Integrating Azure Advisor Into Your Workday
Editor's note: The following post was written by Cloud and Datacenter ManagementMVP Timothy Warneras part of our Technical Tuesday series. Daron Yondemof the MVP Award Blog Technical Committee served as the technical reviewer for this piece.
Are you familiar with the shared responsibility model of cloud computing? This model states that Microsoft's responsibility is providing a highly available resource pool for your use, and your responsibility is optimizing and securing the resources you use.
As I'm sure you know, Microsoft Azure represents an enormous variety of cloud capabilities, and caring for them at once taxes even the most Azure -capable teams. In this article I'll introduce you to Azure Advisor, and show how you can apply some of Microsoft's cloud intelligence to your environment.
Advisor overview
Azure Advisor is what I call a recommendation engine; a free platform that offers you Microsoft best practice guidance for the following Azure resources:
- Virtual machines
- Availability sets
- Application gateways
- App Services apps
- Azure SQL virtual servers and databases
- Redis Cache
If for no other reason, you should use Advisor because it's free with your subscription. The most important reason, though, is that Advisor helps you save money, meet your service-level agreement (SLA) targets, and certify with your requisite compliance programs. Advisor presents recommendations to you along four axes:
- High availability
- Security
- Performance
- Cost
Let's dive into the Azure portal and examine Advisor's behavior.
Advisor in Action - High Availability
In the Azure portal, place your cursor in the Search resources global search box, type advisor, and press Enter. Voila! Azure Advisor appears. At first launch, click Get recommendations to register your subscription with Advisor; this is a one-time operation.
Members of the Owner, Contributor, or Reader role-based access control (RBAC) roles can view Advisor recommendations for subscriptions, resource groups, and individual resources. Figure 1 shows you Azure Advisor.
[caption id="attachment_25565" align="alignnone" width="900"]
Figure 1. Azure Advisor[/caption]
On the Advisor toolbar you can view recommendations from each category, or see them all on one screen. Figure 2 shows the Azure's High Availability recommendations for my subscription:
[caption id="attachment_25575" align="alignnone" width="900"]
Figure 2. High availability recommendations[/caption]
Advisor in Action - Security
Do you see how practical Advisor is? Next, let's investigate my Security recommendation. As you can see in Figure 4, viewing the Security recommendations (1) and selecting a security recommendation (2) opens the Azure Security Center recommendations list (3). From here you can visit Azure Security Center (4) or apply recommendations directly from Advisor.
[caption id="attachment_25576" align="alignnone" width="900"]
Figure 4. Advisor and Azure Security Center work together[/caption]
See my MVP blog post, "Integrating Azure Security Center into Your Workday," for more details on Azure Security Center. You can also consider the following common Azure Security Center recommendations to get a feel for how the tool can help you:
- Enable endpoint protection
- Apply just-in-time (JIT) VM access
- Customize network security group (NSG) rules
Like Advisor, Azure Security Center also provides detailed remediation guidance for its suggestions. For example, Azure Security Center can initiate an auto-installation of endpoint protection or the Azure VM Agent.
Advisor in Action - Cost
Figure 5 shows my Advisor cost recommendations. Notice how Azure provides a potential savings value for my virtual machine pool - color me interested!
[caption id="attachment_25577" align="alignnone" width="900"]
Figure 5. Advisor can save you money[/caption]
Advisor analyzed my virtual machine runtime patterns and recommended resizing or stopping selected VMs. Doing so may result in cost savings without service degradation. You can see this behavior in action in Figure 6.
[caption id="attachment_25585" align="alignnone" width="900"]
Figure 6. Viewing VM usage patterns[/caption]
In this case, you can see clearly that my vm2 virtual machine has had low CPU utilization over the past week. Therefore, I can save money by resizing that instance, or even scheduling shutdown during off-peak hours.
Advisor in Action - Performance
Azure Advisor performance recommendations center on three Azure resources:
- Azure SQL Database
- App Service
- Redis cache
For Azure SQL Database recommendations, Advisor links to SQL Database Advisor. For Redis cache recommendations, Advisor links to Redis Cache Advisor. For Azure App Service recommendations, Advisor presents suggestions based on Microsoft's own best practice guidelines.
For example, SQL Database Advisor may recommend:
- creating or dropping indexes
- parameterizing Transact-SQL queries
- editing the database schema for better security or performance
The Redis Cache advisor lets you know where cache performance may be negatively affected by high memory usage, network bandwidth, or server utilization.
Next Steps
There you have it! If you haven't done so, please add "check Advisor recommendations" to your weekly or even daily Azure administration workflow. The Advisor toolbar has buttons to create one-click reports in Adobe Acrobat Portable Document Format (PDF) or comma-separated value (CSV) format. Figures 7 and 8 show you examples of these reports.
[caption id="attachment_25595" align="alignnone" width="767"]
Figure 7. PDF Advisor report[/caption]
[caption id="attachment_25605" align="alignnone" width="900"]
Figure 8. CSV Advisor report[/caption]
As usual, I will leave you with resources for further learning. Take good care!
Timothy Warner is a Microsoft Most Valuable Professional (MVP) in Cloud and Datacenter Management who is based in Nashville, TN. His professional specialties include Microsoft Azure, cross-platform PowerShell, and all things Windows Server-related. You can reach Tim via Twitter @TechTrainerTim, LinkedIn or his personal website, techtrainertim.com.