How to Maintain Well-Architected-Framework on Cloud
How to make sure our workload in the cloud is secure, reliable. How to monitor the cost of your cloud resources consumption? Is there any automation you can do to remind you of your cloud budget expenses, future expected cost? Is there any on-click quick fix to terminate underutilized virtual machines. Well the answer to all of these questions is Microsoft Azure Advisor. Yes, you guessed it I will talk about azure advisor in this article. This is an important topic so stay tuned.
Azure Well-Architected Framework & Review
Azure well-architected framework provides architectural best practices across the five pillars for designing and operating systems in the cloud. Those 5 pillars are as follows:
- Operational Excellence
- Performance
- Cost
- Reliable
- Secure
Microsoft has a well architected review that will give you recommendations that customers can focus on. It will include existing workload and recommend things to learn and implement to improve.
Azure Advisor
Azure advisor gives recommendations to all cloud resources based on a well architected framework. You can access Azure Advisor recommendations as an owner, contributor, or reader of a subscription. Once moving workload on the cloud. Azure advisor is your personal advisor to keep you workload standout on 5 pillars of a well architected framework.
Overall Advisor Score for C-Level Executives
Azure Advisor shows overall score this is the high level view for your entire resources present within the subscription. The higher the score the healthier your technical portfolio is. This is the number that is more likely you will show to your CTO.
Creating Advisory Automatic Alerts
Checking these recommendations given by Azure Advisor manually is not a great idea. Therefore, you must create automatic alerts in Azure Advisor. These alerts can do various actions including sending sms, emails to core team or even calling webhook to create tickets in zendesk.
You can even create a digest for a given subscription and select the desired 5 pillars and weekly you will get a summary of Azure advisor recommendations.
How do you know Advisor score is good?
You can check the score history by monthly/weekly or days and understand if the score is increasing or decreasing by benchmarking it.
The best way to increase score is by:
- Split your workload that is business critical and make it more reliable by following all recommendations and tradeoff on cost.
- Split your workload by environment for production/non-production subscriptions. For a development/test environment, cut your cost and trade off on reliability.
How to improve Cloud Advisor Score?
You must go to the Azure Advisor and check all of the 5 tabs related to the 5 pillars of a well architected framework and follow the quick fix and recommendations to improve your score.
Here are the proposed recommendations that you should follow in order to make your system adhere to a well architected framework.
Operational Excellence
Operational excellence recommendations in Azure Advisor can help you with:
- Process and workflow efficiency.
- Resource manageability.
- Deployment best practices.
Below are the recommendations that you can see in the Operational Excellence tab of the Advisor dashboard.
- Azure Policy recommendations like add tags, restrict creating resources to certain regions etc.
- Design your storage account to prevent reaching the maximum subscription limit.
- Enable traffic analytics to view insights into traffic patterns across azure resources.
- Increase vCPU limits for your deployments for Pay-As-You-Go subscription.
Performance
The performance recommendations in Azure Advisor can help improve the speed and responsiveness of your business-critical applications.
- Reduce DNS TTL (time-to-live) on your traffic manager profile to fail over to healthy endpoints faster.
- Improve database performance based on usage history
- Upgrade library to latest versions for better reliability and performance example storage client library version.
- Use managed disks to prevent disk I/O throttling
- Improved VM performance and reliability using premium storage that gives SSD I/o-intensive disk for low-latency high IOPS.
- Improve MySQL connection management by reducing the number of short-lived connections and eliminating unnecessary idle connections.
- Use ARM template for template deployment, security
Cost
Here are some examples of the recommendations given by Azure advisor to save your cloud cost.
Potential Yearly Savings | What to do? | Impacted Resources |
1864 USD | Right Size or Shutdown underutilized virtual machines. CPU utilization < 5% | 2 Virtual Machine |
80 USD | Delete Public IP address not associated to a running Azure resource | 2 Public IP Address |
Reliability / High Availability Recommendations
Potential Benefits | What to do? | Impacted Resources |
Ensure Business Continuity through VM resilience | Add more VM for improved Fault Tolerant | Availability Set |
Improved Data Resilience and Performance | Enable VM backup to protect your data from corruption and accidental deletion | Virtual Machine |
Ensure Business Continuity | Use Multiple AZ for data center level disaster | Availability Zone |
Save and Recover your data when blobs or blob snapshots are accidentally overwritten or deleted | Enable soft delete to protect your blob data | Storage Account |
Security
Potential Benefits | What to do? | Impacted Resources |
Prevent potential security breaches | Web apps should request an SSL certificate for all incoming requests | 8 App Services |
Prevent potential security breaches | Private endpoint should be configured for key vault | 3 Key Vaults |
Prevent potential security breaches | Azure Cosmos DB accounts should have firewall rules | 1 Cosmos DB account |
Prevent potential security breaches | Storage account public access should be disallowed | 2 Storage Accounts |
Prevent potential security breaches | Storage accounts should restrict network access using Virtual Network Rules | 2 Storage Accounts |
Prevent potential security breaches | Virtual Network should be protected by Azure Firewall | 1 Virtual Network |
Prevent potential security breaches | Diagnostic logs in Search Services should be enabled | 1 Search Service |
Thanks for reading my article till end. I hope you learned something special today. If you enjoyed this article then please share to your friends and if you have suggestions or thoughts to share with me then please write in the comment box.
Rupesh Tiwari
Founder of Fullstack Master
Email: rupesh.tiwari.info@gmail.com
Website: RupeshTiwari.com