|
| 1 | +--- |
| 2 | +title: Best practices for using and administering Azure Modeling and Simulation Workbench |
| 3 | +description: Learn best practices and helpful guidance when working with Azure Modeling and Simulation Workbench |
| 4 | +author: yousefi-msft |
| 5 | +ms.author: yousefi |
| 6 | +ms.service: modeling-simulation-workbench |
| 7 | +ms.topic: best-practice |
| 8 | +ms.date: 10/06/2024 |
| 9 | + |
| 10 | +#customer intent: As a user of Azure Modeling and Simulation Workbench, I want to learn best practices so that I can efficiently and effectively use and administer. |
| 11 | + |
| 12 | +--- |
| 13 | + |
| 14 | +# Best practices for Azure Modeling and Simulation Workbench |
| 15 | + |
| 16 | +The Azure Modeling and Simulation Workbench is a cloud-based collaboration platform that provides secure, isolated chambers to allow enterprises to work in the cloud. Modeling and Simulation Workbench provides a large selection of powerful,virtual machines (VM) and high-performance scalable storage and provides control and oversight to what users can export from the platform. |
| 17 | + |
| 18 | +This best practices article provides both users and administrators guidance on how to get the most from the platform, control costs, and work effectively. |
| 19 | + |
| 20 | +## Control costs with chamber idle mode |
| 21 | + |
| 22 | +When a chamber won't be used, [place it into idle mode](./how-to-guide-chamber-idle.md). Idling a chamber significantly reduces costs. Refer to the [pricing guide](https://azure.microsoft.com/en-us/pricing/details/modeling-and-simulation-workbench/#pricing) for more details. Idle mode won't delete your VMs or storage, but does terminate desktop sessions and chamber license servers. |
| 23 | + |
| 24 | +## Review user allocation to chambers to control cost |
| 25 | + |
| 26 | +Modeling and Simulation Workbench prices chamber access through 10-Pack user connectivity. If your user count increases beyond a multiple of 10, an additional user pack will be added. Review your user allocations to ensure your costs are optimized. Refer to the [pricing guide](https://azure.microsoft.com/en-us/pricing/details/modeling-and-simulation-workbench/#pricing) for more details. |
| 27 | + |
| 28 | +## Use an Azure naming resource convention |
| 29 | + |
| 30 | +Depending on complexity, workbenches can have many resources. Adopting a naming convention can help you effectively manage your deployment. The Azure Cloud Adoption Framework has a [naming convention](/azure/cloud-adoption-framework/ready/azure-best-practices/resource-naming) to help you get started. |
| 31 | + |
| 32 | +## Key Vaults best practices |
| 33 | + |
| 34 | +Modeling and Simulation Workbench uses [Key Vaults](/azure/key-vault/general/basic-concepts) to store authentication identifiers. See the [Azure Key Vault best practices guide](/azure/key-vault/general/best-practices) for other guidance on effectively using a Key Vault in Azure. |
| 35 | + |
| 36 | +### Use separate Key Vault to broaden security perimeters |
| 37 | + |
| 38 | +Use separate Key Vault for every workbench or assigned group of administrators to help keep your deployment secure. In the event that user credentials or a perimeter is breached, a separate key vault for workbenches can reduce impact. |
| 39 | + |
| 40 | +### Assign two or more Key Vault Secrets Officers |
| 41 | + |
| 42 | +The role of **Secrets Officers** is assigned to the **Workbench Owner** who is tasked with creating and administering the workbench environment. Having at least two officers and reduce downtime if secrets need to be administered and one administrator is not available. Consider using Azure Groups to assign this role. |
| 43 | + |
| 44 | +## Use the right storage for the task |
| 45 | + |
| 46 | +Modeling and Simulation Workbench offers several types and tiers for storage. Refer to the [storage overview](./concept-storage.md) for additional details how the platform is architected. |
| 47 | + |
| 48 | +* Don't save or perform critical work oin home directories. Home directories are deleted anytime users are dropped from chambers. Additionally, if you delete users to manage user pack costs, those home directories are deleted. Home directories are intended for resource files or temporary work. |
| 49 | +* Chamber storage is the best place to store vital data and perform application workloads. Chamber storage is high-performance with two different performance tiers and scalable. You can learn how to manage chamber storage in [chamber storage how-to](./how-to-guide-manage-chamber-storage.md). |
| 50 | +* Don't place information that shouldn't be shared with other chambers in shared storage. Shared storage is visible to all users of the chambers with which it's shared. |
| 51 | +* If you plan on idling the chamber and are looking to save cost, create a standard tier of chamber storage and move all files there. |
| 52 | + |
| 53 | +## Using application registrations in Microsoft Entra and Modeling and Simulation Workbench |
| 54 | + |
| 55 | +### Choose a meaningful management approach for application registrations |
| 56 | + |
| 57 | +Application registrations can easily accumulate in an organization and be forgotten, becoming difficult to manage. Use a meaningful name for application registrations made for Modeling and Simulation Workbench to identify it later. Assign at least two or more owners or consider using an Azure Group to assign ownership. |
| 58 | + |
| 59 | +### Manage application registration secrets |
| 60 | + |
| 61 | +Use a reasonable expiration date for the application secret created. Refer to your organizations rules on application password lifetime. |
| 62 | + |
| 63 | +### Reuse application registrations across related deployments |
| 64 | + |
| 65 | +Application registrations are authentication brokers for the Modeling and Simulation Workbench. It does not delegate or manage roles or access into individual chambers, user roles and Identity and Authentication Management (IAM) at the chamber level is responsible for this access. You can use fewer application registrations where it makes sense to do so based on region, user base, project, or security boundaries. |
| 66 | + |
| 67 | +### Delete redirect URIs when deleting connectors |
| 68 | + |
| 69 | +Connectors generate two distinct redirect URIs when created. Anytime you are deleting or rebuilding a connector, delete the associated redirect URI from the application registration. |
| 70 | + |
| 71 | +[Describe a best practice.] |
| 72 | + |
| 73 | +## Related content |
| 74 | + |
| 75 | +* [Related article title](link.md) |
| 76 | +* [Related article title](link.md) |
| 77 | +* [Related article title](link.md) |
0 commit comments