How to Maintain Well-Architected-Framework on Cloud

4 minute read

How to make sure our workload in the cloud is secure, reliable. How to monitor the cost of your cloud resources consumption? Is there any automation you can do to remind you of your cloud budget expenses, future expected cost? Is there any on-click quick fix to terminate underutilized virtual machines. Well the answer to all of these questions is Microsoft Azure Advisor. Yes, you guessed it I will talk about azure advisor in this article. This is an important topic so stay tuned.

Azure Well-Architected Framework & Review

Azure well-architected framework provides architectural best practices across the five pillars for designing and operating systems in the cloud.  Those 5 pillars are as follows:

  • Operational Excellence
  • Performance
  • Cost
  • Reliable
  • Secure

Microsoft has a well architected review that will give you recommendations that customers can focus on. It will include existing workload and recommend things to learn and implement to improve.

Azure Advisor

Azure advisor gives recommendations to all cloud resources based on a well architected framework. You can access Azure Advisor recommendations as an owner, contributor, or reader of a subscription. Once moving workload on the cloud. Azure advisor is your personal advisor to keep you workload standout on 5 pillars of a well architected framework.

Overall Advisor Score for C-Level Executives

Azure Advisor shows overall score this is the high level view for your entire resources present within the subscription. The higher the score the healthier your technical portfolio is. This is the number that is more likely you will show to your CTO.

Creating Advisory Automatic Alerts

Checking these recommendations given by Azure Advisor manually is not a great idea. Therefore, you must create automatic alerts in Azure Advisor. These alerts can do various actions including sending sms, emails to core team or even calling webhook to create tickets in zendesk.

You can even create a digest for a given subscription and select the desired 5 pillars and weekly you will get a summary of Azure advisor recommendations.

How do you know Advisor score is good?

You can check the score history by monthly/weekly or days and understand if the score is increasing or decreasing by benchmarking it.

The best way to increase score is by:

  • Split your workload that is business critical and make it more reliable by following all recommendations and tradeoff on cost.
  • Split your workload by environment for production/non-production subscriptions. For a development/test environment, cut your cost and trade off on reliability.

How to improve Cloud Advisor Score?

You must go to the Azure Advisor and check all of the 5 tabs related to the 5 pillars of a well architected framework and follow the quick fix and recommendations to improve your score.

Here are the proposed recommendations that you should follow in order to make your system adhere to a well architected framework.

Operational Excellence

Operational excellence recommendations in Azure Advisor can help you with:

  • Process and workflow efficiency.
  • Resource manageability.
  • Deployment best practices.

Below are the recommendations that you can see in the Operational Excellence tab of the Advisor dashboard.

  • Azure Policy recommendations like add tags, restrict creating resources to certain regions etc.
  • Design your storage account to prevent reaching the maximum subscription limit.
  • Enable traffic analytics to view insights into traffic patterns across azure resources.
  • Increase vCPU limits for your deployments for Pay-As-You-Go subscription.

Performance

The performance recommendations in Azure Advisor can help improve the speed and responsiveness of your business-critical applications.

  • Reduce DNS TTL (time-to-live) on your traffic manager profile to fail over to healthy endpoints faster.
  • Improve database performance based on usage history
  • Upgrade library to latest versions for better reliability and performance example storage client library version.
  • Use managed disks to prevent disk I/O throttling
  • Improved VM performance and reliability using premium storage that gives SSD I/o-intensive disk for low-latency high IOPS.
  • Improve MySQL connection management by reducing the number of short-lived connections and eliminating unnecessary idle connections.
  • Use ARM template for template deployment, security

Cost

Here are some examples of the recommendations given by Azure advisor to save your cloud cost.

Potential Yearly Savings What to do? Impacted Resources
1864 USD Right Size or Shutdown underutilized virtual machines. CPU utilization < 5% 2 Virtual Machine
80 USD Delete Public IP address not associated to a running Azure resource 2 Public IP Address

Reliability / High Availability Recommendations

Potential Benefits What to do? Impacted Resources
Ensure Business Continuity through VM resilience Add more VM for improved Fault Tolerant Availability Set
Improved Data Resilience and Performance Enable VM backup to protect your data from corruption and accidental deletion Virtual Machine
Ensure Business Continuity Use Multiple AZ for data center level disaster Availability Zone
Save and Recover your data when blobs or blob snapshots are accidentally overwritten or deleted Enable soft delete to protect your blob data Storage Account

Security

Potential Benefits What to do? Impacted Resources
Prevent potential security breaches Web apps should request an SSL certificate for all incoming requests 8 App Services
Prevent potential security breaches Private endpoint should be configured for key vault 3 Key Vaults
Prevent potential security breaches Azure Cosmos DB accounts should have firewall rules 1 Cosmos DB account
Prevent potential security breaches Storage account public access should be disallowed 2 Storage Accounts
Prevent potential security breaches Storage accounts should restrict network access using Virtual Network Rules 2 Storage Accounts
Prevent potential security breaches Virtual Network should be protected by Azure Firewall 1 Virtual Network
Prevent potential security breaches Diagnostic logs in Search Services should be enabled 1 Search Service

Thanks for reading my article till end. I hope you learned something special today. If you enjoyed this article then please share to your friends and if you have suggestions or thoughts to share with me then please write in the comment box.

💖 Say 👋 to me!
Rupesh Tiwari
Founder of Fullstack Master
Email: rupesh.tiwari.info@gmail.com
Website: RupeshTiwari.com