Virtual Machine is not configured for improved SLA

Reliability · Virtual Machine · Rule · 2020_06 · Important

Single instance VMs are a single point of failure, however reliability can be improved by using premium storage.

Description

All VM configurations within Azure offer an SLA. However, the SLA provided and the overall availability of the system varies depending on the configuration.

First, consider performing a Failure Mode Analysis (FMA) of the system. A FMA is the process of analyzing the system to determine the possible failure points.

For Virtual Machines (VMs), running a single instance is often a single point of failure. In many but not all cases, the number of VMs can be increased to add redundancy to the system. Taking advantage of some of the features of Azure can further increase the availability of the system.

• Availability Zones (AZ) - is a physically separate zone, within an Azure region. Each Availability Zone has a distinct power source, network, and cooling.
• Availability Sets - is a logical grouping of VMs that allows Azure to understand how your application is built. By understanding the distinct tiers of the application, Azure can better organize compute and storage to improve availability.
• Premium Solid State Storage (SSD) Disks - high performance block-level storage with three replicas of your data. When you use a mix of storage for OS and data disk attached to your VMs, the SLA is based on the lowest performing disk.

Recommendation

Consider using availability zones/ sets or only premium/ ultra disks to improve SLA.

Examples

Configure with Bicep

To deploy VMs that pass this rule with on of the following:

• Deploy the VM in an Availability Set by specifying properties.availabilitySet.id in code.
• Deploy the VM in an Availability Zone by specifying zones with 1, 2, or 3 in code.
• Deploy the VM using only premium disks for OS and data disks by specifying storageAccountType as Premium_LRS.

For example:

Azure Bicep snippet

resource vm 'Microsoft.Compute/virtualMachines@2024-07-01' = {
  name: name
  location: location
  zones: [
    '1'
  ]
  properties: {
    hardwareProfile: {
      vmSize: 'Standard_D2s_v3'
    }
    osProfile: {
      computerName: name
      adminUsername: adminUsername
      adminPassword: adminPassword
    }
    storageProfile: {
      imageReference: {
        publisher: 'MicrosoftWindowsServer'
        offer: 'WindowsServer'
        sku: sku
        version: 'latest'
      }
      osDisk: {
        name: '${name}-disk0'
        caching: 'ReadWrite'
        createOption: 'FromImage'
        managedDisk: {
          storageAccountType: 'Premium_LRS'
        }
      }
    }
    licenseType: 'Windows_Server'
    networkProfile: {
      networkInterfaces: [
        {
          id: nic.id
        }
      ]
    }
  }
}

Configure with Azure Verified Modules

A pre-validated module supported by Microsoft is available from the Azure Bicep public registry. To reference the module, please use the following syntax:

br/public:avm/res/compute/virtual-machine:<version>

To use the latest version:

br/public:avm/res/compute/virtual-machine:0.9.0

---

• What is Azure Verified Modules?
• Usage and parameters for this module

Configure with Azure template

To deploy VMs that pass this rule with on of the following:

• Deploy the VM in an Availability Set by specifying properties.availabilitySet.id in code.
• Deploy the VM in an Availability Zone by specifying zones with 1, 2, or 3 in code.
• Deploy the VM using only premium disks for OS and data disks by specifying storageAccountType as Premium_LRS.

For example:

Azure Template snippet

{
  "type": "Microsoft.Compute/virtualMachines",
  "apiVersion": "2024-07-01",
  "name": "[parameters('name')]",
  "location": "[parameters('location')]",
  "zones": [
    "1"
  ],
  "properties": {
    "hardwareProfile": {
      "vmSize": "Standard_D2s_v3"
    },
    "osProfile": {
      "computerName": "[parameters('name')]",
      "adminUsername": "[parameters('adminUsername')]",
      "adminPassword": "[parameters('adminPassword')]"
    },
    "storageProfile": {
      "imageReference": {
        "publisher": "MicrosoftWindowsServer",
        "offer": "WindowsServer",
        "sku": "[parameters('sku')]",
        "version": "latest"
      },
      "osDisk": {
        "name": "[format('{0}-disk0', parameters('name'))]",
        "caching": "ReadWrite",
        "createOption": "FromImage",
        "managedDisk": {
          "storageAccountType": "Premium_LRS"
        }
      }
    },
    "licenseType": "Windows_Server",
    "networkProfile": {
      "networkInterfaces": [
        {
          "id": "[resourceId('Microsoft.Network/networkInterfaces', parameters('nicName'))]"
        }
      ]
    }
  },
  "dependsOn": [
    "[resourceId('Microsoft.Network/networkInterfaces', parameters('nicName'))]"
  ]
}

Links

• RE:04 Target metrics
• Virtual Machine SLA
• Availability options for Azure Virtual Machines
• Azure deployment reference

Comments