forked from Azure/review-checklists
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathadx_checklist.en.json
222 lines (222 loc) · 10 KB
/
adx_checklist.en.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
{
"items": [
{
"category": "BC and DR",
"subcategory": "Replication",
"text": "Leverage External Tables and Continuous data export overview to reduce costs",
"description": "Using the correct approach to feed a datalake with cold data and having the Kusto query engine at your disposal at the same time, as in the short-term storage",
"waf": "Reliability",
"service": "Azure Data Explorer",
"guid": "ba7da7be-9951-4914-a384-5d997cb39132",
"id": "A01.01",
"link": "https://learn.microsoft.com/azure/data-explorer/kusto/management/data-export/continuous-data-export"
},
{
"category": "BC and DR",
"subcategory": "Replication",
"text": "To share data, explore Leader-follower cluster configuration",
"description": "Azure Data Explorer provides an optional follower capability for a leader cluster to be followed by other follower clusters for read-only access to the leader's data and metadata. Changes in the leader, such as create, append, and drop are automatically synchronized to the follower. While the leaders could span Azure regions, the follower clusters should be hosted in the same region(s) as the leader. If the leader cluster is down or databases or tables are accidentally dropped, the follower clusters will lose access until access is recovered in the leader.",
"waf": "Reliability",
"service": "Azure Data Explorer",
"guid": "56a22586-f490-4641-addd-ea8a377cdeb3",
"id": "A01.02",
"link": "https://learn.microsoft.com/azure/data-explorer/follower?tabs=csharp"
},
{
"category": "BC and DR",
"subcategory": "Replication",
"text": "To protect against regional failure, create Multiple independent clusters, preferably in two Azure Paired regions",
"description": "Azure Data Explorer doesn't support automatic protection against the outage of an entire Azure region. This disruption can happen during a natural disaster, like an earthquake. If you require a solution for a disaster recovery situation, do the following steps to ensure business continuity. In these steps, you'll replicate your clusters, management, and data ingestion in two Azure paired regions.",
"waf": "Reliability",
"service": "Azure Data Explorer",
"guid": "861bb2bc-14ae-4a6e-95d8-d9a3adc218e6",
"id": "A01.03",
"link": "https://learn.microsoft.com/azure/data-explorer/business-continuity-create-solution#create-multiple-independent-clusters"
},
{
"category": "BC and DR",
"subcategory": "Replication",
"text": "Replicate all management activities such as creating new tables or managing user roles on each cluster.",
"waf": "Reliability",
"service": "Azure Data Explorer",
"guid": "436b0635-cb45-4e57-a603-324ace8cc123",
"id": "A01.04",
"link": "https://learn.microsoft.com/azure/data-explorer/business-continuity-create-solution#replicate-management-activities"
},
{
"category": "BC and DR",
"subcategory": "Replication",
"text": "Ingest data into each cluster in parallel",
"waf": "Reliability",
"service": "Azure Data Explorer",
"guid": "18ca6017-0265-4f4b-a46a-393af7f31728",
"id": "A01.05",
"link": "https://learn.microsoft.com/azure/data-explorer/business-continuity-create-solution"
},
{
"category": "BC and DR",
"subcategory": "DR Configuration",
"text": "For critical application with no tolerance for outages, create Active-Active-Active (always-on) configuration",
"description": "This configuration is also called 'always-on'. For critical application deployments with no tolerance for outages, you should use multiple Azure Data Explorer clusters across Azure paired regions.",
"waf": "Reliability",
"service": "Azure Data Explorer",
"guid": "58a9c279-9c42-4bb6-9d0c-65556246b338",
"id": "A02.01",
"link": "https://learn.microsoft.com/azure/data-explorer/business-continuity-overview#active-active-active-configuration"
},
{
"category": "BC and DR",
"subcategory": "DR Configuration",
"text": "For critical applications, create Active-Active configuration in two paired regions",
"description": "This configuration is identical to the active-active-active configuration, but only involves two Azure paired regions. Configure dual ingestion, processing, and curation. Users are routed to the nearest region. The cluster SKU must be the same across regions.",
"waf": "Reliability",
"service": "Azure Data Explorer",
"guid": "563a4dc7-4a74-48b6-922a-d190916a6649",
"id": "A02.02",
"link": "https://learn.microsoft.com/azure/data-explorer/business-continuity-overview#active-active-configuration"
},
{
"category": "BC and DR",
"subcategory": "DR Configuration",
"text": "For applications, which required only read during failure, create Active-Hot standby configuration",
"description": "The Active-Hot configuration is similar to the Active-Active configuration in dual ingest, processing, and curation. While the standby cluster is online for ingestion, process, and curation, it isn't available to query. The standby cluster doesn't need to be in the same SKU as the primary cluster. It can be of a smaller SKU and scale, which may result in it being less performant. In a disaster scenario, users are redirected to the standby cluster, which can optionally be scaled up to increase performance.",
"waf": "Reliability",
"service": "Azure Data Explorer",
"guid": "8fadfe27-7de2-483b-8ac3-52baa9b75708",
"id": "A02.03",
"link": "https://learn.microsoft.com/azure/data-explorer/business-continuity-overview#active-hot-standby-configuration"
},
{
"category": "BC and DR",
"subcategory": "DR Configuration",
"text": "For applications, where cost is a concern and can withstand some downtime during failure, create on-demand data recovery cluster configuration",
"description": "This solution offers the least resiliency (highest RPO and RTO), is the lowest in cost and highest in effort. In this configuration, there's no data recovery cluster. Configure continuous export of curated data (unless raw and intermediate data is also required) to a storage account that is configured GRS (Geo Redundant Storage). A data recovery cluster is spun up if there is a disaster recovery scenario. At that time, DDLs, configuration, policies, and processes are applied. Data is ingested from storage with the ingestion property kustoCreationTime to over-ride the ingestion time that defaults to system time.",
"waf": "Reliability",
"service": "Azure Data Explorer",
"guid": "49aa8092-dc8e-4b9d-8bb7-3b26a5a67eba",
"id": "A02.04",
"link": "https://learn.microsoft.com/azure/data-explorer/business-continuity-overview#on-demand-data-recovery-configuration"
},
{
"category": "Operations Management",
"subcategory": "IaC",
"text": "Wrap DevOps and source control around all your code",
"description": "All database objects, policies, and configurations should be persisted in source control so they can be released to the cluster from your release automation tool.",
"waf": "Reliability",
"service": "Azure Data Explorer",
"guid": "5a907e1e-348e-4f25-9c27-d32e8bbac757",
"id": "B01.01",
"training": "https://learn.microsoft.com/learn/paths/secure-your-cloud-data/",
"link": "https://learn.microsoft.com/azure/data-explorer/devops"
},
{
"category": "Operations Management",
"subcategory": "IaC",
"text": "Design, develop, and implement validation routines to ensure all clusters are in-sync from a data perspective.",
"waf": "Reliability",
"service": "Azure Data Explorer",
"guid": "1559ab91-53e8-4908-ae28-b84c33b6b780",
"id": "B01.02",
"training": "https://learn.microsoft.com/learn/modules/azure-active-directory/",
"link": "https://learn.microsoft.com/azure/data-explorer/devops"
},
{
"category": "Operations Management",
"subcategory": "IaC",
"text": "Be fully cognizant of what it takes to build a cluster from scratch. Leverage Infrastructure as a Code for your deployments",
"waf": "Reliability",
"service": "Azure Data Explorer",
"guid": "8b9fe5c4-1049-4d40-9a82-2c3474d00f18",
"id": "B01.03",
"training": "https://learn.microsoft.com/learn/modules/implement-hybrid-identity-windows-server/",
"link": "https://learn.microsoft.com/azure/data-explorer/devops"
}
],
"categories": [
{
"name": "Identity and Access Management"
},
{
"name": "Network Topology and Connectivity"
},
{
"name": "BC and DR"
},
{
"name": "Governance and Security"
},
{
"name": "Cost Governance"
},
{
"name": "Operations Management"
},
{
"name": "Application Deployment"
}
],
"waf": [
{
"name": "Reliability"
},
{
"name": "Security"
},
{
"name": "Cost"
},
{
"name": "Operations"
},
{
"name": "Performance"
}
],
"yesno": [
{
"name": "Yes"
},
{
"name": "No"
}
],
"status": [
{
"name": "Not verified",
"description": "This check has not been looked at yet"
},
{
"name": "Open",
"description": "There is an action item associated to this check"
},
{
"name": "Fulfilled",
"description": "This check has been verified, and there are no further action items associated to it"
},
{
"name": "Not required",
"description": "Recommendation understood, but not needed by current requirements"
},
{
"name": "N/A",
"description": "Not applicable for current design"
}
],
"severities": [
{
"name": "High"
},
{
"name": "Medium"
},
{
"name": "Low"
}
],
"metadata": {
"name": "Azure Data Explorer Review Checklist",
"state": "Preview",
"waf": "Reliability",
"timestamp": "April 15, 2024"
}
}