Overview: Goal is to make using Azure and your IT function operates as optimally as possible through performance, scale-abity, minimise costs, reliability, optimise devOps, test failures, geo-data sovereignty, app security, Auth security. It is to be done consciously: 1) Collect/Gather (Well-Architected Review) > 2) Analyse > 3) Advise (build plan) > 4) Implemented
Five Pillars:
- Security;
- Performance Efficiency;
- Reliability;
- Cost Optimisation;
- Operational Excellence;
Tons of Tools are part of the Well-Architected framework:
- Azure Advisor, analyse workload - gives possible recommendations/improvements - can import into the Azure Well-Architected Review Tool.
- Azure Well-Architected Review Tool (amazing) - Answer qus and input Azure Advisor recommendations. Pick an area, and pick one or more of the five pillars, then work thru the the Azure Well-Architected Review Tool, to get a milestone and then look to implement iteratively.
- Well-architected checklist
- Provides templates to complete actions e.g., RPO/RTO, security threat analysis, treat modelling (STRIDE is MS same as DREAD)
1. Security Pillar (Protect, Detect and respond to threats)
Tools: Monitor from Azure Security Centre (ACS) NB!, Azure Defender and Microsoft 365 Defence make up Azure Sentinel (SIEM), can stream SIEM from On-prem..
- Identity management (AAD, MFA, RBAC, Key Vault, minimal elevated permissions)
- Protect your infrastructure (Layer security Azure or WAF Firewall, VNets, NSG's, DDoS protection). All focuses on L3-L7
- Application security (SQL Protection, WAF, TDE, API endpoint protection)
- Data sovereignty and encryption (Classify and monitor data, encrypt at rest and in transit)
- Security resources
2. Performance Efficiency Pillar
Trade off of cost with reliability, scale and performance. Chaos testing - test breaking/removing resources to mimic problems. Monitor performance resources for reliance, and performance. Do you want to dynamically scale, react to performance or increase load to increase/scale the services. Cache (Redis) and in as many layers as possible. Multiple regions/zones for services close to users (paired regions are a good idea), zones, region reliance can affect performance. Health model in effect is ensure you have monitors and alerts to verify you systems heath think Azure Dashboards or Grafana.
3. Reliability Pillar
High Availability (HA) & Resilience of Azure Resources
4. Cost Optimisation Pillar
- Understand cost (choose the right service e.g. CosmosDB can be cheaper than SQL or vis versa)
- Optimise (remove orphaned resources, reservation vs PAYG (licence optimisation, scale consumption when needed/optimise instances), be pragmatic in cost to benefit/cost trade-offs). Cost modelling to understand what the cost is likely to be going forward. Good RTP/RTO and multi-geo is expensive but if you need it. Design choices affect the cost. Optimise data transfers, auto-scalability (vertical and horizontal both expansion and reduction of resources). Use Azure Cost Management Tool. Automating provisioning helps with cost as the correct resource provisioning is implemented. Bicep is stateful whereas ARM is stateless.
- Control costs going forward (Review periodically/constantly, use alerts to monitor usage). Monitoring your resource usage, can it be reduced.
5. Operation Excellence Pillar
