trafficManagerProfiles
Summary
Details
Traffic Manager Monitor Status Should be Online
Impact: High Category: High Availability PG Verified: Verified
APRL GUID: f05a3e6d-49db-2740-88e2-2b13706c1f67
Description:
Monitor status should be online to ensure failover for application workload. If Traffic Manager's health shows Degraded, one or more endpoints may also be Degraded.
Potential Benefits:
Ensures failover functionality
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// Azure Resource Graph Query
// Find traffic manager profiles that have an endpoint monitor status of not 'Online'
resources
| where type == "microsoft.network/trafficmanagerprofiles"
| mv-expand properties.endpoints
| where properties_endpoints.properties.endpointMonitorStatus != "Online"
| project recommendationId = "f05a3e6d-49db-2740-88e2-2b13706c1f67", name, id, tags, param1 = strcat('Profile name: ',properties_endpoints.name), param2 = strcat('endpointMonitorStatus: ', properties_endpoints.properties.endpointMonitorStatus)
Traffic manager profiles should have more than one endpoint
Impact: Medium Category: High Availability PG Verified: Verified
APRL GUID: 5b422a7f-8caa-3d48-becb-511599e5bba9
Description:
When configuring the Azure traffic manager, provision at least two endpoints to ensure workloads can fail-over to another instance, enhancing reliability and availability.
Potential Benefits:
Enhances failover capabilities
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// Azure Resource Graph Query
// Find traffic manager profiles that have less than 2 endpoints
resources
| where type == "microsoft.network/trafficmanagerprofiles"
| where array_length(properties.endpoints) < 2
| project recommendationId = "5b422a7f-8caa-3d48-becb-511599e5bba9", name, id, tags, param1 = strcat('EndpointCount: ', array_length(properties.endpoints))
Configure at least one endpoint within a another region
Impact: Medium Category: Disaster Recovery PG Verified: Verified
APRL GUID: 1ad9d7b7-9692-1441-a8f4-93792efbe97a
Description:
Profiles should have multiple endpoints to ensure availability in case an endpoint fails. It's also advised to distribute these endpoints across different regions for enhanced reliability.
Potential Benefits:
Enhances availability across regions
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// cannot-be-validated-with-arg
Ensure endpoint configured to (All World) for geographic profiles
Impact: High Category: Disaster Recovery PG Verified: Verified
APRL GUID: c31f76a0-48cd-9f44-aa43-99ee904db9bc
Description:
For geographic routing, traffic is directed to endpoints based on specific regions. If a region fails, without a predefined failover, configuring an endpoint to "All (World)" for geographic profiles can prevent traffic black holes, ensuring service remains available.
Potential Benefits:
Avoids traffic black holing, ensures availability
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// Azure Resource Graph Query
// Provides a list of Traffic Manager resources that are not confirgured for all-World access
Resources
| where type == 'microsoft.network/trafficmanagerprofiles'
| where properties.trafficRoutingMethod =~ "Geographic"
| extend endpoints = properties.endpoints
| mv-expand endpoint = endpoints
| where endpoint.properties.geoMapping !contains "WORLD"
| extend endpointName = endpoint.name
| project recommendationId="c31f76a0-48cd-9f44-aa43-99ee904db9bc", name, id, tags, param1=strcat("endpointName:",endpointName), param2=strcat("GeoMapping:", tostring(endpoint.properties.geoMapping))