RDC - Databases/Nifi clusters notifications will be sent to Warren.
Alvin/Ian - Get every RDC notifications.
Later Ian - Will only get Medium to low priorities notifications.
Increase Alerts to include every Virtual machine in MDClone.
Integrate current MDClone logging to splunk and decommissioned them & onboard the new MDClone infrastructure in splunk after go live in late July/August 2025.
Budget
Inquire about using a 3year reservation for our VM's instead of 1yr reservation.
No possible savings on storage.
Most backups have to do primarily with windows Virtual Machines.
Possible changing retention period to save on cost.
Microsoft Defender for Cloud
will be decommissioned once certain VM boxes are decommissioned.
VPN Gateway:(legacy system)
Might be decommissioned as it is no longer needed.
Azure Bastion(az-vnet-wustl-mdc-bastion)
Bastion might be decommissioned.
Delete All 6 disks
Except the disk "data".
Remediation Steps:
Action group has been created to send out logging notifications.
One of the objectives set forth by the team is to enable splunk logging on all virtual machines currently hosted in the subscription.
However, Azure does not allow for direct log shipping from Azure Vm's to splunk using diagnostics as it is the case with other resources in Azure.
There are a few alternatives to achieving this task:
Enable log shipping of VM logs to splunk using Azure monitor.
Go to Azure Monitor > Activity Logs > Export Activity Logs > select Event Hubs > From Event hub send logs to Splunk..
Ship logs to a Storage Account.
Go to the Azure VM > diagnostic Settings > Deploy diagnostic setting Agent on VM > Collect logs & ship it to a Storage account.
In the desired storage account > go to diagnostic Settings > Add diagnostic setting > Set up diagnostic setting to send logs to Event hubs -> From Event hub send logs to Splunk.
