Merge pull request #924 from MicrosoftDocs/vmworkload-devops

VM workloads DevOps considerations

docs/reference-architectures/n-tier/linux-vm.md

@@ -113,7 +113,7 @@ Use [Azure Spot VMs](https://docs.microsoft.com/azure/virtual-machines/windows/s
 
 Use the [Azure Pricing Calculator][azure-pricing-calculator] to estimates costs.
 
-For more information, see the cost section in [Microsoft Azure Well-Architected Framework][aaf-cost].
+For more information, see the cost section in [Microsoft Azure Well-Architected Framework][WAF-cost].
 
 
 
@@ -134,16 +134,31 @@ Use [Azure Security Center][security-center] to get a central view of the securi
 
 **Data encryption**. Use [Azure Disk Encryption][disk-encryption] if you need to encrypt the OS and data disks.
 
+## DevOps considerations
+
+Use a single [Azure Resource Manager template][arm-template] for provisioning the Azure resources and its dependencies. Since all the resources are in the same virtual network, they are isolated in the same basic workload, that makes it easier to associate the workload's specific resources to a DevOps team, so that the team can independently manage all aspects of those resources. This isolation enables the DevOps Team to perform continuous integration and continuous delivery (CI/CD).
+
+Also, you can use different [Azure Resource Manager templates][arm-template] and integrate them with [Azure DevOps Services][az-devops] to provision different environments in minutes, for example to replicate production like scenarios or load testing environments only when needed, saving cost.
+
+For higher availability architecture see [Linux N-tier application in Azure with Apache Cassandra](./n-tier-cassandra.md), the reference architecture includes more than one VM and each VM is included in an availability set.
+
+Consider using the [Azure Monitor][azure-monitor] to Analyze and optimize the performance of your infrastructure, Monitor and diagnose networking issues without logging into your virtual machines.
+
+
+For more information, see the Operationl excellence section in [Microsoft Azure Well-Architected Framework][WAF-devops].
+
 ## Next steps
 
 - To provision a Linux VM, see [Create and Manage Linux VMs with the Azure CLI](https://docs.microsoft.com/azure/virtual-machines/linux/tutorial-manage-vm)
 - For a complete N-tier architecture on Linux VMs, see [Linux N-tier application in Azure with Apache Cassandra](./n-tier-cassandra.md).
 
 <!-- links -->
 
-[aaf-cost]: /azure/architecture/framework/cost/overview
+[arm-template]: /azure/azure-resource-manager/resource-group-overview#resource-groups
 [audit-logs]: https://azure.microsoft.com/blog/analyze-azure-audit-logs-in-powerbi-more/
+[az-devops]: https://docs.microsoft.com/azure/virtual-machines/windows/infrastructure-automation#azure-devops-services
 [azure-linux]: /azure/virtual-machines/virtual-machines-linux-azure-overview
+[azure-monitor]: https://azure.microsoft.com/services/monitor/
 [azure-storage]: /azure/storage/common/storage-introduction
 [blob-storage]: /azure/storage/common/storage-introduction
 [boot-diagnostics]: https://azure.microsoft.com/blog/boot-diagnostics-for-virtual-machines-v2/
@@ -155,6 +170,7 @@ Use [Azure Security Center][security-center] to get a central view of the securi
 [fqdn]: https://docs.microsoft.com/azure/virtual-machines/virtual-machines-linux-portal-create-fqdn
 [group-policy]: https://docs.microsoft.com/windows-server/administration/windows-server-update-services/deploy/4-configure-group-policy-settings-for-automatic-updates
 [iostat]: https://en.wikipedia.org/wiki/Iostat
+[linux-vms-pricing]: https://azure.microsoft.com/pricing/details/virtual-machines/linux
 [manage-vm-availability]: https://docs.microsoft.com/azure/virtual-machines/virtual-machines-linux-manage-availability
 [managed-disks]: https://docs.microsoft.com/azure/storage/storage-managed-disks-overview
 [naming-conventions]: https://docs.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/naming-and-tagging
@@ -176,6 +192,7 @@ Use [Azure Security Center][security-center] to get a central view of the securi
 [ssh-linux]: https://docs.microsoft.com/azure/virtual-machines/virtual-machines-linux-mac-create-ssh-keys
 [static-ip]: https://docs.microsoft.com/azure/virtual-network/virtual-networks-reserved-public-ip
 [virtual-machine-sizes]: https://docs.microsoft.com/azure/virtual-machines/virtual-machines-linux-sizes
-[linux-vms-pricing]: https://azure.microsoft.com/pricing/details/virtual-machines/linux
 [vm-size-tables]: https://docs.microsoft.com/azure/virtual-machines/virtual-machines-linux-sizes
 [vm-sla]: https://azure.microsoft.com/support/legal/sla/virtual-machines
+[WAF-devops]: /azure/architecture/framework/devops/overview
+[WAF-cost]: /azure/architecture/framework/cost/overview

docs/reference-architectures/n-tier/multi-region-sql-server.md

@@ -185,7 +185,23 @@ You are charged only for the number of configured load-balancing and outbound ru
 
 Traffic Manager billing is based on the number of DNS queries received, with a discount for services receiving more than 1 billion monthly queries. You are also charged for each monitored endpoint.
 
-For more information, see the cost section in [Microsoft Azure Well-Architected Framework][aaf-cost].
+For more information, see the cost section in [Microsoft Azure Well-Architected Framework][WAF-cost].
+
+## DevOps considerations
+
+Use a single [Azure Resource Manager template][arm-template] for provisioning the Azure resources and its dependencies. Use the same template to deploy the resources to both primary and secondary regions. Include all the resources in the same virtual network so they are isolated in the same basic workload, that makes it easier to associate the workload's specific resources to a DevOps team, so that the team can independently manage all aspects of those resources. This isolation enables DevOps Team and Services to perform continuous integration and continuous delivery (CI/CD).
+
+Also, you can use different [Azure Resource Manager templates][arm-template] and integrate them with [Azure DevOps Services][az-devops] to provision different environments in minutes, for example to replicate production like scenarios or load testing environments only when needed, saving cost.
+
+Consider using the [Azure Monitor][azure-monitor] to Analyze and optimize the performance of your infrastructure, Monitor and diagnose networking issues without logging into your virtual machines. Application Insights is actually one of the components of Azure Monitor, which gives you rich metrics and logs to verify the state of your complete Azure landscape. Azure Monitor will help you to follow the state of your infrastructure.
+
+Make sure not only to monitor your compute elements supporting your application code, but your data platform as well, in particular your databases, since a low performance of the data tier of an application could have serious consequences.
+
+
+In order to test the Azure environment where the applications are running, it should be version-controlled and deployed through the same mechanisms as application code, then it can be tested and validated using DevOps testing paradigms too.
+
+For more information, see the Operational Excellence section in [Microsoft Azure Well-Architected Framework][WAF-devops].
+
 
 ## Related resources
 
@@ -195,9 +211,12 @@ The following architecture uses some of the same technologies:
 
 <!-- links -->
 
+[arm-template]: /azure/azure-resource-manager/resource-group-overview#resource-groups
+[azure-monitor]: https://azure.microsoft.com/services/monitor/
+[az-devops]: https://docs.microsoft.com/azure/virtual-machines/windows/infrastructure-automation#azure-devops-services
+[Sql-vm-pricing]: https://azure.microsoft.com/pricing/details/virtual-machines/sql-server-enterprise/
 [Windows-vm-pricing]: https://azure.microsoft.com/pricing/details/virtual-machines/windows
 [Managed-Sql-pricing]: https://azure.microsoft.com/pricing/details/sql-database/managed
-[aaf-cost]: ../../framework/cost/overview.md
 [azure-sql-db]: https://docs.microsoft.com/azure/sql-database
 [health-endpoint-monitoring-pattern]: ../../patterns/health-endpoint-monitoring.md
 [azure-cli]: https://docs.microsoft.com/cli/azure
@@ -216,3 +235,5 @@ The following architecture uses some of the same technologies:
 [visio-download]: https://archcenter.blob.core.windows.net/cdn/vm-reference-architectures.vsdx
 [vnet-dns]: https://docs.microsoft.com/azure/virtual-network/manage-virtual-network#change-dns-servers
 [wsfc]: https://msdn.microsoft.com/library/hh270278.aspx
+[WAF-cost]: ../../framework/cost/overview.md
+[WAF-devops]: /azure/architecture/framework/devops/overview

docs/reference-architectures/n-tier/n-tier-cassandra.md

@@ -198,7 +198,7 @@ For single VMs pricing options See [Linux VMs pricing][Linux-vm-pricing].
 
 You are charged only for the number of configured load-balancing and outbound rules. Inbound NAT rules are free. There is no hourly charge for the Standard Load Balancer when no rules are configured.
 
-For more information, see the cost section in [Microsoft Azure Well-Architected Framework][aaf-cost].
+For more information, see the cost section in [Microsoft Azure Well-Architected Framework][WAF-cost].
 
 
 ## Security considerations
@@ -237,16 +237,38 @@ To deploy the Linux VMs for an N-tier application reference architecture, follow
    azbb -s <your subscription_id> -g <your resource_group_name> -l <azure region> -p n-tier-linux.json --deploy
    ```
 
+## DevOps considerations
+
+In this architecture you use an [Azure Building Blocks template][azbb-template] for provisioning the Azure resources and its dependencies. Since all the main resources and their dependencies are in the same virtual network, they are isolated in the same basic workload, that makes it easier to associate the workload's specific resources to a DevOps team, so that the team can independently manage all aspects of those resources. This isolation enables DevOps Teams and Services to perform continuous integration and continuous delivery (CI/CD).
+
+Also, you can use different deployment templates and integrate them with [Azure DevOps Services][az-devops] to provision different environments in minutes, for example to replicate production like scenarios or load testing environments only when needed, saving cost.
+
+In this sceanario you virtual machines are configured by using Virtual Machine Extensions, since they offer the possibility of installing certain additional software, such as Apache Cassandra. In particular, the Custom Script Extension allows the download and execution of arbitrary code on a Virtual Machine, allowing unlimited customization of the Operating System of an Azure VM. VM Extensions are installed and executed only at VM creation time. That means if the Operating System gets configured incorrectly at a later stage, it will require a manual intervention to move it back to its correct state. Configuration Management Tools can be used to address this issue.
+
+Consider using the [Azure Monitor][azure-monitor] to Analyze and optimize the performance of your infrastructure, Monitor and diagnose networking issues without logging into your virtual machines. Application Insights is actually one of the components of Azure Monitor, which gives you rich metrics and logs to verify the state of your complete Azure landscape. Azure Monitor will help you to follow the state of your infrastructure.
+
+Make sure not only to monitor your compute elements supporting your application code, but your data platform as well, in particular your databases, since a low performance of the data tier of an application could have serious consequences.
+
+In order to test the Azure environment where the applications are running, it should be version-controlled and deployed through the same mechanisms as application code, then it can be tested and validated using DevOps testing paradigms too.
+
+
+For more information, see the Operational Excellence section in [Microsoft Azure Well-Architecture Framework][WAF-devops].
+
 ## Next steps
 
 - [Microsoft Learn module: Tour the N-tier architecture style](https://docs.microsoft.com/learn/modules/n-tier-architecture/)
 
 <!-- links -->
 
-[aaf-cost]: ../../framework/cost/overview.md
+[arm-template]: /azure/azure-resource-manager/resource-group-overview#resource-groups
+[WAF-devops]: /azure/architecture/framework/devops/overview
+[az-devops]: https://docs.microsoft.com/azure/virtual-machines/windows/infrastructure-automation#azure-devops-services
+[azbb-template]: https://github.com/mspnp/template-building-blocks/wiki/overview
+[WAF-cost]: ../../framework/cost/overview.md
 [app-gw-scaling]: https://docs.microsoft.com/azure/application-gateway
 [azure-dns]: https://docs.microsoft.com/azure/dns/dns-overview
 [azure-key-vault]: https://azure.microsoft.com/services/key-vault
+[azure-monitor]: https://azure.microsoft.com/services/monitor/
 [bastion host]: https://en.wikipedia.org/wiki/Bastion_host
 [cassandra-in-azure]: https://academy.datastax.com/resources/deployment-guide-azure
 [cassandra-consistency]: https://docs.datastax.com/en/cassandra/2.0/cassandra/dml/dml_config_consistency_c.html

docs/reference-architectures/n-tier/n-tier-sql-server.md

@@ -210,7 +210,7 @@ For SQL server VMs pricing options see [SQL VMs pricing][Managed-Sql-pricing].
 
 You are charged only for the number of configured load-balancing and outbound rules. Inbound NAT rules are free. There is no hourly charge for the Standard Load Balancer when no rules are configured.
 
-For more information, see the cost section in [Microsoft Azure Well-Architected Framework][aaf-cost].
+For more information, see the cost section in [Microsoft Azure Well-Architected Framework][WAF-cost].
 
 ## Security considerations
 
@@ -224,6 +224,26 @@ Virtual networks are a traffic isolation boundary in Azure. By default, VMs in o
 
 **DDoS protection**. The Azure platform provides basic DDoS protection by default. This basic protection is targeted at protecting the Azure infrastructure as a whole. Although basic DDoS protection is automatically enabled, we recommend using [DDoS Protection Standard][ddos]. Standard protection uses adaptive tuning, based on your application's network traffic patterns, to detect threats. This allows it to apply mitigations against DDoS attacks that might go unnoticed by the infrastructure-wide DDoS policies. Standard protection also provides alerting, telemetry, and analytics through Azure Monitor. For more information, see [Azure DDoS Protection: Best practices and reference architectures][ddos-best-practices].
 
+
+## DevOps considerations
+
+In this architecture you use [Azure Building Blocks templates][azbb-template] for provisioning the Azure resources and its dependencies. Since all the main resources and their dependencies are in the same virtual network, they are isolated in the same basic workload, that makes it easier to associate the workload's specific resources to a team, so that the team can independently manage all aspects of those resources. This isolation enables DevOps to perform continuous integration and continuous delivery (CI/CD).
+
+Also, you can use different deployment templates and integrate them with [Azure DevOps Services][az-devops] to provision different environments in minutes, for example to replicate production like scenarios or load testing environments only when needed, saving cost.
+
+In this sceanario you virtual machines are configured by using Virtual Machine Extensions, since they offer the possibility of installing certain additional software, such as anti malware and security agents. VM Extensions are installed and executed only at VM creation time. That means if the Operating System gets configured incorrectly at a later stage, it will require a manual intervention to move it back to its correct state..
+
+Configuration Management Tools, in particular Desired State Configuration (DSC), are used in this architecture to configure Active Directory and a SQL Server Always On Availability Group.
+
+Consider using the [Azure Monitor][azure-monitor] to Analyze and optimize the performance of your infrastructure, Monitor and diagnose networking issues without logging into your virtual machines. Application Insights is actually one of the components of Azure Monitor, which gives you rich metrics and logs to verify the state of your complete Azure landscape. Azure Monitor will help you to follow the state of your infrastructure.
+
+Make sure not only to monitor your compute elements supporting your application code, but your data platform as well, in particular your databases, since a low performance of the data tier of an application could have serious consequences.
+
+In order to test the Azure environment where the applications are running, it should be version-controlled and deployed through the same mechanisms as application code, then it can be tested and validated using DevOps testing paradigms too.
+
+
+For more information, see the Operational Excellence section in [Azure Well-Architected Framework][WAF-devops].
+
 ## Deploy the solution
 
 A deployment for this reference architecture is available on [GitHub][github-folder]. The entire deployment can take up to an hour, which includes running the scripts to configure AD DS, the Windows Server failover cluster, and the SQL Server availability group.
@@ -274,7 +294,9 @@ If you specify a region that supports availability zones, the VMs are deployed i
 
 <!-- links -->
 
-[aaf-cost]: ../../framework/cost/overview.md
+[az-devops]: https://docs.microsoft.com/azure/virtual-machines/windows/infrastructure-automation#azure-devops-services
+[azure-monitor]: https://azure.microsoft.com/services/monitor/
+[Azure-SQl-Pricing]: https://azure.microsoft.com/pricing/details/sql-database/managed/
 [app-gw-scaling]: https://docs.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant
 [azure-dns]: https://docs.microsoft.com/azure/dns/dns-overview
 [azure-key-vault]: https://azure.microsoft.com/services/key-vault
@@ -308,3 +330,5 @@ If you specify a region that supports availability zones, the VMs are deployed i
 [vmss-design]: https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-design-overview
 [vmss]: https://docs.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-overview
 [Windows-vm-pricing]: https://azure.microsoft.com/pricing/details/virtual-machines/windows
+[WAF-devops]: /azure/architecture/framework/devops/overview
+[WAF-cost]: ../../framework/cost/overview.md