Azure Proactive Resiliency Library v2
Tools Glossary GitHub GitHub Issues Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

virtualMachineScaleSets

Summary

RecommendationImpactCategoryAutomation AvailableIn Azure Advisor
Deploy VMSS with Flex orchestration mode instead of UniformMediumScalabilityYesNo
Enable Azure Virtual Machine Scale Set Application Health MonitoringMediumMonitoring and AlertingYesYes
Enable Automatic Repair Policy on Azure Virtual Machine Scale SetsHighHigh AvailabilityYesYes
Configure VMSS Autoscale to custom and configure the scaling metricsHighScalabilityYesNo
Enable Predictive autoscale and configure at least for Forecast OnlyLowScalabilityYesNo
Disable Force strictly even balance across zones to avoid scale in and out fail attemptsHighHigh AvailabilityYesNo
Deploy VMSS across availability zones with VMSS FlexHighHigh AvailabilityYesNo
Upgrade VMSS Image versions scheduled to be deprecated or already retiredHighGovernanceNoYes

Details

Deploy VMSS with Flex orchestration mode instead of Uniform

Impact:  Medium Category:  Scalability

APRL GUID:  e7495e1c-0c75-0946-b266-b429b5c7f3bf

Description:

Deploying even single instance VMs into a scale set with Flexible orchestration mode future-proofs applications for scaling and availability. This mode guarantees high availability (up to 1000 VMs) by distributing VMs across fault domains in a region or within an Availability Zone.

Potential Benefits:

Higher scalability and availability
Learn More:
When to use VMSS instead of VMs
Azure Well-Architected Framework review - Virtual Machines and Scale Sets

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// Find all zonal VMs that are NOT deployed with Flex orchestration mode
resources
| where type == "microsoft.compute/virtualmachinescalesets"
| where properties.orchestrationMode != "Flexible"
| project recommendationId = "e7495e1c-0c75-0946-b266-b429b5c7f3bf", name, id, tags, param1 = strcat("orchestrationMode: ", tostring(properties.orchestrationMode))

Enable Azure Virtual Machine Scale Set Application Health Monitoring

Impact:  Medium Category:  Monitoring and Alerting

APRL GUID:  94794d2a-eff0-2345-9b67-6f9349d0a627

Description:

Monitoring application health in Azure Virtual Machine Scale Sets is crucial for deployment management. It supports rolling upgrades such as automatic OS-image upgrades and VM guest patching, leveraging health monitoring for upgrading.

Potential Benefits:

Enhances deployment management and upgrades
Learn More:
Using Application Health extension with Virtual Machine Scale Sets

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// Find all VMs that do NOT have health monitoring enabled
resources
| where type == "microsoft.compute/virtualmachinescalesets"
| join kind=leftouter  (
    resources
    | where type == "microsoft.compute/virtualmachinescalesets"
    | mv-expand extension=properties.virtualMachineProfile.extensionProfile.extensions
    | where extension.properties.type in ( "ApplicationHealthWindows", "ApplicationHealthLinux" )
    | project id
) on id
| where id1 == ""
| project recommendationId = "94794d2a-eff0-2345-9b67-6f9349d0a627", name, id, tags, param1 = "extension: null"

Enable Automatic Repair Policy on Azure Virtual Machine Scale Sets

Impact:  High Category:  High Availability

APRL GUID:  820f4743-1f94-e946-ae0b-45efafd87962

Description:

Enabling automatic instance repairs in Azure Virtual Machine Scale Sets enhances application availability through a continuous health check and maintenance process.

Potential Benefits:

Boosts app availability by auto-repair
Learn More:
Automatic instance repairs for Azure Virtual Machine Scale Sets

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// Find all VMs that do NOT have automatic repair policy enabled
resources
| where type == "microsoft.compute/virtualmachinescalesets"
| where properties.automaticRepairsPolicy.enabled == false
| project recommendationId = "820f4743-1f94-e946-ae0b-45efafd87962", name, id, tags, param1 = "automaticRepairsPolicy: Disabled"

Configure VMSS Autoscale to custom and configure the scaling metrics

Impact:  High Category:  Scalability

APRL GUID:  ee66ff65-9aa3-2345-93c1-25827cf79f44

Description:

Use custom autoscale for VMSS based on metrics and schedules to improve performance and cost effectiveness, adjusting instances as demand changes.

Potential Benefits:

Enhances performance and cost-efficiency
Learn More:
Get started with autoscale in Azure
Overview of autoscale in Azure

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// Find VMSS instances associated with autoscale settings when autoscale is disabled
resources
| where type == "microsoft.compute/virtualmachinescalesets"
| project name, id, tags
| join kind=leftouter  (
    resources
    | where type == "microsoft.insights/autoscalesettings"
    | where tostring(properties.targetResourceUri) contains "Microsoft.Compute/virtualMachineScaleSets"
    | project id = tostring(properties.targetResourceUri), autoscalesettings = properties
) on id
| where isnull(autoscalesettings) or autoscalesettings.enabled == "false"
| project recommendationId = "ee66ff65-9aa3-2345-93c1-25827cf79f44", name, id, tags, param1 = "autoscalesettings: Disabled"
| order by id asc

Enable Predictive autoscale and configure at least for Forecast Only

Impact:  Low Category:  Scalability

APRL GUID:  3f85a51c-e286-9f44-b4dc-51d00768696c

Description:

Predictive autoscale utilizes machine learning to efficiently manage and scale Azure Virtual Machine Scale Sets by forecasting CPU load through historical usage analysis, ensuring timely scale-out to meet demand.

Potential Benefits:

Optimizes scaling with ML predictions
Learn More:
Use predictive autoscale to scale out before load demands in virtual machine scale sets

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// Find VMSS instances associated with autoscale settings when predictiveAutoscalePolicy_scaleMode is disabled
resources
| where type == "microsoft.compute/virtualmachinescalesets"
| project name, id, tags
| join kind=leftouter  (
    resources
    | where type == "microsoft.insights/autoscalesettings"
    | where tostring(properties.targetResourceUri) contains "Microsoft.Compute/virtualMachineScaleSets"
    | project id = tostring(properties.targetResourceUri), autoscalesettings = properties
) on id
| where autoscalesettings.enabled == "true" and autoscalesettings.predictiveAutoscalePolicy.scaleMode == "Disabled"
| project recommendationId = "3f85a51c-e286-9f44-b4dc-51d00768696c", name, id, tags, param1 = "predictiveAutoscalePolicy_scaleMode: Disabled"
| order by id asc

Disable Force strictly even balance across zones to avoid scale in and out fail attempts

Impact:  High Category:  High Availability

APRL GUID:  b5a63aa0-c58e-244f-b8a6-cbba0560a6db

Description:

Microsoft advises disabling strictly even VM instance distribution across Availability Zones in VMSS to improve scalability and flexibility, noting that uneven distribution may better serve application load demands despite the potential trade-off in resilience.

Potential Benefits:

Improves scaling, reduces fail attempts
Learn More:
Use scale-in policies with Azure Virtual Machine Scale Sets

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// Find VMSS instances where strictly zoneBalance is set to True
resources
| where type == "microsoft.compute/virtualmachinescalesets"
| where properties.orchestrationMode == "Uniform" and properties.zoneBalance == true
| project recommendationId = "b5a63aa0-c58e-244f-b8a6-cbba0560a6db", name, id, tags, param1 = "strictly zoneBalance: Enabled"
| order by id asc

Deploy VMSS across availability zones with VMSS Flex

Impact:  High Category:  High Availability

APRL GUID:  1422c567-782c-7148-ac7c-5fc14cf45adc

Description:

When creating VMSS, implement availability zones as a protection measure for your applications and data against the rare event of datacenter failure.

Potential Benefits:

Enhances disaster resilience
Learn More:
Create a Virtual Machine Scale Set that uses Availability Zones
Update scale set to add availability zones

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// Find VMSS instances with one or no Zones selected
resources
| where type == "microsoft.compute/virtualmachinescalesets"
| where location in~ ("australiaeast", "brazilsouth", "canadacentral", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "germanywestcentral", "israelcentral", "italynorth", "japaneast", "japanwest", "koreacentral", "mexicocentral", "newzealandnorth", "northeurope", "norwayeast", "polandcentral", "qatarcentral", "southafricanorth", "southcentralus", "southeastasia", "spaincentral", "swedencentral", "switzerlandnorth", "uaenorth", "uksouth", "westeurope", "westus2", "westus3", "usgovvirginia", "chinanorth3")
| where array_length(zones) <= 1 or isnull(zones)
| project recommendationId = "1422c567-782c-7148-ac7c-5fc14cf45adc", name, id, tags, param1 = "AvailabilityZones: Single Zone"
| order by id asc

Upgrade VMSS Image versions scheduled to be deprecated or already retired

Impact:  High Category:  Governance

APRL GUID:  83d61669-7bd6-9642-a305-175db8adcdf4

Description:

Ensure current versions of images are in use to avoid disruption after image deprecation. Please review the publisher, offer, sku information of the VM to ensure you are running on a supported image. Enable Auto Guest Patching or Image Upgrades, to get notifications about image deprecation.

Potential Benefits:

Avoid disruptions by updating VMSS images.
Learn More:
Deprecated Azure Marketplace images

ARG Query:

Click the Azure Resource Graph tab to view the query

//cannot-be-validated-with-arg