From Comments:

Alexa skills would be most closely matched with Cortana Skills https://developer.microsoft.com/en-us/windows/projects/campaigns/cortana-skills-kit

The first picture does not look optimal for dark theme

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: bdc23836-c10c-5c47-818b-42c53916b269
• Version Independent ID: b5ef4736-1df9-e3d9-eafb-7782cc0d5fea
• Content: Best practices for enterprises moving to Azure
• Content Source: docs/cloud-adoption-guide/subscription-governance.md
• Service: azure-resource-manager
• Product: unspecified
• GitHub Login: @rdendtler
• Microsoft Alias: rodend;karlku;tomfitz

Even though the PDF is a few year old, perhaps we should include a link?
https://www.microsoft.com/en-us/download/details.aspx?id=42026

Do we have a shorten URL for this?

//cc @dragon119

It will be better to split the page in different for each technology in TOC. I've opened "Storage" link and after search was moved to "Cosmos DB" section, which is confusing.

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 8194899c-dee2-70ac-422a-edc06e779f7c
• Version Independent ID: cafc7418-404c-5908-3037-dba7f452087b
• Content: Retry service specific guidance
• Content Source: docs/best-practices/retry-service-specific.md
• Service: guidance
• GitHub Login: @dragon119
• Microsoft Alias: pnp

Hi,

On this page one of the code snippet state that the maximum possible value for "MaximumExecutionTime" is 10 seconds but later in the specification table the default stated value is 120 seconds (which doesn't seem to be consistent).

Looking in the source code it seems like the maximum value is 24 days.

Thanks,

See original request:
https://github.com/mspnp/elasticsearch/issues/65

Possibly it is worthwhile to re-structure the list to a table creating a checklist that can be actionable. Table columns: tick (checked/unchecked), item (what we have in bold), description (what we have after bold text)

The response code 429 means a throttling error. The client should retry. This should be documented in the "general REST and retry guidelines" and "Azure Active Directory retry guidelines".

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 8194899c-dee2-70ac-422a-edc06e779f7c
• Version Independent ID: cafc7418-404c-5908-3037-dba7f452087b
• Content: Retry service specific guidance
• Content Source: docs/best-practices/retry-service-specific.md
• Service: guidance
• GitHub Login: @dragon119
• Microsoft Alias: pnp

in https://github.com/mspnp/architecture-center/blob/master/docs/building-blocks/extending-templates/collector.md the code examples use inconsistent values for the names of objects and variables.

For example, the first two lines below explicitly say the variable's name is collectorTemplateUri but the code uses "uri": "[variables('linkedTemplateUri')]" in the 2nd code example.

Next, our template defines a single variable named collectorTemplateUri:

"variables": {
    "collectorTemplateUri": "[uri(deployment().properties.templateLink.uri, 'collector.template.json')]"
  }

As you would expect, this is the URI for the collector template that will be used by our linked template resource:

{
    "apiVersion": "2015-01-01",
    "name": "collector",
    "type": "Microsoft.Resources/deployments",
    "properties": {
        "mode": "Incremental",
        "templateLink": {
            "uri": "[variables('linkedTemplateUri')]",
            "contentVersion": "1.0.0.0"
        },
        "parameters": {
            "source" : {"value": "[parameters('networkSecurityGroupsSettings').securityRules]"},
            "transformTemplateUri": { "value": "[uri(deployment().properties.templateLink.uri, 'transform.json')]"}
        }
    }
}

Another example is in the last code snippit, there is no resource declared named firstResource anywhere in the guide before this point, is this meant to be reference('collector').outputs.result.value?

Finally, our Microsoft.Network/networkSecurityGroups resource directly assigns the output of the collector linked template resource to its securityRules property:

    {
      "apiVersion": "2015-06-15",
      "type": "Microsoft.Network/networkSecurityGroups",
      "name": "networkSecurityGroup1",
      "location": "[resourceGroup().location]",
      "properties": {
        "securityRules": "[reference('firstResource').outputs.result.value]"
      }
    }
  ],
  "outputs": {
      "instance":{
          "type": "array",
          "value": "[reference('firstResource').outputs.result.value]"
      }

  }

The article said:
The following tables show the default settings for the built-in retry policies.
RetryPolicy Default value ExponentialPolicy.

It is not very clear, does ExponentialPolicy will apply to the client, if no DefaultRequestOptions are specified.

Can you add clarification, please?

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 8194899c-dee2-70ac-422a-edc06e779f7c
• Version Independent ID: cafc7418-404c-5908-3037-dba7f452087b
• Content: Retry service specific guidance
• Content Source: docs/best-practices/retry-service-specific.md
• Service: guidance
• GitHub Login: @dragon119
• Microsoft Alias: pnp

See original request:
https://github.com/mspnp/elasticsearch/issues/73

Misspellings

• The FMA process identifis (should be identifies)
• Get agreement from your customer for the availability targets of each piece of your application, otherwise will (looks like missing "you")
• Ensure that any third-party service you consume provide an SLA. (should either say services or consumes)
• However, you Azure can not protect against application layer (word you seems to be extraneous)
• Provides high availability if one SQL Server instance fails. For more information, see More information... (first part is not a full sentence, the second part says "more information" twice)

Request limit increases

• The document says “If your application requirements exceed Azure subscription limits, create another Azure subscription and provision sufficient resources there.”, but in some cases it is possible to request limit increases for certain resources instead of creating an additional subscription.
• Also, maybe move the bullet about 200 storage accounts closer to the other bullets dealing with Azure subscription limits.

'Recommended Naming Conventions for Azure Resources.' goes to a 404.

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: bc105528-f4a0-54f3-e0f3-79f1517e6a15
• Version Independent ID: d7996ee0-6ac5-4836-5fb9-a4ca879e975f
• Content: Run a Windows VM on Azure
• Content Source: docs/reference-architectures/virtual-machines-windows/single-vm.md
• Service: guidance
• GitHub Login: @telmosampaio
• Microsoft Alias: pnp

In the application we are still using the database. How can we move our existing data to Reliable collections and remove database dependency.

From comments
How about Cloud trail? What service (s) in Azure is matching Cloud Trail?

Sidecar should "proxy to remote services", not "remove".

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 500a87be-54d3-2c23-5a46-47e8163f30f9
• Version Independent ID: e69c1d3a-aebd-9def-3448-fe795bbf6327
• Content: Sidecar pattern
• Content Source: docs/patterns/sidecar.md
• Service: guidance
• GitHub Login: @dragon119
• Microsoft Alias: pnp

for example no details on Action Groups / Alerts from Azure Monitor

Document details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 0e540bb6-9f72-0529-28ea-ae82bc869835
• Version Independent ID: 24e71392-985b-59fb-1552-46395b169612
• Content: Naming conventions for Azure resources
• Content Source: docs/best-practices/naming-conventions.md
• Service: guidance
• GitHub Login: @telmosampaio
• Microsoft Alias: pnp

Hello.
Service A writes to a store which is never read. Or is it read by Service A when needed? Writing data to a store which never is read seems a waste. Please clarify.

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: e46426ef-bb0f-b085-a645-7e3e6c05752d
• Version Independent ID: 13b0c53a-cd01-9894-f34f-8d223c8e5b2b
• Content: CQRS architecture style
• Content Source: docs/guide/architecture-styles/cqrs.md
• Service: guidance
• GitHub Login: @MikeWasson
• Microsoft Alias: pnp

CRI 50012373
Can we add a list of Reserved Words (ie. that can't be used by customers) for Azure Resources ?
eg. "loginstorage" can't be used as a Storage Account - as it contains "login" which is reserved.
There are others like "Microsoft", "Windows", "XBOX"....
Having a public version of that list would help deflecting cases opened at CSS.
Thanks

After run the following command:
azbb -s <subscription_id> -g hub-nva-rg -l -p hub-nva.json --deploy

Can't connect to hubjb-vm1, s1jb-vm1 and s1jb-vm2 via jb-vm1.

Can change the hub-nva.json setting to keep connect via jb-vm1? thanks.

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 104eba32-c77e-b013-e161-ff616d16a0f7
• Version Independent ID: 3bc27d0a-ef32-f5f6-4c85-fe8e2e45155e
• Content: Implementing a hub-spoke network topology in Azure
• Content Source: docs/reference-architectures/hybrid-networking/hub-spoke.md
• Service: guidance
• GitHub Login: @telmosampaio
• Microsoft Alias: pnp

The deployment scripts for this reference architecture use an Ubuntu VM with IP forwarding enbaled to mimic a network virtual appliance.

must be:

The deployment scripts for this reference architecture use an Ubuntu VM with IP forwarding enabled to mimic a network virtual appliance.

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 87139748-938e-638e-de1f-94f8becfe1da
• Version Independent ID: b96371e6-defb-3e70-792a-2c0cfdc25b7d
• Content: Implementing a hub-spoke network topology with shared services in Azure
• Content Source: docs/reference-architectures/hybrid-networking/shared-services.md
• Service: guidance
• GitHub Login: @telmosampaio
• Microsoft Alias: pnp

See original request:
https://github.com/mspnp/elasticsearch/issues/70

Some of the language found in Deploying Multiple instances of services and Use Availability Sets feels a little stale with the introduction of Virtual Machine Scale sets. We should include mention of VM Scale Sets and link to https://azure.microsoft.com/en-us/services/virtual-machine-scale-sets/

The onprem install snippet has a typo with an extra "o" in the json filename: onoprem.json instead of onprem.json.
azbb -s <subscription_id> -g onprem-vnet-rg -l <location> -p onoprem.json --deploy

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 104eba32-c77e-b013-e161-ff616d16a0f7
• Version Independent ID: 3bc27d0a-ef32-f5f6-4c85-fe8e2e45155e
• Content: Implementing a hub-spoke network topology in Azure
• Content Source: docs/reference-architectures/hybrid-networking/hub-spoke.md
• Service: guidance
• GitHub Login: @telmosampaio
• Microsoft Alias: pnp

Hi Microsoft team,

Please find below screenshot which generates a following error. I am highlighting it to so that you can look into the same.

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 0a4ecd26-cb7b-4cb2-ae3a-3748ada92771
• Version Independent ID: 97f96179-a22b-8401-a2f4-264a86b5d2f5
• Content: Cloud Design Patterns
• Content Source: docs/patterns/index.md
• Service: guidance
• Product: unspecified
• GitHub Login: @bennage
• Microsoft Alias: pnp

The link to the "Download a visio file of this architecture" on the page Improve scalability in a web application does not have the updated visio file.

I wanted to make a change to the architecture image but the one attached to the link is different from what is being displayed.

The below is being displayed on the webpage:

But this what we see in the visio file:

I can't find the index.yml and thus can't build the documentation.

Given that a vNet Peering is not transitive, how would the Hub-Hub-Spoke topology work (in the "Overcoming vNet Peering Limits" section)? How would you configure the spoke vNet to direct traffic "across" the first hub to the central hub to communicate with VMs in that central vNet, and from there across a VPN/ExpressRoute link to other networks? Wouldn't this require either a VNA or VPN Connections between vNets to achieve (this is not detailed in the diagram)?

Document details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 104eba32-c77e-b013-e161-ff616d16a0f7
• Version Independent ID: 3bc27d0a-ef32-f5f6-4c85-fe8e2e45155e
• Content: Implementing a hub-spoke network topology in Azure
• Content Source: docs/reference-architectures/hybrid-networking/hub-spoke.md
• Service: guidance
• Product: unspecified
• GitHub Login: @telmosampaio
• Microsoft Alias: pnp

In the cloud service map:
Service bus is placed at the wrong spot:
Right now it is placed in developer tools but it must be placed in enterprise integration.
It should also have an additional line:
Pub/Sub messaging for distributed systems and serveless applications
Next column: Simple Notification Service
Next column Azure Event Grid

Event Hubs needs to be additionally in analytics and big data.
Kinesis streams maps to event hubs
Kinesis firehose maps to event hubs capture

This needs to be adjusted in IoT.

For someone seeing this page for the first time, the terms greenfield and brownfield don't mean much. Can there be an explanation as to what each is?

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 510808e8-db5d-6b07-9a04-6edb743a2dfc
• Version Independent ID: 20d098aa-ef31-cb26-d677-765cfc9a7164
• Content: Decision tree for Azure compute services
• Content Source: docs/guide/technology-choices/compute-decision-tree.md
• Service: guidance
• Product: unspecified
• GitHub Login: @MikeWasson
• Microsoft Alias: pnp

In Azure AD it is stated that Azure AD is only for user authentication, not computer authentication. I assume what is mean here is that a Windows computer cannot authenticate (as it would in a domain), but it might be cleared up to say that applications/services can authenticate with Azure AD just fine, as to not scare of potential users of Azure AD.

The documentation states that the claim type will be "http://schemas.microsoft.com/ws/2008/06/identity/claims/role" but I see the claim come back with the type "roles".

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 0184d69e-7219-f4f0-6583-32f79f5a76e1
• Version Independent ID: 49e5b0f0-69cb-4ab1-c8d9-62eb07778a88
• Content: Application roles
• Content Source: docs/multitenant-identity/app-roles.md
• Service: guidance
• GitHub Login: @MikeWasson
• Microsoft Alias: pnp

Microsoft Service Trust Portal

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 30d02f16-9621-d204-4132-8ce8db79b0af
• Version Independent ID: 65b4385b-79f0-d842-d4a1-5d013615f9b1
• Content: Azure and AWS services compared - multicloud
• Content Source: docs/aws-professional/services.md
• Service: guidance
• Product: unspecified
• GitHub Login: @lbrader
• Microsoft Alias: pnp

Hello,

in hub-vnet.json there is a mistake (script cannot create network interface, because cannot find virtual network, it tries to make it in the resource group where is VM), you need to add ResourceGroupName parameter for virtual network in row 44. So it will be:
"virtualNetwork": {
"name": "hub-vnet",
"resourceGroupName": "hub-vnet-rg"
}

Honza

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 104eba32-c77e-b013-e161-ff616d16a0f7
• Version Independent ID: 3bc27d0a-ef32-f5f6-4c85-fe8e2e45155e
• Content: Implementing a hub-spoke network topology in Azure
• Content Source: docs/reference-architectures/hybrid-networking/hub-spoke.md
• Service: guidance
• GitHub Login: @telmosampaio
• Microsoft Alias: pnp

“Microservice-based applications”

• We should include ACS here,.
• Also, I think this category is misleading in general. You can use Functions or Logic Apps to create microservices. (or Lambda + AWS Step Functions)

“Container management”

• Should include Azure Container Instances
• The description of ACS isn’t quite accurate. ACS is for deploying a container orchestrator (Kubernetes, DC/OS, or Docker Swarm).

“Backend process logic”

• Should include AWS Step Functions.
• This category is confusing because it appears three times in the doc

Availability considerations
Assess the availability requirements for your workflow and how to recover the Jenkin state should the Jenkin server goes down.

What is the mean of the last line?? BTW there are many places where Jenkins is used instead of Jenkins

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 44c5ba03-a6ce-5d5c-fb83-e3e4e13da80d
• Version Independent ID: 6f235fae-19ab-9b12-72a9-f9962076ef5b
• Content: Run a Jenkins server on Azure
• Content Source: docs/reference-architectures/jenkins/index.md
• Service: guidance
• GitHub Login: @njray
• Microsoft Alias: pnp

Review:

ASR is not the same as AWS SMS (like said below). If anything ASR needs to be listed twice... once for migration (where you could list AWS SMS) and once for DR, where the AWS alternative should still be "none".

See original request:
https://github.com/mspnp/elasticsearch/issues/74

Define or link to description of what is "scheduler-agent-supervisor pattern"

Comment: Most exception examples assume that .NET SDK is being used. Therefore, users of other SDKs may be slightly confused by the exception names.

There is no section for Azure SQL Data Warehouse and its failure modes (i.e. what happens when scale is changed or DW is paused)

The following comment is not clear. What queue and scaling are being referred to? "If the calling VM exceeds its network egress limit, the outbound queue will fill up. If the outbound queue is consistently full, consider scaling out."

https://github.com/mspnp/architecture-center/blame/master/docs/best-practices/naming-conventions.md#L96

This seems to indicate you would make a storage account for every VM -- that doesn't really make sense. If you had 1000 VM's you'd have 1000 storage accounts?

Hi, looking for help or guidance on this topic:

We are currently using ADAL for .Net V3. ADAL V3 hides the Refresh Token. While developing our own implementation of the TokenCache, I noticed when serializing/deserializing the class that the refresh token is always set to NULL. According to this blog http://www.cloudidentity.com/blog/2015/08/13/adal-3-didnt-return-refresh-tokens-for-5-months-and-nobody-noticed, it isn’t needed. I’m concerned this isn’t true in a multi-server environment with load balancing, where in-memory caching won’t work.

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: ab204a8d-c451-ef99-6610-139a0dee61ac
• Version Independent ID: 23a69ae2-70bc-aab5-bbe1-e9699d57558b
• Content: Cache acess tokens in a multitenant application
• Content Source: docs/multitenant-identity/token-cache.md
• Service: guidance
• GitHub Login: @MikeWasson
• Microsoft Alias: pnp

Thoughts on the decision tree

2 Thoughts. (1). What is the defination of "portability"? VMSS are not necessarily "portable", as for example, Containers could be. (2). Can you please change the color of the text labels so it renders properly in the Dark theme and make the Start button stand out a bit - the eyes go to the dark blue boxes right away. Thanks

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 510808e8-db5d-6b07-9a04-6edb743a2dfc
• Version Independent ID: 20d098aa-ef31-cb26-d677-765cfc9a7164
• Content: Decision tree for Azure compute services
• Content Source: docs/guide/technology-choices/compute-decision-tree.md
• Service: guidance
• GitHub Login: @MikeWasson
• Microsoft Alias: pnp

SQL Database Migration Wizard should be updated and changed in favor of "Azure Database Migration Service": https://azure.microsoft.com/en-us/campaigns/database-migration/

See original request:
https://github.com/mspnp/elasticsearch/issues/71

Combine these two sections so that we have one message: Automate your deployment process and document your automation. Right now these sections appear to contradict each other, recommending to document your manual deployment process and then going on to say that manual deployments are inherently unreliable.

•Document the release process for your application. Without detailed release process documentation it's possible that an operator may deploy a bad update or improperly configure settings for your application. Clearly define and document your release process and ensure that it's available to the entire operations team. Best practices for resilient deployment of your application are detailed in the resilient deployment section of the Resiliency Guidance document.

•Automate your application's deployment process. If your operations staff is required to manually deploy your application, human error can cause the deployment to fail. For more information on best practices for automating application deployment, see the resilient deployment section of the Resiliency Guidance document.

Document says that subnets should be in resource groups but instead it's the VM which is in RG, not those subnets.

Would like to see this updated to include Application Gateway as an important security component similar to https://blog.nilayparikh.com/azure/services/cloud-architecture-pattern-azure-service-fabric-and-microservices-part-2-logical-architecture/

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 78a7e7bd-23f3-a39f-9015-b77f14bb43e5
• Version Independent ID: 0ac34e7e-315f-2452-bf0a-74e9b1068c38
• Content: Microservices architecture style
• Content Source: docs/guide/architecture-styles/microservices.md
• Service: guidance
• GitHub Login: @MikeWasson
• Microsoft Alias: pnp

Great starter pack and step by step guide..Any info on managed disks template availability? Thanks,
Amit Lal

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 39c41519-edbf-79e8-0799-bf31a147f683
• Version Independent ID: 63f41e62-235f-c803-b1e5-5c427d3a7f5a
• Content: Deploy SAP NetWeaver and SAP HANA on Azure
• Content Source: docs/reference-architectures/sap/index.md
• Service: guidance
• GitHub Login: @njray
• Microsoft Alias: pnp

MSI is one way of using AAD. But the recommendation is inconsistent.
https://docs.microsoft.com/en-us/azure/architecture/best-practices/retry-service-specific#azure-active-directory mentions 429 and 5xx.
https://docs.microsoft.com/en-us/azure/active-directory/managed-service-identity/how-to-use-vm-token#retry-guidance only mentions 429.
Azure/azure-sdk-for-ruby#1285 mentions 429, 404 and 5xx.

Will this doc include the retry guidance for MSI and recommend a consistent retry policy? For example,

1. Do AAD with service principal and AAD with MSI follow the same retry policy?
2. Do we need to retry for the status code 404 when using AAD or MSI?

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 8194899c-dee2-70ac-422a-edc06e779f7c
• Version Independent ID: cafc7418-404c-5908-3037-dba7f452087b
• Content: Retry service specific guidance
• Content Source: docs/best-practices/retry-service-specific.md
• Service: guidance
• Product: unspecified
• GitHub Login: @dragon119
• Microsoft Alias: pnp

Dear Team, Can I get the Icons used in following presentations. They are animated and looks really nice in order to present the concepts.
https://azure.microsoft.com/en-us/resources/videos/an-overview-of-azure-event-grid/

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 20f420e0-251f-3b3b-75e6-6d6fb1cfd7b7
• Version Independent ID: 1b2c9022-af0b-e6f3-92fc-f3253ebc965d
• Content: Icons and other assets for architectual diagrams
• Content Source: docs/resources/diagrams.md
• Service: guidance
• GitHub Login: @bennage
• Microsoft Alias: pnp

Comment
What about amazon elastic cache??