Microsoft Redis Cache best practices

Best practice rules for Redis Cache

• Check for TLS Protocol Latest Version

  Ensure that Azure Redis Cache servers are using the latest version of the TLS protocol.

• Check for Virtual Network Deployment and Integration

  Ensure that Azure Cache for Redis servers are injected to an Azure virtual network (VNet).

• Configure IP Firewall Rules for Azure Cache for Redis Servers

  Ensure that IP firewall rules are configured for your Azure Cache for Redis instances.

• Configure Preferred Maintenance Window for Scheduled Updates

  Ensure there is a preferred maintenance window configured for your Azure Cache for Redis servers.

• Configure Update Channel

  Ensure that production Azure Cache for Redis servers are using the "Stable" update channel.

• Disable Access Keys Authentication for Azure Cache for Redis Servers

  Avoid using local authentication methods such as access keys for authentication to Redis cache.

• Disable Non-TLS Access for Redis Enterprise Cache Servers

  Ensure that all your Enterprise Redis cache clusters are TLS-enabled cache clusters.

• Disable Public Network Access to Azure Cache for Redis Servers

  Ensure that public network access to Azure Cache for Redis servers is disabled.

• Enable Data Persistence for Azure Cache for Redis Servers

  Ensure that data persistence is enabled for your Azure Cache for Redis servers.

• Enable Diagnostic Logs for Azure Cache for Redis Servers

  Ensure that Diagnostic Logs are enabled for Azure Cache for Redis servers.

• Enable Geo-Replication for Azure Cache for Redis Servers

  Ensure that geo-replication is enabled for your Azure Cache for Redis servers.

• Enable In-Transit Encryption for Redis Cache Servers

  Ensure that in-transit encryption is enabled for all Microsoft Azure Redis Cache servers.

• Enable Redis Keyspace Notifications

  Ensure that keyspace notifications are enabled for your Azure Cache for Redis servers.

• Enable Zone Redundancy for Azure Cache for Redis Servers

  Ensure that zone redundancy is enabled for Azure Cache for Redis servers.

• Enterprise Redis Cache Clusters Encrypted with Customer-Managed Keys

  Use Customer-Managed Keys (CMKs) to encrypt your Enterprise Redis cache cluster data.

• Use Managed Identities for Azure Cache for Redis Servers

  Ensure that Azure Cache for Redis servers are using managed identities.

• Use Network Security Groups for Azure Cache for Redis Servers

  Ensure that your Azure Cache for Redis servers are using Network Security Groups (NSGs).

• Use Resource Locks for Azure Cache for Redis Servers

  Ensure that resource locks are enabled for your production Azure Cache for Redis servers.