使用 Azure 顾问实现卓越运营Achieve operational excellence by using Azure Advisor

Azure 顾问中的卓越运营建议可在以下方面帮助你:Operational excellence recommendations in Azure Advisor can help you with:

  • 流程和工作流效率。Process and workflow efficiency.
  • 资源可管理性。Resource manageability.
  • 部署最佳做法。Deployment best practices.

可在“顾问”仪表板的“卓越运营”选项卡上获取这些建议。You can get these recommendations on the Operational Excellence tab of the Advisor dashboard.

创建 Azure 服务运行状况警报,以便在 Azure 问题影响你时收到通知Create Azure Service Health alerts to be notified when Azure problems affect you

建议设置 Azure 服务运行状况警报,以便在 Azure 服务问题影响你时收到通知。We recommend that you set up Azure Service Health alerts so you'll be notified when Azure service problems affect you. Azure 服务运行状况是一项免费服务,可在你受到 Azure 服务问题影响时提供个性化指导和支持。Azure Service Health is a free service that provides personalized guidance and support when you're affected by an Azure service problem. 顾问会识别未配置警报的订阅,并建议对其进行配置。Advisor identifies subscriptions that don't have alerts configured and recommends configuring them.

设计存储帐户,防止达到最大订阅数限制Design your storage accounts to prevent reaching the maximum subscription limit

一个 Azure 区域可以支持每个订阅最多 250 个存储帐户。An Azure region can support a maximum of 250 storage accounts per subscription. 达到该限制后,将无法在该区域/订阅组合中创建存储帐户。After you reach that limit, you won't be able to create storage accounts in that region/subscription combination. 顾问会检查你的订阅并提供建议,以便为任何即将达到限制的区域/订阅设计更少的存储帐户。Advisor checks your subscriptions and provides recommendations for you to design for fewer storage accounts for any region/subscription that's close to reaching the limit.

确保在需要时有权访问 Azure 云专家Ensure you have access to Azure cloud experts when you need it

在运行业务关键型工作负载时,在需要时有权访问技术支持至关重要。When running a business-critical workload, it's important to have access to technical support when you need it. 顾问会识别在其支持计划中不包含技术支持的潜在业务关键型订阅。Advisor identifies potential business-critical subscriptions that don't have technical support included in their support plan. 建议升级到包含技术支持的选项。It recommends upgrading to an option that includes technical support.

删除并重新创建你的池,以移除弃用的内部组件Delete and re-create your pool to remove a deprecated internal component

如果池使用的是已弃用的内部组件,请删除再重新创建该池以提高稳定性和性能。If your pool is using a deprecated internal component, delete and re-create the pool for improved stability and performance.

修复无效的日志警报规则Repair invalid log alert rules

Azure 顾问会检测在其条件部分指定了无效查询的警报规则。Azure Advisor detects alert rules that have invalid queries specified in their condition section. 可在 Azure Monitor 中创建日志警报规则,通过它们按指定的时间间隔运行分析查询。You can create log alert rules in Azure Monitor and use them to run analytics queries at specified intervals. 查询结果决定了是否需要触发警报。The results of the query determine if an alert needs to be triggered. 随着时间的推移,分析查询可能会因所引用资源、表或命令的变化而变得无效。Analytics queries can become invalid over time because of changes in referenced resources, tables, or commands. 顾问会建议你更正警报规则中的查询以防止自动禁用,并确保监视你在 Azure 中的所有资源。Advisor recommends that you correct the query in the alert rule to prevent it from being automatically disabled and ensure monitoring coverage of your resources in Azure. 详细了解如何排查警报规则问题。Learn more about troubleshooting alert rules.

使用 Azure Policy 建议Use Azure Policy recommendations

Azure Policy 是 Azure 中的一项服务,可用于创建、分配和管理策略。Azure Policy is a service in Azure that you can use to create, assign, and manage policies. 这些策略对资源强制实施规则和效果。These policies enforce rules and effects on your resources. 以下 Azure Policy 建议有助于实现卓越运营:The following Azure Policy recommendations can help you achieve operational excellency:

管理标记。Manage tags. 创建或更新任何资源时,此策略将添加或替换指定的标记和值。This policy adds or replaces the specified tag and value when any resource is created or updated. 可触发修正任务来修正现有资源。You can remediate existing resources by triggering a remediation task. 此策略不会修改资源组上的标记。This policy doesn't modify tags on resource groups.

强制实施异地合规性要求。Enforce geo-compliance requirements. 通过此策略,可限制组织在部署资源时可指定的位置。This policy enables you to restrict the locations your organization can specify when deploying resources.

指定允许进行部署的虚拟机 SKU。Specify allowed virtual machine SKUs for deployments. 此策略可用于指定组织可部署的一组虚拟机 SKU。This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.

强制审核未使用托管磁盘的 VM。 Enforce Audit VMs that do not use managed disks.

使能够从资源组继承标记。 Enable Inherit a tag from resource groups. 创建或更新任何资源时,此策略将添加或替换父资源组中指定的标记和值。This policy adds or replaces the specified tag and value from the parent resource group when any resource is created or updated. 可触发修正任务来修正现有资源。You can remediate existing resources by triggering a remediation task.

顾问会建议一些单独的 Azure 策略,以帮助客户通过采用最佳做法来实现卓越运营。Advisor recommends a few individual Azure policies that help customers achieve operational excellence by adopting best practices. 如果客户决定分配建议的策略,则我们会取消该建议。If a customer decides to assign a recommended policy, then we will suppress the recommendation. 如果客户决定稍后删除策略,则顾问将继续取消该建议,因为我们会将其删除视为以下强信号:If the customer decides to remove the policy later, then Advisor will continue to suppress the recommendation because we interpret its removal as a strong signal of the following:

  1. 客户删除了策略,虽然该策略是顾问的建议,但它不适用于其特定用例。The customer removed the policy because, despite Advisor�s recommendation, it does not apply to their specific use case.
  2. 客户在分配和删除策略后就会了解并熟悉该策略,如果策略以后与客户用例相关,则客户可以在没有指导的情况下按需再次分配或删除策略。The customer is aware and familiar with the policy after assigning and removing it, and they can assign or remove it again as necessary without guidance if it later becomes relevant to their use case. 如果客户发现再次分配相同的策略可以使其利益最大化,则可以在 Azure Policy 中执行此操作,而无需顾问的建议。If the customer finds it in their best interest to assign the same policy again, they can do so in Azure Policy without requiring a recommendation in Advisor. 请注意,此逻辑仅适用于“卓越运营”类别中的策略建议。Please note that this logic applies specifically to the policy recommendation in the Operational Excellence category. 这些规则不适用于安全建议。These rules do not apply to security recommendations.

未启用验证环境No validation environment enabled

Azure 顾问确定你未在当前订阅中启用验证环境。Azure Advisor determines that you do not have a validation environment enabled in current subscription. 创建主机池时,你对属性选项卡中的“验证环境”选择了“否”。若拥有至少一个启用了验证环境的主机池,可通过 Windows 虚拟桌面服务部署确保业务连续性,并可及早发现潜在问题。When creating your host pools, you have selected "No" for "Validation environment" in the properties tab. Having at least one host pool with a validation environment enabled ensures the business continuity through Windows Virtual Desktop service deployments with early detection of potential issues.

确保生产(非验证)环境受益于稳定功能Ensure production (non-validation) environment to benefit from stable functionality

Azure 顾问检测到太多的主机池启用了验证环境。Azure Advisor detects that too many of your host pools have validation environment enabled. 若要使验证环境可最好地实现其用途,你应该至少有一个主机池位于验证环境,但绝不能超过主机池数量的一半。In order for validation environments to best serve their purpose, you should have at least one, but never more than half of your host pools in validation environment. 通过在启用了验证环境的主机池与禁用了该环境的主机池之间实现良好平衡,你将能充分利用 Windows 虚拟桌面随特定更新提供的多阶段部署的好处。By having a healthy balance between your host pools with validation environment enabled and those with it disabled, you will best be able to utilize the benefits of the multistage deployments that Windows Virtual Desktop offers with certain updates. 若要解决此问题,请打开主机池的属性,然后在“验证环境”设置旁选择“否”。To fix this issue, open your host pool's properties and select "No" next to the "Validation Environment" setting.

启用流量分析以深入了解 Azure 资源中的流量模式Enable Traffic Analytics to view insights into traffic patterns across Azure resources

流量分析是一种基于云的解决方案,可用于洞察 Azure 中的用户和应用程序活动。Traffic Analytics is a cloud-based solution that provides visibility into user and application activity in Azure. 流量分析可分析网络观察程序网络安全组 (NSG) 流日志,帮助洞察流量流。Traffic analytics analyzes Network Watcher network security group (NSG) flow logs to provide insights into traffic flow. 借助流量分析,你可查看 Azure 部署和非 Azure 部署中的主要通信者,调查环境中的开放端口、协议和恶意流,并优化网络部署来提高性能。With traffic analytics, you can view top talkers across Azure and non Azure deployments, investigate open ports, protocols and malicious flows in your environment and optimize your network deployment for performance. 可按 10 和 60 分钟的处理时间间隔处理流日志,从而更快地分析流量。You can process flow logs at 10 mins and 60 mins processing intervals, giving you faster analytics on your traffic. 一种好的做法是为 Azure 资源启用流量分析。It's a good practice to enable Traffic Analytics for your Azure resources.

后续步骤Next steps

若要了解有关顾问建议的详细信息,请参阅以下资源:To learn more about Advisor recommendations, see: