Skip to content
This repository has been archived by the owner on May 7, 2024. It is now read-only.

Commit

Permalink
Merge branch 'main' into patch-7
Browse files Browse the repository at this point in the history
  • Loading branch information
@pinyuko
pinyuko authored Mar 27, 2024
2 parents 9b209cd + 0668a8b commit 8192ea4
Show file tree
Hide file tree
Showing 53 changed files with 947 additions and 180 deletions.
16 changes: 8 additions & 8 deletions docs/content/services/compute/compute-gallery/_index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,11 @@ The presented resiliency recommendations in this guidance include Compute Galler
## Summary of Recommendations

{{< table style="table-striped" >}}
| Recommendation | Category | Impact | State | ARG Query Available |
|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------:|:------:|:-------:|:-------------------:|
| [CG-1 - A minimum of three replicas should be kept for production image versions](#cg-1---a-minimum-of-three-replicas-should-be-kept-for-production-image-versions) | Availability | Medium | Preview | Yes |
| [CG-2 - Zone redundant storage should be used for image versions](#cg-2---zone-redundant-storage-should-be-used-for-image-versions) | Availability | Medium | Preview | Yes |
| [CG-3 - Consider using hyper-V generation version 2 images where possible](#cg-3---consider-using-hyper-v-generation-version-2-images-where-possible) | Availability | Low | Preview | Yes |
| Recommendation | Category | Impact | State | ARG Query Available |
|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------:|:------:|:--------:|:-------------------:|
| [CG-1 - A minimum of three replicas should be kept for production image versions](#cg-1---a-minimum-of-three-replicas-should-be-kept-for-production-image-versions) | Availability | Medium | Verified | Yes |
| [CG-2 - Zone redundant storage should be used for image versions](#cg-2---zone-redundant-storage-should-be-used-for-image-versions) | Availability | Medium | Verified | Yes |
| [CG-3 - Consider creating TrustedLaunchSupported images where possible](#cg-3---consider-creating-trustedlaunchsupported-images-where-possible) | Availability | Low | Verified | Yes |
{{< /table >}}

{{< alert style="info" >}}
Expand Down Expand Up @@ -77,15 +77,15 @@ You can also choose the account type for each of the target regions. The default

<br><br>

### CG-3 - Consider using hyper-V generation version 2 images where possible
### CG-3 - Consider creating TrustedLaunchSupported images where possible

**Category: Availability**
**Category: Access & Security**

**Impact: Low**

**Guidance**

We recommend that you create a generation 2 virtual machine to take advantage of features like Secure Boot, vTPM, trusted launch VMs, large boot volume. Your choice to create a generation 1 or generation 2 virtual machine depends on which guest operating system you want to install and the boot method you want to use to deploy the virtual machine. You can't change a virtual machine's generation after you've created it. So it is recommended to review the [considerations](https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/should-i-create-a-generation-1-or-2-virtual-machine-in-hyper-v#which-guest-operating-systems-are-supported) first.
We recommend that you create a Trusted Launch Supported Images to take advantage of features like Secure Boot, vTPM, trusted launch VMs, large boot volume. Trusted Launch Supported Images are Gen 2 Images by default. You cant change a virtual machines generation after youve created it. So it is recommended to review the [considerations](https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/should-i-create-a-generation-1-or-2-virtual-machine-in-hyper-v#which-guest-operating-systems-are-supported) first.

**Resources**

Expand Down
8 changes: 4 additions & 4 deletions docs/content/services/compute/image-templates/_index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,10 @@ The presented resiliency recommendations in this guidance include Image Template
## Summary of Recommendations

{{< table style="table-striped" >}}
| Recommendation | Category | Impact | State | ARG Query Available |
|:----------------------------------------------------------------------------------------------------------------------------|:-----------------:|:------:|:-------:|:-------------------:|
| [IT-1 - Use Generation 2 virtual machine source image](#it-1---use-generation-2-virtual-machine-source-image) | Availability | Low | Preview | No |
| [IT-2 - Replicate your Image Templates to a secondary region](#it-2---replicate-your-image-templates-to-a-secondary-region) | Disaster Recovery | Low | Preview | Yes |
| Recommendation | Category | Impact | State | ARG Query Available |
|:----------------------------------------------------------------------------------------------------------------------------|:-----------------:|:------:|:--------:|:-------------------:|
| [IT-1 - Use Generation 2 virtual machine source image](#it-1---use-generation-2-virtual-machine-source-image) | Availability | Low | Verified | No |
| [IT-2 - Replicate your Image Templates to a secondary region](#it-2---replicate-your-image-templates-to-a-secondary-region) | Disaster Recovery | Low | Verified | Yes |
{{< /table >}}

{{< alert style="info" >}}
Expand Down
2 changes: 1 addition & 1 deletion docs/content/services/compute/site-recovery/code/asr-1/asr-1.kql
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
// under-development
// cannot-be-validated-with-arg
3 changes: 2 additions & 1 deletion docs/content/services/compute/virtual-machine-scale-sets/_index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ The presented resiliency recommendations in this guidance include Virtual Machin
| [VMSS-6 - Disable Force strictly even balance across zones to avoid scale in and out fail attempts](#vmss-6---disable-force-strictly-even-balance-across-zones-to-avoid-scale-in-and-out-fail-attempts) | Availability | High | Verified | Yes |
| [VMSS-7 - Configure Allocation Policy Spreading algorithm to Max Spreading](#vmss-7---configure-allocation-policy-spreading-algorithm-to-max-spreading) | System Efficiency | Medium | Preview | Yes |
| [VMSS-8 - Deploy VMSS across availability zones with VMSS Flex](#vmss-8---deploy-vmss-across-availability-zones-with-vmss-flex) | Availability | High | Verified | Yes |
| [VMSS-9 - Set Patch orchestration options to Azure-orchestrated](#vmss-9---set-patch-orchestration-options-to-azure-orchestrated) | Automation | Low | Preview | Yes |
| [VMSS-9 - Set Patch orchestration options to Azure-orchestrated](#vmss-9---set-patch-orchestration-options-to-azure-orchestrated) | Automation | Low | Verified | Yes |
| [VMSS-10 - Upgrade VMSS Image versions scheduled to be deprecated or already retired](#vmss-10---upgrade-vmss-image-versions-scheduled-to-be-deprecated-or-already-retired) | Governance | High | Preview | Yes |
| [VMSS-11 - Production VMSS instances should be using SSD disks](#vmss-11---production-vmss-instances-should-be-using-ssd-disks) | System Efficiency | High | Verified | Yes |

Expand Down Expand Up @@ -254,6 +254,7 @@ Enabling automatic VM guest patching for your Azure VMs helps ease update manage
**Resources**

- [Automatic VM Guest Patching for Azure VMs](https://learn.microsoft.com/azure/virtual-machines/automatic-vm-guest-patching)
- [Auto OS Image Upgrades](https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade)

**Resource Graph Query**

Expand Down
8 changes: 4 additions & 4 deletions docs/content/services/migration/azure-backup/_index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ The presented resiliency recommendations in this guidance include Backup and ass
|
Recommendation | Category | Impact | State | ARG Query Available |
:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------:|--------|:--------:|:-------------------:|
| [BK-1 - Migrate from classic alerts to built-in Azure Monitor alerts for Azure Recovery Services Vaults](#bk-1---migrate-from-classic-alerts-to-built-in-azure-monitor-alerts-for-azure-recovery-services-vaults) | Monitoring | Medium | Preview | Yes |
| [BK-1 - Migrate from classic alerts to built-in Azure Monitor alerts for Azure Recovery Services Vaults](#bk-1---migrate-from-classic-alerts-to-built-in-azure-monitor-alerts-for-azure-recovery-services-vaults) | Monitoring | Medium | Verified | Yes |
| [BK-2 - Opt-in to Cross Region Restore for all Geo-Redundant Storage (GRS) Azure Recovery Services vaults](#bk-2---opt-in-to-cross-region-restore-for-all-geo-redundant-storage-grs-azure-recovery-services-vaults) | Disaster Recovery | Medium | Verified | Yes |
{{< /table >}}

Expand Down Expand Up @@ -46,8 +46,8 @@ Using Azure Monitor Alerts you can:

**Resources**

- [Move to Azure monitor Alerts](https://learn.microsoft.com/en-us/azure/backup/move-to-azure-monitor-alerts)
- [Classic alerts retirement announcement](https://azure.microsoft.com/en-us/updates/transition-to-builtin-azure-monitor-alerts-for-recovery-services-vaults-in-azure-backup-by-31-march-2026/)
- [Move to Azure monitor Alerts](https://learn.microsoft.com/azure/backup/move-to-azure-monitor-alerts)
- [Classic alerts retirement announcement](https://azure.microsoft.com/updates/transition-to-builtin-azure-monitor-alerts-for-recovery-services-vaults-in-azure-backup-by-31-march-2026/)

**Resource Graph Query**

Expand All @@ -72,7 +72,7 @@ Cross Region Restore allows you to restore Azure VMs in a secondary region, whic
- [Set Cross Region Restore](https://learn.microsoft.com/azure/backup/backup-create-recovery-services-vault#set-cross-region-restore)
- [Azure Backup Best Practices](https://learn.microsoft.com/azure/backup/guidance-best-practices)
- [Minimum Role Requirements for Cross Region Restore](https://learn.microsoft.com/azure/backup/backup-rbac-rs-vault#minimum-role-requirements-for-azure-vm-backup)
- [Recovery Services Vault](https://azure.microsoft.com/documentation/articles/backup-azure-arm-vms-prepare/)
- [Recovery Services Vault](https://learn.microsoft.com/azure/backup/backup-azure-arm-vms-prepare)

**Resource Graph Query**

Expand Down
26 changes: 0 additions & 26 deletions docs/content/services/networking/application-gateway/_index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ The presented resiliency recommendations in this guidance include Application Ga
| [AGW-4 - Use Application GW V2 instead of V1](#agw-4---use-application-gw-v2-instead-of-v1) | System Efficiency | High | Preview | Yes |
| [AGW-5 - Monitor and Log the configurations and traffic](#agw-5---monitor-and-log-the-configurations-and-traffic) | Monitoring | Medium | Preview | No |
| [AGW-6 - Use Health Probes to detect backend availability](#agw-6---use-health-probes-to-detect-backend-availability) | Monitoring | Medium | Preview | Yes |
| [AGW-7 - Deploy backends in a zone-redundant configuration](#agw-7---deploy-backends-in-a-zone-redundant-configuration) | Availability | High | Preview | No |
| [AGW-8 - Plan for backend maintenance by using connection draining](#agw-8---plan-for-backend-maintenance-by-using-connection-draining) | Governance | Medium | Preview | No |
| [AGW-9 - Ensure Application Gateway Subnet is using a /24 subnet mask](#agw-9---ensure-application-gateway-subnet-is-using-a-24-subnet-mask) | Networking | High | Preview | Yes |

Expand Down Expand Up @@ -186,31 +185,6 @@ Using custom health probes can help with understand the availability of your bac

<br><br>

### AGW-7 - Deploy backends in a zone-redundant configuration

**Category: Availability**

**Impact: High**

**Guidance**

Deploying your backend services in a zone-aware configurations ensures that if a specific zone goes down that customers will still have access to the services as the other services located in other zones will still be available.

**Resources**

- [Well-Architected Framework Application Gateway Reliability](https://learn.microsoft.com/azure/well-architected/services/networking/azure-application-gateway#reliability)
- [Application Gateway V2 Overview](https://learn.microsoft.com/azure/application-gateway/overview-v2)

**Resource Graph Query**

{{< collapse title="Show/Hide Query/Script" >}}

{{< code lang="sql" file="code/agw-7/agw-7.kql" >}} {{< /code >}}

{{< /collapse >}}

<br><br>

### AGW-8 - Plan for backend maintenance by using connection draining

**Category: Governance**
Expand Down
2 changes: 2 additions & 0 deletions docs/content/services/networking/firewall/_index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@ The presented resiliency recommendations in this guidance include Firewall and a
| [AFW-2 - Monitor Azure Firewall metrics](#afw-2---monitor-azure-firewall-metrics) | Monitoring | Medium | Verified | Yes |
| [AFW-3 - Configure DDoS Protection on the Azure Firewall VNet](#afw-3---configure-ddos-protection-on-the-azure-firewall-vnet) | Access & Security | High | Verified | Yes |
| [AFW-4 - Leverage Azure Policy inheritance model](#afw-4---leverage-azure-policy-inheritance-model) | Governance | Medium | Verified | No |
| [AFW-5 - Configure 2-4 PIPs for SNAT Port utilization](#afw-5---configure-2-4-pips-for-snat-port-utilization) | Availability | Medium | Preview | No |
| [AFW-6 - Monitor AZFW Latency Probes metric](#afw-6---monitor-azfw-latency-probes-metric) | Monitoring | Medium | Preview | No |

{{< /table >}}

Expand Down
Loading

0 comments on commit 8192ea4

Please sign in to comment.