| Source | Azure Portal | ||
| Display name | Microsoft Managed Control 1621 - Resource Availability | ||
| Id | 3cb9f731-744a-4691-a481-ca77b0411538 | ||
| Version | 1.0.0 Details on versioning |
||
| Versioning |
Versions supported for Versioning: 0 Built-in Versioning [Preview] |
||
| Category | Regulatory Compliance Microsoft Learn |
||
| Description | Microsoft implements this System and Communications Protection control | ||
| Additional metadata |
Name/Id: ACF1621 / Microsoft Managed Control 1621 Category: System and Communications Protection Title: Resource Availability Ownership: Customer, Microsoft Description: The information system protects the availability of resources by allocating processor and memory resources by process priority, resource availability; load balancing. Requirements: Servers: The Azure Security Development Lifecycle (SDL) requires consideration of situations where the system may be threatened by resource overutilization. In these cases, individual Azure servers are configured to limit the use of processor and memory resources by process priority. Additionally, clusters of servers, such as database clusters, are load-balanced to ensure that no single machine is loaded too heavily. For Virtual Machines (VMs), there are several role instances. Based on that specification, Azure creates a VM for each role instance, and runs the role in the specified VMs. These VMs in turn run on the Azure hypervisor that is specifically designed for use in the cloud. One VM is special as it runs a hardened operating system called the Host OS that hosts a Fabric Agent (FA). FAs are used in turn to manage guest agents within the Guest OS on customer VMs. The Host OS is given more priority than any guest VM to prevent from delaying or interfering with the Host OS processes by a guest VM. The Fabric Controller manages Azure operating system resources and monitors the tenants for resource usage ensuring that tenants that are of high impact are moved to a source that has more capacity availability if needed. The fabric moves tenants around to support resource consumption. Azure also implements resource prioritization at the OS level. The OS installed on infrastructure servers implement resource prioritization. Each OS process provides the resources needed to execute a program. A process has a virtual address space, executable code, open handles to system objects, a security context, a unique process identifier, environment variables, a priority class, minimum and maximum working set sizes, and at least one thread of execution. Each process is started with a single thread, an entity within a process that can be scheduled for execution. All threads of a process share its virtual address space and system resources. In addition, each thread maintains exception handlers, a scheduling priority, thread local storage, a unique thread identifier, and a set of structures the system uses to save the thread context until it is scheduled. The thread context includes the thread's set of machine registers, the kernel stack, a thread environment block, and a user stack in the address space of the thread's process. Threads can also have their own security context, which can be used for impersonating clients. Threads are scheduled to run based on their scheduling priority. Each thread is assigned a scheduling priority. Only the zero-page thread can have a priority of zero. The zero-page thread is a system thread responsible for zeroing any free pages when there are no other threads that need to run. The system treats all threads with the same priority as equal. The system assigns time slices in a round-robin fashion to all threads with the highest priority. If none of these threads are ready to run, the system assigns time slices in a round-robin fashion to all threads with the next highest priority. If a higher-priority thread becomes available to run, the system ceases to execute the lower-priority thread (without allowing it to finish using its time slice), and assigns a full time slice to the higher-priority thread. Network Devices Azure runs network devices with modern-day OSs that have built-in resource priority. |
||
| Mode | Indexed | ||
| Type | Static | ||
| Preview | False | ||
| Deprecated | False | ||
| Effect | Fixed audit |
||
| RBAC role(s) | none | ||
| Rule aliases | none | ||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||
| Compliance | Not a Compliance control | ||
| Initiatives usage | none | ||
| History | none | ||
| JSON compare | n/a | ||
| JSON |
|