servers
Summary
Details
Use Active Geo Replication to Create a Readable Secondary in Another Region
Impact: High Category: Disaster Recovery
APRL GUID: 74c2491d-048b-0041-a140-935960220e20
Description:
Active Geo Replication ensures business continuity by utilizing readable secondary database replicas. In case of primary database failure, manually failover to secondary database. Secondaries, up to four, can be in same/different regions, used for read-only access.
Potential Benefits:
Enhanced disaster recovery and read scalability
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// Azure Resource Graph Query
// Provides a list of SQL databases that are not part of Geo Replication.
resources
| where type == "microsoft.sql/servers/databases" and name != "master"
| summarize secondaryTypeCount = countif(isnotempty(properties.secondaryType)) by name
| where secondaryTypeCount == 0
| join kind=inner (
resources
| where type == "microsoft.sql/servers/databases" and name != "master"
) on name
| extend param1 = "Not part of Geo Replication"
| project recommendationId = "74c2491d-048b-0041-a140-935960220e20", name, id, tags, param1
Auto Failover Groups can encompass one or multiple databases, usually used by the same app.
Impact: High Category: Disaster Recovery
APRL GUID: 943c168a-2ec2-a94c-8015-85732a1b4859
Description:
Failover Groups facilitate disaster recovery by configuring databases on one logical server to replicate to another region's logical server. This streamlines geo-replicated database management, offering a single endpoint for connection routing to replicated databases if the primary server fails.
Potential Benefits:
Improves load balancing and disaster recovery
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// Azure Resource Graph Query
// Provides a list of SQL databases that are not configured to use a failover-group.
resources
| where type =~'microsoft.sql/servers/databases' and name !~ "master"
| where isnull(properties['failoverGroupId'])
| project recommendationId = "943c168a-2ec2-a94c-8015-85732a1b4859", name, id, tags, param1= strcat("databaseId=", properties['databaseId'])
Enable zone redundancy for Azure SQL Database to achieve high availability and resiliency
Impact: Medium Category: High Availability
APRL GUID: c0085c32-84c0-c247-bfa9-e70977cbf108
Description:
By default, Azure SQL Database premium tier provisions multiple copies within the same region. For geo redundancy, databases can be set as Zone Redundant, distributing copies across Azure Availability Zones to maintain availability during regional outages.
Potential Benefits:
Enhanced reliability, no extra cost
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// Azure Resource Graph Query
// Finds non-zone redundant SQL databases and lists them
Resources
| where type =~ 'microsoft.sql/servers/databases'
| where location in~ ("australiaeast", "brazilsouth", "canadacentral", "centralindia", "centralus", "eastasia", "eastus", "eastus2", "francecentral", "germanywestcentral", "israelcentral", "italynorth", "japaneast", "japanwest", "koreacentral", "mexicocentral", "newzealandnorth", "northeurope", "norwayeast", "polandcentral", "qatarcentral", "southafricanorth", "southcentralus", "southeastasia", "spaincentral", "swedencentral", "switzerlandnorth", "uaenorth", "uksouth", "westeurope", "westus2", "westus3", "usgovvirginia", "chinanorth3")
| where tolower(tostring(properties.zoneRedundant))=~'false'
|project recommendationId = "c0085c32-84c0-c247-bfa9-e70977cbf108", name, id, tags
Monitor your Azure SQL Database in Near Real-Time to Detect Reliability Incidents
Impact: High Category: Monitoring and Alerting
APRL GUID: 7e7daec9-6a81-3546-a4cc-9aef72fec1f7
Description:
Monitoring and alerting are an important part of database operations. When working with Azure SQL Database, make use of Azure Monitor and SQL Insights to ensure that you capture relevant database metrics.
Potential Benefits:
Quick incident detection and response
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// Azure Resource Graph Query
// Provides a list of SQL databases that are not configured for monitoring.
resources
| where type == "microsoft.insights/metricalerts"
| mv-expand properties.scopes
| mv-expand properties.criteria.allOf
| project databaseid = properties_scopes, monitoredMetric = properties_criteria_allOf.metricName
| where databaseid contains 'databases'
| summarize monitoredMetrics=make_list(monitoredMetric) by databaseid=tolower(tostring(databaseid))
| join kind=fullouter (
resources
| where type =~ 'microsoft.sql/servers/databases'
| project databaseid = tolower(id), name, tags
) on databaseid
| where isnull(monitoredMetrics)
| project recommendationId = "7e7daec9-6a81-3546-a4cc-9aef72fec1f7", name, id=databaseid1, tags, param1=strcat("MonitoringMetrics=false" )
Back Up Your Keys
Impact: Medium Category: Disaster Recovery
APRL GUID: d6ef87aa-574e-584e-a955-3e6bb8b5425b
Description:
It is highly recommended to use Azure Key Vault (AKV) to store encryption keys related to Always Encrypted configurations, however it is not required. If you are not using AKV, then ensure that your keys are properly backed up and stored in a secure manner.
Potential Benefits:
Enhanced security and data recovery
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// cannot-be-validated-with-arg
Use Failover Group endpoints for database connections
Impact: High Category: Disaster Recovery
APRL GUID: de266d8a-a9f3-4cb9-be95-9306001fceea
Description:
When using Failover Groups, it is recommended to connect to the Failover Group endpoint instead of individual database endpoints. This allows for automatic redirection to the secondary database in case of a failover, ensuring high availability.
Potential Benefits:
Enhanced disaster recovery
Learn More:
ARG Query:
Click the Azure Resource Graph tab to view the query
// cannot-be-validated-with-arg