waf-config.json
|
{ "version": "1.0.0", "description": "Azure Virtual Desktop Well-Architected Framework Assessment Configuration", "pillars": { "reliability": { "name": "Reliability", "description": "Ensuring system resilience and availability", "maxChecks": 10, "rules": [ { "id": "rel-01", "name": "Multiple Host Pools", "description": "Multiple host pools provide redundancy and failover capability", "points": 2, "condition": { "field": "summary.totalHostPools", "operator": ">=", "value": 2 }, "successMessage": "✓ Multiple host pools provide redundancy and failover capability", "warningMessage": "⚠ Single host pool - consider multiple host pools for redundancy", "failureMessage": "✗ No host pools deployed", "recommendation": "Deploy at least 2 host pools across different regions or availability zones for high availability" }, { "id": "rel-02", "name": "Session Host Availability", "description": "High percentage of available session hosts", "points": 2, "thresholds": [ { "operator": ">=", "value": 90, "points": 2, "message": "✓ Excellent session host availability ({value}%)" }, { "operator": ">=", "value": 75, "points": 1, "message": "⚠ Good session host availability ({value}%) - monitor unavailable hosts" }, { "operator": "<", "value": 75, "points": 0, "message": "✗ Low session host availability ({value}%) - investigate unavailable hosts", "recommendation": "Investigate and resolve issues with unavailable session hosts" } ], "calculation": "availabilityRate" }, { "id": "rel-03", "name": "Validation Environment", "description": "Test/validation environment for updates", "points": 1, "condition": { "field": "hostPools", "operator": "contains", "value": ["test", "val", "dev"], "matchField": "name" }, "successMessage": "✓ Validation/test environment detected for testing updates before production", "failureMessage": "⚠ No validation environment detected", "recommendation": "Create a validation host pool to test updates before deploying to production" }, { "id": "rel-04", "name": "Session Host Health", "description": "All session hosts are healthy andavailable", "points": 1, "condition": { "field": "sessionHosts", "operator": "all", "value": "Available", "matchField": "status" }, "successMessage": "✓ All session hosts are healthy and available", "warningMessage": "⚠ {count} out of {total} session hosts are unhealthy or unavailable" }, { "id": "rel-05", "name": "Pooled Host Pools", "description": "Pooled host pools provide better resiliency", "points": 1, "condition": { "field": "hostPools", "operator": "count", "value": "> 0", "matchField": "hostPoolType", "matchValue": "Pooled" }, "successMessage": "✓ Pooled host pools ({count}) provide better resiliency than personal desktops" }, { "id": "rel-06", "name": "Multiple VNets", "description": "Multiple virtual networks for network redundancy", "points": 1, "condition": { "field": "summary.totalVNets", "operator": ">=", "value": 2 }, "successMessage": "✓ Multiple virtual networks ({value}) support network redundancy", "warningMessage": "⚠ Single virtual network - consider multi-region networking for DR", "recommendation": "Consider deploying session hosts in multiple regions with separate VNets for disaster recovery" }, { "id": "rel-07", "name": "Compute Galleries", "description": "Compute galleries enable consistent image deployment", "points": 1, "condition": { "field": "computeGalleries", "operator": "count", "value": "> 0" }, "successMessage": "✓ Compute galleries enable consistent and reliable image deployment", "warningMessage": "⚠ No compute galleries - consider using galleries for standardized image management", "recommendation": "Create Azure Compute Gallery for centralized image management and version control" }, { "id": "rel-08", "name": "Registration Token Management", "description": "Valid registration tokens for host enrollment", "points": 1, "condition": { "field": "hostPools", "operator": "none", "matchField": "registrationToken.expired", "matchValue": true }, "successMessage": "✓ All registration tokens are valid - hosts can join host pools", "warningMessage": "⚠ {count} host pool(s) have expired registration tokens", "recommendation": "Renew expired registration tokens to allow new session hosts to join host pools" }, { "id": "rel-09", "name": "Sufficient Capacity", "description": "Host pools have sufficient capacity for failover", "points": 1, "condition": { "field": "hostPools", "operator": "some", "matchField": "sessionHostCount", "matchOperator": ">=", "matchValue": 3 }, "successMessage": "✓ Host pools have sufficient capacity for load distribution and failover", "warningMessage": "⚠ Consider adding more session hosts per host pool for redundancy", "recommendation": "Deploy at least 3 session hosts per host pool to handle failures" } ] }, "security": { "name": "Security", "description": "Protecting systems and data", "maxChecks": 10, "rules": [ { "id": "sec-01", "name": "Network Isolation", "description": "Session hosts deployed in virtual networks", "points": 2, "condition": { "field": "summary.totalVNets", "operator": ">", "value": 0 }, "successMessage": "✓ Session hosts are deployed in virtual networks providing network isolation", "failureMessage": "✗ No virtual networks detected - network security may be inadequate", "recommendation": "Deploy session hosts in virtual networks with proper network security groups" }, { "id": "sec-02", "name": "Load Balancer Type", "description": "Breadth-first load balancing for pooled hosts", "points": 1, "condition": { "field": "hostPools", "operator": "count", "matchField": "loadBalancerType", "matchValue": "BreadthFirst", "matchCondition": { "field": "hostPoolType", "value": "Pooled" }, "value": "> 0" }, "successMessage": "✓ Breadth-first load balancing distributes users across all hosts, reducing attack surface per host" }, { "id": "sec-03", "name": "Personal Host Pools", "description": "Personal host pools provide user-level isolation", "points": 1, "condition": { "field": "hostPools", "operator": "count", "matchField": "hostPoolType", "matchValue": "Personal", "value": "> 0" }, "successMessage": "✓ Personal host pools ({count}) provide user-level isolation for sensitive workloads" }, { "id": "sec-04", "name": "Registration Token Security", "description": "No active registration tokens when not needed", "points": 1, "condition": { "field": "hostPools", "operator": "count", "matchCondition": { "field": "registrationToken.exists", "value": true, "and": { "field": "registrationToken.expired", "value": false } }, "value": "=== 0" }, "successMessage": "✓ No active registration tokens - reduces unauthorized host enrollment risk", "warningMessage": "⚠ {count} host pool(s) have active registration tokens - rotate when not actively adding hosts", "recommendation": "Expire registration tokens when not actively adding session hosts to prevent unauthorized enrollment" }, { "id": "sec-05", "name": "Multiple Workspaces", "description": "Multiple workspaces enable user access segmentation", "points": 1, "condition": { "field": "summary.totalWorkspaces", "operator": ">=", "value": 2 }, "successMessage": "✓ Multiple workspaces ({value}) enable user access segmentation", "warningMessage": "⚠ Single workspace - consider multiple workspaces for different user groups" }, { "id": "sec-06", "name": "Application Groups", "description": "Multiple application groups for granular access control", "points": 1, "condition": { "field": "summary.totalApplicationGroups", "operator": ">=", "value": 2 }, "successMessage": "✓ Multiple application groups ({value}) support granular access control", "warningMessage": "⚠ Single application group - consider additional groups for role-based access", "recommendation": "Create multiple application groups to implement principle of least privilege" }, { "id": "sec-07", "name": "Image Management Security", "description": "Compute galleries enable secure image deployment", "points": 1, "condition": { "field": "computeGalleries", "operator": "count", "value": "> 0" }, "successMessage": "✓ Compute galleries enable secure, versioned image deployment", "warningMessage": "⚠ No compute galleries - consider using galleries for secure image management" }, { "id": "sec-08", "name": "Resource Group Segmentation", "description": "Multiple resource groups provide security boundaries", "points": 1, "condition": { "field": "hostPools", "operator": "uniqueCount", "matchField": "resourceGroup", "value": ">= 2" }, "successMessage": "✓ Multiple resource groups ({count}) provide security boundaries" }, { "id": "sec-09", "name": "Desktop Application Groups", "description": "Desktop app groups with proper security controls", "points": 1, "condition": { "field": "applicationGroups", "operator": "count", "matchField": "applicationGroupType", "matchValue": "Desktop", "value": "> 0" }, "successMessage": "✓ Desktop application groups detected - ensure MFA and conditional access policies are enforced" }, { "id": "sec-10", "name": "Session Host Count per Pool", "description": "Reasonable session host count for security containment", "points": 1, "calculation": "avgHostsPerPool", "thresholds": [ { "operator": "<=", "value": 20, "points": 1, "message": "✓ Reasonable session host count per pool supports security incident containment" }, { "operator": ">", "value": 20, "points": 0, "message": "⚠ High session host count per pool - consider splitting for better security boundaries", "recommendation": "Limit host pools to 20-30 session hosts for easier security management and incident response" } ] } ] }, "costOptimization": { "name": "Cost Optimization", "description": "Managing costs and maximizing value", "maxChecks": 10, "rules": [ { "id": "cost-01", "name": "Scaling Plans", "description": "Scaling plans for automatic start/stop", "points": 3, "condition": { "field": "summary.totalScalingPlans", "operator": ">", "value": 0 }, "successMessage": "✓ Scaling plans configured ({value}) - automatically start/stop hosts based on demand", "failureMessage": "✗ No scaling plans - session hosts run continuously, increasing costs", "recommendation": "Implement scaling plans to automatically start/stop session hosts based on schedule and demand" }, { "id": "cost-02", "name": "Pooled vs Personal Ratio", "description": "Pooled host pools are more cost-effective", "points": 2, "calculation": "pooledRatio", "thresholds": [ { "operator": ">=", "value": 0.7, "points": 2, "message": "✓ Primarily pooled host pools ({pooledCount}/{totalCount}) - optimal cost efficiency through resource sharing" }, { "operator": ">", "value": 0, "points": 1, "message": "⚠ Mix of pooled and personal host pools - consider pooled for cost savings where appropriate" }, { "operator": "===", "value": 0, "points": 0, "message": "⚠ Only personal host pools - higher costs per user", "recommendation": "Evaluate if task workers can use pooled host pools for significant cost savings" } ] }, { "id": "cost-03", "name": "Capacity Utilization", "description": "Optimal capacity utilization rate", "points": 2, "calculation": "utilizationRate", "thresholds": [ { "operator": "between", "minValue": 60, "maxValue": 80, "points": 2, "message": "✓ Good capacity utilization ({value}%) - avoiding over-provisioning" }, { "operator": "<", "value": 60, "points": 1, "message": "⚠ Low capacity utilization ({value}%) - consider reducing capacity or implementing scaling", "recommendation": "Review capacity and implement scaling plans to match actual demand" }, { "operator": ">", "value": 80, "points": 0, "message": "⚠ High utilization ({value}%) - users may experience degraded performance", "recommendation": "Add capacity or optimize session limits to prevent performance issues" } ] }, { "id": "cost-04", "name": "Session Limits", "description": "Optimal session limits for cost-performance balance", "points": 1, "condition": { "field": "hostPools", "operator": "some", "matchCondition": { "field": "hostPoolType", "value": "Pooled", "and": { "field": "maxSessionLimit", "operator": "between", "minValue": 10, "maxValue": 25 } } }, "successMessage": "✓ Optimal session limits configured (10-25) for cost-performance balance", "warningMessage": "⚠ Low session limits may result in over-provisioning", "recommendation": "Review and optimize session limits based on workload requirements" }, { "id": "cost-05", "name": "Compute Galleries for Reuse", "description": "Compute galleries reduce deployment costs", "points": 1, "condition": { "field": "computeGalleries", "operator": "count", "value": "> 0" }, "successMessage": "✓ Compute galleries reduce deployment time and costs through image reuse", "recommendation": "Use compute galleries to reduce image management overhead and deployment costs" }, { "id": "cost-06", "name": "Right-sized Deployment", "description": "Reasonable number of host pools", "points": 1, "condition": { "field": "summary.totalHostPools", "operator": "between", "minValue": 1, "maxValue": 5 }, "successMessage": "✓ Reasonable number of host pools - avoiding management overhead", "warningMessage": "⚠ Multiple host pools ({value}) - consolidate where possible to reduce management costs", "recommendation": "Evaluate if host pools can be consolidated to reduce operational overhead" } ] }, "operationalExcellence": { "name": "Operational Excellence", "description": "Operations processes and practices", "maxChecks": 10, "rules": [ { "id": "opex-01", "name": "Scaling Automation", "description": "Scaling plans automate capacity management", "points": 2, "condition": { "field": "summary.totalScalingPlans", "operator": ">", "value": 0 }, "successMessage": "✓ Scaling plans ({value}) automate capacity management", "failureMessage": "✗ No scaling plans - manual capacity management increases operational burden", "recommendation": "Implement scaling plans to automate session host lifecycle management" }, { "id": "opex-02", "name": "Standardized Images", "description": "Compute galleries for standardization", "points": 2, "condition": { "field": "computeGalleries", "operator": "count", "value": "> 0" }, "successMessage": "✓ Compute galleries ({count}) with {imageCount} images support standardized deployments", "failureMessage": "✗ No compute galleries - missing centralized image management", "recommendation": "Create compute galleries for version-controlled, standardized image deployment" }, { "id": "opex-03", "name": "Validation Environment", "description": "Validation environment for controlled updates", "points": 1, "condition": { "field": "hostPools", "operator": "contains", "value": ["test", "val", "dev"], "matchField": "name" }, "successMessage": "✓ Validation environment supports controlled update deployment", "recommendation": "Deploy a validation host pool for testing updates before production rollout" }, { "id": "opex-04", "name": "Application Groups Organization", "description": "Multiple application groups for organized access", "points": 1, "condition": { "field": "summary.totalApplicationGroups", "operator": ">=", "value": 2 }, "successMessage": "✓ Multiple application groups ({value}) enable organized access management" }, { "id": "opex-05", "name": "Workspace Configuration", "description": "Workspaces for end-user application delivery", "points": 1, "condition": { "field": "summary.totalWorkspaces", "operator": ">=", "value": 1 }, "successMessage": "✓ Workspaces configured ({value}) for end-user application delivery" }, { "id": "opex-06", "name": "Naming Conventions", "description": "Consistent resource naming patterns", "points": 1, "condition": { "field": "hostPools", "operator": "pattern", "matchField": "name", "pattern": "^[a-z]+(-[a-z0-9]+)+$|^[a-z]+_[a-z0-9_]+$" }, "successMessage": "✓ Consistent resource naming convention detected", "warningMessage": "⚠ Inconsistent naming patterns - implement naming conventions for better resource management", "recommendation": "Establish and enforce naming conventions for all AVD resources" }, { "id": "opex-07", "name": "Load Balancing Configuration", "description": "Load balancing configured on all host pools", "points": 1, "condition": { "field": "hostPools", "operator": "all", "matchField": "loadBalancerType", "matchOperator": "exists" }, "successMessage": "✓ Load balancing configured on all host pools for optimal session distribution" }, { "id": "opex-08", "name": "Health Monitoring", "description": "Session host inventory for health monitoring", "points": 1, "condition": { "field": "summary.totalSessionHosts", "operator": ">", "value": 0 }, "successMessage": "✓ Session host inventory available for health monitoring" }, { "id": "opex-09", "name": "Resource Complexity", "description": "Manageable resource complexity", "points": 1, "calculation": "totalResources", "thresholds": [ { "operator": "between", "minValue": 1, "maxValue": 20, "points": 1, "message": "✓ Manageable resource complexity for operational efficiency" }, { "operator": ">", "value": 20, "points": 0, "message": "⚠ High resource count may increase operational complexity", "recommendation": "Review architecture for potential consolidation opportunities" } ] } ] }, "performance": { "name": "Performance Efficiency", "description": "Efficient use of computing resources", "maxChecks": 10, "rules": [ { "id": "perf-01", "name": "Load Balancing Strategy", "description": "Optimal load balancing for each host pool type", "points": 2, "condition": { "field": "hostPools", "operator": "custom", "validation": "optimalLoadBalancing" }, "successMessage": "✓ Optimal load balancing strategy for each host pool type", "warningMessage": "⚠ Review load balancing configuration for optimal performance", "recommendation": "Use BreadthFirst for Pooled and Persistent for Personal host pools" }, { "id": "perf-02", "name": "Session Limits Configuration", "description": "Session limits configured to prevent overloading", "points": 1, "condition": { "field": "hostPools", "operator": "all", "matchField": "maxSessionLimit", "matchOperator": ">", "matchValue": 0 }, "successMessage": "✓ Session limits configured to prevent overloading session hosts" }, { "id": "perf-03", "name": "Optimal Session Limits", "description": "Session limits within recommended range", "points": 2, "condition": { "field": "hostPools", "operator": "custom", "validation": "optimalSessionLimits" }, "successMessage": "✓ Session limits within recommended range (5-25) for pooled host pools", "warningMessage": "⚠ Review session limits for pooled host pools (recommended: 5-25 based on workload)", "recommendation": "Adjust session limits based on CPU, memory, and workload type for optimal performance" }, { "id": "perf-04", "name": "Multiple Session Hosts", "description": "Sufficient session hosts for performance distribution", "points": 1, "calculation": "avgAvailableHosts", "thresholds": [ { "operator": ">=", "value": 3, "points": 1, "message": "✓ Average {value} available hosts per pool supports performance distribution" }, { "operator": "<", "value": 3, "points": 0, "message": "⚠ Low average available hosts per pool - may impact performance during peak usage", "recommendation": "Deploy at least 3 session hosts per host pool for performance distribution" } ] }, { "id": "perf-05", "name": "Network Connectivity", "description": "Virtual network connectivity configured", "points": 1, "condition": { "field": "summary.totalVNets", "operator": ">", "value": 0 }, "successMessage": "✓ Virtual network connectivity configured for optimized network performance" }, { "id": "perf-06", "name": "Multi-region Deployment", "description": "Resources distributed across locations", "points": 1, "condition": { "field": "hostPools", "operator": "uniqueCount", "matchField": "location", "value": ">= 2" }, "successMessage": "✓ Multi-region deployment ({count} regions) reduces latency for distributed users", "warningMessage": "⚠ Single region deployment - consider multi-region for global user base", "recommendation": "Deploy host pools in regions closest to user populations for reduced latency" }, { "id": "perf-07", "name": "Fast Deployments", "description": "Compute galleries enable faster deployments", "points": 1, "condition": { "field": "computeGalleries", "operator": "count", "value": "> 0" }, "successMessage": "✓ Compute galleries enable faster session host deployment and updates" }, { "id": "perf-08", "name": "Utilization Headroom", "description": "Current utilization allows performance headroom", "points": 1, "calculation": "utilizationRate", "thresholds": [ { "operator": "between", "minValue": 0, "maxValue": 70, "points": 1, "message": "✓ Current utilization ({value}%) below threshold - sufficient headroom for performance" }, { "operator": "between", "minValue": 70, "maxValue": 85, "points": 0, "message": "⚠ Moderate utilization ({value}%) - monitor for performance impact" }, { "operator": ">", "value": 85, "points": 0, "message": "✗ High utilization ({value}%) - likely performance degradation", "recommendation": "Add session host capacity immediately to prevent performance issues" } ] }, { "id": "perf-09", "name": "Session Distribution", "description": "Low disconnected session ratio", "points": 1, "calculation": "disconnectedRatio", "thresholds": [ { "operator": "<", "value": 0.2, "points": 1, "message": "✓ Low disconnected session ratio indicates good user experience" }, { "operator": ">=", "value": 0.2, "points": 0, "message": "⚠ {value}% disconnected sessions - investigate session stability", "recommendation": "Investigate causes of user session disconnections (network, host performance, etc.)" } ] } ] } }, "statusMapping": { "excellent": { "threshold": 80, "color": "#10B981" }, "good": { "threshold": 60, "color": "#F59E0B" }, "fair": { "threshold": 40, "color": "#FB923C" }, "needsImprovement": { "threshold": 0, "color": "#EF4444" } } } |