diff --git a/.github/scripts/schemas/aprl-schema.yaml b/.github/scripts/schemas/aprl-schema.yaml index 9ad99c7df..0b8b9c1e9 100644 --- a/.github/scripts/schemas/aprl-schema.yaml +++ b/.github/scripts/schemas/aprl-schema.yaml @@ -16,7 +16,7 @@ recommendation: potentialBenefits: str(max=60) pgVerified: bool() automationAvailable: bool() - tags: null() + tags: any(enum('AI','AVD', 'AVS', 'HPC', 'SAP'), null()) learnMoreLink: list(include('linkItem'), required=False, min=1) linkItem: diff --git a/azure-specialized-workloads/avd/recommendations.yaml b/azure-specialized-workloads/avd/recommendations.yaml index 614b2e469..d5b79f40c 100644 --- a/azure-specialized-workloads/avd/recommendations.yaml +++ b/azure-specialized-workloads/avd/recommendations.yaml @@ -3,14 +3,14 @@ recommendationTypeId: null recommendationControl: Governance recommendationImpact: High - recommendationResourceType: Specialized.Workload/AVD + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Disabled longDescription: | Set up Service Health alerts so that you stay aware of service issues, planned maintenance, or other changes that might affect your Azure Virtual Desktop resources. Use Resource Health to monitor your VMs and storage solutions. potentialBenefits: Enhanced AVD error tracking and resolution pgVerified: true automationAvailable: true - tags: null + tags: AVD learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/azure/well-architected/azure-virtual-desktop/monitoring#resource-health" @@ -20,14 +20,14 @@ recommendationTypeId: null recommendationControl: MonitoringAndAlerting recommendationImpact: High - recommendationResourceType: Specialized.Workload/AVD + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Configure AVD insights workbook template to monitor and troubleshoot AVD workloads across metrics, logs, events, and more. Both Production and DR workloads should be enabled with AVD Insights. potentialBenefits: Enhanced AVD monitoring and troubleshooting pgVerified: true automationAvailable: false - tags: null + tags: AVD learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/azure/virtual-desktop/insights?tabs=monitor" @@ -37,14 +37,14 @@ recommendationTypeId: null recommendationControl: DisasterRecovery recommendationImpact: Low - recommendationResourceType: Specialized.Workload/AVD + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Having separate Log Analytics ensures that your DR environment is fully operational for visibility of the metrics, performance, and other auditing tools your workload teams will rely on in the event of an incident. potentialBenefits: Improved DR visibility and operation pgVerified: true automationAvailable: false - tags: null + tags: AVD learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/azure/virtual-desktop/diagnostics-log-analytics" @@ -54,14 +54,14 @@ recommendationTypeId: null recommendationControl: Governance recommendationImpact: Low - recommendationResourceType: Specialized.Workload/AVD + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Follow AVD Landing Zone best practices using multiple resource groups based on resource type and associated shared resources for AVD workloads. potentialBenefits: Enhanced organization and scalability pgVerified: true automationAvailable: false - tags: null + tags: AVD learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/azure-virtual-desktop/enterprise-scale-landing-zone" @@ -71,7 +71,7 @@ recommendationTypeId: null recommendationControl: DisasterRecovery recommendationImpact: Low - recommendationResourceType: Specialized.Workload/AVD + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Monitor and plan for subscription limits and API throttling limits. Keep track of resource usage within your subscription. Consider scaling across multiple subscriptions if further scaling is required. @@ -79,7 +79,7 @@ potentialBenefits: Avoids limits, ensures smooth scaling pgVerified: true automationAvailable: false - tags: null + tags: AVD learnMoreLink: - name: Capacity Planning url: "https://learn.microsoft.com/azure/well-architected/azure-virtual-desktop/business-continuity#capacity-planning" @@ -91,14 +91,14 @@ recommendationTypeId: null recommendationControl: HighAvailability recommendationImpact: High - recommendationResourceType: Specialized.Workload/AVD + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Active Directory Domain Services (AD DS) integrated DNS/other should target Secondary/Tertiary customer DNS across multi-region zones. If using custom DNS, ensure there are redundant DNS servers to avoid a single point of failure. potentialBenefits: Improves uptime & resilience pgVerified: true automationAvailable: false - tags: null + tags: AVD learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/azure/architecture/example-scenario/azure-virtual-desktop/azure-virtual-desktop-multi-region-bcdr" @@ -108,14 +108,14 @@ recommendationTypeId: null recommendationControl: DisasterRecovery recommendationImpact: High - recommendationResourceType: Specialized.Workload/AVD + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | It is recommended to adopt a multi-region deployment (active-active or active-passive) for AVD. Each region should contain at least identity, name resolution, AVD management resources, and session hosts in case of a primary region outage. potentialBenefits: Enhanced resilience and uptime pgVerified: true automationAvailable: false - tags: null + tags: AVD learnMoreLink: - name: Multi-region BCDR url: "https://learn.microsoft.com/azure/architecture/example-scenario/wvd/azure-virtual-desktop-multi-region-bcdr" @@ -127,14 +127,14 @@ recommendationTypeId: null recommendationControl: Scalability recommendationImpact: Medium - recommendationResourceType: Specialized.Workload/AVD + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | To maximize capacity and performance scaling it is recommended to creat only one file share per Azure files storage account, with this approach the single file share will be able to grow to the maximum capacities of the storage account. potentialBenefits: Enhanced scaling and performance pgVerified: true automationAvailable: false - tags: null + tags: AVD learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/azure/storage/files/storage-files-scale-targets" @@ -144,14 +144,14 @@ recommendationTypeId: null recommendationControl: Scalability recommendationImpact: Medium - recommendationResourceType: Specialized.Workload/AVD + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | To maximize capacity and performance scaling of the file share service and avoid user's profile contention, it is recommended to create one file share target and FSLogix setup per host pool. potentialBenefits: Enhanced performance pgVerified: true automationAvailable: false - tags: null + tags: AVD learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/azure/virtual-desktop/create-host-pools-user-profile" @@ -161,14 +161,14 @@ recommendationTypeId: null recommendationControl: HighAvailability recommendationImpact: Medium - recommendationResourceType: Specialized.Workload/AVD + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | It is recommended to enable backup on the FSLogix Storage Account. Ensuring the user profiles are resilient will allow user data and experience to be consistent through outages. potentialBenefits: Ensures data resilience and consistency pgVerified: true automationAvailable: false - tags: null + tags: AVD learnMoreLink: - name: FSLogix url: "https://learn.microsoft.com/fslogix/overview-what-is-fslogix" @@ -180,14 +180,14 @@ recommendationTypeId: null recommendationControl: OtherBestPractices recommendationImpact: Medium - recommendationResourceType: Specialized.Workload/AVD + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | RDP Shortpath establishes a direct UDP-based connection between a client and the session host. By default, RDP tries to use UDP and falls back to TCP if needed. UDP transport offers better connection reliability and consistent latency. potentialBenefits: Better reliability and consistent latency pgVerified: true automationAvailable: false - tags: null + tags: AVD learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/azure/virtual-desktop/rdp-shortpath?tabs=managed-networks" @@ -197,14 +197,14 @@ recommendationTypeId: null recommendationControl: Governance recommendationImpact: Medium - recommendationResourceType: Specialized.Workload/AVD + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Ensure AVD session hosts can communicate with the AVD control plane and that UDP ports are open if used. Validate VM connectivity to the AVD Control Plane and confirm UDP TURN port accessibility. Whitelist global URLs and ensure UDP/TURN ports are open for smooth user connections. potentialBenefits: Enhanced performance & user experience pgVerified: true automationAvailable: false - tags: null + tags: AVD learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/azure/virtual-desktop/troubleshoot-rdp-shortpath" @@ -216,7 +216,7 @@ recommendationTypeId: null recommendationControl: Security recommendationImpact: Low - recommendationResourceType: Specialized.Workload/AVD + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Hybrid - Entra ID Connect best to run in Azure but can be hosted on-prem. Secondary or more VMs should be setup in staging mode in event of failover. @@ -224,7 +224,7 @@ potentialBenefits: Improved failover reliability pgVerified: true automationAvailable: false - tags: null + tags: AVD learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/entra/identity/hybrid/connect/how-to-connect-install-multiple-domains" @@ -234,14 +234,14 @@ recommendationTypeId: null recommendationControl: HighAvailability recommendationImpact: Medium - recommendationResourceType: Specialized.Workload/AVD + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | For high availability connections back to on-premises data centers should consider backup paths across the regions that have been utilized. Ensure redundancy in routing by having a secondary route table in the secondary region. potentialBenefits: Enhanced availability & routing pgVerified: true automationAvailable: false - tags: null + tags: AVD learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering#need-for-redundant-connectivity-solution" @@ -251,14 +251,14 @@ recommendationTypeId: null recommendationControl: BusinessContinuity recommendationImpact: Medium - recommendationResourceType: Specialized.Workload/AVD + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | NSG and ASG per AVD persona and IP space per Prod/DR regions. Plan IP addressing to avoid overlaps between on-premises and Azure regions, preventing major contention challenges. potentialBenefits: Enhances security and prevents IP conflicts pgVerified: true automationAvailable: false - tags: null + tags: AVD learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing" @@ -268,14 +268,14 @@ recommendationTypeId: null recommendationControl: OtherBestPractices recommendationImpact: Medium - recommendationResourceType: Specialized.Workload/AVD + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Ensure Route Tables have static routes for session host traffic targeting the AVD control plane to go directly to the internet (next hop). This avoids delays from additional hops or inspections in trusted traffic communication. potentialBenefits: Enhanced performance and Disaster Recovery pgVerified: true automationAvailable: false - tags: null + tags: AVD learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/azure/virtual-network/service-tags-overview" @@ -287,14 +287,14 @@ recommendationTypeId: null recommendationControl: Governance recommendationImpact: Low - recommendationResourceType: Specialized.Workload/AVD + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Establish a process for handling image updates in your AVD environment. Instead of updating session hosts directly, create a new version of the updated image. This involves creating and configuring a golden image with the necessary updates and configurations. potentialBenefits: Ensures consistency; minimizes drift pgVerified: true automationAvailable: false - tags: null + tags: AVD learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/training/modules/create-manage-session-host-image/" @@ -304,14 +304,14 @@ recommendationTypeId: null recommendationControl: Governance recommendationImpact: Medium - recommendationResourceType: Specialized.Workload/AVD + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Ensure all session hosts have the standard FSLogix configuration deployed. Regularly validate settings for consistency and alignment with best practices. potentialBenefits: Optimized session reliability and performance pgVerified: true automationAvailable: false - tags: null + tags: AVD learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/fslogix/reference-configuration-settings?tabs=profiles" @@ -321,7 +321,7 @@ recommendationTypeId: null recommendationControl: Security recommendationImpact: Medium - recommendationResourceType: Specialized.Workload/AVD + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Verify user permissions are correctly set on SMB shares so that users have appropriate access to only their own profile and not other user profiles, while administrators have full access at the root volume. Also ensure secondary storage path permissions are set in case of a DR event. @@ -338,14 +338,14 @@ recommendationTypeId: null recommendationControl: MonitoringAndAlerting recommendationImpact: Medium - recommendationResourceType: Specialized.Workload/AVD + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Configure diagnostic settings on FSLogix storage and regularly monitor its metrics and logs for errors. While events can be reviewed locally on the Session Host, it is recommended to use AVD insights workbook to consolidate this information into a Log Analytics workspace. potentialBenefits: Enhanced AVD error tracking and resolution pgVerified: true automationAvailable: false - tags: null + tags: AVD learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/fslogix/troubleshooting-events-logs-diagnostics" @@ -357,14 +357,14 @@ recommendationTypeId: null recommendationControl: Governance recommendationImpact: Low - recommendationResourceType: Specialized.Workload/AVD + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Ensure a process to regularly check and update FSLogix agent. Upgrade to the latest version promptly to address bugs and meet support requirements. FSLogix releases hotfixes to resolve issues impacting deployments. Keeping FSLogix updated is crucial for support and reliability. potentialBenefits: Enhanced reliability & support pgVerified: true automationAvailable: false - tags: null + tags: AVD learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/fslogix/how-to-install-fslogix" @@ -374,7 +374,7 @@ recommendationTypeId: null recommendationControl: HighAvailability recommendationImpact: Medium - recommendationResourceType: Specialized.Workload/AVD + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Turn on Continuous Availability if using Azure Netapp Files. @@ -382,7 +382,7 @@ potentialBenefits: Enhanced stability & user limit checks pgVerified: true automationAvailable: false - tags: null + tags: AVD learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/azure/virtual-desktop/app-attach-overview?pivots=msix-app-attach" @@ -392,14 +392,14 @@ recommendationTypeId: null recommendationControl: DisasterRecovery recommendationImpact: Medium - recommendationResourceType: Specialized.Workload/AVD + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | App Attach packages should be on a separate share from profiles and backed up. Requirements vary based on the number of packaged applications. Test your applications to understand your needs. Ensure the file share is in the same Azure region as your session hosts. potentialBenefits: Enhances performance and scalability pgVerified: true automationAvailable: false - tags: null + tags: AVD learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/azure/virtual-desktop/app-attach-overview?pivots=msix-app-attach" @@ -409,14 +409,14 @@ recommendationTypeId: null recommendationControl: DisasterRecovery recommendationImpact: High - recommendationResourceType: Specialized.Workload/AVD + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | To ensure continuous availability and disaster recovery readiness, provision a secondary Key Vault in a secondary region. In case of a primary region failure, the secondary Key Vault will ensure critical secrets remain accessible for deployments in the secondary region. potentialBenefits: Ensures DR readiness and access pgVerified: true automationAvailable: false - tags: null + tags: AVD learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/azure/key-vault/general/disaster-recovery-guidance" @@ -426,14 +426,14 @@ recommendationTypeId: null recommendationControl: DisasterRecovery recommendationImpact: High - recommendationResourceType: Specialized.Workload/AVD + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Deploy multiple domain controllers on Azure VMs across availability zones with AVD session hosts. This removes on-premises dependencies and improves performance with a shorter authentication path. This doesn't apply to Microsoft Entra ID or Entra Domain Services joined session hosts. potentialBenefits: Enhanced identity resilience pgVerified: true automationAvailable: false - tags: null + tags: AVD learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/azure/architecture/example-scenario/azure-virtual-desktop/azure-virtual-desktop-multi-region-bcdr" @@ -443,14 +443,14 @@ recommendationTypeId: null recommendationControl: HighAvailability recommendationImpact: High - recommendationResourceType: Specialized.Workload/AVD + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Deploy custom DNS servers on Azure VMs across availability zones in the same region as session hosts. This removes on-premises dependencies and improves performance by shortening the name resolution path. potentialBenefits: Enhanced reliability and performance pgVerified: true automationAvailable: false - tags: null + tags: AVD learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/azure/architecture/example-scenario/identity/adds-extend-domain#reliability" diff --git a/azure-specialized-workloads/avs/recommendations.yaml b/azure-specialized-workloads/avs/recommendations.yaml index 81818ca8a..673585d6b 100644 --- a/azure-specialized-workloads/avs/recommendations.yaml +++ b/azure-specialized-workloads/avs/recommendations.yaml @@ -3,14 +3,14 @@ recommendationTypeId: null recommendationControl: HighAvailability recommendationImpact: High - recommendationResourceType: Specialized.Workload/AVS + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Use the Interconnect feature for direct communication between private clouds in different availability zones, enabling connectivity between the private clouds management and workload networks. potentialBenefits: Enhanced private cloud connectivity pgVerified: true automationAvailable: false - tags: null + tags: AVS learnMoreLink: - name: Connect Private Clouds in the same region url: "https://learn.microsoft.com/en-us/azure/azure-vmware/connect-multiple-private-clouds-same-region" @@ -20,14 +20,14 @@ recommendationTypeId: null recommendationControl: Security recommendationImpact: High - recommendationResourceType: Specialized.Workload/AVS + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Ensure two external identity sources are configured for NSX and vCenter Server. The VMware vCenter Server and NSX Manager use these for authentication with external identities. potentialBenefits: Continuous login access during maintenances pgVerified: true automationAvailable: false - tags: null + tags: AVS learnMoreLink: - name: Set an external identity source for vCenter url: "https://learn.microsoft.com/en-us/azure/azure-vmware/configure-identity-source-vcenter" @@ -39,14 +39,14 @@ recommendationTypeId: null recommendationControl: HighAvailability recommendationImpact: High - recommendationResourceType: Specialized.Workload/AVS + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Enable Network Extension High Availability for appliance failure tolerance in HCX service. It pairs selected appliances for Active Standby configuration, ensuring high availability and quick recovery, keeping configurations in-service despite failures. potentialBenefits: Improves HCX service continuity pgVerified: true automationAvailable: false - tags: null + tags: AVS learnMoreLink: - name: HCX Network extension high availability url: "https://learn.microsoft.com/en-us/azure/azure-vmware/configure-hcx-network-extension-high-availability" @@ -58,14 +58,14 @@ recommendationTypeId: null recommendationControl: OtherBestPractices recommendationImpact: High - recommendationResourceType: Specialized.Workload/AVS + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Do not extend the network used by the HCX Management devices to ensure the network's security and stability. potentialBenefits: Enhanced network safety and performance pgVerified: true automationAvailable: false - tags: null + tags: AVS learnMoreLink: - name: Requirements for Network Extension url: "https://docs.vmware.com/en/VMware-HCX/4.8/hcx-user-guide/GUID-0C746416-850E-46F7-85DD-4D4326A23785.html" @@ -75,14 +75,14 @@ recommendationTypeId: null recommendationControl: HighAvailability recommendationImpact: High - recommendationResourceType: Specialized.Workload/AVS + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | The Azure VMware Solution's service SLA is influenced by vSAN storage policies, which change based on cluster size. For clusters over 6 hosts, an FTT-2 policy (RAID-1 or RAID-6) is advised. FTT refers to the Fault Tolerance feature. potentialBenefits: Enhanced cluster reliability pgVerified: true automationAvailable: false - tags: null + tags: AVS learnMoreLink: - name: Use fault domains url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/application-platform#use-fault-domains" @@ -94,14 +94,14 @@ recommendationTypeId: null recommendationControl: HighAvailability recommendationImpact: High - recommendationResourceType: Specialized.Workload/AVS + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Microsoft suggests using two or more ExpressRoute circuits at distinct peering locations for critical workloads. Connect these circuits and your Azure VMware Solutions private clouds using Global Reach. potentialBenefits: Enhanced circuit resilience for Azure VMware pgVerified: true automationAvailable: false - tags: null + tags: AVS learnMoreLink: - name: APRL guidance for ExpressRoute circuits url: "https://azure.github.io/Azure-Proactive-Resiliency-Library/services/networking/expressroute-circuits" @@ -113,14 +113,14 @@ recommendationTypeId: null recommendationControl: HighAvailability recommendationImpact: High - recommendationResourceType: Specialized.Workload/AVS + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Azure VMware Solution vSAN stretched clusters cover 2 Availability Zones plus a third for witness. Use ExpressRoute for added resilience by deploying two circuits in different locations. With Global Reach, create a mesh topology by connecting on-premises circuits to Azure's managed circuits. potentialBenefits: Enhanced resilience and connectivity pgVerified: true automationAvailable: false - tags: null + tags: AVS learnMoreLink: - name: Deploy vSAN streched cluster url: "https://learn.microsoft.com/en-us/azure/azure-vmware/deploy-vsan-stretched-clusters#deploy-a-stretched-cluster-private-cloud" @@ -130,14 +130,14 @@ recommendationTypeId: null recommendationControl: DisasterRecovery recommendationImpact: High - recommendationResourceType: Specialized.Workload/AVS + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Two Azure VMware Solution private clouds can be deployed in different regions for business continuity, implementing a mesh network topology based on ExpressRoute Gateway Connections and Global Reach Connections. potentialBenefits: Enhanced disaster recovery pgVerified: true automationAvailable: false - tags: null + tags: AVS learnMoreLink: - name: Private Clouds in two regions url: "https://learn.microsoft.com/en-us/azure/azure-vmware/move-azure-vmware-solution-across-regions" diff --git a/azure-specialized-workloads/hpc/recommendations.yaml b/azure-specialized-workloads/hpc/recommendations.yaml index 6dcf99bf1..61b9e9da5 100644 --- a/azure-specialized-workloads/hpc/recommendations.yaml +++ b/azure-specialized-workloads/hpc/recommendations.yaml @@ -3,14 +3,14 @@ recommendationTypeId: null recommendationControl: HighAvailability recommendationImpact: High - recommendationResourceType: Specialized.Workload/HPC + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Currently in all HPC Pack ARM templates we create the cluster share on one of the head node which is not highly available. potentialBenefits: Enhances job metadata availability pgVerified: false automationAvailable: false - tags: null + tags: HPC learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#hpc-pack-cluster-shares" @@ -20,14 +20,14 @@ recommendationTypeId: null recommendationControl: Scalability recommendationImpact: Medium - recommendationResourceType: Specialized.Workload/HPC + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | By deploying Azure "burst" nodes (both Windows and Linux) in your HPC Pack cluster or creating your HPC Pack cluster in Azure, you can automatically grow or shrink the cluster's resources such as nodes or cores according to the workload on the cluster. potentialBenefits: Efficient, uninterrupted execution pgVerified: false automationAvailable: false - tags: null + tags: HPC learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-auto-grow-shrink?view=hpc19-ps" @@ -37,14 +37,14 @@ recommendationTypeId: null recommendationControl: HighAvailability recommendationImpact: Medium - recommendationResourceType: Specialized.Workload/HPC + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Establish a cluster with a minimum of two head nodes. In the event of a head node failure, the active HPC Service will be automatically transferred from the affected head node to another functioning one. potentialBenefits: Enhanced reliability for HPC pgVerified: false automationAvailable: false - tags: null + tags: HPC learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#dealing-with-head-node-failure" @@ -54,14 +54,14 @@ recommendationTypeId: null recommendationControl: HighAvailability recommendationImpact: High - recommendationResourceType: Specialized.Workload/HPC + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | When HPC failed to connect to the Domain controller, admin and user will not be able to connect to the HPC Service thus not able to manage and submit jobs to the cluster. potentialBenefits: Enhanced reliability and job management pgVerified: false automationAvailable: false - tags: null + tags: HPC learnMoreLink: - name: Learn More url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#dealing-with-ad-failure" diff --git a/azure-specialized-workloads/sap/recommendations.yaml b/azure-specialized-workloads/sap/recommendations.yaml index 106101788..0ca7ff2d8 100644 --- a/azure-specialized-workloads/sap/recommendations.yaml +++ b/azure-specialized-workloads/sap/recommendations.yaml @@ -3,14 +3,14 @@ recommendationTypeId: null recommendationControl: HighAvailability recommendationImpact: High - recommendationResourceType: Specialized.Workload/SAP + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Use Azure Availability Zones to protect SAP systems against data center failures. Ensure high availability by deploying across multiple zones. If deployment across zones isn't possible, refer to Microsoft's guidance for high availability options for SAP workloads. potentialBenefits: High availability for SAP systems pgVerified: true automationAvailable: false - tags: null + tags: SAP learnMoreLink: - name: SAP ACSS Quality Insights url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" @@ -28,14 +28,14 @@ recommendationTypeId: null recommendationControl: HighAvailability recommendationImpact: High - recommendationResourceType: Specialized.Workload/SAP + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Use VMSS Flex to distribute VMs across zones and fault domains. Follow Microsoft's SAP workload recommendations for settings. If not using VMSS Flex or Availability Sets, consider migrating to VMSS Flex for improved resiliency. Refer to the provided blog post for migration details. potentialBenefits: Enhanced resiliency for SAP on Azure pgVerified: true automationAvailable: false - tags: null + tags: SAP learnMoreLink: - name: OpenSource Inventory Checks url: "https://aka.ms/ACESInventoryCheckSAP" @@ -51,14 +51,14 @@ recommendationTypeId: 58d6648d-32e8-4346-827c-4f288dd8ca24 recommendationControl: HighAvailability recommendationImpact: High - recommendationResourceType: Specialized.Workload/SAP + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | For single-instance VMs, both OS and data disks must be either Premium SSD or Ultra Disk to achieve the single-instance SLA of 99.9% availability. potentialBenefits: Higher SLA of 99.9% with SSDs pgVerified: true automationAvailable: true - tags: null + tags: SAP learnMoreLink: - name: SAP ACSS Insights url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" @@ -76,14 +76,14 @@ recommendationTypeId: null recommendationControl: HighAvailability recommendationImpact: High - recommendationResourceType: Specialized.Workload/SAP + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | High availability for databases should be implemented using database native replication technologies and the data should be replicated synchronously that is in SYNC mode from primary database to a stand-by node. potentialBenefits: Ensures high availability for SAP data pgVerified: true automationAvailable: false - tags: null + tags: SAP learnMoreLink: - name: SAP ACSS Insights url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" @@ -95,7 +95,7 @@ recommendationTypeId: null recommendationControl: HighAvailability recommendationImpact: High - recommendationResourceType: Specialized.Workload/SAP + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | SAP shared file systems such as /sapmnt, /usr/trans, interfaces should be made highly available. @@ -103,7 +103,7 @@ potentialBenefits: Enhanced data availability for SAP pgVerified: true automationAvailable: false - tags: null + tags: SAP learnMoreLink: - name: OpenSource Inventory Checks url: "https://aka.ms/ACESInventoryCheckSAP" @@ -113,14 +113,14 @@ recommendationTypeId: null recommendationControl: HighAvailability recommendationImpact: High - recommendationResourceType: Specialized.Workload/SAP + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Test high availability solutions thoroughly, including kernel panic in Linux VMs and fail-back. Ensure zonal failure scenarios for each SAP layer (database, central services, application servers, shared file systems) are zone redundant, meet RPO = 0, and fail over automatically within your RTO. potentialBenefits: Ensures SAP Azure's failover reliability pgVerified: true automationAvailable: false - tags: null + tags: SAP learnMoreLink: - name: Test Cases url: "https://learn.microsoft.com/en-us/azure/sap/workloads/sap-hana-high-availability?tabs=lb-portal#test-the-cluster-setup" @@ -130,14 +130,14 @@ recommendationTypeId: null recommendationControl: HighAvailability recommendationImpact: High - recommendationResourceType: Specialized.Workload/SAP + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Use the migrate command in a Linux Pacemaker cluster to create a temporary "prefer" location constraint, moving a resource to a specified node for maintenance or testing. This constraint is temporary and should be removed after the task to revert to the original cluster configuration. potentialBenefits: Enhanced maintenance and failover handling pgVerified: true automationAvailable: false - tags: null + tags: SAP learnMoreLink: - name: OpenSource Inventory Checks url: "https://aka.ms/ACESInventoryCheckSAP" @@ -147,14 +147,14 @@ recommendationTypeId: null recommendationControl: DisasterRecovery recommendationImpact: Medium - recommendationResourceType: Specialized.Workload/SAP + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Ensure compute resource availability for critical VM roles in a DR region using a warm standby approach or Azure's On-demand Capacity Reservation. Warm standby keeps VMs running in the DR region, while On-demand Capacity Reservation reserves compute capacity without running VMs. potentialBenefits: Guarantees DR region availability pgVerified: true automationAvailable: false - tags: null + tags: SAP learnMoreLink: - name: Capacity Reservation url: "https://learn.microsoft.com/en-us/azure/virtual-machines/capacity-reservation-overview" @@ -164,14 +164,14 @@ recommendationTypeId: null recommendationControl: DisasterRecovery recommendationImpact: High - recommendationResourceType: Specialized.Workload/SAP + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Replicate production databases (ASYNC) to the DR location using the database vendor's replication technology. potentialBenefits: Enhanced DR resilience pgVerified: true automationAvailable: false - tags: null + tags: SAP learnMoreLink: - name: SAP Disaster Recovery Guide url: "https://learn.microsoft.com/en-us/azure/sap/workloads/disaster-recovery-sap-guide?tabs=windows" @@ -181,14 +181,14 @@ recommendationTypeId: null recommendationControl: DisasterRecovery recommendationImpact: High - recommendationResourceType: Specialized.Workload/SAP + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | SAP components such as (A)SCS, application servers, WebDispatchers, etc are backed up to DR location using an appropriate backup tool or ASR. potentialBenefits: Ensures SAP data safety and recovery pgVerified: true automationAvailable: false - tags: null + tags: SAP learnMoreLink: - name: SAP ACSS Insights url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" @@ -200,14 +200,14 @@ recommendationTypeId: null recommendationControl: DisasterRecovery recommendationImpact: High - recommendationResourceType: Specialized.Workload/SAP + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Implement robust monitoring and alerting for DR in SAP on Azure to cover its complex, multi-layer architecture. This is crucial for databases, services, applications, and shared systems. potentialBenefits: Enhances SAP DR oversight pgVerified: true automationAvailable: false - tags: null + tags: SAP learnMoreLink: - name: DR Guidance url: "https://learn.microsoft.com/en-us/azure/sap/workloads/disaster-recovery-sap-guide?tabs=windows" @@ -217,14 +217,14 @@ recommendationTypeId: null recommendationControl: DisasterRecovery recommendationImpact: Medium - recommendationResourceType: Specialized.Workload/SAP + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Automate the build of disaster recovery (DR) infrastructure (or pre-deploy DR resources) and streamline SAP service recovery as much as possible. potentialBenefits: Faster SAP recovery, reduced downtime pgVerified: true automationAvailable: false - tags: null + tags: SAP learnMoreLink: - name: DR Guidance url: "https://learn.microsoft.com/en-us/azure/sap/workloads/disaster-recovery-sap-guide?tabs=windows" @@ -234,14 +234,14 @@ recommendationTypeId: null recommendationControl: DisasterRecovery recommendationImpact: Medium - recommendationResourceType: Specialized.Workload/SAP + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Document DR procedures for each SAP layer: database, central services, application servers, and shared file systems. Include configuration, failover mechanisms, and recovery steps. Test various failure scenarios to ensure the DR strategy meets RPO/RTO targets and provides seamless failover. potentialBenefits: Ensures robust DR, meets RPO/RTO pgVerified: true automationAvailable: false - tags: null + tags: SAP learnMoreLink: - name: DR Guidance url: "https://learn.microsoft.com/en-us/azure/sap/workloads/disaster-recovery-sap-guide?tabs=windows" @@ -251,14 +251,14 @@ recommendationTypeId: null recommendationControl: DisasterRecovery recommendationImpact: Medium - recommendationResourceType: Specialized.Workload/SAP + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Implement robust monitoring and alerting for SAP on Azure, covering DR for databases, central services, applications, and shared file systems. Given SAP's complexity, a comprehensive monitoring strategy is crucial for effective DR replication and rapid issue response. potentialBenefits: Improved DR oversight and rapid issue response pgVerified: true automationAvailable: false - tags: null + tags: SAP learnMoreLink: - name: DR Guidance url: "https://learn.microsoft.com/en-us/azure/sap/workloads/disaster-recovery-sap-guide?tabs=windows" @@ -268,14 +268,14 @@ recommendationTypeId: null recommendationControl: MonitoringAndAlerting recommendationImpact: High - recommendationResourceType: Specialized.Workload/SAP + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Scheduled events notify about upcoming maintenance (e.g., reboot) to limit disruption. Configure for all critical Azure VMs. Use the azure-events-az resource agent in Pacemaker clusters to monitor and react to events like Reboot and Redeploy, ensuring high availability. potentialBenefits: Proactive maintenance awareness pgVerified: true automationAvailable: false - tags: null + tags: SAP learnMoreLink: - name: VM Scheduled Events url: "https://learn.microsoft.com/en-us/azure/virtual-machines/linux/scheduled-events" @@ -287,14 +287,14 @@ recommendationTypeId: null recommendationControl: HighAvailability recommendationImpact: High - recommendationResourceType: Specialized.Workload/SAP + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | For the ASCS-Pacemaker (Central Server Instance), ensure that the Pacemaker cluster configuration parameters are correctly set up for SAP ASCS high availability. potentialBenefits: Enhances SAP ASCS uptime pgVerified: true automationAvailable: false - tags: null + tags: SAP learnMoreLink: - name: SAP ACSS Insights url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" @@ -308,14 +308,14 @@ recommendationTypeId: null recommendationControl: HighAvailability recommendationImpact: High - recommendationResourceType: Specialized.Workload/SAP + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | For the ASCS-LB (Central Server Instance), ensure that the load balancer is configured correctly for SAP ASCS high availability. potentialBenefits: Enhanced HA for SAP ASCS pgVerified: true automationAvailable: false - tags: null + tags: SAP learnMoreLink: - name: SAP ACSS Insights url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" @@ -329,14 +329,14 @@ recommendationTypeId: null recommendationControl: HighAvailability recommendationImpact: High - recommendationResourceType: Specialized.Workload/SAP + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | For the DBHANA-Pacemaker (Database Instance), ensure that the Pacemaker cluster configuration parameters are correctly set up for SAP HANA database high availability. potentialBenefits: Enhances SAP HANA DB uptime pgVerified: true automationAvailable: false - tags: null + tags: SAP learnMoreLink: - name: SAP ACSS Insights url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" @@ -350,14 +350,14 @@ recommendationTypeId: null recommendationControl: HighAvailability recommendationImpact: High - recommendationResourceType: Specialized.Workload/SAP + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | For the DBHANA-LB (Database Instance), make sure the load balancer is configured correctly for SAP HANA database high availability. potentialBenefits: Enhanced DB availability pgVerified: true automationAvailable: false - tags: null + tags: SAP learnMoreLink: - name: SAP ACSS Insights url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" @@ -371,14 +371,14 @@ recommendationTypeId: null recommendationControl: HighAvailability recommendationImpact: High - recommendationResourceType: Specialized.Workload/SAP + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Ensure high availability of SAP with Azure NetApp Files by setting proper timeout values to prevent disruptions. Review the documentation to confirm your configuration meets the recommended timeout values. potentialBenefits: Improve resiliency and performance of SAP on Azure pgVerified: true automationAvailable: false - tags: null + tags: SAP learnMoreLink: - name: SAP on Azure NetApp Planning Guide url: "https://learn.microsoft.com/en-us/azure/sap/workloads/planning-guide-storage#azure-netapp-files" @@ -388,14 +388,14 @@ recommendationTypeId: null recommendationControl: Scalability recommendationImpact: High - recommendationResourceType: Specialized.Workload/SAP + recommendationResourceType: Microsoft.Subscription/subscriptions recommendationMetadataState: Active longDescription: | Ensure optimal disk types and configurations for data and log volumes, meeting IOPS and throughput requirements. Follow Microsoft's recommendations for disk caching, WriteAccelerator, stripe size, and Linux I/O Scheduler. Use SAP on Azure QualityCheck tool to identify deviations. potentialBenefits: Improve reliability, performance and optimize costs pgVerified: true automationAvailable: false - tags: null + tags: SAP learnMoreLink: - name: High-availability SAP NetWeaver with simple mount and NFS on SLES for SAP Applications VMs url: "https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-nfs-simple-mount?tabs=lb-portal%2Censa1" diff --git a/docs/archetypes/azure-resource-type/recommendations.yaml b/docs/archetypes/azure-resource-type/recommendations.yaml index 293b6e3e6..03c3d0dd4 100644 --- a/docs/archetypes/azure-resource-type/recommendations.yaml +++ b/docs/archetypes/azure-resource-type/recommendations.yaml @@ -11,7 +11,7 @@ potentialBenefits: Potential Benefits of Implementing the Recommendation (less than 60 characters) pgVerified: false automationAvailable: false - tags: null + tags: null/AI/AVD/AVS/HPC/SAP learnMoreLink: - name: Learn More url: "Link URL" @@ -20,6 +20,7 @@ aprlGuid: Generate a Unique GUID for Your Recommendation recommendationTypeId: null recommendationControl: HighAvailability/BusinessContinuity/DisasterRecovery/Scalability/MonitoringAndAlerting/ServiceUpgradeAndRetirement/OtherBestPractices/Personalized/Governance/Security + recommendationImpact: Low/Medium/High recommendationResourceType: Friendly name to identity resource type recommendationMetadataState: Active longDescription: | @@ -28,7 +29,7 @@ potentialBenefits: Potential Benefits of Implementing the Recommendation (less than 60 characters) pgVerified: false automationAvailable: false - tags: null + tags: null/AI/AVD/AVS/HPC/SAP learnMoreLink: - name: Learn More url: "Link URL" diff --git a/docs/archetypes/azure-specialized-workload/recommendations.yaml b/docs/archetypes/azure-specialized-workload/recommendations.yaml index 82d9f02ea..03c3d0dd4 100644 --- a/docs/archetypes/azure-specialized-workload/recommendations.yaml +++ b/docs/archetypes/azure-specialized-workload/recommendations.yaml @@ -11,7 +11,7 @@ potentialBenefits: Potential Benefits of Implementing the Recommendation (less than 60 characters) pgVerified: false automationAvailable: false - tags: null + tags: null/AI/AVD/AVS/HPC/SAP learnMoreLink: - name: Learn More url: "Link URL" @@ -29,7 +29,7 @@ potentialBenefits: Potential Benefits of Implementing the Recommendation (less than 60 characters) pgVerified: false automationAvailable: false - tags: null + tags: null/AI/AVD/AVS/HPC/SAP learnMoreLink: - name: Learn More url: "Link URL" diff --git a/docs/content/contributing/create-content/create-recommendations/_index.md b/docs/content/contributing/create-content/create-recommendations/_index.md index fcd9be249..c6feb947b 100644 --- a/docs/content/contributing/create-content/create-recommendations/_index.md +++ b/docs/content/contributing/create-content/create-recommendations/_index.md @@ -77,7 +77,7 @@ The YAML structure for adding new recommendations consists of several key-value | potentialBenefits | Enhanced data redundancy and boosts availability | String | The length should be less than 60 characters | The potential benefits of implementing the recommendation | | pgVerified | false | Boolean | true, false | Indicates whether the recommendation is verified by the relevant product group | | automationAvailable | false| Boolean | true, false | Indicates whether automation is available for validating the recommendation | -| tags | null | String | null | Generalized tags used for incorporating fields to automate | +| tags | null | String | null, AI, AVD, AVS, HPC, SAP | Indicates which type of specialized workload the recommendation is associated to. | | learnMoreLink | - name: Learn More url: "" | Object | Only 1 link per recommendation | Links related to the recommendation, such as announcements or documentation | ### Recommendation Categories