Skip to content

azure-expert

Azure cloud infrastructure, Epic multi-subscription architecture, resource management, and Optum Azure patterns

active
IDE:
codex
Version:
1.0.0
Owner:epic-platform-sre
azure
cloud
infrastructure
epic
optum
subscriptions
terraform
ansible

Azure Expert Skill

You are an expert in Microsoft Azure cloud infrastructure with deep knowledge of Epic EMR Azure architecture, multi-subscription patterns, resource management, and Optum-specific Azure implementations.

Core Competencies

Azure Fundamentals

  • Subscription Architecture: Multi-subscription hierarchy, management groups, Azure AD integration
  • Resource Management: Resource groups, tags, naming conventions, RBAC
  • Networking: VNets, subnets, NSGs, UDRs, Azure Firewall, Load Balancers
  • Compute: Virtual Machines, Scale Sets, Availability Sets, Capacity Reservations
  • Storage: Azure Files, Managed Disks, Disk Encryption Sets, Storage Accounts
  • Identity: Managed Identities, Service Principals, Key Vault integration
  • Monitoring: Azure Monitor, Diagnostic Settings, Log Analytics, Application Insights

Epic Azure Architecture (8-Subscription Model)

Epic on Azure uses a multi-subscription architecture for isolation, security, and resource management:

Epic Azure Subscriptions:
├── OptumHealthEMR-sub-epic-test-001         # Test environment
├── OptumHealthEMR-sub-epic-npd-001          # Non-production development
├── OptumHealthEMR-sub-epic-pro-001          # Production (CRITICAL)
├── OptumHealthEMR-sub-epic-shared-001       # Shared services
├── OptumHealthEMR-sub-epic-conn-pro-001     # Connectivity (ExpressRoute, VPN)
├── OptumHealthEMR-sub-epic-citrix-shared-001 # Citrix infrastructure
├── OptumHealthEMR-sub-epic-workloads-dev-001 # Development workloads
└── OptumHealthEMR-sub-epic-workloads-dev-002 # Additional dev capacity

Key Architectural Patterns:

  • Production resources in -pro-001 subscription
  • Network connectivity centralized in -conn-pro-001
  • Citrix VDA infrastructure isolated in -citrix-shared-001
  • Development/test resources in dedicated subscriptions
  • Cross-subscription networking via VNet peering

Resource Naming Conventions

Follow Optum Azure naming standards:

Resource Naming Pattern:
{resource-type}-{application}-{environment}-{region}-{instance}

Examples:
- vm-ohemr-prod-eus2-odb01         # ODB database VM
- nsg-ohemr-prod-eus2-app          # Application tier NSG
- kv-ohemr-shared-eus2-001         # Key Vault (shared)
- avset-ohemr-prod-eus2-web        # Availability Set (web tier)
- lb-ohemr-prod-eus2-frontend      # Load Balancer (frontend)
- rg-ohemr-prod-eus2-compute       # Resource Group (compute)

Region Codes:

  • eus2 = East US 2 (primary)
  • cus = Central US (secondary)
  • usva = US Virginia

Environment Codes:

  • prod = Production
  • npd = Non-production
  • test = Test
  • dev = Development

Azure Terraform Patterns

Private Registry Module Structure

Epic uses private Terraform registry modules:

# Module reference pattern
module "linux_vm" {
  source  = "app.terraform.io/Optum-HealthEMR/linux-resources/azurerm"
  version = "~> 2.0"

  resource_group_name = var.resource_group_name
  location            = var.location
  vm_name             = "vm-ohemr-prod-eus2-app01"
  vm_size             = "Standard_E8ds_v5"

  # Managed identity
  identity_type = "SystemAssigned"

  # Disk encryption
  disk_encryption_set_id = data.azurerm_disk_encryption_set.epic.id

  # Tagging
  tags = local.common_tags
}

Common Module Inputs

Standard Inputs:

  • resource_group_name - Target resource group
  • location - Azure region
  • tags - Resource tags (billing, ownership, environment)
  • subscription_id - Target subscription for cross-sub resources

Networking Inputs:

  • vnet_name / subnet_name - Network configuration
  • nsg_id - Network Security Group association
  • private_ip_address - Static IP assignment

Security Inputs:

  • managed_identity_type - SystemAssigned or UserAssigned
  • key_vault_id - For secrets/certificates
  • disk_encryption_set_id - For managed disk encryption

Azure Ansible Patterns

Azure Collection Usage

Use azure.azcollection for Azure resource management:

---
- name: Create Azure VM
  hosts: localhost
  tasks:
    - name: Create resource group
      azure.azcollection.azure_rm_resourcegroup:
        name: rg-ohemr-prod-eus2-compute
        location: eastus2
        tags:
          Environment: Production
          Application: Epic
          CostCenter: '12345'

    - name: Create virtual network
      azure.azcollection.azure_rm_virtualnetwork:
        resource_group: rg-ohemr-prod-eus2-compute
        name: vnet-ohemr-prod-eus2
        address_prefixes_cidr:
          - '10.100.0.0/16'

    - name: Create subnet
      azure.azcollection.azure_rm_subnet:
        resource_group: rg-ohemr-prod-eus2-compute
        virtual_network_name: vnet-ohemr-prod-eus2
        name: subnet-app
        address_prefix_cidr: '10.100.1.0/24'

    - name: Create network security group
      azure.azcollection.azure_rm_securitygroup:
        resource_group: rg-ohemr-prod-eus2-compute
        name: nsg-ohemr-prod-eus2-app
        rules:
          - name: AllowHTTPS
            protocol: Tcp
            destination_port_range: 443
            access: Allow
            priority: 100
            direction: Inbound

Dynamic Inventory with Azure RM Plugin

Configure Azure dynamic inventory:

# azure_rm.yml
plugin: azure.azcollection.azure_rm
auth_source: auto # Uses managed identity or Azure CLI
include_vm_resource_groups:
  - rg-ohemr-*
keyed_groups:
  - key: tags.Environment
    prefix: env
  - key: tags.Application
    prefix: app
  - key: location
    prefix: loc
hostvar_expressions:
  ansible_host: private_ip_addresses[0]

Usage:

# Test inventory
ansible-inventory -i azure_rm.yml --graph

# Run playbook with Azure inventory
ansible-playbook -i azure_rm.yml pb_configure_vms.yml

Key Vault Integration

Retrieving Secrets in Terraform

data "azurerm_key_vault" "epic" {
  name                = "kv-ohemr-shared-eus2-001"
  resource_group_name = "rg-ohemr-shared-eus2-keyvault"
}

data "azurerm_key_vault_secret" "db_password" {
  name         = "odb-admin-password"
  key_vault_id = data.azurerm_key_vault.epic.id
}

# Use in resource
resource "azurerm_sql_server" "odb" {
  administrator_login_password = data.azurerm_key_vault_secret.db_password.value
  # ...
}

Retrieving Secrets in Ansible

- name: Get Key Vault secret
  azure.azcollection.azure_rm_keyvaultsecret_info:
    vault_uri: 'https://kv-ohemr-shared-eus2-001.vault.azure.net'
    name: odb-admin-password
  register: kv_secret
  no_log: true

- name: Use secret
  ansible.builtin.debug:
    msg: 'Password retrieved: {{ kv_secret.secrets[0].secret | length }} characters'

Azure Backup and Recovery

Backup Plugin Configuration

- name: Configure Azure Backup for Epic VMs
  ansible.builtin.include_role:
    name: utilities
    tasks_from: azure/backup_plugin.yml
  vars:
    backup_policy_name: 'epic-daily-backup'
    retention_days: 30
    backup_time: '02:00' # 2 AM local time

Snapshot Management

# Create VM snapshot for ODB
az snapshot create \
  --resource-group rg-ohemr-prod-eus2-compute \
  --name snap-odb01-$(date +%Y%m%d) \
  --source /subscriptions/{sub-id}/resourceGroups/{rg}/providers/Microsoft.Compute/disks/disk-odb01-data

# Restore from snapshot
az disk create \
  --resource-group rg-ohemr-prod-eus2-compute \
  --name disk-odb01-data-restored \
  --source snap-odb01-20260112

Managed Identity Best Practices

System-Assigned Identity (Preferred)

resource "azurerm_linux_virtual_machine" "app" {
  name                = "vm-ohemr-prod-eus2-app01"
  resource_group_name = azurerm_resource_group.epic.name
  location            = azurerm_resource_group.epic.location

  # System-assigned managed identity
  identity {
    type = "SystemAssigned"
  }
}

# Grant identity access to Key Vault
resource "azurerm_key_vault_access_policy" "vm_access" {
  key_vault_id = azurerm_key_vault.epic.id
  tenant_id    = data.azurerm_client_config.current.tenant_id
  object_id    = azurerm_linux_virtual_machine.app.identity[0].principal_id

  secret_permissions = [
    "Get",
    "List"
  ]
}

User-Assigned Identity (Multiple Resources)

resource "azurerm_user_assigned_identity" "epic_app" {
  name                = "id-ohemr-prod-eus2-app"
  resource_group_name = azurerm_resource_group.epic.name
  location            = azurerm_resource_group.epic.location
}

resource "azurerm_linux_virtual_machine" "app" {
  # ...
  identity {
    type = "UserAssigned"
    identity_ids = [azurerm_user_assigned_identity.epic_app.id]
  }
}

Azure Files for Epic

File Share Creation

resource "azurerm_storage_account" "epic_files" {
  name                     = "stohepmepicfiles"
  resource_group_name      = azurerm_resource_group.epic.name
  location                 = azurerm_resource_group.epic.location
  account_tier             = "Premium"
  account_replication_type = "LRS"
  account_kind             = "FileStorage"

  # Network rules
  network_rules {
    default_action = "Deny"
    ip_rules       = var.allowed_ip_ranges
    virtual_network_subnet_ids = [
      azurerm_subnet.app.id
    ]
  }
}

resource "azurerm_storage_share" "epic_share" {
  name                 = "epic-shared-data"
  storage_account_name = azurerm_storage_account.epic_files.name
  quota                = 5120  # 5 TB

  enabled_protocol = "SMB"

  # Premium performance
  access_tier = "Premium"
}

Mounting Azure Files in Linux

- name: Mount Azure Files share
  become: true
  ansible.posix.mount:
    path: /mnt/epic-shared
    src: '//stohepmepicfiles.file.core.windows.net/epic-shared-data'
    fstype: cifs
    opts: 'username={{ storage_account_name }},password={{ storage_account_key }},dir_mode=0755,file_mode=0644,serverino,nosharesock,actimeo=30'
    state: mounted

Monitoring and Diagnostics

Diagnostic Settings

resource "azurerm_monitor_diagnostic_setting" "vm_diagnostics" {
  name                       = "diag-vm-logs"
  target_resource_id         = azurerm_linux_virtual_machine.app.id
  log_analytics_workspace_id = data.azurerm_log_analytics_workspace.epic.id

  metric {
    category = "AllMetrics"
    enabled  = true

    retention_policy {
      enabled = true
      days    = 30
    }
  }

  enabled_log {
    category = "Administrative"

    retention_policy {
      enabled = true
      days    = 90
    }
  }
}

Security Best Practices

Network Security

  1. NSG Rules: Use service tags, deny by default
  2. Private Endpoints: For storage accounts, Key Vault, SQL databases
  3. Network Isolation: Separate subnets for app, data, management tiers
  4. Azure Firewall: Centralized egress control
  5. Just-In-Time Access: For VM management

Identity and Access

  1. Managed Identities: Prefer system-assigned over service principals
  2. RBAC: Least privilege, scoped to resource group or resource
  3. Key Vault: Centralize secrets, enable soft delete and purge protection
  4. Conditional Access: MFA for Azure Portal access

Compliance

  1. Tagging: Mandatory tags (CostCenter, Environment, Application, Owner)
  2. Audit Logging: Enable for all subscriptions
  3. Azure Policy: Enforce naming, allowed locations, required tags
  4. HIPAA Compliance: PHI data encryption at rest and in transit

Cost Optimization

VM Right-Sizing

# Analyze VM utilization with Azure CLI
az vm list-usage --location eastus2 -o table

# Get VM recommendations from Azure Advisor
az advisor recommendation list \
  --category Cost \
  --query "[?properties.impactedField=='Microsoft.Compute/virtualMachines']"

# Resize VM
az vm resize \
  --resource-group rg-ohemr-prod-eus2-compute \
  --name vm-ohemr-prod-eus2-app01 \
  --size Standard_D4s_v5

Reserved Instances

# Reserve capacity for long-running workloads (1-3 year commitment)
# Purchase via Azure Portal → Reservations

# Calculate savings
# Standard_E8ds_v5: $0.456/hour (pay-as-you-go)
# Standard_E8ds_v5: $0.291/hour (1-year reserved) = 36% savings
# Standard_E8ds_v5: $0.202/hour (3-year reserved) = 56% savings

# Best for: Production ODB, Citrix VDAs, persistent workloads

Azure Hybrid Benefit

# Use existing Windows/SQL licenses on Azure VMs
resource "azurerm_linux_virtual_machine" "odb" {
  # ... other config

  # For Windows VMs with existing licenses:
  license_type = "Windows_Server"  # Saves ~40% on Windows VM costs
}

resource "azurerm_mssql_virtual_machine" "sql" {
  # For SQL Server with existing licenses:
  sql_license_type = "AHUB"  # Azure Hybrid Use Benefit
}

Spot VMs for Dev/Test

# Use Spot VMs for non-critical workloads (up to 90% savings)
resource "azurerm_linux_virtual_machine" "dev_vm" {
  name                = "vm-ohemr-dev-eus2-test01"
  resource_group_name = azurerm_resource_group.dev.name
  location            = azurerm_resource_group.dev.location
  size                = "Standard_D4s_v5"

  priority        = "Spot"
  eviction_policy = "Deallocate"
  max_bid_price   = 0.05  # Maximum price per hour (optional)

  # ... other config
}

Auto-Shutdown for Dev VMs

resource "azurerm_dev_test_global_vm_shutdown_schedule" "dev_shutdown" {
  virtual_machine_id = azurerm_linux_virtual_machine.dev_vm.id
  location           = azurerm_linux_virtual_machine.dev_vm.location
  enabled            = true

  daily_recurrence_time = "1900"  # 7 PM
  timezone              = "Central Standard Time"

  notification_settings {
    enabled = true
    email   = "[email protected]"
  }
}

Storage Optimization

# Use appropriate storage tiers
resource "azurerm_storage_account" "epic_logs" {
  name                     = "stohepmeplogs"
  resource_group_name      = azurerm_resource_group.epic.name
  location                 = azurerm_resource_group.epic.location
  account_tier             = "Standard"  # Not Premium for logs
  account_replication_type = "LRS"       # Not GRS for logs

  # Lifecycle management - move old logs to cool/archive
  blob_properties {
    lifecycle_management_policy {
      rule {
        name    = "archive-old-logs"
        enabled = true

        filters {
          blob_types   = ["blockBlob"]
          prefix_match = ["logs/"]
        }

        actions {
          base_blob {
            tier_to_cool_after_days_since_modification_greater_than    = 30
            tier_to_archive_after_days_since_modification_greater_than = 90
            delete_after_days_since_modification_greater_than          = 365
          }
        }
      }
    }
  }
}

Azure Policy Examples

Require Tags

# Enforce mandatory tags on all resources
resource "azurerm_policy_definition" "require_tags" {
  name         = "require-mandatory-tags"
  policy_type  = "Custom"
  mode         = "Indexed"
  display_name = "Require mandatory tags on resources"

  policy_rule = jsonencode({
    if = {
      allOf = [
        {
          field  = "tags"
          exists = "false"
        }
      ]
    }
    then = {
      effect = "deny"
    }
  })

  parameters = jsonencode({
    tagNames = {
      type = "Array"
      metadata = {
        description = "List of required tags"
        displayName = "Tag Names"
      }
      defaultValue = ["CostCenter", "Environment", "Application", "Owner"]
    }
  })
}

# Assign policy to subscription
resource "azurerm_policy_assignment" "require_tags_assignment" {
  name                 = "require-tags-assignment"
  scope                = "/subscriptions/${var.subscription_id}"
  policy_definition_id = azurerm_policy_definition.require_tags.id
  description          = "Enforce mandatory tags on all resources"
  display_name         = "Require Tags Assignment"

  parameters = jsonencode({
    tagNames = ["CostCenter", "Environment", "Application", "Owner"]
  })
}

Restrict VM SKUs

# Only allow approved VM SKUs
resource "azurerm_policy_definition" "allowed_vm_skus" {
  name         = "allowed-vm-skus"
  policy_type  = "Custom"
  mode         = "Indexed"
  display_name = "Allowed VM SKUs"

  policy_rule = jsonencode({
    if = {
      allOf = [
        {
          field = "type"
          equals = "Microsoft.Compute/virtualMachines"
        }
        {
          not = {
            field = "Microsoft.Compute/virtualMachines/sku.name"
            in = [
              "Standard_D4s_v5",
              "Standard_D8s_v5",
              "Standard_E8ds_v5",
              "Standard_E16ds_v5"
            ]
          }
        }
      ]
    }
    then = {
      effect = "deny"
    }
  })
}

Enforce Encryption

# Require disk encryption for all VMs
resource "azurerm_policy_definition" "require_disk_encryption" {
  name         = "require-disk-encryption"
  policy_type  = "Custom"
  mode         = "Indexed"
  display_name = "Require disk encryption"

  policy_rule = jsonencode({
    if = {
      allOf = [
        {
          field = "type"
          equals = "Microsoft.Compute/virtualMachines"
        }
        {
          field  = "Microsoft.Compute/virtualMachines/storageProfile.osDisk.encryptionSettings.enabled"
          notEquals = "true"
        }
      ]
    }
    then = {
      effect = "audit"  # or "deny" for strict enforcement
    }
  })
}

Disaster Recovery

Azure Site Recovery (ASR)

# Set up ASR for Epic ODB VMs
resource "azurerm_recovery_services_vault" "epic_dr" {
  name                = "rsv-ohemr-prod-eus2-dr"
  location            = "centralus"  # DR region
  resource_group_name = azurerm_resource_group.dr.name
  sku                 = "Standard"

  soft_delete_enabled = true
}

resource "azurerm_site_recovery_replicated_vm" "odb_replication" {
  name                                      = "vm-ohemr-prod-eus2-odb01-asr"
  resource_group_name                       = azurerm_resource_group.dr.name
  recovery_vault_name                       = azurerm_recovery_services_vault.epic_dr.name
  source_recovery_fabric_name               = "fabric-eus2"
  source_vm_id                              = azurerm_linux_virtual_machine.odb.id
  recovery_replication_policy_id            = azurerm_site_recovery_replication_policy.epic.id
  source_recovery_protection_container_name = "container-eus2"

  target_resource_group_id                = azurerm_resource_group.dr_target.id
  target_recovery_fabric_id               = "fabric-cus"
  target_recovery_protection_container_id = "container-cus"

  managed_disk {
    disk_id                    = azurerm_managed_disk.odb_os.id
    staging_storage_account_id = azurerm_storage_account.asr_cache.id
    target_resource_group_id   = azurerm_resource_group.dr_target.id
    target_disk_type           = "Premium_LRS"
    target_replica_disk_type   = "Premium_LRS"
  }
}

Backup Strategies

# AWX job template for Epic backup orchestration
- name: Epic Disaster Recovery Backup
  job_type: run
  inventory: Epic Production Inventory
  project: ohemr-ansible-playbooks
  playbook: playbooks/epic-on-azure/pb_disaster_recovery_backup.yml
  credentials:
    - Epic Azure Service Principal
  schedule:
    rrule: 'DTSTART:20260101T020000Z RRULE:FREQ=DAILY;INTERVAL=1'
  extra_vars:
    backup_components:
      - odb_database # Full ODB backup
      - azure_files # Snapshot Azure Files shares
      - vm_snapshots # Azure VM snapshots
      - configurations # Terraform state, AWX config

RTO/RPO Targets

Epic Production Infrastructure:

  • RTO (Recovery Time Objective): 4 hours
  • RPO (Recovery Point Objective): 1 hour

Backup Schedule:

  • ODB Full Backup: Daily (2 AM)
  • ODB Incremental: Hourly
  • VM Snapshots: Daily (2 AM)
  • Azure Files Snapshots: Every 6 hours
  • Configuration Backup: On change (Git commits)

Troubleshooting Common Issues

VM Performance Issues

# Check VM metrics
az vm get-instance-view \
  --resource-group rg-ohemr-prod-eus2-compute \
  --name vm-ohemr-prod-eus2-odb01 \
  --query "instanceView.platformUpdateDomain"

# Check if VM is throttled
az monitor metrics list \
  --resource /subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.Compute/virtualMachines/{vm} \
  --metric "Percentage CPU" \
  --start-time 2026-01-12T00:00:00Z \
  --end-time 2026-01-12T23:59:59Z \
  --interval PT1M

# Common issues:
# 1. CPU throttling (check Premium SSD IOPS)
# 2. Memory pressure (check ODB global buffers)
# 3. Network throttling (check VM SKU network limits)
# 4. Disk IOPS exhaustion (upgrade to Premium SSD v2)

Network Connectivity Issues

# Test network connectivity
az network watcher test-connectivity \
  --source-resource vm-ohemr-prod-eus2-app01 \
  --dest-address vm-ohemr-prod-eus2-odb01 \
  --dest-port 1972 \
  --resource-group rg-ohemr-prod-eus2-network

# Check NSG rules
az network nsg rule list \
  --resource-group rg-ohemr-prod-eus2-network \
  --nsg-name nsg-ohemr-prod-eus2-odb \
  --output table

# Check effective routes
az network nic show-effective-route-table \
  --resource-group rg-ohemr-prod-eus2-compute \
  --name nic-ohemr-prod-eus2-odb01

# Common issues:
# 1. NSG blocking traffic (check priority order)
# 2. UDR (User-Defined Route) misconfiguration
# 3. VNet peering not established
# 4. Service endpoint not enabled

Azure Files Performance

# Check Azure Files metrics
az monitor metrics list \
  --resource /subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.Storage/storageAccounts/{account}/fileServices/default \
  --metric "Transactions" \
  --start-time 2026-01-12T00:00:00Z \
  --end-time 2026-01-12T23:59:59Z

# Check mount on Linux VM
mount | grep cifs
df -h | grep epicfiles

# Common issues:
# 1. SMB 3.0 not enabled (check mount options: vers=3.0)
# 2. Authentication failure (check storage account key)
# 3. Throttling (check IOPS limits for tier)
# 4. Network latency (use accelerated networking on VMs)

Managed Identity Issues

# Test managed identity token retrieval
curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://vault.azure.net' \
  -H Metadata:true

# Check managed identity assignment
az vm identity show \
  --resource-group rg-ohemr-prod-eus2-compute \
  --name vm-ohemr-prod-eus2-app01

# Check RBAC assignments
az role assignment list \
  --assignee <managed-identity-object-id> \
  --output table

# Common issues:
# 1. Managed identity not assigned to VM
# 2. RBAC role not granted to identity
# 3. Scope incorrect (subscription vs resource group)
# 4. Delay in identity propagation (wait 5-10 minutes after assignment)

Performance Tuning

VM Performance

Accelerated Networking:

resource "azurerm_network_interface" "odb_nic" {
  name                = "nic-ohemr-prod-eus2-odb01"
  location            = azurerm_resource_group.epic.location
  resource_group_name = azurerm_resource_group.epic.name

  # Enable accelerated networking for better performance
  enable_accelerated_networking = true

  # Required for E-series VMs, improves latency by 50%+
}

Premium SSD v2:

resource "azurerm_managed_disk" "odb_data" {
  name                 = "disk-odb01-data"
  location             = azurerm_resource_group.epic.location
  resource_group_name  = azurerm_resource_group.epic.name
  storage_account_type = "PremiumV2_LRS"  # Better than Premium_LRS
  create_option        = "Empty"
  disk_size_gb         = 1024

  # Customize IOPS and throughput independently
  disk_iops_read_write   = 10000  # Up to 80,000 IOPS
  disk_mbps_read_write   = 500    # Up to 1,200 MB/s
}

Azure Files Performance

resource "azurerm_storage_account" "epic_files" {
  name                     = "stohepmepicfiles"
  resource_group_name      = azurerm_resource_group.epic.name
  location                 = azurerm_resource_group.epic.location
  account_tier             = "Premium"
  account_replication_type = "LRS"
  account_kind             = "FileStorage"

  # Enable large file shares (up to 100 TB)
  large_file_share_enabled = true

  # SMB settings
  azure_files_authentication {
    directory_type = "AD"  # Active Directory integration
  }

  # Performance: Premium tier provides:
  # - Up to 100,000 IOPS per share
  # - Up to 10 GB/s throughput
  # - Sub-millisecond latency
}

ODB-Specific Tuning

# Ansible tasks for ODB performance tuning
- name: Tune ODB global buffers
  ansible.builtin.lineinfile:
    path: /usr/irissys/iris.cpf
    regexp: '^globals='
    line: 'globals=4096,0,1536' # Increase global buffers
  notify: restart iris

- name: Tune ODB lock table
  ansible.builtin.lineinfile:
    path: /usr/irissys/iris.cpf
    regexp: '^locktab='
    line: 'locktab=256000000' # Increase lock table size
  notify: restart iris

- name: Enable async I/O
  ansible.builtin.lineinfile:
    path: /usr/irissys/iris.cpf
    regexp: '^asyncio='
    line: 'asyncio=1'
  notify: restart iris

When to Apply This Skill

Use azure-expert skill when working with:

  • ✅ Azure resource provisioning and management
  • ✅ Multi-subscription Epic architecture
  • ✅ Terraform Azure provider resources
  • ✅ Ansible Azure collection tasks
  • ✅ Azure networking and security configuration
  • ✅ Key Vault integration for secrets management
  • ✅ Managed identities and RBAC configuration
  • ✅ Azure Files and storage setup
  • ✅ Monitoring and diagnostic settings

Resources

Related Assets