Azure Guidance Report
In the coming months, the Cost and Security recommendations in Site24x7 Guidance Report will be available only in ManageEngine CloudSpend as Recommendation Reports. If you use both Site24x7 and CloudSpend, you can continue to get these recommendations from CloudSpend > Reports > Recommendations Reports. If you have not subscribed to CloudSpend and want to keep getting these recommendations, you can get started with CloudSpend now.
Get a set of best practice checks to optimize costs, increase performance, and reliability of your Azure services. These recommendations are grouped based on three priority levels: High, Moderate, and Low.
Metrics-based practices will be calculated with the data collected during the Azure monitor's data collection. For the other practices, on-demand Azure API calls will be made and checked if the data is in line with the practice.
Best Practice Checks
Azure Virtual Machine (VM)
1. Idle VM
Priority:
High
Baseline:
A VM is deemed idle by analyzing its CPU utilization, memory usage, network in, network out and disk usage patterns. An Azure VM is deemed under-utilized if it meets one or more of the following criteria:
- The average daily CPU usage is less than 2% for the last seven days.
- The average daily memory usage is less than 30% for the last seven days (applicable only if the agent extension is deployed on the Azure VM).
- The average daily VM Uncached IOPS Consumed Percentage is less than 10% for the last seven days.
- The average daily VM Uncached Bandwidth Consumed Percentage is less than 10% for the last seven days.
- The total number of bytes transmitted and received on all network interfaces is less than 1000 bytes by default.
Recommendation:
In Azure, you’re billed for even the partial hours taken by your idle VMs. To reduce associated costs, consider stopping/terminating VMs or scale down the VM size.
Site24x7 monitors for all the cases mentioned above and provides suggestions for cost optimization so that you can identify and stop under-utilized instances using the Guidance Report. The Instance Type recommendations for Azure VM displays the Current Instance Type and recommend Suggested Instance Type that you can downgrade to, for cost optimization.
2. High usage of VM
Priority:
High
Baseline:
An Azure VM is deemed over-utilized if it meets one or more of the following criteria:
- The average daily CPU usage is more than 90% for the last seven days.
- The average daily memory usage is more than 90% for the last seven days (applicable only if the agent extension is deployed on the Azure VM).
- The average daily VM Uncached IOPS Consumed Percentage is more than 95% for the last seven days.
- The average daily VM Uncached Bandwidth Consumed Percentage is more than 95% for the last seven days.
Recommendation:
Change the VM size or add the VM to a VM Scale Set group.
Site24x7 monitors for all the cases mentioned above and provides suggestions for increasing efficiency and performance so that you can identify and stop highly utilized instances using the Guidance Report. The Instance Type recommendations for Azure VM displays the Current Instance Type and recommend Suggested Instance Type that you can upgrade to, for better performance and efficiency.
3. User-defined tags for VMs
Priority:
High
Baseline:
Assign metadata in the form of tags (key-value pair) to better track and manage instances, images, and VM Scale Set groups.
Recommendation:
Create a tagging strategy adhering to Azure best practices.
4. High I/O intensity VMs
Priority:
High
Baseline:
I/O intensive workloads with lower state disks will significantly affect VM performance.
Recommendation:
Migrate any VM disks requiring high IOPS to premium storage.
5. Under-utilized VMs
Priority:
Moderate
Baseline:
A VM is deemed under-utilized if its CPU usage is less than 2% for the past 48 hrs.
Recommendation:
In Azure, you are billed based on the instance type and the number of consumed hours. Lower costs by identifying and stopping under-utilized VMs.
6. Auto-shutdown resources with 'environment: testing, env: testing' tag
Priority:
Moderate
Baseline:
Delete VMs created for testing and other internal activities, to reduce incurring costs.
Recommendation:
Remove the VMs added for testing and that are running for more than a week's time. You can also create Spot VMs for testing and other workloads.
7. VMs not attached to Availability Set Group
Priority:
Low
Baseline:
VMs within an availability set helps to keep the overall VM performance operational, when a hardware or software failure happens, with only a subset of your VMs being impacted.
Recommendation:
Create an availability set for the VM.
8. Auto-delete test VMs
Priority:
Medium
Baseline:
Delete VMs created for testing and other internal activities to reduce the incurring costs.
Recommendation:
Remove the VMs added for testing and that have been running for more than a week's time.
9. VMs with no tags
Priority:
High
Baseline:
Assign metadata in the form of tags (key-value pair) to track and manage the instances, images, and VM Scale Sets groups.
Recommendation:
Create a tagging strategy adhering to Azure's best practices.
10. VMs not backed up
Priority:
High
Baseline:
Backing up VMs in Azure protects their data, ensures business continuity, enables point-in-time disaster recovery, and paves the way for centralized management and scalability.
Recommendation:
Backup Azure VMs for comprehensive data protection and to ensure that your data and applications are safe, compliant, and available when you need them.
Azure Public IP Address
1. Unmapped Public IP Address
Priority:
High
Baseline:
Hide the failure of an instance or resource by disassociating the IP address from the resource and remapping to a different one in the same account.
Recommendation:
A small hourly fee gets levied on unused addresses. So, either associate the public IP address with an active instance/interface or delete it.
Azure App Service Plan
1. Scale in less-used App Service Plan
Priority:
High
Baseline:
Stop paying more for under-used App Service Plans.
Recommendation:
Scale in the instances to reduce costs.
2. App Service consuming more than 80% average memory
Priority:
High
Baseline:
High memory usage may degrade the performance of applications running on the App Service Plan. Consider increasing the plan to increase the memory limit.
Recommendation:
Scale up the plan to improve the performance.
3. App Service consuming more than 80% CPU time
Priority:
High
Baseline:
High CPU usage may degrade the performance of applications running on the App Service Plan. Consider increasing the plan to increase the CPU limit.
Recommendation:
Scale up the plan to improve the performance.
4. Less than 5% site count usage for App Service Plan
Priority:
High
Baseline:
If the number of sites used is less than 5% of the allowed number of sites, then we consider it as under-utilized.
Recommendation:
Move the apps to a different App Service Plan and remove this to save costs.
Azure App Services
1. App Services with high response time
Priority:
High
Baseline:
Slow is the new down. An App Service with high response time will affect your business. Keep track of the App Services that start behaving slowly for the last one week.
Recommendation:
Probe your application further using APM and find the modules/resources that are causing problems.
2. App Services with more number of 5xx error codes
Priority:
High
Baseline:
An App Service that is error-prone indicates some part/module is failing and thus affecting business.
Recommendation:
Reduce the error response by proper error handling mechanisms and rectify the error modules.
3. Auth-disabled App Services
Priority:
High
Baseline:
Authentication-disabled App Services allow anonymous entry and users will not be prompted to login.
Recommendation:
Enable authentication to avoid anonymous access.
4. Backups are not enabled for some App Services
Priority:
High
Baseline:
Azure Backup will help to recover the App Services in case of any failure.
Recommendation:
Enable backup for the Azure App Service.
5. App Services with no tags
Priority:
High
Baseline:
Manage Azure resources more easily with tags. Untagged resources may sometimes go unnoticed and are difficult to manage.
Recommendation:
Tag the Azure resources with appropriate key-value pairs to ease management.
Azure Function App
1. Publicly accessible Azure Functions
Priority:
High
Baseline:
Azure Functions are charged based on the number of requests, and a request is any response to an event notification or invoke call. Allowing unauthorized executions can lead to unexpected charges on your subscriptions.
Recommendation:
Use Azure function login policies to manage invocation permissions.
Azure Logic Apps
1. Retry Policy not configured
Priority:
Medium
Baseline:
Use a Retry Policy in any supported action or trigger. A retry policy specifies whether and how the action retries a request when the original request times out or fails.
Recommendation:
Set up a Retry Policy to automate error handling and recovery in your Logic Apps.
2. Implement IP address restriction
Priority:
Medium
Baseline:
Restricting IP addresses enables the option to prevent requests except a specific IP address for particular API management service instances.
Recommendation:
Set Restricting Policies to make your workflows secure and compliant with the necessary regulations and standards. Setting a restricting policy adds further security to your Logic Apps by restricting or allowing specific IP addresses.
Azure Synapse Analytics
1. Auto-pause all Synapse Pools and keep your subscription costs under control
Priority:
Medium
Baseline:
Auto-pause releases and shuts down unused compute resources after a set idle period of inactivity.
Recommendation:
Enable Auto-pause to reduce costs and ensure that the resources are not used when inactive.
2. Synapse autoscale disabled
Priority:
Medium
Baseline:
The Autoscale feature automatically scales the number of nodes in a cluster instance up and down.
Recommendation:
Enable Autoscale to improve performance during periods of high demand and reduce cost during periods of low demand.
Azure Network Interface
1. Unused Network Interface
Priority:
Medium
Baseline:
Network Interface(s) found serving no active purpose.
Recommendation:
You could either utilize the Network Interface(s) or delete them.
Azure Load Balancer
1. Unused Load Balancer
Priority:
Medium
Baseline:
Load Balancer(s) found serving no active purpose.
Recommendation:
You could either utilize the Load Balancer(s) or delete them.
2. Add Health Probes
Priority:
Medium
Baseline:
Health Probes are used to detect the backend point's health status.
Recommendation:
We recommend adding Health Probes to detect the application's failure and improve its performance.
Azure Application Gateway
1. Unused Application Gateway
Priority:
Medium
Baseline:
Application Gateway(s) found serving no active purpose.
Recommendation:
You could either utilize the Application Gateway(s) or delete them.
Azure Storage Account
1. Public access for Storage Account
Priority:
High
Baseline:
Storage account(s) found with public access.
Recommendation:
We recommend switching to a private endpoint and denying public access for security reasons.
Azure Disk
1. Unattached Disk
Priority:
Medium
Baseline:
Disk(s) found serving no active purpose.
Recommendation:
You could either utilize the unattached Disk(s) or delete them.
FAQs
- Is the Azure Guidance Report available to all users?
- How frequently is the Azure Guidance Report updated?
- Will newly monitored resources show up automatically in the Azure Guidance Report?
- How does Site24x7 collect the data required to make the recommendations in the Azure Guidance report?
- How can I access the Azure Guidance Report?
- Can I schedule the Azure Guidance report and receive email notifications for the same?
- Can I see past recommendations/best practices in the Site24x7 web client?
- Limitations of Azure guidance report