting controls traffic volume between on-premises networks and Azure via ExpressRoute Direct, applying to private or Microsoft peering. It distributes port bandwidth, ensures stability, and prevents congestion, with steps outlined for enabling on circuits. - potentialBenefits Optimizes network, prevents congestion + potentialBenefits: Optimizes network, prevents congestion pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Network/loadBalancers/recommendations.yaml b/azure-resources/Network/loadBalancers/recommendations.yaml index 2b6d6cad9..1414fd885 100644 --- a/azure-resources/Network/loadBalancers/recommendations.yaml +++ b/azure-resources/Network/loadBalancers/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Selecting Standard SKU Load Balancer enhances reliability through availability zones and zone resiliency, ensuring deployments withstand zone and region failures. Unlike Basic, it supports global load balancing and offers an SLA. - potentialBenefits Enhanced reliability & SLA support + potentialBenefits: Enhanced reliability & SLA support pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -28,7 +28,7 @@ recommendationMetadataState: Active longDescription: | Deploying Azure Load Balancers with at least two instances in the backend prevents a single point of failure and supports scalability. Pairing with Virtual Machine Scale Sets is advised for optimal scale building. - potentialBenefits Enhances reliability & scalability + potentialBenefits: Enhances reliability & scalability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -47,7 +47,7 @@ recommendationMetadataState: Active longDescription: | Outbound rules for Standard Public Load Balancer involve manual port allocation for backend pools, limiting scalability and risk of SNAT port exhaustion. NAT Gateway is recommended for its dynamic scaling and secure internet connectivity. - potentialBenefits Enhanced scalability and reliability + potentialBenefits: Enhanced scalability and reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -66,7 +66,7 @@ recommendationMetadataState: Active longDescription: | In regions with Availability Zones, assigning a zone-redundant frontend IP to a Standard Load Balancer ensures continuous traffic distribution even if one availability zone fails, provided other healthy zones and backend instances are available to receive the traffic. - potentialBenefits Enhances uptime & resilience + potentialBenefits: Enhances uptime & resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Network/networkSecurityGroups/recommendations.yaml b/azure-resources/Network/networkSecurityGroups/recommendations.yaml index 0a5502dee..11db74765 100644 --- a/azure-resources/Network/networkSecurityGroups/recommendations.yaml +++ b/azure-resources/Network/networkSecurityGroups/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Resource Logs are not collected and stored until you create a diagnostic setting and route them to one or more locations. - potentialBenefits Enhanced monitoring & security insights + potentialBenefits: Enhanced monitoring & security insights pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | Create Alerts with Azure Monitor for operations like creating or updating Network Security Group rules to catch unauthorized/undesired changes to resources and spot attempts to bypass firewalls or access resources from the outside. - potentialBenefits Enhanced security and change monitoring + potentialBenefits: Enhanced security and change monitoring pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -45,7 +45,7 @@ recommendationMetadataState: Active longDescription: | As an administrator, you can lock an Azure subscription, resource group, or resource to protect them from accidental deletions and modifications. The lock overrides user permissions. Locks can prevent either deletions or modifications and are known as Delete and Read-only in the portal. - potentialBenefits Prevents accidental edits/deletions + potentialBenefits: Prevents accidental edits/deletions pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -64,7 +64,7 @@ recommendationMetadataState: Active longDescription: | Monitoring, managing, and understanding your network is crucial for protection and optimization. Knowing the current state, who and from where connections are made, open internet ports, expected and irregular behavior, and traffic spikes is essential. - potentialBenefits Enhances security & optimizes network + potentialBenefits: Enhances security & optimizes network pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -83,7 +83,7 @@ recommendationMetadataState: Active longDescription: | Azure network security groups filter network traffic between resources in a virtual network, using security rules to allow or deny inbound or outbound traffic based on source, destination, port, and protocol. - potentialBenefits Enhanced traffic control & security + potentialBenefits: Enhanced traffic control & security pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Network/networkWatchers/recommendations.yaml b/azure-resources/Network/networkWatchers/recommendations.yaml index 0f33310f2..6af2cad69 100644 --- a/azure-resources/Network/networkWatchers/recommendations.yaml +++ b/azure-resources/Network/networkWatchers/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Azure Network Watcher offers tools for monitoring, diagnosing, viewing metrics, and managing logs for IaaS resources. It helps maintain the health of VMs, VNets, application gateways, load balancers, but not for PaaS or Web analytics. - potentialBenefits Enhanced monitoring & diagnostics for Azure IaaS + potentialBenefits: Enhanced monitoring & diagnostics for Azure IaaS pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | Network security group flow logging is a feature of Azure Network Watcher that logs IP traffic info through a network security group. If in Failed state, monitoring data from the associated resource is not collected. - potentialBenefits Ensures IP traffic logging + potentialBenefits: Ensures IP traffic logging pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Network/privateDnsZones/recommendations.yaml b/azure-resources/Network/privateDnsZones/recommendations.yaml index 9fd484531..10cd45234 100644 --- a/azure-resources/Network/privateDnsZones/recommendations.yaml +++ b/azure-resources/Network/privateDnsZones/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Private DNS zones and records are critical and their deletion can cause service outages. To protect against unauthorized or accidental changes, the Private DNS Zone Contributor role, a built-in role for managing these resources, should be assigned to specific users or groups. - potentialBenefits Prevents DNS outages + potentialBenefits: Prevents DNS outages pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | The records in a private DNS zone are only resolvable from linked virtual networks. You can link a private DNS zone to multiple networks and enable autoregistration to manage DNS records for virtual machines automatically. - potentialBenefits Enhanced DNS reliability & alerting + potentialBenefits: Enhanced DNS reliability & alerting pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -45,7 +45,7 @@ recommendationMetadataState: Active longDescription: | Azure Private DNS offers a reliable, secure way to handle domain names within virtual networks, using custom domains instead of default Azure names. Records in these zones aren't internet-accessible, only resolvable within linked virtual networks. - potentialBenefits Ensures seamless failover for DNS + potentialBenefits: Ensures seamless failover for DNS pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Network/privateEndpoints/recommendations.yaml b/azure-resources/Network/privateEndpoints/recommendations.yaml index e5c423991..38cee7ef7 100644 --- a/azure-resources/Network/privateEndpoints/recommendations.yaml +++ b/azure-resources/Network/privateEndpoints/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | A private endpoint has two custom properties, static IP address and the network interface name, which must be set at creation. If not in Succeeded state, there may be issues with the endpoint or associated resource. - potentialBenefits Enhanced connection reliability + potentialBenefits: Enhanced connection reliability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Network/publicIPAddresses/recommendations.yaml b/azure-resources/Network/publicIPAddresses/recommendations.yaml index e46313311..02cdcdf46 100644 --- a/azure-resources/Network/publicIPAddresses/recommendations.yaml +++ b/azure-resources/Network/publicIPAddresses/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Public IP addresses in Azure can be of standard SKU, available as non-zonal, zonal, or zone-redundant. Zone-redundant IPs are accessible across all zones, resisting any single zone failure, thereby providing higher resilience. - potentialBenefits Enhanced resilience with zone redundancy + potentialBenefits: Enhanced resilience with zone redundancy pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -28,7 +28,7 @@ recommendationMetadataState: Active longDescription: | Prevent connectivity failures due to SNAT port exhaustion by employing NAT gateway for outbound traffic from virtual networks, ensuring dynamic scaling and secure internet connections. - potentialBenefits Avoids SNAT port exhaustion risks + potentialBenefits: Avoids SNAT port exhaustion risks pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -49,7 +49,7 @@ recommendationMetadataState: Active longDescription: | Basic SKU public IP addresses will be retired on September 30, 2025. Users are advised to upgrade to Standard SKU public IP addresses before this date to avoid service disruptions. - potentialBenefits Avoids service disruption + potentialBenefits: Avoids service disruption pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Network/routeTables/recommendations.yaml b/azure-resources/Network/routeTables/recommendations.yaml index 521c634bb..22d5023cd 100644 --- a/azure-resources/Network/routeTables/recommendations.yaml +++ b/azure-resources/Network/routeTables/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Create Alerts with Azure Monitor for operations like Create or Update Route Table to spot unauthorized/undesired changes in production resources. This setup aids in identifying improper routing changes, including efforts to evade firewalls or access resources from outside. - potentialBenefits Enhanced security & change detection + potentialBenefits: Enhanced security & change detection pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | As an administrator, you can protect Azure subscriptions, resource groups, or resources from accidental deletions and modifications by setting locks. - potentialBenefits Prevents accidental edits/deletions + potentialBenefits: Prevents accidental edits/deletions pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Network/trafficmanagerprofiles/recommendations.yaml b/azure-resources/Network/trafficmanagerprofiles/recommendations.yaml index edc5853d8..01ccd11ec 100644 --- a/azure-resources/Network/trafficmanagerprofiles/recommendations.yaml +++ b/azure-resources/Network/trafficmanagerprofiles/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Monitor status should be online to ensure failover for application workload. If Traffic Manager's health shows Degraded, one or more endpoints may also be Degraded. - potentialBenefits Ensures failover functionality + potentialBenefits: Ensures failover functionality pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -30,7 +30,7 @@ recommendationMetadataState: Active longDescription: | When configuring the Azure traffic manager, provision at least two endpoints to ensure workloads can fail-over to another instance, enhancing reliability and availability. - potentialBenefits Enhances failover capabilities + potentialBenefits: Enhances failover capabilities pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -49,7 +49,7 @@ recommendationMetadataState: Active longDescription: | Profiles should have multiple endpoints to ensure availability in case an endpoint fails. It's also advised to distribute these endpoints across different regions for enhanced reliability. - potentialBenefits Enhances availability across regions + potentialBenefits: Enhances availability across regions pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -69,7 +69,7 @@ recommendationMetadataState: Active longDescription: | For geographic routing, traffic is directed to endpoints based on specific regions. If a region fails, without a predefined failover, configuring an endpoint to "All (World)" for geographic profiles can prevent traffic black holes, ensuring service remains available. - potentialBenefits Avoids traffic black holing, ensures availability + potentialBenefits: Avoids traffic black holing, ensures availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Network/virtualNetworkGateways/recommendations.yaml b/azure-resources/Network/virtualNetworkGateways/recommendations.yaml index aaf52a031..cf1cbd85c 100644 --- a/azure-resources/Network/virtualNetworkGateways/recommendations.yaml +++ b/azure-resources/Network/virtualNetworkGateways/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | To increase reliability, it's advised that each ExpressRoute Gateway connects to at least two circuits, with each circuit originating from a different peering location than the other, ensuring diverse connectivity paths for enhanced resilience. - potentialBenefits Enhanced resiliency for Azure service + potentialBenefits: Enhanced resiliency for Azure service pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | Azure ExpressRoute gateway offers variable SLAs based on deployment in single or multiple availability zones. To deploy virtual network gateways across zones automatically, use zone-redundant gateways for accessing critical, scalable services with increased resilience. - potentialBenefits Enhanced SLA and resilience + potentialBenefits: Enhanced SLA and resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -49,7 +49,7 @@ recommendationMetadataState: Active longDescription: | Configuring an Azure Resource lock for ExpressRoute Gateway prevents accidental deletion by enabling administrators to lock an Azure subscription, resource group, or resource, thereby protecting them from unintended user deletions and modifications, with the lock overriding all user permissions. - potentialBenefits Prevents accidental deletions + potentialBenefits: Prevents accidental deletions pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -68,7 +68,7 @@ recommendationMetadataState: Active longDescription: | Use Network Insights for monitoring ExpressRoute Gateway's health, including availability, performance, and scalability. - potentialBenefits Enhanced monitoring & alerting + potentialBenefits: Enhanced monitoring & alerting pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -89,7 +89,7 @@ recommendationMetadataState: Active longDescription: | While multiple VNets can connect via the same ExpressRoute Gateway, Microsoft recommends using alternatives like VNet peering, Azure Firewall, NVA, Azure Route Server, site-to-site VPN, virtual WAN, or SD-WAN for VNet-to-VNet communication to optimize network performance and management. - potentialBenefits Enhanced VNet integration efficiency + potentialBenefits: Enhanced VNet integration efficiency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -108,7 +108,7 @@ recommendationMetadataState: Active longDescription: | ExpressRoute gateways are updated for improved functionality, reliability, performance, and security. Customer-controlled maintenance configuration and scheduling minimize update impact and align with your maintenance windows. - potentialBenefits Minimizes update impact + potentialBenefits: Minimizes update impact pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -127,7 +127,7 @@ recommendationMetadataState: Active longDescription: | Azure VPN gateway offers variable SLAs based on deployment in one or two availability zones. Deploying zone-redundant virtual network gateways across availability zones ensures zone-resiliency, improving access to mission-critical, scalable services on Azure. - potentialBenefits Enhanced reliability and scalability + potentialBenefits: Enhanced reliability and scalability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -150,7 +150,7 @@ recommendationMetadataState: Active longDescription: | The active-active mode is available for all SKUs except Basic, allowing for two Gateway IP configurations and two public IP addresses, enhancing redundancy and traffic handling. - potentialBenefits Enhanced reliability & network capacity + potentialBenefits: Enhanced reliability & network capacity pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -171,7 +171,7 @@ recommendationMetadataState: Active longDescription: | Deploying active-active VPN concentrators and Azure VPN Gateways maximizes resilience and availability using a fully-meshed topology with four IPSec tunnels. - potentialBenefits Maximizes resilience & availability + potentialBenefits: Maximizes resilience & availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -190,7 +190,7 @@ recommendationMetadataState: Active longDescription: | Set up monitoring and alerts for Virtual Network Gateway health to utilize a variety of metrics for ensuring operational efficiency and prompt response to any disruptions. - potentialBenefits Improved uptime and issue awareness + potentialBenefits: Improved uptime and issue awareness pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -209,7 +209,7 @@ recommendationMetadataState: Active longDescription: | VPN Gateway leverages service health to inform users about both planned and unplanned maintenance, ensuring they are notified about modifications to their VPN connectivity. - potentialBenefits Improves VPN maintenance alerts + potentialBenefits: Improves VPN maintenance alerts pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -230,7 +230,7 @@ recommendationMetadataState: Active longDescription: | For zone-redundant VPN Gateways, always use zone-redundant Standard SKU public IPs to avoid deploying all instances in one zone. This ensures the gateway's reliability, applying to both active-passive (single IP) and active-active (dual IP) setups. - potentialBenefits Enhanced reliability & disaster recovery + potentialBenefits: Enhanced reliability & disaster recovery pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Network/virtualNetworks/recommendations.yaml b/azure-resources/Network/virtualNetworks/recommendations.yaml index aa9bd4c5c..4ef070b1f 100644 --- a/azure-resources/Network/virtualNetworks/recommendations.yaml +++ b/azure-resources/Network/virtualNetworks/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Network security groups and application security groups allow filtering of inbound and outbound traffic by IP, port, and protocol, adding a security layer at the Subnet level. - potentialBenefits Enhanced subnet security & traffic control + potentialBenefits: Enhanced subnet security & traffic control pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -32,7 +32,7 @@ recommendationMetadataState: Active longDescription: | Azure DDoS Protection offers enhanced mitigation features against DDoS attacks and is auto-tuned to protect specific resources in a virtual network, combined with application design best practices. - potentialBenefits Enhanced DDoS attack mitigation + potentialBenefits: Enhanced DDoS attack mitigation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -51,7 +51,7 @@ recommendationMetadataState: Active longDescription: | Use VNet service endpoints only if Private Link isn't available and no data movement concerns. This feature restricts Azure service access to specified VNet and subnet, enhancing network security and isolating service traffic. - potentialBenefits Enhanced security & data isolation + potentialBenefits: Enhanced security & data isolation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/NetworkFunction/azureTrafficCollectors/recommendations.yaml b/azure-resources/NetworkFunction/azureTrafficCollectors/recommendations.yaml index 821b3782e..4444495df 100644 --- a/azure-resources/NetworkFunction/azureTrafficCollectors/recommendations.yaml +++ b/azure-resources/NetworkFunction/azureTrafficCollectors/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | ExpressRoute Traffic Collector samples network flows over ExpressRoute Direct circuits, sending flow logs to a Log Analytics workspace for analysis or export to visualization tools/SIEM. - potentialBenefits Enhanced network flow analysis & DR readiness + potentialBenefits: Enhanced network flow analysis & DR readiness pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/OperationalInsights/workspaces/recommendations.yaml b/azure-resources/OperationalInsights/workspaces/recommendations.yaml index d79e6a49e..7f0b0dc3f 100644 --- a/azure-resources/OperationalInsights/workspaces/recommendations.yaml +++ b/azure-resources/OperationalInsights/workspaces/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Data export in a Log Analytics workspace to an Azure Storage account enhances data protection against regional failures by using geo-redundant (GRS) or geo-zone-redundant storage (GZRS), mainly for compliance and integration with other Azure services and tools. - potentialBenefits Enhances compliance and regional fault tolerance + potentialBenefits: Enhances compliance and regional fault tolerance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -28,7 +28,7 @@ recommendationMetadataState: Active longDescription: | A health status alert will proactively notify you if a workspace becomes unavailable because of a datacenter or regional failure. - potentialBenefits Early alert for workspace failure + potentialBenefits: Early alert for workspace failure pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -49,7 +49,7 @@ recommendationMetadataState: Active longDescription: | Azure Monitor Logs retain log data for specific periods depending on the data type, e.g., 30 days for platform logs. For compliance or business reasons, you might need longer retention. Data retention settings are adjustable. - potentialBenefits Cost-saving & compliance with data rules + potentialBenefits: Cost-saving & compliance with data rules pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/RecoveryServices/vaults/recommendations.yaml b/azure-resources/RecoveryServices/vaults/recommendations.yaml index 0eab13b46..ec2fbcb10 100644 --- a/azure-resources/RecoveryServices/vaults/recommendations.yaml +++ b/azure-resources/RecoveryServices/vaults/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Ensure VM failover settings' static IP addresses are available in the failover subnet to maintain consistent IP assignment during failover, with the target VM receiving the same static IP if it's available or the next available IP otherwise. IP adjustments can be made in VM Network settings. - potentialBenefits Smooth failover IP management + potentialBenefits: Smooth failover IP management pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | Perform a test failover to validate your BCDR strategy and ensure that your applications are functioning correctly in the target region without impacting your production environment. Test your Disaster Recovery plan periodically without any data loss or downtime, using test failovers. - potentialBenefits Ensures BCDR plan accuracy and VM performance + potentialBenefits: Ensures BCDR plan accuracy and VM performance pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -45,7 +45,7 @@ recommendationMetadataState: Active longDescription: | Classic alerts for Recovery Services vaults in Azure Backup will be retired on 31 March 2026. - potentialBenefits Enhanced, scalable, and consistent alerting. + potentialBenefits: Enhanced, scalable, and consistent alerting. pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -66,7 +66,7 @@ recommendationMetadataState: Active longDescription: | Cross Region Restore enables the restoration of Azure VMs in a secondary, Azure paired region, facilitating drills for audit or compliance and allowing recovery of VMs or disks in the event of a primary region disaster. It is an opt-in feature available exclusively for GRS vaults. - potentialBenefits Enhances disaster recovery capabilities + potentialBenefits: Enhances disaster recovery capabilities pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Resources/resourceGroups/recommendations.yaml b/azure-resources/Resources/resourceGroups/recommendations.yaml index 098e68990..931ebf2d0 100644 --- a/azure-resources/Resources/resourceGroups/recommendations.yaml +++ b/azure-resources/Resources/resourceGroups/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | The root management group in Azure is designed for organizational hierarchy, allowing for all management groups and subscriptions to fold into it. - potentialBenefits Enhanced security, compliance, and management + potentialBenefits: Enhanced security, compliance, and management pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -28,7 +28,7 @@ recommendationMetadataState: Active longDescription: | Ensure resource locations align with their resource group to manage resources during regional outages. ARM stores resource data, which if in an unavailable region, could halt updates, rendering resources read-only. - potentialBenefits Improves outage management + potentialBenefits: Improves outage management pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/ServiceBus/namespaces/recommendations.yaml b/azure-resources/ServiceBus/namespaces/recommendations.yaml index 0ad4822b5..788f35401 100644 --- a/azure-resources/ServiceBus/namespaces/recommendations.yaml +++ b/azure-resources/ServiceBus/namespaces/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Use Service Bus with zone redundancy for high availability. The Premium SKU supports availability zones, ensuring isolations within the same region. It manages 3 copies of the messaging store, kept in sync. - potentialBenefits Enhances fault tolerance and uptime + potentialBenefits: Enhances fault tolerance and uptime pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/SignalRService/SignalR/recommendations.yaml b/azure-resources/SignalRService/SignalR/recommendations.yaml index 990724060..2d2bcdab6 100644 --- a/azure-resources/SignalRService/SignalR/recommendations.yaml +++ b/azure-resources/SignalRService/SignalR/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Use SignalR with zone redundancy for production to improve uptime. This feature, available in the Premium tier, is activated upon creating or upgrading to Premium. Standard can upgrade to Premium without downtime. - potentialBenefits Enhances reliability & uptime + potentialBenefits: Enhances reliability & uptime pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Sql/servers/recommendations.yaml b/azure-resources/Sql/servers/recommendations.yaml index fd3d414a2..90cf591fe 100644 --- a/azure-resources/Sql/servers/recommendations.yaml +++ b/azure-resources/Sql/servers/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | If your primary database fails, perform a manual failover to the secondary database which remains read-only until then. Active geo-replication allows creating readable replicas and manual failover in case of a datacenter outage or application upgrade. - potentialBenefits Enhanced disaster recovery & read scalability + potentialBenefits: Enhanced disaster recovery & read scalability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | You can use the readable secondary databases to offload read-only query workloads. Autofailover groups involve multiple databases configured on a primary server, supporting replication of all databases in the group to only one secondary server or instance in a different region. - potentialBenefits Improves load balancing & disaster recovery + potentialBenefits: Improves load balancing & disaster recovery pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -47,7 +47,7 @@ recommendationMetadataState: Active longDescription: | By default, the premium availability model clusters nodes in one datacenter. - potentialBenefits Enhanced reliability, no extra cost + potentialBenefits: Enhanced reliability, no extra cost pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -66,7 +66,7 @@ recommendationMetadataState: Active longDescription: | Azure SQL Database, known for its resilience to infrastructure failures, can occasionally encounter connectivity issues due to transient errors. Implementing retry logic in your code ensures continued operation by reattempting failed calls, maintaining smooth database interaction. - potentialBenefits Enhanced connectivity stability + potentialBenefits: Enhanced connectivity stability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -85,7 +85,7 @@ recommendationMetadataState: Active longDescription: | Use available solutions to monitor SQL Database to detect reliability incidents early, making your databases more reliable. Opt for near real-time monitoring to rapidly react to incidents. - potentialBenefits Quick incident detection & response + potentialBenefits: Quick incident detection & response pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -108,7 +108,7 @@ recommendationMetadataState: Active longDescription: | It is highly recommended to use Azure Key Vault to store encryption keys for Always Encrypted configurations. Though not mandatory, if not using AKV, ensure keys are properly backed up. - potentialBenefits Enhanced security & data recovery + potentialBenefits: Enhanced security & data recovery pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Storage/storageAccounts/recommendations.yaml b/azure-resources/Storage/storageAccounts/recommendations.yaml index 65959bad1..abc2deb76 100644 --- a/azure-resources/Storage/storageAccounts/recommendations.yaml +++ b/azure-resources/Storage/storageAccounts/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Redundancy ensures storage accounts meet availability and durability targets amidst failures, weighing lower costs against higher availability. Locally redundant storage offers the least durability at the lowest cost. - potentialBenefits High availability & durability for storage + potentialBenefits: High availability & durability for storage pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -28,7 +28,7 @@ recommendationMetadataState: Active longDescription: | Classic storage accounts will be fully retired on August 31, 2024. If you have classic storage accounts, start planning your migration now. - potentialBenefits Avoids service retirement issues + potentialBenefits: Avoids service retirement issues pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -49,7 +49,7 @@ recommendationMetadataState: Active longDescription: | Consider using the appropriate storage performance tier for workload scenarios. Each workload scenario requires appropriate performance tiers, and selecting the appropriate tiers based on storage usage is crucial. - potentialBenefits Optimized cost & performance + potentialBenefits: Optimized cost & performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -76,7 +76,7 @@ recommendationMetadataState: Active longDescription: | The soft delete option enables data recovery if mistakenly deleted, while the Lock feature prevents the accidental deletion of the storage account itself, ensuring additional security and data integrity measures. - potentialBenefits Prevents accidental data/account loss + potentialBenefits: Prevents accidental data/account loss pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -95,7 +95,7 @@ recommendationMetadataState: Active longDescription: | Consider enabling versioning for Azure Storage Accounts to recover from accidental modifications or deletions and manage blob operation latency. Microsoft advises maintaining fewer than 1000 versions per blob to optimize performance. Lifecycle management can help delete old versions automatically. - potentialBenefits Recover data, manage latency + potentialBenefits: Recover data, manage latency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -114,7 +114,7 @@ recommendationMetadataState: Active longDescription: | Consider enabling point-in-time restore for standard general purpose v2 accounts with flat namespace to protect against accidental deletion or corruption by restoring block blob data to an earlier state. - potentialBenefits Protects data from loss/corruption + potentialBenefits: Protects data from loss/corruption pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -135,7 +135,7 @@ recommendationMetadataState: Active longDescription: | For critical applications and business processes relying on Azure, monitoring and alerts are crucial. Resource logs are only stored after creating a diagnostic setting to route logs to specified locations, requiring selection of log categories to collect. - potentialBenefits Enhanced alerting & log analysis + potentialBenefits: Enhanced alerting & log analysis pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -156,7 +156,7 @@ recommendationMetadataState: Active longDescription: | General-purpose v2 accounts are recommended for most storage scenarios offering the latest features or the lowest per-gigabyte pricing. Legacy accounts like Standard general-purpose v1 and Blob Storage aren't advised by Microsoft but may fit specific scenarios. - potentialBenefits Latest features, lowest cost + potentialBenefits: Latest features, lowest cost pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Subscription/subscriptions/recommendations.yaml b/azure-resources/Subscription/subscriptions/recommendations.yaml index c401d2673..f959e8478 100644 --- a/azure-resources/Subscription/subscriptions/recommendations.yaml +++ b/azure-resources/Subscription/subscriptions/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | A Citrix Managed Azure subscription supports VMs with VDA for app/desktop delivery, excluding other machines like Cloud Connectors. When close to the limit, signaled by a dashboard notification, and with sufficient licenses, request another subscription. Can't exceed the given limits for catalogs. - potentialBenefits Avoids hitting limit, ensures reliability + potentialBenefits: Avoids hitting limit, ensures reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -16,4 +16,3 @@ learnMoreLink: - name: Citrix Limits url: "https://docs.citrix.com/en-us/citrix-daas-azure/limits" - diff --git a/azure-resources/VirtualMachineImages/imageTemplates/recommendations.yaml b/azure-resources/VirtualMachineImages/imageTemplates/recommendations.yaml index 7892a4041..9a00d5ffd 100644 --- a/azure-resources/VirtualMachineImages/imageTemplates/recommendations.yaml +++ b/azure-resources/VirtualMachineImages/imageTemplates/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | When building Image Templates, use sources for gen 2 VMs. Gen 2 offers more memory, supports >2TB disks, uses UEFI for faster boot/installation, has Intel SGX, and virtualized persistent memory (vPMEM), unlike gen 1's BIOS-based architecture. - potentialBenefits More memory, supports >2TB disks, faster boot + potentialBenefits: More memory, supports >2TB disks, faster boot pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | The Azure Image Builder service, used for deploying Image Templates, lacks availability zones support. By replicating Image Templates to a secondary, preferably paired, region, quick recovery from a region failure is enabled, ensuring continuous virtual machine deployment from these templates. - potentialBenefits Enhances disaster recovery capability + potentialBenefits: Enhances disaster recovery capability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -37,4 +37,3 @@ url: "https://learn.microsoft.com/en-us/azure/reliability/reliability-image-builder?toc=%2Fazure%2Fvirtual-machines%2Ftoc.json&bc=%2Fazure%2Fvirtual-machines%2Fbreadcrumb%2Ftoc.json#capacity-and-proactive-disaster-recovery-resiliency" - name: Azure Image Builder Supported Regions url: "https://learn.microsoft.com/en-us/azure/virtual-machines/image-builder-overview?tabs=azure-powershell#regions" - diff --git a/azure-resources/Web/serverFarms/recommendations.yaml b/azure-resources/Web/serverFarms/recommendations.yaml index b197b66af..184dbe14d 100644 --- a/azure-resources/Web/serverFarms/recommendations.yaml +++ b/azure-resources/Web/serverFarms/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Azure's feature of deploying App Service plans across availability zones enhances resiliency and reliability by ensuring operation during datacenter failures, providing redundancy without needing different regions, thus minimizing downtime and maintaining uninterrupted services. - potentialBenefits Enhances app resiliency & reliability + potentialBenefits: Enhances app resiliency & reliability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -28,7 +28,7 @@ recommendationMetadataState: Active longDescription: | Choose Standard/Premium Azure App Service Plan for robust apps with advanced scaling, high availability, better performance, and multiple slots, ensuring resilience and continuous operation. - potentialBenefits Enhanced scaling & reliability + potentialBenefits: Enhanced scaling & reliability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -47,7 +47,7 @@ recommendationMetadataState: Active longDescription: | Avoid frequent scaling up/down of Azure App Service instances to prevent service disruptions. Choose the right tier and size for the workload and scale out for traffic changes, as scaling adjustments can trigger application restarts. - potentialBenefits Minimizes restarts, enhances stability + potentialBenefits: Minimizes restarts, enhances stability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -66,7 +66,7 @@ recommendationMetadataState: Active longDescription: | It is strongly recommended to create separate App Service plans for production and test environments to avoid using slots within your production deployment for testing purposes. - potentialBenefits Protects prod performance; avoids test impact + potentialBenefits: Protects prod performance; avoids test impact pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -85,7 +85,7 @@ recommendationMetadataState: Active longDescription: | Enabling Autoscale/Automatic Scaling for your Azure App Service ensures sufficient resources for incoming requests. Autoscaling is rule-based, whereas Automatic Scaling, a newer feature, automatically adjusts resources based on HTTP traffic. - potentialBenefits Optimizes resources for traffic + potentialBenefits: Optimizes resources for traffic pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -96,4 +96,3 @@ url: "https://learn.microsoft.com/en-us/azure/app-service/manage-automatic-scaling?tabs=azure-portal" - name: Auto Scale Web Apps url: "https://learn.microsoft.com/en-us/azure/azure-monitor/autoscale/autoscale-get-started" - diff --git a/azure-resources/Web/sites/recommendations.yaml b/azure-resources/Web/sites/recommendations.yaml index c70dd8462..8a0e12784 100644 --- a/azure-resources/Web/sites/recommendations.yaml +++ b/azure-resources/Web/sites/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Enabling diagnostics logging for your Azure App Service is crucial for monitoring and diagnostics, including both application logging and web server logging. - potentialBenefits Enhanced monitoring & diagnostics + potentialBenefits: Enhanced monitoring & diagnostics pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | Use Application Insights to monitor app performance and load behavior, offering real-time insights, issue diagnosis, and root-cause analysis. It supports ASP.NET, ASP.NET Core, Java, and Node.js on Azure App Service, now with built-in monitoring. - potentialBenefits Real-time insights & issue diagnosis + potentialBenefits: Real-time insights & issue diagnosis pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -47,7 +47,7 @@ recommendationMetadataState: Active longDescription: | If your solution includes both a web front end and a web API, decomposing them into separate App Service apps facilitates solution decomposition by workload, allowing for independent scaling. Initially, you can deploy both in the same plan and separate them for independent scaling when necessary. - potentialBenefits Independent scaling, easier management + potentialBenefits: Independent scaling, easier management pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -66,7 +66,7 @@ recommendationMetadataState: Active longDescription: | Creating a separate storage account for logs and not using the same one for application data prevents logging activities from reducing application performance by ensuring that the resources dedicated to handling application data are not burdened by logging processes. - potentialBenefits Improves app performance + potentialBenefits: Improves app performance pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -85,7 +85,7 @@ recommendationMetadataState: Active longDescription: | Create a deployment slot for staging to deploy updates, verify them, and ensure all instances are warmed up before production swap, reducing bad update chances. An LKG slot allows easy rollback to a previous good deployment if issues arise later, enhancing reliability. - potentialBenefits Safer updates & easy rollback + potentialBenefits: Safer updates & easy rollback pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -104,7 +104,7 @@ recommendationMetadataState: Active longDescription: | Use app settings for configuration and define them in Resource Manager templates or via PowerShell to facilitate part of an automated deployment/update process for improved reliability. - potentialBenefits Enhanced reliability via automation + potentialBenefits: Enhanced reliability via automation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -113,4 +113,3 @@ learnMoreLink: - name: Configure web apps in Azure App Service url: "https://learn.microsoft.com/azure/app-service-web/web-sites-configure" - diff --git a/azure-specialized-workloads/recommendations.yaml b/azure-specialized-workloads/recommendations.yaml index 380f748eb..578f4feba 100644 --- a/azure-specialized-workloads/recommendations.yaml +++ b/azure-specialized-workloads/recommendations.yaml @@ -6,8 +6,8 @@ recommendationResourceType: n/a recommendationMetadataState: Active longDescription: | - Currently in all HPC Pack ARM templates we create the cluster share on one of the head node which is not highly available. - potentialBenefits Enhances job metadata availability + Currently in all HPC Pack ARM templates we create the cluster share on one of the head node which is not highly available. + potentialBenefits: Enhances job metadata availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -25,8 +25,8 @@ recommendationResourceType: n/a recommendationMetadataState: Active longDescription: | - By deploying Azure "burst" nodes (both Windows and Linux) in your HPC Pack cluster or creating your HPC Pack cluster in Azure, you can automatically grow or shrink the cluster's resources such as nodes or cores according to the workload on the cluster. - potentialBenefits Efficient, uninterrupted execution + By deploying Azure "burst" nodes (both Windows and Linux) in your HPC Pack cluster or creating your HPC Pack cluster in Azure, you can automatically grow or shrink the cluster's resources such as nodes or cores according to the workload on the cluster. + potentialBenefits: Efficient, uninterrupted execution pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -45,7 +45,7 @@ recommendationMetadataState: Active longDescription: | Establish a cluster with a minimum of two head nodes. In the event of a head node failure, the active HPC Service will be automatically transferred from the affected head node to another functioning one. - potentialBenefits Enhanced reliability for HPC + potentialBenefits: Enhanced reliability for HPC pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -63,8 +63,8 @@ recommendationResourceType: n/a recommendationMetadataState: Active longDescription: | - When HPC failed to connect to the Domain controller, admin and user will not be able to connect to the HPC Service thus not able to manage and submit jobs to the cluster. - potentialBenefits Enhanced reliability & job management + When HPC failed to connect to the Domain controller, admin and user will not be able to connect to the HPC Service thus not able to manage and submit jobs to the cluster. + potentialBenefits: Enhanced reliability & job management pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -83,7 +83,7 @@ recommendationMetadataState: Active longDescription: | Azure Availability Zones are physically separate locations within each Azure region that are tolerant to local failures. Use availability zones to protect your applications and data against unlikely data center failures. Ensure each single point of failure of each SAP production system is protected with high availability using multiple availability zones. If you cannot deploy across different zones in a region, then refer to Microsoft guidance for High availability deployment options for SAP workload. - potentialBenefits High availability for SAP systems + potentialBenefits: High availability for SAP systems pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -110,7 +110,7 @@ recommendationMetadataState: Active longDescription: | Use Virtual Machines Scale Set (VMSS) with flexible orchestration to distribute the virtual machines across specified zones and within each zone to also distribute VMs across different fault domains within the zone on a best effort basis. Configure VMSS Flex following Microsoft recommendation for SAP workload using the right mode and correct settings. If you aren't currently using VMSS Flex for SAP application servers and also not using Availability Sets with Fault domain & Update domain distribution, then you should consider moving to VMSS Flex architecture to improve the resiliency posture of your SAP deployment. The following blog post in links below outlines the details on the process of migrating existing SAP workloads that are deployed in an availability set or availability zone to a flexible scale set with FD=1 deployment option. - potentialBenefits Enhanced resiliency for SAP on Azure + potentialBenefits: Enhanced resiliency for SAP on Azure pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -135,7 +135,7 @@ recommendationMetadataState: Active longDescription: | For single-instance VMs, both OS and data disks must be either Premium SSD or Ultra Disk to achieve the single-instance SLA of 99.9% availability. - potentialBenefits Higher SLA of 99.9% with SSDs + potentialBenefits: Higher SLA of 99.9% with SSDs pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -162,7 +162,7 @@ recommendationMetadataState: Active longDescription: | High availability for databases should be implemented using database native replication technologies and the data should be replicated synchronously that is in SYNC mode from primary database to a stand-by node. - potentialBenefits Ensures high availability for SAP data + potentialBenefits: Ensures high availability for SAP data pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -184,7 +184,7 @@ longDescription: | SAP shared file systems such as /sapmnt, /usr/trans, interfaces should be made highly available. In case of Azure File Shares, we recommend that you use ZRS (Zone-redundant storage) and for Azure NetApp Files use Zonal replication for your volumes. - potentialBenefits Enhanced data availability for SAP + potentialBenefits: Enhanced data availability for SAP pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -204,7 +204,7 @@ In case of Azure File Shares, we recommend that you use ZRS (Zone-redundant stor longDescription: | Test all high availability solutions thoroughly (including kernel panic in Linux VMs and also fail-back). Include zonal failure scenarios in your testing, the testing should confirm that each layer of your SAP solution including database, central services, application servers and shared file systems is configured correctly for zone redundancy, the solution meets RPO = 0 and the application fails over automatically meeting your RTO. The fail back can be either automatic or manual. - potentialBenefits Ensures SAP Azure's failover reliability + potentialBenefits: Ensures SAP Azure's failover reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -228,7 +228,7 @@ During planned maintenances and fail over testing, you can leverage the migrate Once the planned task necessitating the resource migration is complete, manually remove the temporary constraint to revert to the cluster's original resource management policies. This approach allows for controlled resource movement within the cluster, facilitating maintenance while preserving the integrity and efficiency of the cluster's configuration. - potentialBenefits Enhanced maintenance and failover handling + potentialBenefits: Enhanced maintenance and failover handling pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -248,7 +248,7 @@ This approach allows for controlled resource movement within the cluster, facili To ensure the availability of compute resources for critical VM roles in a DR region, consider securing capacity either through a warm standby approach or by utilizing Azure's On-demand Capacity Reservation. Warm standby involves keeping VMs in the DR region running. On-demand Capacity Reservation, on the other hand, reserves compute capacity without having to run the VMs, allowing you to start them when needed. When DR VMs are not needed, the reserved capacity may safely be used to run other workloads without the risk of losing the capacity to other customers. This strategy guarantees resource availability for your critical workloads in the event of a disaster, balancing cost and readiness. - potentialBenefits Guarantees DR region availability + potentialBenefits: Guarantees DR region availability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -267,7 +267,7 @@ Warm standby involves keeping VMs in the DR region running. On-demand Capacity R recommendationMetadataState: Active longDescription: | Replicate production databases (ASYNC) to the DR location using the database vendor�s replication technology. - potentialBenefits Enhanced DR resilience + potentialBenefits: Enhanced DR resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -286,7 +286,7 @@ Warm standby involves keeping VMs in the DR region running. On-demand Capacity R recommendationMetadataState: Active longDescription: | SAP components such as (A)SCS, application servers, WebDispatchers, etc are backed up to DR location using an appropriate backup tool or ASR. - potentialBenefits Ensures SAP data safety & recovery + potentialBenefits: Ensures SAP data safety & recovery pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -307,7 +307,7 @@ Warm standby involves keeping VMs in the DR region running. On-demand Capacity R recommendationMetadataState: Active longDescription: | Implementing robust monitoring and alerting for DR in SAP on Azure ensures coverage across its complex, multi-layer architecture. This strategy is crucial for databases, services, applications, and shared systems. - potentialBenefits Enhances SAP DR oversight + potentialBenefits: Enhances SAP DR oversight pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -326,7 +326,7 @@ Warm standby involves keeping VMs in the DR region running. On-demand Capacity R recommendationMetadataState: Active longDescription: | Automate the build of disaster recovery (DR) infrastructure (or pre-deploy DR resources) and streamline SAP service recovery as much as possible. - potentialBenefits Faster SAP recovery, reduced downtime + potentialBenefits: Faster SAP recovery, reduced downtime pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -346,7 +346,7 @@ Warm standby involves keeping VMs in the DR region running. On-demand Capacity R Create detailed documentation of your DR procedures for each layer of the SAP architecture-database, central services, application servers, and shared file systems. This documentation should include configuration details, failover mechanisms, and step-by-step recovery procedures. Test a wide range of failure scenarios, including regional outages. Testing should confirm that your DR strategy is robust, meets your RPO and RTO targets, and provides seamless failover across all layers of the SAP architecture. This will ensure a comprehensive and resilient DR strategy capable of withstanding regional failures and ensuring business continuity. - potentialBenefits Ensures robust DR, meets RPO/RTO + potentialBenefits: Ensures robust DR, meets RPO/RTO pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -364,7 +364,7 @@ Test a wide range of failure scenarios, including regional outages. Testing shou recommendationMetadataState: Active longDescription: | For an SAP solution hosted on Azure it is imperative to implement a robust monitoring and alerting solution that comprehensively covers DR of each layer of the SAP architecture. Given the complexity of SAP systems, which span multiple layers using diverse technologies and Azure resources, each with potentially distinct DR replication mechanisms, an appropriate monitoring strategy is crucial. The different layers include database, central services, application, and shared file systems. - potentialBenefits Improved DR oversight & rapid issue response + potentialBenefits: Improved DR oversight & rapid issue response pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -391,7 +391,7 @@ To ensure high availability and service continuity in your Azure VMs, you should In addition, it is also important that you define a procedure on how to react to scheduled events. - potentialBenefits Proactive maintenance awareness + potentialBenefits: Proactive maintenance awareness pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -412,7 +412,7 @@ In addition, it is also important that you define a procedure on how to react to recommendationMetadataState: Active longDescription: | For the ASCS-Pacemaker (Central Server Instance), ensure that the Pacemaker cluster configuration parameters are correctly set up for SAP ASCS high availability. - potentialBenefits Enhances SAP ASCS uptime + potentialBenefits: Enhances SAP ASCS uptime pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -435,7 +435,7 @@ In addition, it is also important that you define a procedure on how to react to recommendationMetadataState: Active longDescription: | For the ASCS-LB (Central Server Instance), ensure that the load balancer is configured correctly for SAP ASCS high availability. - potentialBenefits Enhanced HA for SAP ASCS + potentialBenefits: Enhanced HA for SAP ASCS pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -458,7 +458,7 @@ In addition, it is also important that you define a procedure on how to react to recommendationMetadataState: Active longDescription: | For the DBHANA-Pacemaker (Database Instance), ensure that the Pacemaker cluster configuration parameters are correctly set up for SAP HANA DB high availability. - potentialBenefits Enhances SAP HANA DB uptime + potentialBenefits: Enhances SAP HANA DB uptime pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -481,7 +481,7 @@ In addition, it is also important that you define a procedure on how to react to recommendationMetadataState: Active longDescription: | For the DBHANA-LB (Database Instance), make sure the load balancer is configured correctly for SAP HANA DB high availability. - potentialBenefits Enhanced DB availability + potentialBenefits: Enhanced DB availability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-waf/define/recommendations.yaml b/azure-waf/define/recommendations.yaml index 5acd401b2..6f36f1ba7 100644 --- a/azure-waf/define/recommendations.yaml +++ b/azure-waf/define/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Ensure the Availability Targets (SLA, SLO, SLI) are well defined, tested, monitored and communicated across teams working on the Workload. A Service Level Agreement (SLA) is an availability target that represents a commitment around performance and availability of the application. Understanding the SLA of individual components within the system is essential to define reliability targets. Knowing the SLA of dependencies will also provide a justification for additional spend when making the dependencies highly available and with proper support contracts. Availability targets for any dependencies leveraged by the application should be understood and ideally align with application targets should also be considered. Understanding your availability expectations is vital to reviewing overall operations for the application. For example, if you are striving to achieve an application Service Level Objective (SLO) of 99.999%, the level of inherent operational action required by the application is going to be far greater than if an SLO of 99.9% was the goal. - potentialBenefits Enhances reliability & communication + potentialBenefits: Enhances reliability & communication pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -28,7 +28,7 @@ recommendationMetadataState: Active longDescription: | Ensure the Recovery Targets are well defined and communicated across teams working on the Workload. Two important metrics to consider are the recovery time objective and recovery point objective, as they pertain to disaster recovery. - Recovery time objective (RTO) is the maximum acceptable time that an application can be unavailable after an incident. If your RTO is 90 minutes, you must be able to restore the application to a running state within 90 minutes from the start of a disaster. If you have a very low RTO, you might keep a second regional deployment continually running an active/passive configuration on standby, to protect against a regional outage. In some cases, you might deploy an active/active configuration to achieve even lower RTO. - Recovery point objective (RPO) is the maximum duration of data loss that is acceptable during a disaster. For example, if you store data in a single database, with no replication to other databases, and perform hourly backups, you could lose up to an hour of data. RTO and RPO are non-functional requirements of a system and should be dictated by business requirements. To derive these values, it's a good idea to conduct a risk assessment, and clearly understanding the cost of downtime or data loss. Monitoring and measuring application availability is vital to qualifying overall application health and progress towards defined targets. Make sure you measure and monitor key targets such as: - Mean Time Between Failures (MTBF) - The average time between failures of a particular component. - Mean Time to Recover (MTTR) - The average time it takes to restore a component after a failure. - potentialBenefits Improved recovery times & data loss prevention + potentialBenefits: Improved recovery times & data loss prevention pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-waf/deploy/recommendations.yaml b/azure-waf/deploy/recommendations.yaml index ff73dcb31..aa370faab 100644 --- a/azure-waf/deploy/recommendations.yaml +++ b/azure-waf/deploy/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Infrastructure as code (IaC) uses DevOps methodology and versioning with a descriptive model to define and deploy infrastructure, such as networks, virtual machines, load balancers, and connection topologies. Just as the same source code always generates the same binary, an IaC model generates the same environment every time it deploys. IaC is a key DevOps practice and a component of continuous delivery. With IaC, DevOps teams can work together with a unified set of practices and tools to deliver applications and their supporting infrastructure rapidly and reliably at scale. Key Points: - Avoid manual configuration to enforce consistency - Deliver stable test environments rapidly at scale - Use declarative definition files - potentialBenefits Ensures consistent, scalable deployments + potentialBenefits: Ensures consistent, scalable deployments pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | Continuously delivering value has become a mandatory requirement for organizations. To deliver value to your end users, you must release continually and without errors. Continuous delivery (CD) is the process of automating build, test, configuration, and deployment from a build to a production environment. A release pipeline can create multiple testing or staging environments to automate infrastructure creation and deploy new builds. Successive environments support progressively longer-running integration, load, and user acceptance testing activities. - potentialBenefits Ensures error-free releases + potentialBenefits: Ensures error-free releases pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-waf/design/recommendations.yaml b/azure-waf/design/recommendations.yaml index 4b2c33597..8593764bd 100644 --- a/azure-waf/design/recommendations.yaml +++ b/azure-waf/design/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Design your application architecture to use availability zones within a region. Availability zones can be used to optimize application availability within a region by providing datacenter-level fault tolerance. However, the application architecture must not share dependencies between zones to use them effectively. Consider if component proximity is required for application performance reasons. If all or part of the application is highly sensitive to latency, components might need to be co-located which can limit the applicability of multi-region and multi-zone strategies. - potentialBenefits Enhanced app availability & fault tolerance + potentialBenefits: Enhanced app availability & fault tolerance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | If your application is deployed to a single region, and the region becomes unavailable, your application will also be unavailable. This might be unacceptable under the terms of your application's SLA. If so, consider deploying your application and its services across multiple regions. A multiregional deployment can use an active-active or active-passive configuration. An active-active configuration distributes requests across multiple active regions. An active-passive configuration keeps warm instances in the secondary region, but doesn't send traffic there unless the primary region fails. - potentialBenefits Enhances app availability & SLA compliance + potentialBenefits: Enhances app availability & SLA compliance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -47,7 +47,7 @@ recommendationMetadataState: Active longDescription: | Ensure that all fault-points and fault-modes are understood and operationalized. Failure mode analysis (FMA) is a process for building resiliency into a system, by identifying possible failure points in the system. The FMA should be part of the architecture and design phases, so that you can build failure recovery into the system from the beginning. Identify all fault-points and fault-modes. Fault-points describe the elements within an application architecture which can fail, while fault-modes capture the various ways by which a fault-point may fail. To ensure an application is resilient to end-to-end failures, it is essential that all fault-points and fault-modes are understood and operationalized. - potentialBenefits Enhanced system resiliency + potentialBenefits: Enhanced system resiliency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -66,7 +66,7 @@ recommendationMetadataState: Active longDescription: | PaaS provides a framework for developing and running apps. As with IaaS, the PaaS provider hosts and maintains the platform's servers, networks, storage, and other computing resources. But PaaS also includes tools, services, and systems that support the web application lifecycle. Developers use the platform to build apps without having to manage backups, security solutions, upgrades, and other administrative tasks. - potentialBenefits Saves time, enhances security, simplifies app lifecycle + potentialBenefits: Saves time, enhances security, simplifies app lifecycle pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -85,7 +85,7 @@ recommendationMetadataState: Active longDescription: | Azure provides elastic scalability and you should design to scale out. However, applications must leverage a scale-unit approach to navigate service and subscription limits to ensure that individual components and the application as a whole can scale horizontally. Don't forget about scale in, which is important to reduce cost. For example, scale in and out for App Service is done via rules. Often customers write scale out rules and never write scale in rules, which leaves the App Service more expensive. - potentialBenefits Enhances scalability & cost efficiency + potentialBenefits: Enhances scalability & cost efficiency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -104,7 +104,7 @@ recommendationMetadataState: Active longDescription: | From a workload perspective, a landing zone refers to a prepared platform into which the application gets deployed. A landing zone implementation can have compute, data sources, access controls, and networking components already provisioned. With the required plumbing ready in place; the workload needs to plug into it. When considering the overall security, a landing zone offers centralized security capabilities that adds a threat mitigation layer for the workload. Implementations can vary but here are some common strategies that enhance the security posture. - Isolation through segmentation. You can isolate assets at several layers from Azure enrollment down to a subscription that has the resources for the workload. - Consistent adoption of organizational policies, enforce creation and deletion of services and their configuration through Azure Policy. - Configurations that align with principles of Zero Trust . For instance an implementation might have network connectivity to on-premises data centers. - potentialBenefits Enhances security & speeds deployment + potentialBenefits: Enhances security & speeds deployment pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -123,7 +123,7 @@ recommendationMetadataState: Active longDescription: | Disaster recovery is the process of restoring application functionality after a catastrophic loss. In cloud environments, we acknowledge up front that failures happen. Instead of trying to prevent failures altogether, the goal is to minimize the effects of a single failing component. Testing is one way to minimize these effects. You should automate testing of your applications where possible, but you also need to be prepared for when they fail. When a failure happens, having backup and recovery strategies becomes important. Your tolerance for reduced functionality during a disaster is a business decision that varies from one application to the next. It might be acceptable for some applications to be temporarily unavailable, or partially available with reduced functionality or delayed processing. For other applications, any reduced functionality is unacceptable. Key points: - Create and test a disaster recovery plan regularly using key failure scenarios. - Design a disaster recovery strategy to run most applications with reduced functionality. - Design a backup strategy that's tailored for the business requirements and circumstances of the application. - Automate failover and failback steps and processes. - Test and validate the failover and failback approach successfully at least once. - potentialBenefits Minimizes disaster impact, ensures operational continuity + potentialBenefits: Minimizes disaster impact, ensures operational continuity pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -142,7 +142,7 @@ recommendationMetadataState: Active longDescription: | Provide security assurance through identity management: the process of authenticating and authorizing security principals. Use identity management services to authenticate and grant permission to users, partners, customers, applications, services, and other entities. Identity management is typically a centralized function not controlled by the workload team as a part of the workload's architecture. - Define clear lines of responsibility and separation of duties for each function. Restrict access based on a need-to-know basis and least privilege security principles. - Assign permissions to users, groups, and applications at a certain scope through Azure RBAC. Use built-in roles when possible. - Prevent deletion or modification of a resource, resource group, or subscription through management locks. - Use managed identities to access resources in Azure. - potentialBenefits Enhanced access control & security + potentialBenefits: Enhanced access control & security pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -161,7 +161,7 @@ recommendationMetadataState: Active longDescription: | Security is one of the most important aspects of any architecture. It provides the following assurances against deliberate attacks and abuse of your valuable data and systems: Confidentiality ,Integrity, and Availability. The security of complex systems depends on understanding the business context, social context, and technical context. As you design your system, cover these areas: - Ensure that the identity provider (AAD/ADFS/AD/Other) is highly available and aligns with application availability and recovery targets. - All external application endpoints are secured. - Communication to Azure PaaS services secured using Virtual Network Service Endpoints or Private Link. - Keys and secrets are backed-up to geo-redundant storage, and are still available in a failover case. - Ensure that the process for key rotation is automated and tested. - Emergency access break glass accounts have been tested and secured for recovering from Identity provider failure scenarios. - potentialBenefits Minimizes downtime & data loss + potentialBenefits: Minimizes downtime & data loss pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-waf/monitor/recommendations.yaml b/azure-waf/monitor/recommendations.yaml index d155be79e..4b11553dd 100644 --- a/azure-waf/monitor/recommendations.yaml +++ b/azure-waf/monitor/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Monitoring and diagnostics are crucial for availability and resiliency. If something fails, you need to know that it failed, when it failed, and why. Monitoring isn't the same as failure detection. For example, your application might detect a transient error and retry, avoiding downtime. It should also log the retry operation so that you can monitor the error rate to get an overall picture of application health. Key points: - Define alerts that are actionable and effectively prioritized. - Create alerts that poll for services nearing their limits and quotas. - Use application instrumentation to detect and resolve performance anomalies. - Track the progress of long-running processes. - Troubleshoot issues to gain an overall view of application health. - Document how to analyze, diagnose, and respond to signals being monitored - potentialBenefits Enhanced availability and issue tracking + potentialBenefits: Enhanced availability and issue tracking pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | The health model should be able to surface the health of critical system flows or key subsystems to ensure that appropriate operational prioritization is applied. For example, the health model should be able to represent the current state of the user sign-in transaction flow. The health model shouldn't treat all failures the same. The health model should distinguish between transient and non transient faults. It should clearly distinguish between expected-transient but recoverable failures and a true disaster state. Key points: - Know how to tell if an application is healthy or unhealthy. - Understand the effects of logs in diagnostic data. - Ensure the consistent use of diagnostic settings across the application. - Use critical system flows in your health model. - potentialBenefits Enhanced system health insights + potentialBenefits: Enhanced system health insights pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -45,7 +45,7 @@ recommendationMetadataState: Active longDescription: | In this stage, telemetry data is presented so that an operator can quickly notice problems or trends. Examples include Workbook, Dashboards or email alerts. With Azure Workbooks and/or dashboards, you can build a single pane of glass view of monitoring graphs originating from Application Insights, Log Analytics, Azure Monitor metrics and service health. With Azure Monitor alerts, you can create alerts on service health and resource health. - potentialBenefits Quick issue detection & response + potentialBenefits: Quick issue detection & response pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -64,7 +64,7 @@ recommendationMetadataState: Active longDescription: | Azure offers a suite of experiences to keep you informed about the health of your cloud resources. The Service Health portal tracks four types of health events that may impact your resources: - Service issues - Problems in the Azure services that affect you right now (Outages) - Planned maintenance - Upcoming maintenance that can affect the availability of your services in the future. - Health advisories - Changes in Azure services that require your attention. Examples include deprecation of Azure features or upgrade requirements (e.g upgrade to a supported PHP framework). - Security advisories - Security related notifications or violations that may affect the availability of your Azure services. - potentialBenefits Quick issue alerts to key personnel + potentialBenefits: Quick issue alerts to key personnel pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -83,7 +83,7 @@ recommendationMetadataState: Active longDescription: | Utilize Azure's built-in Resilience policies to audit and enforce resilient configurations of Azure services. Azure Policy helps to enforce organizational standards and to assess compliance at-scale. - potentialBenefits Ensures compliance & upscale resilience + potentialBenefits: Ensures compliance & upscale resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-waf/respond/recommendations.yaml b/azure-waf/respond/recommendations.yaml index eb7ab07a9..f39cde135 100644 --- a/azure-waf/respond/recommendations.yaml +++ b/azure-waf/respond/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Prevention of all problems is a laudable, but impossible goal. Things will go wrong, so we need a plan to limit the impact on our end users and return operations to normal as quickly as possible. The key is to respond with urgency, rather than react. A reaction tends to be more impulsive and based in the present moment, without consideration of long-term effects. A response is well-thought-out, organized, and information based. Your incident response approach determines your effectiveness at: Understanding what�s going on (diagnosing the problem) Triaging (determining the urgency) and prioritizing the problem Engaging the right resources to mitigate the issue(s), and Communicating with stakeholders about the problem After the problem has been remediated, you can then learn from the incident through a post-incident review process. That's an important subject which has a whole separate module worth of discussion. - potentialBenefits Quicker recovery, less impact + potentialBenefits: Quicker recovery, less impact pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-waf/test/recommendations.yaml b/azure-waf/test/recommendations.yaml index 05fc5d0cf..351e14f9f 100644 --- a/azure-waf/test/recommendations.yaml +++ b/azure-waf/test/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Applications should be tested to ensure availability and resiliency. Availability describes the amount of time that an application runs in a healthy state without significant downtime. Resiliency describes how quickly an application recovers from failure. Being able to measure availability and resiliency can answer questions like: How much downtime is acceptable? How much does potential downtime cost your business? What are your availability requirements? How much do you invest in making your application highly available? What is the risk versus the cost? Testing plays a critical role in making sure your applications can meet these requirements. Key points: - Test regularly to validate existing thresholds, targets, and assumptions. - Automate testing as much as possible. - Perform testing on both key Test environments and the production environment. - Verify how the end-to-end workload performs under intermittent failure conditions. - Test the application against critical functional and nonfunctional requirements for performance. - Conduct load testing with expected peak volumes to Test scalability and performance under load. - Perform chaos testing by injecting faults. - potentialBenefits Improves uptime & speeds recovery + potentialBenefits: Improves uptime & speeds recovery pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | In a distributed system, ensuring that your application can recover from errors is critical. You can test your applications to prevent errors and failure, but you need to prepare for a wide range of issues. Testing doesn't always catch everything, so you should understand how to handle errors and prevent potential failure. Many things in a distributed system, such as underlying cloud infrastructure and third-party runtime dependencies, are outside your span of control and your means to test. You can be sure something will fail eventually, so you need to be prepared. Key points: - Implement retry logic to handle transient application failures and transient failures with internal or external dependencies. - Uncover issues or failures in your application's retry logic. - Configure request timeouts to manage intercomponent calls. - Configure and test health probes for your load balancers and traffic managers. - Segregate read operations from update operations across application data stores. - potentialBenefits Enhances recovery & error management + potentialBenefits: Enhances recovery & error management pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -45,7 +45,7 @@ recommendationMetadataState: Active longDescription: | Disaster recovery is the process of restoring application functionality after a catastrophic loss. In cloud environments, we acknowledge up front that failures happen. Instead of trying to prevent failures altogether, the goal is to minimize the effects of a single failing component. Testing is one way to minimize these effects. You should automate testing of your applications where possible, but you also need to be prepared for when they fail. When a failure happens, having backup and recovery strategies becomes important. Your tolerance for reduced functionality during a disaster is a business decision that varies from one application to the next. It might be acceptable for some applications to be temporarily unavailable, or partially available with reduced functionality or delayed processing. For other applications, any reduced functionality is unacceptable. Key points - Create and test a disaster recovery plan regularly using key failure scenarios. - Design a disaster recovery strategy to run most applications with reduced functionality. - Design a backup strategy that's tailored for the business requirements and circumstances of the application. - Automate failover and failback steps and processes. - Test and validate the failover and failback approach successfully at least once. - potentialBenefits Enhances recovery speed and reliability + potentialBenefits: Enhances recovery speed and reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -64,7 +64,7 @@ recommendationMetadataState: Active longDescription: | Ideally, you should apply chaos principles continuously. There's constant change in the environments in which software and hardware run, so monitoring the changes is key. By constantly applying stress or faults on components, you can help expose issues early, before small problems are compounded by many other factors. Apply chaos engineering principles when you: - Deploy new code. - Add dependencies. - Observe changes in usage patterns. - Mitigate problems. - potentialBenefits Early issue detection, prevents compounding + potentialBenefits: Early issue detection, prevents compounding pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -83,7 +83,7 @@ recommendationMetadataState: Active longDescription: | High availability is a fundamental part of the SQL Database platform that works transparently for your database application. However, we recognize that you may want to test how the automatic failover operations initiated during planned or unplanned events would impact an application before you deploy it to production. You can manually trigger a failover by calling a special API to restart a database, or an elastic pool. In the case of a zone-redundant serverless or provisioned General Purpose database or elastic pool, the API call would result in redirecting client connections to the new primary in an Availability Zone different from the Availability Zone of the old primary. So in addition to testing how failover impacts existing database sessions, you can also verify if it changes the end-to-end performance due to changes in network latency. Because the restart operation is intrusive and a large number of them could stress the platform, only one failover call is allowed every 15 minutes for each database or elastic pool. - potentialBenefits Enhances fault resilience testing + potentialBenefits: Enhances fault resilience testing pgVerified: Verified publishedToLearn: false publishedToAdvisor: false From f1432488b5126645862afddc26370c3e5bcbee13 Mon Sep 17 00:00:00 2001 From: "Rodrigo Reis Santos (AZURE)" Date: Wed, 10 Apr 2024 11:02:06 -0400 Subject: [PATCH 04/11] updates - Replacing "&" with "And" in Potential Benefits --- .../AVS/privateClouds/recommendations.yaml | 9 ++- .../service/recommendations.yaml | 3 +- .../Batch/batchAccounts/recommendations.yaml | 3 +- .../Cache/Redis/recommendations.yaml | 3 +- .../Cdn/profiles/recommendations.yaml | 11 ++-- .../Compute/galleries/recommendations.yaml | 3 +- .../recommendations.yaml | 9 ++- .../virtualMachines/recommendations.yaml | 16 +++--- .../registries/recommendations.yaml | 13 ++--- .../managedClusters/recommendations.yaml | 11 ++-- .../flexibleServers/recommendations.yaml | 3 +- .../flexibleServers/recommendations.yaml | 3 +- .../workspaces/recommendations.yaml | 31 +++++------ .../hostPools/recommendations.yaml | 34 ++++++------ .../Devices/IotHubs/recommendations.yaml | 3 +- .../databaseAccounts/recommendations.yaml | 7 +-- .../activityLogAlerts/recommendations.yaml | 3 +- .../KeyVault/vaults/recommendations.yaml | 3 +- .../netAppAccounts/recommendations.yaml | 13 ++--- .../recommendations.yaml | 3 +- .../applicationGateways/recommendations.yaml | 9 ++- .../azureFirewalls/recommendations.yaml | 3 +- .../Network/connections/recommendations.yaml | 3 +- .../ddosProtectionPlans/recommendations.yaml | 3 +- .../expressRouteCircuits/recommendations.yaml | 9 ++- .../loadBalancers/recommendations.yaml | 7 +-- .../recommendations.yaml | 7 +-- .../networkWatchers/recommendations.yaml | 3 +- .../privateDnsZones/recommendations.yaml | 3 +- .../Network/routeTables/recommendations.yaml | 3 +- .../recommendations.yaml | 8 +-- .../virtualNetworks/recommendations.yaml | 5 +- .../recommendations.yaml | 3 +- .../workspaces/recommendations.yaml | 3 +- .../SignalR/recommendations.yaml | 3 +- .../Sql/servers/recommendations.yaml | 9 ++- .../storageAccounts/recommendations.yaml | 7 +-- .../Web/serverFarms/recommendations.yaml | 4 +- .../Web/sites/recommendations.yaml | 6 +- .../avd/recommendations.yaml | 32 +++++------ .../avs/recommendations.yaml | 6 +- .../hpc/recommendations-hpc.yaml | 24 ++++---- .../hpc/recommendations.yaml | 55 +++++++++---------- .../recommendations.yaml | 8 +-- .../sap/recommendations-sap.yaml | 6 +- .../sap/recommendations.yaml | 6 +- azure-waf/define/recommendations.yaml | 5 +- azure-waf/design/recommendations.yaml | 12 ++-- azure-waf/monitor/recommendations.yaml | 5 +- azure-waf/test/recommendations.yaml | 5 +- 50 files changed, 204 insertions(+), 242 deletions(-) diff --git a/azure-resources/AVS/privateClouds/recommendations.yaml b/azure-resources/AVS/privateClouds/recommendations.yaml index 86224d7f5..d8a89bc79 100644 --- a/azure-resources/AVS/privateClouds/recommendations.yaml +++ b/azure-resources/AVS/privateClouds/recommendations.yaml @@ -125,7 +125,7 @@ recommendationMetadataState: Active longDescription: | Do not extend the network used by the HCX Management devices to ensure the network's security and stability. - potentialBenefits: Enhanced network safety & performance + potentialBenefits: Enhanced network safety and performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -243,7 +243,7 @@ recommendationMetadataState: Active longDescription: | Ensure sufficient memory resources to prevent host resource exhaustion in Azure VMware Solution. It uses vSphere DRS and vSphere HA for dynamic workload management. Yet, continuous memory use over 95% leads to disk swapping, affecting workloads. - potentialBenefits: Avoids host exhaustion & swapping + potentialBenefits: Avoids host exhaustion and swapping pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -323,7 +323,7 @@ recommendationMetadataState: Active longDescription: | Azure VMware Solution vSAN stretched clusters cover 2 Availability Zones plus a third for witness. Use ExpressRoute for added resilience by deploying two circuits in different locations. With Global Reach, create a mesh topology by connecting on-premises circuits to Azure's managed circuits. - potentialBenefits: Enhanced resilience & connectivity + potentialBenefits: Enhanced resilience and connectivity pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -361,7 +361,7 @@ recommendationMetadataState: Active longDescription: | Azure VMware Solution private clouds support up to three DNS servers for a single FQDN, preventing a single DNS server from becoming a point of failure. It's crucial to use multiple DNS servers for on-premises FQDN resolution from each private cloud. - potentialBenefits: Enhances reliability & avoids failure + potentialBenefits: Enhances reliability and avoids failure pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -370,4 +370,3 @@ learnMoreLink: - name: Configure DNS forwarder url: "https://learn.microsoft.com/en-us/azure/azure-vmware/configure-dns-azure-vmware-solution#configure-dns-forwarder" - diff --git a/azure-resources/ApiManagement/service/recommendations.yaml b/azure-resources/ApiManagement/service/recommendations.yaml index 93bc1f457..95ae9d0f0 100644 --- a/azure-resources/ApiManagement/service/recommendations.yaml +++ b/azure-resources/ApiManagement/service/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Upgrading the API Management instance to the Premium SKU adds support for Availability Zones, enhancing availability and resilience by distributing services across physically separate locations within Azure regions. - potentialBenefits: Enhanced availability & resilience + potentialBenefits: Enhanced availability and resilience pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -60,4 +60,3 @@ url: "https://learn.microsoft.com/en-us/azure/api-management/breaking-changes/stv1-platform-retirement-august-2024" - name: Azure API Management compute platform url: "https://learn.microsoft.com/en-us/azure/api-management/compute-infrastructure" - diff --git a/azure-resources/Batch/batchAccounts/recommendations.yaml b/azure-resources/Batch/batchAccounts/recommendations.yaml index fe3e0d9cf..7cbebe658 100644 --- a/azure-resources/Batch/batchAccounts/recommendations.yaml +++ b/azure-resources/Batch/batchAccounts/recommendations.yaml @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | When using Virtual Machine Configuration for Azure Batch pools, opting to distribute your pool across Availability Zones bolsters your compute nodes against Azure datacenter failures. - potentialBenefits: Enhanced reliability & failure protection + potentialBenefits: Enhanced reliability and failure protection pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -35,4 +35,3 @@ learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/azure/batch/create-pool-availability-zones" - diff --git a/azure-resources/Cache/Redis/recommendations.yaml b/azure-resources/Cache/Redis/recommendations.yaml index adf56a42e..c4012889d 100644 --- a/azure-resources/Cache/Redis/recommendations.yaml +++ b/azure-resources/Cache/Redis/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Azure Cache for Redis offers zone redundancy in Premium and Enterprise tiers, using VMs across multiple Availability Zones to ensure greater resilience and availability. - potentialBenefits: Higher resilience & availability + potentialBenefits: Higher resilience and availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -16,4 +16,3 @@ learnMoreLink: - name: Enable zone redundancy for Azure Cache for Redis url: "https://learn.microsoft.com/azure/azure-cache-for-redis/cache-how-to-zone-redundancy" - diff --git a/azure-resources/Cdn/profiles/recommendations.yaml b/azure-resources/Cdn/profiles/recommendations.yaml index 5816e6006..67a54d689 100644 --- a/azure-resources/Cdn/profiles/recommendations.yaml +++ b/azure-resources/Cdn/profiles/recommendations.yaml @@ -32,7 +32,7 @@ recommendationMetadataState: Active longDescription: | Front Door's features perform optimally when traffic exclusively comes through Front Door. It's advised to set up your origin to deny access to traffic that bypasses Front Door. - potentialBenefits: Enhances security & performance + potentialBenefits: Enhances security and performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -51,7 +51,7 @@ recommendationMetadataState: Active longDescription: | When working with Azure Front Door through APIs, ARM templates, Bicep, or SDKs, using the latest API or SDK version is crucial. Updates bring new functions, important security patches, and bug fixes. - potentialBenefits: Enhanced security & features + potentialBenefits: Enhanced security and features pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -154,7 +154,7 @@ recommendationMetadataState: Active longDescription: | If you use your own TLS certificates, set the Key Vault certificate version to 'Latest' to avoid reconfiguring Azure Front Door for new certificate versions and waiting for deployment across Front Door's environments. - potentialBenefits: Saves time & automates TLS updates + potentialBenefits: Saves time and automates TLS updates pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -230,7 +230,7 @@ recommendationMetadataState: Active longDescription: | Consider selecting a webpage or location specifically designed for health monitoring as the endpoint for Azure Front Door's health probes. This should encompass the status of critical components like application servers, databases, and caches to serve production traffic efficiently. - potentialBenefits: Improves traffic routing & uptime + potentialBenefits: Improves traffic routing and uptime pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -287,7 +287,7 @@ recommendationMetadataState: Active longDescription: | Azure Private Link enables secure access to Azure PaaS and services over a private endpoint in your virtual network, ensuring traffic goes over the Microsoft backbone network, not the public internet. - potentialBenefits: Enhanced security & private connectivity + potentialBenefits: Enhanced security and private connectivity pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -296,4 +296,3 @@ learnMoreLink: - name: Private link for Azure Front Door url: "https://learn.microsoft.com/azure/frontdoor/private-link" - diff --git a/azure-resources/Compute/galleries/recommendations.yaml b/azure-resources/Compute/galleries/recommendations.yaml index 6e1dafa45..e24a91605 100644 --- a/azure-resources/Compute/galleries/recommendations.yaml +++ b/azure-resources/Compute/galleries/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Keeping a minimum of 3 replicas for production images in Azure's Compute Gallery ensures scalability and prevents throttling in multi-VM deployments by distributing VM deployments across different replicas. This reduces the risk of overloading a single replica. - potentialBenefits: Enhances scalability & avoids throttling + potentialBenefits: Enhances scalability and avoids throttling pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -60,4 +60,3 @@ url: "https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/should-i-create-a-generation-1-or-2-virtual-machine-in-hyper-v" - name: Images in Compute gallery url: "https://learn.microsoft.com/en-us/azure/virtual-machines/shared-image-galleries?tabs=azure-cli" - diff --git a/azure-resources/Compute/virtualMachineScaleSets/recommendations.yaml b/azure-resources/Compute/virtualMachineScaleSets/recommendations.yaml index c6922b831..3d116e719 100644 --- a/azure-resources/Compute/virtualMachineScaleSets/recommendations.yaml +++ b/azure-resources/Compute/virtualMachineScaleSets/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Deploying even single instance VMs into a scale set with Flexible orchestration mode future-proofs applications for scaling and availability. This mode guarantees high availability (up to 1000 VMs) by distributing VMs across fault domains in a region or within an Availability Zone. - potentialBenefits: Higher scalability & availability + potentialBenefits: Higher scalability and availability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -28,7 +28,7 @@ recommendationMetadataState: Active longDescription: | Monitoring application health in Azure Virtual Machine Scale Sets is crucial for deployment management. It supports rolling upgrades such as automatic OS-image upgrades and VM guest patching, leveraging health monitoring for upgrading. - potentialBenefits: Enhances deployment management & upgrades + potentialBenefits: Enhances deployment management and upgrades pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -66,7 +66,7 @@ recommendationMetadataState: Active longDescription: | Use custom autoscale for VMSS based on metrics and schedules to improve performance and cost effectiveness, adjusting instances as demand changes. - potentialBenefits: Enhances performance & cost-efficiency + potentialBenefits: Enhances performance and cost-efficiency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -205,7 +205,7 @@ recommendationMetadataState: Active longDescription: | Using SSD disks for Production workloads is advised as HDDs could negatively impact resources, being suitable only for non-critical resources or those needing infrequent access. - potentialBenefits: Faster access & reliability for VMSS + potentialBenefits: Faster access and reliability for VMSS pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -214,4 +214,3 @@ learnMoreLink: - name: Disk Comparison url: "https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison" - diff --git a/azure-resources/Compute/virtualMachines/recommendations.yaml b/azure-resources/Compute/virtualMachines/recommendations.yaml index b508b3d55..caeee42d0 100644 --- a/azure-resources/Compute/virtualMachines/recommendations.yaml +++ b/azure-resources/Compute/virtualMachines/recommendations.yaml @@ -47,7 +47,7 @@ recommendationMetadataState: Active longDescription: | Availability sets will soon be retired. Migrate workloads from VMs to VMSS Flex for deployment across zones or within the same zone across different fault domains (FDs) and update domains (UD) for better reliability. - potentialBenefits: Enhances reliability & future-proofs VMs + potentialBenefits: Enhances reliability and future-proofs VMs pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -150,7 +150,7 @@ recommendationMetadataState: Active longDescription: | Premium SSD disks support I/O-intensive apps with high performance, low latency, ideal for production. Standard SSDs offer cost-effective solutions for less critical workloads with consistent performance. - potentialBenefits: High-performance & reliability for critical apps + potentialBenefits: High-performance and reliability for critical apps pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -188,7 +188,7 @@ recommendationMetadataState: Active longDescription: | Accelerated networking enables SR-IOV to a VM, greatly improving its networking performance by bypassing the host from the data path, which reduces latency, jitter, and CPU utilization for demanding network workloads on supported VM types. - potentialBenefits: Reduces latency, jitter & CPU use + potentialBenefits: Reduces latency, jitter and CPU use pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -323,7 +323,7 @@ recommendationMetadataState: Active longDescription: | Recommended changing to "Disable public access and enable private access" and creating a Private Endpoint to improve security by restricting direct public access and ensuring connections are made privately, enhancing data protection and minimizing potential external threats. - potentialBenefits: Enhances VM security & privacy + potentialBenefits: Enhances VM security and privacy pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -342,7 +342,7 @@ recommendationMetadataState: Active longDescription: | Keeping your virtual machine (VM) secure is crucial for the applications you run. This involves using various Azure services and features to ensure secure access to your VMs and the secure storage of your data, aiming for overall security of your VM and applications. - potentialBenefits: Secure VMs & applications + potentialBenefits: Secure VMs and applications pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -382,7 +382,7 @@ recommendationMetadataState: Active longDescription: | VM Insights monitors VM and scale set performance, health, running processes, and dependencies. It enhances the predictability of application performance and availability by pinpointing performance bottlenecks and network issues, and it clarifies if problems are related to other dependencies. - potentialBenefits: Improves VM performance & health + potentialBenefits: Improves VM performance and health pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -403,7 +403,7 @@ recommendationMetadataState: Active longDescription: | Azure Monitor Metrics automatically receives platform metrics, but platform logs, which offer detailed diagnostics and auditing for resources and their Azure platform, need to be manually routed for collection. - potentialBenefits: Enhanced diagnostics & auditing capability + potentialBenefits: Enhanced diagnostics and auditing capability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -460,7 +460,7 @@ recommendationMetadataState: Active longDescription: | Azure Premium SSDs provide high-performance, low-latency for IO-intensive VM workloads. Premium SSD v2 offers better performance at a lower cost, with adjustable capacity, throughput, IOPS, ideal for shifting needs, but not as OS Disks. - potentialBenefits: Enhanced performance & cost efficiency + potentialBenefits: Enhanced performance and cost efficiency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/ContainerRegistry/registries/recommendations.yaml b/azure-resources/ContainerRegistry/registries/recommendations.yaml index 478a3390b..339b0d336 100644 --- a/azure-resources/ContainerRegistry/registries/recommendations.yaml +++ b/azure-resources/ContainerRegistry/registries/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Choose a service tier of Azure Container Registry to meet your performance needs. Premium offers the most bandwidth and highest rate of read and write operations for high-volume deployments. Use Basic to start, Standard for production, and Premium for hyper-scale performance and geo-replication. - potentialBenefits: High-volume support & geo-replication + potentialBenefits: High-volume support and geo-replication pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | Azure Container Registry's optional zone redundancy enhances resiliency and high availability for registries or replication resources in a specific region by distributing resources across multiple zones. - potentialBenefits: Enhances resiliency & high availability + potentialBenefits: Enhances resiliency and high availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -66,7 +66,7 @@ recommendationMetadataState: Active longDescription: | Using repository namespaces allows a single registry to be shared across multiple groups and deployments within an organization, supporting nested namespaces for group isolation. However, repositories are managed independently, not hierarchically. - potentialBenefits: Enables sharing & group isolation + potentialBenefits: Enables sharing and group isolation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -103,7 +103,7 @@ recommendationResourceType: Microsoft.ContainerRegistry/registries recommendationMetadataState: Active longDescription: | - The storage constraints of Azure Container Registry's service tiers align with usage scenarios: Basic for starters, Standard for production, and Premium for high-scale performance & geo-replication. + The storage constraints of Azure Container Registry's service tiers align with usage scenarios: Basic for starters, Standard for production, and Premium for high-scale performance and geo-replication. potentialBenefits: Reduce costs, optimize storage pgVerified: Preview publishedToLearn: false @@ -125,7 +125,7 @@ recommendationMetadataState: Active longDescription: | By default, Azure container registry requires authentication for pull/push actions. Enabling anonymous pull access exposes all content for public read actions. This applies to all repositories, potentially allowing unrestricted access if repository-scoped tokens are used. - potentialBenefits: Enhanced security & controlled access + potentialBenefits: Enhanced security and controlled access pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -165,7 +165,7 @@ recommendationMetadataState: Active longDescription: | Monitoring Azure resources using Azure Monitor enhances their availability, performance, and operation. Azure Container Registry, a full-stack monitoring service, provides features for Azure and other cloud and on-premises resources. - potentialBenefits: Enhanced monitoring & operation + potentialBenefits: Enhanced monitoring and operation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -195,4 +195,3 @@ learnMoreLink: - name: Enable soft delete policy url: "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-soft-delete-policy" - diff --git a/azure-resources/ContainerService/managedClusters/recommendations.yaml b/azure-resources/ContainerService/managedClusters/recommendations.yaml index 67aa0aba2..b98226e97 100644 --- a/azure-resources/ContainerService/managedClusters/recommendations.yaml +++ b/azure-resources/ContainerService/managedClusters/recommendations.yaml @@ -47,7 +47,7 @@ recommendationMetadataState: Active longDescription: | Local Kubernetes accounts in AKS, being non-auditable and legacy, are discouraged. Microsoft Entra's integration offers centralized management, multi-factor authentication, RBAC for detailed access, and a secure, scalable authentication system compatible with Azure and external identity providers. - potentialBenefits: Enhanced security & access control + potentialBenefits: Enhanced security and access control pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -91,7 +91,7 @@ recommendationMetadataState: Active longDescription: | The cluster auto-scaler in AKS adjusts node counts based on pod resource needs and available capacity, enabling scaling as per demand to prevent outages. - potentialBenefits: Optimizes scaling & prevents outages + potentialBenefits: Optimizes scaling and prevents outages pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -248,7 +248,7 @@ recommendationMetadataState: Active longDescription: | Production AKS clusters require the Standard tier for a financially backed SLA and enhanced node scalability, as the free service lacks these features. - potentialBenefits: SLA guarantee & better scalability + potentialBenefits: SLA guarantee and better scalability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -288,7 +288,7 @@ recommendationMetadataState: Active longDescription: | Ephemeral OS disks on AKS offer lower read/write latency due to local attachment, eliminating the need for replication seen with managed disks. This enhances performance and speeds up cluster operations such as scaling or upgrading due to quicker re-imaging and boot times. - potentialBenefits: Lower latency, faster re-imaging & booting + potentialBenefits: Lower latency, faster re-imaging and booting pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -311,7 +311,7 @@ recommendationMetadataState: Active longDescription: | Azure Policies in AKS clusters help enforce governance best practices concerning security, authentication, provisioning, networking, and more, ensuring a robust and secure environment for operations. - potentialBenefits: Enhanced AKS governance & security + potentialBenefits: Enhanced AKS governance and security pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -501,4 +501,3 @@ learnMoreLink: - name: Resource quotas url: "https://learn.microsoft.com/azure/aks/operator-best-practices-scheduler#enforce-resource-quotas" - diff --git a/azure-resources/DBforMySQL/flexibleServers/recommendations.yaml b/azure-resources/DBforMySQL/flexibleServers/recommendations.yaml index c3c7e1955..02797c3f1 100644 --- a/azure-resources/DBforMySQL/flexibleServers/recommendations.yaml +++ b/azure-resources/DBforMySQL/flexibleServers/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Enable HA with zone redundancy on flexible server instances to deploy a standby replica in a different zone, offering automatic failover capability for improved reliability and disaster recovery. - potentialBenefits: Enhanced uptime & data protection + potentialBenefits: Enhanced uptime and data protection pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -35,4 +35,3 @@ learnMoreLink: - name: Scheduled maintenance in Azure Database for MySQL - Flexible Server url: "https://learn.microsoft.com/azure/mysql/flexible-server/concepts-maintenance" - diff --git a/azure-resources/DBforPostgreSQL/flexibleServers/recommendations.yaml b/azure-resources/DBforPostgreSQL/flexibleServers/recommendations.yaml index dd60bbdb2..3b98d117a 100644 --- a/azure-resources/DBforPostgreSQL/flexibleServers/recommendations.yaml +++ b/azure-resources/DBforPostgreSQL/flexibleServers/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Enable HA with zone redundancy on flexible server instances to deploy a standby replica in a different zone, offering automatic failover capability for improved reliability and disaster recovery. - potentialBenefits: Enhanced uptime & data protection + potentialBenefits: Enhanced uptime and data protection pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -35,4 +35,3 @@ learnMoreLink: - name: Scheduled maintenance in Azure Database for PostgreSQL - Flexible Server url: "https://learn.microsoft.com/azure/postgresql/flexible-server/concepts-maintenance" - diff --git a/azure-resources/Databricks/workspaces/recommendations.yaml b/azure-resources/Databricks/workspaces/recommendations.yaml index 11edfa88d..143a66f2b 100644 --- a/azure-resources/Databricks/workspaces/recommendations.yaml +++ b/azure-resources/Databricks/workspaces/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Databricks recommends migrating workloads to the latest or LTS version of its runtime for enhanced stability and support. If on Runtime 11.3 LTS or above, move directly to the latest 12.x version. If below, first migrate to 11.3 LTS, then to the latest 12.x version as per the migration guide. - potentialBenefits: Enhanced stability & support + potentialBenefits: Enhanced stability and support pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -64,7 +64,7 @@ recommendationMetadataState: Active longDescription: | Autoscaling adjusts cluster sizes automatically based on workload demands, offering benefits for many use cases in terms of costs and performance. It includes guidance on when and how to best utilize Autoscaling. For streaming, Delta Live Tables with autoscaling is advised. - potentialBenefits: Cost & performance optimization + potentialBenefits: Cost and performance optimization pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -83,7 +83,7 @@ recommendationMetadataState: Active longDescription: | The scaling parameter of a SQL warehouse defines the min and max number of clusters for distributing queries. By default, it's set to one. Increasing the cluster count can accommodate more concurrent users effectively. - potentialBenefits: Improves concurrency & efficiency + potentialBenefits: Improves concurrency and efficiency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -102,7 +102,7 @@ recommendationMetadataState: Active longDescription: | Databricks enhanced autoscaling optimizes cluster utilization by automatically allocating cluster resources based on workload volume, with minimal impact on the data processing latency of your pipelines. - potentialBenefits: Optimized resource use & minimal latency + potentialBenefits: Optimized resource use and minimal latency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -142,7 +142,7 @@ recommendationMetadataState: Active longDescription: | When creating a Databricks cluster, you can set a log delivery location for the Spark driver, worker nodes, and events. Logs are delivered every 5 mins and archived hourly. Upon cluster termination, all generated logs until that point are guaranteed to be delivered. - potentialBenefits: Improved troubleshooting & audit + potentialBenefits: Improved troubleshooting and audit pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -161,7 +161,7 @@ recommendationMetadataState: Active longDescription: | Delta Lake is an open source storage format enhancing data lakes' reliability with ACID transactions, schema enforcement, and scalable metadata handling. - potentialBenefits: Enhances data reliability & processing + potentialBenefits: Enhances data reliability and processing pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -180,7 +180,7 @@ recommendationMetadataState: Active longDescription: | Apache Spark in Databricks Lakehouse ensures resilient distributed data processing by automatically rescheduling failed tasks, aiding in overcoming external issues like network problems or revoked VMs. - potentialBenefits: Boosts speed & reliability for Spark tasks + potentialBenefits: Boosts speed and reliability for Spark tasks pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -218,7 +218,7 @@ recommendationMetadataState: Active longDescription: | Use Databricks and MLflow for deploying models as Spark UDFs for job scheduling, retries, autoscaling. Model serving offers scalable infrastructure, processes models using MLflow, and serves them via REST API using serverless compute managed in Databricks cloud. - potentialBenefits: Enhanced reliability & autoscaling + potentialBenefits: Enhanced reliability and autoscaling pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -237,7 +237,7 @@ recommendationMetadataState: Active longDescription: | Use Databricks and MLflow for deploying models as Apache Spark UDFs, benefiting from job scheduling, retries, autoscaling, etc. - potentialBenefits: Enhances scalability & reliability + potentialBenefits: Enhances scalability and reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -256,7 +256,7 @@ recommendationMetadataState: Active longDescription: | Curate data by creating a layered architecture to increase data quality across layers. Start with a raw layer for ingested source data, continue with a curated layer for cleansed and refined data, and finish with a final layer catered to business needs, focusing on security and performance. - potentialBenefits: Enhances data quality & trust + potentialBenefits: Enhances data quality and trust pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -294,7 +294,7 @@ recommendationMetadataState: Active longDescription: | Uncontrolled schema changes can lead to invalid data and failing jobs. Databricks validates and enforces schema through Delta Lake, which prevents bad records during ingestion, and Auto Loader, which detects new columns and supports schema evolution to maintain data integrity. - potentialBenefits: Prevents invalid data & job failures + potentialBenefits: Prevents invalid data and job failures pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -332,7 +332,7 @@ recommendationMetadataState: Active longDescription: | To recover from a failure, regular backups are needed. The Databricks Labs project migrate lets admins create backups by exporting workspace assets using the Databricks CLI/API. These backups help in restoring or migrating workspaces. - potentialBenefits: Ensures data recovery & migration + potentialBenefits: Ensures data recovery and migration pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -351,7 +351,7 @@ recommendationMetadataState: Active longDescription: | Structured Streaming ensures fault-tolerance and data consistency in streaming queries. With Azure Databricks workflows, you can set up your queries to automatically restart after failure, picking up precisely where they left off. - potentialBenefits: Fault-tolerance & auto-restart for queries + potentialBenefits: Fault-tolerance and auto-restart for queries pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -446,7 +446,7 @@ recommendationMetadataState: Active longDescription: | The Databricks Terraform provider is a flexible, powerful tool for managing Azure Databricks workspaces and cloud infrastructure. - potentialBenefits: Enhanced reliability & automation + potentialBenefits: Enhanced reliability and automation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -484,7 +484,7 @@ recommendationMetadataState: Active longDescription: | Deploying only one Databricks Workspace per VNet aligns with ADB's isolation model. - potentialBenefits: Enhanced security & resource isolation + potentialBenefits: Enhanced security and resource isolation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -575,4 +575,3 @@ url: "https://learn.microsoft.com/azure/databricks/compute/cluster-config-best-practices" - name: GPU-enabled compute url: "https://learn.microsoft.com/azure/databricks/compute/gpu" - diff --git a/azure-resources/DesktopVirtualization/hostPools/recommendations.yaml b/azure-resources/DesktopVirtualization/hostPools/recommendations.yaml index 3749b8646..f9058538c 100644 --- a/azure-resources/DesktopVirtualization/hostPools/recommendations.yaml +++ b/azure-resources/DesktopVirtualization/hostPools/recommendations.yaml @@ -9,7 +9,7 @@ At least one Validation Pool to have early warning if a planned update to AVD causes an issue. Also check that the host pool has been used regularly to test planned updates. Host pools are a collection of one or more identical virtual machines within Azure Virtual Desktop environment. We highly recommend you create a validation host pool where service updates are applied first. Validation host pools let you monitor service updates before the service applies them to your standard or non-validation environment. Without a validation host pool, you may not discover changes that introduce errors, which could result in downtime for users in your standard environment. To ensure your apps work with the latest updates, the validation host pool should be as similar to host pools in your non-validation environment as possible. Users should connect as frequently to the validation host pool as they do to the standard host pool. If you have automated testing on your host pool, you should include automated testing on the validation host pool. - potentialBenefits: Early issue detection & testing for AVD updates + potentialBenefits: Early issue detection and testing for AVD updates pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -91,7 +91,7 @@ To ensure your apps work with the latest updates, the validation host pool shoul recommendationMetadataState: Active longDescription: | AVD Insights is an Azure Workbook template provided by the AVD product team. It is highly recommended in order to monitor and troubleshoot AVD workloads across metrics, logs, events, and more. Both Production and DR workloads should be enabled with AVD Insights. - potentialBenefits: Enhanced AVD monitoring & troubleshooting + potentialBenefits: Enhanced AVD monitoring and troubleshooting pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -130,7 +130,7 @@ To ensure your apps work with the latest updates, the validation host pool shoul longDescription: | NSG and ASG per AVD persona and IP space per Prod/DR regions. It's important your organization plans for IP addressing in Azure. Planning ensures the IP address space doesn't overlap across on-premises locations and Azure regions. Overlapping IP address spaces across on-premises and Azure regions create major contention challenges. - potentialBenefits: Enhances security & prevents IP conflicts + potentialBenefits: Enhances security and prevents IP conflicts pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -149,7 +149,7 @@ It's important your organization plans for IP addressing in Azure. Planning ensu recommendationMetadataState: Active longDescription: | For high availability connections back to on-premises datacenters should consider backup paths across the regions that have been utilized. Ensure redundancy in routing by having a secondary route table in the secondary region. - potentialBenefits: Enhanced availability & routing + potentialBenefits: Enhanced availability and routing pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -170,7 +170,7 @@ It's important your organization plans for IP addressing in Azure. Planning ensu App Attach packages should be on a separate share from profiles. And App Attach files should be backed up. Best practice is to separate App Attach VHD files in a separate file share away from user profiles, both for performance and scalability purposes. Requirements can vary greatly depending on how many packaged applications are stored in an image, and you need to test your applications to understand your requirements. Your file share should be in the same Azure region as your session hosts. - potentialBenefits: Enhances performance & scalability + potentialBenefits: Enhances performance and scalability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -190,7 +190,7 @@ Your file share should be in the same Azure region as your session hosts. longDescription: | Turn on Continuous Availability if using Azure Netapp Files. Verify the number of users connecting to each file share to make sure the SMB path can handle the number of file connections. Currently, Azure Files supports up to 10k handles per root directory. - potentialBenefits: Enhanced stability & user limit checks + potentialBenefits: Enhanced stability and user limit checks pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -209,7 +209,7 @@ Verify the number of users connecting to each file share to make sure the SMB pa recommendationMetadataState: Active longDescription: | Ensure a process is in place to regularly check for FSLogix agent upgrades and maintain FSLogix up to date. We recommend customers upgrade to the latest version of FSLogix as quickly as their deployment process can allow. FSLogix will provide hotfix releases which address current and potential bugs that impact customer deployments. Additionally, it is the first requirement when opening any support case. - potentialBenefits: Enhanced reliability & support + potentialBenefits: Enhanced reliability and support pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -247,7 +247,7 @@ Verify the number of users connecting to each file share to make sure the SMB pa recommendationMetadataState: Active longDescription: | Verify user permissions are correctly set on SMB shares so that users have appropriate access to only their own profile and not other user profiles, while administrators have full access at the root volume. Also ensure secondary storage path permissions are set in case of a DR event. - potentialBenefits: Enhanced security & disaster recovery + potentialBenefits: Enhanced security and disaster recovery pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -286,7 +286,7 @@ Verify the number of users connecting to each file share to make sure the SMB pa longDescription: | Hybrid VMs should be in a unique OU. When using AD-joined session hosts will benefit from using a unique OU to target specific AVD configurations per hostpool. Examples include Fslogix, time out limits, session controls, and much more. It�s also important to segment Prod and DR organization units to ensure resources are configured per environment. - potentialBenefits: Improved AVD hostpool config & segmentation + potentialBenefits: Improved AVD hostpool config and segmentation pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -305,7 +305,7 @@ When using AD-joined session hosts will benefit from using a unique OU to target recommendationMetadataState: Active longDescription: | Leverage Azure Site Recovery (ASR) or implement Azure Backup for personal host pools for seamless failover and failback capabilities, enabling the replication of VMs supporting personal desktops to a secondary Azure region. In the event of a disaster or unexpected outage, this ensures the recovery of these VMs from a known-state. - potentialBenefits: Ensures VM recovery & failover + potentialBenefits: Ensures VM recovery and failover pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -385,7 +385,7 @@ This recommendation is not relevant when you are utilizing Microsoft Entra as th recommendationMetadataState: Active longDescription: | It is recommended to enable RDP Shortpath for AVD. RDP Shortpath is a feature of Azure Virtual Desktop that establishes a direct UDP-based transport between a supported Windows Remote Desktop client and session host. By default, Remote Desktop Protocol (RDP) tries to establish connection using UDP and uses a TCP-based reverse connect transport as a fallback connection mechanism. TCP-based reverse connect transport provides the best compatibility with various networking configurations and has a high success rate for establishing RDP connections. UDP-based transport offers better connection reliability and more consistent latency. - potentialBenefits: Better reliability & consistent latency + potentialBenefits: Better reliability and consistent latency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -404,7 +404,7 @@ This recommendation is not relevant when you are utilizing Microsoft Entra as th recommendationMetadataState: Active longDescription: | It is recommended to adopt a multi-region deployment (active-active) for AVD. Each region should contain at least identity, name resolution, AVD management resources, and session hosts in case of a primary region outage. - potentialBenefits: Enhanced resilience & uptime + potentialBenefits: Enhanced resilience and uptime pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -469,7 +469,7 @@ To handle a large number of users, consider scaling horizontally by creating mul recommendationMetadataState: Active longDescription: | Having separate Log Analytics ensures that your DR environment is fully operational for visibility of the metrics, performance, and other auditing tools your workload teams will rely on in the event of an incident. - potentialBenefits: Improved DR visibility & operation + potentialBenefits: Improved DR visibility and operation pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -495,7 +495,7 @@ LRS for least expensive replication (not recommended for apps with high availabi - GZRS provides both high availability and redundancy across geo replication. It provides sixteen 9s durability over a given year. Generally, it is recommended to store your data as secure and redundant as possible. - potentialBenefits: Improves data durability & availability + potentialBenefits: Improves data durability and availability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -533,7 +533,7 @@ Generally, it is recommended to store your data as secure and redundant as possi recommendationMetadataState: Active longDescription: | Ensure that AVD session hosts can effectively communicate with the AVD control plane and that UDP ports are open if UDP is utilized. Validate the connectivity of VMs to the AVD Control Plane and confirm the accessibility of UDP TURN ports. Whitelist global URLs and ensure that UDP/TURN ports are open and accessible to facilitate smooth user connections. Proper connectivity validation guarantees optimal performance and user experience within the AVD environment. - potentialBenefits: Enhanced performance & user experience + potentialBenefits: Enhanced performance and user experience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -592,7 +592,7 @@ For a hybrid scenario, each Azure region with AVD session hosts should have Acti recommendationMetadataState: Active longDescription: | Active Directory Domain Services (AD DS) integrated DNS/other should target Secondary/Tertiary customer DNS across multi-region zones. If using custom DNS, ensure there are redundant DNS servers to avoid a single point of failure. - potentialBenefits: Improves uptime & resilience + potentialBenefits: Improves uptime and resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -632,7 +632,7 @@ For a hybrid scenario, each Azure region with AVD session hosts should have Acti recommendationMetadataState: Active longDescription: | Follow AVD Landing Zone best practices using multiple resource groups based on resource type and associated shared resources for AVD workloads. - potentialBenefits: Enhanced organization & scalability + potentialBenefits: Enhanced organization and scalability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Devices/IotHubs/recommendations.yaml b/azure-resources/Devices/IotHubs/recommendations.yaml index aaa720a1d..b31f335eb 100644 --- a/azure-resources/Devices/IotHubs/recommendations.yaml +++ b/azure-resources/Devices/IotHubs/recommendations.yaml @@ -66,7 +66,7 @@ recommendationMetadataState: Active longDescription: | Device Provisioning Service (DPS) enables easy redistribution of IoT devices for scaling and availability, allowing devices to be reassigned and not bound to specific IoT Hub instances. Devices in IoT Hubs using DPS should be verified for DPS utilization. - potentialBenefits: Enhances scalability & availability + potentialBenefits: Enhances scalability and availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -117,4 +117,3 @@ learnMoreLink: - name: Use message routing - Fallback route url: "https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-messages-d2c#fallback-route" - diff --git a/azure-resources/DocumentDB/databaseAccounts/recommendations.yaml b/azure-resources/DocumentDB/databaseAccounts/recommendations.yaml index bfcf408f9..01d4c81f3 100644 --- a/azure-resources/DocumentDB/databaseAccounts/recommendations.yaml +++ b/azure-resources/DocumentDB/databaseAccounts/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Azure leverages a multi-tier isolation approach (rack, DC, zone, region) for Cosmos DB's default resilience with four replicas. - potentialBenefits: Enhances SLA & resilience + potentialBenefits: Enhances SLA and resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -68,7 +68,7 @@ recommendationMetadataState: Active longDescription: | In a globally distributed database, consistency level impacts data durability in region-wide outages. For business continuity, gauge data loss tolerance post-disruption. - potentialBenefits: Enhances data durability & recovery + potentialBenefits: Enhances data durability and recovery pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -125,7 +125,7 @@ recommendationMetadataState: Active longDescription: | Establishing and maintaining database connections is costly. Using a single instance of the SDK client for each account and application is crucial as connections are tied to the client. Compute environments have a limit on open connections, affecting connectivity when exceeded. - potentialBenefits: Reduces costs & prevents connectivity issues + potentialBenefits: Reduces costs and prevents connectivity issues pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -172,4 +172,3 @@ learnMoreLink: - name: Create alerts for Azure Cosmos DB using Azure Monitor | Microsoft Learn url: "https://learn.microsoft.com/en-us/azure/cosmos-db/create-alerts" - diff --git a/azure-resources/Insights/activityLogAlerts/recommendations.yaml b/azure-resources/Insights/activityLogAlerts/recommendations.yaml index 2f28cb753..3047068be 100644 --- a/azure-resources/Insights/activityLogAlerts/recommendations.yaml +++ b/azure-resources/Insights/activityLogAlerts/recommendations.yaml @@ -30,7 +30,7 @@ recommendationMetadataState: Active longDescription: | Service health gives a personalized health view of Azure services and regions used, offering the best place for notifications on outages, planned maintenance, and health advisories by knowing the services used. - potentialBenefits: Proactive outage & maintenance alerts + potentialBenefits: Proactive outage and maintenance alerts pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -41,4 +41,3 @@ url: "https://learn.microsoft.com/azure/service-health/overview" - name: Configure alerts for service health events url: "https://learn.microsoft.com/azure/service-health/alerts-activity-log-service-notifications-portal" - diff --git a/azure-resources/KeyVault/vaults/recommendations.yaml b/azure-resources/KeyVault/vaults/recommendations.yaml index b190274aa..1634954a5 100644 --- a/azure-resources/KeyVault/vaults/recommendations.yaml +++ b/azure-resources/KeyVault/vaults/recommendations.yaml @@ -83,7 +83,7 @@ recommendationMetadataState: Active longDescription: | Enable logs, set up alerts, and adhere to retention requirements for improved monitoring and security of Key Vault access, detailing the frequency and identity of users. - potentialBenefits: Enhanced monitoring & security compliance + potentialBenefits: Enhanced monitoring and security compliance pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -92,4 +92,3 @@ learnMoreLink: - name: Azure Key Vault logging overview url: "https://learn.microsoft.com/azure/key-vault/general/logging?tabs=Vault" - diff --git a/azure-resources/NetApp/netAppAccounts/recommendations.yaml b/azure-resources/NetApp/netAppAccounts/recommendations.yaml index d22326564..3a3d1e128 100644 --- a/azure-resources/NetApp/netAppAccounts/recommendations.yaml +++ b/azure-resources/NetApp/netAppAccounts/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Service levels, part of capacity pool attributes, determine the maximum throughput per volume quota in Azure NetApp Files. It combines read and write speed, offering three levels: Standard (16 MiB/s per 1TiB), Premium (64 MiB/s per 1TiB), and Ultra (128 MiB/s per 1TiB) throughput. - potentialBenefits: Optimized performance & cost efficiency + potentialBenefits: Optimized performance and cost efficiency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | Standard network feature in Azure NetApp Files enhances IP limits and VNet capabilities, including network security groups, user-defined routes on subnets, and diverse connectivity options. - potentialBenefits: Enhanced connectivity & security + potentialBenefits: Enhanced connectivity and security pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -83,7 +83,7 @@ recommendationMetadataState: Active longDescription: | Azure NetApp Files offers a fully managed backup solution enhancing long-term recovery, archiving, and compliance. - potentialBenefits: Enhances data recovery & compliance + potentialBenefits: Enhances data recovery and compliance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -102,7 +102,7 @@ recommendationMetadataState: Active longDescription: | Azure NetApp Files replication offers data protection by allowing asynchronous cross-region volume replication for application failover in case of regional outages. Volumes can be replicated across regions, not concurrently with cross-zone replication. - potentialBenefits: Enhanced data protection & disaster recovery + potentialBenefits: Enhanced data protection and disaster recovery pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -140,7 +140,7 @@ recommendationMetadataState: Active longDescription: | Azure NetApp Files offers metrics like allocated storage, actual usage, volume IOPS, and latency, enabling a better understanding of usage patterns and volume performance for NetApp accounts. - potentialBenefits: Optimize usage & performance + potentialBenefits: Optimize usage and performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -159,7 +159,7 @@ recommendationMetadataState: Active longDescription: | Azure NetApp Files supports Azure policy integration using either built-in policy definitions or by creating custom ones to maintain organizational standards and compliance. - potentialBenefits: Enforce standards & assess compliance + potentialBenefits: Enforce standards and assess compliance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -235,4 +235,3 @@ learnMoreLink: - name: What do you recommend for handling potential application disruptions due to storage service maintenance events? | Microsoft Learn url: "https://learn.microsoft.com/azure/azure-netapp-files/faq-application-resilience#what-do-you-recommend-for-handling-potential-application-disruptions-due-to-storage-service-maintenance-events" - diff --git a/azure-resources/Network/FrontDoorWebApplicationFirewallPolicies/recommendations.yaml b/azure-resources/Network/FrontDoorWebApplicationFirewallPolicies/recommendations.yaml index c24614520..378f6f96d 100644 --- a/azure-resources/Network/FrontDoorWebApplicationFirewallPolicies/recommendations.yaml +++ b/azure-resources/Network/FrontDoorWebApplicationFirewallPolicies/recommendations.yaml @@ -53,7 +53,7 @@ recommendationMetadataState: Active longDescription: | Monitoring the health of your Web Application Firewall and the applications it protects is crucial. This can be achieved through integration with Microsoft Defender for Cloud, Azure Monitor, and Azure Monitor logs, ensuring optimal performance and security. - potentialBenefits: Enhanced security & health insight + potentialBenefits: Enhanced security and health insight pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -64,4 +64,3 @@ url: "https://learn.microsoft.com/azure/web-application-firewall/ag/ag-overview#waf-monitoring" - name: Azure Monitor Workbook for WAF url: "https://github.com/Azure/Azure-Network-Security/tree/master/Azure%20WAF/Workbook%20-%20WAF%20Monitor%20Workbook" - diff --git a/azure-resources/Network/applicationGateways/recommendations.yaml b/azure-resources/Network/applicationGateways/recommendations.yaml index 8a7a6520d..62e3e35a1 100644 --- a/azure-resources/Network/applicationGateways/recommendations.yaml +++ b/azure-resources/Network/applicationGateways/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Azure Application Gateways v2 are deployed highly available with multiple instances by default. - potentialBenefits: Enhances uptime & enables autoscaling + potentialBenefits: Enhances uptime and enables autoscaling pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | Secure all incoming connections using HTTPS for production services with end-to-end SSL/TLS or SSL/TLS termination at the Application Gateway to protect against attacks and ensure data remains private and encrypted between the web server and browsers. - potentialBenefits: Enhanced security & privacy + potentialBenefits: Enhanced security and privacy pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -97,7 +97,7 @@ recommendationMetadataState: Active longDescription: | Enable logging in storage accounts, Log Analytics, and monitoring services for auditing and insights. If using NSGs, enable NSG flow logs to be stored, providing in-depth traffic analysis into Azure Cloud. - potentialBenefits: Enhanced traffic insight & audit + potentialBenefits: Enhanced traffic insight and audit pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -139,7 +139,7 @@ recommendationMetadataState: Active longDescription: | Deploying Application Gateway in a zone-aware configuration ensures continued customer access to services even if a specific zone goes down, as services in other zones remain available. - potentialBenefits: Enhanced uptime & customer access + potentialBenefits: Enhanced uptime and customer access pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -190,4 +190,3 @@ learnMoreLink: - name: Azure Application Gateway infrastructure configuration | Microsoft Learn url: "https://learn.microsoft.com/en-us/azure/application-gateway/configuration-infrastructure#size-of-the-subnet" - diff --git a/azure-resources/Network/azureFirewalls/recommendations.yaml b/azure-resources/Network/azureFirewalls/recommendations.yaml index a3e058325..4f4895b4c 100644 --- a/azure-resources/Network/azureFirewalls/recommendations.yaml +++ b/azure-resources/Network/azureFirewalls/recommendations.yaml @@ -28,7 +28,7 @@ recommendationMetadataState: Active longDescription: | Monitor Azure Firewall for overall health, processed throughput, and outbound SNAT port usage. Get alerted before limits impact services. Consider NAT gateway integration with zonal deployments; note limitations with zone redundant firewalls and secure virtual hub networks. - potentialBenefits: Improve health & performance monitoring + potentialBenefits: Improve health and performance monitoring pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -117,4 +117,3 @@ url: "https://learn.microsoft.com/azure/well-architected/service-guides/azure-firewall#recommendations" - name: Azure Firewall metrics overview url: "https://learn.microsoft.com/azure/firewall/metrics" - diff --git a/azure-resources/Network/connections/recommendations.yaml b/azure-resources/Network/connections/recommendations.yaml index 4478f969c..34ec04f4a 100644 --- a/azure-resources/Network/connections/recommendations.yaml +++ b/azure-resources/Network/connections/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | ExpressRoute gateways facilitate network traffic and route exchanges. FastPath enhances on-premises to virtual network data path performance by directing traffic straight to virtual machines, bypassing the gateway for improved resiliency through reduced gateway utilization. - potentialBenefits: Enhances speed & resiliency + potentialBenefits: Enhances speed and resiliency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -35,4 +35,3 @@ learnMoreLink: - name: Protect your Azure resources with a lock - Azure Resource Manager | Microsoft Learn url: "https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json" - diff --git a/azure-resources/Network/ddosProtectionPlans/recommendations.yaml b/azure-resources/Network/ddosProtectionPlans/recommendations.yaml index f4f7c48fc..e45e9e1db 100644 --- a/azure-resources/Network/ddosProtectionPlans/recommendations.yaml +++ b/azure-resources/Network/ddosProtectionPlans/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Azure DDoS Plan metrics differentiate packets and bytes by tags: null Dropped (packets scrubbed by DDoS), Forwarded (packets to VIP not filtered), and No tag (total packets, sum of dropped and forwarded). - potentialBenefits: Enhanced security & traffic insight + potentialBenefits: Enhanced security and traffic insight pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -16,4 +16,3 @@ learnMoreLink: - name: Monitoring Azure DDoS Protection url: "https://learn.microsoft.com/en-us/azure/ddos-protection/monitor-ddos-protection-reference" - diff --git a/azure-resources/Network/expressRouteCircuits/recommendations.yaml b/azure-resources/Network/expressRouteCircuits/recommendations.yaml index ab8fa8157..0fdf1fb7a 100644 --- a/azure-resources/Network/expressRouteCircuits/recommendations.yaml +++ b/azure-resources/Network/expressRouteCircuits/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Connecting each ExpressRoute Gateway to a minimum of two circuits in different peering locations enhances redundancy and reliability by ensuring alternate pathways for data in case one circuit fails. - potentialBenefits: Enhanced reliability & redundancy + potentialBenefits: Enhanced reliability and redundancy pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | Microsoft or the ExpressRoute provider always ensures physical redundancy in their services. It's essential to maintain this level of physical redundancy (two devices, two links) from the ExpressRoute peering location to your network for optimal performance and reliability. - potentialBenefits: Enhanced reliability & fault tolerance + potentialBenefits: Enhanced reliability and fault tolerance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -85,7 +85,7 @@ recommendationMetadataState: Active longDescription: | Use Network Insights for monitoring ExpressRoute circuit availability, QoS, and throughput. Set alerts based on Azure Monitor Baseline Alerts for availability, QoS metrics, and throughput metrics exceeding specific thresholds. - potentialBenefits: Enhanced network performance & health + potentialBenefits: Enhanced network performance and health pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -127,7 +127,7 @@ recommendationMetadataState: Active longDescription: | If you haven't added a second ExpressRoute circuit, use a site-to-site VPN as a temporary solution until the second circuit is available. This ensures network reliability and continuity of service. - potentialBenefits: Ensures continuity & reliability + potentialBenefits: Ensures continuity and reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -136,4 +136,3 @@ learnMoreLink: - name: Using S2S VPN as a backup for ExpressRoute private peering url: "https://learn.microsoft.com/azure/expressroute/use-s2s-vpn-as-backup-for-expressroute-privatepeering" - diff --git a/azure-resources/Network/loadBalancers/recommendations.yaml b/azure-resources/Network/loadBalancers/recommendations.yaml index 1414fd885..ee87de136 100644 --- a/azure-resources/Network/loadBalancers/recommendations.yaml +++ b/azure-resources/Network/loadBalancers/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Selecting Standard SKU Load Balancer enhances reliability through availability zones and zone resiliency, ensuring deployments withstand zone and region failures. Unlike Basic, it supports global load balancing and offers an SLA. - potentialBenefits: Enhanced reliability & SLA support + potentialBenefits: Enhanced reliability and SLA support pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -28,7 +28,7 @@ recommendationMetadataState: Active longDescription: | Deploying Azure Load Balancers with at least two instances in the backend prevents a single point of failure and supports scalability. Pairing with Virtual Machine Scale Sets is advised for optimal scale building. - potentialBenefits: Enhances reliability & scalability + potentialBenefits: Enhances reliability and scalability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -66,7 +66,7 @@ recommendationMetadataState: Active longDescription: | In regions with Availability Zones, assigning a zone-redundant frontend IP to a Standard Load Balancer ensures continuous traffic distribution even if one availability zone fails, provided other healthy zones and backend instances are available to receive the traffic. - potentialBenefits: Enhances uptime & resilience + potentialBenefits: Enhances uptime and resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -75,4 +75,3 @@ learnMoreLink: - name: Load Balancer and Availability Zones url: "https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-availability-zones#zone-redundant" - diff --git a/azure-resources/Network/networkSecurityGroups/recommendations.yaml b/azure-resources/Network/networkSecurityGroups/recommendations.yaml index 11db74765..c1475be22 100644 --- a/azure-resources/Network/networkSecurityGroups/recommendations.yaml +++ b/azure-resources/Network/networkSecurityGroups/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Resource Logs are not collected and stored until you create a diagnostic setting and route them to one or more locations. - potentialBenefits: Enhanced monitoring & security insights + potentialBenefits: Enhanced monitoring and security insights pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -64,7 +64,7 @@ recommendationMetadataState: Active longDescription: | Monitoring, managing, and understanding your network is crucial for protection and optimization. Knowing the current state, who and from where connections are made, open internet ports, expected and irregular behavior, and traffic spikes is essential. - potentialBenefits: Enhances security & optimizes network + potentialBenefits: Enhances security and optimizes network pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -83,7 +83,7 @@ recommendationMetadataState: Active longDescription: | Azure network security groups filter network traffic between resources in a virtual network, using security rules to allow or deny inbound or outbound traffic based on source, destination, port, and protocol. - potentialBenefits: Enhanced traffic control & security + potentialBenefits: Enhanced traffic control and security pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -92,4 +92,3 @@ learnMoreLink: - name: Security rules url: "https://learn.microsoft.com/azure/virtual-network/network-security-groups-overview#security-rules" - diff --git a/azure-resources/Network/networkWatchers/recommendations.yaml b/azure-resources/Network/networkWatchers/recommendations.yaml index 6af2cad69..9fa78e410 100644 --- a/azure-resources/Network/networkWatchers/recommendations.yaml +++ b/azure-resources/Network/networkWatchers/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Azure Network Watcher offers tools for monitoring, diagnosing, viewing metrics, and managing logs for IaaS resources. It helps maintain the health of VMs, VNets, application gateways, load balancers, but not for PaaS or Web analytics. - potentialBenefits: Enhanced monitoring & diagnostics for Azure IaaS + potentialBenefits: Enhanced monitoring and diagnostics for Azure IaaS pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -35,4 +35,3 @@ learnMoreLink: - name: Manage NSG flow logs using the Azure portal url: "https://learn.microsoft.com/azure/network-watcher/nsg-flow-logging" - diff --git a/azure-resources/Network/privateDnsZones/recommendations.yaml b/azure-resources/Network/privateDnsZones/recommendations.yaml index 10cd45234..79751ab8b 100644 --- a/azure-resources/Network/privateDnsZones/recommendations.yaml +++ b/azure-resources/Network/privateDnsZones/recommendations.yaml @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | The records in a private DNS zone are only resolvable from linked virtual networks. You can link a private DNS zone to multiple networks and enable autoregistration to manage DNS records for virtual machines automatically. - potentialBenefits: Enhanced DNS reliability & alerting + potentialBenefits: Enhanced DNS reliability and alerting pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -54,4 +54,3 @@ learnMoreLink: - name: Scenarios for Azure Private DNS zones url: "https://learn.microsoft.com/en-us/azure/dns/private-dns-scenarios" - diff --git a/azure-resources/Network/routeTables/recommendations.yaml b/azure-resources/Network/routeTables/recommendations.yaml index 22d5023cd..fc8a0ad7a 100644 --- a/azure-resources/Network/routeTables/recommendations.yaml +++ b/azure-resources/Network/routeTables/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Create Alerts with Azure Monitor for operations like Create or Update Route Table to spot unauthorized/undesired changes in production resources. This setup aids in identifying improper routing changes, including efforts to evade firewalls or access resources from outside. - potentialBenefits: Enhanced security & change detection + potentialBenefits: Enhanced security and change detection pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -35,4 +35,3 @@ learnMoreLink: - name: Protect your Azure resources with a lock - Azure Resource Manager | Microsoft Learn url: "https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?toc=%2Fazure%2Fvirtual-network%2Ftoc.json&tabs=json" - diff --git a/azure-resources/Network/virtualNetworkGateways/recommendations.yaml b/azure-resources/Network/virtualNetworkGateways/recommendations.yaml index cf1cbd85c..b64d128c8 100644 --- a/azure-resources/Network/virtualNetworkGateways/recommendations.yaml +++ b/azure-resources/Network/virtualNetworkGateways/recommendations.yaml @@ -68,7 +68,7 @@ recommendationMetadataState: Active longDescription: | Use Network Insights for monitoring ExpressRoute Gateway's health, including availability, performance, and scalability. - potentialBenefits: Enhanced monitoring & alerting + potentialBenefits: Enhanced monitoring and alerting pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -150,7 +150,7 @@ recommendationMetadataState: Active longDescription: | The active-active mode is available for all SKUs except Basic, allowing for two Gateway IP configurations and two public IP addresses, enhancing redundancy and traffic handling. - potentialBenefits: Enhanced reliability & network capacity + potentialBenefits: Enhanced reliability and network capacity pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -171,7 +171,7 @@ recommendationMetadataState: Active longDescription: | Deploying active-active VPN concentrators and Azure VPN Gateways maximizes resilience and availability using a fully-meshed topology with four IPSec tunnels. - potentialBenefits: Maximizes resilience & availability + potentialBenefits: Maximizes resilience and availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -230,7 +230,7 @@ recommendationMetadataState: Active longDescription: | For zone-redundant VPN Gateways, always use zone-redundant Standard SKU public IPs to avoid deploying all instances in one zone. This ensures the gateway's reliability, applying to both active-passive (single IP) and active-active (dual IP) setups. - potentialBenefits: Enhanced reliability & disaster recovery + potentialBenefits: Enhanced reliability and disaster recovery pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Network/virtualNetworks/recommendations.yaml b/azure-resources/Network/virtualNetworks/recommendations.yaml index 4ef070b1f..4420b821d 100644 --- a/azure-resources/Network/virtualNetworks/recommendations.yaml +++ b/azure-resources/Network/virtualNetworks/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Network security groups and application security groups allow filtering of inbound and outbound traffic by IP, port, and protocol, adding a security layer at the Subnet level. - potentialBenefits: Enhanced subnet security & traffic control + potentialBenefits: Enhanced subnet security and traffic control pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -51,7 +51,7 @@ recommendationMetadataState: Active longDescription: | Use VNet service endpoints only if Private Link isn't available and no data movement concerns. This feature restricts Azure service access to specified VNet and subnet, enhancing network security and isolating service traffic. - potentialBenefits: Enhanced security & data isolation + potentialBenefits: Enhanced security and data isolation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -64,4 +64,3 @@ url: "https://learn.microsoft.com/azure/architecture/framework/services/networking/network-connectivity/reliability" - name: Azure Private Link availability url: "https://learn.microsoft.com/en-us/azure/private-link/availability" - diff --git a/azure-resources/NetworkFunction/azureTrafficCollectors/recommendations.yaml b/azure-resources/NetworkFunction/azureTrafficCollectors/recommendations.yaml index 4444495df..bf117b3ed 100644 --- a/azure-resources/NetworkFunction/azureTrafficCollectors/recommendations.yaml +++ b/azure-resources/NetworkFunction/azureTrafficCollectors/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | ExpressRoute Traffic Collector samples network flows over ExpressRoute Direct circuits, sending flow logs to a Log Analytics workspace for analysis or export to visualization tools/SIEM. - potentialBenefits: Enhanced network flow analysis & DR readiness + potentialBenefits: Enhanced network flow analysis and DR readiness pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -16,4 +16,3 @@ learnMoreLink: - name: Azure ExpressRoute Traffic Collector url: "https://learn.microsoft.com/en-us/azure/expressroute/traffic-collector" - diff --git a/azure-resources/OperationalInsights/workspaces/recommendations.yaml b/azure-resources/OperationalInsights/workspaces/recommendations.yaml index 7f0b0dc3f..c5bd86d27 100644 --- a/azure-resources/OperationalInsights/workspaces/recommendations.yaml +++ b/azure-resources/OperationalInsights/workspaces/recommendations.yaml @@ -49,7 +49,7 @@ recommendationMetadataState: Active longDescription: | Azure Monitor Logs retain log data for specific periods depending on the data type, e.g., 30 days for platform logs. For compliance or business reasons, you might need longer retention. Data retention settings are adjustable. - potentialBenefits: Cost-saving & compliance with data rules + potentialBenefits: Cost-saving and compliance with data rules pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -62,4 +62,3 @@ url: "https://learn.microsoft.com/en-us/azure/azure-monitor/logs/search-jobs?tabs=portal-1%2Cportal-2" - name: Restore logs in Azure Monitor url: "https://learn.microsoft.com/en-us/azure/azure-monitor/logs/restore?tabs=api-1" - diff --git a/azure-resources/SignalRService/SignalR/recommendations.yaml b/azure-resources/SignalRService/SignalR/recommendations.yaml index 2d2bcdab6..200357723 100644 --- a/azure-resources/SignalRService/SignalR/recommendations.yaml +++ b/azure-resources/SignalRService/SignalR/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Use SignalR with zone redundancy for production to improve uptime. This feature, available in the Premium tier, is activated upon creating or upgrading to Premium. Standard can upgrade to Premium without downtime. - potentialBenefits: Enhances reliability & uptime + potentialBenefits: Enhances reliability and uptime pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -16,4 +16,3 @@ learnMoreLink: - name: Availability zones support in Azure SignalR Service url: "https://learn.microsoft.com/azure/azure-signalr/availability-zones" - diff --git a/azure-resources/Sql/servers/recommendations.yaml b/azure-resources/Sql/servers/recommendations.yaml index 90cf591fe..13bff4b6f 100644 --- a/azure-resources/Sql/servers/recommendations.yaml +++ b/azure-resources/Sql/servers/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | If your primary database fails, perform a manual failover to the secondary database which remains read-only until then. Active geo-replication allows creating readable replicas and manual failover in case of a datacenter outage or application upgrade. - potentialBenefits: Enhanced disaster recovery & read scalability + potentialBenefits: Enhanced disaster recovery and read scalability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | You can use the readable secondary databases to offload read-only query workloads. Autofailover groups involve multiple databases configured on a primary server, supporting replication of all databases in the group to only one secondary server or instance in a different region. - potentialBenefits: Improves load balancing & disaster recovery + potentialBenefits: Improves load balancing and disaster recovery pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -85,7 +85,7 @@ recommendationMetadataState: Active longDescription: | Use available solutions to monitor SQL Database to detect reliability incidents early, making your databases more reliable. Opt for near real-time monitoring to rapidly react to incidents. - potentialBenefits: Quick incident detection & response + potentialBenefits: Quick incident detection and response pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -108,7 +108,7 @@ recommendationMetadataState: Active longDescription: | It is highly recommended to use Azure Key Vault to store encryption keys for Always Encrypted configurations. Though not mandatory, if not using AKV, ensure keys are properly backed up. - potentialBenefits: Enhanced security & data recovery + potentialBenefits: Enhanced security and data recovery pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -119,4 +119,3 @@ url: "https://learn.microsoft.com/en-us/azure/key-vault/general/overview" - name: Getting Started with Always Encrypted url: "https://learn.microsoft.com/en-us/azure/azure-sql/database/always-encrypted-landing?view=azuresql" - diff --git a/azure-resources/Storage/storageAccounts/recommendations.yaml b/azure-resources/Storage/storageAccounts/recommendations.yaml index abc2deb76..1e9cb709d 100644 --- a/azure-resources/Storage/storageAccounts/recommendations.yaml +++ b/azure-resources/Storage/storageAccounts/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Redundancy ensures storage accounts meet availability and durability targets amidst failures, weighing lower costs against higher availability. Locally redundant storage offers the least durability at the lowest cost. - potentialBenefits: High availability & durability for storage + potentialBenefits: High availability and durability for storage pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -49,7 +49,7 @@ recommendationMetadataState: Active longDescription: | Consider using the appropriate storage performance tier for workload scenarios. Each workload scenario requires appropriate performance tiers, and selecting the appropriate tiers based on storage usage is crucial. - potentialBenefits: Optimized cost & performance + potentialBenefits: Optimized cost and performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -135,7 +135,7 @@ recommendationMetadataState: Active longDescription: | For critical applications and business processes relying on Azure, monitoring and alerts are crucial. Resource logs are only stored after creating a diagnostic setting to route logs to specified locations, requiring selection of log categories to collect. - potentialBenefits: Enhanced alerting & log analysis + potentialBenefits: Enhanced alerting and log analysis pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -167,4 +167,3 @@ url: "https://learn.microsoft.com/azure/storage/common/storage-account-overview#legacy-storage-account-types" - name: Upgrade to a general-purpose v2 storage account url: "https://learn.microsoft.com/azure/storage/common/storage-account-upgrade" - diff --git a/azure-resources/Web/serverFarms/recommendations.yaml b/azure-resources/Web/serverFarms/recommendations.yaml index 184dbe14d..6df234c3d 100644 --- a/azure-resources/Web/serverFarms/recommendations.yaml +++ b/azure-resources/Web/serverFarms/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Azure's feature of deploying App Service plans across availability zones enhances resiliency and reliability by ensuring operation during datacenter failures, providing redundancy without needing different regions, thus minimizing downtime and maintaining uninterrupted services. - potentialBenefits: Enhances app resiliency & reliability + potentialBenefits: Enhances app resiliency and reliability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -28,7 +28,7 @@ recommendationMetadataState: Active longDescription: | Choose Standard/Premium Azure App Service Plan for robust apps with advanced scaling, high availability, better performance, and multiple slots, ensuring resilience and continuous operation. - potentialBenefits: Enhanced scaling & reliability + potentialBenefits: Enhanced scaling and reliability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-resources/Web/sites/recommendations.yaml b/azure-resources/Web/sites/recommendations.yaml index 8a0e12784..5be983eb5 100644 --- a/azure-resources/Web/sites/recommendations.yaml +++ b/azure-resources/Web/sites/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Enabling diagnostics logging for your Azure App Service is crucial for monitoring and diagnostics, including both application logging and web server logging. - potentialBenefits: Enhanced monitoring & diagnostics + potentialBenefits: Enhanced monitoring and diagnostics pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | Use Application Insights to monitor app performance and load behavior, offering real-time insights, issue diagnosis, and root-cause analysis. It supports ASP.NET, ASP.NET Core, Java, and Node.js on Azure App Service, now with built-in monitoring. - potentialBenefits: Real-time insights & issue diagnosis + potentialBenefits: Real-time insights and issue diagnosis pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -85,7 +85,7 @@ recommendationMetadataState: Active longDescription: | Create a deployment slot for staging to deploy updates, verify them, and ensure all instances are warmed up before production swap, reducing bad update chances. An LKG slot allows easy rollback to a previous good deployment if issues arise later, enhancing reliability. - potentialBenefits: Safer updates & easy rollback + potentialBenefits: Safer updates and easy rollback pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-specialized-workloads/avd/recommendations.yaml b/azure-specialized-workloads/avd/recommendations.yaml index f2ee7b4b4..ae9d3bf0e 100644 --- a/azure-specialized-workloads/avd/recommendations.yaml +++ b/azure-specialized-workloads/avd/recommendations.yaml @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | AVD Insights is an Azure Workbook template provided by the AVD product team. It is highly recommended in order to monitor and troubleshoot AVD workloads across metrics, logs, events, and more. Both Production and DR workloads should be enabled with AVD Insights. - potentialBenefits: Enhanced AVD monitoring & troubleshooting + potentialBenefits: Enhanced AVD monitoring and troubleshooting pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -65,7 +65,7 @@ longDescription: | NSG and ASG per AVD persona and IP space per Prod/DR regions. It's important your organization plans for IP addressing in Azure. Planning ensures the IP address space doesn't overlap across on-premises locations and Azure regions. Overlapping IP address spaces across on-premises and Azure regions create major contention challenges. - potentialBenefits: Enhances security & prevents IP conflicts + potentialBenefits: Enhances security and prevents IP conflicts pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -84,7 +84,7 @@ recommendationMetadataState: Active longDescription: | For high availability connections back to on-premises datacenters should consider backup paths across the regions that have been utilized. Ensure redundancy in routing by having a secondary route table in the secondary region. - potentialBenefits: Enhanced availability & routing + potentialBenefits: Enhanced availability and routing pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -105,7 +105,7 @@ App Attach packages should be on a separate share from profiles. And App Attach files should be backed up. Best practice is to separate App Attach VHD files in a separate file share away from user profiles, both for performance and scalability purposes. Requirements can vary greatly depending on how many packaged applications are stored in an image, and you need to test your applications to understand your requirements. Your file share should be in the same Azure region as your session hosts. - potentialBenefits: Enhances performance & scalability + potentialBenefits: Enhances performance and scalability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -125,7 +125,7 @@ longDescription: | Turn on Continuous Availability if using Azure Netapp Files. Verify the number of users connecting to each file share to make sure the SMB path can handle the number of file connections. Currently, Azure Files supports up to 10k handles per root directory. - potentialBenefits: Enhanced stability & user limit checks + potentialBenefits: Enhanced stability and user limit checks pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -144,7 +144,7 @@ recommendationMetadataState: Active longDescription: | Ensure a process is in place to regularly check for FSLogix agent upgrades and maintain FSLogix up to date. We recommend customers upgrade to the latest version of FSLogix as quickly as their deployment process can allow. FSLogix will provide hotfix releases which address current and potential bugs that impact customer deployments. Additionally, it is the first requirement when opening any support case. - potentialBenefits: Enhanced reliability & support + potentialBenefits: Enhanced reliability and support pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -182,7 +182,7 @@ recommendationMetadataState: Active longDescription: | Verify user permissions are correctly set on SMB shares so that users have appropriate access to only their own profile and not other user profiles, while administrators have full access at the root volume. Also ensure secondary storage path permissions are set in case of a DR event. - potentialBenefits: Enhanced security & disaster recovery + potentialBenefits: Enhanced security and disaster recovery pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -221,7 +221,7 @@ longDescription: | Hybrid VMs should be in a unique OU. When using AD-joined session hosts will benefit from using a unique OU to target specific AVD configurations per hostpool. Examples include Fslogix, time out limits, session controls, and much more. It�s also important to segment Prod and DR organization units to ensure resources are configured per environment. - potentialBenefits: Improved AVD hostpool config & segmentation + potentialBenefits: Improved AVD hostpool config and segmentation pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -240,7 +240,7 @@ recommendationMetadataState: Active longDescription: | Leverage Azure Site Recovery (ASR) or implement Azure Backup for personal host pools for seamless failover and failback capabilities, enabling the replication of VMs supporting personal desktops to a secondary Azure region. In the event of a disaster or unexpected outage, this ensures the recovery of these VMs from a known-state. - potentialBenefits: Ensures VM recovery & failover + potentialBenefits: Ensures VM recovery and failover pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -320,7 +320,7 @@ recommendationMetadataState: Active longDescription: | It is recommended to enable RDP Shortpath for AVD. RDP Shortpath is a feature of Azure Virtual Desktop that establishes a direct UDP-based transport between a supported Windows Remote Desktop client and session host. By default, Remote Desktop Protocol (RDP) tries to establish connection using UDP and uses a TCP-based reverse connect transport as a fallback connection mechanism. TCP-based reverse connect transport provides the best compatibility with various networking configurations and has a high success rate for establishing RDP connections. UDP-based transport offers better connection reliability and more consistent latency. - potentialBenefits: Better reliability & consistent latency + potentialBenefits: Better reliability and consistent latency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -339,7 +339,7 @@ recommendationMetadataState: Active longDescription: | It is recommended to adopt a multi-region deployment (active-active) for AVD. Each region should contain at least identity, name resolution, AVD management resources, and session hosts in case of a primary region outage. - potentialBenefits: Enhanced resilience & uptime + potentialBenefits: Enhanced resilience and uptime pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -398,7 +398,7 @@ recommendationMetadataState: Active longDescription: | Having separate Log Analytics ensures that your DR environment is fully operational for visibility of the metrics, performance, and other auditing tools your workload teams will rely on in the event of an incident. - potentialBenefits: Improved DR visibility & operation + potentialBenefits: Improved DR visibility and operation pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -424,7 +424,7 @@ - GZRS provides both high availability and redundancy across geo replication. It provides sixteen 9s durability over a given year. Generally, it is recommended to store your data as secure and redundant as possible. - potentialBenefits: Improves data durability & availability + potentialBenefits: Improves data durability and availability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -462,7 +462,7 @@ recommendationMetadataState: Active longDescription: | Ensure that AVD session hosts can effectively communicate with the AVD control plane and that UDP ports are open if UDP is utilized. Validate the connectivity of VMs to the AVD Control Plane and confirm the accessibility of UDP TURN ports. Whitelist global URLs and ensure that UDP/TURN ports are open and accessible to facilitate smooth user connections. Proper connectivity validation guarantees optimal performance and user experience within the AVD environment. - potentialBenefits: Enhanced performance & user experience + potentialBenefits: Enhanced performance and user experience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -521,7 +521,7 @@ recommendationMetadataState: Active longDescription: | Active Directory Domain Services (AD DS) integrated DNS/other should target Secondary/Tertiary customer DNS across multi-region zones. If using custom DNS, ensure there are redundant DNS servers to avoid a single point of failure. - potentialBenefits: Improves uptime & resilience + potentialBenefits: Improves uptime and resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -559,7 +559,7 @@ recommendationMetadataState: Active longDescription: | Follow AVD Landing Zone best practices using multiple resource groups based on resource type and associated shared resources for AVD workloads. - potentialBenefits: Enhanced organization & scalability + potentialBenefits: Enhanced organization and scalability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-specialized-workloads/avs/recommendations.yaml b/azure-specialized-workloads/avs/recommendations.yaml index ed3fbf687..2c8cdc225 100644 --- a/azure-specialized-workloads/avs/recommendations.yaml +++ b/azure-specialized-workloads/avs/recommendations.yaml @@ -64,7 +64,7 @@ recommendationMetadataState: Active longDescription: | Ensure sufficient memory resources to prevent host resource exhaustion in Azure VMware Solution. It uses vSphere DRS and vSphere HA for dynamic workload management. Yet, continuous memory use over 95% leads to disk swapping, affecting workloads. - potentialBenefits: Avoids host exhaustion & swapping + potentialBenefits: Avoids host exhaustion and swapping pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -140,7 +140,7 @@ recommendationMetadataState: Active longDescription: | Azure VMware Solution vSAN stretched clusters cover 2 Availability Zones plus a third for witness. Use ExpressRoute for added resilience by deploying two circuits in different locations. With Global Reach, create a mesh topology by connecting on-premises circuits to Azure's managed circuits. - potentialBenefits: Enhanced resilience & connectivity + potentialBenefits: Enhanced resilience and connectivity pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -178,7 +178,7 @@ recommendationMetadataState: Active longDescription: | Azure VMware Solution private clouds support up to three DNS servers for a single FQDN, preventing a single DNS server from becoming a point of failure. It's crucial to use multiple DNS servers for on-premises FQDN resolution from each private cloud. - potentialBenefits: Enhances reliability & avoids failure + potentialBenefits: Enhances reliability and avoids failure pgVerified: Preview publishedToLearn: false publishedToAdvisor: false diff --git a/azure-specialized-workloads/hpc/recommendations-hpc.yaml b/azure-specialized-workloads/hpc/recommendations-hpc.yaml index 3e4a2a5de..700df1750 100644 --- a/azure-specialized-workloads/hpc/recommendations-hpc.yaml +++ b/azure-specialized-workloads/hpc/recommendations-hpc.yaml @@ -6,7 +6,7 @@ recommendationResourceType: n/a recommendationMetadataState: Active longDescription: | - Currently in all HPC Pack ARM templates we create the cluster share on one of the head node which is not highly available. + Currently in all HPC Pack ARM templates we create the cluster share on one of the head node which is not highly available. potentialBenefits: Enhances job metadata availability pgVerified: Preview publishedToLearn: false @@ -14,8 +14,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#hpc-pack-cluster-shares + - name: Learn More + url: https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#hpc-pack-cluster-shares - description: Automatically grow and shrink HPC Pack cluster resources aprlGuid: b02b5a0e-3770-44da-a099-5dd4d9f8cd70 @@ -25,7 +25,7 @@ recommendationResourceType: n/a recommendationMetadataState: Active longDescription: | - By deploying Azure "burst" nodes (both Windows and Linux) in your HPC Pack cluster or creating your HPC Pack cluster in Azure, you can automatically grow or shrink the cluster's resources such as nodes or cores according to the workload on the cluster. + By deploying Azure "burst" nodes (both Windows and Linux) in your HPC Pack cluster or creating your HPC Pack cluster in Azure, you can automatically grow or shrink the cluster's resources such as nodes or cores according to the workload on the cluster. potentialBenefits: Efficient, uninterrupted execution pgVerified: Preview publishedToLearn: false @@ -33,8 +33,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-auto-grow-shrink?view=hpc19-ps + - name: Learn More + url: https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-auto-grow-shrink?view=hpc19-ps - description: Use multiple head nodes for HPC Pack aprlGuid: a48b1be6-77a3-4e3c-8205-dda2ba010a99 @@ -52,8 +52,8 @@ automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#dealing-with-head-node-failure + - name: Learn More + url: https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#dealing-with-head-node-failure - description: Use HPC Pack Azure AD Integration or other highly available AD configuration aprlGuid: 37eec891-7880-4759-b597-7cd925512fe3 @@ -63,13 +63,13 @@ recommendationResourceType: n/a recommendationMetadataState: Active longDescription: | - When HPC failed to connect to the Domain controller, admin and user will not be able to connect to the HPC Service thus not able to manage and submit jobs to the cluster. - potentialBenefits: Enhanced reliability & job management + When HPC failed to connect to the Domain controller, admin and user will not be able to connect to the HPC Service thus not able to manage and submit jobs to the cluster. + potentialBenefits: Enhanced reliability and job management pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#dealing-with-ad-failure + - name: Learn More + url: https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#dealing-with-ad-failure diff --git a/azure-specialized-workloads/hpc/recommendations.yaml b/azure-specialized-workloads/hpc/recommendations.yaml index 269f01184..b76642a4f 100644 --- a/azure-specialized-workloads/hpc/recommendations.yaml +++ b/azure-specialized-workloads/hpc/recommendations.yaml @@ -1,76 +1,75 @@ - description: Ensure File shares that stores jobs metadata are accessible from all head nodes aprlGuid: 4c78fab4-845a-495d-ab14-3ad51de53a2a - recommendationTypeId: + recommendationTypeId: recommendationControl: High Availability recommendationImpact: High recommendationResourceType: n/a recommendationMetadataState: Active longDescription: | - Currently in all HPC Pack ARM templates we create the cluster share on one of the head node which is not highly available. - potentialBenefits: Enhances job metadata availability + Currently in all HPC Pack ARM templates we create the cluster share on one of the head node which is not highly available. + potentialBenefits: Enhances job metadata availability pgVerified: Preview publishedToLearn: false - publishedToAdvisor: false + publishedToAdvisor: false automationAvailable: no - tags: + tags: learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#hpc-pack-cluster-shares" + - name: Learn More + url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#hpc-pack-cluster-shares" - description: Automatically grow and shrink HPC Pack cluster resources aprlGuid: b02b5a0e-3770-44da-a099-5dd4d9f8cd70 - recommendationTypeId: + recommendationTypeId: recommendationControl: Scalability recommendationImpact: Medium recommendationResourceType: n/a recommendationMetadataState: Active longDescription: | - By deploying Azure "burst" nodes (both Windows and Linux) in your HPC Pack cluster or creating your HPC Pack cluster in Azure, you can automatically grow or shrink the cluster's resources such as nodes or cores according to the workload on the cluster. - potentialBenefits: Efficient, uninterrupted execution + By deploying Azure "burst" nodes (both Windows and Linux) in your HPC Pack cluster or creating your HPC Pack cluster in Azure, you can automatically grow or shrink the cluster's resources such as nodes or cores according to the workload on the cluster. + potentialBenefits: Efficient, uninterrupted execution pgVerified: Preview publishedToLearn: false - publishedToAdvisor: false + publishedToAdvisor: false automationAvailable: no - tags: + tags: learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-auto-grow-shrink?view=hpc19-ps" + - name: Learn More + url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-auto-grow-shrink?view=hpc19-ps" - description: Use multiple head nodes for HPC Pack aprlGuid: a48b1be6-77a3-4e3c-8205-dda2ba010a99 - recommendationTypeId: + recommendationTypeId: recommendationControl: High Availability recommendationImpact: Medium recommendationResourceType: n/a recommendationMetadataState: Active longDescription: | Establish a cluster with a minimum of two head nodes. In the event of a head node failure, the active HPC Service will be automatically transferred from the affected head node to another functioning one. - potentialBenefits: Enhanced reliability for HPC + potentialBenefits: Enhanced reliability for HPC pgVerified: Preview publishedToLearn: false - publishedToAdvisor: false + publishedToAdvisor: false automationAvailable: no - tags: + tags: learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#dealing-with-head-node-failure" + - name: Learn More + url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#dealing-with-head-node-failure" - description: Use HPC Pack Azure AD Integration or other highly available AD configuration aprlGuid: 37eec891-7880-4759-b597-7cd925512fe3 - recommendationTypeId: + recommendationTypeId: recommendationControl: High Availability recommendationImpact: High recommendationResourceType: n/a recommendationMetadataState: Active longDescription: | - When HPC failed to connect to the Domain controller, admin and user will not be able to connect to the HPC Service thus not able to manage and submit jobs to the cluster. - potentialBenefits: Enhanced reliability & job management + When HPC failed to connect to the Domain controller, admin and user will not be able to connect to the HPC Service thus not able to manage and submit jobs to the cluster. + potentialBenefits: Enhanced reliability and job management pgVerified: Preview publishedToLearn: false - publishedToAdvisor: false + publishedToAdvisor: false automationAvailable: no - tags: + tags: learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#dealing-with-ad-failure" - + - name: Learn More + url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#dealing-with-ad-failure" diff --git a/azure-specialized-workloads/recommendations.yaml b/azure-specialized-workloads/recommendations.yaml index 578f4feba..0010242d2 100644 --- a/azure-specialized-workloads/recommendations.yaml +++ b/azure-specialized-workloads/recommendations.yaml @@ -64,7 +64,7 @@ recommendationMetadataState: Active longDescription: | When HPC failed to connect to the Domain controller, admin and user will not be able to connect to the HPC Service thus not able to manage and submit jobs to the cluster. - potentialBenefits: Enhanced reliability & job management + potentialBenefits: Enhanced reliability and job management pgVerified: Preview publishedToLearn: false publishedToAdvisor: false @@ -109,7 +109,7 @@ recommendationResourceType: n/a recommendationMetadataState: Active longDescription: | - Use Virtual Machines Scale Set (VMSS) with flexible orchestration to distribute the virtual machines across specified zones and within each zone to also distribute VMs across different fault domains within the zone on a best effort basis. Configure VMSS Flex following Microsoft recommendation for SAP workload using the right mode and correct settings. If you aren't currently using VMSS Flex for SAP application servers and also not using Availability Sets with Fault domain & Update domain distribution, then you should consider moving to VMSS Flex architecture to improve the resiliency posture of your SAP deployment. The following blog post in links below outlines the details on the process of migrating existing SAP workloads that are deployed in an availability set or availability zone to a flexible scale set with FD=1 deployment option. + Use Virtual Machines Scale Set (VMSS) with flexible orchestration to distribute the virtual machines across specified zones and within each zone to also distribute VMs across different fault domains within the zone on a best effort basis. Configure VMSS Flex following Microsoft recommendation for SAP workload using the right mode and correct settings. If you aren't currently using VMSS Flex for SAP application servers and also not using Availability Sets with Fault domain and Update domain distribution, then you should consider moving to VMSS Flex architecture to improve the resiliency posture of your SAP deployment. The following blog post in links below outlines the details on the process of migrating existing SAP workloads that are deployed in an availability set or availability zone to a flexible scale set with FD=1 deployment option. potentialBenefits: Enhanced resiliency for SAP on Azure pgVerified: Verified publishedToLearn: false @@ -286,7 +286,7 @@ Warm standby involves keeping VMs in the DR region running. On-demand Capacity R recommendationMetadataState: Active longDescription: | SAP components such as (A)SCS, application servers, WebDispatchers, etc are backed up to DR location using an appropriate backup tool or ASR. - potentialBenefits: Ensures SAP data safety & recovery + potentialBenefits: Ensures SAP data safety and recovery pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -364,7 +364,7 @@ Test a wide range of failure scenarios, including regional outages. Testing shou recommendationMetadataState: Active longDescription: | For an SAP solution hosted on Azure it is imperative to implement a robust monitoring and alerting solution that comprehensively covers DR of each layer of the SAP architecture. Given the complexity of SAP systems, which span multiple layers using diverse technologies and Azure resources, each with potentially distinct DR replication mechanisms, an appropriate monitoring strategy is crucial. The different layers include database, central services, application, and shared file systems. - potentialBenefits: Improved DR oversight & rapid issue response + potentialBenefits: Improved DR oversight and rapid issue response pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-specialized-workloads/sap/recommendations-sap.yaml b/azure-specialized-workloads/sap/recommendations-sap.yaml index 31582ee89..fa3740df6 100644 --- a/azure-specialized-workloads/sap/recommendations-sap.yaml +++ b/azure-specialized-workloads/sap/recommendations-sap.yaml @@ -33,7 +33,7 @@ recommendationResourceType: n/a recommendationMetadataState: Active longDescription: | - Use Virtual Machines Scale Set (VMSS) with flexible orchestration to distribute the virtual machines across specified zones and within each zone to also distribute VMs across different fault domains within the zone on a best effort basis. Configure VMSS Flex following Microsoft recommendation for SAP workload using the right mode and correct settings. If you aren't currently using VMSS Flex for SAP application servers and also not using Availability Sets with Fault domain & Update domain distribution, then you should consider moving to VMSS Flex architecture to improve the resiliency posture of your SAP deployment. The following blog post in links below outlines the details on the process of migrating existing SAP workloads that are deployed in an availability set or availability zone to a flexible scale set with FD=1 deployment option. + Use Virtual Machines Scale Set (VMSS) with flexible orchestration to distribute the virtual machines across specified zones and within each zone to also distribute VMs across different fault domains within the zone on a best effort basis. Configure VMSS Flex following Microsoft recommendation for SAP workload using the right mode and correct settings. If you aren't currently using VMSS Flex for SAP application servers and also not using Availability Sets with Fault domain and Update domain distribution, then you should consider moving to VMSS Flex architecture to improve the resiliency posture of your SAP deployment. The following blog post in links below outlines the details on the process of migrating existing SAP workloads that are deployed in an availability set or availability zone to a flexible scale set with FD=1 deployment option. potentialBenefits: Enhanced resiliency for SAP on Azure pgVerified: Verified publishedToLearn: false @@ -210,7 +210,7 @@ Warm standby involves keeping VMs in the DR region running. On-demand Capacity R recommendationMetadataState: Active longDescription: | SAP components such as (A)SCS, application servers, WebDispatchers, etc are backed up to DR location using an appropriate backup tool or ASR. - potentialBenefits: Ensures SAP data safety & recovery + potentialBenefits: Ensures SAP data safety and recovery pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -287,7 +287,7 @@ Test a wide range of failure scenarios, including regional outages. Testing shou recommendationMetadataState: Active longDescription: | For an SAP solution hosted on Azure it is imperative to implement a robust monitoring and alerting solution that comprehensively covers DR of each layer of the SAP architecture. Given the complexity of SAP systems, which span multiple layers using diverse technologies and Azure resources, each with potentially distinct DR replication mechanisms, an appropriate monitoring strategy is crucial. The different layers include database, central services, application, and shared file systems. - potentialBenefits: Improved DR oversight & rapid issue response + potentialBenefits: Improved DR oversight and rapid issue response pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-specialized-workloads/sap/recommendations.yaml b/azure-specialized-workloads/sap/recommendations.yaml index 9630fcd4b..0199cfee8 100644 --- a/azure-specialized-workloads/sap/recommendations.yaml +++ b/azure-specialized-workloads/sap/recommendations.yaml @@ -25,7 +25,7 @@ recommendationResourceType: n/a recommendationMetadataState: Active longDescription: | - Use Virtual Machines Scale Set (VMSS) with flexible orchestration to distribute the virtual machines across specified zones and within each zone to also distribute VMs across different fault domains within the zone on a best effort basis. Configure VMSS Flex following Microsoft recommendation for SAP workload using the right mode and correct settings. If you aren't currently using VMSS Flex for SAP application servers and also not using Availability Sets with Fault domain & Update domain distribution, then you should consider moving to VMSS Flex architecture to improve the resiliency posture of your SAP deployment. The following blog post in links below outlines the details on the process of migrating existing SAP workloads that are deployed in an availability set or availability zone to a flexible scale set with FD=1 deployment option. + Use Virtual Machines Scale Set (VMSS) with flexible orchestration to distribute the virtual machines across specified zones and within each zone to also distribute VMs across different fault domains within the zone on a best effort basis. Configure VMSS Flex following Microsoft recommendation for SAP workload using the right mode and correct settings. If you aren't currently using VMSS Flex for SAP application servers and also not using Availability Sets with Fault domain and Update domain distribution, then you should consider moving to VMSS Flex architecture to improve the resiliency posture of your SAP deployment. The following blog post in links below outlines the details on the process of migrating existing SAP workloads that are deployed in an availability set or availability zone to a flexible scale set with FD=1 deployment option. potentialBenefits: Enhanced resiliency for SAP on Azure pgVerified: Verified publishedToLearn: false @@ -187,7 +187,7 @@ recommendationMetadataState: Active longDescription: | SAP components such as (A)SCS, application servers, WebDispatchers, etc are backed up to DR location using an appropriate backup tool or ASR. - potentialBenefits: Ensures SAP data safety & recovery + potentialBenefits: Ensures SAP data safety and recovery pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -265,7 +265,7 @@ recommendationMetadataState: Active longDescription: | For an SAP solution hosted on Azure it is imperative to implement a robust monitoring and alerting solution that comprehensively covers DR of each layer of the SAP architecture. Given the complexity of SAP systems, which span multiple layers using diverse technologies and Azure resources, each with potentially distinct DR replication mechanisms, an appropriate monitoring strategy is crucial. The different layers include database, central services, application, and shared file systems. - potentialBenefits: Improved DR oversight & rapid issue response + potentialBenefits: Improved DR oversight and rapid issue response pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-waf/define/recommendations.yaml b/azure-waf/define/recommendations.yaml index 6f36f1ba7..3dc6bd955 100644 --- a/azure-waf/define/recommendations.yaml +++ b/azure-waf/define/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Ensure the Availability Targets (SLA, SLO, SLI) are well defined, tested, monitored and communicated across teams working on the Workload. A Service Level Agreement (SLA) is an availability target that represents a commitment around performance and availability of the application. Understanding the SLA of individual components within the system is essential to define reliability targets. Knowing the SLA of dependencies will also provide a justification for additional spend when making the dependencies highly available and with proper support contracts. Availability targets for any dependencies leveraged by the application should be understood and ideally align with application targets should also be considered. Understanding your availability expectations is vital to reviewing overall operations for the application. For example, if you are striving to achieve an application Service Level Objective (SLO) of 99.999%, the level of inherent operational action required by the application is going to be far greater than if an SLO of 99.9% was the goal. - potentialBenefits: Enhances reliability & communication + potentialBenefits: Enhances reliability and communication pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -28,7 +28,7 @@ recommendationMetadataState: Active longDescription: | Ensure the Recovery Targets are well defined and communicated across teams working on the Workload. Two important metrics to consider are the recovery time objective and recovery point objective, as they pertain to disaster recovery. - Recovery time objective (RTO) is the maximum acceptable time that an application can be unavailable after an incident. If your RTO is 90 minutes, you must be able to restore the application to a running state within 90 minutes from the start of a disaster. If you have a very low RTO, you might keep a second regional deployment continually running an active/passive configuration on standby, to protect against a regional outage. In some cases, you might deploy an active/active configuration to achieve even lower RTO. - Recovery point objective (RPO) is the maximum duration of data loss that is acceptable during a disaster. For example, if you store data in a single database, with no replication to other databases, and perform hourly backups, you could lose up to an hour of data. RTO and RPO are non-functional requirements of a system and should be dictated by business requirements. To derive these values, it's a good idea to conduct a risk assessment, and clearly understanding the cost of downtime or data loss. Monitoring and measuring application availability is vital to qualifying overall application health and progress towards defined targets. Make sure you measure and monitor key targets such as: - Mean Time Between Failures (MTBF) - The average time between failures of a particular component. - Mean Time to Recover (MTTR) - The average time it takes to restore a component after a failure. - potentialBenefits: Improved recovery times & data loss prevention + potentialBenefits: Improved recovery times and data loss prevention pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -37,4 +37,3 @@ learnMoreLink: - name: Target functional and nonfunctional requirements url: "https://learn.microsoft.com/azure/well-architected/resiliency/design-requirements" - diff --git a/azure-waf/design/recommendations.yaml b/azure-waf/design/recommendations.yaml index 8593764bd..64eae57db 100644 --- a/azure-waf/design/recommendations.yaml +++ b/azure-waf/design/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Design your application architecture to use availability zones within a region. Availability zones can be used to optimize application availability within a region by providing datacenter-level fault tolerance. However, the application architecture must not share dependencies between zones to use them effectively. Consider if component proximity is required for application performance reasons. If all or part of the application is highly sensitive to latency, components might need to be co-located which can limit the applicability of multi-region and multi-zone strategies. - potentialBenefits: Enhanced app availability & fault tolerance + potentialBenefits: Enhanced app availability and fault tolerance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | If your application is deployed to a single region, and the region becomes unavailable, your application will also be unavailable. This might be unacceptable under the terms of your application's SLA. If so, consider deploying your application and its services across multiple regions. A multiregional deployment can use an active-active or active-passive configuration. An active-active configuration distributes requests across multiple active regions. An active-passive configuration keeps warm instances in the secondary region, but doesn't send traffic there unless the primary region fails. - potentialBenefits: Enhances app availability & SLA compliance + potentialBenefits: Enhances app availability and SLA compliance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -85,7 +85,7 @@ recommendationMetadataState: Active longDescription: | Azure provides elastic scalability and you should design to scale out. However, applications must leverage a scale-unit approach to navigate service and subscription limits to ensure that individual components and the application as a whole can scale horizontally. Don't forget about scale in, which is important to reduce cost. For example, scale in and out for App Service is done via rules. Often customers write scale out rules and never write scale in rules, which leaves the App Service more expensive. - potentialBenefits: Enhances scalability & cost efficiency + potentialBenefits: Enhances scalability and cost efficiency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -104,7 +104,7 @@ recommendationMetadataState: Active longDescription: | From a workload perspective, a landing zone refers to a prepared platform into which the application gets deployed. A landing zone implementation can have compute, data sources, access controls, and networking components already provisioned. With the required plumbing ready in place; the workload needs to plug into it. When considering the overall security, a landing zone offers centralized security capabilities that adds a threat mitigation layer for the workload. Implementations can vary but here are some common strategies that enhance the security posture. - Isolation through segmentation. You can isolate assets at several layers from Azure enrollment down to a subscription that has the resources for the workload. - Consistent adoption of organizational policies, enforce creation and deletion of services and their configuration through Azure Policy. - Configurations that align with principles of Zero Trust . For instance an implementation might have network connectivity to on-premises data centers. - potentialBenefits: Enhances security & speeds deployment + potentialBenefits: Enhances security and speeds deployment pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -142,7 +142,7 @@ recommendationMetadataState: Active longDescription: | Provide security assurance through identity management: the process of authenticating and authorizing security principals. Use identity management services to authenticate and grant permission to users, partners, customers, applications, services, and other entities. Identity management is typically a centralized function not controlled by the workload team as a part of the workload's architecture. - Define clear lines of responsibility and separation of duties for each function. Restrict access based on a need-to-know basis and least privilege security principles. - Assign permissions to users, groups, and applications at a certain scope through Azure RBAC. Use built-in roles when possible. - Prevent deletion or modification of a resource, resource group, or subscription through management locks. - Use managed identities to access resources in Azure. - potentialBenefits: Enhanced access control & security + potentialBenefits: Enhanced access control and security pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -161,7 +161,7 @@ recommendationMetadataState: Active longDescription: | Security is one of the most important aspects of any architecture. It provides the following assurances against deliberate attacks and abuse of your valuable data and systems: Confidentiality ,Integrity, and Availability. The security of complex systems depends on understanding the business context, social context, and technical context. As you design your system, cover these areas: - Ensure that the identity provider (AAD/ADFS/AD/Other) is highly available and aligns with application availability and recovery targets. - All external application endpoints are secured. - Communication to Azure PaaS services secured using Virtual Network Service Endpoints or Private Link. - Keys and secrets are backed-up to geo-redundant storage, and are still available in a failover case. - Ensure that the process for key rotation is automated and tested. - Emergency access break glass accounts have been tested and secured for recovering from Identity provider failure scenarios. - potentialBenefits: Minimizes downtime & data loss + potentialBenefits: Minimizes downtime and data loss pgVerified: Verified publishedToLearn: false publishedToAdvisor: false diff --git a/azure-waf/monitor/recommendations.yaml b/azure-waf/monitor/recommendations.yaml index 4b11553dd..9d62e9721 100644 --- a/azure-waf/monitor/recommendations.yaml +++ b/azure-waf/monitor/recommendations.yaml @@ -45,7 +45,7 @@ recommendationMetadataState: Active longDescription: | In this stage, telemetry data is presented so that an operator can quickly notice problems or trends. Examples include Workbook, Dashboards or email alerts. With Azure Workbooks and/or dashboards, you can build a single pane of glass view of monitoring graphs originating from Application Insights, Log Analytics, Azure Monitor metrics and service health. With Azure Monitor alerts, you can create alerts on service health and resource health. - potentialBenefits: Quick issue detection & response + potentialBenefits: Quick issue detection and response pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -83,7 +83,7 @@ recommendationMetadataState: Active longDescription: | Utilize Azure's built-in Resilience policies to audit and enforce resilient configurations of Azure services. Azure Policy helps to enforce organizational standards and to assess compliance at-scale. - potentialBenefits: Ensures compliance & upscale resilience + potentialBenefits: Ensures compliance and upscale resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -94,4 +94,3 @@ url: "https://github.com/Azure/azure-policy/tree/master/built-in-policies/policyDefinitions/Resilience" - name: Get policy compliance data url: "https://learn.microsoft.com/azure/governance/policy/how-to/get-compliance-data" - diff --git a/azure-waf/test/recommendations.yaml b/azure-waf/test/recommendations.yaml index 351e14f9f..6579f5f5a 100644 --- a/azure-waf/test/recommendations.yaml +++ b/azure-waf/test/recommendations.yaml @@ -7,7 +7,7 @@ recommendationMetadataState: Active longDescription: | Applications should be tested to ensure availability and resiliency. Availability describes the amount of time that an application runs in a healthy state without significant downtime. Resiliency describes how quickly an application recovers from failure. Being able to measure availability and resiliency can answer questions like: How much downtime is acceptable? How much does potential downtime cost your business? What are your availability requirements? How much do you invest in making your application highly available? What is the risk versus the cost? Testing plays a critical role in making sure your applications can meet these requirements. Key points: - Test regularly to validate existing thresholds, targets, and assumptions. - Automate testing as much as possible. - Perform testing on both key Test environments and the production environment. - Verify how the end-to-end workload performs under intermittent failure conditions. - Test the application against critical functional and nonfunctional requirements for performance. - Conduct load testing with expected peak volumes to Test scalability and performance under load. - Perform chaos testing by injecting faults. - potentialBenefits: Improves uptime & speeds recovery + potentialBenefits: Improves uptime and speeds recovery pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -26,7 +26,7 @@ recommendationMetadataState: Active longDescription: | In a distributed system, ensuring that your application can recover from errors is critical. You can test your applications to prevent errors and failure, but you need to prepare for a wide range of issues. Testing doesn't always catch everything, so you should understand how to handle errors and prevent potential failure. Many things in a distributed system, such as underlying cloud infrastructure and third-party runtime dependencies, are outside your span of control and your means to test. You can be sure something will fail eventually, so you need to be prepared. Key points: - Implement retry logic to handle transient application failures and transient failures with internal or external dependencies. - Uncover issues or failures in your application's retry logic. - Configure request timeouts to manage intercomponent calls. - Configure and test health probes for your load balancers and traffic managers. - Segregate read operations from update operations across application data stores. - potentialBenefits: Enhances recovery & error management + potentialBenefits: Enhances recovery and error management pgVerified: Verified publishedToLearn: false publishedToAdvisor: false @@ -92,4 +92,3 @@ learnMoreLink: - name: Test application fault resiliency url: "https://learn.microsoft.com/en-us/azure/azure-sql/database/high-availability-sla?view=azuresql&tabs=azure-powershell#testing-application-fault-resiliency" - From fe1b08fd727e192493f227a2a9dd131198c1deb3 Mon Sep 17 00:00:00 2001 From: "Rodrigo Reis Santos (AZURE)" Date: Wed, 10 Apr 2024 11:21:22 -0400 Subject: [PATCH 05/11] updates --- azure-resources/Compute/virtualMachines/recommendations.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/azure-resources/Compute/virtualMachines/recommendations.yaml b/azure-resources/Compute/virtualMachines/recommendations.yaml index caeee42d0..2cacc49a2 100644 --- a/azure-resources/Compute/virtualMachines/recommendations.yaml +++ b/azure-resources/Compute/virtualMachines/recommendations.yaml @@ -509,8 +509,7 @@ learnMoreLink: - name: Monitor scheduled events for your Azure VMs url: "https://learn.microsoft.com/azure/virtual-machines/windows/scheduled-event-service" - - name: Azure Metadata Service: Scheduled Events for Linux VMs + - name: Azure Metadata Service Scheduled Events for Linux VMs url: "https://learn.microsoft.com/azure/virtual-machines/linux/scheduled-events" - - name: Azure Metadata Service: Scheduled Events for Windows VMs + - name: Azure Metadata Service Scheduled Events for Windows VMs url: "https://learn.microsoft.com/azure/virtual-machines/windows/scheduled-events" - From a8aed51fa3a4f27ad24b8c939cc127b35af5ae19 Mon Sep 17 00:00:00 2001 From: "Rodrigo Reis Santos (AZURE)" Date: Wed, 10 Apr 2024 11:25:25 -0400 Subject: [PATCH 06/11] updates --- azure-waf/design/recommendations.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/azure-waf/design/recommendations.yaml b/azure-waf/design/recommendations.yaml index 64eae57db..964278679 100644 --- a/azure-waf/design/recommendations.yaml +++ b/azure-waf/design/recommendations.yaml @@ -35,7 +35,7 @@ learnMoreLink: - name: Design reliable Azure applications url: "https://learn.microsoft.com/azure/well-architected/resiliency/app-design" - - name: Cross-region replication in Azure: Business continuity and disaster recovery + - name: Cross-region replication in Azure Business continuity and disaster recovery url: "https://learn.microsoft.com/azure/reliability/cross-region-replication-azure" - description: Ensure that all fault-points and fault-modes are understood and operationalized @@ -170,4 +170,3 @@ learnMoreLink: - name: Security design principles url: "https://learn.microsoft.com/azure/well-architected/security/security-principles" - From 96e1fd3fb8e4322741e604e9a9bbe41b40a2e62a Mon Sep 17 00:00:00 2001 From: "Rodrigo Reis Santos (AZURE)" Date: Wed, 10 Apr 2024 11:33:51 -0400 Subject: [PATCH 07/11] updates --- .../hostPools/recommendations.yaml | 79 +++++++++---------- 1 file changed, 39 insertions(+), 40 deletions(-) diff --git a/azure-resources/DesktopVirtualization/hostPools/recommendations.yaml b/azure-resources/DesktopVirtualization/hostPools/recommendations.yaml index f9058538c..6c581adc8 100644 --- a/azure-resources/DesktopVirtualization/hostPools/recommendations.yaml +++ b/azure-resources/DesktopVirtualization/hostPools/recommendations.yaml @@ -6,9 +6,9 @@ recommendationResourceType: Microsoft.DesktopVirtualization/hostPools recommendationMetadataState: Active longDescription: | -At least one Validation Pool to have early warning if a planned update to AVD causes an issue. Also check that the host pool has been used regularly to test planned updates. -Host pools are a collection of one or more identical virtual machines within Azure Virtual Desktop environment. We highly recommend you create a validation host pool where service updates are applied first. Validation host pools let you monitor service updates before the service applies them to your standard or non-validation environment. Without a validation host pool, you may not discover changes that introduce errors, which could result in downtime for users in your standard environment. -To ensure your apps work with the latest updates, the validation host pool should be as similar to host pools in your non-validation environment as possible. Users should connect as frequently to the validation host pool as they do to the standard host pool. If you have automated testing on your host pool, you should include automated testing on the validation host pool. + At least one Validation Pool to have early warning if a planned update to AVD causes an issue. Also check that the host pool has been used regularly to test planned updates. + Host pools are a collection of one or more identical virtual machines within Azure Virtual Desktop environment. We highly recommend you create a validation host pool where service updates are applied first. Validation host pools let you monitor service updates before the service applies them to your standard or non-validation environment. Without a validation host pool, you may not discover changes that introduce errors, which could result in downtime for users in your standard environment. + To ensure your apps work with the latest updates, the validation host pool should be as similar to host pools in your non-validation environment as possible. Users should connect as frequently to the validation host pool as they do to the standard host pool. If you have automated testing on your host pool, you should include automated testing on the validation host pool. potentialBenefits: Early issue detection and testing for AVD updates pgVerified: Verified publishedToLearn: false @@ -27,8 +27,8 @@ To ensure your apps work with the latest updates, the validation host pool shoul recommendationResourceType: Microsoft.DesktopVirtualization/hostPools recommendationMetadataState: Active longDescription: | -Ensure schedules have been created to provide maintenance windows for AVD agent updates. -The Scheduled Agent Updates feature lets you create up to two maintenance windows for the Azure Virtual Desktop agent, side-by-side stack, and Geneva Monitoring agent to get updated so that updates don't happen during peak business hours. + Ensure schedules have been created to provide maintenance windows for AVD agent updates. + The Scheduled Agent Updates feature lets you create up to two maintenance windows for the Azure Virtual Desktop agent, side-by-side stack, and Geneva Monitoring agent to get updated so that updates don't happen during peak business hours. potentialBenefits: Minimizes disruptions, ensures updates pgVerified: Verified publishedToLearn: false @@ -47,10 +47,10 @@ The Scheduled Agent Updates feature lets you create up to two maintenance window recommendationResourceType: Microsoft.DesktopVirtualization/hostPools recommendationMetadataState: Active longDescription: | -At least one Validation Pool to have early warning if a planned update to AVD causes an issue. support to adjust limits based on your business requirements. To handle a large number of users, consider scaling horizontally by creating multiple host pools. -Also check that the host pool has been used regularly to test planned updates. -Host pools are a collection of one or more identical virtual machines within Azure Virtual Desktop environment. We highly recommend you create a validation host pool where service updates are applied first. Validation host pools let you monitor service updates before the service applies them to your standard or non-validation environment. Without a validation host pool, you may not discover changes that introduce errors, which could result in downtime for users in your standard environment. -To ensure your apps work with the latest updates, the validation host pool should be as similar to host pools in your non-validation environment as possible. Users should connect as frequently to the validation host pool as they do to the standard host pool. If you have automated testing on your host pool, you should include automated testing on the validation host pool. + At least one Validation Pool to have early warning if a planned update to AVD causes an issue. support to adjust limits based on your business requirements. To handle a large number of users, consider scaling horizontally by creating multiple host pools. + Also check that the host pool has been used regularly to test planned updates. + Host pools are a collection of one or more identical virtual machines within Azure Virtual Desktop environment. We highly recommend you create a validation host pool where service updates are applied first. Validation host pools let you monitor service updates before the service applies them to your standard or non-validation environment. Without a validation host pool, you may not discover changes that introduce errors, which could result in downtime for users in your standard environment. + To ensure your apps work with the latest updates, the validation host pool should be as similar to host pools in your non-validation environment as possible. Users should connect as frequently to the validation host pool as they do to the standard host pool. If you have automated testing on your host pool, you should include automated testing on the validation host pool. potentialBenefits: Early detection of update issues. pgVerified: Verified publishedToLearn: false @@ -128,8 +128,8 @@ To ensure your apps work with the latest updates, the validation host pool shoul recommendationResourceType: Microsoft.DesktopVirtualization/hostPools recommendationMetadataState: Active longDescription: | -NSG and ASG per AVD persona and IP space per Prod/DR regions. -It's important your organization plans for IP addressing in Azure. Planning ensures the IP address space doesn't overlap across on-premises locations and Azure regions. Overlapping IP address spaces across on-premises and Azure regions create major contention challenges. + NSG and ASG per AVD persona and IP space per Prod/DR regions. + It's important your organization plans for IP addressing in Azure. Planning ensures the IP address space doesn't overlap across on-premises locations and Azure regions. Overlapping IP address spaces across on-premises and Azure regions create major contention challenges. potentialBenefits: Enhances security and prevents IP conflicts pgVerified: Verified publishedToLearn: false @@ -167,9 +167,9 @@ It's important your organization plans for IP addressing in Azure. Planning ensu recommendationResourceType: Microsoft.DesktopVirtualization/hostPools recommendationMetadataState: Active longDescription: | -App Attach packages should be on a separate share from profiles. And App Attach files should be backed up. -Best practice is to separate App Attach VHD files in a separate file share away from user profiles, both for performance and scalability purposes. Requirements can vary greatly depending on how many packaged applications are stored in an image, and you need to test your applications to understand your requirements. -Your file share should be in the same Azure region as your session hosts. + App Attach packages should be on a separate share from profiles. And App Attach files should be backed up. + Best practice is to separate App Attach VHD files in a separate file share away from user profiles, both for performance and scalability purposes. Requirements can vary greatly depending on how many packaged applications are stored in an image, and you need to test your applications to understand your requirements. + Your file share should be in the same Azure region as your session hosts. potentialBenefits: Enhances performance and scalability pgVerified: Verified publishedToLearn: false @@ -188,8 +188,8 @@ Your file share should be in the same Azure region as your session hosts. recommendationResourceType: Microsoft.DesktopVirtualization/hostPools recommendationMetadataState: Active longDescription: | -Turn on Continuous Availability if using Azure Netapp Files. -Verify the number of users connecting to each file share to make sure the SMB path can handle the number of file connections. Currently, Azure Files supports up to 10k handles per root directory. + Turn on Continuous Availability if using Azure Netapp Files. + Verify the number of users connecting to each file share to make sure the SMB path can handle the number of file connections. Currently, Azure Files supports up to 10k handles per root directory. potentialBenefits: Enhanced stability and user limit checks pgVerified: Verified publishedToLearn: false @@ -284,8 +284,8 @@ Verify the number of users connecting to each file share to make sure the SMB pa recommendationResourceType: Microsoft.DesktopVirtualization/hostPools recommendationMetadataState: Active longDescription: | -Hybrid VMs should be in a unique OU. -When using AD-joined session hosts will benefit from using a unique OU to target specific AVD configurations per hostpool. Examples include Fslogix, time out limits, session controls, and much more. It�s also important to segment Prod and DR organization units to ensure resources are configured per environment. + Hybrid VMs should be in a unique OU. + When using AD-joined session hosts will benefit from using a unique OU to target specific AVD configurations per hostpool. Examples include Fslogix, time out limits, session controls, and much more. It�s also important to segment Prod and DR organization units to ensure resources are configured per environment. potentialBenefits: Improved AVD hostpool config and segmentation pgVerified: Verified publishedToLearn: false @@ -323,8 +323,7 @@ When using AD-joined session hosts will benefit from using a unique OU to target recommendationResourceType: Microsoft.DesktopVirtualization/hostPools recommendationMetadataState: Active longDescription: | -Establish a systematic process for handling image updates within your Azure Virtual Desktop environment. Instead of directly updating individual session hosts, create a new version of the updated image. This process involves creating and configuring a golden image with the necessary updates and configurations. Once the new image is prepared, replace existing session hosts with instances using the updated image. This approach ensures consistency across all session hosts and minimizes the risk of configuration drift. Additionally, it enables quick rollback to a previous image version in case of any issues with the update. Implementing this process helps streamline maintenance activities and ensures that all session hosts are up-to-date with the latest configurations and updates. -has context menu + Establish a systematic process for handling image updates within your Azure Virtual Desktop environment. Instead of directly updating individual session hosts, create a new version of the updated image. This process involves creating and configuring a golden image with the necessary updates and configurations. Once the new image is prepared, replace existing session hosts with instances using the updated image. This approach ensures consistency across all session hosts and minimizes the risk of configuration drift. Additionally, it enables quick rollback to a previous image version in case of any issues with the update. Implementing this process helps streamline maintenance activities and ensures that all session hosts are up-to-date with the latest configurations and updates. potentialBenefits: Ensures consistency; minimizes drift pgVerified: Verified publishedToLearn: false @@ -343,9 +342,9 @@ has context menu recommendationResourceType: Microsoft.DesktopVirtualization/hostPools recommendationMetadataState: Active longDescription: | -Use Service Health to stay informed about the health of the Azure services and regions that you use to insure their availability. -Set up Service Health alerts so that you stay aware of service issues, planned maintenance, or other changes that might affect your Azure Virtual Desktop resources. -Use Resource Health to monitor your VMs and storage solutions. + Use Service Health to stay informed about the health of the Azure services and regions that you use to insure their availability. + Set up Service Health alerts so that you stay aware of service issues, planned maintenance, or other changes that might affect your Azure Virtual Desktop resources. + Use Resource Health to monitor your VMs and storage solutions. potentialBenefits: Enhanced AVD uptime and awareness pgVerified: Verified publishedToLearn: false @@ -364,8 +363,8 @@ Use Resource Health to monitor your VMs and storage solutions. recommendationResourceType: Microsoft.DesktopVirtualization/hostPools recommendationMetadataState: Active longDescription: | -When using an AD DS identity solution with AVD, it is recommended to deploy domain controllers and DNS servers on Azure virtual machines across availability zones. This improves the environment�s reliability by removing a dependency on an on-premises service and improves performance by creating a shorter path for user authentication. -This recommendation is not relevant when you are utilizing Microsoft Entra as the identity provider. + When using an AD DS identity solution with AVD, it is recommended to deploy domain controllers and DNS servers on Azure virtual machines across availability zones. This improves the environment�s reliability by removing a dependency on an on-premises service and improves performance by creating a shorter path for user authentication. + This recommendation is not relevant when you are utilizing Microsoft Entra as the identity provider. potentialBenefits: Enhanced reliability and performance pgVerified: Verified publishedToLearn: false @@ -445,9 +444,9 @@ This recommendation is not relevant when you are utilizing Microsoft Entra as th recommendationResourceType: Microsoft.DesktopVirtualization/hostPools recommendationMetadataState: Active longDescription: | -Monitor and plan for subscription limits and API throttling limits. Closely monitor your Azure Virtual Desktop deployments, and keep track of resource usage within your subscription. By proactively monitoring capacity, you can identify potential challenges early on, and you can take suitable actions to avoid reaching limits. -Consider scaling across multiple subscriptions if further scaling is required, or work with Azure support to adjust limits based on your business requirements. -To handle a large number of users, consider scaling horizontally by creating multiple host pools. + Monitor and plan for subscription limits and API throttling limits. Closely monitor your Azure Virtual Desktop deployments, and keep track of resource usage within your subscription. By proactively monitoring capacity, you can identify potential challenges early on, and you can take suitable actions to avoid reaching limits. + Consider scaling across multiple subscriptions if further scaling is required, or work with Azure support to adjust limits based on your business requirements. + To handle a large number of users, consider scaling horizontally by creating multiple host pools. potentialBenefits: Avoids limits, ensures smooth scaling pgVerified: Verified publishedToLearn: false @@ -487,14 +486,15 @@ To handle a large number of users, consider scaling horizontally by creating mul recommendationResourceType: Microsoft.DesktopVirtualization/hostPools recommendationMetadataState: Active longDescription: | -It is important to ensure the redundancy of our user profiles when using FSLogix. When using FSLogix with AVD, it is deployed on a file share in a storage account. Data in an Azure Storage account is always replicated three times in the primary region. Below are the options for how your data is replicated in the primary or paired region: -LRS for least expensive replication (not recommended for apps with high availability and durability). -- LRS provides eleven 9s durability and replicates three time in a single physical location. -- ZRS is recommended for apps requiring high availability across zones. ZRS provides twelve 9s durability. Replicated across three availability zones -- GRS replicates an additional three copies to secondary region and provides sixteen 9s durability. -- GZRS provides both high availability and redundancy across geo replication. It provides sixteen 9s durability over a given year. + It is important to ensure the redundancy of our user profiles when using FSLogix. When using FSLogix with AVD, it is deployed on a file share in a storage account. Data in an Azure Storage account is always replicated three times in the primary region. Below are the options for how your data is replicated in the primary or paired region: + LRS for least expensive replication (not recommended for apps with high availability and durability) -Generally, it is recommended to store your data as secure and redundant as possible. + - LRS provides eleven 9s durability and replicates three time in a single physical location. + - ZRS is recommended for apps requiring high availability across zones. ZRS provides twelve 9s durability. Replicated across three availability zones + - GRS replicates an additional three copies to secondary region and provides sixteen 9s durability. + - GZRS provides both high availability and redundancy across geo replication. It provides sixteen 9s durability over a given year. + + Generally, it is recommended to store your data as secure and redundant as possible. potentialBenefits: Improves data durability and availability pgVerified: Verified publishedToLearn: false @@ -551,8 +551,8 @@ Generally, it is recommended to store your data as secure and redundant as possi recommendationResourceType: Microsoft.DesktopVirtualization/hostPools recommendationMetadataState: Active longDescription: | -Hybrid - Entra ID Connect best to run in Azure but can be hosted on-prem. Secondary or more VMs should be setup in staging mode in event of failover. -Set up secondary server in staging mode for Entra Connect for syncing to Entra in case of primary server outage. + Hybrid - Entra ID Connect best to run in Azure but can be hosted on-prem. Secondary or more VMs should be setup in staging mode in event of failover. + Set up secondary server in staging mode for Entra Connect for syncing to Entra in case of primary server outage. potentialBenefits: Improved failover reliability pgVerified: Verified publishedToLearn: false @@ -571,8 +571,8 @@ Set up secondary server in staging mode for Entra Connect for syncing to Entra i recommendationResourceType: Microsoft.DesktopVirtualization/hostPools recommendationMetadataState: Active longDescription: | -Ensure each region with session hosts has multiple domain controllers in the same region to support high availability with regards to identity. -For a hybrid scenario, each Azure region with AVD session hosts should have Active Directory Domain Controllers in Azure and use Availability Zones or Availability Sets for resilience within the region. This also mitigates dependency on ER/VPN/Inter-Azure dependencies. + Ensure each region with session hosts has multiple domain controllers in the same region to support high availability with regards to identity. + For a hybrid scenario, each Azure region with AVD session hosts should have Active Directory Domain Controllers in Azure and use Availability Zones or Availability Sets for resilience within the region. This also mitigates dependency on ER/VPN/Inter-Azure dependencies. potentialBenefits: Enhanced identity resilience pgVerified: Verified publishedToLearn: false @@ -641,4 +641,3 @@ For a hybrid scenario, each Azure region with AVD session hosts should have Acti learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/azure-virtual-desktop/enterprise-scale-landing-zone" - From 364c5b5453279089d082dbd07e4670c389fa70f0 Mon Sep 17 00:00:00 2001 From: "Rodrigo Reis Santos (AZURE)" Date: Wed, 10 Apr 2024 11:39:01 -0400 Subject: [PATCH 08/11] updates --- .../hpc/recommendations-hpc.yaml | 10 +- .../recommendations.yaml | 497 ------------------ .../sap/recommendations-sap.yaml | 187 ++++--- 3 files changed, 95 insertions(+), 599 deletions(-) delete mode 100644 azure-specialized-workloads/recommendations.yaml diff --git a/azure-specialized-workloads/hpc/recommendations-hpc.yaml b/azure-specialized-workloads/hpc/recommendations-hpc.yaml index 700df1750..58fe036d8 100644 --- a/azure-specialized-workloads/hpc/recommendations-hpc.yaml +++ b/azure-specialized-workloads/hpc/recommendations-hpc.yaml @@ -1,4 +1,4 @@ -- description: Ensure File shares that stores jobs metadata are accessible from all head nodes +- description: Ensure File shares that stores jobs metadata are accessible from all head nodes aprlGuid: 4c78fab4-845a-495d-ab14-3ad51de53a2a recommendationTypeId: null recommendationControl: High Availability @@ -15,7 +15,7 @@ tags: null learnMoreLink: - name: Learn More - url: https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#hpc-pack-cluster-shares + url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#hpc-pack-cluster-shares" - description: Automatically grow and shrink HPC Pack cluster resources aprlGuid: b02b5a0e-3770-44da-a099-5dd4d9f8cd70 @@ -34,7 +34,7 @@ tags: null learnMoreLink: - name: Learn More - url: https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-auto-grow-shrink?view=hpc19-ps + url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-auto-grow-shrink?view=hpc19-ps" - description: Use multiple head nodes for HPC Pack aprlGuid: a48b1be6-77a3-4e3c-8205-dda2ba010a99 @@ -53,7 +53,7 @@ tags: null learnMoreLink: - name: Learn More - url: https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#dealing-with-head-node-failure + url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#dealing-with-head-node-failure" - description: Use HPC Pack Azure AD Integration or other highly available AD configuration aprlGuid: 37eec891-7880-4759-b597-7cd925512fe3 @@ -72,4 +72,4 @@ tags: null learnMoreLink: - name: Learn More - url: https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#dealing-with-ad-failure + url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#dealing-with-ad-failure" diff --git a/azure-specialized-workloads/recommendations.yaml b/azure-specialized-workloads/recommendations.yaml deleted file mode 100644 index 0010242d2..000000000 --- a/azure-specialized-workloads/recommendations.yaml +++ /dev/null @@ -1,497 +0,0 @@ -- description: Ensure File shares that stores jobs metadata are accessible from all head nodes - aprlGuid: 4c78fab4-845a-495d-ab14-3ad51de53a2a - recommendationTypeId: null - recommendationControl: High Availability - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - Currently in all HPC Pack ARM templates we create the cluster share on one of the head node which is not highly available. - potentialBenefits: Enhances job metadata availability - pgVerified: Preview - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#hpc-pack-cluster-shares" - -- description: Automatically grow and shrink HPC Pack cluster resources - aprlGuid: b02b5a0e-3770-44da-a099-5dd4d9f8cd70 - recommendationTypeId: null - recommendationControl: Scalability - recommendationImpact: Medium - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - By deploying Azure "burst" nodes (both Windows and Linux) in your HPC Pack cluster or creating your HPC Pack cluster in Azure, you can automatically grow or shrink the cluster's resources such as nodes or cores according to the workload on the cluster. - potentialBenefits: Efficient, uninterrupted execution - pgVerified: Preview - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-auto-grow-shrink?view=hpc19-ps" - -- description: Use multiple head nodes for HPC Pack - aprlGuid: a48b1be6-77a3-4e3c-8205-dda2ba010a99 - recommendationTypeId: null - recommendationControl: High Availability - recommendationImpact: Medium - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - Establish a cluster with a minimum of two head nodes. In the event of a head node failure, the active HPC Service will be automatically transferred from the affected head node to another functioning one. - potentialBenefits: Enhanced reliability for HPC - pgVerified: Preview - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#dealing-with-head-node-failure" - -- description: Use HPC Pack Azure AD Integration or other highly available AD configuration - aprlGuid: 37eec891-7880-4759-b597-7cd925512fe3 - recommendationTypeId: null - recommendationControl: High Availability - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - When HPC failed to connect to the Domain controller, admin and user will not be able to connect to the HPC Service thus not able to manage and submit jobs to the cluster. - potentialBenefits: Enhanced reliability and job management - pgVerified: Preview - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#dealing-with-ad-failure" - -- description: Ensure that each SAP production system is designed for high availability across availability zones - aprlGuid: a9b649a5-2bfe-40ca-9b8f-34f9c71dfa12 - recommendationTypeId: null - recommendationControl: High Availability - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - Azure Availability Zones are physically separate locations within each Azure region that are tolerant to local failures. Use availability zones to protect your applications and data against unlikely data center failures. Ensure each single point of failure of each SAP production system is protected with high availability using multiple availability zones. If you cannot deploy across different zones in a region, then refer to Microsoft guidance for High availability deployment options for SAP workload. - potentialBenefits: High availability for SAP systems - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: SAP ACSS Quality Insights - url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" - - name: OpenSource Inventory Checks - url: "https://aka.ms/ACESInventoryCheckSAP" - - name: OpenSource Quality Checks - url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" - - name: Move Regional SAP HA to Zonal - url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/Move-VM-from-AvSet-to-AvZone/Move-Regional-SAP-HA-To-Zonal-SAP-HA-WhitePaper" - - name: High Availability Deployment Options for SAP - url: "https://learn.microsoft.com/en-us/azure/sap/workloads/sap-high-availability-architecture-scenarios#high-availability-deployment-options-for-sap-workload" - -- description: Run SAP application servers on two or more VMs using VMSS Flex - aprlGuid: 49bd34ab-d117-4b0e-99f8-34cc8a5394bc - recommendationTypeId: null - recommendationControl: High Availability - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - Use Virtual Machines Scale Set (VMSS) with flexible orchestration to distribute the virtual machines across specified zones and within each zone to also distribute VMs across different fault domains within the zone on a best effort basis. Configure VMSS Flex following Microsoft recommendation for SAP workload using the right mode and correct settings. If you aren't currently using VMSS Flex for SAP application servers and also not using Availability Sets with Fault domain and Update domain distribution, then you should consider moving to VMSS Flex architecture to improve the resiliency posture of your SAP deployment. The following blog post in links below outlines the details on the process of migrating existing SAP workloads that are deployed in an availability set or availability zone to a flexible scale set with FD=1 deployment option. - potentialBenefits: Enhanced resiliency for SAP on Azure - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: OpenSource Inventory Checks - url: "https://aka.ms/ACESInventoryCheckSAP" - - name: Virtual machine Scale Set SAP Deployment Guide - url: "https://learn.microsoft.com/en-us/azure/sap/workloads/virtual-machine-scale-set-sap-deployment-guide" - - name: Considerations for Flexible VM Scale Sets for SAP - url: "https://learn.microsoft.com/en-us/azure/sap/workloads/virtual-machine-scale-set-sap-deployment-guide?tabs=scaleset-cli#important-consideration-of-flexible-virtual-machine-scale-sets-for-sap-workload" - - name: Migrate existing SAP system VMs to VMSS Flex - url: "https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/how-to-easily-migrate-an-existing-sap-system-vms-to-flexible/ba-p/3833548" - -- description: If using single-instance VMs all OS and data disks must be Premium SSD or Ultra Disk - aprlGuid: b60ae773-9917-4bca-8a42-7cb45365a917 - recommendationTypeId: null - recommendationControl: High Availability - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - For single-instance VMs, both OS and data disks must be either Premium SSD or Ultra Disk to achieve the single-instance SLA of 99.9% availability. - potentialBenefits: Higher SLA of 99.9% with SSDs - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: SAP ACSS Insights - url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" - - name: OpenSource Inventory Checks - url: "https://aka.ms/ACESInventoryCheckSAP" - - name: OpenSource Quality Checks - url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" - - name: VM SLA - url: "https://www.azure.cn/en-us/support/sla/virtual-machines/" - - name: SAP Storage Planning Guide - url: "https://learn.microsoft.com/en-us/azure/sap/workloads/planning-guide-storage" - -- description: Ensure that the data is replicated synchronously (SYNC mode) between the primary and secondary database hosting VM nodes - aprlGuid: 094400a5-f112-408d-a334-afd68873ff0f - recommendationTypeId: null - recommendationControl: High Availability - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - High availability for databases should be implemented using database native replication technologies and the data should be replicated synchronously that is in SYNC mode from primary database to a stand-by node. - potentialBenefits: Ensures high availability for SAP data - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: SAP ACSS Insights - url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" - - name: OpenSource Quality Checks - url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" - -- description: Ensure that SAP shared file systems are designed for high availability and when possible using availability zones - aprlGuid: e09ca960-20b7-4831-b85b-83ec84c1390e - recommendationTypeId: null - recommendationControl: High Availability - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | -SAP shared file systems such as /sapmnt, /usr/trans, interfaces should be made highly available. -In case of Azure File Shares, we recommend that you use ZRS (Zone-redundant storage) and for Azure NetApp Files use Zonal replication for your volumes. - potentialBenefits: Enhanced data availability for SAP - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: OpenSource Inventory Checks - url: "https://aka.ms/ACESInventoryCheckSAP" - -- description: Test high availability solutions thoroughly to ensure fail overs work as expected - aprlGuid: 5663a808-56be-49ea-8d5c-c5dfc6925f76 - recommendationTypeId: null - recommendationControl: High Availability - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | -Test all high availability solutions thoroughly (including kernel panic in Linux VMs and also fail-back). Include zonal failure scenarios in your testing, the testing should confirm that each layer of your SAP solution including database, central services, application servers and shared file systems is configured correctly for zone redundancy, the solution meets RPO = 0 and the application fails over automatically meeting your RTO. -The fail back can be either automatic or manual. - potentialBenefits: Ensures SAP Azure's failover reliability - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: Test Cases - url: "https://learn.microsoft.com/en-us/azure/sap/workloads/sap-hana-high-availability?tabs=lb-portal#test-the-cluster-setup" - -- description: Remove unwanted location constraints from Linux Pacemaker clusters - aprlGuid: 1b8a3051-dfd4-4780-bfb7-446296774029 - recommendationTypeId: null - recommendationControl: High Availability - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | -When executing a migrate command in a Linux Pacemaker cluster, the system generates a temporary "prefer" location constraint, aiming to move a resource to a specified node. This constraint prioritizes the target node for the resource temporarily without permanently altering the cluster�s configuration. - -During planned maintenances and fail over testing, you can leverage the migrate command for temporary resource relocation during maintenance or administrative tasks to ensure minimal disruption. This constraint is not permanent and does not survive reboots or cluster resets. It's designed for short-term adjustments. - -Once the planned task necessitating the resource migration is complete, manually remove the temporary constraint to revert to the cluster's original resource management policies. -This approach allows for controlled resource movement within the cluster, facilitating maintenance while preserving the integrity and efficiency of the cluster's configuration. - potentialBenefits: Enhanced maintenance and failover handling - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - -- description: Secure compute resource capacity for critical VM roles in DR region - aprlGuid: 820b4c0c-8a74-442a-8ba7-b0cb840cd983 - recommendationTypeId: null - recommendationControl: Disaster Recovery - recommendationImpact: Medium - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | -To ensure the availability of compute resources for critical VM roles in a DR region, consider securing capacity either through a warm standby approach or by utilizing Azure's On-demand Capacity Reservation. - -Warm standby involves keeping VMs in the DR region running. On-demand Capacity Reservation, on the other hand, reserves compute capacity without having to run the VMs, allowing you to start them when needed. When DR VMs are not needed, the reserved capacity may safely be used to run other workloads without the risk of losing the capacity to other customers. This strategy guarantees resource availability for your critical workloads in the event of a disaster, balancing cost and readiness. - potentialBenefits: Guarantees DR region availability - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: Capacity Reservation - url: "https://learn.microsoft.com/en-us/azure/virtual-machines/capacity-reservation-overview" - -- description: Ensure that the production databases are replicated (ASYNC) to DR location using the database vendor's replication technology - aprlGuid: fb8bdcee-d88f-408d-8572-a76a4aaa733b - recommendationTypeId: null - recommendationControl: Disaster Recovery - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - Replicate production databases (ASYNC) to the DR location using the database vendor�s replication technology. - potentialBenefits: Enhanced DR resilience - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: SAP Disaster Recovery Guide - url: "https://learn.microsoft.com/en-us/azure/sap/workloads/disaster-recovery-sap-guide?tabs=windows" - -- description: SAP components are backed up to DR location using an appropriate backup tool or ASR - aprlGuid: 41f0d88e-7866-4444-aac4-ef5fee3e6874 - recommendationTypeId: null - recommendationControl: Disaster Recovery - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - SAP components such as (A)SCS, application servers, WebDispatchers, etc are backed up to DR location using an appropriate backup tool or ASR. - potentialBenefits: Ensures SAP data safety and recovery - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: SAP ACSS Insights - url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" - - name: OpenSource Inventory Checks - url: "https://aka.ms/ACESInventoryCheckSAP" - -- description: SAP shared files systems are replicated or backed up to DR location - aprlGuid: ee4dc309-00a1-49fe-92fa-1724baf5f103 - recommendationTypeId: null - recommendationControl: Disaster Recovery - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - Implementing robust monitoring and alerting for DR in SAP on Azure ensures coverage across its complex, multi-layer architecture. This strategy is crucial for databases, services, applications, and shared systems. - potentialBenefits: Enhances SAP DR oversight - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: DR Guidance - url: "https://learn.microsoft.com/en-us/azure/sap/workloads/disaster-recovery-sap-guide?tabs=windows" - -- description: Automate DR infrastructure build or pre-deploy DR resources - aprlGuid: 0fabc52e-cdbb-4acd-8626-c4c637061e2d - recommendationTypeId: null - recommendationControl: Disaster Recovery - recommendationImpact: Medium - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - Automate the build of disaster recovery (DR) infrastructure (or pre-deploy DR resources) and streamline SAP service recovery as much as possible. - potentialBenefits: Faster SAP recovery, reduced downtime - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - -- description: Document and test DR procedure ensure it meets RPO and RTO targets - aprlGuid: c300e949-528d-4ac9-889b-cacf8b4a6e90 - recommendationTypeId: null - recommendationControl: Disaster Recovery - recommendationImpact: Medium - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | -Create detailed documentation of your DR procedures for each layer of the SAP architecture-database, central services, application servers, and shared file systems. This documentation should include configuration details, failover mechanisms, and step-by-step recovery procedures. - -Test a wide range of failure scenarios, including regional outages. Testing should confirm that your DR strategy is robust, meets your RPO and RTO targets, and provides seamless failover across all layers of the SAP architecture. This will ensure a comprehensive and resilient DR strategy capable of withstanding regional failures and ensuring business continuity. - potentialBenefits: Ensures robust DR, meets RPO/RTO - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - -- description: Ensure there is a robust monitoring and alerting solution in place for the entire DR solution - aprlGuid: c27134b7-6917-4852-8276-3dbef5c71578 - recommendationTypeId: null - recommendationControl: Disaster Recovery - recommendationImpact: Medium - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - For an SAP solution hosted on Azure it is imperative to implement a robust monitoring and alerting solution that comprehensively covers DR of each layer of the SAP architecture. Given the complexity of SAP systems, which span multiple layers using diverse technologies and Azure resources, each with potentially distinct DR replication mechanisms, an appropriate monitoring strategy is crucial. The different layers include database, central services, application, and shared file systems. - potentialBenefits: Improved DR oversight and rapid issue response - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - -- description: Configure scheduled events notification - aprlGuid: 6b589ce6-c847-4cee-af35-f6e8eb1cf983 - recommendationTypeId: null - recommendationControl: Monitoring and Alerting - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | -Scheduled events is an Azure Metadata Services that provides proactive notifications about upcoming maintenance events (for example, reboot) so that your application can prepare for them and limit disruption. You should configure scheduled events for all your critical Azure VMs. - - -Resource agent azure-events-az can also integrate with Pacemaker clusters. - -To ensure high availability and service continuity in your Azure VMs, you should configure the azure-events-az resource agent within your Pacemaker clusters. This agent monitors for scheduled Azure maintenance events and can proactively relocate resources for a graceful node shutdown. Configure the agent to monitor specific event types such as Reboot and Redeploy, and enable verbose logging for detailed diagnostics. - - - -In addition, it is also important that you define a procedure on how to react to scheduled events. - potentialBenefits: Proactive maintenance awareness - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: VM Scheduled Events - url: "https://learn.microsoft.com/en-us/azure/virtual-machines/linux/scheduled-events" - - name: Configure Pacemaker for Azure Scheduled Events - url: "https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker?tabs=msi#configure-pacemaker-for-azure-scheduled-events" - -- description: ASCS-Pacemaker (Central Server Instance) Ensure Pacemaker cluster has been setup for SAP ASCS high availability - aprlGuid: 9d8f6678-694c-4da4-8384-415201f65194 - recommendationTypeId: null - recommendationControl: High Availability - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - For the ASCS-Pacemaker (Central Server Instance), ensure that the Pacemaker cluster configuration parameters are correctly set up for SAP ASCS high availability. - potentialBenefits: Enhances SAP ASCS uptime - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: SAP ACSS Insights - url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" - - name: OpenSource Quality Checks - url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" - - name: ASCS-Pacemaker - Central Server Instance - url: "https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations" - -- description: ASCS-LB (Central Server Instance) Ensure the load balancer is configured correctly for SAP ASCS High availability - aprlGuid: 5c2e52d0-25be-4b1c-833c-b98b5ef1a26b - recommendationTypeId: null - recommendationControl: High Availability - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - For the ASCS-LB (Central Server Instance), ensure that the load balancer is configured correctly for SAP ASCS high availability. - potentialBenefits: Enhanced HA for SAP ASCS - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: SAP ACSS Insights - url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" - - name: OpenSource Quality Checks - url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" - - name: ASCS-LB - Central Server Instance - url: "https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations" - -- description: DBHANA-Pacemaker (Database Instance) Ensure the Pacemaker cluster has been setup for SAP HANA DB high availability - aprlGuid: 6648fe61-880d-4a96-8d2d-190a23d5580b - recommendationTypeId: null - recommendationControl: High Availability - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - For the DBHANA-Pacemaker (Database Instance), ensure that the Pacemaker cluster configuration parameters are correctly set up for SAP HANA DB high availability. - potentialBenefits: Enhances SAP HANA DB uptime - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: SAP ACSS Insights - url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" - - name: OpenSource Quality Checks - url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" - - name: DBHANA-Pacemaker - Database Instance - url: "https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations" - -- description: DBHANA-LB (Database Instance) Ensure the load balancer is configured correctly for SAP HANA DB High availability - aprlGuid: 2e4c2171-a83f-4238-a8e3-b51c90d86a99 - recommendationTypeId: null - recommendationControl: High Availability - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - For the DBHANA-LB (Database Instance), make sure the load balancer is configured correctly for SAP HANA DB high availability. - potentialBenefits: Enhanced DB availability - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: SAP ACSS Insights - url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" - - name: OpenSource Quality Checks - url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" - - name: DBHANA-LB- Database Instance - url: "https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations" - diff --git a/azure-specialized-workloads/sap/recommendations-sap.yaml b/azure-specialized-workloads/sap/recommendations-sap.yaml index fa3740df6..cdb952a05 100644 --- a/azure-specialized-workloads/sap/recommendations-sap.yaml +++ b/azure-specialized-workloads/sap/recommendations-sap.yaml @@ -14,16 +14,16 @@ automationAvailable: no tags: null learnMoreLink: - - name: SAP ACSS Quality Insights - url: https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights - - name: OpenSource Inventory Checks - url: https://aka.ms/ACESInventoryCheckSAP - - name: OpenSource Quality Checks - url: https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck - - name: Move Regional SAP HA to Zonal - url: https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/Move-VM-from-AvSet-to-AvZone/Move-Regional-SAP-HA-To-Zonal-SAP-HA-WhitePaper - - name: High Availability Deployment Options for SAP - url: https://learn.microsoft.com/en-us/azure/sap/workloads/sap-high-availability-architecture-scenarios#high-availability-deployment-options-for-sap-workload + - name: SAP ACSS Quality Insights + url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Inventory Checks + url: "https://aka.ms/ACESInventoryCheckSAP" + - name: OpenSource Quality Checks + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" + - name: Move Regional SAP HA to Zonal + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/Move-VM-from-AvSet-to-AvZone/Move-Regional-SAP-HA-To-Zonal-SAP-HA-WhitePaper" + - name: High Availability Deployment Options for SAP + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/sap-high-availability-architecture-scenarios#high-availability-deployment-options-for-sap-workload" - description: Run SAP application servers on two or more VMs using VMSS Flex aprlGuid: 49bd34ab-d117-4b0e-99f8-34cc8a5394bc @@ -41,14 +41,14 @@ automationAvailable: no tags: null learnMoreLink: - - name: OpenSource Inventory Checks - url: https://aka.ms/ACESInventoryCheckSAP - - name: Virtual machine Scale Set SAP Deployment Guide - url: https://learn.microsoft.com/en-us/azure/sap/workloads/virtual-machine-scale-set-sap-deployment-guide - - name: Considerations for Flexible VM Scale Sets for SAP - url: https://learn.microsoft.com/en-us/azure/sap/workloads/virtual-machine-scale-set-sap-deployment-guide?tabs=scaleset-cli#important-consideration-of-flexible-virtual-machine-scale-sets-for-sap-workload - - name: Migrate existing SAP system VMs to VMSS Flex - url: https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/how-to-easily-migrate-an-existing-sap-system-vms-to-flexible/ba-p/3833548 + - name: OpenSource Inventory Checks + url: "https://aka.ms/ACESInventoryCheckSAP" + - name: Virtual machine Scale Set SAP Deployment Guide + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/virtual-machine-scale-set-sap-deployment-guide" + - name: Considerations for Flexible VM Scale Sets for SAP + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/virtual-machine-scale-set-sap-deployment-guide?tabs=scaleset-cli#important-consideration-of-flexible-virtual-machine-scale-sets-for-sap-workload" + - name: Migrate existing SAP system VMs to VMSS Flex + url: "https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/how-to-easily-migrate-an-existing-sap-system-vms-to-flexible/ba-p/3833548" - description: If using single-instance VMs all OS and data disks must be Premium SSD or Ultra Disk aprlGuid: b60ae773-9917-4bca-8a42-7cb45365a917 @@ -66,16 +66,16 @@ automationAvailable: no tags: null learnMoreLink: - - name: SAP ACSS Insights - url: https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights - - name: OpenSource Inventory Checks - url: https://aka.ms/ACESInventoryCheckSAP - - name: OpenSource Quality Checks - url: https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck - - name: VM SLA - url: https://www.azure.cn/en-us/support/sla/virtual-machines/ - - name: SAP Storage Planning Guide - url: https://learn.microsoft.com/en-us/azure/sap/workloads/planning-guide-storage + - name: SAP ACSS Insights + url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Inventory Checks + url: "https://aka.ms/ACESInventoryCheckSAP" + - name: OpenSource Quality Checks + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" + - name: VM SLA + url: "https://www.azure.cn/en-us/support/sla/virtual-machines/" + - name: SAP Storage Planning Guide + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/planning-guide-storage" - description: Ensure that the data is replicated synchronously (SYNC mode) between the primary and secondary database hosting VM nodes aprlGuid: 094400a5-f112-408d-a334-afd68873ff0f @@ -93,10 +93,10 @@ automationAvailable: no tags: null learnMoreLink: - - name: SAP ACSS Insights - url: https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights - - name: OpenSource Quality Checks - url: https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck + - name: SAP ACSS Insights + url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Quality Checks + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" - description: Ensure that SAP shared file systems are designed for high availability and when possible using availability zones aprlGuid: e09ca960-20b7-4831-b85b-83ec84c1390e @@ -106,8 +106,8 @@ recommendationResourceType: n/a recommendationMetadataState: Active longDescription: | -SAP shared file systems such as /sapmnt, /usr/trans, interfaces should be made highly available. -In case of Azure File Shares, we recommend that you use ZRS (Zone-redundant storage) and for Azure NetApp Files use Zonal replication for your volumes. + SAP shared file systems such as /sapmnt, /usr/trans, interfaces should be made highly available. + In case of Azure File Shares, we recommend that you use ZRS (Zone-redundant storage) and for Azure NetApp Files use Zonal replication for your volumes. potentialBenefits: Enhanced data availability for SAP pgVerified: Verified publishedToLearn: false @@ -115,8 +115,8 @@ In case of Azure File Shares, we recommend that you use ZRS (Zone-redundant stor automationAvailable: no tags: null learnMoreLink: - - name: OpenSource Inventory Checks - url: https://aka.ms/ACESInventoryCheckSAP + - name: OpenSource Inventory Checks + url: "https://aka.ms/ACESInventoryCheckSAP" - description: Test high availability solutions thoroughly to ensure fail overs work as expected aprlGuid: 5663a808-56be-49ea-8d5c-c5dfc6925f76 @@ -126,8 +126,8 @@ In case of Azure File Shares, we recommend that you use ZRS (Zone-redundant stor recommendationResourceType: n/a recommendationMetadataState: Active longDescription: | -Test all high availability solutions thoroughly (including kernel panic in Linux VMs and also fail-back). Include zonal failure scenarios in your testing, the testing should confirm that each layer of your SAP solution including database, central services, application servers and shared file systems is configured correctly for zone redundancy, the solution meets RPO = 0 and the application fails over automatically meeting your RTO. -The fail back can be either automatic or manual. + Test all high availability solutions thoroughly (including kernel panic in Linux VMs and also fail-back). Include zonal failure scenarios in your testing, the testing should confirm that each layer of your SAP solution including database, central services, application servers and shared file systems is configured correctly for zone redundancy, the solution meets RPO = 0 and the application fails over automatically meeting your RTO. + The fail back can be either automatic or manual. potentialBenefits: Ensures SAP Azure's failover reliability pgVerified: Verified publishedToLearn: false @@ -135,8 +135,8 @@ The fail back can be either automatic or manual. automationAvailable: no tags: null learnMoreLink: - - name: Test Cases - url: https://learn.microsoft.com/en-us/azure/sap/workloads/sap-hana-high-availability?tabs=lb-portal#test-the-cluster-setup + - name: Test Cases + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/sap-hana-high-availability?tabs=lb-portal#test-the-cluster-setup" - description: Remove unwanted location constraints from Linux Pacemaker clusters aprlGuid: 1b8a3051-dfd4-4780-bfb7-446296774029 @@ -146,12 +146,12 @@ The fail back can be either automatic or manual. recommendationResourceType: n/a recommendationMetadataState: Active longDescription: | -When executing a migrate command in a Linux Pacemaker cluster, the system generates a temporary "prefer" location constraint, aiming to move a resource to a specified node. This constraint prioritizes the target node for the resource temporarily without permanently altering the cluster�s configuration. + When executing a migrate command in a Linux Pacemaker cluster, the system generates a temporary "prefer" location constraint, aiming to move a resource to a specified node. This constraint prioritizes the target node for the resource temporarily without permanently altering the cluster�s configuration. -During planned maintenances and fail over testing, you can leverage the migrate command for temporary resource relocation during maintenance or administrative tasks to ensure minimal disruption. This constraint is not permanent and does not survive reboots or cluster resets. It's designed for short-term adjustments. + During planned maintenances and fail over testing, you can leverage the migrate command for temporary resource relocation during maintenance or administrative tasks to ensure minimal disruption. This constraint is not permanent and does not survive reboots or cluster resets. It's designed for short-term adjustments. -Once the planned task necessitating the resource migration is complete, manually remove the temporary constraint to revert to the cluster's original resource management policies. -This approach allows for controlled resource movement within the cluster, facilitating maintenance while preserving the integrity and efficiency of the cluster's configuration. + Once the planned task necessitating the resource migration is complete, manually remove the temporary constraint to revert to the cluster's original resource management policies. + This approach allows for controlled resource movement within the cluster, facilitating maintenance while preserving the integrity and efficiency of the cluster's configuration. potentialBenefits: Enhanced maintenance and failover handling pgVerified: Verified publishedToLearn: false @@ -160,7 +160,6 @@ This approach allows for controlled resource movement within the cluster, facili tags: null learnMoreLink: - - description: Secure compute resource capacity for critical VM roles in DR region aprlGuid: 820b4c0c-8a74-442a-8ba7-b0cb840cd983 recommendationTypeId: null @@ -169,9 +168,9 @@ This approach allows for controlled resource movement within the cluster, facili recommendationResourceType: n/a recommendationMetadataState: Active longDescription: | -To ensure the availability of compute resources for critical VM roles in a DR region, consider securing capacity either through a warm standby approach or by utilizing Azure's On-demand Capacity Reservation. + To ensure the availability of compute resources for critical VM roles in a DR region, consider securing capacity either through a warm standby approach or by utilizing Azure's On-demand Capacity Reservation. -Warm standby involves keeping VMs in the DR region running. On-demand Capacity Reservation, on the other hand, reserves compute capacity without having to run the VMs, allowing you to start them when needed. When DR VMs are not needed, the reserved capacity may safely be used to run other workloads without the risk of losing the capacity to other customers. This strategy guarantees resource availability for your critical workloads in the event of a disaster, balancing cost and readiness. + Warm standby involves keeping VMs in the DR region running. On-demand Capacity Reservation, on the other hand, reserves compute capacity without having to run the VMs, allowing you to start them when needed. When DR VMs are not needed, the reserved capacity may safely be used to run other workloads without the risk of losing the capacity to other customers. This strategy guarantees resource availability for your critical workloads in the event of a disaster, balancing cost and readiness. potentialBenefits: Guarantees DR region availability pgVerified: Verified publishedToLearn: false @@ -179,8 +178,8 @@ Warm standby involves keeping VMs in the DR region running. On-demand Capacity R automationAvailable: no tags: null learnMoreLink: - - name: Capacity Reservation - url: https://learn.microsoft.com/en-us/azure/virtual-machines/capacity-reservation-overview + - name: Capacity Reservation + url: "https://learn.microsoft.com/en-us/azure/virtual-machines/capacity-reservation-overview" - description: Ensure that the production databases are replicated (ASYNC) to DR location using the database vendor's replication technology aprlGuid: fb8bdcee-d88f-408d-8572-a76a4aaa733b @@ -198,8 +197,8 @@ Warm standby involves keeping VMs in the DR region running. On-demand Capacity R automationAvailable: no tags: null learnMoreLink: - - name: SAP Disaster Recovery Guide - url: https://learn.microsoft.com/en-us/azure/sap/workloads/disaster-recovery-sap-guide?tabs=windows + - name: SAP Disaster Recovery Guide + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/disaster-recovery-sap-guide?tabs=windows" - description: SAP components are backed up to DR location using an appropriate backup tool or ASR aprlGuid: 41f0d88e-7866-4444-aac4-ef5fee3e6874 @@ -217,10 +216,10 @@ Warm standby involves keeping VMs in the DR region running. On-demand Capacity R automationAvailable: no tags: null learnMoreLink: - - name: SAP ACSS Insights - url: https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights - - name: OpenSource Inventory Checks - url: https://aka.ms/ACESInventoryCheckSAP + - name: SAP ACSS Insights + url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Inventory Checks + url: "https://aka.ms/ACESInventoryCheckSAP" - description: SAP shared files systems are replicated or backed up to DR location aprlGuid: ee4dc309-00a1-49fe-92fa-1724baf5f103 @@ -238,8 +237,8 @@ Warm standby involves keeping VMs in the DR region running. On-demand Capacity R automationAvailable: no tags: null learnMoreLink: - - name: DR Guidance - url: https://learn.microsoft.com/en-us/azure/sap/workloads/disaster-recovery-sap-guide?tabs=windows + - name: DR Guidance + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/disaster-recovery-sap-guide?tabs=windows" - description: Automate DR infrastructure build or pre-deploy DR resources aprlGuid: 0fabc52e-cdbb-4acd-8626-c4c637061e2d @@ -258,7 +257,6 @@ Warm standby involves keeping VMs in the DR region running. On-demand Capacity R tags: null learnMoreLink: - - description: Document and test DR procedure ensure it meets RPO and RTO targets aprlGuid: c300e949-528d-4ac9-889b-cacf8b4a6e90 recommendationTypeId: null @@ -267,9 +265,9 @@ Warm standby involves keeping VMs in the DR region running. On-demand Capacity R recommendationResourceType: n/a recommendationMetadataState: Active longDescription: | -Create detailed documentation of your DR procedures for each layer of the SAP architecture-database, central services, application servers, and shared file systems. This documentation should include configuration details, failover mechanisms, and step-by-step recovery procedures. + Create detailed documentation of your DR procedures for each layer of the SAP architecture-database, central services, application servers, and shared file systems. This documentation should include configuration details, failover mechanisms, and step-by-step recovery procedures. -Test a wide range of failure scenarios, including regional outages. Testing should confirm that your DR strategy is robust, meets your RPO and RTO targets, and provides seamless failover across all layers of the SAP architecture. This will ensure a comprehensive and resilient DR strategy capable of withstanding regional failures and ensuring business continuity. + Test a wide range of failure scenarios, including regional outages. Testing should confirm that your DR strategy is robust, meets your RPO and RTO targets, and provides seamless failover across all layers of the SAP architecture. This will ensure a comprehensive and resilient DR strategy capable of withstanding regional failures and ensuring business continuity. potentialBenefits: Ensures robust DR, meets RPO/RTO pgVerified: Verified publishedToLearn: false @@ -295,7 +293,6 @@ Test a wide range of failure scenarios, including regional outages. Testing shou tags: null learnMoreLink: - - description: Configure scheduled events notification aprlGuid: 6b589ce6-c847-4cee-af35-f6e8eb1cf983 recommendationTypeId: null @@ -304,16 +301,13 @@ Test a wide range of failure scenarios, including regional outages. Testing shou recommendationResourceType: n/a recommendationMetadataState: Active longDescription: | -Scheduled events is an Azure Metadata Services that provides proactive notifications about upcoming maintenance events (for example, reboot) so that your application can prepare for them and limit disruption. You should configure scheduled events for all your critical Azure VMs. - + Scheduled events is an Azure Metadata Services that provides proactive notifications about upcoming maintenance events (for example, reboot) so that your application can prepare for them and limit disruption. You should configure scheduled events for all your critical Azure VMs. -Resource agent azure-events-az can also integrate with Pacemaker clusters. + Resource agent azure-events-az can also integrate with Pacemaker clusters. -To ensure high availability and service continuity in your Azure VMs, you should configure the azure-events-az resource agent within your Pacemaker clusters. This agent monitors for scheduled Azure maintenance events and can proactively relocate resources for a graceful node shutdown. Configure the agent to monitor specific event types such as Reboot and Redeploy, and enable verbose logging for detailed diagnostics. + To ensure high availability and service continuity in your Azure VMs, you should configure the azure-events-az resource agent within your Pacemaker clusters. This agent monitors for scheduled Azure maintenance events and can proactively relocate resources for a graceful node shutdown. Configure the agent to monitor specific event types such as Reboot and Redeploy, and enable verbose logging for detailed diagnostics. - - -In addition, it is also important that you define a procedure on how to react to scheduled events. + In addition, it is also important that you define a procedure on how to react to scheduled events. potentialBenefits: Proactive maintenance awareness pgVerified: Verified publishedToLearn: false @@ -321,10 +315,10 @@ In addition, it is also important that you define a procedure on how to react to automationAvailable: no tags: null learnMoreLink: - - name: VM Scheduled Events - url: https://learn.microsoft.com/en-us/azure/virtual-machines/linux/scheduled-events - - name: Configure Pacemaker for Azure Scheduled Events - url: https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker?tabs=msi#configure-pacemaker-for-azure-scheduled-events + - name: VM Scheduled Events + url: "https://learn.microsoft.com/en-us/azure/virtual-machines/linux/scheduled-events" + - name: Configure Pacemaker for Azure Scheduled Events + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker?tabs=msi#configure-pacemaker-for-azure-scheduled-events" - description: ASCS-Pacemaker (Central Server Instance) Ensure Pacemaker cluster has been setup for SAP ASCS high availability aprlGuid: 9d8f6678-694c-4da4-8384-415201f65194 @@ -342,12 +336,12 @@ In addition, it is also important that you define a procedure on how to react to automationAvailable: no tags: null learnMoreLink: - - name: SAP ACSS Insights - url: https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights - - name: OpenSource Quality Checks - url: https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck - - name: ASCS-Pacemaker - Central Server Instance - url: https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations + - name: SAP ACSS Insights + url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Quality Checks + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" + - name: ASCS-Pacemaker - Central Server Instance + url: "https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations" - description: ASCS-LB (Central Server Instance) Ensure the load balancer is configured correctly for SAP ASCS High availability aprlGuid: 5c2e52d0-25be-4b1c-833c-b98b5ef1a26b @@ -365,12 +359,12 @@ In addition, it is also important that you define a procedure on how to react to automationAvailable: no tags: null learnMoreLink: - - name: SAP ACSS Insights - url: https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights - - name: OpenSource Quality Checks - url: https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck - - name: ASCS-LB - Central Server Instance - url: https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations + - name: SAP ACSS Insights + url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Quality Checks + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" + - name: ASCS-LB - Central Server Instance + url: "https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations" - description: DBHANA-Pacemaker (Database Instance) Ensure the Pacemaker cluster has been setup for SAP HANA DB high availability aprlGuid: 6648fe61-880d-4a96-8d2d-190a23d5580b @@ -388,12 +382,12 @@ In addition, it is also important that you define a procedure on how to react to automationAvailable: no tags: null learnMoreLink: - - name: SAP ACSS Insights - url: https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights - - name: OpenSource Quality Checks - url: https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck - - name: DBHANA-Pacemaker - Database Instance - url: https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations + - name: SAP ACSS Insights + url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Quality Checks + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" + - name: DBHANA-Pacemaker - Database Instance + url: "https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations" - description: DBHANA-LB (Database Instance) Ensure the load balancer is configured correctly for SAP HANA DB High availability aprlGuid: 2e4c2171-a83f-4238-a8e3-b51c90d86a99 @@ -411,10 +405,9 @@ In addition, it is also important that you define a procedure on how to react to automationAvailable: no tags: null learnMoreLink: - - name: SAP ACSS Insights - url: https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights - - name: OpenSource Quality Checks - url: https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck - - name: DBHANA-LB- Database Instance - url: https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations - + - name: SAP ACSS Insights + url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Quality Checks + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" + - name: DBHANA-LB- Database Instance + url: "https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations" From 74fa8ed4fbce5383f0f8a396185cba63b3664c29 Mon Sep 17 00:00:00 2001 From: "Rodrigo Reis Santos (AZURE)" Date: Wed, 10 Apr 2024 11:44:07 -0400 Subject: [PATCH 09/11] updates --- azure-resources/Cdn/profiles/recommendations.yaml | 2 +- .../Network/expressRoutePorts/recommendations.yaml | 5 ++--- .../Network/virtualNetworkGateways/recommendations.yaml | 3 +-- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/azure-resources/Cdn/profiles/recommendations.yaml b/azure-resources/Cdn/profiles/recommendations.yaml index 67a54d689..9571f59c3 100644 --- a/azure-resources/Cdn/profiles/recommendations.yaml +++ b/azure-resources/Cdn/profiles/recommendations.yaml @@ -199,7 +199,7 @@ automationAvailable: arg tags: null learnMoreLink: - - name: https://learn.microsoft.com/azure/frontdoor/web-application-firewall + - name: Web Application Firewall on Azure Front Door url: "https://learn.microsoft.com/azure/frontdoor/web-application-firewall" - description: Disable health probes when there is only one origin in an origin group diff --git a/azure-resources/Network/expressRoutePorts/recommendations.yaml b/azure-resources/Network/expressRoutePorts/recommendations.yaml index ee87f1eaa..0f03180e3 100644 --- a/azure-resources/Network/expressRoutePorts/recommendations.yaml +++ b/azure-resources/Network/expressRoutePorts/recommendations.yaml @@ -14,7 +14,7 @@ automationAvailable: arg tags: null learnMoreLink: - - name: How to configure ExpressRoute Direct: Change Admin State of links + - name: How to configure ExpressRoute Direct Change Admin State of links url: "https://learn.microsoft.com/en-us/azure/expressroute/expressroute-howto-erdirect#state" - description: Ensure you do not over-subscribe an ExpressRoute Direct @@ -33,7 +33,7 @@ automationAvailable: arg tags: null learnMoreLink: - - name: About ExpressRoute Direct: Circuit Sizes + - name: About ExpressRoute Direct Circuit Sizes url: "https://learn.microsoft.com/en-us/azure/expressroute/expressroute-erdirect-about?source=recommendations#circuit-sizes" - description: Implement rate-limiting across ExpressRoute Direct Circuits to optimize network flow @@ -54,4 +54,3 @@ learnMoreLink: - name: Rate limiting for ExpressRoute Direct circuits (Preview) url: "https://learn.microsoft.com/en-us/azure/expressroute/rate-limit" - diff --git a/azure-resources/Network/virtualNetworkGateways/recommendations.yaml b/azure-resources/Network/virtualNetworkGateways/recommendations.yaml index b64d128c8..10a2d3a0e 100644 --- a/azure-resources/Network/virtualNetworkGateways/recommendations.yaml +++ b/azure-resources/Network/virtualNetworkGateways/recommendations.yaml @@ -178,7 +178,7 @@ automationAvailable: no tags: null learnMoreLink: - - name: Dual-redundancy: active-active VPN gateways for both Azure and on-premises networks + - name: Dual-redundancy active-active VPN gateways for both Azure and on-premises networks url: "https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-highlyavailable#dual-redundancy-active-active-vpn-gateways-for-both-azure-and-on-premises-networks" - description: Monitor connections and gateway health @@ -239,4 +239,3 @@ learnMoreLink: - name: About zone-redundant virtual network gateway in Azure availability zones url: "https://learn.microsoft.com/azure/vpn-gateway/about-zone-redundant-vnet-gateways" - From de58b97665bf0da01015c1346e62ec909187f74d Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Wed, 10 Apr 2024 11:48:51 -0500 Subject: [PATCH 10/11] Updates to SAP workload --- .../sap/recommendations-sap.yaml | 413 ------------------ .../sap/recommendations.yaml | 169 ++++--- 2 files changed, 101 insertions(+), 481 deletions(-) delete mode 100644 azure-specialized-workloads/sap/recommendations-sap.yaml diff --git a/azure-specialized-workloads/sap/recommendations-sap.yaml b/azure-specialized-workloads/sap/recommendations-sap.yaml deleted file mode 100644 index cdb952a05..000000000 --- a/azure-specialized-workloads/sap/recommendations-sap.yaml +++ /dev/null @@ -1,413 +0,0 @@ -- description: Ensure that each SAP production system is designed for high availability across availability zones - aprlGuid: a9b649a5-2bfe-40ca-9b8f-34f9c71dfa12 - recommendationTypeId: null - recommendationControl: High Availability - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - Azure Availability Zones are physically separate locations within each Azure region that are tolerant to local failures. Use availability zones to protect your applications and data against unlikely data center failures. Ensure each single point of failure of each SAP production system is protected with high availability using multiple availability zones. If you cannot deploy across different zones in a region, then refer to Microsoft guidance for High availability deployment options for SAP workload. - potentialBenefits: High availability for SAP systems - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: SAP ACSS Quality Insights - url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" - - name: OpenSource Inventory Checks - url: "https://aka.ms/ACESInventoryCheckSAP" - - name: OpenSource Quality Checks - url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" - - name: Move Regional SAP HA to Zonal - url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/Move-VM-from-AvSet-to-AvZone/Move-Regional-SAP-HA-To-Zonal-SAP-HA-WhitePaper" - - name: High Availability Deployment Options for SAP - url: "https://learn.microsoft.com/en-us/azure/sap/workloads/sap-high-availability-architecture-scenarios#high-availability-deployment-options-for-sap-workload" - -- description: Run SAP application servers on two or more VMs using VMSS Flex - aprlGuid: 49bd34ab-d117-4b0e-99f8-34cc8a5394bc - recommendationTypeId: null - recommendationControl: High Availability - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - Use Virtual Machines Scale Set (VMSS) with flexible orchestration to distribute the virtual machines across specified zones and within each zone to also distribute VMs across different fault domains within the zone on a best effort basis. Configure VMSS Flex following Microsoft recommendation for SAP workload using the right mode and correct settings. If you aren't currently using VMSS Flex for SAP application servers and also not using Availability Sets with Fault domain and Update domain distribution, then you should consider moving to VMSS Flex architecture to improve the resiliency posture of your SAP deployment. The following blog post in links below outlines the details on the process of migrating existing SAP workloads that are deployed in an availability set or availability zone to a flexible scale set with FD=1 deployment option. - potentialBenefits: Enhanced resiliency for SAP on Azure - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: OpenSource Inventory Checks - url: "https://aka.ms/ACESInventoryCheckSAP" - - name: Virtual machine Scale Set SAP Deployment Guide - url: "https://learn.microsoft.com/en-us/azure/sap/workloads/virtual-machine-scale-set-sap-deployment-guide" - - name: Considerations for Flexible VM Scale Sets for SAP - url: "https://learn.microsoft.com/en-us/azure/sap/workloads/virtual-machine-scale-set-sap-deployment-guide?tabs=scaleset-cli#important-consideration-of-flexible-virtual-machine-scale-sets-for-sap-workload" - - name: Migrate existing SAP system VMs to VMSS Flex - url: "https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/how-to-easily-migrate-an-existing-sap-system-vms-to-flexible/ba-p/3833548" - -- description: If using single-instance VMs all OS and data disks must be Premium SSD or Ultra Disk - aprlGuid: b60ae773-9917-4bca-8a42-7cb45365a917 - recommendationTypeId: null - recommendationControl: High Availability - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - For single-instance VMs, both OS and data disks must be either Premium SSD or Ultra Disk to achieve the single-instance SLA of 99.9% availability. - potentialBenefits: Higher SLA of 99.9% with SSDs - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: SAP ACSS Insights - url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" - - name: OpenSource Inventory Checks - url: "https://aka.ms/ACESInventoryCheckSAP" - - name: OpenSource Quality Checks - url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" - - name: VM SLA - url: "https://www.azure.cn/en-us/support/sla/virtual-machines/" - - name: SAP Storage Planning Guide - url: "https://learn.microsoft.com/en-us/azure/sap/workloads/planning-guide-storage" - -- description: Ensure that the data is replicated synchronously (SYNC mode) between the primary and secondary database hosting VM nodes - aprlGuid: 094400a5-f112-408d-a334-afd68873ff0f - recommendationTypeId: null - recommendationControl: High Availability - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - High availability for databases should be implemented using database native replication technologies and the data should be replicated synchronously that is in SYNC mode from primary database to a stand-by node. - potentialBenefits: Ensures high availability for SAP data - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: SAP ACSS Insights - url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" - - name: OpenSource Quality Checks - url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" - -- description: Ensure that SAP shared file systems are designed for high availability and when possible using availability zones - aprlGuid: e09ca960-20b7-4831-b85b-83ec84c1390e - recommendationTypeId: null - recommendationControl: High Availability - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - SAP shared file systems such as /sapmnt, /usr/trans, interfaces should be made highly available. - In case of Azure File Shares, we recommend that you use ZRS (Zone-redundant storage) and for Azure NetApp Files use Zonal replication for your volumes. - potentialBenefits: Enhanced data availability for SAP - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: OpenSource Inventory Checks - url: "https://aka.ms/ACESInventoryCheckSAP" - -- description: Test high availability solutions thoroughly to ensure fail overs work as expected - aprlGuid: 5663a808-56be-49ea-8d5c-c5dfc6925f76 - recommendationTypeId: null - recommendationControl: High Availability - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - Test all high availability solutions thoroughly (including kernel panic in Linux VMs and also fail-back). Include zonal failure scenarios in your testing, the testing should confirm that each layer of your SAP solution including database, central services, application servers and shared file systems is configured correctly for zone redundancy, the solution meets RPO = 0 and the application fails over automatically meeting your RTO. - The fail back can be either automatic or manual. - potentialBenefits: Ensures SAP Azure's failover reliability - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: Test Cases - url: "https://learn.microsoft.com/en-us/azure/sap/workloads/sap-hana-high-availability?tabs=lb-portal#test-the-cluster-setup" - -- description: Remove unwanted location constraints from Linux Pacemaker clusters - aprlGuid: 1b8a3051-dfd4-4780-bfb7-446296774029 - recommendationTypeId: null - recommendationControl: High Availability - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - When executing a migrate command in a Linux Pacemaker cluster, the system generates a temporary "prefer" location constraint, aiming to move a resource to a specified node. This constraint prioritizes the target node for the resource temporarily without permanently altering the cluster�s configuration. - - During planned maintenances and fail over testing, you can leverage the migrate command for temporary resource relocation during maintenance or administrative tasks to ensure minimal disruption. This constraint is not permanent and does not survive reboots or cluster resets. It's designed for short-term adjustments. - - Once the planned task necessitating the resource migration is complete, manually remove the temporary constraint to revert to the cluster's original resource management policies. - This approach allows for controlled resource movement within the cluster, facilitating maintenance while preserving the integrity and efficiency of the cluster's configuration. - potentialBenefits: Enhanced maintenance and failover handling - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - -- description: Secure compute resource capacity for critical VM roles in DR region - aprlGuid: 820b4c0c-8a74-442a-8ba7-b0cb840cd983 - recommendationTypeId: null - recommendationControl: Disaster Recovery - recommendationImpact: Medium - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - To ensure the availability of compute resources for critical VM roles in a DR region, consider securing capacity either through a warm standby approach or by utilizing Azure's On-demand Capacity Reservation. - - Warm standby involves keeping VMs in the DR region running. On-demand Capacity Reservation, on the other hand, reserves compute capacity without having to run the VMs, allowing you to start them when needed. When DR VMs are not needed, the reserved capacity may safely be used to run other workloads without the risk of losing the capacity to other customers. This strategy guarantees resource availability for your critical workloads in the event of a disaster, balancing cost and readiness. - potentialBenefits: Guarantees DR region availability - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: Capacity Reservation - url: "https://learn.microsoft.com/en-us/azure/virtual-machines/capacity-reservation-overview" - -- description: Ensure that the production databases are replicated (ASYNC) to DR location using the database vendor's replication technology - aprlGuid: fb8bdcee-d88f-408d-8572-a76a4aaa733b - recommendationTypeId: null - recommendationControl: Disaster Recovery - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - Replicate production databases (ASYNC) to the DR location using the database vendor�s replication technology. - potentialBenefits: Enhanced DR resilience - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: SAP Disaster Recovery Guide - url: "https://learn.microsoft.com/en-us/azure/sap/workloads/disaster-recovery-sap-guide?tabs=windows" - -- description: SAP components are backed up to DR location using an appropriate backup tool or ASR - aprlGuid: 41f0d88e-7866-4444-aac4-ef5fee3e6874 - recommendationTypeId: null - recommendationControl: Disaster Recovery - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - SAP components such as (A)SCS, application servers, WebDispatchers, etc are backed up to DR location using an appropriate backup tool or ASR. - potentialBenefits: Ensures SAP data safety and recovery - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: SAP ACSS Insights - url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" - - name: OpenSource Inventory Checks - url: "https://aka.ms/ACESInventoryCheckSAP" - -- description: SAP shared files systems are replicated or backed up to DR location - aprlGuid: ee4dc309-00a1-49fe-92fa-1724baf5f103 - recommendationTypeId: null - recommendationControl: Disaster Recovery - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - Implementing robust monitoring and alerting for DR in SAP on Azure ensures coverage across its complex, multi-layer architecture. This strategy is crucial for databases, services, applications, and shared systems. - potentialBenefits: Enhances SAP DR oversight - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: DR Guidance - url: "https://learn.microsoft.com/en-us/azure/sap/workloads/disaster-recovery-sap-guide?tabs=windows" - -- description: Automate DR infrastructure build or pre-deploy DR resources - aprlGuid: 0fabc52e-cdbb-4acd-8626-c4c637061e2d - recommendationTypeId: null - recommendationControl: Disaster Recovery - recommendationImpact: Medium - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - Automate the build of disaster recovery (DR) infrastructure (or pre-deploy DR resources) and streamline SAP service recovery as much as possible. - potentialBenefits: Faster SAP recovery, reduced downtime - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - -- description: Document and test DR procedure ensure it meets RPO and RTO targets - aprlGuid: c300e949-528d-4ac9-889b-cacf8b4a6e90 - recommendationTypeId: null - recommendationControl: Disaster Recovery - recommendationImpact: Medium - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - Create detailed documentation of your DR procedures for each layer of the SAP architecture-database, central services, application servers, and shared file systems. This documentation should include configuration details, failover mechanisms, and step-by-step recovery procedures. - - Test a wide range of failure scenarios, including regional outages. Testing should confirm that your DR strategy is robust, meets your RPO and RTO targets, and provides seamless failover across all layers of the SAP architecture. This will ensure a comprehensive and resilient DR strategy capable of withstanding regional failures and ensuring business continuity. - potentialBenefits: Ensures robust DR, meets RPO/RTO - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - -- description: Ensure there is a robust monitoring and alerting solution in place for the entire DR solution - aprlGuid: c27134b7-6917-4852-8276-3dbef5c71578 - recommendationTypeId: null - recommendationControl: Disaster Recovery - recommendationImpact: Medium - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - For an SAP solution hosted on Azure it is imperative to implement a robust monitoring and alerting solution that comprehensively covers DR of each layer of the SAP architecture. Given the complexity of SAP systems, which span multiple layers using diverse technologies and Azure resources, each with potentially distinct DR replication mechanisms, an appropriate monitoring strategy is crucial. The different layers include database, central services, application, and shared file systems. - potentialBenefits: Improved DR oversight and rapid issue response - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - -- description: Configure scheduled events notification - aprlGuid: 6b589ce6-c847-4cee-af35-f6e8eb1cf983 - recommendationTypeId: null - recommendationControl: Monitoring and Alerting - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - Scheduled events is an Azure Metadata Services that provides proactive notifications about upcoming maintenance events (for example, reboot) so that your application can prepare for them and limit disruption. You should configure scheduled events for all your critical Azure VMs. - - Resource agent azure-events-az can also integrate with Pacemaker clusters. - - To ensure high availability and service continuity in your Azure VMs, you should configure the azure-events-az resource agent within your Pacemaker clusters. This agent monitors for scheduled Azure maintenance events and can proactively relocate resources for a graceful node shutdown. Configure the agent to monitor specific event types such as Reboot and Redeploy, and enable verbose logging for detailed diagnostics. - - In addition, it is also important that you define a procedure on how to react to scheduled events. - potentialBenefits: Proactive maintenance awareness - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: VM Scheduled Events - url: "https://learn.microsoft.com/en-us/azure/virtual-machines/linux/scheduled-events" - - name: Configure Pacemaker for Azure Scheduled Events - url: "https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker?tabs=msi#configure-pacemaker-for-azure-scheduled-events" - -- description: ASCS-Pacemaker (Central Server Instance) Ensure Pacemaker cluster has been setup for SAP ASCS high availability - aprlGuid: 9d8f6678-694c-4da4-8384-415201f65194 - recommendationTypeId: null - recommendationControl: High Availability - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - For the ASCS-Pacemaker (Central Server Instance), ensure that the Pacemaker cluster configuration parameters are correctly set up for SAP ASCS high availability. - potentialBenefits: Enhances SAP ASCS uptime - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: SAP ACSS Insights - url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" - - name: OpenSource Quality Checks - url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" - - name: ASCS-Pacemaker - Central Server Instance - url: "https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations" - -- description: ASCS-LB (Central Server Instance) Ensure the load balancer is configured correctly for SAP ASCS High availability - aprlGuid: 5c2e52d0-25be-4b1c-833c-b98b5ef1a26b - recommendationTypeId: null - recommendationControl: High Availability - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - For the ASCS-LB (Central Server Instance), ensure that the load balancer is configured correctly for SAP ASCS high availability. - potentialBenefits: Enhanced HA for SAP ASCS - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: SAP ACSS Insights - url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" - - name: OpenSource Quality Checks - url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" - - name: ASCS-LB - Central Server Instance - url: "https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations" - -- description: DBHANA-Pacemaker (Database Instance) Ensure the Pacemaker cluster has been setup for SAP HANA DB high availability - aprlGuid: 6648fe61-880d-4a96-8d2d-190a23d5580b - recommendationTypeId: null - recommendationControl: High Availability - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - For the DBHANA-Pacemaker (Database Instance), ensure that the Pacemaker cluster configuration parameters are correctly set up for SAP HANA DB high availability. - potentialBenefits: Enhances SAP HANA DB uptime - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: SAP ACSS Insights - url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" - - name: OpenSource Quality Checks - url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" - - name: DBHANA-Pacemaker - Database Instance - url: "https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations" - -- description: DBHANA-LB (Database Instance) Ensure the load balancer is configured correctly for SAP HANA DB High availability - aprlGuid: 2e4c2171-a83f-4238-a8e3-b51c90d86a99 - recommendationTypeId: null - recommendationControl: High Availability - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - For the DBHANA-LB (Database Instance), make sure the load balancer is configured correctly for SAP HANA DB high availability. - potentialBenefits: Enhanced DB availability - pgVerified: Verified - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: SAP ACSS Insights - url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" - - name: OpenSource Quality Checks - url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" - - name: DBHANA-LB- Database Instance - url: "https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations" diff --git a/azure-specialized-workloads/sap/recommendations.yaml b/azure-specialized-workloads/sap/recommendations.yaml index 0199cfee8..aeaa9893a 100644 --- a/azure-specialized-workloads/sap/recommendations.yaml +++ b/azure-specialized-workloads/sap/recommendations.yaml @@ -1,6 +1,6 @@ - description: Ensure that each SAP production system is designed for high availability across availability zones aprlGuid: a9b649a5-2bfe-40ca-9b8f-34f9c71dfa12 - recommendationTypeId: + recommendationTypeId: null recommendationControl: High Availability recommendationImpact: High recommendationResourceType: n/a @@ -12,14 +12,22 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: no - tags: + tags: null learnMoreLink: - - name: Learn More + - name: SAP ACSS Quality Insights + url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Inventory Checks + url: "https://aka.ms/ACESInventoryCheckSAP" + - name: OpenSource Quality Checks + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" + - name: Move Regional SAP HA to Zonal url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/Move-VM-from-AvSet-to-AvZone/Move-Regional-SAP-HA-To-Zonal-SAP-HA-WhitePaper" + - name: High Availability Deployment Options for SAP + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/sap-high-availability-architecture-scenarios#high-availability-deployment-options-for-sap-workload" - description: Run SAP application servers on two or more VMs using VMSS Flex aprlGuid: 49bd34ab-d117-4b0e-99f8-34cc8a5394bc - recommendationTypeId: + recommendationTypeId: null recommendationControl: High Availability recommendationImpact: High recommendationResourceType: n/a @@ -31,14 +39,20 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: no - tags: + tags: null learnMoreLink: - - name: Learn More + - name: OpenSource Inventory Checks + url: "https://aka.ms/ACESInventoryCheckSAP" + - name: Virtual machine Scale Set SAP Deployment Guide url: "https://learn.microsoft.com/en-us/azure/sap/workloads/virtual-machine-scale-set-sap-deployment-guide" + - name: Considerations for Flexible VM Scale Sets for SAP + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/virtual-machine-scale-set-sap-deployment-guide?tabs=scaleset-cli#important-consideration-of-flexible-virtual-machine-scale-sets-for-sap-workload" + - name: Migrate existing SAP system VMs to VMSS Flex + url: "https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/how-to-easily-migrate-an-existing-sap-system-vms-to-flexible/ba-p/3833548" - description: If using single-instance VMs all OS and data disks must be Premium SSD or Ultra Disk aprlGuid: b60ae773-9917-4bca-8a42-7cb45365a917 - recommendationTypeId: + recommendationTypeId: null recommendationControl: High Availability recommendationImpact: High recommendationResourceType: n/a @@ -50,14 +64,22 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: no - tags: + tags: null learnMoreLink: - - name: Learn More + - name: SAP ACSS Insights + url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Inventory Checks + url: "https://aka.ms/ACESInventoryCheckSAP" + - name: OpenSource Quality Checks + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" + - name: VM SLA url: "https://www.azure.cn/en-us/support/sla/virtual-machines/" + - name: SAP Storage Planning Guide + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/planning-guide-storage" - description: Ensure that the data is replicated synchronously (SYNC mode) between the primary and secondary database hosting VM nodes aprlGuid: 094400a5-f112-408d-a334-afd68873ff0f - recommendationTypeId: + recommendationTypeId: null recommendationControl: High Availability recommendationImpact: High recommendationResourceType: n/a @@ -69,14 +91,16 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: no - tags: + tags: null learnMoreLink: - - name: Learn More + - name: SAP ACSS Insights url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Quality Checks + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" - description: Ensure that SAP shared file systems are designed for high availability and when possible using availability zones aprlGuid: e09ca960-20b7-4831-b85b-83ec84c1390e - recommendationTypeId: + recommendationTypeId: null recommendationControl: High Availability recommendationImpact: High recommendationResourceType: n/a @@ -89,14 +113,14 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: no - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Inventory Checks + url: "https://aka.ms/ACESInventoryCheckSAP" - description: Test high availability solutions thoroughly to ensure fail overs work as expected aprlGuid: 5663a808-56be-49ea-8d5c-c5dfc6925f76 - recommendationTypeId: + recommendationTypeId: null recommendationControl: High Availability recommendationImpact: High recommendationResourceType: n/a @@ -109,14 +133,14 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: no - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: Test Cases + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/sap-hana-high-availability?tabs=lb-portal#test-the-cluster-setup" - description: Remove unwanted location constraints from Linux Pacemaker clusters aprlGuid: 1b8a3051-dfd4-4780-bfb7-446296774029 - recommendationTypeId: + recommendationTypeId: null recommendationControl: High Availability recommendationImpact: High recommendationResourceType: n/a @@ -133,14 +157,12 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: no - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" - description: Secure compute resource capacity for critical VM roles in DR region aprlGuid: 820b4c0c-8a74-442a-8ba7-b0cb840cd983 - recommendationTypeId: + recommendationTypeId: null recommendationControl: Disaster Recovery recommendationImpact: Medium recommendationResourceType: n/a @@ -154,14 +176,14 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: no - tags: + tags: null learnMoreLink: - - name: Learn More + - name: Capacity Reservation url: "https://learn.microsoft.com/en-us/azure/virtual-machines/capacity-reservation-overview" - description: Ensure that the production databases are replicated (ASYNC) to DR location using the database vendor's replication technology aprlGuid: fb8bdcee-d88f-408d-8572-a76a4aaa733b - recommendationTypeId: + recommendationTypeId: null recommendationControl: Disaster Recovery recommendationImpact: High recommendationResourceType: n/a @@ -173,14 +195,14 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: no - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: SAP Disaster Recovery Guide + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/disaster-recovery-sap-guide?tabs=windows" - description: SAP components are backed up to DR location using an appropriate backup tool or ASR aprlGuid: 41f0d88e-7866-4444-aac4-ef5fee3e6874 - recommendationTypeId: + recommendationTypeId: null recommendationControl: Disaster Recovery recommendationImpact: High recommendationResourceType: n/a @@ -192,14 +214,16 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: no - tags: + tags: null learnMoreLink: - - name: Learn More + - name: SAP ACSS Insights url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Inventory Checks + url: "https://aka.ms/ACESInventoryCheckSAP" - description: SAP shared files systems are replicated or backed up to DR location aprlGuid: ee4dc309-00a1-49fe-92fa-1724baf5f103 - recommendationTypeId: + recommendationTypeId: null recommendationControl: Disaster Recovery recommendationImpact: High recommendationResourceType: n/a @@ -211,14 +235,14 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: no - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: DR Guidance + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/disaster-recovery-sap-guide?tabs=windows" - description: Automate DR infrastructure build or pre-deploy DR resources aprlGuid: 0fabc52e-cdbb-4acd-8626-c4c637061e2d - recommendationTypeId: + recommendationTypeId: null recommendationControl: Disaster Recovery recommendationImpact: Medium recommendationResourceType: n/a @@ -230,14 +254,12 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: no - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" - description: Document and test DR procedure ensure it meets RPO and RTO targets aprlGuid: c300e949-528d-4ac9-889b-cacf8b4a6e90 - recommendationTypeId: + recommendationTypeId: null recommendationControl: Disaster Recovery recommendationImpact: Medium recommendationResourceType: n/a @@ -251,14 +273,12 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: no - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" - description: Ensure there is a robust monitoring and alerting solution in place for the entire DR solution aprlGuid: c27134b7-6917-4852-8276-3dbef5c71578 - recommendationTypeId: + recommendationTypeId: null recommendationControl: Disaster Recovery recommendationImpact: Medium recommendationResourceType: n/a @@ -270,14 +290,12 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: no - tags: + tags: null learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" - description: Configure scheduled events notification aprlGuid: 6b589ce6-c847-4cee-af35-f6e8eb1cf983 - recommendationTypeId: + recommendationTypeId: null recommendationControl: Monitoring and Alerting recommendationImpact: High recommendationResourceType: n/a @@ -285,27 +303,26 @@ longDescription: | Scheduled events is an Azure Metadata Services that provides proactive notifications about upcoming maintenance events (for example, reboot) so that your application can prepare for them and limit disruption. You should configure scheduled events for all your critical Azure VMs. - Resource agent azure-events-az can also integrate with Pacemaker clusters. To ensure high availability and service continuity in your Azure VMs, you should configure the azure-events-az resource agent within your Pacemaker clusters. This agent monitors for scheduled Azure maintenance events and can proactively relocate resources for a graceful node shutdown. Configure the agent to monitor specific event types such as Reboot and Redeploy, and enable verbose logging for detailed diagnostics. - - In addition, it is also important that you define a procedure on how to react to scheduled events. potentialBenefits: Proactive maintenance awareness pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no - tags: + tags: null learnMoreLink: - - name: Learn More + - name: VM Scheduled Events url: "https://learn.microsoft.com/en-us/azure/virtual-machines/linux/scheduled-events" + - name: Configure Pacemaker for Azure Scheduled Events + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker?tabs=msi#configure-pacemaker-for-azure-scheduled-events" - description: ASCS-Pacemaker (Central Server Instance) Ensure Pacemaker cluster has been setup for SAP ASCS high availability aprlGuid: 9d8f6678-694c-4da4-8384-415201f65194 - recommendationTypeId: + recommendationTypeId: null recommendationControl: High Availability recommendationImpact: High recommendationResourceType: n/a @@ -317,14 +334,18 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: no - tags: + tags: null learnMoreLink: - - name: Learn More + - name: SAP ACSS Insights url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Quality Checks + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" + - name: ASCS-Pacemaker - Central Server Instance + url: "https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations" - description: ASCS-LB (Central Server Instance) Ensure the load balancer is configured correctly for SAP ASCS High availability aprlGuid: 5c2e52d0-25be-4b1c-833c-b98b5ef1a26b - recommendationTypeId: + recommendationTypeId: null recommendationControl: High Availability recommendationImpact: High recommendationResourceType: n/a @@ -336,14 +357,18 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: no - tags: + tags: null learnMoreLink: - - name: Learn More + - name: SAP ACSS Insights + url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Quality Checks + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" + - name: ASCS-LB - Central Server Instance url: "https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations" - description: DBHANA-Pacemaker (Database Instance) Ensure the Pacemaker cluster has been setup for SAP HANA DB high availability aprlGuid: 6648fe61-880d-4a96-8d2d-190a23d5580b - recommendationTypeId: + recommendationTypeId: null recommendationControl: High Availability recommendationImpact: High recommendationResourceType: n/a @@ -355,14 +380,18 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: no - tags: + tags: null learnMoreLink: - - name: Learn More + - name: SAP ACSS Insights + url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Quality Checks + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" + - name: DBHANA-Pacemaker - Database Instance url: "https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations" - description: DBHANA-LB (Database Instance) Ensure the load balancer is configured correctly for SAP HANA DB High availability aprlGuid: 2e4c2171-a83f-4238-a8e3-b51c90d86a99 - recommendationTypeId: + recommendationTypeId: null recommendationControl: High Availability recommendationImpact: High recommendationResourceType: n/a @@ -374,7 +403,11 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: no - tags: + tags: null learnMoreLink: - - name: Learn More + - name: SAP ACSS Insights + url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Quality Checks + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" + - name: DBHANA-LB- Database Instance url: "https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations" From 08562bfb74e6f94a4ad8aee03663b8d8bc791760 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Wed, 10 Apr 2024 11:53:05 -0500 Subject: [PATCH 11/11] Updated HPC recommendations --- .../hpc/recommendations-hpc.yaml | 75 ------------------- .../hpc/recommendations.yaml | 16 ++-- 2 files changed, 8 insertions(+), 83 deletions(-) delete mode 100644 azure-specialized-workloads/hpc/recommendations-hpc.yaml diff --git a/azure-specialized-workloads/hpc/recommendations-hpc.yaml b/azure-specialized-workloads/hpc/recommendations-hpc.yaml deleted file mode 100644 index 58fe036d8..000000000 --- a/azure-specialized-workloads/hpc/recommendations-hpc.yaml +++ /dev/null @@ -1,75 +0,0 @@ -- description: Ensure File shares that stores jobs metadata are accessible from all head nodes - aprlGuid: 4c78fab4-845a-495d-ab14-3ad51de53a2a - recommendationTypeId: null - recommendationControl: High Availability - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - Currently in all HPC Pack ARM templates we create the cluster share on one of the head node which is not highly available. - potentialBenefits: Enhances job metadata availability - pgVerified: Preview - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#hpc-pack-cluster-shares" - -- description: Automatically grow and shrink HPC Pack cluster resources - aprlGuid: b02b5a0e-3770-44da-a099-5dd4d9f8cd70 - recommendationTypeId: null - recommendationControl: Scalability - recommendationImpact: Medium - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - By deploying Azure "burst" nodes (both Windows and Linux) in your HPC Pack cluster or creating your HPC Pack cluster in Azure, you can automatically grow or shrink the cluster's resources such as nodes or cores according to the workload on the cluster. - potentialBenefits: Efficient, uninterrupted execution - pgVerified: Preview - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-auto-grow-shrink?view=hpc19-ps" - -- description: Use multiple head nodes for HPC Pack - aprlGuid: a48b1be6-77a3-4e3c-8205-dda2ba010a99 - recommendationTypeId: null - recommendationControl: High Availability - recommendationImpact: Medium - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - Establish a cluster with a minimum of two head nodes. In the event of a head node failure, the active HPC Service will be automatically transferred from the affected head node to another functioning one. - potentialBenefits: Enhanced reliability for HPC - pgVerified: Preview - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#dealing-with-head-node-failure" - -- description: Use HPC Pack Azure AD Integration or other highly available AD configuration - aprlGuid: 37eec891-7880-4759-b597-7cd925512fe3 - recommendationTypeId: null - recommendationControl: High Availability - recommendationImpact: High - recommendationResourceType: n/a - recommendationMetadataState: Active - longDescription: | - When HPC failed to connect to the Domain controller, admin and user will not be able to connect to the HPC Service thus not able to manage and submit jobs to the cluster. - potentialBenefits: Enhanced reliability and job management - pgVerified: Preview - publishedToLearn: false - publishedToAdvisor: false - automationAvailable: no - tags: null - learnMoreLink: - - name: Learn More - url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#dealing-with-ad-failure" diff --git a/azure-specialized-workloads/hpc/recommendations.yaml b/azure-specialized-workloads/hpc/recommendations.yaml index b76642a4f..58fe036d8 100644 --- a/azure-specialized-workloads/hpc/recommendations.yaml +++ b/azure-specialized-workloads/hpc/recommendations.yaml @@ -1,6 +1,6 @@ - description: Ensure File shares that stores jobs metadata are accessible from all head nodes aprlGuid: 4c78fab4-845a-495d-ab14-3ad51de53a2a - recommendationTypeId: + recommendationTypeId: null recommendationControl: High Availability recommendationImpact: High recommendationResourceType: n/a @@ -12,14 +12,14 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: no - tags: + tags: null learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#hpc-pack-cluster-shares" - description: Automatically grow and shrink HPC Pack cluster resources aprlGuid: b02b5a0e-3770-44da-a099-5dd4d9f8cd70 - recommendationTypeId: + recommendationTypeId: null recommendationControl: Scalability recommendationImpact: Medium recommendationResourceType: n/a @@ -31,14 +31,14 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: no - tags: + tags: null learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-auto-grow-shrink?view=hpc19-ps" - description: Use multiple head nodes for HPC Pack aprlGuid: a48b1be6-77a3-4e3c-8205-dda2ba010a99 - recommendationTypeId: + recommendationTypeId: null recommendationControl: High Availability recommendationImpact: Medium recommendationResourceType: n/a @@ -50,14 +50,14 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: no - tags: + tags: null learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#dealing-with-head-node-failure" - description: Use HPC Pack Azure AD Integration or other highly available AD configuration aprlGuid: 37eec891-7880-4759-b597-7cd925512fe3 - recommendationTypeId: + recommendationTypeId: null recommendationControl: High Availability recommendationImpact: High recommendationResourceType: n/a @@ -69,7 +69,7 @@ publishedToLearn: false publishedToAdvisor: false automationAvailable: no - tags: + tags: null learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#dealing-with-ad-failure"