Azure Proactive Resiliency Library v2
Tools Glossary GitHub GitHub Issues Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

Azure VMware Solution

Dependent Azure Resource Recommendations

RecommendationProvider NamespaceResource Type
Configure Azure Service Health notifications and alerts for Azure VMware SolutionAVSprivateClouds
Monitor when Azure VMware Solution Private Cloud is reaching the capacity limitAVSprivateClouds
Monitor when Azure VMware Solution Cluster Size is approaching the host limitAVSprivateClouds
Enable Stretched Clusters for Multi-AZ Availability of the vSAN DatastoreAVSprivateClouds
Configure Azure Monitor Alert warning thresholds for vSAN datastore utilizationAVSprivateClouds
Configure Syslog in Diagnostic Settings for Azure VMware SolutionAVSprivateClouds
Monitor CPU Utilization to ensure sufficient resources for workloadsAVSprivateClouds
Monitor Memory Utilization to ensure sufficient resources for workloadsAVSprivateClouds
Apply Resource delete lock on the resource group hosting the private cloudAVSprivateClouds
Use key autorotation for vSAN datastore customer-managed keysAVSprivateClouds
Use multiple DNS servers per private FQDN zoneAVSprivateClouds
For better data path performance enable FastPath on ExpressRoute Direct and GatewayNetworkconnections
Configure an Azure Resource Lock on connections to prevent accidental deletionNetworkconnections
Configure an Azure Resource lock for ExpressRoute Gateway to prevent accidental deletionNetworkvirtualNetworkGateways
Monitor gateway healthNetworkvirtualNetworkGateways
Configure customer-controlled gateway maintenanceNetworkvirtualNetworkGateways

General Workload Guidance

Summary

RecommendationImpactCategoryAutomation AvailablePG Verified
Use the AVS Interconnect feature to connect private clouds in different availability zonesHighHigh AvailabilityNoVerified
Integrate LDAPS Identity with dual sources for enhanced NSX and vCenter securityHighSecurityNoVerified
Use HCX Network Extension High AvailabilityHighHigh AvailabilityNoVerified
Verify Management Networks are not extended with HCX Network ExtensionHighOther Best PracticesNoVerified
Verify vSAN FTT configuration aligns with the cluster sizeHighHigh AvailabilityNoVerified
Align ExpressRoute configuration with best practices for circuit resilienceHighHigh AvailabilityNoVerified
Deploy two or more circuits in different peering locations when using stretched clustersHighHigh AvailabilityNoVerified
Deploy dual Azure VMware Solution clouds in different regions for disaster recoveryHighDisaster RecoveryNoVerified

Details

Use the AVS Interconnect feature to connect private clouds in different availability zones

Impact:  High Category:  High Availability PG Verified:  Verified

APRL GUID:  726abfe3-adae-4a6d-8eb8-4b27a7214ca1

Description:

Use the Interconnect feature for direct communication between private clouds in different availability zones, enabling connectivity between the private clouds management and workload networks.

Potential Benefits:

Enhanced private cloud connectivity
Learn More:
Connect Private Clouds in the same region

ARG Query:

Click the Azure Resource Graph tab to view the query

// cannot-be-validated-with-arg

Integrate LDAPS Identity with dual sources for enhanced NSX and vCenter security

Impact:  High Category:  Security PG Verified:  Verified

APRL GUID:  c2794660-ffd7-4da3-96ba-5d546b70b1c6

Description:

Ensure two external identity sources are configured for NSX and vCenter Server. The VMware vCenter Server and NSX Manager use these for authentication with external identities.

Potential Benefits:

Continuous login access during maintenances
Learn More:
Set an external identity source for vCenter
Set an external identity for NSX-T

ARG Query:

Click the Azure Resource Graph tab to view the query

// cannot-be-validated-with-arg

Use HCX Network Extension High Availability

Impact:  High Category:  High Availability PG Verified:  Verified

APRL GUID:  bce16eee-0933-4baa-ab4d-8d1bb5653fc2

Description:

Enable Network Extension High Availability for appliance failure tolerance in HCX service. It pairs selected appliances for Active Standby configuration, ensuring high availability and quick recovery, keeping configurations in-service despite failures.

Potential Benefits:

Improves HCX service continuity
Learn More:
HCX Network extension high availability
Understanding Network Extension High Availability

ARG Query:

Click the Azure Resource Graph tab to view the query

// cannot-be-validated-with-arg

Verify Management Networks are not extended with HCX Network Extension

Impact:  High Category:  Other Best Practices PG Verified:  Verified

APRL GUID:  6be9a543-cf82-4926-82ea-7e1f1ffaad80

Description:

Do not extend the network used by the HCX Management devices to ensure the network's security and stability.

Potential Benefits:

Enhanced network safety and performance
Learn More:
Requirements for Network Extension

ARG Query:

Click the Azure Resource Graph tab to view the query

// cannot-be-validated-with-arg

Verify vSAN FTT configuration aligns with the cluster size

Impact:  High Category:  High Availability PG Verified:  Verified

APRL GUID:  0943aa90-e3db-4c61-aef1-782b6a6a3881

Description:

The Azure VMware Solution's service SLA is influenced by vSAN storage policies, which change based on cluster size. For clusters over 6 hosts, an FTT-2 policy (RAID-1 or RAID-6) is advised. FTT refers to the Fault Tolerance feature.

Potential Benefits:

Enhanced cluster reliability
Learn More:
Use fault domains
Configure storage policy

ARG Query:

Click the Azure Resource Graph tab to view the query

// cannot-be-validated-with-arg

Align ExpressRoute configuration with best practices for circuit resilience

Impact:  High Category:  High Availability PG Verified:  Verified

APRL GUID:  6f573d60-be93-4f18-8016-42e923e3c05e

Description:

Microsoft suggests using two or more ExpressRoute circuits at distinct peering locations for critical workloads. Connect these circuits and your Azure VMware Solutions private clouds using Global Reach.

Potential Benefits:

Enhanced circuit resilience for Azure VMware
Learn More:
APRL guidance for ExpressRoute circuits
Create a new ExpressRoute circuit

ARG Query:

Click the Azure Resource Graph tab to view the query

// cannot-be-validated-with-arg

Deploy two or more circuits in different peering locations when using stretched clusters

Impact:  High Category:  High Availability PG Verified:  Verified

APRL GUID:  91c84596-1c41-48fe-8d5e-3f817e6a273b

Description:

Azure VMware Solution vSAN stretched clusters cover 2 Availability Zones plus a third for witness. Use ExpressRoute for added resilience by deploying two circuits in different locations. With Global Reach, create a mesh topology by connecting on-premises circuits to Azure's managed circuits.

Potential Benefits:

Enhanced resilience and connectivity
Learn More:
Deploy vSAN streched cluster

ARG Query:

Click the Azure Resource Graph tab to view the query

// cannot-be-validated-with-arg

Deploy dual Azure VMware Solution clouds in different regions for disaster recovery

Impact:  High Category:  Disaster Recovery PG Verified:  Verified

APRL GUID:  bdac462a-2eda-4a67-887d-46d58f141afe

Description:

Two Azure VMware Solution private clouds can be deployed in different regions for business continuity, implementing a mesh network topology based on ExpressRoute Gateway Connections and Global Reach Connections.

Potential Benefits:

Enhanced disaster recovery
Learn More:
Private Clouds in two regions
Dual Region Network Topology

ARG Query:

Click the Azure Resource Graph tab to view the query

// cannot-be-validated-with-arg