Logo of Trend Micro
Use the Knowledge Base AI to help improve your Cloud Posture

Enable Zone Redundancy for Azure Cache for Redis Servers

Trend Vision One™ provides continuous assurance that gives peace of mind for your cloud infrastructure, delivering over 1100 automated best practice checks.

Risk Level: Medium (should be achieved)

To enhance fault tolerance, ensure the Zone Redundancy feature is enabled for your Microsoft Azure Cache for Redis servers. This distributes Redis caches across multiple Availability Zones (AZs), allowing Azure Cache for Redis to automatically manage failover in the event of a single AZ outage.

Reliability

Zone Redundancy in Azure Cache for Redis boosts resilience by replicating your Redis cache across multiple Availability Zones (AZs) within an Azure region. This means if one zone experiences a failure, your cache remains available, ensuring your application's continuity and data safety. It's a key feature for enhancing the reliability and availability of your Redis deployments.

Audit

To determine whether your Azure Cache for Redis servers are zone redundant, perform the following operations:

Using Azure Portal

01 Sign in to the Microsoft Azure Portal.

02 Navigate to All resources blade available at https://portal.azure.com/#browse/all to access all your Microsoft Azure cloud resources.

03 Choose the Azure subscription that you want to access from the Subscription equals all filter box and choose Apply.

04 From the Type equals all filter box, select Type for Filter, Equals for Operator, and Azure Cache for Redis for Value, then choose Apply to list the Azure Cache for Redis servers available in the selected subscription.

05 Click on the name (link) of the Azure Cache for Redis server that you want to examine.

06 In the resource navigation panel, under Settings, select Advanced settings to access the advanced configuration settings available for the selected server.

07 Under Zone redundancy, verify the (PREVIEW) Allocate zones automatically setting checkbox to determine if your cache server is zone redundant. If the (PREVIEW) Allocate zones automatically setting checkbox is unchecked, the Zone Redundancy feature is not enabled for the selected Azure Cache for Redis server.

08 Repeat steps no. 5 - 7 for each Azure Cache for Redis server deployed in the selected Azure subscription.

09 Repeat steps no. 3 – 8 for each Azure subscription created in your Microsoft Azure cloud account.

Using Azure CLI

01 Run account list command (Windows/macOS/Linux) with custom output filters to list the IDs of the cloud subscriptions available in your Azure cloud account: 

az account list
	--query '[*].id'

02 The command output should return the requested subscription identifiers (IDs): 

[
	"abcdabcd-1234-abcd-1234-abcdabcdabcd",
	"abcd1234-abcd-1234-abcd-abcd1234abcd"
]

03 Run account set command (Windows/macOS/Linux) with the ID of the Azure cloud subscription that you want to examine as the identifier parameter to set the selected subscription to be the current active subscription (the command does not produce an output): 

az account set
	--subscription abcdabcd-1234-abcd-1234-abcdabcdabcd

04 Run redis list command (Windows/macOS/Linux) with custom output filters to list the identifier (ID) of each Azure Cache for Redis server available in the selected subscription: 

az redis list
	--query '[*].id'

05 The command output should return the requested cache server IDs: 

[
	"/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Cache/Redis/cc-project5-redis-cache",
	"/subscriptions/abcdabcd-1234-abcd-1234-abcd1234abcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Cache/Redis/cc-webapp-cache-server"
]

06 Run redis show command (Windows/macOS/Linux) with the ID of the Azure Cache for Redis server that you want to examine as the identifier parameter and custom output filters to determine if the selected cache server is zone redundant: 

az redis show
	--ids "/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Cache/Redis/cc-project5-redis-cache"
	--query '{replicasPerMaster:replicasPerMaster, replicasPerPrimary:replicasPerPrimary}'

07 The command output should return the number of replicas configured for the selected cache server: 

{
	"replicasPerMaster": null,
	"replicasPerPrimary": null
}

If the redis show command output returns null for both "replicasPerMaster" and "replicasPerPrimary" attributes, as shown in the example above, the cache server resources are not spread across multiple Availability Zones (AZs). Therefore, the selected Azure Cache for Redis server is not zone redundant.

08 Repeat step no. 6 and 7 for each Azure Cache for Redis server available within the current Azure subscription.

09 Repeat steps no. 3 – 8 for each Azure subscription created in your Microsoft Azure cloud account.

Remediation / Resolution

To enable zone redundancy for your Microsoft Azure Cache for Redis servers, perform the following operations:

Using Azure Portal

01 Sign in to the Microsoft Azure Portal.

02 Navigate to All resources blade available at https://portal.azure.com/#browse/all to access all your Microsoft Azure cloud resources.

03 Choose the Azure subscription that you want to access from the Subscription equals all filter box and choose Apply.

04 From the Type equals all filter box, select Type for Filter, Equals for Operator, and Azure Cache for Redis for Value, then choose Apply to list the Azure Cache for Redis servers available in the selected subscription.

05 Click on the name (link) of the Azure Cache for Redis server that you want to configure.

06 In the resource navigation panel, under Settings, select Advanced settings to access the advanced configuration settings available for the selected server.

07 Under Zone redundancy, check the (PREVIEW) Allocate zones automatically setting checkbox to enable the Zone Redundancy feature for the selected Azure Cache for Redis server. Choose Save to apply the configuration changes.

08 Repeat steps no. 5 – 7 for each Azure Cache for Redis server available within the selected subscription.

09 Repeat steps no. 3 – 8 for each Azure subscription created in your Microsoft Azure cloud account.

Using Azure CLI

01 Run account list command (Windows/macOS/Linux) with custom output filters to list the IDs of the cloud subscriptions available in your Azure cloud account: 

az account list
	--query '[*].id'

02 The command output should return the requested subscription identifiers (IDs): 

[
	"abcdabcd-1234-abcd-1234-abcdabcdabcd",
	"abcd1234-abcd-1234-abcd-abcd1234abcd"
]

03 Run account set command (Windows/macOS/Linux) with the ID of the Azure cloud subscription that you want to examine as the identifier parameter to set the selected subscription to be the current active subscription (the command does not produce an output): 

az account set
	--subscription abcdabcd-1234-abcd-1234-abcdabcdabcd

04 Run redis update command (Windows/macOS/Linux) to enable the Zone Redundancy feature for the selected Azure Cache for Redis server using the automatic zonal allocation policy: 

az redis update
	--ids "/subscriptions/abcdabcd-1234-abcd-1234-abcdabcdabcd/resourceGroups/cloud-shell-storage-westeurope/providers/Microsoft.Cache/Redis/cc-project5-redis-cache"
	--set "zonalAllocationPolicy=Automatic"

05 The command output should return the configuration information available for the modified cache server: 

{
	"accessKeys": null,
	"disableAccessKeyAuthentication": false,
	"enableNonSslPort": true,
	"hostName": "cc-project5-redis-cache.redis.cache.windows.net",
	"identity": null,
	"instances": [
		{
			"isMaster": true,
			"isPrimary": true,
			"nonSslPort": 13000,
			"shardId": null,
			"sslPort": 15000,
			"zone": null
		},
		{
			"isMaster": false,
			"isPrimary": false,
			"nonSslPort": 13001,
			"shardId": null,
			"sslPort": 15001,
			"zone": null
		}
	],
	"linkedServers": [],
	"location": "West Europe",
	"minimumTlsVersion": "1.2",
	"name": "cc-project5-redis-cache",
	"port": 6379,
	"privateEndpointConnections": null,
	"provisioningState": "Succeeded",
	"publicNetworkAccess": "Disabled",
	"redisConfiguration": {
		"aadEnabled": "False",
		"additionalProperties": null,
		"aofBackupEnabled": null,
		"aofStorageConnectionString0": null,
		"aofStorageConnectionString1": null,
		"authnotrequired": null,
		"maxclients": "7500",
		"maxfragmentationmemoryReserved": "642",
		"maxmemoryDelta": "642",
		"maxmemoryPolicy": null,
		"maxmemoryReserved": "642",
		"notifyKeyspaceEvents": null,
		"preferredDataArchiveAuthMethod": null,
		"preferredDataPersistenceAuthMethod": null,
		"rdbBackupEnabled": null,
		"rdbBackupFrequency": null,
		"rdbBackupMaxSnapshotCount": null,
		"rdbStorageConnectionString": null,
		"storageSubscriptionId": null,
		"zonalConfiguration": null
	},
	"redisVersion": "6.0",
	"replicasPerMaster": null,
	"replicasPerPrimary": null,
	"resourceGroup": "cloud-shell-storage-westeurope",
	"shardCount": null,
	"sku": {
		"capacity": 1,
		"family": "P",
		"name": "Premium"
	},
	"sslPort": 6380,
	"staticIp": null,
	"subnetId": null,
	"tags": {},
	"tenantSettings": null,
	"type": "Microsoft.Cache/Redis",
	"updateChannel": "Stable",
	"zones": null
}

06 Repeat steps no. 4 and 5 for each Azure Cache for Redis server available in the selected subscription.

07 Repeat steps no. 3 – 6 for each Azure subscription created in your Microsoft Azure cloud account.

References

Publication date May 12, 2025

Related RedisCache rules