The last phase of Cloud Adoption Framework is the Manage phase.
Inventory and visibility
First step is to take a complete snapshot of the environment so it can be managed properly. Create inventory of assets and develop visibility into the run state of each asset.
There should be centralized logging about change management, service heath and configuration of IT operations.
Process | Tool | Purpose |
---|---|---|
Monitor health of Azure services | Azure Service Health | Health, performance, and diagnostics for services running in Azure |
Log centralization | Log Analytics | Central logging for all visibility purposes |
Monitoring centralization | Azure Monitor | Central monitoring of operational data and trends |
Virtual machine inventory and change tracking | Change Tracking and Inventory in Azure Automation | Inventory VMs and monitor changes for guest OS level |
Subscription monitoring | Azure activity log | Monitoring change at the subscription level |
Guest OS monitoring | Azure Monitor for VMs | Monitoring changes and performance of VMs |
Network monitoring | Azure Network Watcher | Monitoring network changes and performance |
DNS monitoring | DNS Analytics | Security, performance, and operations of DNS |
Operational Compliance
Establish controls and processes to ensure each state is properly configured and running in a well-governed environment.
Process | Tool | Purpose |
---|---|---|
Patch management | Azure Automation Update Management | Management and scheduling of updates |
Policy enforcement | Azure Policy | Policy enforcement to ensure environment and guest compliance |
Environment configuration | Azure Blueprints | Automated compliance for core services |
Resource configuration | Desired State Configuration | Automated configuration on guest OS and some aspects of the environment |
Protect and Recover
Ensure all managed assets are protected and can be recovered using baseline management tooling.
Process | Tool | Purpose |
---|---|---|
Protect data | Azure Backup | Back up data and virtual machines in the cloud. |
Protect the environment | Microsoft Defender for Cloud | Strengthen security and provide advanced threat protection across your hybrid workloads. |
Enhanced Baseline
Evaluate common additions to the baseline that might meet business needs.
Discipline | Process | Tool | Potential impact | Learn more |
---|---|---|---|---|
Inventory and visibility | Service change tracking | Azure Resource Graph | Greater visibility into changes to Azure services might help detect negative effects sooner or remediate faster. | Overview of Azure Resource Graph |
Inventory and visibility | IT Service Management (ITSM) integration | IT Service Management Connector | Automated ITSM connection creates awareness sooner. | IT Service Management Connector (ITSMC) |
Operational compliance | Operations automation | Azure Automation | Automate operational compliance for faster and more accurate response to change. | See the following sections |
Operational compliance | Performance automation | Azure Automation | Automate operational compliance with performance expectations to resolve common resource specific scaling or sizing issues. | See the following sections |
Operational compliance | Multicloud operations | Azure Automation Hybrid Runbook Worker | Automate operations across multiple clouds. | Hybrid Runbook Worker overview |
Operational compliance | Guest automation | Desired State Configuration (DSC) | Code-based configuration of guest operating systems to reduce errors and configuration drift. | DSC overview |
Protect and recover | Breach notification | Microsoft Defender for Cloud | Extend protection to include security-breach recovery triggers. | See the following sections |
Platform Specialization
Invest in ongoing operations of a specific workload generally reserved for mission critical workloads.
Process | Tool | Purpose | Suggested management level |
---|---|---|---|
Improve system design | Microsoft Azure Well-Architected Framework | Improving the architectural design of the platform to improve operations | N/A |
Automate remediation | Azure Automation | Responding to advanced platform data with platform-specific automation | Platform operations |
Service catalog | Managed applications center | Providing a self-service catalog of approved solutions that meet organizational standards | Platform operations |
Container performance | Azure Monitor for containers | Monitoring and diagnostics of containers | Platform operations |
Platform as a service (PaaS) data performance | Azure SQL Analytics | Monitoring and diagnostics for PaaS databases | Platform operations |
Infrastructure as a service (IaaS) data performance | SQL Server Health Check | Monitoring and diagnostics for IaaS databases | Platform operations |
Workload Specialization
Invest in ongoing operations of a shared platform.
Requirement | Tool | Purpose |
---|---|---|
Application monitoring | Application Insights | Monitoring and diagnostics for applications |
Performance, availability, and usage | Application Insights | Advanced application monitoring with the application dashboard, composite maps, usage, and tracing |