Skip to content

Commit

Permalink
Merge branch 'Azure:main' into dev-alz-pattern
Browse files Browse the repository at this point in the history
  • Loading branch information
@ymehdimsft
ymehdimsft authored Dec 18, 2024
2 parents 5df0575 + 8dbebda commit 32de045
Show file tree
Hide file tree
Showing 7 changed files with 265 additions and 121 deletions.
42 changes: 26 additions & 16 deletions docs/content/patterns/alz/HowTo/deploy/Deploy-via-Azure-Portal-UI.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,24 +27,44 @@ weight: 30

## Management Groups Settings Blade

- Change the values on the Management Groups Settings blade to the following instructions:
![Management Groups Settings Blade](../../../media/PortalAccelerator/MGSettings.png)

![Management Groups Settings Blade](../../../media/PortalAccelerator/MGSettings.png)
</br>

In the Management Groups Settings blade, change the value of the policy set definitions you would like to enable according to the following instructions:

- Set the value of _`Enable AMBA Service Health`_ to _`Yes`_. This initiative deploys Azure Monitor Baseline Alerts to monitor Service Health Events such as Service issues, Planned maintenance, Health advisories, Security advisories, and Resource health together with action groups for Service Health alerts notifications.
- Change the value of _`Enable AMBA Connectivity`_ to _`Yes`_. This initiative deploys Azure Monitor Baseline Alerts to monitor Network components such as Azure Firewalls, ExpressRoute, VPN, and Private DNS Zones.
- Change the value of _`Enable AMBA Identity`_ to _`Yes`_. This initiative deploys Azure Monitor Baseline Alerts to monitor Identity services such as Key Vaults, Managed HSMs.
- Change the value of _`Enable AMBA Management`_ to _`Yes`_. This initiative deploys Azure Monitor Baseline Alerts to monitor Management services such as Log Analytics Workspaces, Storage Accounts, Automation Accounts.
- Change the value of _`Enable AMBA Hybrid VM`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Arc-enabled Servers.
- Change the value of _`Enable AMBA Azure VM`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Virtual Machines.
- Change the value of _`Enable AMBA Key Management`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Key Management Services such as Azure Key Vault, and Managed HSM.
- Change the value of _`Enable AMBA Load Balancing`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Load Balancing Services such as Load Balancer, Application Gateway, Traffic Manager, and Azure Front Door.
- Change the value of _`Enable AMBA Network Changes`_ to _`Yes`_ This initiative implements Azure Monitor Baseline Alerts to monitor alterations in Network Routing and Security, such as modifications to Route Tables and the removal of Network Security Groups.
- Change the value of _`Enable AMBA Recovery Services`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Recovery Services such as Azure Backup, and Azure Site Recovery.
- Change the value of _`Enable AMBA Storage`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Storage Services such as Storage accounts.
- Change the value of _`Enable AMBA Web`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Web Services such as App Services.
- Set the value of _`Enable AMBA Notification Assets`_ to _`Yes`_. This configuration will deploy notification assets broad notifications.

- Change the values on the Management Groups Settings blade according to the following instructions:

### If you are aligned to ALZ

- Choose the value of _```Enterprise Scale Company Management Group```_ to the management group ID for Platform.
- Choose the value of _```Platform Management Group```_ to the management group ID for Platform.
- Choose the value of _```Connectivity Management Group```_ to the management group ID for Connectivity.
- Choose the value of _```Identity Management Group```_ to the management group ID for Identity.
- Choose the value of _```Management Management Group```_ to the management group ID for Management.
- Choose the value of _```Connectivity Management Group```_ to the management group ID for Connectivity.
- Choose the value of _```Landing Zone Management Group```_ to the management group ID for Landing Zones.

### If you are unaligned to ALZ

- Choose the value of _`Enterprise Scale Company Management Group`_ to the management group ID for Platform. The same management group ID may be repeated.
- Choose the value of _`Platform Management Group`_ to the management group ID for Platform. The same management group ID may be repeated.
- Choose the value of _`Connectivity Management Group`_ to the management group ID for Connectivity. The same management group ID may be repeated.
- Choose the value of _`Identity Management Group`_ to the management group ID for Identity. The same management group ID may be repeated.
- Choose the value of _`Management Management Group`_ to the management group ID for Management. The same management group ID may be repeated.
- Choose the value of _`Connectivity Management Group`_ to the management group ID for Connectivity. The same management group ID may be repeated.
- Choose the value of _`Landing Zone Management Group`_ to the management group ID for Landing Zones. The same management group ID may be repeated.

{{< hint type=note >}}
Expand All @@ -54,26 +74,16 @@ For ease of deployment and maintenance we have kept the same variables.
### If you have a single management group

- Choose the value of _`Enterprise Scale Company Management Group`_ to the pseudo root management group ID, also called the "Intermediate Root Management Group".
- Choose the value of _`Platform Management Group`_ to the pseudo root management group ID, also called the "Intermediate Root Management Group".
- Choose the value of _`Connectivity Management Group`_ to the pseudo root management group ID, also called the "Intermediate Root Management Group".
- Choose the value of _`Identity Management Group`_ to the pseudo root management group ID, also called the "Intermediate Root Management Group".
- Choose the value of _`Management Management Group`_ to the pseudo root management group ID, also called the "Intermediate Root Management Group".
- Choose the value of _`Connectivity Management Group`_ to the pseudo root management group ID, also called the "Intermediate Root Management Group".
- Choose the value of _`Landing Zone Management Group`_ to the pseudo root management group ID, also called the "Intermediate Root Management Group".

{{< hint type=note >}}
For ease of deployment and maintenance we have kept the same variables.
{{< /hint >}}

- Set the value of _`Enable AMBA notification assets`_ to _`Yes`_. This configuration will deploy notification assets broad notifications.
- Set the value of _`Enable AMBA Service Health`_ to _`Yes`_. This setting will assign the Service Health Policy Set Definition during deployment and deploy action groups for Service Health alerts notifications.
- Change the value of _`Enable AMBA Hybrid VM`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Arc-enabled Servers.
- Change the value of _`Enable AMBA Key Management`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Key Management Services such as Azure Key Vault, and Managed HSM.
- Change the value of _`Enable AMBA Load Balancing`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Load Balancing Services such as Load Balancer, Application Gateway, Traffic Manager, and Azure Front Door.
- Change the value of _`Enable AMBA Network Changes`_ to _`Yes`_ This initiative implements Azure Monitor Baseline Alerts to monitor alterations in Network Routing and Security, such as modifications to Route Tables and the removal of Network Security Groups.
- Change the value of _`Enable AMBA Recovery Services`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Recovery Services such as Azure Backup, and Azure Site Recovery.
- Change the value of _`Enable AMBA Storage`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Storage Services such as Storage accounts.
- Change the value of _`Enable AMBA VM`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Azure Virtual Machines.
- Change the value of _`Enable AMBA Web`_ to _`Yes`_ This initiative deploys Azure Monitor Baseline Alerts to monitor Web Services such as App Services.

## Notification Settings Blade

![Notification Settings Blade](../../../media/PortalAccelerator/NotificationSettings.png)
Expand Down
Binary file modified docs/content/patterns/alz/media/PortalAccelerator/DeploymentSettings.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/content/patterns/alz/media/PortalAccelerator/MGSettings.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
44 changes: 44 additions & 0 deletions docs/content/patterns/specialized/oracle/oracle on azure iaas/FAQ.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
---
title: Frequently Asked Questions
geekdocCollapseSection: true
weight: 80
---

> ## Do I need to use the thresholds defined as default values in the metric rule alerts?
>
The initial thresholds are based on our observations and Microsoft's documentation recommendations. These thresholds are intended as a starting point and should be adjusted over time.

Monitor the alerts closely to fine-tune the thresholds. If the alerts are too frequent, increase the threshold. Conversely, if the alerts do not trigger when issues arise, decrease the threshold accordingly. The adjustments will depend on the metrics or log errors used as monitoring sources.

Once you have determined an appropriate threshold value, we encourage you to share it with us if you think it could benefit broader use.

>
> ## Do I need to use these metrics or can they be replaced with ones more suited to my environment?
>
> The metric rules provided are based on Microsoft's documentation recommendations and real-world field experience. These rules are intended as a starting point, and you may need to adjust the thresholds over time.
You can tailor the alerts to suit your specific environment and how you use Azure resources. The main goal of this project is to help you implement Azure Monitor alerts at scale. You can create new rules specific to your thresholds.

We would love to hear about any new rules you develop, so please share them with us if you believe they could benefit others.
>
> ## How much does it cost to run the ALZ Baseline solution?
>
> The cost of running the ALZ Baseline solution depends on several factors, including the number of alert rules you deploy, the number of subscriptions inheriting the baseline policies, and the resources within each subscription that match the policy rules.
Each alert rule costs approximately $0.10 monthly based on continuous data evaluation. If the rule only evaluates data intermittently, the cost is prorated. Dynamic Thresholds double the price to around $0.20 per month. Additionally, Action groups configured with an email address are charged about $2 monthly for every 1,000 emails.

**While significant costs are not anticipated, it is recommended that you assess costs in a non-production environment to understand the expenses for your deployment.**

For detailed cost information, visit the Azure Monitor [Pricing - Azure Monitor](https://azure.microsoft.com/en-us/pricing/details/monitor/) pricing and consult with your local Microsoft account team to estimate the costs for your deployment.
>
Depending on the region you deploy to their may be a small difference in the associated cost, the costs provided here are based on prices captured as of April 2023
>
> ## Can I use AMBA without a GitHub repository
>
You can use AMBA without a GitHub repository if the ARM templates are publicly accessible. The linked templates in this solution must be accessible via a URL when the top-level ARM template is submitted to Azure Resource Manager. This ensures they can be pulled in at deployment time.

Alternatively, you can use Template specs. This allows you to package the main template and its linked templates into a single entity within your Azure subscription. Template specs make it easy to securely share the template with users in your organization using Azure role-based access control (Azure RBAC). This feature is currently in preview.
>
> References:
> - [Template specs](https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/linked-templates?tabs=azure-powershell#template-specs)
> - [ARM Private deployment](https://github.com/Azure/ARM-private-deployment)
82 changes: 82 additions & 0 deletions docs/content/patterns/specialized/oracle/oracle on azure iaas/_index.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,82 @@
---
title: Oracle on Azure IaaS
geekdocCollapseSection: true
---

## Overview

Monitoring Oracle on Azure IaaS enables timely actions to enhance performance, reliability, and security. This solution helps set up appropriate Azure Monitor alerts for virtual machine and disk utilization. Action owners will receive email notifications if utilization metrics exceed the set thresholds.

> [!NOTE]
> Please adhere to the thresholds provided below when operating Oracle on Azure IaaS solutions. Ignoring alerts for these threshold values may lead to performance degradation and compromise the availability of the database
**Current Version:**
v0 (Dec 6, 2024)

## Alerts Table

Table below shows the Alerts configured after the deployment.

| Name | Threshold(s) (Severity) | Signal Type | Frequency | \# Alert Rules |
| ---------------------------------------------- | ----------------------- | ------------- | --------- | -------------- |
| Percentage CPU > 95 | 95 (2) | Log Analytics | 5 min | Default |
| Percentage CPU >= 85 | 85 (1) | Log Analytics | 5 min | Default |
| Percentage CPU >= 75 | 75 (2) | Log Analytics | 5 min | Default |
| VmAvailabilityMetric < 1 | < 1 (0) | Log Analytics | 5 min | Default |
| OS Disk Bandwidth Consumed Percentage > 95 | 95 (0) | Log Analytics | 5 min | Default |
| OS Disk Bandwidth Consumed Percentage > 90 | 90 (1) | Log Analytics | 5 min | Default |
| Available Memory Bytes < 500000000 | < 500000000 (1) | Log Analytics | 5 min | Default |
| VM cached Bandwidth Consumed Percentage > 95 | 95 (2) | Log Analytics | 5 min | Default |
| VM cached Bandwidth Consumed Percentage > 85 | 85 (2) | Log Analytics | 5 min | Default |
| VM cached Bandwidth Consumed Percentage > 75 | 75 (2) | Log Analytics | 5 min | Default |
| VM uncached Bandwidth Consumed Percentage > 95 | 95 (2) | Log Analytics | 5 min | Default |
| VM uncached Bandwidth Consumed Percentage > 85 | 85 (2) | Log Analytics | 5 min | Default |
| VM uncached Bandwidth Consumed Percentage > 75 | 75 (2) | Log Analytics | 5 min | Default |
| Data Disk IOPS Consumed Percentage > 95 | 95 (2) | Log Analytics | 5 min | Default |
| Data Disk IOPS Consumed Percentage > 85 | 85 (2) | Log Analytics | 5 min | Default |
| Data Disk IOPS Consumed Percentage > 75 | 75 (2) | Log Analytics | 5 min | Default |
| OS Disk Bandwidth Consumed Percentage > 95 | 95 (2) | Log Analytics | 5 min | Default |
| OS Disk Bandwidth Consumed Percentage > 85 | 85 (2) | Log Analytics | 5 min | Default |
| OS Disk Bandwidth Consumed Percentage > 75 | 75 (2) | Log Analytics | 5 min | Default |
| VolumeConsumedSizePercentage per Lun >= 95 | \>=95 (0) | Log Analytics | 5 min | Default |
| VolumeConsumedSizePercentage >= 90 | \>=90 (2) | Log Analytics | 5 min | Default |
| UnhealthyHostCount >=1 | \>=1 (0) | Log Analytics | 5 min | Default |


## 📣Feedback 📣

Once you've had an opportunity to deploy the solution we'd love to hear from you! Click [here](https://aka.ms/alz/monitor/feedback) to leave your feedback.

If you have encountered a problem please file an issue in our GitHub repo [GitHub Issue](https://github.com/Azure/azure-monitor-baseline-alerts/issues).

## Monitor Oracle on Azure IaaS

Review [Manage and Monitor Oracle](/azure/cloud-adoption-framework/scenarios/oracle-iaas/oracle-manage-monitor-iaas) for further guidance.

## Contributing

This project welcomes contributions and suggestions.
Most contributions require you to agree to a Contributor License Agreement (CLA)
declaring that you have the right to, and actually do, grant us the rights to use your contribution.
For details, visit [https://cla.opensource.microsoft.com](https://cla.opensource.microsoft.com).

When you submit a pull request, a CLA bot will automatically determine whether you need to provide
a CLA and decorate the PR appropriately (e.g., status check, comment).
Simply follow the instructions provided by the bot.
You will only need to do this once across all repos using our CLA.

This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
contact [[email protected]](mailto:[email protected]) with any additional questions or comments.

{{< hint type=note >}}
Details on contributing to this repo can be found [here](../../../contributing)
{{< /hint >}}

## Trademarks

This project may contain trademarks or logos for projects, products, or services.
Authorized use of Microsoft trademarks or logos is subject to and must follow
[Microsoft's Trademark & Brand Guidelines](https://www.microsoft.com/legal/intellectualproperty/trademarks/usage/general).
Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship.
Any use of third-party trademarks or logos are subject to those third-party's policies.
7 changes: 7 additions & 0 deletions docs/content/patterns/specialized/oracle/oracle on azure iaas/known-issues.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
title: Known Issues
geekdocCollapseSection: true
weight: 100
---

## None at this time
Loading

0 comments on commit 32de045

Please sign in to comment.