fix file

kpoineal · kpoineal · commit b4e4d2933553 · 2025-04-28T09:01:28.000-06:00
diff --git a/azure-resources/Network/virtualNetworkGateways/recommendations.yaml b/azure-resources/Network/virtualNetworkGateways/recommendations.yaml
@@ -0,0 +1,203 @@
+- description: Connect ExpressRoute gateway with circuits from diverse peering locations
+  aprlGuid: d37db635-157f-584d-9bce-4f6fc8c65ce5
+  recommendationTypeId: 8d61a7d4-5405-4f43-81e3-8c6239b844a6
+  recommendationControl: HighAvailability
+  recommendationImpact: High
+  recommendationResourceType: Microsoft.Network/virtualNetworkGateways
+  recommendationMetadataState: Active
+  longDescription: |
+    For improved reliability, each ExpressRoute gateway should connect to at least two circuits, with each circuit sourced from a different peering location. This setup ensures diverse connectivity paths, enhancing resilience and minimizing service disruption risks.
+  potentialBenefits: Enhanced resilience through diverse connectivity paths
+  pgVerified: true
+  automationAvailable: true
+  tags: []
+  learnMoreLink:
+    - name: Designing for disaster recovery with ExpressRoute private peering
+      url: "https://learn.microsoft.com/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering"
+
+- description: Use Zone-redundant ExpressRoute gateway SKUs
+  aprlGuid: bbe668b7-eb5c-c746-8b82-70afdedf0cae
+  recommendationTypeId: c9af1ef6-55bc-48af-bfe4-2c80490159f8
+  recommendationControl: HighAvailability
+  recommendationImpact: High
+  recommendationResourceType: Microsoft.Network/virtualNetworkGateways
+  recommendationMetadataState: Active
+  longDescription: |
+    Azure ExpressRoute gateway offers variable SLAs based on deployment in single or multiple availability zones. To deploy virtual network gateways across zones automatically, use zone-redundant gateways for accessing critical, scalable services with increased resilience.
+  potentialBenefits: Enhanced SLA and resilience
+  pgVerified: true
+  automationAvailable: true
+  tags: []
+  learnMoreLink:
+    - name: About ExpressRoute virtual network gateways - Zone-redundant gateway SKUs
+      url: "https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways#zrgw"
+
+- description: Monitor health for ExpressRoute gateway
+  aprlGuid: 1c34faa8-8b99-974c-adbf-71922eae943c
+  recommendationTypeId: null
+  recommendationControl: MonitoringAndAlerting
+  recommendationImpact: High
+  recommendationResourceType: Microsoft.Network/virtualNetworkGateways
+  recommendationMetadataState: Active
+  longDescription: |
+    Use Network Insights for monitoring ExpressRoute Gateway's health, including availability, performance, and scalability.
+  potentialBenefits: Enhanced monitoring and alerting
+  pgVerified: true
+  automationAvailable: false
+  tags: []
+  learnMoreLink:
+    - name: ExpressRoute monitoring, metrics, and alerts | ExpressRoute gateways
+      url: "https://learn.microsoft.com/azure/expressroute/expressroute-monitoring-metrics-alerts#expressroute-gateways"
+
+- description: Avoid using ExpressRoute circuits for VNet to VNet communication
+  aprlGuid: 194c14ac-0d7a-5a48-ae32-75fa450ee564
+  recommendationTypeId: null
+  recommendationControl: HighAvailability
+  recommendationImpact: Medium
+  recommendationResourceType: Microsoft.Network/virtualNetworkGateways
+  recommendationMetadataState: Active
+  longDescription: |
+    While multiple VNets can connect via the same ExpressRoute gateway, Microsoft recommends using alternatives like VNet peering, Azure Firewall, NVA, Azure Route Server, site-to-site VPN, virtual WAN, or SD-WAN for VNet-to-VNet communication to optimize network performance and management.
+  potentialBenefits: Enhanced VNet integration efficiency
+  pgVerified: true
+  automationAvailable: false
+  tags: []
+  learnMoreLink:
+    - name: About ExpressRoute virtual network gateways - VNet-to-VNet connectivity
+      url: "https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways#vnet-to-vnet-connectivity"
+
+- description: Configure customer-controlled ExpressRoute gateway maintenance
+  aprlGuid: 3e115044-a3aa-433e-be01-ce17d67e50da
+  recommendationTypeId: null
+  recommendationControl: HighAvailability
+  recommendationImpact: Medium
+  recommendationResourceType: Microsoft.Network/virtualNetworkGateways
+  recommendationMetadataState: Active
+  longDescription: |
+    ExpressRoute gateways are updated for improved functionality, reliability, performance, and security. Customer-controlled maintenance configuration and scheduling minimize update impact and align with your maintenance windows.
+  potentialBenefits: Minimizes update impact
+  pgVerified: true
+  automationAvailable: true
+  tags: []
+  learnMoreLink:
+    - name: Configure customer-controlled maintenance for your virtual network gateway - ExpressRoute | Microsoft Learn
+      url: "https://learn.microsoft.com/azure/expressroute/customer-controlled-gateway-maintenance#azure-portal-steps"
+
+- description: Configure customer-controlled VPN gateway maintenance
+  aprlGuid: f8c2e6d9-4b3a-45d6-b9e2-8e7f3a1c2d04
+  recommendationTypeId: null
+  recommendationControl: HighAvailability
+  recommendationImpact: Medium
+  recommendationResourceType: Microsoft.Network/virtualNetworkGateways
+  recommendationMetadataState: Active
+  longDescription: |
+    VPN gateways are updated for improved functionality, reliability, performance, and security. Customer-controlled maintenance configuration and scheduling minimize update impact and align with your maintenance windows.
+  potentialBenefits: Minimizes update impact
+  pgVerified: false
+  automationAvailable: true
+  tags: []
+  learnMoreLink:
+    - name: Configure customer-controlled gateway maintenance for VPN Gateway
+      url: "https://learn.microsoft.com/azure/vpn-gateway/customer-controlled-gateway-maintenance"
+
+- description: Choose a Zone-redundant VPN gateway
+  aprlGuid: 5b1933a6-90e4-f642-a01f-e58594e5aab2
+  recommendationTypeId: null
+  recommendationControl: HighAvailability
+  recommendationImpact: High
+  recommendationResourceType: Microsoft.Network/virtualNetworkGateways
+  recommendationMetadataState: Active
+  longDescription: |
+    Deploying zone-redundant virtual network gateways across availability zones ensures zone-resiliency, improving access to mission-critical, scalable services on Azure. Mission Critical workloads should use dual ExpressRoutes instead of VPN.
+  potentialBenefits: Enhanced reliability and scalability
+  pgVerified: true
+  automationAvailable: true
+  tags: []
+  learnMoreLink:
+    - name: Zone redundant Virtual network gateway in availability zone
+      url: "https://learn.microsoft.com/azure/vpn-gateway/about-zone-redundant-vnet-gateways"
+
+- description: Enable Active-Active VPN Gateways for redundancy
+  aprlGuid: 281a2713-c0e0-3c48-b596-19f590c46671
+  recommendationTypeId: c249dc0e-9a17-423e-838a-d72719e8c5dd
+  recommendationControl: HighAvailability
+  recommendationImpact: Medium
+  recommendationResourceType: Microsoft.Network/virtualNetworkGateways
+  recommendationMetadataState: Active
+  longDescription: |
+    The active-active mode is available for all SKUs except Basic, allowing for two Gateway IP configurations and two public IP addresses, enhancing redundancy and traffic handling. Mission Critical workloads should use dual ExpressRoutes instead of VPN.
+  potentialBenefits: Enhanced reliability and network capacity
+  pgVerified: true
+  automationAvailable: true
+  tags: []
+  learnMoreLink:
+    - name: Active-active VPN gateway
+      url: "https://learn.microsoft.com/azure/vpn-gateway/active-active-portal#gateway"
+
+- description: Deploy active-active VPN concentrators on your premises
+  aprlGuid: af11fc4c-c06c-4f4c-b98d-6eee6d5c4c70
+  recommendationTypeId: null
+  recommendationControl: DisasterRecovery
+  recommendationImpact: High
+  recommendationResourceType: Microsoft.Network/virtualNetworkGateways
+  recommendationMetadataState: Active
+  longDescription: |
+    Deploying active-active VPN concentrators and Azure VPN Gateways maximizes resilience and availability using a fully-meshed topology with four IPSec tunnels. Mission Critical workloads should use dual ExpressRoutes instead of VPN.
+  potentialBenefits: Maximizes resilience and availability
+  pgVerified: true
+  automationAvailable: false
+  tags: []
+  learnMoreLink:
+    - name: Dual-redundancy active-active VPN gateways for both Azure and on-premises networks
+      url: "https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-highlyavailable#dual-redundancy-active-active-vpn-gateways-for-both-azure-and-on-premises-networks"
+
+- description: Monitor VPN gateway connections and health
+  aprlGuid: 9eab120e-f6d3-ee49-ba0d-766562ce7df1
+  recommendationTypeId: null
+  recommendationControl: MonitoringAndAlerting
+  recommendationImpact: High
+  recommendationResourceType: Microsoft.Network/virtualNetworkGateways
+  recommendationMetadataState: Active
+  longDescription: |
+    Set up monitoring and alerts for Virtual Network Gateway health to utilize a variety of metrics for ensuring operational efficiency and prompt response to any disruptions. Mission Critical workloads should use dual ExpressRoutes instead of VPN.
+  potentialBenefits: Improved uptime and issue awareness
+  pgVerified: true
+  automationAvailable: false
+  tags: []
+  learnMoreLink:
+    - name: VPN gateway data reference
+      url: "https://learn.microsoft.com/azure/vpn-gateway/monitor-vpn-gateway-reference"
+
+- description: Enable VPN gateway service health
+  aprlGuid: 9186dae0-7ddc-8f4b-bea5-55538cea4893
+  recommendationTypeId: null
+  recommendationControl: MonitoringAndAlerting
+  recommendationImpact: High
+  recommendationResourceType: Microsoft.Network/virtualNetworkGateways
+  recommendationMetadataState: Active
+  longDescription: |
+    VPN gateway leverages service health to inform users about both planned and unplanned maintenance, ensuring they are notified about modifications to their VPN connectivity. Mission Critical workloads should use dual ExpressRoutes instead of VPN.
+  potentialBenefits: Improves VPN maintenance alerts
+  pgVerified: true
+  automationAvailable: false
+  tags: []
+  learnMoreLink:
+    - name: Monitor VPN gateway
+      url: "https://learn.microsoft.com/azure/vpn-gateway/monitor-vpn-gateway-reference#metrics"
+
+- description: Deploy VPN gateways with zone-redundant Public IPs
+  aprlGuid: 4bae5a28-5cf4-40d9-bcf1-623d28f6d917
+  recommendationTypeId: null
+  recommendationControl: HighAvailability
+  recommendationImpact: High
+  recommendationResourceType: Microsoft.Network/virtualNetworkGateways
+  recommendationMetadataState: Active
+  longDescription: |
+    For zone-redundant VPN gateways, always use zone-redundant Standard SKU public IPs to avoid deploying all instances in one zone. This ensures the gateway's reliability. Mission Critical workloads should use dual ExpressRoutes instead of VPN.
+  potentialBenefits: Enhanced reliability and disaster recovery
+  pgVerified: true
+  automationAvailable: true
+  tags: []
+  learnMoreLink:
+    - name: About zone-redundant virtual network gateway in Azure availability zones
+      url: "https://learn.microsoft.com/azure/vpn-gateway/about-zone-redundant-vnet-gateways"
