Azure Proactive Resiliency Library v2
Tools Glossary GitHub GitHub Issues Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

servers

Summary

RecommendationImpactCategoryAutomation AvailableIn Azure Advisor
Enable zone redundancy for Azure SQL Database to achieve high availability and resiliencyHighHigh AvailabilityYesYes
Monitor your Azure SQL Database in Near Real-Time to Detect Reliability IncidentsHighMonitoring and AlertingYesNo
Back Up Your KeysMediumDisaster RecoveryNoNo
Use Failover Group endpoints for database connectionsHighDisaster RecoveryNoNo

Details


Enable zone redundancy for Azure SQL Database to achieve high availability and resiliency

Impact:  High Category:  High Availability

APRL GUID:  c0085c32-84c0-c247-bfa9-e70977cbf108

Description:

By default, Azure SQL Database premium tier provisions multiple copies within the same region. For geo redundancy, databases can be set as Zone Redundant, distributing copies across Azure Availability Zones to maintain availability during regional outages.

Potential Benefits:

Enhanced reliability, no extra cost
Learn More:
Zone Redundant Databases

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// Finds non-zone redundant SQL databases and lists them
Resources
| where type =~ 'microsoft.sql/servers/databases'
| where location in~ ("australiaeast", "brazilsouth", "canadacentral", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "germanywestcentral", "israelcentral", "italynorth", "japaneast", "japanwest", "koreacentral", "mexicocentral", "newzealandnorth", "northeurope", "norwayeast", "polandcentral", "qatarcentral", "southafricanorth", "southcentralus", "southeastasia", "spaincentral", "swedencentral", "switzerlandnorth", "uaenorth", "uksouth", "westeurope", "westus2", "westus3", "usgovvirginia", "chinanorth3")
| where tolower(tostring(properties.zoneRedundant))=~'false'
|project recommendationId = "c0085c32-84c0-c247-bfa9-e70977cbf108", name, id, tags




Monitor your Azure SQL Database in Near Real-Time to Detect Reliability Incidents

Impact:  High Category:  Monitoring and Alerting

APRL GUID:  7e7daec9-6a81-3546-a4cc-9aef72fec1f7

Description:

Monitoring and alerting are an important part of database operations. When working with Azure SQL Database, make use of Azure Monitor and SQL Insights to ensure that you capture relevant database metrics.

Potential Benefits:

Quick incident detection and response
Learn More:
Azure Monitor
Azure SQL Database Monitoring
Monitoring SQL Database Reference

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// Provides a list of SQL databases that are not configured for monitoring.
resources
| where type == "microsoft.insights/metricalerts"
| mv-expand properties.scopes
| mv-expand properties.criteria.allOf
| project databaseid = properties_scopes, monitoredMetric = properties_criteria_allOf.metricName
| where databaseid contains 'databases'
| summarize monitoredMetrics=make_list(monitoredMetric) by databaseid=tolower(tostring(databaseid))
| join kind=fullouter   (
  resources
  | where type =~ 'microsoft.sql/servers/databases'
  | project databaseid = tolower(id), name, tags
) on databaseid
| where isnull(monitoredMetrics)
| project recommendationId = "7e7daec9-6a81-3546-a4cc-9aef72fec1f7", name, id=databaseid1, tags, param1=strcat("MonitoringMetrics=false" )



Back Up Your Keys

Impact:  Medium Category:  Disaster Recovery

APRL GUID:  d6ef87aa-574e-584e-a955-3e6bb8b5425b

Description:

It is highly recommended to use Azure Key Vault (AKV) to store encryption keys related to Always Encrypted configurations, however it is not required. If you are not using AKV, then ensure that your keys are properly backed up and stored in a secure manner.

Potential Benefits:

Enhanced security and data recovery
Learn More:
Azure Key Vault
Getting Started with Always Encrypted

ARG Query:

Click the Azure Resource Graph tab to view the query

// cannot-be-validated-with-arg



Use Failover Group endpoints for database connections

Impact:  High Category:  Disaster Recovery

APRL GUID:  de266d8a-a9f3-4cb9-be95-9306001fceea

Description:

When using Failover Groups, it is recommended to connect to the Failover Group endpoint instead of individual database endpoints. This allows for automatic redirection to the secondary database in case of a failover, ensuring high availability.

Potential Benefits:

Enhanced disaster recovery
Learn More:
Failover Group endpoint redirection

ARG Query:

Click the Azure Resource Graph tab to view the query

// cannot-be-validated-with-arg