Azure Advisor: Good practices for Microsoft Azure implementations
Microsoft Azure Advisor is a free service that helps us follow good practices and recommendations for optimization of our Microsoft Azure implementations, both for design or performance and also in security and costs. In specific, Advisor enables us to:
- Receive customized recommendations and best practices that are processable and proactive.
- Detect methods of reducing costs related with subscriptions to the Assure service.
- Improve performance, security and availability of the resources utilized.
Azure Advisor’s recommendations can be classified into the following 5 categories:
This displays recommendations that enable us to reduce the costs related with our services. The set of policies that are applied are:
- Optimize the expense of the virtual machine by modifying the size or by shutdown of underused instances.
- Reduce costs by deleting unsupplied ExpressRoute circuits.
- Reduce costs by deleting or reconfiguring gateways to interactive virtual networks.
- Purchase instances of virtual machines reserved for saving money on payper-use costs.
- Delete unassociated public IP addresses to save money.
- Delete Azure Data Factory pipelines that fail.
- Use standard snapshots for disks managed.
- Utilize lifecycle management.
- Create a recommendation for ephermal OS disk.
Azure Advisor considers shutdown the virtual machines when all these conditions are met:
- The 95th percentile of the maximum value for CPU use is less than 3%.
- Network usage is less than 2% in a seven-day period.
- Memory pressure is less than the threshold values.
Advisor considers changing the size of the virtual machines when it is possible to fit the current load into a smaller SKU (within the same SKU family) or in a smaller number of instances, so that:
- The current load does not exceed 80% of usage for workloads that are not intended for the user.
- The load does not exceed 40% for user-oriented workloads.
In addition to the recommendation, we have the action plan. When you select Quickfix, it displays to us a set of recommendations that we can run rapidly by selecting the service and clicking on Quickfix.
This displays security recommendations when security threats and vulnerabilities are detected in the services deployed. Advisor connects with the Security Center to display the security recommendations. The Security Center provides the rules that Advisor abides by to display its warnings.
We can select one of the recommendations to view details and steps to follow to resolve the possible incident or follow the recommendation.
One of the points that I find most interesting is that it shows us the query in Azure Resource Graph and the policy applied, and so we can reuse it in our daily work.
Reliability or high availability
This displays recommendations to guarantee high availability of the organization’s applications.
The recommendations, like the previous ones, depend on the Azure service deployed. Thus, in the following example it gives us recommendations for our storage.
Another example of how Advisor helps us is when we have a web service in App Service. In terms of availability, Advisor will recommend that we deploy a Traffic Manager service to guarantee availability of the site between 2 or more application services. Some of the rules that are assessed within Advisor are:
- Guarantee the fault tolerance of the virtual machine
- Guarantee availability, by establishing fault tolerance
- Use Managed Discs to improve data reliability
- A wellknown problem with the image version in Check Point Network Virtual Appliance
- Guarantee the fault tolerance of the application gateway
- Protect the data of your virtual machine from accidental deletion
- Create alerts for Azure service status so that you receive notifications when problems with Azure affect you
- Configure endpoints in Traffic Manager for resilience
- Utilize the temporary deletion in your Azure Storage account to save and recover data after accidental overwriting or deletion
- Configure your VPN gateway as activeactive for connection strength
- Use VPN gateways for production to run your production workloads
- Fix invalid log alert rules
- Configure the coherent indexing mode in your collection in Cosmos DB
- Configure your containers in Azure Cosmos DB with a partition key
- Update your .NET SDK in Azure Cosmos DB to the latest version of Nuget
- Update your Java SDK in Azure Cosmos DB to the latest version of Maven
- Update your Spark connector in Azure Cosmos DB to the latest version of Maven
- Enable virtual machine replication
This displays alerts and recommendations for performance of the services. Performance is more than CPU, memory, IOPS or network. We need to take into account all metrics and configuration elements that could detract from the experience of the end user.
Performance verifications consist of the following rules:
- Reduce the DNS TTL in your Traffic Manager profile in order to failover to healthy endpoints more rapidly.
- Improve database performance with SQL DB Advisor.
- Update your Storage Client Library to the latest version for better reliability and performance.
- Improve the performance and reliability of App Service.
- Use Managed Disks to prevent the limitation of disk I/O.
- Improve the performance and reliability of the disks of virtual machines by using Premium Storage.
- Eliminate the bias in your SQL Data Warehouse to increase query performance.
- Create or update statistics from outdated tables in SQL Data Warehouse to increase query performance.
- Scale in order to optimize the cachet in your tables in SQL Data Warehouse to increase query performance.
- Convert the tables in SQL Data Warehouse into replication tables to increase query performance.
- Migrate your storage account to Azure Resource Manager to obtain all the most recent features of Azure.
- Design your storage accounts to avoid reaching the maximum subscription limit
- Increase the size of your SKU in VNet Gateway to handle high P2S usage
- Increase the size of your SKU in VNet Gateway to handle high CPU usage
- Increase the batch size for loading to maximize loading performance, data compression and query performance.
- Colocate the storage account within the same region to minimize latency during loading
- An incompatible version of Kubernetes was detected
- Optimize the performance of your Azure MySQL, Azure PostgreSQL and Azure MariaDB servers
- Correct the CPU consumption of your Azure MySQL, Azure PostgreSQL and Azure MariaDB servers to prevent CPU bottlenecks
- Reduce the memory limits on your Azure MySQL, Azure PostgreSQL and Azure MariaDB servers or change to an SKU optimized for memory
- Use a read replica from Azure MySQL or Azure PostgreSQL to scale reads for readintensive workloads
- Scale your Azure MySQL, Azure PostgreSQL or Azure MariaDB server to a higher SKU to avoid connection restrictions
- Scale your cachet to a different size or SKU to improve cachet and application performance
- Add regions with traffic to your Azure Cosmos DB account
- Configure your indexing policy in Azure Cosmos DB with the client’s included or excluded paths
- Configure the query page size in Azure Cosmos DB (MaxItemCount) to -1
One of the main capabilities of Azure Advisor is the possibility of scheduling reports and creating alerts to notify the key users responsible for the infrastructure hosted on Azure.
For this purpose, we can go to Recommendation Digest in Advisor
From here, we select the subscription, frequency, category in Advisor and action group for the notification.
The Action Group is the interesting part since in addition to being able to have it send a report by email or many other forms such as SMS, etc.
You can also create an action, such as integration with an ITSM, a runbook, Logic App, etc., which enables us to call up automatic remediation actions.
You will receive emails like this, notifying you of the new report.
In the same manner, you can create an alert, although in this case it is in the Preview mode. To do so, we select Alerts – Create Alert.
And fill in the scope, conditions, action group and name of rule.
Now all you need is to start to use Advisor and make it part of that model of shared responsibility for Cloud solutions.