Traffic Manager
The presented resiliency recommendations in this guidance include Azure Traffic Manager and associated settings.
Summary of Recommendations
| Recommendation | Category | Impact | State | ARG Query Available |
|---|---|---|---|---|
| TRAF-1 - Traffic Manager Monitor Status Should be Online | Availability | High | Preview | Yes |
| TRAF-2 - Traffic manager profiles should have more than one endpoint | Availability | High | Preview | Yes |
| TRAF-3 - Configure at least one endpoint within a another region | Disaster Recovery | Medium | Preview | No |
| TRAF-5 - Ensure endpoint configured to (All World) for geographic profiles | Disaster Recovery | Medium | Preview | No |
Recommendations Details
TRAF-1 - Traffic Manager Monitor Status Should be Online
Category: Availability
Impact: High
Guidance
Monitor status should be online to provide the failover for application workload. If the health of your Traffic Manager displays a Degraded status, then the status of one or more endpoints may be Degraded.
Resources
- Azure Traffic Manager endpoint monitoring
- Enable or disable health checks
- Troubleshooting degraded state on Azure Traffic Manager
Resource Graph Query
// Azure Resource Graph Query
// Find traffic manager profiles that have an endpoint monitor status of not 'Online'
resources
| where type == "microsoft.network/trafficmanagerprofiles"
| mv-expand properties.endpoints
| where properties_endpoints.properties.endpointMonitorStatus != "Online"
| project recommendationId = "traf-1", name, id, tags, param1 = strcat('Profile name: ',properties_endpoints.name), param2 = strcat('endpointMonitorStatus: ', properties_endpoints.properties.endpointMonitorStatus)
TRAF-2 - Traffic manager profiles should have more than one endpoint
Category: Availability
Impact: High
Guidance
When configuring the Azure traffic manager, you should provision minimum of two endpoints to fail-over the workload to a another instance.
Resources
Resource Graph Query
// Azure Resource Graph Query
// Find traffic manager profiles that have less than 2 endpoints
resources
| where type == "microsoft.network/trafficmanagerprofiles"
| where array_length(properties.endpoints) < 2
| project recommendationId = "traf-2", name, id, tags, param1 = strcat('EndpointCount: ', array_length(properties.endpoints))
TRAF-3 - Configure at least one endpoint within a another region
Category: Disaster Recovery
Impact: Medium
Guidance
Profiles should have more than one endpoint to ensure availability if one of the endpoints fails. It is also recommended that endpoints be in different regions.
Resources
Resource Graph Query
// cannot-be-validated-with-arg
TRAF-5 - Ensure endpoint configured to (All World) for geographic profiles
Category: Disaster Recovery
Impact: Medium
Guidance
For geographic routing, traffic is routed to endpoints based on defined regions. When a region fails, there is no pre-defined failover. Having an endpoint where the Regional Grouping is configured to “All (World)” for geographic profiles will avoid traffic black holing and guarantee service remains available.
Resources
- Add an endpoint configured to “All (World)”
- Traffic Manager profile - GeographicProfile (Add an endpoint configured to ““All (World)””).
Resource Graph Query
// under-development