Azure · oZakari · Apr 10, 2024 · Apr 10, 2024 · Apr 10, 2024 · Apr 10, 2024
@@ -1,4 +1,4 @@
-- description: Configure Azure Service Health notifications and alerts for Azure VMware Solution
+- description: Configure Azure Service Health notifications and alerts for Azure VMware Solution
   aprlGuid: 74fcb9f2-9a25-49a6-8c42-d32851c4afb7
   recommendationTypeId: null
   recommendationControl: Monitoring and Alerting
@@ -33,7 +33,7 @@
   automationAvailable: no
   tags: null
   learnMoreLink:
-    - name: Learn More
+    - name: Configure and streamline alerts
       url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#configure-and-streamline-alerts"
 
 - description: Monitor when Azure VMware Solution Cluster Size is approaching the host limit
@@ -71,7 +71,7 @@
   automationAvailable: no
   tags: null
   learnMoreLink:
-    - name: Learn More
+    - name: Connect Private Clouds in the same region
       url: "https://learn.microsoft.com/en-us/azure/azure-vmware/connect-multiple-private-clouds-same-region"
 
 - description: Integrate LDAPS Identity with dual sources for enhanced NSX and vCenter security
@@ -90,8 +90,10 @@
   automationAvailable: no
   tags: null
   learnMoreLink:
-    - name: Learn More
+    - name: Set an external identity source for vCenter
       url: "https://learn.microsoft.com/en-us/azure/azure-vmware/configure-identity-source-vcenter"
+    - name: Set an external identity for NSX-T
+      url: "https://learn.microsoft.com/en-us/azure/azure-vmware/configure-external-identity-source-nsx-t"
 
 - description: Use HCX Network Extension High Availability
   aprlGuid: bce16eee-0933-4baa-ab4d-8d1bb5653fc2
@@ -109,8 +111,10 @@
   automationAvailable: no
   tags: null
   learnMoreLink:
-    - name: Learn More
+    - name: HCX Network extension high availability
       url: "https://learn.microsoft.com/en-us/azure/azure-vmware/configure-hcx-network-extension-high-availability"
+    - name: Understanding Network Extension High Availability
+      url: "https://docs.vmware.com/en/VMware-HCX/4.8/hcx-user-guide/GUID-E1353511-697A-44B0-82A0-852DB55F97D7.html"
 
 - description: Verify Management Networks are not extended with HCX Network Extension
   aprlGuid: 6be9a543-cf82-4926-82ea-7e1f1ffaad80
@@ -121,14 +125,14 @@
   recommendationMetadataState: Active
   longDescription: |
     Do not extend the network used by the HCX Management devices to ensure the network's security and stability.
-  potentialBenefits: Enhanced network safety & performance
+  potentialBenefits: Enhanced network safety and performance
   pgVerified: Verified
   publishedToLearn: false
   publishedToAdvisor: false
   automationAvailable: no
   tags: null
   learnMoreLink:
-    - name: Learn More
+    - name: Requirements for Network Extension
       url: "https://docs.vmware.com/en/VMware-HCX/4.8/hcx-user-guide/GUID-0C746416-850E-46F7-85DD-4D4326A23785.html"
 
 - description: Enable Stretched Clusters for Multi-AZ Availability of the vSAN Datastore
@@ -149,6 +153,8 @@
   learnMoreLink:
     - name: Learn More
       url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/infrastructure#implement-high-availability"
+    - name: Stretched Clusters
+      url: "https://learn.microsoft.com/en-us/azure/azure-vmware/deploy-vsan-stretched-clusters"
 
 - description: Verify vSAN FTT configuration aligns with the cluster size
   aprlGuid: 0943aa90-e3db-4c61-aef1-782b6a6a3881
@@ -166,5 +172,201 @@
   automationAvailable: no
   tags: null
   learnMoreLink:
-    - name: Learn More
+    - name: Use fault domains
       url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/application-platform#use-fault-domains"
+    - name: Configure storage policy
+      url: "https://learn.microsoft.com/en-us/azure/azure-vmware/configure-storage-policy"
+
+- description: Configure Azure Monitor Alert warning thresholds for vSAN datastore utilization
+  aprlGuid: 4232eb32-3241-4049-9e14-9b8005817b56
+  recommendationTypeId: null
+  recommendationControl: Monitoring and Alerting
+  recommendationImpact: High
+  recommendationResourceType: Microsoft.AVS/privateClouds
+  recommendationMetadataState: Active
+  longDescription: |
+    Ensure VMware vSAN datastore slack space is maintained for SLA by monitoring storage utilization and setting alerts at 70% and 75% utilization to allow for capacity planning. To expand, add hosts or external storage like Azure Elastic SAN, Azure NetApp Files, if CPU and RAM requirements are met.
+  potentialBenefits: Optimized capacity planning for vSAN
+  pgVerified: Verified
+  publishedToLearn: false
+  publishedToAdvisor: false
+  automationAvailable: arg
+  tags: null
+  learnMoreLink:
+    - name: Learn More
+      url: "https://learn.microsoft.com/en-us/azure/azure-vmware/configure-alerts-for-azure-vmware-solution#supported-metrics-and-activities"
+
+- description: Configure Syslog in Diagnostic Settings for Azure VMware Solution
+  aprlGuid: fa4ab927-bced-429a-971a-53350de7f14b
+  recommendationTypeId: null
+  recommendationControl: Monitoring and Alerting
+  recommendationImpact: High
+  recommendationResourceType: Microsoft.AVS/privateClouds
+  recommendationMetadataState: Active
+  longDescription: |
+    Ensure Diagnostic Settings are configured for each private cloud to send syslogs to external sources for analysis and/or archiving. Azure VMware Solution Syslogs contain data for troubleshooting and performance, aiding quicker issue resolution and early detection of issues.
+  potentialBenefits: Faster issue resolution, early detection
+  pgVerified: Verified
+  publishedToLearn: false
+  publishedToAdvisor: false
+  automationAvailable: no
+  tags: null
+  learnMoreLink:
+    - name: Learn More
+      url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#manage-logs-and-archives"
+
+- description: Monitor CPU Utilization to ensure sufficient resources for workloads
+  aprlGuid: 4ee5d535-c47b-470a-9557-4a3dd297d62f
+  recommendationTypeId: null
+  recommendationControl: Monitoring and Alerting
+  recommendationImpact: Medium
+  recommendationResourceType: Microsoft.AVS/privateClouds
+  recommendationMetadataState: Active
+  longDescription: |
+    Ensure sufficient compute resources to avoid host resource exhaustion in Azure VMware Solution, which utilizes vSphere DRS and HA for dynamic workload resource management. However, sustained CPU utilization over 95% may increase CPU Ready times, impacting workloads.
+  potentialBenefits: Avoids resource exhaustion, optimizes performance
+  pgVerified: Verified
+  publishedToLearn: false
+  publishedToAdvisor: false
+  automationAvailable: arg
+  tags: null
+  learnMoreLink:
+    - name: Learn More
+      url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#configure-and-streamline-alerts"
+
+- description: Monitor Memory Utilization to ensure sufficient resources for workloads
+  aprlGuid: 029208c8-5186-4a76-8ee8-6e3445fef4dd
+  recommendationTypeId: null
+  recommendationControl: Monitoring and Alerting
+  recommendationImpact: Medium
+  recommendationResourceType: Microsoft.AVS/privateClouds
+  recommendationMetadataState: Active
+  longDescription: |
+    Ensure sufficient memory resources to prevent host resource exhaustion in Azure VMware Solution. It uses vSphere DRS and vSphere HA for dynamic workload management. Yet, continuous memory use over 95% leads to disk swapping, affecting workloads.
+  potentialBenefits: Avoids host exhaustion and swapping
+  pgVerified: Verified
+  publishedToLearn: false
+  publishedToAdvisor: false
+  automationAvailable: arg
+  tags: null
+  learnMoreLink:
+    - name: Learn More
+      url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#configure-and-streamline-alerts"
+
+- description: Apply Resource delete lock on the resource group hosting the private cloud
+  aprlGuid: a5ef7c05-c611-4842-9af5-11efdc99123a
+  recommendationTypeId: null
+  recommendationControl: Governance
+  recommendationImpact: High
+  recommendationResourceType: Microsoft.AVS/privateClouds
+  recommendationMetadataState: Active
+  longDescription: |
+    Applying a resource delete lock to the Azure VMware Solution Private Cloud resource group prevents unauthorized or accidental deletion by anyone with contributor access, ensuring the protection and reliability of the Azure VMware Solution Private Cloud.
+  potentialBenefits: Prevents accidental deletion
+  pgVerified: Verified
+  publishedToLearn: false
+  publishedToAdvisor: false
+  automationAvailable: no
+  tags: null
+  learnMoreLink:
+    - name: Lock your resources to protect your infrastructure
+      url: "https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources"
+
+- description: Align ExpressRoute configuration with best practices for circuit resilience
+  aprlGuid: 6f573d60-be93-4f18-8016-42e923e3c05e
+  recommendationTypeId: null
+  recommendationControl: High Availability
+  recommendationImpact: High
+  recommendationResourceType: Microsoft.AVS/privateClouds
+  recommendationMetadataState: Active
+  longDescription: |
+    Microsoft suggests using two or more ExpressRoute circuits at distinct peering locations for critical workloads. Connect these circuits and your Azure VMware Solutions private clouds using Global Reach.
+  potentialBenefits: Enhanced circuit resilience for Azure VMware
+  pgVerified: Preview
+  publishedToLearn: false
+  publishedToAdvisor: false
+  automationAvailable: no
+  tags: null
+  learnMoreLink:
+    - name: APRL guidance for ExpressRoute circuits
+      url: "https://azure.github.io/Azure-Proactive-Resiliency-Library/services/networking/expressroute-circuits"
+    - name: Create a new ExpressRoute circuit
+      url: "https://learn.microsoft.com/azure/expressroute/expressroute-howto-circuit-portal-resource-manager?pivots=expressroute-preview#create-a-new-expressroute-circuit-preview"
+
+- description: Deploy dual Azure VMware Solution clouds in different regions for disaster recovery
+  aprlGuid: bdac462a-2eda-4a67-887d-46d58f141afe
+  recommendationTypeId: null
+  recommendationControl: Disaster Recovery
+  recommendationImpact: High
+  recommendationResourceType: Microsoft.AVS/privateClouds
+  recommendationMetadataState: Active
+  longDescription: |
+    Two Azure VMware Solution private clouds can be deployed in different regions for business continuity, implementing a mesh network topology based on ExpressRoute Gateway Connections and Global Reach Connections.
+  potentialBenefits: Enhanced disaster recovery
+  pgVerified: Verified
+  publishedToLearn: false
+  publishedToAdvisor: false
+  automationAvailable: no
+  tags: null
+  learnMoreLink:
+    - name: Private Clouds in two regions
+      url: "https://learn.microsoft.com/en-us/azure/azure-vmware/move-azure-vmware-solution-across-regions"
+    - name: Dual Region Network Topology
+      url: "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/azure-vmware/eslz-dual-region-network-topology"
+
+- description: Deploy two or more circuits in different peering locations when using stretched clusters
+  aprlGuid: 91c84596-1c41-48fe-8d5e-3f817e6a273b
+  recommendationTypeId: null
+  recommendationControl: High Availability
+  recommendationImpact: High
+  recommendationResourceType: Microsoft.AVS/privateClouds
+  recommendationMetadataState: Active
+  longDescription: |
+    Azure VMware Solution vSAN stretched clusters cover 2 Availability Zones plus a third for witness. Use ExpressRoute for added resilience by deploying two circuits in different locations. With Global Reach, create a mesh topology by connecting on-premises circuits to Azure's managed circuits.
+  potentialBenefits: Enhanced resilience and connectivity
+  pgVerified: Verified
+  publishedToLearn: false
+  publishedToAdvisor: false
+  automationAvailable: no
+  tags: null
+  learnMoreLink:
+    - name: Deploy vSAN streched cluster
+      url: "https://learn.microsoft.com/en-us/azure/azure-vmware/deploy-vsan-stretched-clusters#deploy-a-stretched-cluster-private-cloud"
+
+- description: Use key autorotation for vSAN datastore customer-managed keys
+  aprlGuid: e0ac2f57-c8c0-4b8c-a7c8-19e5797828b5
+  recommendationTypeId: null
+  recommendationControl: Security
+  recommendationImpact: High
+  recommendationResourceType: Microsoft.AVS/privateClouds
+  recommendationMetadataState: Active
+  longDescription: |
+    When using customer-managed keys for encrypting vSAN datastores, leveraging Azure Key Vault for central management and accessing them via a managed identity linked to the private cloud is advised. The expiration of these keys can render the vSAN datastore and its associated workloads inaccessible.
+  potentialBenefits: Avoid outages with key auto-rotation
+  pgVerified: Preview
+  publishedToLearn: false
+  publishedToAdvisor: false
+  automationAvailable: no
+  tags: null
+  learnMoreLink:
+    - name: Configure Customer Managed Keys
+      url: "https://learn.microsoft.com/en-us/azure/azure-vmware/configure-customer-managed-keys?tabs=azure-portal"
+
+- description: Use multiple DNS servers per private FQDN zone
+  aprlGuid: fcc2e257-23af-4c68-aac8-9cc03033c939
+  recommendationTypeId: null
+  recommendationControl: High Availability
+  recommendationImpact: High
+  recommendationResourceType: Microsoft.AVS/privateClouds
+  recommendationMetadataState: Active
+  longDescription: |
+    Azure VMware Solution private clouds support up to three DNS servers for a single FQDN, preventing a single DNS server from becoming a point of failure. It's crucial to use multiple DNS servers for on-premises FQDN resolution from each private cloud.
+  potentialBenefits: Enhances reliability and avoids failure
+  pgVerified: Preview
+  publishedToLearn: false
+  publishedToAdvisor: false
+  automationAvailable: no
+  tags: null
+  learnMoreLink:
+    - name: Configure DNS forwarder
+      url: "https://learn.microsoft.com/en-us/azure/azure-vmware/configure-dns-azure-vmware-solution#configure-dns-forwarder"
@@ -1,4 +1,4 @@
-- description: Migrate API Management services to Premium SKU to support Availability Zones
+- description: Migrate API Management services to Premium SKU to support Availability Zones
   aprlGuid: baf3bfc0-32a2-4c0c-926d-c9bf0b49808e
   recommendationTypeId: null
   recommendationControl: High Availability
@@ -7,15 +7,17 @@
   recommendationMetadataState: Active
   longDescription: |
     Upgrading the API Management instance to the Premium SKU adds support for Availability Zones, enhancing availability and resilience by distributing services across physically separate locations within Azure regions.
-  potentialBenefits: Enhanced availability & resilience
+  potentialBenefits: Enhanced availability and resilience
   pgVerified: Preview
   publishedToLearn: false
   publishedToAdvisor: false
   automationAvailable: arg
   tags: null
   learnMoreLink:
-    - name: Learn More
+    - name: Change your API Management service tier
       url: "https://learn.microsoft.com/en-us/azure/api-management/upgrade-and-scale#change-your-api-management-service-tier"
+    - name: Migrate Azure API Management to availability zone support
+      url: "https://learn.microsoft.com/en-us/azure/reliability/migrate-api-mgt"
 
 - description: Enable Availability Zones on Premium API Management instances
   aprlGuid: 740f2c1c-8857-4648-80eb-47d2c56d5a50
@@ -33,8 +35,10 @@
   automationAvailable: arg
   tags: null
   learnMoreLink:
-    - name: Learn More
+    - name: Ensure API Management availability and reliability
       url: "https://learn.microsoft.com/en-us/azure/api-management/high-availability#availability-zones"
+    - name: Migrate Azure API Management to availability zone support
+      url: "https://learn.microsoft.com/en-us/azure/reliability/migrate-api-mgt"
 
 - description: Upgrade to platform version stv2
   aprlGuid: e35cf148-8eee-49d1-a1c9-956160f99e0b
@@ -52,5 +56,7 @@
   automationAvailable: arg
   tags: null
   learnMoreLink:
-    - name: Learn More
+    - name: Azure API Management - stv1 platform retirement (August 2024)
       url: "https://learn.microsoft.com/en-us/azure/api-management/breaking-changes/stv1-platform-retirement-august-2024"
+    - name: Azure API Management compute platform
+      url: "https://learn.microsoft.com/en-us/azure/api-management/compute-infrastructure"
@@ -1,4 +1,4 @@
-- description: Set up disaster recovery of Automation accounts and its dependent resources
+- description: Set up disaster recovery of Automation accounts and its dependent resources
   aprlGuid: 67205887-0733-466e-b50e-b1cd7316c514
   recommendationTypeId: null
   recommendationControl: High Availability
@@ -14,5 +14,8 @@
   automationAvailable: no
   tags: null
   learnMoreLink:
-    - name: Learn More
+    - name: Disaster recovery for Automation accounts
       url: "https://learn.microsoft.com/en-us/azure/automation/automation-disaster-recovery?tabs=win-hrw%2Cps-script%2Coption-one"
+    - name: Disaster recovery scenarios for cloud and hybrid jobs
+      url: "https://learn.microsoft.com/en-us/azure/automation/automation-disaster-recovery?tabs=win-hrw%2Cps-script%2Coption-one#scenarios-for-cloud-and-hybrid-jobs"
+
@@ -1,4 +1,4 @@
-- description: Monitor Batch Account quota
+- description: Monitor Batch Account quota
   aprlGuid: 3464854d-6f75-4922-95e4-a2a308b53ce6
   recommendationTypeId: null
   recommendationControl: Monitoring and Alerting
@@ -26,7 +26,7 @@
   recommendationMetadataState: Active
   longDescription: |
     When using Virtual Machine Configuration for Azure Batch pools, opting to distribute your pool across Availability Zones bolsters your compute nodes against Azure datacenter failures.
-  potentialBenefits: Enhanced reliability & failure protection
+  potentialBenefits: Enhanced reliability and failure protection
   pgVerified: Preview
   publishedToLearn: false
   publishedToAdvisor: false

@@ -1,4 +1,4 @@
-- description: Enable zone redundancy for Azure Cache for Redis
+- description: Enable zone redundancy for Azure Cache for Redis
   aprlGuid: 5a44bd30-ae6a-4b81-9b68-dc3a8ffca4d8
   recommendationTypeId: null
   recommendationControl: High Availability
@@ -7,12 +7,12 @@
   recommendationMetadataState: Active
   longDescription: |
     Azure Cache for Redis offers zone redundancy in Premium and Enterprise tiers, using VMs across multiple Availability Zones to ensure greater resilience and availability.
-  potentialBenefits: Higher resilience & availability
+  potentialBenefits: Higher resilience and availability
   pgVerified: Preview
   publishedToLearn: false
   publishedToAdvisor: false
   automationAvailable: arg
   tags: null
   learnMoreLink:
-    - name: Learn More
+    - name: Enable zone redundancy for Azure Cache for Redis
       url: "https://learn.microsoft.com/azure/azure-cache-for-redis/cache-how-to-zone-redundancy"