Azure Proactive Resiliency Library v2
Tools Glossary GitHub GitHub Issues Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

servers

Summary

RecommendationImpactCategoryAutomation AvailablePG Verified
Use Active Geo Replication to Create a Readable Secondary in Another RegionHighDisaster RecoveryYesVerified
Auto Failover Groups can encompass one or multiple databases, usually used by the same app.HighDisaster RecoveryYesVerified
Enable zone redundancy for Azure SQL Database to achieve high availability and resiliencyMediumHigh AvailabilityYesVerified
Implement Retry LogicHighHigh AvailabilityNoVerified
Monitor your Azure SQL Database in Near Real-Time to Detect Reliability IncidentsHighMonitoring and AlertingYesVerified
Back Up Your KeysMediumDisaster RecoveryNoVerified
Use Failover Group endpoints for database connectionsHighDisaster RecoveryNoPreview

Details

Use Active Geo Replication to Create a Readable Secondary in Another Region

Impact:  High Category:  Disaster Recovery PG Verified:  Verified

APRL GUID:  74c2491d-048b-0041-a140-935960220e20

Description:

Active Geo Replication ensures business continuity by utilizing readable secondary database replicas. In case of primary database failure, manually failover to secondary database. Secondaries, up to four, can be in same/different regions, used for read-only access.

Potential Benefits:

Enhanced disaster recovery and read scalability
Learn More:
Active Geo Replication

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// Provides a list of SQL databases that are not part of Geo Replication.
resources
| where type == "microsoft.sql/servers/databases"
| summarize secondaryTypeCount = countif(isnotempty(properties.secondaryType)) by name
| where secondaryTypeCount == 0
| join kind=inner (
    Resources
    | where type == "microsoft.sql/servers/databases"
) on name
| extend param1 = "Not part of Geo Replication"
| project recommendationId = "74c2491d-048b-0041-a140-935960220e20", name, id, tags, param1

Auto Failover Groups can encompass one or multiple databases, usually used by the same app.

Impact:  High Category:  Disaster Recovery PG Verified:  Verified

APRL GUID:  943c168a-2ec2-a94c-8015-85732a1b4859

Description:

Failover Groups facilitate disaster recovery by configuring databases on one logical server to replicate to another region's logical server. This streamlines geo-replicated database management, offering a single endpoint for connection routing to replicated databases if the primary server fails.

Potential Benefits:

Improves load balancing and disaster recovery
Learn More:
AutoFailover Groups
DR Design

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// Provides a list of SQL databases that are not configured to use a failover-group.
resources
| where type =~'microsoft.sql/servers/databases'
| where isnull(properties['failoverGroupId'])
| project recommendationId = "943c168a-2ec2-a94c-8015-85732a1b4859", name, id, tags, param1= strcat("databaseId=", properties['databaseId'])

Enable zone redundancy for Azure SQL Database to achieve high availability and resiliency

Impact:  Medium Category:  High Availability PG Verified:  Verified

APRL GUID:  c0085c32-84c0-c247-bfa9-e70977cbf108

Description:

By default, Azure SQL Database premium tier provisions multiple copies within the same region. For geo redundancy, databases can be set as Zone Redundant, distributing copies across Azure Availability Zones to maintain availability during regional outages.

Potential Benefits:

Enhanced reliability, no extra cost
Learn More:
Zone Redundant Databases

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// Finds non-zone redundant SQL databases and lists them
Resources
| where type =~ 'microsoft.sql/servers/databases'
| where location in~ ("australiaeast", "brazilsouth", "canadacentral", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "germanywestcentral", "israelcentral", "italynorth", "japaneast", "japanwest", "koreacentral", "mexicocentral", "newzealandnorth", "northeurope", "norwayeast", "polandcentral", "qatarcentral", "southafricanorth", "southcentralus", "southeastasia", "spaincentral", "swedencentral", "switzerlandnorth", "uaenorth", "uksouth", "westeurope", "westus2", "westus3", "usgovvirginia", "chinanorth3")
| where tolower(tostring(properties.zoneRedundant))=~'false'
|project recommendationId = "c0085c32-84c0-c247-bfa9-e70977cbf108", name, id, tags

Implement Retry Logic

Impact:  High Category:  High Availability PG Verified:  Verified

APRL GUID:  cbb17a29-64fb-c943-95d0-8df814a37c40

Description:

During transient failures, the application should handle connection retries effectively with Azure SQL Database. No Database layer configuration is needed; instead, the application must be set up for graceful retrying.

Potential Benefits:

Enhanced connectivity stability
Learn More:
How to Implement Retry Logic

ARG Query:

Click the Azure Resource Graph tab to view the query

// cannot-be-validated-with-arg

Monitor your Azure SQL Database in Near Real-Time to Detect Reliability Incidents

Impact:  High Category:  Monitoring and Alerting PG Verified:  Verified

APRL GUID:  7e7daec9-6a81-3546-a4cc-9aef72fec1f7

Description:

Monitoring and alerting are an important part of database operations. When working with Azure SQL Database, make use of Azure Monitor and SQL Insights to ensure that you capture relevant database metrics.

Potential Benefits:

Quick incident detection and response
Learn More:
Azure Monitor
Azure SQL Database Monitoring
Monitoring SQL Database Reference

ARG Query:

Click the Azure Resource Graph tab to view the query

// Azure Resource Graph Query
// Provides a list of SQL databases that are not configured for monitoring.
resources
| where type == "microsoft.insights/metricalerts"
| mv-expand properties.scopes
| mv-expand properties.criteria.allOf
| project databaseid = properties_scopes, monitoredMetric = properties_criteria_allOf.metricName
| where databaseid contains 'databases'
| summarize monitoredMetrics=make_list(monitoredMetric) by databaseid=tolower(tostring(databaseid))
| join kind=fullouter   (
  resources
  | where type =~ 'microsoft.sql/servers/databases'
  | project databaseid = tolower(id), name, tags
) on databaseid
| where isnull(monitoredMetrics)
| project recommendationId = "7e7daec9-6a81-3546-a4cc-9aef72fec1f7", name, id=databaseid1, tags, param1=strcat("MonitoringMetrics=false" )

Back Up Your Keys

Impact:  Medium Category:  Disaster Recovery PG Verified:  Verified

APRL GUID:  d6ef87aa-574e-584e-a955-3e6bb8b5425b

Description:

It is highly recommended to use Azure Key Vault (AKV) to store encryption keys related to Always Encrypted configurations, however it is not required. If you are not using AKV, then ensure that your keys are properly backed up and stored in a secure manner.

Potential Benefits:

Enhanced security and data recovery
Learn More:
Azure Key Vault
Getting Started with Always Encrypted

ARG Query:

Click the Azure Resource Graph tab to view the query

// cannot-be-validated-with-arg

Use Failover Group endpoints for database connections

Impact:  High Category:  Disaster Recovery PG Verified:  Preview

APRL GUID:  de266d8a-a9f3-4cb9-be95-9306001fceea

Description:

When using Failover Groups, it is recommended to connect to the Failover Group endpoint instead of individual database endpoints. This allows for automatic redirection to the secondary database in case of a failover, ensuring high availability.

Potential Benefits:

Enhanced disaster recovery
Learn More:
Failover Group endpoint redirection

ARG Query:

Click the Azure Resource Graph tab to view the query

// cannot-be-validated-with-arg