Merge pull request #262348 from rcdun/rathishr2712

v-ccolin · web-flow · commit 42242e824d7b · 2024-01-11T11:29:41.000Z
new BCDR article
diff --git a/articles/operator-insights/TOC.yml b/articles/operator-insights/TOC.yml
@@ -17,6 +17,8 @@
   items:
   - name: Managed identity
     href: managed-identity.md
+  - name: Business continuity disaster recovery
+    href: business-continuity-disaster-recovery.md
   - name: Data quality and data monitoring
     href: concept-data-quality-monitoring.md
   - name: Data types
@@ -36,6 +38,8 @@
     href: dashboards-use.md
   - name: Query data in the Azure Operator Insights Data Product
     href: data-query.md
+  - name: Manage permissions to the consumption URL
+    href: consumption-plane-configure-permissions.md
   - name: Deploy Ingestion Agents for MCC protobuf EDRs
     items:
     - name: Create and configure MCC EDR Ingestion Agents
diff --git a/articles/operator-insights/business-continuity-disaster-recovery.md b/articles/operator-insights/business-continuity-disaster-recovery.md
@@ -0,0 +1,45 @@
+﻿---
+title: Business Continuity and Disaster recovery (BCDR) for Azure Operator Insights
+description: This article helps you understand BCDR concepts Azure Operator Insights.
+author: rcdun
+ms.author: rdunstan
+ms.reviewer: duncanarcher
+ms.service: operator-insights
+ms.topic: concept-article
+ms.date: 11/27/2023
+---
+
+# Business continuity and disaster recovery
+
+Disasters can be hardware failures, natural disasters, or software failures. The process of preparing for and recovering from a disaster is called disaster recovery (DR). This article discusses recommended practices to achieve business continuity and disaster recovery (BCDR) for Azure Operator Insights.
+
+BCDR strategies include availability zone redundancy and user-managed recovery.
+
+## Control plane
+
+The Azure Operator Insights control plane is resilient both to software errors and failure of an Availability Zone. The ability to create and manage Data Products isn't affected by these failure modes. 
+
+The control plane isn't regionally redundant. During an outage in an Azure region, you can't create new Data Products in that region or access/manage existing ones. Once the region recovers from the outage, you can access and manage existing Data Products again.
+
+## Data plane
+
+Data Products are resilient to software or hardware failures. For example, if a software bug causes the service to crash, or a hardware failure causes the compute resources for enrichment queries to be lost, service automatically recovers. The only impact is a slight delay in newly ingested data becoming available in the Data Product's storage endpoint and in the KQL consumption URL.
+
+### Zone redundancy
+
+Data Products don't support zone redundancy. When an availability zone fails, the Data Product's ingestion, blob/DFS and KQL/SQL APIs are all unavailable, and dashboards don't work. Transformation of already-ingested data is paused. No previously ingested data is lost. Processing resumes when the availability zone recovers. 
+
+What happens to data that was generated during the availability zone outage depends on the behavior of the ingestion agent:
+
+* If the ingestion agent buffers data and resends it when the availability zone recovers, data isn't lost. Azure Operator Insights might take some time to work through its transformation backlog.
+* Otherwise, data is lost.
+
+### Disaster recovery
+
+Azure Operator Insights has no innate region redundancy. Regional outages affect Data Products in the same way as [availability zone failures](#zone-redundancy). We have recommendations and features to support customers that want to be able to handle failure of an entire Azure region. 
+
+#### User-managed redundancy
+
+For maximal redundancy, you can deploy Data Products in an active-active mode. Deploy a second Data Product in a backup Azure region of your choice, and configure your ingestion agents to fork data to both Data Products simultaneously. The backup data product is unaffected by the failure of the primary region. During a regional outage, look at dashboards that use the backup Data Product as the data source. This architecture doubles the cost of the solution.
+
+Alternatively, you could use an active-passive mode. Deploy a second Data Product in a backup Azure region, and configure your ingestion agents to send to the primary Data Product. During a regional outage, reconfigure your ingestion agents to send data to the backup Data Product during a region outage. This architecture gives full access to data created during the outage (starting from the time where you reconfigure the ingestion agents), but during the outage you don't have access to data ingested before that time. This architecture requires a small infrastructure charge for the second Data Product, but no additional data processing charges.
diff --git a/articles/operator-insights/consumption-plane-configure-permissions.md b/articles/operator-insights/consumption-plane-configure-permissions.md
@@ -0,0 +1,35 @@
+---
+title: Manage permissions for Azure Operator Insights consumption plane
+description: This article helps you configure consumption URI permissions for Azure Operator Insights.
+author: rcdun
+ms.author: rdunstan
+ms.reviewer: duncanarcher
+ms.service: operator-insights
+ms.topic: how-to
+ms.date: 1/06/2024
+---
+
+# Manage permissions to the consumption URL
+
+Azure Operator Insights enables you to control access to the consumption URL of each Data Product based on email addresses or distribution lists. Use the following steps to configure read-only access to the consumption URL.
+
+Azure Operator Insights currently supports a single role that gives Read access to all tables and columns on the consumption URL.
+
+## Add user access
+
+1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Go to your Azure Operator Insights Data Product resource.
+1. In the left-hand menu under **Security**, select **Permissions**.
+1. Select **Add Reader** to add a new user.
+1. Type in the user's email address or distribution list and select **Add Reader(s)**.
+1. Wait for about 30 seconds, then refresh the page to view your changes.
+
+## Remove user access
+
+1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Go to your Azure Operator Insights Data Product resource.
+1. In the left-hand menu under **Security**, select **Permissions**.
+1. Select the **Delete** symbol next to the user who you want to remove. 
+    > [!NOTE]
+    > There is no confirmation dialog box, so be careful when deleting users.
+1. Wait for about 30 seconds, then refresh the page to view your changes.
diff --git a/articles/operator-insights/data-query.md b/articles/operator-insights/data-query.md
@@ -8,7 +8,7 @@ ms.service: operator-insights
 ms.topic: how-to
 ms.date: 10/22/2023
 
-#CustomerIntent: As a consumer of the Data Product, I want to query data that has been collected so that I can visualise the data and gain customised insights.
+#CustomerIntent: As a consumer of the Data Product, I want to query data that has been collected so that I can visualize the data and gain customized insights.
 ---
 
 # Query data in the Data Product
@@ -19,14 +19,16 @@ The Azure Operator Insights Data Product stores enriched and processed data, whi
 
 ## Prerequisites
 
-A deployed Data Product, see [Create an Azure Operator Insights Data Product](data-product-create.md).
+- A deployed Data Product: see [Create an Azure Operator Insights Data Product](data-product-create.md).
+- The `Reader` role for the data for this Data Product, because access to the data is controlled by role-based access control (RBAC).
+    - To check your access, sign in to the [Azure portal](https://portal.azure.com), go to the Data Product resource and open the **Permissions** pane. You must have the `Reader` role.
+    - If you don't have this role, ask an owner of the resource to give you `Reader` permissions by following [Manage permissions to the consumption URL](consumption-plane-configure-permissions.md).
 
-## Get access to the ADX cluster
+## Add the consumption URL in Azure Data Explorer
 
-Access to the data is controlled by role-based access control (RBAC).
-
-1. In the Azure portal, select the Data Product resource and open the Permissions pane. You must have the `Reader` role. If you do not, contact an owner of the resource to grant you `Reader` permissions.
-1. In the Overview pane, copy the Consumption URL.
+1. Sign in to the [Azure portal](https://portal.azure.com).
+1. Go to your Azure Operator Insights Data Product resource.
+1. In the **Overview** pane, copy the Consumption URL.
 1. Open the [Azure Data Explorer web UI](https://dataexplorer.azure.com/) and select **Add** > **Connection**.
 1. Paste your Consumption URL in the connection box and select **Add**.
 
diff --git a/articles/operator-insights/index.yml b/articles/operator-insights/index.yml
@@ -31,14 +31,18 @@ landingContent:
         links:
           - text: Managed identity
             url: managed-identity.md
+          - text: Business continuity and disaster recovery
+            url: business-continuity-disaster-recovery.md
           - text: Data quality and data monitoring 
             url: concept-data-quality-monitoring.md
           - text: Data types 
             url: concept-data-types.md
           - text: Data visualization
             url: concept-data-visualization.md 
-          - text: MCC Data Product 
+          - text:  Quality of Experience - Affirmed MCC Data Product
             url: concept-mcc-data-product.md
+          - text: Monitoring - Affirmed MCC Data Product
+            url: concept-monitoring-mcc-data-product.md
 
   # Card 
   - title: Get started with Azure Operator Insights
