Azure Proactive Resiliency Library v2
Tools Glossary GitHub GitHub Issues Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

netAppAccounts

Summary

RecommendationImpactCategoryAutomation AvailableIn Azure Advisor
Use the correct service level and volume quota size for the expected performance levelMediumScalabilityNoNo
Use standard network features for production in Azure NetApp FilesHighScalabilityYesNo
Use availability zones for high availability in Azure NetApp FilesHighHigh AvailabilityYesNo
Deploy ANF volumes in the same availability zone with Azure compute and other servicesHighOther Best PracticesNoNo
Use snapshots for data protection in Azure NetApp FilesHighHigh AvailabilityYesNo
Enable backup for data protection in Azure NetApp FilesHighDisaster RecoveryYesNo
Enable Cross-region replication of Azure NetApp Files volumesHighDisaster RecoveryYesNo
Enable Cross-zone replication of Azure NetApp Files volumesHighDisaster RecoveryYesNo
Monitor Azure NetApp Files metrics to better understand usage pattern and performanceMediumMonitoring and AlertingNoNo
Enforce standards and assess compliance in Azure NetApp Files with Azure policyMediumGovernanceNoNo
Restrict default access to Azure NetApp Files volumesMediumSecurityNoNo
Make use of SMB continuous availability for supported applicationsHighHigh AvailabilityNoYes
Ensure application resilience for service maintenance eventsMediumHigh AvailabilityNoNo

Details


Use the correct service level and volume quota size for the expected performance level

Impact:  Medium Category:  Scalability

APRL GUID:  af426a99-62a6-6b4c-9662-42d220b413b8

Description:

Service levels, part of capacity pool attributes, determine the maximum throughput per volume quota in Azure NetApp Files. It combines read and write speed, offering three levels: Standard (16 MiB/s per 1TiB), Premium (64 MiB/s per 1TiB), and Ultra (128 MiB/s per 1TiB) throughput.

Potential Benefits:

Optimized performance and cost efficiency
Learn More:
Service levels for Azure NetApp Files | Microsoft Learn

ARG Query:

Click the Azure Resource Graph tab to view the query

// cannot-be-validated-with-arg



Use standard network features for production in Azure NetApp Files

Impact:  High Category:  Scalability

APRL GUID:  ab984130-c57b-6c4a-8d04-6723b4e1bdb6

Description:

Standard network feature in Azure NetApp Files enhances IP limits and VNet capabilities, including network security groups, user-defined routes on subnets, and diverse connectivity options.

Potential Benefits:

Enhanced connectivity and security
Learn More:
Guidelines for Azure NetApp Files network planning | Microsoft Learn

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// This Resource Graph query will return all Azure NetApp Files volumes without standard network features.
resources
| where type =~ "microsoft.netapp/netappaccounts/capacitypools/volumes"
| where properties.networkFeatures != "Standard"
| project recommendationId = "ab984130-c57b-6c4a-8d04-6723b4e1bdb6", name, id, tags



Use availability zones for high availability in Azure NetApp Files

Impact:  High Category:  High Availability

APRL GUID:  47d100a5-7f85-5742-967a-67eb5081240a

Description:

Availability zones are distinct locations within an Azure region to withstand local failures. Deploy your workload in multiple availability zones and use application-based replication or Azure NetApp Files cross-zone replication to achieve high availability. Note that failover is a manual process.

Potential Benefits:

High Availability across availability zones
Learn More:
Use availability zones for high availability in Azure NetApp Files | Microsoft Learn

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// This Resource Graph query will return all Azure NetApp Files volumes without an availability zone defined.
Resources
| where type =~ "Microsoft.NetApp/netAppAccounts/capacityPools/volumes"
| where location in~ ("australiaeast", "brazilsouth", "canadacentral", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "germanywestcentral", "israelcentral", "italynorth", "japaneast", "japanwest", "koreacentral", "mexicocentral", "newzealandnorth", "northeurope", "norwayeast", "polandcentral", "qatarcentral", "southafricanorth", "southcentralus", "southeastasia", "spaincentral", "swedencentral", "switzerlandnorth", "uaenorth", "uksouth", "westeurope", "westus2", "westus3", "usgovvirginia", "chinanorth3")
| where array_length(zones) == 0 or isnull(zones)
| project recommendationId = "47d100a5-7f85-5742-967a-67eb5081240a", name, id, tags



Deploy ANF volumes in the same availability zone with Azure compute and other services

Impact:  High Category:  Other Best Practices

APRL GUID:  8bb690e8-64d5-4838-8703-9ee3dbac688f

Description:

Azure NetApp Files' availability zone (AZ) volume placement feature lets you deploy volumes in the same AZ with Azure compute and other services to have within AZ latency and share the same AZ failure domain.

Potential Benefits:

Within AZ latency and tolerate failure of other AZ
Learn More:
Manage availability zone volume placement for Azure NetApp Files | Microsoft Learn

ARG Query:

Click the Azure Resource Graph tab to view the query

// cannot-be-validated-with-arg


Use snapshots for data protection in Azure NetApp Files

Impact:  High Category:  High Availability

APRL GUID:  72827434-c773-4345-9493-34848ddf5803

Description:

Azure NetApp Files snapshot technology ensures stability, scalability, and swift data recoverability without affecting performance. It supports automatic snapshot creation via policies for Azure NetApp Files data.

Potential Benefits:

Stable, scalable, swift recovery, no perf impact
Learn More:
How Azure NetApp Files snapshots work | Microsoft Learn

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// This Resource Graph query will return all Azure NetApp Files volumes without a snapshot policy defined.
resources
| where type == "microsoft.netapp/netappaccounts/capacitypools/volumes"
| where properties.dataProtection.snapshot.snapshotPolicyId == ""
| project recommendationId = "72827434-c773-4345-9493-34848ddf5803", name, id, tags



Enable backup for data protection in Azure NetApp Files

Impact:  High Category:  Disaster Recovery

APRL GUID:  b2fb3e60-97ec-e34d-af29-b16a0d61c2ac

Description:

Azure NetApp Files offers a fully managed backup solution enhancing long-term recovery, archiving, and compliance.

Potential Benefits:

Enhances data recovery and compliance
Learn More:
Understand Azure NetApp Files backup | Microsoft Learn

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// This Resource Graph query will return all Azure NetApp Files volumes without a backup policy defined.
resources
| where type == "microsoft.netapp/netappaccounts/capacitypools/volumes"
| where properties.dataProtection.backup.backupPolicyId == ""
| project recommendationId = "b2fb3e60-97ec-e34d-af29-b16a0d61c2ac", name, id, tags


Enable Cross-region replication of Azure NetApp Files volumes

Impact:  High Category:  Disaster Recovery

APRL GUID:  e30317d2-c502-4dfe-a2d3-0a737cc79545

Description:

Azure NetApp Files replication offers data protection by allowing asynchronous cross-region volume replication for application failover in case of regional outages. Volumes can be replicated across regions, not concurrently with cross-zone replication. Note that failover is a manual process.

Potential Benefits:

Enhanced data protection and disaster recovery
Learn More:
Cross-region replication of Azure NetApp Files volumes

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// This Resource Graph query will return all Azure NetApp Files volumes without cross-region replication.
resources
| where type == "microsoft.netapp/netappaccounts/capacitypools/volumes"
| extend remoteVolumeRegion = properties.dataProtection.replication.remoteVolumeRegion
| extend volumeType = properties.volumeType
| extend replicationType = iff((remoteVolumeRegion == location), "CZR", iff((remoteVolumeRegion == ""),"n/a","CRR"))
| where replicationType != "CRR" and volumeType != "DataProtection"
| project recommendationId = "e30317d2-c502-4dfe-a2d3-0a737cc79545", name, id, tags



Enable Cross-zone replication of Azure NetApp Files volumes

Impact:  High Category:  Disaster Recovery

APRL GUID:  e3d742e1-dacd-9b48-b6b1-510ec9f87c96

Description:

The cross-zone replication (CZR) feature enables asynchronous data replication between Azure NetApp Files volumes across different availability zones, ensuring data protection and critical application failover in case of zone-wide disasters. Note that failover is a manual process.

Potential Benefits:

Enhances disaster recovery across availability zones
Learn More:
Cross-zone replication of Azure NetApp Files volumes | Microsoft Learn

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// This Resource Graph query will return all Azure NetApp Files volumes without cross-zone replication.
resources
| where type == "microsoft.netapp/netappaccounts/capacitypools/volumes"
| where location in~ ("australiaeast", "brazilsouth", "canadacentral", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "germanywestcentral", "israelcentral", "italynorth", "japaneast", "japanwest", "koreacentral", "mexicocentral", "newzealandnorth", "northeurope", "norwayeast", "polandcentral", "qatarcentral", "southafricanorth", "southcentralus", "southeastasia", "spaincentral", "swedencentral", "switzerlandnorth", "uaenorth", "uksouth", "westeurope", "westus2", "westus3", "usgovvirginia", "chinanorth3")
| extend remoteVolumeRegion = properties.dataProtection.replication.remoteVolumeRegion
| extend volumeType = properties.volumeType
| extend replicationType = iff((remoteVolumeRegion == location), "CZR", iff((remoteVolumeRegion == ""),"n/a","CRR"))
| where replicationType != "CZR" and volumeType != "DataProtection"
| project recommendationId = "e3d742e1-dacd-9b48-b6b1-510ec9f87c96", name, id, tags



Monitor Azure NetApp Files metrics to better understand usage pattern and performance

Impact:  Medium Category:  Monitoring and Alerting

APRL GUID:  2f579fc9-e599-0d44-8b97-254f50ae04d8

Description:

Azure NetApp Files offers metrics like allocated storage, actual usage, volume IOPS, and latency, enabling a better understanding of usage patterns and volume performance for NetApp accounts.

Potential Benefits:

Optimize usage and performance
Learn More:
Ways to monitor Azure NetApp Files | Microsoft Learn

ARG Query:

Click the Azure Resource Graph tab to view the query

// cannot-be-validated-with-arg



Enforce standards and assess compliance in Azure NetApp Files with Azure policy

Impact:  Medium Category:  Governance

APRL GUID:  687ae58f-517f-ca43-90fe-922497e61283

Description:

Azure NetApp Files supports Azure policy integration using either built-in policy definitions or by creating custom ones to maintain organizational standards and compliance.

Potential Benefits:

Enforce standards and assess compliance
Learn More:
Azure Policy definitions for Azure NetApp Files | Microsoft Learn
Creating custom policy definitions | Microsoft Learn

ARG Query:

Click the Azure Resource Graph tab to view the query

// cannot-be-validated-with-arg



Restrict default access to Azure NetApp Files volumes

Impact:  Medium Category:  Security

APRL GUID:  cfa2244b-5436-47de-8287-b217875d3b0a

Description:

Access to the delegated subnet should be limited to specific Azure Virtual Networks. SMB-enabled volumes' share permissions should move away from 'Everyone/Full control'. NFS-enabled volumes' access needs to be controlled via export policies and/or NFSv4.1 ACLs.

Potential Benefits:

Enhanced security, Reduced data breach risk
Learn More:
Configure network features for an Azure NetApp Files volume
Manage SMB share ACLs in Azure NetApp Files
Configure export policy for NFS or dual-protocol volumes
Configure access control lists on NFSv4.1 volumes for Azure NetApp Files
Configure Unix permissions and change ownership mode for NFS and dual-protocol volumes

ARG Query:

Click the Azure Resource Graph tab to view the query

// cannot-be-validated-with-arg



Make use of SMB continuous availability for supported applications

Impact:  High Category:  High Availability

APRL GUID:  d1e7ccc3-e6c1-40e9-a36e-fd134711c808

Description:

Certain SMB applications need SMB Transparent Failover for maintenance without interrupting server connectivity. Azure NetApp Files provides this through SMB Continuous Availability for applications like Citrix App Layering, FSLogix user/profile containers, Microsoft SQL Server, MSIX app attach.

Potential Benefits:

Zero downtime for SMB apps
Learn More:
Do I need to take special precautions for SMB-based applications? | Microsoft Learn

ARG Query:

Click the Azure Resource Graph tab to view the query

// cannot-be-validated-with-arg



Ensure application resilience for service maintenance events

Impact:  Medium Category:  High Availability

APRL GUID:  60f36f9b-fac9-4160-bbf5-57af04da4f53

Description:

Azure NetApp Files might undergo occasional planned maintenance such as platform updates or service and software upgrades. It's important to be aware of the application's resiliency settings to cope with these storage service maintenance events.

Potential Benefits:

Minimizes downtime during maintenance
Learn More:
What do you recommend for handling potential application disruptions due to storage service maintenance events? | Microsoft Learn

ARG Query:

Click the Azure Resource Graph tab to view the query

// cannot-be-validated-with-arg