Azure Proactive Resiliency Library v2
Tools Glossary GitHub GitHub Issues Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

trafficManagerProfiles

Summary

RecommendationImpactCategoryAutomation AvailableIn Azure Advisor
Traffic Manager Monitor Status Should be OnlineHighHigh AvailabilityYesNo
Traffic manager profiles should have more than one endpointMediumHigh AvailabilityYesYes
Ensure endpoint configured to (All World) for geographic profilesHighDisaster RecoveryYesYes
Avoid combining Traffic Manager and Front DoorHighBusiness ContinuityYesNo

Details

Traffic Manager Monitor Status Should be Online

Impact:  High Category:  High Availability

APRL GUID:  f05a3e6d-49db-2740-88e2-2b13706c1f67

Description:

Monitor status should be online to ensure failover for application workload. If Traffic Manager's health shows Degraded, one or more endpoints may also be Degraded.

Potential Benefits:

Ensures failover functionality
Learn More:
Azure Traffic Manager endpoint monitoring
Enable or disable health checks
Troubleshooting degraded state on Azure Traffic Manager

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// Find traffic manager profiles that have an endpoint monitor status of not 'Online'
resources
| where type == "microsoft.network/trafficmanagerprofiles"
| mv-expand properties.endpoints
| where properties_endpoints.properties.endpointMonitorStatus != "Online"
| project recommendationId = "f05a3e6d-49db-2740-88e2-2b13706c1f67", name, id, tags, param1 = strcat('Profile name: ',properties_endpoints.name), param2 = strcat('endpointMonitorStatus: ', properties_endpoints.properties.endpointMonitorStatus)

Traffic manager profiles should have more than one endpoint

Impact:  Medium Category:  High Availability

APRL GUID:  5b422a7f-8caa-3d48-becb-511599e5bba9

Description:

When configuring the Azure traffic manager, provision at least two endpoints to ensure workloads can fail-over to another instance, enhancing reliability and availability.

Potential Benefits:

Enhances failover capabilities
Learn More:
Traffic Manager Endpoint Types

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// Find traffic manager profiles that have less than 2 endpoints
resources
| where type == "microsoft.network/trafficmanagerprofiles"
| where array_length(properties.endpoints) < 2
| project recommendationId = "5b422a7f-8caa-3d48-becb-511599e5bba9", name, id, tags, param1 = strcat('EndpointCount: ', array_length(properties.endpoints))

Ensure endpoint configured to (All World) for geographic profiles

Impact:  High Category:  Disaster Recovery

APRL GUID:  c31f76a0-48cd-9f44-aa43-99ee904db9bc

Description:

For geographic routing, traffic is directed to endpoints based on specific regions. If a region fails, without a predefined failover, configuring an endpoint to "All (World)" for geographic profiles can prevent traffic black holes, ensuring service remains available.

Potential Benefits:

Avoids traffic black holing, ensures availability
Learn More:
Add an endpoint configured to "All (World)"
Traffic Manager profile - GeographicProfile (Add an endpoint configured to ""All (World)"").

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// Provides a list of Traffic Manager resources that are not confirgured for all-World access
Resources
| where type == 'microsoft.network/trafficmanagerprofiles'
| where properties.trafficRoutingMethod =~ "Geographic"
| extend endpoints = properties.endpoints
| mv-expand endpoint = endpoints
| where endpoint.properties.geoMapping !contains "WORLD"
| extend endpointName = endpoint.name
| project recommendationId="c31f76a0-48cd-9f44-aa43-99ee904db9bc", name, id, tags, param1=strcat("endpointName:",endpointName), param2=strcat("GeoMapping:", tostring(endpoint.properties.geoMapping))

Avoid combining Traffic Manager and Front Door

Impact:  High Category:  Business Continuity

APRL GUID:  9437634c-d69e-2747-b13e-631c13182150

Description:

For most solutions, choose either Azure Front Door for content caching, CDN, TLS termination, and WAF, or Traffic Manager for simple global load balancing.

Potential Benefits:

Optimized network routing and security
Learn More:
Azure Load Balancing Options
Azure Traffic Manager
Azure Front Door
Mission-critical global content delivery

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// Avoid combining Traffic Manager and Front Door
resources
| where type == "microsoft.network/trafficmanagerprofiles"
| mvexpand(properties.endpoints)
| extend endpoint=tostring(properties_endpoints.properties.target)
| project name, trafficmanager=id, matchname=endpoint, tags
| join (
    resources
    | where type =~ "microsoft.cdn/profiles/afdendpoints"
    | extend matchname= tostring(properties.hostName)
    | extend splitid=split(id, "/")
    | extend frontdoorid=tolower(strcat_array(array_slice(splitid, 0, 8), "/"))
    | project name, id, matchname, frontdoorid, type
    | union
        (cdnresources
        | where type =~ "Microsoft.Cdn/Profiles/CustomDomains"
        | extend matchname= tostring(properties.hostName)
        | extend splitid=split(id, "/")
        | extend frontdoorid=tolower(strcat_array(array_slice(splitid, 0, 8), "/"))
        | project name, id, matchname, frontdoorid, type)
    )
    on matchname
| project
    recommendationId = "9437634c-d69e-2747-b13e-631c13182150",
    name=split(trafficmanager, "/")[-1],
    id=trafficmanager,
    tags,
    param1=strcat("hostname:", matchname),
    param2=strcat("frontdoorid:", frontdoorid)