netAppAccounts
Summary
Details
Use the correct service level and volume quota size for the expected performance level
Impact: Medium Category: Scalability
APRL GUID: af426a99-62a6-6b4c-9662-42d220b413b8
Description:
Service levels, part of capacity pool attributes, determine the maximum throughput per volume quota in Azure NetApp Files. It combines read and write speed, offering three levels: Standard (16 MiB/s per 1TiB), Premium (64 MiB/s per 1TiB), and Ultra (128 MiB/s per 1TiB) throughput.
Potential Benefits:
Optimized performance and cost efficiency
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// cannot-be-validated-with-arg
Use standard network features for production in Azure NetApp Files
Impact: High Category: Scalability
APRL GUID: ab984130-c57b-6c4a-8d04-6723b4e1bdb6
Description:
Standard network feature in Azure NetApp Files enhances IP limits and VNet capabilities, including network security groups, user-defined routes on subnets, and diverse connectivity options.
Potential Benefits:
Enhanced connectivity and security
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// Azure Resource Graph Query
// This Resource Graph query will return all Azure NetApp Files volumes without standard network features.
resources
| where type =~ "microsoft.netapp/netappaccounts/capacitypools/volumes"
| where properties.networkFeatures != "Standard"
| project recommendationId = "ab984130-c57b-6c4a-8d04-6723b4e1bdb6", name, id, tags
Use availability zones for high availability in Azure NetApp Files
Impact: High Category: High Availability
APRL GUID: 47d100a5-7f85-5742-967a-67eb5081240a
Description:
Availability zones are distinct locations within an Azure region to withstand local failures. Deploy your workload in multiple availability zones and use application-based replication or Azure NetApp Files cross-zone replication to achieve high availability. Note that failover is a manual process.
Potential Benefits:
High Availability across availability zones
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// Azure Resource Graph Query
// This Resource Graph query will return all Azure NetApp Files volumes without an availability zone defined.
Resources
| where type =~ "Microsoft.NetApp/netAppAccounts/capacityPools/volumes"
| where location in~ ("australiaeast", "brazilsouth", "canadacentral", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "germanywestcentral", "israelcentral", "italynorth", "japaneast", "japanwest", "koreacentral", "mexicocentral", "newzealandnorth", "northeurope", "norwayeast", "polandcentral", "qatarcentral", "southafricanorth", "southcentralus", "southeastasia", "spaincentral", "swedencentral", "switzerlandnorth", "uaenorth", "uksouth", "westeurope", "westus2", "westus3", "usgovvirginia", "chinanorth3")
| where array_length(zones) == 0 or isnull(zones)
| project recommendationId = "47d100a5-7f85-5742-967a-67eb5081240a", name, id, tags
Deploy ANF volumes in the same availability zone with Azure compute and other services
Impact: High Category: Other Best Practices
APRL GUID: 8bb690e8-64d5-4838-8703-9ee3dbac688f
Description:
Azure NetApp Files' availability zone (AZ) volume placement feature lets you deploy volumes in the same AZ with Azure compute and other services to have within AZ latency and share the same AZ failure domain.
Potential Benefits:
Within AZ latency and tolerate failure of other AZ
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// cannot-be-validated-with-arg
Use snapshots for data protection in Azure NetApp Files
Impact: High Category: High Availability
APRL GUID: 72827434-c773-4345-9493-34848ddf5803
Description:
Azure NetApp Files snapshot technology ensures stability, scalability, and swift data recoverability without affecting performance. It supports automatic snapshot creation via policies for Azure NetApp Files data.
Potential Benefits:
Stable, scalable, swift recovery, no perf impact
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// Azure Resource Graph Query
// This Resource Graph query will return all Azure NetApp Files volumes without a snapshot policy defined.
resources
| where type == "microsoft.netapp/netappaccounts/capacitypools/volumes"
| where properties.dataProtection.snapshot.snapshotPolicyId == ""
| project recommendationId = "72827434-c773-4345-9493-34848ddf5803", name, id, tags
Enable backup for data protection in Azure NetApp Files
Impact: High Category: Disaster Recovery
APRL GUID: b2fb3e60-97ec-e34d-af29-b16a0d61c2ac
Description:
Azure NetApp Files offers a fully managed backup solution enhancing long-term recovery, archiving, and compliance.
Potential Benefits:
Enhances data recovery and compliance
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// Azure Resource Graph Query
// This Resource Graph query will return all Azure NetApp Files volumes without a backup policy defined.
resources
| where type == "microsoft.netapp/netappaccounts/capacitypools/volumes"
| where properties.dataProtection.backup.backupPolicyId == ""
| project recommendationId = "b2fb3e60-97ec-e34d-af29-b16a0d61c2ac", name, id, tags
Enable Cross-region replication of Azure NetApp Files volumes
Impact: High Category: Disaster Recovery
APRL GUID: e30317d2-c502-4dfe-a2d3-0a737cc79545
Description:
Azure NetApp Files replication offers data protection by allowing asynchronous cross-region volume replication for application failover in case of regional outages. Volumes can be replicated across regions, not concurrently with cross-zone replication. Note that failover is a manual process.
Potential Benefits:
Enhanced data protection and disaster recovery
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// Azure Resource Graph Query
// This Resource Graph query will return all Azure NetApp Files volumes without cross-region replication.
resources
| where type == "microsoft.netapp/netappaccounts/capacitypools/volumes"
| extend remoteVolumeRegion = properties.dataProtection.replication.remoteVolumeRegion
| extend volumeType = properties.volumeType
| extend replicationType = iff((remoteVolumeRegion == location), "CZR", iff((remoteVolumeRegion == ""),"n/a","CRR"))
| where replicationType != "CRR" and volumeType != "DataProtection"
| project recommendationId = "e30317d2-c502-4dfe-a2d3-0a737cc79545", name, id, tags
Enable Cross-zone replication of Azure NetApp Files volumes
Impact: High Category: Disaster Recovery
APRL GUID: e3d742e1-dacd-9b48-b6b1-510ec9f87c96
Description:
The cross-zone replication (CZR) feature enables asynchronous data replication between Azure NetApp Files volumes across different availability zones, ensuring data protection and critical application failover in case of zone-wide disasters. Note that failover is a manual process.
Potential Benefits:
Enhances disaster recovery across availability zones
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// Azure Resource Graph Query
// This Resource Graph query will return all Azure NetApp Files volumes without cross-zone replication.
resources
| where type == "microsoft.netapp/netappaccounts/capacitypools/volumes"
| where location in~ ("australiaeast", "brazilsouth", "canadacentral", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "germanywestcentral", "israelcentral", "italynorth", "japaneast", "japanwest", "koreacentral", "mexicocentral", "newzealandnorth", "northeurope", "norwayeast", "polandcentral", "qatarcentral", "southafricanorth", "southcentralus", "southeastasia", "spaincentral", "swedencentral", "switzerlandnorth", "uaenorth", "uksouth", "westeurope", "westus2", "westus3", "usgovvirginia", "chinanorth3")
| extend remoteVolumeRegion = properties.dataProtection.replication.remoteVolumeRegion
| extend volumeType = properties.volumeType
| extend replicationType = iff((remoteVolumeRegion == location), "CZR", iff((remoteVolumeRegion == ""),"n/a","CRR"))
| where replicationType != "CZR" and volumeType != "DataProtection"
| project recommendationId = "e3d742e1-dacd-9b48-b6b1-510ec9f87c96", name, id, tags
Monitor Azure NetApp Files metrics to better understand usage pattern and performance
Impact: Medium Category: Monitoring and Alerting
APRL GUID: 2f579fc9-e599-0d44-8b97-254f50ae04d8
Description:
Azure NetApp Files offers metrics like allocated storage, actual usage, volume IOPS, and latency, enabling a better understanding of usage patterns and volume performance for NetApp accounts.
Potential Benefits:
Optimize usage and performance
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// cannot-be-validated-with-arg
Enforce standards and assess compliance in Azure NetApp Files with Azure policy
Impact: Medium Category: Governance
APRL GUID: 687ae58f-517f-ca43-90fe-922497e61283
Description:
Azure NetApp Files supports Azure policy integration using either built-in policy definitions or by creating custom ones to maintain organizational standards and compliance.
Potential Benefits:
Enforce standards and assess compliance
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// cannot-be-validated-with-arg
Restrict default access to Azure NetApp Files volumes
Impact: Medium Category: Security
APRL GUID: cfa2244b-5436-47de-8287-b217875d3b0a
Description:
Access to the delegated subnet should be limited to specific Azure Virtual Networks. SMB-enabled volumes' share permissions should move away from 'Everyone/Full control'. NFS-enabled volumes' access needs to be controlled via export policies and/or NFSv4.1 ACLs.
Potential Benefits:
Enhanced security, Reduced data breach risk
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// cannot-be-validated-with-arg
Make use of SMB continuous availability for supported applications
Impact: High Category: High Availability
APRL GUID: d1e7ccc3-e6c1-40e9-a36e-fd134711c808
Description:
Certain SMB applications need SMB Transparent Failover for maintenance without interrupting server connectivity. Azure NetApp Files provides this through SMB Continuous Availability for applications like Citrix App Layering, FSLogix user/profile containers, Microsoft SQL Server, MSIX app attach.
Potential Benefits:
Zero downtime for SMB apps
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// cannot-be-validated-with-arg
Ensure application resilience for service maintenance events
Impact: Medium Category: High Availability
APRL GUID: 60f36f9b-fac9-4160-bbf5-57af04da4f53
Description:
Azure NetApp Files might undergo occasional planned maintenance such as platform updates or service and software upgrades. It's important to be aware of the application's resiliency settings to cope with these storage service maintenance events.
Potential Benefits:
Minimizes downtime during maintenance
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// cannot-be-validated-with-arg